Open bugbaba opened 2 years ago
This is partially related to https://github.com/trufflesecurity/trufflehog/issues/716
The password format for a pypirc file would be caught by that generic scanner:
[distutils]
index-servers =
pypi
testpypi
[pypi]
username = ...
password = ...
But it would be great to also verify these credentials!
Community Note
Description
Hello Team :)
Currently the truffleHog is not having any detector for credentials and API token hardcoded inside the .pypirc file. It allows authenticated access to pypi.org
Problem to be Addressed
Credentials and API token hardcoded inside the .pypirc file not detected by trufflehog.
Description of the Preferred Solution
Add a detector to detect Credentials and API token in the .pypirc file.
References
https://packaging.python.org/en/latest/specifications/pypirc/
-- Regards, @bugbaba