From 6f73f188d0825d6d46410d9a1f16e1dfacc9461d Mon Sep 17 00:00:00 2001
From: ankushgoel27 <ankushgoel27@gmail.com>
Date: Thu, 10 Nov 2022 11:07:44 +0530
Subject: [PATCH 1/2] fixed mailchimp detector

---
 pkg/detectors/mailchimp/mailchimp.go | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/pkg/detectors/mailchimp/mailchimp.go b/pkg/detectors/mailchimp/mailchimp.go
index 423d3ecf09f1..f20a582360da 100644
--- a/pkg/detectors/mailchimp/mailchimp.go
+++ b/pkg/detectors/mailchimp/mailchimp.go
@@ -19,7 +19,7 @@ type Scanner struct{}
 var _ detectors.Detector = (*Scanner)(nil)
 
 var (
-	// TODO: Other country patterns?
+	client = common.SaneHttpClient()
 	keyPat = regexp.MustCompile(`[0-9a-f]{32}-us[0-9]{1,2}`)
 )
 
@@ -46,29 +46,29 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		if verify {
 			datacenter := strings.Split(match, "-")[1]
 
-			client := common.SaneHttpClient()
 			// https://mailchimp.com/developer/guides/marketing-api-conventions/
 			req, err := http.NewRequestWithContext(ctx, "GET", fmt.Sprintf("https://%s.api.mailchimp.com/3.0/", datacenter), nil)
 			if err != nil {
 				continue
 			}
 			req.SetBasicAuth("anystring", match)
-			res, err := client.Do(req)
+			req.Header.Add("accept", "application/json")
+			res, err := http.DefaultClient.Do(req)
 			if err == nil {
-				res.Body.Close() // The request body is unused.
-
-				if res.StatusCode == 200 {
+				defer res.Body.Close()
+				if res.StatusCode >= 200 && res.StatusCode < 300 {
 					s.Verified = true
+				} else {
+					// This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key.
+					if detectors.IsKnownFalsePositive(match, detectors.DefaultFalsePositives, true) {
+						continue
+					}
 				}
 			}
 		}
 
-		if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
-			continue
-		}
-
 		results = append(results, s)
 	}
 
-	return
+	return results, nil
 }

From 3daa03e6cd90e82c446a7c99919b8cf231d39870 Mon Sep 17 00:00:00 2001
From: Dustin Decker <dustin@trufflesec.com>
Date: Thu, 10 Nov 2022 09:33:46 -0500
Subject: [PATCH 2/2] Use sane http client

---
 pkg/detectors/mailchimp/mailchimp.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/detectors/mailchimp/mailchimp.go b/pkg/detectors/mailchimp/mailchimp.go
index f20a582360da..dc8be6bc5cfc 100644
--- a/pkg/detectors/mailchimp/mailchimp.go
+++ b/pkg/detectors/mailchimp/mailchimp.go
@@ -53,7 +53,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 			}
 			req.SetBasicAuth("anystring", match)
 			req.Header.Add("accept", "application/json")
-			res, err := http.DefaultClient.Do(req)
+			res, err := client.Do(req)
 			if err == nil {
 				defer res.Body.Close()
 				if res.StatusCode >= 200 && res.StatusCode < 300 {