Open arjunharidasp opened 1 week ago
Please review the Community Note before submitting
In Trufflehog detectors, we see artifactory is mentioned. However when tested with Jfrog artifactory token, its not getting detected as a secret.
Jfrog artifactory patterns
curl -username: -T "artifactory url/artifactname/"
curl -uusername: -L -O "artifactory url/artifactname/"
wget --header='X-JFrog-Art-Api: token' "artifactory url/artifactname/"
curl -v -H "X-JFrog-Art-Api: token"-T "artifactory url/artifactname/"
curl -H "X-JFrog-Art-Api:apitoken" -O " "artifactory url/artifactname/"
Examples text: | export ARTIFACTORY_URL=http://localhost:8081/artifactory export ARTIFACTORY_TOKEN=AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM apikey: AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
Jfrog artifactory api keys or tokens are detected as secrets
Please review the Community Note before submitting
Description
In Trufflehog detectors, we see artifactory is mentioned. However when tested with Jfrog artifactory token, its not getting detected as a secret.
Jfrog artifactory patterns
curl -username: -T "artifactory url/artifactname/"
curl -uusername: -L -O "artifactory url/artifactname/"
wget --header='X-JFrog-Art-Api: token' "artifactory url/artifactname/"
curl -v -H "X-JFrog-Art-Api: token"-T "artifactory url/artifactname/"
curl -H "X-JFrog-Art-Api:apitoken" -O " "artifactory url/artifactname/"
Examples text: | export ARTIFACTORY_URL=http://localhost:8081/artifactory export ARTIFACTORY_TOKEN=AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM apikey: AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
Preferred Solution
Jfrog artifactory api keys or tokens are detected as secrets