Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: added correct api endpoint for verification & logic for Aeroworkflow #3435

Merged
merged 3 commits into from
Oct 24, 2024
Merged

fix: added correct api endpoint for verification & logic for Aeroworkflow #3435

merged 3 commits into from
Oct 24, 2024

Conversation

sahil9001
Copy link
Contributor

@sahil9001 sahil9001 commented Oct 16, 2024
edited
Loading

Description:

Fixes #3434 .

API Endpoint Correction:

  • Current: The detector uses /api/{accountid}/v1/AeroAppointments for verification.
  • Issue: This endpoint is not appropriate as it might involve COGs.
  • Fix: Update to use /api/{accountid}/me, which aligns with other detector patterns.
  • Reference: https://api.aeroworkflow.com/swagger/index.html

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@sahil9001
Copy link
Contributor Author

@rgmz

@sahil9001 sahil9001 changed the title fix: added correct api endpoint for verification fix: added correct api endpoint for verification & logic for Aeroworkflow Oct 17, 2024
@sahil9001 sahil9001 mentioned this pull request Oct 17, 2024
Closed
2 tasks
@zricethezav
Copy link
Collaborator

Issue: This endpoint is not appropriate as it might involve COGs.

Can you elaborate on this? I'm not familiar with COGs

@sahil9001
Copy link
Contributor Author

sahil9001 commented Oct 18, 2024
edited
Loading

Issue: This endpoint is not appropriate as it might involve COGs.

Can you elaborate on this? I'm not familiar with COGs

In this scenario, "COGs" is referring to sensitive or privileged information related to customer-owned items or data. The concern seems to be that the current endpoint (/api/{accountid}/v1/AeroAppointments) might be accessing or exposing information about customer-owned goods or property, which could be a privacy or security issue.

By switching to the /api/{accountid}/me endpoint, the system would likely be accessing only user-specific information rather than potentially sensitive customer-owned data. This change aligns better with standard practices for user verification and reduces the risk of inappropriately handling customer-owned information.

zricethezav
zricethezav approved these changes Oct 24, 2024
View reviewed changes
Copy link
Collaborator

@zricethezav zricethezav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixes the regex, approved.

@zricethezav zricethezav merged commit 1aa1871 into trufflesecurity:main Oct 24, 2024
13 checks passed
@blsaccess blsaccess mentioned this pull request Oct 25, 2024
Merged
abmussani added a commit to abmussani/trufflehog that referenced this pull request Oct 30, 2024
@abmussani
Merge branch 'main' into impl-data-model-gitlab
3860259 
* main: (76 commits)
  update aws descriptions (trufflesecurity#3529)
  enforce timeout on circleci test (trufflesecurity#3528)
  rm snifftest (trufflesecurity#3527)
  Redact more source credentials (trufflesecurity#3526)
  Create global log redaction capability (trufflesecurity#3522)
  Adding basic "what is trufflehog" to the readme (trufflesecurity#3514)
  Handle custom detector response and include in extra data (trufflesecurity#3411)
  fix: fixed validation logic for `calendarific` (trufflesecurity#3480)
  fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (trufflesecurity#3518)
  Move DecoderType into ResultWithMetadata trufflesecurity#3502
  Addeded 403 account block status code handling for gitlab (trufflesecurity#3471)
  updated gcpapplicationdefaultcredentials detector results with RawV2 (trufflesecurity#3499)
  fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (trufflesecurity#3512)
  fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (trufflesecurity#3510)
  fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (trufflesecurity#3498)
  Adds a logging section in the contributing guidelines (trufflesecurity#3509)
  fix: fixed verifcation pattern logic for `bulksms` (trufflesecurity#3478)
  Extend `algoliaadminkey` with additional checks (trufflesecurity#3459)
  fix(deps): update module google.golang.org/api to v0.203.0 (trufflesecurity#3497)
  fix: added correct api endpoint for verification & logic for Aeroworkflow (trufflesecurity#3435)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zricethezav zricethezav zricethezav approved these changes

Assignees
No one assigned
Labels
hacktoberfest-2024
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Issue with correct endpoint & pattern detection in AeroWorkFlow
2 participants
@sahil9001 @zricethezav