Skip to content

Filter duplicate JWT detection in badsecrets#2942

Merged
liquidsec merged 3 commits into
3.0from
duplicate-jwt-detection
Mar 5, 2026
Merged

Filter duplicate JWT detection in badsecrets#2942
liquidsec merged 3 commits into
3.0from
duplicate-jwt-detection

Conversation

@liquidsec

@liquidsec liquidsec commented Mar 4, 2026

Copy link
Copy Markdown
Collaborator

Addresses #2935

Instead of suppressing excavate's JWTExtractor when badsecrets is enabled, this filters JWT IdentifyOnly results in badsecrets itself. Excavate always reports JWT existence, and badsecrets only emits JWT findings when it actually cracks the secret (SecretFound).

This mirrors the existing pattern for ASPNET_Viewstate IdentifyOnly results.

@github-actions

github-actions Bot commented Mar 4, 2026

Copy link
Copy Markdown
Contributor

📊 Performance Benchmark Report

Comparing 3.0 (baseline) vs duplicate-jwt-detection (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name 📏 Base 📏 Current 📈 Change 🎯 Status
Bloom Filter Dns Mutation Tracking Performance 4.30ms 4.22ms -1.8%
Bloom Filter Large Scale Dns Brute Force 17.82ms 17.35ms -2.7%
Large Closest Match Lookup 363.87ms 358.00ms -1.6%
Realistic Closest Match Workload 194.84ms 193.37ms -0.8%
Event Memory Medium Scan 1766 B/event 1768 B/event +0.1%
Event Memory Large Scan 1757 B/event 1757 B/event +0.0%
Event Validation Full Scan Startup Small Batch 509.06ms 486.83ms -4.4%
Event Validation Full Scan Startup Large Batch 791.12ms 797.85ms +0.9%
Make Event Autodetection Small 31.91ms 31.33ms -1.8%
Make Event Autodetection Large 323.65ms 322.38ms -0.4%
Make Event Explicit Types 14.30ms 14.11ms -1.3%
Excavate Single Thread Small 4.106s 4.174s +1.6%
Excavate Single Thread Large 9.778s 9.709s -0.7%
Excavate Parallel Tasks Small 4.275s 4.269s -0.1%
Excavate Parallel Tasks Large 7.367s 7.361s -0.1%
Is Ip Performance 3.20ms 3.17ms -0.8%
Make Ip Type Performance 11.42ms 11.40ms -0.2%
Mixed Ip Operations 4.49ms 4.47ms -0.5%
Typical Queue Shuffle 62.88µs 60.69µs -3.5%
Priority Queue Shuffle 710.04µs 706.12µs -0.6%

🎯 Performance Summary

No significant performance changes detected (all changes <10%)


🐍 Python Version 3.11.14

@TheTechromancer

Copy link
Copy Markdown
Contributor

Good overall goal but instead of putting badsecrets-specific logic in excavate maybe we should avoid emitting JWTs from badsecrets, since excavate is always enabled by default.

@liquidsec liquidsec changed the title Suppress excavate JWT detection when badsecrets is enabled Filter duplicate JWT detection in badsecrets Mar 5, 2026
@codecov

codecov Bot commented Mar 5, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92%. Comparing base (4219861) to head (9a97782).
⚠️ Report is 6 commits behind head on 3.0.

Additional details and impacted files
@@          Coverage Diff          @@
##             3.0   #2942   +/-   ##
=====================================
- Coverage     92%     92%   -0%     
=====================================
  Files        438     438           
  Lines      36026   36040   +14     
=====================================
+ Hits       32810   32818    +8     
- Misses      3216    3222    +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@liquidsec liquidsec merged commit a736ac0 into 3.0 Mar 5, 2026
14 checks passed
@liquidsec liquidsec mentioned this pull request Jun 9, 2026
@liquidsec liquidsec deleted the duplicate-jwt-detection branch June 10, 2026 00:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants