-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[detector] Implemented Box Detector #3242
Conversation
Box also has OAuth, thoughts on adding that also? |
remove PII details of user.
@abmussani is this ready for another review? |
* main: (127 commits) Update SaladCloud description (trufflesecurity#3399) fix tests (trufflesecurity#3400) [chore] Update custom detector default description (trufflesecurity#3398) add description to salad (trufflesecurity#3397) Add detector for SaladCloud API Keys (trufflesecurity#3273) fix(deps): update module github.com/xanzy/go-gitlab to v0.111.0 (trufflesecurity#3393) Add SliceContainsString common util (trufflesecurity#3395) fix: pr template link to golangci-lint (trufflesecurity#3392) fix(deps): update golang.org/x/exp digest to f66d83c (trufflesecurity#3389) Separate detector tests into unit/integration (trufflesecurity#3274) Manually upgrade github dep (trufflesecurity#3387) Updated Fastly Personal Token Detector (trufflesecurity#3386) fix(deps): update module google.golang.org/api to v0.200.0 (trufflesecurity#3391) [Fix] Snowflake privatelink Support (trufflesecurity#3286) Enhanced the easyinsight detector (trufflesecurity#3384) Log skipped files on debug level (trufflesecurity#3383) build: update retracted bluemonday ver (trufflesecurity#3369) Fix git binary handling and add a smoke test (trufflesecurity#3379) fix(deps): update module google.golang.org/protobuf to v1.35.1 (trufflesecurity#3382) Added Cisco Meraki API Key detector (trufflesecurity#3367) ... # Conflicts: # pkg/engine/defaults.go # pkg/pb/detectorspb/detectors.pb.go # proto/detectors.proto
Implemented description for Box detectors. Separated out test for Box detectors.
@0x1 This PR now includes, Detector for Box Token and Box Oauth mechanism. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall. Very Clean Code 🫧
* main: feat: propagate file info in log context (trufflesecurity#3405) fix(deps): update module github.com/xanzy/go-gitlab to v0.112.0 (trufflesecurity#3410) fix(deps): update module github.com/getsentry/sentry-go to v0.29.1 (trufflesecurity#3408) fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.6 (trufflesecurity#3407)
Great work @abmussani |
Seeing to many false positives matches for this due to |
s1 := detectors.Result{ | ||
DetectorType: detectorspb.DetectorType_BoxOauth, | ||
Raw: []byte(resIdMatch), | ||
RawV2: []byte(resIdMatch + resSecretMatch), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@abmussani A separator between the two matches would make it more readable
Description:
This PR adds up a new detector for "Box" Service. Please note that, by default, Box tokens has expiry of 60 minutes. To run the test, token might be needed to regenerated and updated in vault.
This PR also includes Detector for Box Oauth service.
Documentation: https://developer.box.com/reference/get-authorize/
Checklist:
make test-community
)?make lint
this requires golangci-lint)?