Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google maps API key is not detected #3970

Open
williamdes opened this issue Mar 10, 2025 · 3 comments
Open

Google maps API key is not detected #3970

williamdes opened this issue Mar 10, 2025 · 3 comments
Labels
enhancement pkg/detectors PRs and Issues related to the `detectors` package

Comments

@williamdes
Copy link

williamdes commented Mar 10, 2025
edited
Loading

Please review the Community Note before submitting

TruffleHog Version

3.88.15

Trace Output

2025-03-10T11:40:25+01:00	info-2	trufflehog	trufflehog 3.88.15
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

2025-03-10T11:40:25+01:00	info-4	trufflehog	default engine options set
2025-03-10T11:40:25+01:00	info-4	trufflehog	engine initialized
2025-03-10T11:40:25+01:00	info-4	trufflehog	setting up aho-corasick core
2025-03-10T11:40:25+01:00	info-4	trufflehog	set up aho-corasick core
2025-03-10T11:40:25+01:00	info-2	trufflehog	starting scanner workers	{"count": 12}
2025-03-10T11:40:25+01:00	info-2	trufflehog	starting detector workers	{"count": 96}
2025-03-10T11:40:25+01:00	info-2	trufflehog	starting verificationOverlap workers	{"count": 12}
2025-03-10T11:40:25+01:00	info-2	trufflehog	starting notifier workers	{"count": 12}
2025-03-10T11:40:25+01:00	info-0	trufflehog	running source	{"source_manager_worker_id": "qUMWK", "with_units": true}
2025-03-10T11:40:25+01:00	info-2	trufflehog	enumerating source	{"source_manager_worker_id": "qUMWK"}
2025-03-10T11:40:25+01:00	info-3	trufflehog	chunking unit	{"source_manager_worker_id": "qUMWK", "unit_kind": "unit", "unit": "/tmp/test/index.html"}
2025-03-10T11:40:25+01:00	info-3	trufflehog	scanning file	{"source_manager_worker_id": "qUMWK", "unit_kind": "unit", "unit": "/tmp/test/index.html", "path": "/tmp/test/index.html"}
2025-03-10T11:40:25+01:00	info-5	trufflehog	dataErrChan closed, all chunks processed	{"source_manager_worker_id": "qUMWK", "unit_kind": "unit", "unit": "/tmp/test/index.html", "path": "/tmp/test/index.html", "mime": "text/html; charset=utf-8", "timeout": 60}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "iPi02"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "MJ5Mj"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "ArJX1"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "KiLj4"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "gZEe0"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "IIoTZ"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "rPXj2"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "ulfh8"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "RtSgD"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "TmgqT"}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "dpaGQ"}
2025-03-10T11:40:25+01:00	info-5	trufflehog	decoder not applicable for chunk	{"scanner_worker_id": "ze7Fv", "decoder": "BASE64", "chunk": {"Data":"PCFkb2N0eXBlIGh0bWw+CjxodG1sIGxhbmc9ImZyIj4KICAgIDxib2R5PgogICAgICAgIDwhLS0gR29vZ2xlIHBsYWNlcyAtLT4KICAgICAgICA8c2NyaXB0CiAgICAgICAgICAgIGRlZmVyCiAgICAgICAgICAgIHNyYz0iaHR0cHM6Ly9tYXBzLmdvb2dsZWFwaXMuY29tL21hcHMvYXBpL2pzP2tleT1BSXphU3lBREdaUXV4STZodFh1OWkzTUpaUFpDNGIyUVJMOFZvT28mbGlicmFyaWVzPXBsYWNlcyZjYWxsYmFjaz1pbml0TWFwIgogICAgICAgID48L3NjcmlwdD4KICAgIDwvYm9keT4KPC9odG1sPgo=","SourceName":"trufflehog - filesystem","SourceID":1,"JobID":1,"SecretID":0,"SourceMetadata":{"Data":{"Filesystem":{"file":"/tmp/test/index.html"}}},"SourceType":15,"Verify":false}}
2025-03-10T11:40:25+01:00	info-5	trufflehog	decoder not applicable for chunk	{"scanner_worker_id": "ze7Fv", "decoder": "UTF16", "chunk": {"Data":"PCFkb2N0eXBlIGh0bWw+CjxodG1sIGxhbmc9ImZyIj4KICAgIDxib2R5PgogICAgICAgIDwhLS0gR29vZ2xlIHBsYWNlcyAtLT4KICAgICAgICA8c2NyaXB0CiAgICAgICAgICAgIGRlZmVyCiAgICAgICAgICAgIHNyYz0iaHR0cHM6Ly9tYXBzLmdvb2dsZWFwaXMuY29tL21hcHMvYXBpL2pzP2tleT1BSXphU3lBREdaUXV4STZodFh1OWkzTUpaUFpDNGIyUVJMOFZvT28mbGlicmFyaWVzPXBsYWNlcyZjYWxsYmFjaz1pbml0TWFwIgogICAgICAgID48L3NjcmlwdD4KICAgIDwvYm9keT4KPC9odG1sPgo=","SourceName":"trufflehog - filesystem","SourceID":1,"JobID":1,"SecretID":0,"SourceMetadata":{"Data":{"Filesystem":{"file":"/tmp/test/index.html"}}},"SourceType":15,"Verify":false}}
2025-03-10T11:40:25+01:00	info-5	trufflehog	decoder not applicable for chunk	{"scanner_worker_id": "ze7Fv", "decoder": "ESCAPED_UNICODE", "chunk": {"Data":"PCFkb2N0eXBlIGh0bWw+CjxodG1sIGxhbmc9ImZyIj4KICAgIDxib2R5PgogICAgICAgIDwhLS0gR29vZ2xlIHBsYWNlcyAtLT4KICAgICAgICA8c2NyaXB0CiAgICAgICAgICAgIGRlZmVyCiAgICAgICAgICAgIHNyYz0iaHR0cHM6Ly9tYXBzLmdvb2dsZWFwaXMuY29tL21hcHMvYXBpL2pzP2tleT1BSXphU3lBREdaUXV4STZodFh1OWkzTUpaUFpDNGIyUVJMOFZvT28mbGlicmFyaWVzPXBsYWNlcyZjYWxsYmFjaz1pbml0TWFwIgogICAgICAgID48L3NjcmlwdD4KICAgIDwvYm9keT4KPC9odG1sPgo=","SourceName":"trufflehog - filesystem","SourceID":1,"JobID":1,"SecretID":0,"SourceMetadata":{"Data":{"Filesystem":{"file":"/tmp/test/index.html"}}},"SourceType":15,"Verify":false}}
2025-03-10T11:40:25+01:00	info-4	trufflehog	finished scanning chunks	{"scanner_worker_id": "ze7Fv"}
2025-03-10T11:40:25+01:00	info-0	trufflehog	finished scanning	{"chunks": 1, "bytes": 284, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "1.727781ms", "trufflehog_version": "3.88.15", "verification_caching": {"Hits":0,"Misses":0,"HitsWasted":0,"AttemptsSaved":0,"VerificationTimeSpentMS":0}}

