Renamed AnypointOAuth2 detector's AnalysisInfo keys to make it consistent with its Analyzer#4906
Merged
MuneebUllahKhan222 merged 2 commits intotrufflesecurity:mainfrom Apr 22, 2026
Conversation
Contributor
|
While we are at it, could we also populate the AnalysisInfo in the following detector:
|
bryanbeverly
changed the title
shahzadhaider1
approved these changes
Apr 22, 2026
amanfcp
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
This PR fixes a mismatch between the AnypointOAuth2 detector and its corresponding analyzer.
Previously, the detector populated credential fields as id and secret, while the analyzer expects them to be provided as client_id and client_secret. This inconsistency caused the analyzer to fail when processing detected credentials.
Checklist:
make test-community)?make lintthis requires golangci-lint)?Note
Low Risk
Small, localized changes to detector result metadata; no changes to matching/verification behavior beyond adding extra output fields.
Overview
Fixes verified-result metadata emitted by the
AnypointOAuth2detector by renamingAnalysisInfokeys fromid/secrettoclient_id/client_secretso downstream analyzers receive the expected fields.Also updates the
Coinbasedetector to (a) populateAnalysisInfowithkey_nameandkeyon successful verification and (b) includes a minor formatting fix inisValidECPrivateKey.Reviewed by Cursor Bugbot for commit 3dd0f29. Bugbot is set up for automated code reviews on this repo. Configure here.