Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fixed verification endpoint and verification logic for brand fetch #3470

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

fix: fixed verification endpoint and verification logic for brand fetch #3470

Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8734bdc
fix: fixed verification endpoint and verification logic
sahil9001 Oct 18, 2024
0e92a89
fix: added API doc link
sahil9001 Oct 21, 2024
81955b7
feat: introduced a new detector for apis
sahil9001 Oct 22, 2024
9aaadb9
Merge branch 'main' into brandfetch-verfication-endpoint-fix
kashifkhan0771 Oct 25, 2024
8e8f6f4
Merge remote-tracking branch 'upstream/main' into brandfetch-verficat…
sahil9001 Oct 28, 2024
7c16206
feat: added versioner impl
sahil9001 Oct 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 6 additions & 7 deletions pkg/detectors/brandfetch/brandfetch.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@ package brandfetch

import (
"context"
regexp "github.com/wasilibs/go-re2"
"net/http"
"strings"

regexp "github.com/wasilibs/go-re2"

"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
Expand All @@ -20,7 +21,7 @@ var (
client = common.SaneHttpClient()

// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"brandfetch"}) + `\b([0-9A-Za-z]{40})\b`)
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"brandfetch"}) + `\b([a-zA-Z0-9=]{44})`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The token I received included a / character as well. Its length was 44, which seems correct. I recommend generating multiple tokens to confirm the pattern.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enhanced regex and created new version for the API v2

)

// Keywords are used for efficiently pre-filtering chunks.
Expand All @@ -47,15 +48,13 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}

if verify {
payload := strings.NewReader(`{
"domain": "www.example.com"
}`)
req, err := http.NewRequestWithContext(ctx, "POST", "https://api.brandfetch.io/v1/color", payload)
// API upgraded to v2 from v1, new API doc: https://docs.brandfetch.com/reference/brand-api
req, err := http.NewRequestWithContext(ctx, "GET", "https://api.brandfetch.io/v2/brands/google.com", nil)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current v1 APIs with the old tokens are still functioning properly. Therefore, rather than updating the existing version, I would recommend adding a new version of the detector.

if err != nil {
continue
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("x-api-key", resMatch)
req.Header.Add("Authorization", "Bearer "+resMatch)
res, err := client.Do(req)
if err == nil {
defer res.Body.Close()
Expand Down