From 78b3fbdc142ef866f0adbe302ee8f1318ff1e123 Mon Sep 17 00:00:00 2001 From: Dustin Decker Date: Thu, 7 Jul 2022 15:05:00 -0700 Subject: [PATCH] Disable sentiment verifier and update teams webhook to avoid being stateful --- pkg/detectors/microsoftteamswebhook/microsoftteamswebhook.go | 4 ++-- pkg/engine/defaults.go | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/pkg/detectors/microsoftteamswebhook/microsoftteamswebhook.go b/pkg/detectors/microsoftteamswebhook/microsoftteamswebhook.go index 416b140ce79a..76ef21c7400e 100644 --- a/pkg/detectors/microsoftteamswebhook/microsoftteamswebhook.go +++ b/pkg/detectors/microsoftteamswebhook/microsoftteamswebhook.go @@ -47,7 +47,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result Raw: []byte(resMatch), } if verify { - payload := strings.NewReader(`{'text':'This is a verification message from TruffleHog. It means that there has been a live webhook credential found.'}`) + payload := strings.NewReader(`{'text':''}`) req, err := http.NewRequestWithContext(ctx, "POST", resMatch, payload) if err != nil { continue @@ -58,7 +58,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result body, err := io.ReadAll(res.Body) res.Body.Close() if err == nil { - if res.StatusCode >= 200 && string(body) == "1" { + if res.StatusCode >= 200 && strings.Contains(string(body), "Text is required") { s1.Verified = true } } diff --git a/pkg/engine/defaults.go b/pkg/engine/defaults.go index d97c0e593de8..c763c318556a 100644 --- a/pkg/engine/defaults.go +++ b/pkg/engine/defaults.go @@ -527,7 +527,6 @@ import ( "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/sendbirdorganizationapi" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/sendgrid" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/sendinbluev2" - "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/sentiment" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/sentrytoken" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/serphouse" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/serpstack" @@ -1184,7 +1183,7 @@ func DefaultDetectors() []detectors.Detector { blitapp.Scanner{}, restpackhtmltopdfapi.Scanner{}, webscraping.Scanner{}, - sentiment.Scanner{}, + // sentiment.Scanner{}, geoapify.Scanner{}, dfuse.Scanner{}, gitter.Scanner{},