GO-2024-3076: Trufflehog vulnerable to Blind SSRF in some Detectors in github.com/trufflesecurity/trufflehog

gitlab

package

v3.80.2 Latest Latest Go to latest Published: Jul 25, 2024 License: AGPL-3.0 Imports: 11 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/trufflesecurity/trufflehog

Links

Open Source Insights

Documentation ¶

Index ¶

func AnalyzePermissions(cfg *config.Config, key string)
type AcessTokenJSON
type ErrorJSON
type MetadataJSON
type ProjectsJSON

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AnalyzePermissions ¶

func AnalyzePermissions(cfg *config.Config, key string)

Types ¶

type AcessTokenJSON ¶

type AcessTokenJSON struct {
	Name       string   `json:"name"`
	Revoked    bool     `json:"revoked"`
	CreatedAt  string   `json:"created_at"`
	Scopes     []string `json:"scopes"`
	LastUsedAt string   `json:"last_used_at"`
	ExpiresAt  string   `json:"expires_at"`
}

type ErrorJSON ¶

type ErrorJSON struct {
	Error string `json:"error"`
	Scope string `json:"scope"`
}

type MetadataJSON ¶

type MetadataJSON struct {
	Version    string `json:"version"`
	Enterprise bool   `json:"enterprise"`
}

type ProjectsJSON ¶

type ProjectsJSON struct {
	NameWithNamespace string `json:"name_with_namespace"`
	Permissions       struct {
		ProjectAccess struct {
			AccessLevel int `json:"access_level"`
		} `json:"project_access"`
	} `json:"permissions"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL