From 5539254073dfb29aea5483ae9175970bb7bc68c9 Mon Sep 17 00:00:00 2001 From: kashif khan Date: Wed, 11 Dec 2024 20:42:19 +0500 Subject: [PATCH] updated tickettailor detector --- pkg/detectors/tickettailor/tickettailor.go | 68 ++++++++++++------- .../tickettailor/tickettailor_test.go | 4 +- 2 files changed, 44 insertions(+), 28 deletions(-) diff --git a/pkg/detectors/tickettailor/tickettailor.go b/pkg/detectors/tickettailor/tickettailor.go index a97f9cd2b3c9..587cfe32e8c6 100644 --- a/pkg/detectors/tickettailor/tickettailor.go +++ b/pkg/detectors/tickettailor/tickettailor.go @@ -2,11 +2,11 @@ package tickettailor import ( "context" - b64 "encoding/base64" "fmt" - regexp "github.com/wasilibs/go-re2" + "io" "net/http" - "strings" + + regexp "github.com/wasilibs/go-re2" "github.com/trufflesecurity/trufflehog/v3/pkg/common" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" @@ -22,7 +22,7 @@ var ( client = common.SaneHttpClient() // Make sure that your group is surrounded in boundary characters such as below to reduce false positives - keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"tickettailor"}) + `\b(sk[a-fA-Z0-9_]{45})\b`) + keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"tickettailor"}) + `\b(sk_[0-9]{4}_[0-9]{6}_[a-f0-9]{32})`) ) // Keywords are used for efficiently pre-filtering chunks. @@ -35,35 +35,22 @@ func (s Scanner) Keywords() []string { func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) { dataStr := string(data) - matches := keyPat.FindAllStringSubmatch(dataStr, -1) + uniqueKeyMatches := make(map[string]struct{}) - for _, match := range matches { - if len(match) != 2 { - continue - } - resMatch := strings.TrimSpace(match[1]) + for _, match := range keyPat.FindAllStringSubmatch(dataStr, -1) { + uniqueKeyMatches[match[1]] = struct{}{} + } + for key := range uniqueKeyMatches { s1 := detectors.Result{ DetectorType: detectorspb.DetectorType_Tickettailor, - Raw: []byte(resMatch), + Raw: []byte(key), } if verify { - data := fmt.Sprintf("%s:", resMatch) - sEnc := b64.StdEncoding.EncodeToString([]byte(data)) - req, err := http.NewRequestWithContext(ctx, "GET", "https://api.tickettailor.com/v1/orders", nil) - if err != nil { - continue - } - req.Header.Add("Accept", "application/vnd.tickettailor+json; version=3") - req.Header.Add("Authorization", fmt.Sprintf("Basic %s", sEnc)) - res, err := client.Do(req) - if err == nil { - defer res.Body.Close() - if res.StatusCode >= 200 && res.StatusCode < 300 { - s1.Verified = true - } - } + isVerified, verificationErr := verifyTicketTailor(ctx, client, key) + s1.Verified = isVerified + s1.SetVerificationError(verificationErr) } results = append(results, s1) @@ -79,3 +66,32 @@ func (s Scanner) Type() detectorspb.DetectorType { func (s Scanner) Description() string { return "Tickettailor is an online ticketing platform that allows event organizers to sell tickets. Tickettailor API keys can be used to manage events, orders, and tickets programmatically." } + +func verifyTicketTailor(ctx context.Context, client *http.Client, apiKey string) (bool, error) { + req, err := http.NewRequestWithContext(ctx, "GET", "https://api.tickettailor.com/v1/orders", nil) + if err != nil { + return false, err + } + + req.Header.Add("Accept", "application/json") + // as per API docs we only need to use apiKey as username in basic auth and leave password as empty: https://developers.tickettailor.com/#authentication + req.SetBasicAuth(apiKey, "") + resp, err := client.Do(req) + if err != nil { + return false, nil + } + + defer func() { + _, _ = io.Copy(io.Discard, resp.Body) + _ = resp.Body.Close() + }() + + switch resp.StatusCode { + case http.StatusOK: + return true, nil + case http.StatusUnauthorized, http.StatusForbidden: + return false, nil + default: + return false, fmt.Errorf("unexpected status code: %d", resp.StatusCode) + } +} diff --git a/pkg/detectors/tickettailor/tickettailor_test.go b/pkg/detectors/tickettailor/tickettailor_test.go index bedd54b51f55..88913652daa9 100644 --- a/pkg/detectors/tickettailor/tickettailor_test.go +++ b/pkg/detectors/tickettailor/tickettailor_test.go @@ -12,8 +12,8 @@ import ( ) var ( - validPattern = "skOFK3Yf_WW6E3TND0PXT5L4LPeOfVG7cEE_CdL2Y92fWNR" - invalidPattern = "skOFK3Yf_WW6E3TND0PXT5L?LPeOfVG7cEE_CdL2Y92fWNR" + validPattern = "sk_6551_225099_d9a4d4b7d506fba4d2cbb2ed803d088b" + invalidPattern = "sk_1234_225099_WW6E3TND0PXT5L?LPeOfVG7c2Y92fWNR" keyword = "tickettailor" )