From c2ff0f248539584f0b1540ed1acb436821591dd1 Mon Sep 17 00:00:00 2001 From: kashif khan Date: Thu, 24 Oct 2024 11:59:45 +0500 Subject: [PATCH 1/2] updated results with RawV2 --- .../gcpapplicationdefaultcredentials.go | 2 ++ .../gcpapplicationdefaultcredentials_test.go | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go b/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go index 3b2de9ebbc95..e7fcb099d008 100644 --- a/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go +++ b/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go @@ -79,6 +79,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result s1 := detectors.Result{ DetectorType: detectorspb.DetectorType_GCPApplicationDefaultCredentials, Raw: []byte(detectedClientID), + RawV2: []byte(detectedClientID + creds.RefreshToken), + Redacted: creds.RefreshToken, } if verify { diff --git a/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials_test.go b/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials_test.go index 4d77c47ebcc8..bb60e754ec6e 100644 --- a/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials_test.go +++ b/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials_test.go @@ -2,10 +2,11 @@ package gcpapplicationdefaultcredentials import ( "context" + "testing" + "github.com/google/go-cmp/cmp" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" "github.com/trufflesecurity/trufflehog/v3/pkg/engine/ahocorasick" - "testing" ) func TestGcpapplicationdefaultcredentials_Pattern(t *testing.T) { @@ -24,7 +25,9 @@ func TestGcpapplicationdefaultcredentials_Pattern(t *testing.T) { "refresh_token": "1//0_joijgor3i4ut98579862709342j3kjJOIE02834jijfewoifjowiejfhghyzznfoiwejfwnvuhewiufnwinciwu_-o2i3jjfcc", "type": "authorized_user" }`, - want: []string{"191375729402-oiuj2498ry3497gjveoierj8294jfj41"}, + want: []string{ + "191375729402-oiuj2498ry3497gjveoierj8294jfj411//0_joijgor3i4ut98579862709342j3kjJOIE02834jijfewoifjowiejfhghyzznfoiwejfwnvuhewiufnwinciwu_-o2i3jjfcc", + }, }, } From 8088855ca1169881855691e78d0a94ad6ef85fdf Mon Sep 17 00:00:00 2001 From: kashif khan Date: Mon, 28 Oct 2024 10:45:11 +0500 Subject: [PATCH 2/2] censored the refresh token in result --- .../gcpapplicationdefaultcredentials.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go b/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go index e7fcb099d008..a732c16508d3 100644 --- a/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go +++ b/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go @@ -80,7 +80,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result DetectorType: detectorspb.DetectorType_GCPApplicationDefaultCredentials, Raw: []byte(detectedClientID), RawV2: []byte(detectedClientID + creds.RefreshToken), - Redacted: creds.RefreshToken, + Redacted: creds.RefreshToken[:3] + "..." + creds.RefreshToken[min(len(creds.RefreshToken)-1, 47):], // censor the refresh token } if verify {