Updates the LaunchDarkly detector to use the new caller-identity API, built by the LaunchDarkly security team to support this kind of use case.
This way, secret scanners don't need to depend on other APIs, which may result in false-negative results if the credential found simply doesn't have permission to access that resource. Also, this means there is no need to instantiate an LD SDK to test SDK keys, which is a rather heavyweight operation (compared to what is needed here).
Also, improved the tests so they pass (unless I misunderstood what the tests were trying to do... they seemed to fail on main when I ran them, because the ExtraData was not present in the expected objects, and the Scanner object that was defined in the test cases was not being used by the tests, so the test case for the unexpected response code failed.
Description:
Updates the LaunchDarkly detector to use the new
caller-identity
API, built by the LaunchDarkly security team to support this kind of use case.This way, secret scanners don't need to depend on other APIs, which may result in false-negative results if the credential found simply doesn't have permission to access that resource. Also, this means there is no need to instantiate an LD SDK to test SDK keys, which is a rather heavyweight operation (compared to what is needed here).
Also, improved the tests so they pass (unless I misunderstood what the tests were trying to do... they seemed to fail on main when I ran them, because the ExtraData was not present in the expected objects, and the
Scanner
object that was defined in the test cases was not being used by the tests, so the test case for the unexpected response code failed.Addresses https://github.com/trufflesecurity/trufflehog/issues/3017
Checklist:
make test-community
)?make lint
this requires golangci-lint)?