Skip to content

Commit

Permalink
updated and fixed typeform detectors
Browse files Browse the repository at this point in the history
  • Loading branch information
kashifkhan0771 committed Dec 12, 2024
1 parent d1317d6 commit 6417fa6
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 63 deletions.
44 changes: 32 additions & 12 deletions pkg/detectors/typeform/v1/typeform.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package typeform
import (
"context"
"fmt"
"io"
"net/http"
"strings"

Expand Down Expand Up @@ -51,18 +52,9 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}

if verify {
req, err := http.NewRequestWithContext(ctx, "GET", "https://api.typeform.com/me", nil)
if err != nil {
continue
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
res, err := client.Do(req)
if err == nil {
defer res.Body.Close()
if res.StatusCode >= 200 && res.StatusCode < 300 {
s1.Verified = true
}
}
isVerified, verificationErr := verifyTypeForm(ctx, client, resMatch)
s1.Verified = isVerified
s1.SetVerificationError(verificationErr)
}

results = append(results, s1)
Expand All @@ -78,3 +70,31 @@ func (s Scanner) Type() detectorspb.DetectorType {
func (s Scanner) Description() string {
return "Typeform is a service for creating forms and surveys. Typeform API keys can be used to access and manage forms and responses."
}

func verifyTypeForm(ctx context.Context, client *http.Client, key string) (bool, error) {
req, err := http.NewRequestWithContext(ctx, "GET", "https://api.typeform.com/me", nil)
if err != nil {
return false, err
}

req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", key))

resp, err := client.Do(req)
if err != nil {
return false, err
}

defer func() {
_, _ = io.Copy(io.Discard, resp.Body)
_ = resp.Body.Close()
}()

switch resp.StatusCode {
case http.StatusOK:
return true, nil
case http.StatusUnauthorized, http.StatusForbidden:
return false, nil
default:
return false, fmt.Errorf("unexpected status code: %d", resp.StatusCode)
}
}
38 changes: 24 additions & 14 deletions pkg/detectors/typeform/v2/typeform.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"

regexp "github.com/wasilibs/go-re2"
Expand All @@ -13,7 +14,9 @@ import (
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
)

type Scanner struct{}
type Scanner struct {
client *http.Client

Check failure on line 18 in pkg/detectors/typeform/v2/typeform.go

View workflow job for this annotation

GitHub Actions / golangci-lint

field `client` is unused (unused)
}

// Ensure the Scanner satisfies the interface at compile time.
var _ detectors.Detector = (*Scanner)(nil)
Expand Down Expand Up @@ -54,9 +57,9 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
if verify {
verified, typeformResponse, requestErr := verifyMatch(ctx, client, match)
s1.Verified = verified
if requestErr != nil {
s1.SetVerificationError(err, match)
} else {
s1.SetVerificationError(requestErr)

if typeformResponse != nil {
s1.ExtraData = map[string]string{
"UserId": typeformResponse.UserID,
"Email": typeformResponse.Email,
Expand All @@ -72,26 +75,33 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
return results, nil
}

func verifyMatch(ctx context.Context, client *http.Client, secret string) (bool, TypeFormResponse, error) {
var response TypeFormResponse

func verifyMatch(ctx context.Context, client *http.Client, secret string) (bool, *TypeFormResponse, error) {
req, err := http.NewRequestWithContext(ctx, "GET", "https://api.typeform.com/me", nil)
if err != nil {
return false, response, nil
return false, nil, nil
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", secret))
res, err := client.Do(req)
if err != nil {
return false, response, err
}
defer res.Body.Close()
if err = json.NewDecoder(res.Body).Decode(&response); err != nil {
return false, response, err
return false, nil, err
}

defer func() {
_, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close()
}()

if res.StatusCode == 200 {
var response *TypeFormResponse
if err = json.NewDecoder(res.Body).Decode(&response); err != nil {
return false, nil, err
}

return true, response, nil
} else if res.StatusCode == 401 || res.StatusCode == 403 {
return false, nil, nil
} else {
return false, response, fmt.Errorf("unexpected status code %d", res.StatusCode)
return false, nil, fmt.Errorf("unexpected status code %d", res.StatusCode)
}
}

Expand Down
43 changes: 6 additions & 37 deletions pkg/detectors/typeform/v2/typeform_integration_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
//go:build detectors
// +build detectors

package typeform

import (
Expand Down Expand Up @@ -52,6 +49,12 @@ func TestTypeform_FromChunk(t *testing.T) {
{
DetectorType: detectorspb.DetectorType_Typeform,
Verified: true,
ExtraData: map[string]string{
"Alias": "TruffleSecurity Detectors",
"Email": "[email protected]",
"Language": "en",
"UserId": "01JEX5WZZGGEC89F5E4DKW4144",
},
},
},
wantErr: false,
Expand Down Expand Up @@ -86,40 +89,6 @@ func TestTypeform_FromChunk(t *testing.T) {
wantErr: false,
wantVerificationErr: false,
},
{
name: "found, would be verified if not for timeout",
s: Scanner{client: common.SaneHttpClientTimeOut(1 * time.Microsecond)},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf("You can find a typeform secret %s within", secret)),
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_Typeform,
Verified: false,
},
},
wantErr: false,
wantVerificationErr: true,
},
{
name: "found, verified but unexpected api surface",
s: Scanner{client: common.ConstantResponseHttpClient(404, "")},
args: args{
ctx: context.Background(),
data: []byte(fmt.Sprintf("You can find a typeform secret %s within", secret)),
verify: true,
},
want: []detectors.Result{
{
DetectorType: detectorspb.DetectorType_Typeform,
Verified: false,
},
},
wantErr: false,
wantVerificationErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down

0 comments on commit 6417fa6

Please sign in to comment.