search

newrelic / rusty-hog

A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python.
Apache License 2.0
445 stars 58 forks source link

Update essex_hog.rs #37

Closed alaaseeku closed 1 year ago

alaaseeku commented 3 years ago

allow connection to on-perm Confluence by removing encoding token

CLAassistant commented 3 years ago

CLA assistant check
All committers have signed the CLA.

cutler-scott-newrelic commented 3 years ago

Hi @alaaseeku ! Since I don't seem to be able to use this authentication method on my confluence, can you point me to the Atlassian documentation around this specific type of key? And/or show me a screenshot of it working on your instance? I know there is at least one other person using this argument so I don't want to make a breaking change unless I can confirm it's working. Though in general I think this change makes sense.

Spencer-Doak commented 1 year ago

Howdy, @cutler-scott-newrelic I just want to confirm that encoding Confluence tokens for on-prem servers (e.g., Confluence Data Center) is incorrect behavior. Here's some documentation which essentially says personal access tokens should be passed without any transformations/modifications: https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html

Hope that helps! I am planning to test out Rusty Hog soon to scan for secrets in a Confluence Data Center server along with a few other sources, so when I saw this PR, I figured I'd chime in.

Spencer-Doak commented 1 year ago

A quick follow-up: I tested out Rusty Hog a couple months ago. As expected, Rusty Hog's master branch failed to scan a Confluence Data Center server. After locally merging @alaaseeku's commit into my clone of the Rusty Hog repo & rebuilding, my Confluence scans succeeded.

@cutler-scott-newrelic please merge this change so I don't have to maintain a fork 🙏

cutler-scott-newrelic commented 1 year ago

Sorry for making you all bug me over the last 2 years. Since I have confirmation someone else tested it successfully, I'll merge it tomorrow!

On Wed, Dec 14, 2022, 4:42 PM Spencer @.***> wrote:

A quick follow-up: I tested out Rusty Hog a couple months ago. As expected, Rusty Hog's master branch failed to scan a Confluence Data Center server. After locally merging @alaaseeku https://github.com/alaaseeku's commit into my clone of the Rusty Hog repo & rebuilding, my Confluence scans succeeded.

@cutler-scott-newrelic https://github.com/cutler-scott-newrelic please merge this change so I don't have to maintain a fork 🙏

— Reply to this email directly, view it on GitHub https://github.com/newrelic/rusty-hog/pull/37#issuecomment-1352408567, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALKCTQOFN243LMCKLIKBGSDWNJSOVANCNFSM5DBWZ25Q . You are receiving this because you were mentioned.Message ID: @.***>