Skip to content

Commit af52046

Browse files
Fix Confluence server/datacenter authentication
1 parent 6d4368b commit af52046

3 files changed

Lines changed: 32 additions & 32 deletions

File tree

README.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -236,13 +236,13 @@ FLAGS:
236236
237237
OPTIONS:
238238
-a, --allowlist <ALLOWLIST> Sets a custom allowlist JSON file
239-
--authtoken <BEARERTOKEN> Confluence basic auth bearer token (instead of user & pass)
239+
--authtoken <BEARERTOKEN> Confluence basic auth bearer token containing a PAT (instead of user & pass)
240240
241241
--default_entropy_threshold <DEFAULT_ENTROPY_THRESHOLD> Default entropy threshold (0.6 by default)
242242
-o, --outputfile <OUTPUT> Sets the path to write the scanner results to (stdout by default)
243-
--password <PASSWORD> Confluence password (crafts basic auth header)
243+
--password <PASSWORD> Confluence password or PAT (crafts basic auth header)
244244
--regex <REGEX> Sets a custom regex JSON file
245-
--username <USERNAME> Confluence username (crafts basic auth header)
245+
--username <USERNAME> Confluence username or email address (crafts basic auth header)
246246
247247
ARGS:
248248
<PAGEID> The ID (e.g. 1234) of the confluence page you want to scan
@@ -266,13 +266,13 @@ FLAGS:
266266
267267
OPTIONS:
268268
-a, --allowlist <ALLOWLIST> Sets a custom allowlist JSON file
269-
--authtoken <BEARERTOKEN> Jira basic auth bearer token (instead of user & pass)
269+
--authtoken <BEARERTOKEN> Jira basic auth bearer token containing a PAT (instead of user & pass)
270270
--default_entropy_threshold <DEFAULT_ENTROPY_THRESHOLD> Default entropy threshold (0.6 by default)
271271
--url <JIRAURL> Base URL of JIRA instance (e.g. https://jira.atlassian.net/)
272272
-o, --outputfile <OUTPUT> Sets the path to write the scanner results to (stdout by default)
273-
--password <PASSWORD> Jira password (crafts basic auth header)
273+
--password <PASSWORD> Jira password or PAT (crafts basic auth header)
274274
--regex <REGEX> Sets a custom regex JSON file
275-
--username <USERNAME> Jira username (crafts basic auth header)
275+
--username <USERNAME> Jira username or email address (crafts basic auth header)
276276
277277
ARGS:
278278
<JIRAID> The ID (e.g. PROJECT-123) of the Jira issue you want to scan

src/bin/essex_hog.rs

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,11 @@
1313
//!
1414
//! OPTIONS:
1515
//! --default_entropy_threshold <DEFAULT_ENTROPY_THRESHOLD> Default entropy threshold (0.6 by default)
16-
//! --authtoken <BEARERTOKEN> Confluence basic auth bearer token (instead of user & pass)
16+
//! --authtoken <BEARERTOKEN> Confluence PAT (instead of user & pass, crafts basic auth header)
1717
//! -o, --outputfile <OUTPUT> Sets the path to write the scanner results to (stdout by default)
18-
//! --password <PASSWORD> Confluence password (crafts basic auth header)
18+
//! --password <PASSWORD> Confluence password or PAT (crafts basic auth header)
1919
//! --regex <REGEX> Sets a custom regex JSON file
20-
//! --username <USERNAME> Confluence username (crafts basic auth header)
20+
//! --username <USERNAME> Confluence username or email address (crafts basic auth header)
2121
//!
2222
//! ARGS:
2323
//! <PAGEID> The ID (e.g. 1234) of the confluence page you want to scan
@@ -73,9 +73,9 @@ pub struct ConfluencePage {
7373
/// Main entry function that uses the [clap crate](https://docs.rs/clap/2.33.0/clap/)
7474
#[tokio::main]
7575
async fn main() {
76-
let matches = clap_app!(gottingen_hog =>
76+
let matches = clap_app!(essex_hog =>
7777
(version: "1.0.11")
78-
(author: "Emily Cain <ecain@newrelic.com>, Scott Cutler")
78+
(author: "Emily Cain <ecain@newrelic.com>, Scott Cutler, Valentijn Scholten <valentijnscholten@gmail.com>")
7979
(about: "Confluence secret scanner in Rust.")
8080
(@arg REGEX: --regex +takes_value "Sets a custom regex JSON file")
8181
(@arg PAGEID: +required "The ID (e.g. 1234) of the confluence page you want to scan")
@@ -86,9 +86,9 @@ async fn main() {
8686
(@arg CASE: --caseinsensitive "Sets the case insensitive flag for all regexes")
8787
(@arg OUTPUT: -o --outputfile +takes_value "Sets the path to write the scanner results to (stdout by default)")
8888
(@arg PRETTYPRINT: --prettyprint "Outputs the JSON in human readable format")
89-
(@arg USERNAME: --username +takes_value conflicts_with[AUTHTOKEN] "Confluence username (crafts basic auth header)")
90-
(@arg PASSWORD: --password +takes_value conflicts_with[AUTHTOKEN] "Confluence password (crafts basic auth header)")
91-
(@arg BEARERTOKEN: --authtoken +takes_value conflicts_with[USERNAME PASSWORD] "Confluence basic auth bearer token (instead of user & pass)")
89+
(@arg USERNAME: --username +takes_value conflicts_with[AUTHTOKEN] "Confluence username or email for cloud (crafts basic auth header)")
90+
(@arg PASSWORD: --password +takes_value conflicts_with[AUTHTOKEN] "Confluence password or PAT for cloud (crafts basic auth header)")
91+
(@arg BEARERTOKEN: --authtoken +takes_value conflicts_with[USERNAME PASSWORD] "Confluence PAT (instead of user & pass, crafts basic auth header)")
9292
(@arg ALLOWLIST: -a --allowlist +takes_value "Sets a custom allowlist JSON file")
9393
)
9494
.get_matches();
@@ -107,9 +107,9 @@ async fn run<'b>(arg_matches: ArgMatches<'b>) -> Result<(), SimpleError> {
107107
let ssb = SecretScannerBuilder::new().conf_argm(&arg_matches);
108108
let secret_scanner = ssb.build();
109109

