trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

[request] Add PyMySQL connection object detector

Open bugbaba opened this issue 3 years ago • 4 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hello Team :)

Currently the truffleHog is not having any detector for PyMySQL connection object. Its a famouse python library to connect with mysql database.

Problem to be Addressed

PyMySQL connection objection not detected by trufflehog.

Description of the Preferred Solution

Add a detector to detect PyMySQL connection object in the code. We should look for pymysql.connect(.*) in th code and then parse the host, username, password to verify the credentials.

Additional Context

Basic regex which can be used for detection part : https://regex101.com/r/nMcIUK/1

References

Official PyMySQL documentation: https://pymysql.readthedocs.io/en/latest/index.html

-- Regards, @bugbaba

bugbaba avatar Oct 03 '22 12:10 bugbaba