-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updated gcpapplicationdefaultcredentials detector results with RawV2 #3499
updated gcpapplicationdefaultcredentials detector results with RawV2 #3499
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kashifkhan0771 you might need to take a look at integration test as well.
@@ -79,6 +79,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result | |||
s1 := detectors.Result{ | |||
DetectorType: detectorspb.DetectorType_GCPApplicationDefaultCredentials, | |||
Raw: []byte(detectedClientID), | |||
RawV2: []byte(detectedClientID + creds.RefreshToken), | |||
Redacted: creds.RefreshToken, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should redacted
field posses censored version of RefreshToken
? @zricethezav I noted there is mix strategy, Some detectors are censoring, some not. Is there any particular documentation about it ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shall we censor it or not @zricethezav @abmussani ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO, it should be, similar to what is done in OpenAI.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done @abmussani ✅
d5dd85e
to
8088855
Compare
* main: (76 commits) update aws descriptions (trufflesecurity#3529) enforce timeout on circleci test (trufflesecurity#3528) rm snifftest (trufflesecurity#3527) Redact more source credentials (trufflesecurity#3526) Create global log redaction capability (trufflesecurity#3522) Adding basic "what is trufflehog" to the readme (trufflesecurity#3514) Handle custom detector response and include in extra data (trufflesecurity#3411) fix: fixed validation logic for `calendarific` (trufflesecurity#3480) fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (trufflesecurity#3518) Move DecoderType into ResultWithMetadata trufflesecurity#3502 Addeded 403 account block status code handling for gitlab (trufflesecurity#3471) updated gcpapplicationdefaultcredentials detector results with RawV2 (trufflesecurity#3499) fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (trufflesecurity#3512) fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (trufflesecurity#3510) fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (trufflesecurity#3498) Adds a logging section in the contributing guidelines (trufflesecurity#3509) fix: fixed verifcation pattern logic for `bulksms` (trufflesecurity#3478) Extend `algoliaadminkey` with additional checks (trufflesecurity#3459) fix(deps): update module google.golang.org/api to v0.203.0 (trufflesecurity#3497) fix: added correct api endpoint for verification & logic for Aeroworkflow (trufflesecurity#3435) ...
Description:
Added refresh token in RawV2 for
gcpapplicationdefaultcredentials
detector.JIRA Ticket:
https://trufflesecurity.atlassian.net/jira/servicedesk/projects/CSM/queues/custom/43/CSM-706
Checklist:
make test-community
)?make lint
this requires golangci-lint)?