address detector issues (trufflesecurity#123)

sainsburys-tech · Apr 2, 2022 · a1dfcde · a1dfcde
1 parent 78b344d
commit a1dfcde
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/pkg/detectors/uri/uri.go b/pkg/detectors/uri/uri.go
@@ -69,10 +69,15 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 			}
 		}
 
-		token := match[0]
+		urlMatch := match[0]
 		password := match[1]
 
-		parsedURL, err := url.Parse(token)
+		// Skip findings where the password starts with a `$` - it's almost certainly a variable.
+		if strings.HasPrefix(password, "$") {
+			continue
+		}
+
+		parsedURL, err := url.Parse(urlMatch)
 		if err != nil {
 			continue
 		}
@@ -83,11 +88,11 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 			continue
 		}
 
-		redact := strings.TrimSpace(strings.Replace(token, password, strings.Repeat("*", len(password)), -1))
+		redact := strings.TrimSpace(strings.Replace(urlMatch, password, strings.Repeat("*", len(password)), -1))
 
 		s := detectors.Result{
 			DetectorType: detectorspb.DetectorType_URI,
-			Raw:          []byte(token),
+			Raw:          []byte(urlMatch),
 			Redacted:     redact,
 		}
 
@@ -96,7 +101,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 			// whitelist protocols
 
 			// Assume a 200 response is a valid credential
-			postValues := map[string]string{"protocol": parsedURL.Scheme, "credentialed_uri": token}
+			postValues := map[string]string{"protocol": parsedURL.Scheme, "credentialed_uri": urlMatch}
 			jsonValue, _ := json.Marshal(postValues)
 			req, err := http.NewRequestWithContext(ctx, "POST", ssrfProtectorURL, bytes.NewBuffer(jsonValue))
 			if err != nil {

diff --git a/pkg/engine/defaults.go b/pkg/engine/defaults.go
@@ -255,7 +255,6 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/helpscout"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/hereapi"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/heroku"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/hive"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/hiveage"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/holidayapi"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/host"
@@ -504,7 +503,6 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/splunkobservabilitytoken"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/spoonacular"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/sportsmonk"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/spotifykey"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/square"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/squareapp"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/squarespace"
@@ -709,7 +707,7 @@ func DefaultDetectors() []detectors.Detector {
 		&sentrytoken.Scanner{},
 		&githubapp.Scanner{},
 		&slackwebhook.Scanner{},
-		&spotifykey.Scanner{},
+		// &spotifykey.Scanner{},
 		&discordwebhook.Scanner{},
 		// &zapierwebhook.Scanner{},
 		&pubnubsubscriptionkey.Scanner{},
@@ -1087,7 +1085,7 @@ func DefaultDetectors() []detectors.Detector {
 		zenscrape.Scanner{},
 		// dailyco.Scanner{},
 		nicereply.Scanner{},
-		hive.Scanner{},
+		// hive.Scanner{},
 		clustdoc.Scanner{},
 		scrapingant.Scanner{},
 		kickbox.Scanner{},