From 34059d51b0b8ca2b34933ca904f956049fab9262 Mon Sep 17 00:00:00 2001 From: Nabeel Alam Date: Fri, 1 Nov 2024 15:43:57 +0500 Subject: [PATCH] added zohocrm scanner in defaults.go, updated zohocrm verification endpoint --- pkg/detectors/zohocrm/zohocrm.go | 7 ++----- pkg/detectors/zohocrm/zohocrm_integration_test.go | 6 ++++++ pkg/engine/defaults.go | 2 ++ 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/pkg/detectors/zohocrm/zohocrm.go b/pkg/detectors/zohocrm/zohocrm.go index 23eed6b5aaba..66f32e6ef3bc 100644 --- a/pkg/detectors/zohocrm/zohocrm.go +++ b/pkg/detectors/zohocrm/zohocrm.go @@ -19,10 +19,7 @@ type Scanner struct { } type UnauthorizedResponseBody struct { - Code string `json:"code"` - Details map[string]interface{} `json:"details"` - Message string `json:"message"` - Status string `json:"status"` + Code string `json:"code"` } // Ensure the Scanner satisfies the interface at compile time. @@ -74,7 +71,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result // Verifies the Zoho CRM API key by making an HTTP request to the Zoho CRM API. func verifyMatch(ctx context.Context, client *http.Client, token string) (bool, error) { - endpoint := "https://www.zohoapis.com/crm/v2/Leads" + endpoint := "https://www.zohoapis.com/crm/v7/Leads?fields=Email&per_page=1" req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil) if err != nil { diff --git a/pkg/detectors/zohocrm/zohocrm_integration_test.go b/pkg/detectors/zohocrm/zohocrm_integration_test.go index 6c5b509201d7..e9e960a1afdc 100644 --- a/pkg/detectors/zohocrm/zohocrm_integration_test.go +++ b/pkg/detectors/zohocrm/zohocrm_integration_test.go @@ -17,6 +17,12 @@ import ( "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" ) +// TestZohocrm_FromChunk verifies the validity of a ZohoCRM access token +// Note: The token validity test relies on an access token stored in the GCP secret manager. +// Since Zoho CRM tokens expire after 60 minutes, this test will eventually fail once the token becomes invalid. +// The official guide linked below can be followed in order to generate a new valid access token: +// https://www.zoho.com/accounts/protocol/oauth/self-client/authorization-code-flow.html + func TestZohocrm_FromChunk(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) defer cancel() diff --git a/pkg/engine/defaults.go b/pkg/engine/defaults.go index 443378418844..03fcca70e43b 100644 --- a/pkg/engine/defaults.go +++ b/pkg/engine/defaults.go @@ -805,6 +805,7 @@ import ( "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/zipbooks" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/zipcodeapi" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/zipcodebase" + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/zohocrm" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/zonkafeedback" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/zulipchat" "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" @@ -1644,6 +1645,7 @@ func DefaultDetectors() []detectors.Detector { apimetrics.Scanner{}, captainDataV1.Scanner{}, captainDataV2.Scanner{}, + zohocrm.Scanner{}, } // Automatically initialize all detectors that implement