updating doppler logic (#2329)

* updating doppler logic * added json response struct
trufflesecurity · Jan 24, 2024 · 792266a · 792266a
1 parent 47c6539
commit 792266a
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 4 deletions.
diff --git a/pkg/detectors/doppler/doppler.go b/pkg/detectors/doppler/doppler.go
@@ -2,6 +2,8 @@ package doppler
 
 import (
 	"context"
+	"encoding/json"
+	"fmt"
 	regexp "github.com/wasilibs/go-re2"
 	"net/http"
 	"strings"
@@ -11,6 +13,14 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
 )
 
+type response struct {
+	Name      string `json:"name"`
+	Type      string `json:"type"`
+	Workplace struct {
+		Name string `json:"name"`
+	} `json:"workplace"`
+}
+
 type Scanner struct{}
 
 // Ensure the Scanner satisfies the interface at compile time.
@@ -20,13 +30,21 @@ var (
 	client = common.SaneHttpClient()
 
 	// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
-	keyPat = regexp.MustCompile(`\b(dp\.pt\.[a-zA-Z0-9]{43})\b`)
+	//keyPat = regexp.MustCompile(`\b(dp\.pt\.[a-zA-Z0-9]{43})\b`)
+	keyPat = regexp.MustCompile(`\b(dp\.(?:ct|pt|st(?:\.[a-z0-9\-_]{2,35})?|sa|scim|audit)\.[a-zA-Z0-9]{40,44})\b`)
 )
 
 // Keywords are used for efficiently pre-filtering chunks.
 // Use identifiers in the secret preferably, or the provider name.
 func (s Scanner) Keywords() []string {
-	return []string{"dp.pt."}
+	return []string{
+		"dp.ct.",
+		"dp.pt.",
+		"dp.st",
+		"dp.sa.",
+		"dp.scim.",
+		"dp.audit.",
+	}
 }
 
 // FromData will find and optionally verify Doppler secrets in a given set of bytes.
@@ -44,20 +62,32 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		s1 := detectors.Result{
 			DetectorType: detectorspb.DetectorType_Doppler,
 			Raw:          []byte(resMatch),
+			ExtraData:    map[string]string{},
 		}
 
 		if verify {
-			req, err := http.NewRequestWithContext(ctx, "GET", "https://api.doppler.com/v3/workplace", nil)
+			req, err := http.NewRequestWithContext(ctx, "GET", "https://api.doppler.com/v3/me", nil)
 			if err != nil {
 				continue
 			}
 			req.Header.Add("Accept", "application/json")
-			req.SetBasicAuth(resMatch, "")
+			req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
 			res, err := client.Do(req)
 			if err == nil {
 				defer res.Body.Close()
 				if res.StatusCode >= 200 && res.StatusCode < 300 {
 					s1.Verified = true
+					var r response
+					if err := json.NewDecoder(res.Body).Decode(&r); err != nil {
+						s1.SetVerificationError(err, resMatch)
+						continue
+					}
+					if r.Type != "" {
+						s1.ExtraData["key type"] = r.Type
+					}
+					if r.Workplace.Name != "" {
+						s1.ExtraData["workplace"] = r.Workplace.Name
+					}
 				} else {
 					// This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key.
 					if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {

diff --git a/pkg/detectors/doppler/doppler_test.go b/pkg/detectors/doppler/doppler_test.go
@@ -50,6 +50,10 @@ func TestDoppler_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Doppler,
 					Verified:     true,
+					ExtraData: map[string]string{
+						"key type":  "personal",
+						"workplace": "test",
+					},
 				},
 			},
 			wantErr: false,