trufflehog
trufflehog copied to clipboard
trufflesecurity
Add Honeycomb detector
Description
Add a Honeycomb.io API key detector
General Comments
Currently using the auth endpoint (returns key's permissions) to verify the API key
All API keys require X-Honeycomb-Team:, but stuck instead with just Honeycomb as the keyword (for variables and such)
Thank you for the contribution! We'll add a credential and review this soon.
FYI I had to update the pattern in https://github.com/trufflesecurity/trufflehog/pull/687/commits/ad0d7f8b298a8ba250cec53fd20dee875546d834 for the test to pass. Please confirm it still works for you.
FYI I had to update the pattern in ad0d7f8 for the test to pass. Please confirm it still works for you.
Wow, my regex somehow got an additional A in there. However, my tests are now failing locally @dustin-decker.
$ CGO_ENABLED=0 go test -tags=detectors -timeout=5m github.com/trufflesecurity/trufflehog/v3/pkg/detectors/honeycomb
--- FAIL: TestHoneycomb_FromChunk (0.00s)
--- FAIL: TestHoneycomb_FromChunk/found,_verified (0.00s)
honeycomb_test.go:100: Honeycomb.FromData() found, verified diff: (-got +want)
[
+ {
+ DetectorType: 877,
+ Verified: true,
+ Raw: [
+ ],
+ RawV2: [
+ ],
+ Redacted: "",
+ ExtraData: {
+ },
+ StructuredData: nil,
+ },
]
--- FAIL: TestHoneycomb_FromChunk/found,_unverified (0.00s)
honeycomb_test.go:100: Honeycomb.FromData() found, unverified diff: (-got +want)
[
+ {
+ DetectorType: 877,
+ Verified: false,
+ Raw: [
+ ],
+ RawV2: [
+ ],
+ Redacted: "",
+ ExtraData: {
+ },
+ StructuredData: nil,
+ },
]
FAIL
FAIL github.com/trufflesecurity/trufflehog/v3/pkg/detectors/honeycomb 0.025s
FAIL
All HC API keys that I've ever created have been [0-9a-f]{32}, but it seems you updated to [0-9Aa-z-A-Z]{22}. Not sure if the length change was a mistake or you generated different looking keys than I.
For reference:
$ echo -n $HONEYCOMB | wc -c
32
Having the expanded char space still lets my tests pass, but the change in length now prevents the regex from matching the correct key
How are you generating these keys? The ones I've generated are 22 chars. Maybe it's an old token format?
Also, I made a few typos in the pattern, i've corrected it to be [0-9a-zA-Z]{22} but it has the same effect.
Alright, did some digging. As of the HC Classic Update on June 15th, the API keys switched from being [0-9a-f]{32} -> [0-9a-zA-Z]{22}.
For reference I have both a an older "classic" as well as a newer "environment" HC account. The API keys I used to test are from the old account, but my newer account's keys are all of length 22.
I feel the best option would be to include both formats, thoughts?
@dustin-decker I can put together another PR. I'd assume a lot of older api keys are still being used, so I think it's best to include both into \b([0-9a-f]{32}|[0-9a-zA-Z]{22})\b. Thoughts?
Yeah, let’s support both. Thanks for digging into that! PR would be appreciated.
On Tue, Aug 30, 2022 at 12:12 PM Max Thomson @.***> wrote:
@dustin-decker https://github.com/dustin-decker I can put together another PR. I'd assume a lot of older api keys are still being used, so I think it's best to include both into \b([0-9a-f]{32}|[0-9a-zA-Z]{22})\b. Thoughts?
— Reply to this email directly, view it on GitHub https://github.com/trufflesecurity/trufflehog/pull/687#issuecomment-1232061136, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABOAQOBOOXUX35OU27WMD5TV3ZMJTANCNFSM55MY3UXA . You are receiving this because you were mentioned.Message ID: @.***>