Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JiraToken v1 detector is subtly broken #3818

Open
rgmz opened this issue Dec 26, 2024 · 1 comment · May be fixed by #3826
Open

JiraToken v1 detector is subtly broken #3818

rgmz opened this issue Dec 26, 2024 · 1 comment · May be fixed by #3826
Assignees
@kashifkhan0771
Labels
bug

Comments

@rgmz
Copy link
Contributor

rgmz commented Dec 26, 2024
edited
Loading

The JiraToken v1 detector detector has a defect that prevents it from working in many cases.

If the email match contains any whitespace (e.g., email = [email protected]), the strings.Split can silently fail len != 2 (#2746)

trufflehog/pkg/detectors/jiratoken/v1/jiratoken.go

Lines 56 to 59 in def734a

email = strings.Split(email[0], " ")
if len(email) != 2 {
continue
}

Related

It seems to have been broken over a year ago by #1288 without anyone noticing, even after unit tests were supposedly added in #3614.

See also: #2746 (comment), #3773, #3817
@rgmz rgmz added the bug label Dec 26, 2024
@rgmz rgmz changed the title JiraToken v1 detector is subtely broken JiraToken v1 detector is subtly broken Dec 26, 2024
@kashifkhan0771
Copy link
Contributor

kashifkhan0771 commented Dec 30, 2024
edited
Loading

I believe a simple solution is that we can use our email regex pattern from common here. Somehow this detector was missed in the pull request

@rgmz rgmz mentioned this issue Dec 30, 2024
Closed
@kashifkhan0771 kashifkhan0771 self-assigned this Dec 31, 2024
@kashifkhan0771 kashifkhan0771 linked a pull request Dec 31, 2024 that will close this issue
Open
2 tasks
@kashifkhan0771 kashifkhan0771 linked a pull request Dec 31, 2024 that will close this issue
fixed jirav1 detector email pattern #3826
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kashifkhan0771 kashifkhan0771

Labels
bug
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixed jirav1 detector email pattern kashifkhan0771/trufflehog
2 participants
@rgmz @kashifkhan0771