search

trufflesecurity / trufflehog

Find and verify secrets
https://trufflesecurity.com
GNU Affero General Public License v3.0
14.39k stars 1.57k forks source link

[MongoDB] Creds not getting detected in latest version 3.78.1 & in older versions, getting verification error: context deadline exceeded #2991

Open k-sau opened 2 weeks ago

k-sau commented 2 weeks ago

TruffleHog Version

3.78.1
3.78.0

Trace Output

https://gist.github.com/k-sau/e44f532bd423776ff0c964fe150d2ec1

Expected Behavior

MongoDB creds should be detected

Actual Behavior

In 3.78.1 in mac sillicon chips based machine, it wasn't detecting at all but it is working fine in ubuntu. In 3.78.0, it's detecting the credentials but failing to validate the credential which are on different region other than yours.

Steps to Reproduce

  1. Create dummy MongoDb credential of region which have ideally high latency from your region.
  2. Run the trufflehog scan on it from v3.78.1 & v3.78.0 on apple silicon chips machine.
  3. In v3.78.1, trufflehog will not even detect the mongodb pattern.
  4. And in v3.78.0, you will get: Verification issue: context deadline exceeded.

Environment