Sentry Token false matches

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials

https://trufflesecurity.com

GNU Affero General Public License v3.0

17.47k stars 1.72k forks source link

Sentry Token false matches #3370

Open rgmz opened 2 months ago

rgmz commented 2 months ago

False matches for Sentry token in package lock files:

sentry-sdk = [
    {file = "sentry-sdk-1.10.1.tar.gz", hash = "sha256:105faf7bd7b7fa25653404619ee261527266b14103fe1389e0ce077bd23a9691"},
    {file = "sentry_sdk-1.10.1-py2.py3-none-any.whl", hash = "sha256:06c0fa9ccfdc80d7e3b5d2021978d6eb9351fa49db9b5847cf4d1f2a473414ad"},
]

https://github.com/cohere-ai/sandbox-conversant-lib/blob/1245591101636f250cabc52dbd759169e42675bb/poetry.lock#L1688-L1689

Related to: #1517, #3266

rgmz commented 5 days ago

Another version:

Found unverified result 🐷🔑❓
Verification issue: unexpected HTTP response status 429
Detector Type: SentryToken
Decoder Type: PLAIN
Raw result: c091cc7115ff25fe3a0e410dbecd7a996f81a3f6137d2272daef32d6c3cfa6dc

https://github.com/mozilla/nucleus/blob/a9b5c1782df206466d0697abb8759c2cf4dfec70/requirements.txt#L331