trufflesecurity · dustin-decker · Feb 6, 2024 · Feb 6, 2024
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	regexp "github.com/wasilibs/go-re2"
 	"net/http"
+	"encoding/json"
 	"strings"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
@@ -52,25 +53,43 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		}
 
 		if verify {
-			req, err := http.NewRequestWithContext(ctx, "GET", "https://api.opsgenie.com/v2/alerts", nil)
+			// Check for false positives
+		    if detectors.IsKnownFalsePositive(match[0], append(detectors.DefaultFalsePositives, "opsgenie.com/alert/detail/"), true) {
+		        continue
+		    }
+		    req, err := http.NewRequestWithContext(ctx, "GET", "https://api.opsgenie.com/v2/alerts", nil)
+		    if err != nil {
+			continue
+		    }
+		    req.Header.Add("Authorization", fmt.Sprintf("GenieKey %s", resMatch))
+		    res, err := client.Do(req)
+		    if err != nil {
+			continue
+		    }
+		    defer res.Body.Close()
+
+		    // Check for 200 status code
+		    if res.StatusCode == 200 {
+			var data map[string]interface{}
+			err := json.NewDecoder(res.Body).Decode(&data)
 			if err != nil {
-				continue
+			    s1.Verified = false
+			    continue
 			}
-			req.Header.Add("Authorization", fmt.Sprintf("GenieKey %s", resMatch))
-			res, err := client.Do(req)
-			if err == nil {
-				defer res.Body.Close()
-				if res.StatusCode >= 200 && res.StatusCode < 300 {
-					s1.Verified = true
-				} else {
-					// This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key.
-					if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
-						continue
-					}
-				}
+
+			// Check if "data" is one of the top-level attributes
+			if _, ok := data["data"]; ok {
+			    s1.Verified = true
+			} else {
+			    s1.Verified = false
 			}
+		    } else {
+			s1.Verified = false
+
+		    }
 		}
 
+
 		results = append(results, s1)
 	}