New buildkite token format - Githubissues

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials

https://trufflesecurity.com

GNU Affero General Public License v3.0

17.34k stars 1.72k forks source link

New buildkite token format #1300

Closed CameronLonsdale closed 1 year ago

CameronLonsdale commented 1 year ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Buildkite has updated their token format to use a common prefix of bkua_. The rest of the token format is the same as described with 40 hex characters https://github.com/trufflesecurity/trufflehog/blob/58e8c1e4ac9e4663006d01ed62859bd927e53f5f/pkg/detectors/buildkite/buildkite.go#L24.

Likely with how npm tokens changed, we should create a new detector for this format & can re-use the same validation endpoint.

Problem to be Addressed

New Buildkite tokens can be detected

Description of the Preferred Solution

A new detector using the updated Buildkite token format.

Additional Context

References

dustin-decker commented 1 year ago

Thank you for the information! We will update this soon.