Skip to content

[Update] Dovico Detector Updated #4290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 23, 2025
Merged

[Update] Dovico Detector Updated #4290

merged 7 commits into from
Jul 23, 2025

Conversation

nabeelalam
Copy link
Contributor

Description:

The ID and secret patterns are the same. This update adds a check to avoid verification of identical credential pairs.
Also removes duplicate credentials and adds indeterminate verification errors in results.

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@nabeelalam nabeelalam self-assigned this Jul 3, 2025
@nabeelalam nabeelalam requested a review from a team as a code owner July 3, 2025 17:20
abmussani
abmussani reviewed Jul 7, 2025
View reviewed changes
pkg/detectors/dovico/dovico.go

s1 := detectors.Result{
DetectorType: detectorspb.DetectorType_Dovico,
Raw: []byte(resMatch),
Raw: []byte(key),
Copy link
Contributor

@abmussani abmussani Jul 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't RAW contain both key + userkey ? or may be set RawV2 for both keys? Otherwise, it will be difficult to find which combination worked.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could changing the Raw value have an impact on existing usage of this detector? Same question about adding a RawV2 value?
I can make those updates if this is a safe option.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

umm.... Considering only OSS, I could not think of any impact. @trufflesteeeve what are your thoughts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@abmussani I added a RawV2 value

kashifkhan0771
kashifkhan0771 approved these changes Jul 7, 2025
View reviewed changes
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from @abmussani comment - It looks good to me

@nabeelalam nabeelalam merged commit a05cf08 into trufflesecurity:main Jul 23, 2025
13 checks passed
@blsaccess blsaccess mentioned this pull request Jul 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abmussani abmussani abmussani approved these changes

@kashifkhan0771 kashifkhan0771 kashifkhan0771 approved these changes

@shahzadhaider1 shahzadhaider1 shahzadhaider1 approved these changes

Assignees

@nabeelalam nabeelalam

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nabeelalam @abmussani @kashifkhan0771 @shahzadhaider1