mirror of
https://github.com/trufflesecurity/trufflehog.git
synced 2026-05-16 13:20:35 +00:00
Casey Tran
47e7b7cd74
We want to move the detector types out of the Scanning team purview. So I split off detector types into its own proto file (so that file detector_type.proto can be owned by the Integrations team), regenerated the pb files with "make protos", and made the detector files use the new generated detector_type.pb.go. Included the new detector_type.proto file in CODEOWNERS and made CODEOWNERS categories that contain larger teams be towards the top so that more fine grained ownership is filtered properly.
97 lines
2.7 KiB
Go
97 lines
2.7 KiB
Go
package zipcodebase
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"strings"
|
|
|
|
regexp "github.com/wasilibs/go-re2"
|
|
|
|
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
|
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
|
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
|
|
)
|
|
|
|
type Scanner struct{}
|
|
|
|
// Ensure the Scanner satisfies the interface at compile time
|
|
var _ detectors.Detector = (*Scanner)(nil)
|
|
|
|
var (
|
|
client = common.SaneHttpClient()
|
|
|
|
// Make sure that your group is surrounded in boundary characters such as below to reduce false positives
|
|
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"zipcodebase"}) + `\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b`)
|
|
)
|
|
|
|
// Keywords are used for efficiently pre-filtering chunks.
|
|
// Use identifiers in the secret preferably, or the provider name.
|
|
func (s Scanner) Keywords() []string {
|
|
return []string{"zipcodebase"}
|
|
}
|
|
|
|
// FromData will find and optionally verify Zipcodebase secrets in a given set of bytes.
|
|
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
|
|
dataStr := string(data)
|
|
|
|
matches := keyPat.FindAllStringSubmatch(dataStr, -1)
|
|
|
|
for _, match := range matches {
|
|
resMatch := strings.TrimSpace(match[1])
|
|
|
|
s1 := detectors.Result{
|
|
DetectorType: detector_typepb.DetectorType_Zipcodebase,
|
|
Raw: []byte(resMatch),
|
|
}
|
|
|
|
if verify {
|
|
isVerified, verificationErr := verifyZipCodeBaseKey(ctx, client, resMatch)
|
|
s1.Verified = isVerified
|
|
s1.SetVerificationError(verificationErr)
|
|
}
|
|
|
|
results = append(results, s1)
|
|
}
|
|
|
|
return results, nil
|
|
}
|
|
|
|
func (s Scanner) Type() detector_typepb.DetectorType {
|
|
return detector_typepb.DetectorType_Zipcodebase
|
|
}
|
|
|
|
func (s Scanner) Description() string {
|
|
return "Zipcodebase is a service that provides access to a database of postal codes. The API keys can be used to query this database for information related to postal codes."
|
|
}
|
|
|
|
func verifyZipCodeBaseKey(ctx context.Context, client *http.Client, key string) (bool, error) {
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://app.zipcodebase.com/api/v1/search?codes=10005,10006", http.NoBody)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
req.Header.Add("Accept", "application/vnd.zipcodebase+json; version=3")
|
|
req.Header.Add("apikey", key)
|
|
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
defer func() {
|
|
_, _ = io.Copy(io.Discard, resp.Body)
|
|
_ = resp.Body.Close()
|
|
}()
|
|
|
|
switch resp.StatusCode {
|
|
case http.StatusOK:
|
|
return true, nil
|
|
case http.StatusUnauthorized, http.StatusForbidden:
|
|
return false, nil
|
|
default:
|
|
return false, fmt.Errorf("unexpected status code: %d", resp.StatusCode)
|
|
}
|
|
}
|