S3 Secret Keys not detected

iFrozenPhoenix commented 1 week ago

Version

3.82.6

Trace Output

NOT APPLICABLE

Expected Behavior

S3 Secret Keys that are defined in a JSON file as a KV pair S3_SECRET_KEY: verysecret are recognized. The corresponding S3_ACCESS_KEY pairs are recognized.

Actual Behavior

S3 access keys are recognized, S3 secret keys not.

Steps to Reproduce

Take a test JSON file with both KV pairs
Place the JSON in a S3 Bucket
Scan the bucket (without any special flags)
See that S3_ACCESS_KEY is recognized and S3_SECRET_KEY not

Environment

OS: debian
Version testing (Rolling)

Additional Context

{
  "env": {
    "S3_ACCESS_KEY": "i-have-an-access-key",
    "S3_SECRET_KEY": "and-a-secret-key"
  }
}

References

0000

dustin-decker commented 1 week ago

Are you expecting the sample that you provided to be detected? That wouldn't match the pattern required.

iFrozenPhoenix commented 1 week ago

Yes indeed I expect it to be detected. The access key is detected in such a file, but the secret key not. Can't understand the reason behind it.

dustin-decker commented 1 week ago

Are you trying to detect actual keys? Or placeholders like you provided?

iFrozenPhoenix commented 1 week ago

Actual keys. To be more specific the keys are in the given format within a cloudformation config.

trufflesecurity / trufflehog