generic.secrets.security.detected-twitter-oauth.detected-twitter-oauth
Community Favorite
returntocorpAuthor
37,965
Download Count*
License
Twitter OAuth detected
Run Locally
Run in CI
Defintion
rules:
- id: detected-twitter-oauth
patterns:
- pattern-regex: "[tT][wW][iI][tT][tT][eE][rR].*['|\"]?[0-9a-zA-Z]{35,44}['|\"]?"
- pattern-not-regex: "[tT][wW][iI][tT][tT][eE][rR].*hash.*=.*['|\"]?[0-9a-zA-Z]{3\
5,44}['|\"]?"
languages:
- regex
message: Twitter OAuth detected
severity: ERROR
metadata:
cwe:
- "CWE-798: Use of Hard-coded Credentials"
source-rule-url: https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
category: security
technology:
- secrets
- twitter
confidence: LOW
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- audit
likelihood: LOW
impact: MEDIUM
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
detected-twitter-oauth.txt
# ruleid: detected-twitter-oauth
[2017-02-23 16:37:26.012574] ERROR: Twitter Logger: Caught Error Twitter sent status 404 for URL: 1.1/statuses/user_timeline.json using parameters: (oauth_consumer_key=xxxx&oauth_nonce=xxxx&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1487867845&oauth_token=1418392116-OauaLABxQkkvkJ80PAPKXeix29vAk4Vdwoooo93&oauth_version=1.0&screen_name=xxx%2CBBC&oauth_signature=%xxx%2Fk%3D)
# ok: detected-twitter-oauth
{file = "twitter-1.18.0-py2.py3-none-any.whl", hash = "sha256:52545fd3b70d3d3807d3ce62d1a256727856d784d1630d64dedcc643aaf0b908"},
# ok: detected-twitter-oauth
{file = "twitter-1.18.0.tar.gz", hash = "sha256:acdc85e5beea752967bb64c63bde8b915c49a31a01db1b2fecccf9f2c1d5c44d"},
Short Link: https://sg.run/Lwb7