Detector-Competition-Fix: Fix CloudSmith detection (#1944)

trufflesecurity · Oct 24, 2023 · 7bc0b77 · 7bc0b77
1 parent d934535
commit 7bc0b77
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/pkg/detectors/cloudsmith/cloudsmith.go b/pkg/detectors/cloudsmith/cloudsmith.go
@@ -2,6 +2,7 @@ package cloudsmith
 
 import (
 	"context"
+	"encoding/json"
 	"net/http"
 	"regexp"
 	"strings"
@@ -29,6 +30,10 @@ func (s Scanner) Keywords() []string {
 	return []string{"cloudsmith"}
 }
 
+type response struct {
+	Authenticated bool `json:"authenticated"`
+}
+
 // FromData will find and optionally verify Cloudsmith secrets in a given set of bytes.
 func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
 	dataStr := string(data)
@@ -57,7 +62,14 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 			if err == nil {
 				defer res.Body.Close()
 				if res.StatusCode >= 200 && res.StatusCode < 300 {
-					s1.Verified = true
+					var r response
+					if err := json.NewDecoder(res.Body).Decode(&r); err != nil {
+						s1.VerificationError = err
+						continue
+					}
+					if r.Authenticated {
+						s1.Verified = true
+					}
 				} else {
 					// This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key.
 					if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {