Description
📌 Description
Request to add a LambdaTest detector in TruffleHog for identifying potentially leaked credentials such as username and access key.
LambdaTest is a cloud testing platform that uses access tokens for authentication, which can be accidentally exposed in codebases. Including a detector would help identify these secrets and prevent misuse.
✅ Preferred Solution
🔍 Regex Patterns
-
Access Key:
^LT_[a-zA-Z0-9]{47}$ -
Username:
^[a-zA-Z0-9]*$
🔑 Keywords for Access Key Detection
detectors.PrefixRegex([]string{
"hub.lambdatest.com",
"accessKey",
"\"access_Key\":",
"ACCESS_KEY",
"key",
"lambdatestKey",
"LT_AUTHKEY",
"LT_ACCESS_KEY",
})
👤 Keywords for Username Detection
userPat = regexp.MustCompile(
detectors.PrefixRegex([]string{
"hub.lambdatest.com",
"userName",
"\"username\":",
"USER_NAME",
"user",
"lambdatestUser",
"LT_USERNAME",
"LAMBDATEST_USERNAME",
})
)
🔐 Credential Validation API
curl --location 'https://auth.lambdatest.com/api/user/token/auth' \
--header 'Content-Type: application/json' \
--data '{
"username": "username",
"token": "key"
}'
Sample Invalid Response:
{
"type": "error",
"title": "Unauthorized Error",
"message": "Something went wrong! Access key not present in db or invalid"
}
Additional Context
You can create an account on https://accounts.lambdatest.com/register and you can get the username and access key from here https://accounts.lambdatest.com/security/username-accesskey