search

newrelic / rusty-hog

A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python.
Apache License 2.0
445 stars 58 forks source link

gottingen_hog failed with code 401 with --authtoken usage. #58

Open drenderyga opened 11 months ago

drenderyga commented 11 months ago

Jira and confluence scanner failed while using authtoken instead login and password. Postman requests with the same token works as expected.

Steps to Reproduce

Use the latest docker container with --authtoken option.

Expected Behaviour

Scan successfully completed.

Relevant Logs / Console output

Jira:

user@test_host:~/secrets/jira$ docker run --rm -it wetfeet2000/gottingen_hog:1.0.10 --authtoken $JIRA_TOKEN --url https://jira.example.com TEST-48 --verbose

/usr/local/bin/gottingen_hog --authtoken <valid_token> --url https://jira.example.com TEST-48 --verbose
2023-09-27 07:33:11,830 INFO  [rusty_hogs] Attempting to parse JSON regex file from provided string...
2023-09-27 07:33:12,010 INFO  [rusty_hogs] Attempting to parse JSON allowlist string
thread 'main' panicked at 'Request to https://jira.example.com/rest/api/2/issue/TEST-48 failed with code 401: {"errorMessages":rage:"You do not have the permission to see the specified issue.","Login Required"],"errors":{}}', src/bin/gottingen_hog.rs:216:9
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

Confluence

user@test_host:~/secrets/confluence$ docker run -it --rm wetfeet2000/essex_hog:1.0.10 --verbose --authtoken $CONFLUENCE_TOKEN 12345678 https://confluence.example.com/

/usr/local/bin/essex_hog --verbose --authtoken <valid_token> 12345678 https://confluence.example.com/
2023-09-27 07:34:07,850 INFO  [rusty_hogs] Attempting to parse JSON regex file from provided string...
2023-09-27 07:34:08,029 INFO  [rusty_hogs] Attempting to parse JSON allowlist string
thread 'main' panicked at 'Request to https://confluence.example.com/rest/api/content/12345678?expand=body.storage failed with code 404: {"statusCode":404,"data":{"authorized":false,"valid":true,"allowedInReadOnlyMode":true,"errors":rage:],"successful":false},"message":"No content found with id: ContentId{id=48037914}","reason":"Not Found"}', src/bin/essex_hog.rs:249:9
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

Your Environment

Ubuntu 22.04.2 LTS Docker version 24.0.4, build 3713ee1