[INS-255] Updated datadog detector to set verificationError in case of a verification error #4661
+253
−166
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MuneebUllahKhan222
changed the title
2 tasks
MuneebUllahKhan222
changed the base branch from
datadog-detector-verification-fix
to
main
Contributor
Author
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| appIncluded = true | ||
| results = append(results, s1) | ||
| } | ||
|
|
There was a problem hiding this comment.
Unused API response causes missing user/org data
High Severity
The verifyMatch function returns the decoded *userServiceResponse as res, but the code creates a new empty var serviceResponse userServiceResponse and checks its fields instead of using res. Since serviceResponse is freshly declared and empty, len(serviceResponse.Data) and len(serviceResponse.Included) will always be 0, so setUserEmails and setOrganizationInfo are never called. The res returned from verifyMatch is completely ignored.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
According to this GitHub issue, secrets detected by the DatadogToken detector that failed verification were not being reported to the notifier worker (CLI output).
This PR updates the DatadogToken detector to follow the same verification pattern used by newer detectors by Setting
verificationErroron thedetectors.Resultwith the error returned fromverifyMatchfunction.With this change, unverified Datadog token findings are correctly propagated to the notifier worker and reported in CLI output.
This PR also introduces
resetVerificationErrorfunction which reset theverificationErrorfield on the results struct required when the secret is verified with any of the endpoint found/configured so as to not report a false verification error.Checklist:
make test-community)?make lintthis requires golangci-lint)?