Added Twitter v2 Detector

trufflesecurity / trufflehog

Find and verify secrets

https://trufflesecurity.com

GNU Affero General Public License v3.0

14.39k stars 1.57k forks source link

Added Twitter v2 Detector #3016

Open abmussani opened 1 week ago

abmussani commented 1 week ago

Description:

Twitter has modified their format of bearer token which is no longer detected by old detector and have not mentioned that old format is still working or not. As per the guide, this PR includes new version of twitter detector, also includes the test for it.

Checklist:

[ ] Tests passing (make test-community)?
[x] Lint passing (make lint this requires golangci-lint)?

rgmz commented 4 days ago

the v1 tests need version info added to the extra data

Is there a reason this isn't done in the engine? Doing it by hand for every detector seems sloppy.

0x1 commented 4 days ago

the v1 tests need version info added to the extra data

Is there a reason this isn't done in the engine? Doing it by hand for every detector seems sloppy.

i don't think the engine can modify the want cases

rgmz commented 4 days ago

i don't think the engine can modify the want cases

Ah, I meant adding version info to the result automatically so you don't have to do this for every detector:

  ExtraData: map[string]string{
    "version": fmt.Sprintf("%d", s.Version()),
  },

But you're correct that you'd still need to do:

 {
   DetectorType: detectorspb.DetectorType_Twitter,
+  DetectorVersion: 2,
   Verified:     true,
 },

0x1 commented 3 days ago

i don't think the engine can modify the want cases

Ah, I meant adding version info to the result automatically so you don't have to do this for every detector:
  ExtraData: map[string]string{
    "version": fmt.Sprintf("%d", s.Version()),
  },
But you're correct that you'd still need to do:
 {
   DetectorType: detectorspb.DetectorType_Twitter,
+  DetectorVersion: 2,
   Verified:     true,
 },

fair point.

abmussani commented 1 day ago

the v1 tests need version info added to the extra data

Is there a reason this isn't done in the engine? Doing it by hand for every detector seems sloppy.

I believe its not mandatory to implement Version for all the detectors. that's where engine cannot do that.

rosecodym commented 1 day ago

the v1 tests need version info added to the extra data

Is there a reason this isn't done in the engine? Doing it by hand for every detector seems sloppy.

I believe its not mandatory to implement Version for all the detectors. that's where engine cannot do that.

I believe that @rgmz is proposing new engine logic that checks to see if a detector has a version, and adding it to ExtraData if it does, but doing nothing otherwise. Is there any reason we couldn't do that?