trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

[request] Add mongodb connection string detector

Open bugbaba opened this issue 3 years ago • 0 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hello Team :)

Currently the truffleHog is not having any detector for mongodb connection string, The URI detector https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/uri/uri.go regex is at times able to detect some cases, But not all of them.

Problem to be Addressed

mongodb connection string not detected by trufflehog.

Description of the Preferred Solution

Add a detector to detect mongodb connection string in the code.

You can use https://github.com/bugbaba/tempTrufflehogdebug repo for testing the regex it has both mongodb:// and mongodb+srv:// schema/protocol strings.

Additional Context

Official mongodb documentation: https://www.mongodb.com/docs/manual/reference/connection-string/

Also GitGuardian one of the vendors in this space is able to detect the same. 2022-07-29_10-35

bugbaba avatar Jul 29 '22 05:07 bugbaba