TruffleHog Version
v3.95.7 (main branch)
Trace Output
N/A — this is a code-level bug in the verification logic, not a runtime crash.
Expected Behavior
A valid PubNub subscription key whose account has the App Context feature
disabled should be reported as verified.
Actual Behavior
The key is reported as unverified. The verification endpoint returns
403 Forbidden with the body:
"App Context is not enabled for this subscribe key."
The detector only handles one 403 body string:
"Objects not enabled for this subscriber key."
The second message means the same thing - the key is valid, the feature is
simply not enabled - but it is not matched, so the key is incorrectly treated
as invalid.
Steps to Reproduce
- Obtain a valid PubNub subscription key from an account where App Context
is not enabled.
- Run TruffleHog with
--verify against a file containing the key.
- The result is reported as unverified instead of verified.
Environment
- OS: macOS
- Version: latest main
Additional Context
The fix is a one-line addition in verifyKey
(pkg/detectors/pubnubsubscriptionkey/pubnubsubscriptionkey.go):
if strings.Contains(string(bodyBytes), "Objects not enabled for this subscriber key.") ||
strings.Contains(string(bodyBytes), "App Context is not enabled for this subscribe key.") {
return true, nil
}
TruffleHog Version
v3.95.7 (main branch)
Trace Output
N/A — this is a code-level bug in the verification logic, not a runtime crash.
Expected Behavior
A valid PubNub subscription key whose account has the App Context feature
disabled should be reported as verified.
Actual Behavior
The key is reported as unverified. The verification endpoint returns
403 Forbiddenwith the body:"App Context is not enabled for this subscribe key."
The detector only handles one 403 body string:
"Objects not enabled for this subscriber key."
The second message means the same thing - the key is valid, the feature is
simply not enabled - but it is not matched, so the key is incorrectly treated
as invalid.
Steps to Reproduce
is not enabled.
--verifyagainst a file containing the key.Environment
Additional Context
The fix is a one-line addition in
verifyKey(
pkg/detectors/pubnubsubscriptionkey/pubnubsubscriptionkey.go):