fix(algolia): 403 is invalid (trufflesecurity#3653)

rgmz · Nov 21, 2024 · 9d7ff02 · 9d7ff02
1 parent 098072b
commit 9d7ff02
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/pkg/detectors/algoliaadminkey/algoliaadminkey.go b/pkg/detectors/algoliaadminkey/algoliaadminkey.go
@@ -138,8 +138,9 @@ func verifyMatch(ctx context.Context, appId, apiKey string) (bool, map[string]st
 	case http.StatusUnauthorized:
 		return false, nil, nil
 	case http.StatusForbidden:
-		// Key is valid but lacks permissions.
-		return true, nil, nil
+		// Invalidated key.
+		// {"message":"Invalid Application-ID or API key","status":403}
+		return false, nil, nil
 	default:
 		return false, nil, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
 	}

diff --git a/pkg/detectors/ldap/ldap.go b/pkg/detectors/ldap/ldap.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"net"
 	"net/url"
 	"strings"
@@ -128,7 +129,10 @@ func isErrDeterminate(err error) bool {
 	return true
 }
 
-func verifyLDAP(username, password string, ldapURL *url.URL) error {
+func verifyLDAP(ctx context.Context, username, password string, ldapURL *url.URL) error {
+	if common.IsDone(ctx) {
+		return ctx.Err()
+	}
 	// Tests with non-TLS, TLS, and STARTTLS
 
 	uri := ldapURL.String()