Skip to content

[Detector] rippling detector for phrase api tokens#4348

Merged
shahzadhaider1 merged 20 commits into
trufflesecurity:mainfrom
SyedAliHamad:OSS-264-rippling-detector-for-phrase-api-tokens
Aug 18, 2025
Merged

[Detector] rippling detector for phrase api tokens#4348
shahzadhaider1 merged 20 commits into
trufflesecurity:mainfrom
SyedAliHamad:OSS-264-rippling-detector-for-phrase-api-tokens

Conversation

@SyedAliHamad

@SyedAliHamad SyedAliHamad commented Jul 28, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Description:

This PR adds a Detector for phase OAuth API token.

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@SyedAliHamad

SyedAliHamad commented Jul 28, 2025
edited
Loading

Copy link
Copy Markdown
Contributor Author

This PR introduces a new detector for Phrase Access Tokens.

Detection Strategy:

  • Keyword Filtering: Efficiently scans for "phrase" keywords to identify relevant data chunks
  • Pattern Matching: Uses regex to find 64-character hexadecimal tokens, typically prefixed with "phrase"
  • Deduplication: Ensures each unique token is tested only once to prevent redundant API calls

Verification:
Live API Testing: Validates tokens against Phrase's /v2/projects endpoint. Uses the required Authorization: token header format

Response Handling:
200 OK: Token is valid and active
401/403: Token is invalid or expired
Other statuses: Reported as verification errors

Testing:
Includes comprehensive tests covering pattern matching, live API verification with both active and inactive tokens and edge cases.

@SyedAliHamad SyedAliHamad marked this pull request as ready for review July 28, 2025 15:09
@SyedAliHamad SyedAliHamad requested a review from a team July 28, 2025 15:09
@SyedAliHamad SyedAliHamad requested review from a team as code owners July 28, 2025 15:09
amanfcp
amanfcp requested changes Jul 29, 2025
View reviewed changes
Comment thread pkg/detectors/phraseaccesstoken/phraseaccesstoken.go Outdated
Comment thread pkg/detectors/phraseaccesstoken/phraseaccesstoken.go Outdated
@amanfcp amanfcp changed the title Oss 264 rippling detector for phrase api tokens [Detector] rippling detector for phrase api tokens Jul 29, 2025
@shahzadhaider1

shahzadhaider1 commented Jul 30, 2025

Copy link
Copy Markdown
Contributor

I can't see pkg/engine/defaults/defaults.go being updated in this PR. Why is that?
Also, please resolve the conflicts.

@SyedAliHamad SyedAliHamad requested a review from amanfcp August 1, 2025 18:30
shahzadhaider1
shahzadhaider1 reviewed Aug 6, 2025
View reviewed changes
Comment thread pkg/detectors/phraseaccesstoken/phraseaccesstoken.go Outdated
Comment thread pkg/detectors/phraseaccesstoken/phraseaccesstoken_test.go Outdated
@SyedAliHamad SyedAliHamad force-pushed the OSS-264-rippling-detector-for-phrase-api-tokens branch from 4ace578 to cb69a01 Compare August 6, 2025 09:15
kashifkhan0771
kashifkhan0771 approved these changes Aug 13, 2025
View reviewed changes

@kashifkhan0771 kashifkhan0771 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Good Work on pattern test cases ❤️

Just one small non-blocking suggestion

Comment thread pkg/detectors/phraseaccesstoken/phraseaccesstoken.go Outdated
Comment on lines +39 to +49
var tokens []string
matches := keyPat.FindAllStringSubmatch(dataStr, -1)

for _, match := range matches {
token := match[1]

if !slices.Contains(tokens, token) {
tokens = append(tokens, token)
}
}

@kashifkhan0771 kashifkhan0771 Aug 13, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
var tokens []string
matches := keyPat.FindAllStringSubmatch(dataStr, -1)
for _, match := range matches {
token := match[1]
if !slices.Contains(tokens, token) {
tokens = append(tokens, token)
}
}
var tokens = make(map[string]struct{})
for _, match := range keyPat.FindAllStringSubmatch(dataStr, -1) {
tokens[match[1]] = struct{}{}
}

@shahzadhaider1 shahzadhaider1 Aug 18, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed

@shahzadhaider1 shahzadhaider1 merged commit ab685b0 into trufflesecurity:main Aug 18, 2025
13 checks passed
@blsaccess blsaccess mentioned this pull request Sep 5, 2025
Merged
peterfraedrich pushed a commit to peterfraedrich/trufflehog that referenced this pull request Mar 15, 2026
@SyedAliHamad @amanfcp
@kashifkhan0771 @shahzadhaider1 @peterfraedrich
[Detector] rippling detector for phrase api tokens (trufflesecurity#4348
fea56a7 
)

* add detector for phase OAuth Access Token

* update test cases for phrase AccessTokens

* update integration tests for phrase access token

* resolve comments

* add detector scanner in engine

* resolve comments

* update test cases

* addressed comment about the deduplication of tokens

---------

Co-authored-by: Amaan Ullah <aman.ullah.jalal@trufflesec.com>
Co-authored-by: Kashif Khan <70996046+kashifkhan0771@users.noreply.github.com>
Co-authored-by: Shahzad Haider <76992801+shahzadhaider1@users.noreply.github.com>
Co-authored-by: Shahzad Haider <shahzadhaider.se@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shahzadhaider1 shahzadhaider1 shahzadhaider1 approved these changes

@amanfcp amanfcp amanfcp approved these changes

@kashifkhan0771 kashifkhan0771 kashifkhan0771 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@SyedAliHamad @shahzadhaider1 @amanfcp @kashifkhan0771