Datadog API Key matches incorrectly #231

SkeletalDemise · 2021-11-09T03:34:50Z

$ poetry run pywhat "b8cedc00407a4c56a3bda1ed605c6fc1"
Matched on: b8cedc00407a4c56a3bda1ed605c6fc1
Name: Datadog API Key
Exploit: Use the command below to verify that the API key is valid:
  $ curl -X GET https://api.datadoghq.com/api/v1/validate -H "Content-Type: application/json" -H "DD-API-KEY:
b8cedc00407a4c56a3bda1ed605c6fc1"

It's too broad and matches on any 32 character hexadecimal string. If it can't be less broad then lower the rarity to 0. This is the regex it uses: ^([a-f0-9]{32})$

The text was updated successfully, but these errors were encountered:

- change the rarity of Datadog Client Key to 0.3 - remove `"Description"` of all Datadog RegExp

Fixed #231 Datadog API

ghost added good first issue Good for newcomers Regex issue Regex is not full or matches a lot of false positives labels Nov 9, 2021

nodtem66 added a commit to nodtem66/pyWhat that referenced this issue Dec 1, 2021

Minor fixed bee-san#231

c40c24a

- change the rarity of Datadog Client Key to 0.3 - remove `"Description"` of all Datadog RegExp

ghost closed this as completed in cc2a8a2 Dec 2, 2021

ghost pushed a commit that referenced this issue Dec 2, 2021

Merge pull request #235 from nodtem66/patch-231

d5ea9ce

Fixed #231 Datadog API

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Datadog API Key matches incorrectly #231

Datadog API Key matches incorrectly #231

SkeletalDemise commented Nov 9, 2021

Datadog API Key matches incorrectly #231

Datadog API Key matches incorrectly #231

Comments

SkeletalDemise commented Nov 9, 2021