110-
let jirausername = arg_matches.value_of("USERNAME");
111-
let jirapassword = arg_matches.value_of("PASSWORD");
112-
let jiraauthtoken = arg_matches.value_of("BEARERTOKEN");
110+
let confluenceusername = arg_matches.value_of("USERNAME");
111+
let confluencepassword = arg_matches.value_of("PASSWORD");
112+
let confluenceauthtoken = arg_matches.value_of("BEARERTOKEN");
113113
let base_url_input = arg_matches
114114
.value_of("URL")
115115
.unwrap_or("https://confluence.atlassian.com")
@@ -125,18 +125,18 @@ async fn run<'b>(arg_matches: ArgMatches<'b>) -> Result<(), SimpleError> {
125125
let https = hyper_rustls::HttpsConnector::with_native_roots();
126126
let hyper_client: client::Client<_, hyper::Body> = client::Client::builder().build(https);
127127

128-
// TODO: Support other modes of JIRA authentication
129-
let auth_string = match jirausername {
130-
// craft auth header using username and password if present
128+
// TODO: Support other modes of Confluence authentication
129+
let auth_string = match confluenceusername {
130+
// craft auth header using username and password (or PAT) if present
131131
Some(u) => {
132132
format!(
133133
"Basic {}",
134-
base64::encode(format!("{}:{}", u, jirapassword.unwrap()))
134+
base64::encode(format!("{}:{}", u, confluencepassword.unwrap()))
135135
)
136136
}
137137
// otherwise use AUTHTOKEN to craft the auth header
138138
None => {
139-
format!("Bearer {}", jiraauthtoken.unwrap())
139+
format!("Bearer {}", confluenceauthtoken.unwrap())
140140
}
141141
};
142142

src/bin/gottingen_hog.rs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
//! Jira secret scanner in Rust.
1+
//! JIRA secret scanner in Rust.
22
//!
33
//! USAGE:
44
//! gottingen_hog [FLAGS] [OPTIONS] <JIRAID> --password <PASSWORD> --username <USERNAME>
@@ -13,11 +13,11 @@
1313
//!
1414
//! OPTIONS:
1515
//! --default_entropy_threshold <DEFAULT_ENTROPY_THRESHOLD> Default entropy threshold (0.6 by default)
16-
//! --url <JIRAURL>
17-
//! -o, --outputfile <OUTPUT> Sets the path to write the scanner results to (stdout by default)
18-
//! --password <PASSWORD> Jira password (or API token)
19-
//! --regex <REGEX> Sets a custom regex JSON file
20-
//! --username <USERNAME> Jira username
16+
//! --authtoken <BEARERTOKEN> JIRA PAT (instead of user & pass, crafts basic auth header)
17+
//! -o, --outputfile <OUTPUT> Sets the path to write the scanner results to (stdout by default)
18+
//! --password <PASSWORD> JIRA password or PAT (crafts basic auth header)
19+
//! --regex <REGEX> Sets a custom regex JSON file
20+
//! --username <USERNAME> JIRA username or email (crafts basic auth header)
2121
//!
2222
//! ARGS:
2323
//! <JIRAID> The ID (e.g. PROJECT-123) of the Jira issue you want to scan
@@ -71,9 +71,9 @@ async fn main() {
7171
(@arg CASE: --caseinsensitive "Sets the case insensitive flag for all regexes")
7272
(@arg OUTPUT: -o --outputfile +takes_value "Sets the path to write the scanner results to (stdout by default)")
7373
(@arg PRETTYPRINT: --prettyprint "Outputs the JSON in human readable format")
74-
(@arg USERNAME: --username +takes_value conflicts_with[AUTHTOKEN] "Jira username (crafts basic auth header)")
75-
(@arg PASSWORD: --password +takes_value conflicts_with[AUTHTOKEN] "Jira password (crafts basic auth header)")
76-
(@arg BEARERTOKEN: --authtoken +takes_value conflicts_with[USERNAME PASSWORD] "Jira basic auth bearer token (instead of user & pass)")
74+
(@arg USERNAME: --username +takes_value conflicts_with[AUTHTOKEN] "Jira username or email address (crafts basic auth header)")
75+
(@arg PASSWORD: --password +takes_value conflicts_with[AUTHTOKEN] "Jira password or PAT (crafts basic auth header)")
76+
(@arg BEARERTOKEN: --authtoken +takes_value conflicts_with[USERNAME PASSWORD] "Jira basic auth bearer token containing a PAT (instead of user & pass)")
7777
(@arg JIRAURL: --url +takes_value "Base URL of JIRA instance (e.g. https://jira.atlassian.net/)")
7878
(@arg ALLOWLIST: -a --allowlist +takes_value "Sets a custom allowlist JSON file")
7979
)
@@ -112,7 +112,7 @@ async fn run<'b>(arg_matches: ArgMatches<'b>) -> Result<(), SimpleError> {
112112

113113
// TODO: Support other modes of JIRA authentication
114114
let auth_string = match jirausername {
115-
// craft auth header using username and password if present
115+
// craft auth header using username and password (or PAT) if present
116116
Some(u) => {
117117
format!(
118118
"Basic {}",

0 commit comments

Comments
 (0)