Skip to content

PubNub subscription key verification misses "App Context is not enabled" response #5099

Description

@santhoshpatturaj

TruffleHog Version

v3.95.7 (main branch)

Trace Output

N/A — this is a code-level bug in the verification logic, not a runtime crash.

Expected Behavior

A valid PubNub subscription key whose account has the App Context feature
disabled should be reported as verified.

Actual Behavior

The key is reported as unverified. The verification endpoint returns
403 Forbidden with the body:

"App Context is not enabled for this subscribe key."

The detector only handles one 403 body string:

"Objects not enabled for this subscriber key."

The second message means the same thing - the key is valid, the feature is
simply not enabled - but it is not matched, so the key is incorrectly treated
as invalid.

Steps to Reproduce

  1. Obtain a valid PubNub subscription key from an account where App Context
    is not enabled.
  2. Run TruffleHog with --verify against a file containing the key.
  3. The result is reported as unverified instead of verified.

Environment

  • OS: macOS
  • Version: latest main

Additional Context

The fix is a one-line addition in verifyKey
(pkg/detectors/pubnubsubscriptionkey/pubnubsubscriptionkey.go):

if strings.Contains(string(bodyBytes), "Objects not enabled for this subscriber key.") ||
    strings.Contains(string(bodyBytes), "App Context is not enabled for this subscribe key.") {
    return true, nil
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions