Skip to main content

Gemfury Full Access Token

Description#

General#

  • Documentation: https://gemfury.com/help/getting-started
  • Summary: Gemfury is a hosted repository for public and private packages. It supports packages from various sources like ruby, python, npm, php, debian, rpm or nuget. Interaction with the registry is done via a dashboard, using a cli tool or curl API calls. This detector aims at catching full access tokens.
  • IPs allowlist: To the best of our knowledge this feature is not supported.
  • Scopes: Gemfury offers different types of tokens with different rights. This detector focuses on full access tokens.

Revoke the secret#

Secrets can be deactivated or revoked from the user's dashboard.

Check for suspicious activity#

To the best of our knowledge this feature is not supported.

Details for Gemfury full access token#

  • Family: Api

  • Category: Development tool

  • Company: Gemfury

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.25

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - \.fury\.io- type: ContentWhitelistPreValidator  patterns:  - \@(gem|npm(-proxy)?|pypi|yum|go-proxy|php|nuget|apt|maven|repo|git|push)\.fury\.io

Examples#

- text: >    GEMFURY_URL=https://Sspp7y42zaJMXrFbVaQa:@pypi.fury.io/sup3rU5er  apikey: Sspp7y42zaJMXrFbVaQa  username: sup3rU5er- text: >    GEMFURY_URL=https://Sspp7y42zaJMXrFbVaQa:@npm.fury.io/sup3rU5er  apikey: Sspp7y42zaJMXrFbVaQa  username: sup3rU5er