The CloudSmith entitlement token isn't detected as the secret

[alexku7]

Hello The cloudsmith entitlement token isn't detected.

Honestly speaking it's a bit tricky to detect. The token is relatively short without clear identifier , for example DqhyrhnfAOky.

Any chance to add it anyway do the detection engine ?

[pierrelalanne]

Hello @alexku7, I had a look at Cloudsmith's documentation, but would you have more details about this kind of token ? What is the length range ? What charset is involved ? Would you have a code snippet demonstrating how this token is supposed to be used ? This will greatly help us assess if we can support this kind of token. Thanks.

[alexku7]

Hello @pierrelalanne

Usually the token appears in the URL , for example https://dl.cloudsmith.io/{ENTITLEMENT_TOKEN}/satori/pytori/python/simple/ The URL represents some location where we should download some package ( in this case some python package stored in the cloudsmith repo)

The {ENTITLEMENT_TOKEN}. is a random string for example C4dyQKtkHBgCrqsp

But the problem that the token can be any random string or number with various length.

So , probably the best way to detect it is to search it as part of the cloudsmith.io URL