Expected Behavior

Detect the Google Maps JS key, it could have much more API access than it should.
Key was a bit redacted, any user with enough ressources can find it on the web archive.

Actual Behavior

No key found

Steps to Reproduce

  • Create a folder
  • Add index.html
<!doctype html>
<html lang="fr">
    <body>
        <!-- Google places -->
        <script
            defer
            src="https://maps.googleapis.com/maps/api/js?key=AIzaSyADGZQuxI6htXu9i3MJZPZC4b2QRL8VoOo&libraries=places&callback=initMap"
        ></script>
    </body>
</html>

Environment

  • OS: Debian
  • Version: 12

Additional Context

References
@williamdes williamdes added the bug label Mar 10, 2025
@kashifkhan0771
Copy link
Contributor

kashifkhan0771 commented Mar 11, 2025
edited
Loading

Trufflehog at the moment does not have GoogleMaps APIKey detector.

Ticket OSS-135 is created for this.

@kashifkhan0771 kashifkhan0771 added enhancement pkg/detectors PRs and Issues related to the `detectors` package and removed bug labels Mar 11, 2025
@williamdes
Copy link
Author

Trufflehog at the moment does not have GoogleMaps APIKey detector.

Ticket OSS-135 is created for this.

Where can I find the referenced ticket?
I the code base difficult or could you point me to the folder where I can try to implement it?

@kashifkhan0771
Copy link
Contributor

The ticket is on our private JIRA board. If you're familiar with Go, adding a new detector should be straightforward.

📄 Documentation: Adding a New Detector
🔍 Reference PR: Example Detector Implementation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement pkg/detectors PRs and Issues related to the `detectors` package
Milestone
No milestone
Development

No branches or pull requests
2 participants
@williamdes @kashifkhan0771