Skip to content

Adobe ims v2 (#4)#4909

Open
anemonaaa13 wants to merge 2 commits intotrufflesecurity:mainfrom
anemonaaa13:main
Open

Adobe ims v2 (#4)#4909
anemonaaa13 wants to merge 2 commits intotrufflesecurity:mainfrom
anemonaaa13:main

Conversation

@anemonaaa13
Copy link
Copy Markdown

@anemonaaa13 anemonaaa13 commented Apr 22, 2026

Add a new detector for Adobe IMS (Identity Management System) OAuth2 tokens. Adobe IMS issues JWT-based access tokens and refresh tokens for user authentication across Adobe services. This detector identifies tokens by decoding the JWT payload and checking for the "as" field prefixed with "ims-" (e.g. ims-na1, ims-eu1). Verification is done via POST /ims/validate_token/v1.

Closes #4908

[x] Tests passing (make test-community)?
[x] Lint passing (make lint this requires golangci-lint)?


Note

Medium Risk
Introduces new secret-detection and remote verification logic that makes outbound HTTP calls to Adobe endpoints; misclassification or verification edge cases could affect scan results, but changes are isolated to a new detector and enum wiring.

Overview
Adds a new AdobeIMS detector that finds JWT-like strings, decodes the payload to identify Adobe IMS access/refresh tokens (type, client_id, as), and optionally verifies them via Adobe’s POST /ims/validate_token/v1 (with SSRF-safe region-to-host validation).

Wires the detector into the default detector set and introduces a new DetectorType_AdobeIMS enum value, along with unit + integration tests and benchmarks covering matching and verification behaviors.

Reviewed by Cursor Bugbot for commit 823c553. Bugbot is set up for automated code reviews on this repo. Configure here.

@anemonaaa13 anemonaaa13 requested a review from a team April 22, 2026 11:26
@anemonaaa13 anemonaaa13 requested review from a team as code owners April 22, 2026 11:26
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 22, 2026

CLA assistant check
All committers have signed the CLA.

Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit d868eb9. Configure here.

Comment thread pkg/detectors/adobeims/adobeims.go
Comment thread pkg/detectors/adobeims/adobeims_integration_test.go
anemonaaa13 and others added 2 commits April 23, 2026 11:22
* Add Adobe IMS detector for access and refresh tokens

Co-authored-by: Chivereanu Radu <37249331+Radu1999@users.noreply.github.com>
@kashifkhan0771 kashifkhan0771 added the pkg/detectors PRs and Issues related to the `detectors` package label Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pkg/detectors PRs and Issues related to the `detectors` package

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add detector for Adobe IMS OAuth2 tokens

3 participants