Atlassian Oauth2 Keys

Description

General

• Documentation: https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/
• Summary: This detector aims to catch Oauth2 keys for Atlassian software such as Jira, Bitbucket or Confluence. These keys allow apps to connect to those software.
• IPs allowlist: This feature is not currently available.
• Scopes: Scopes can be set at an app level, see the documentation for more details.

Revoke the secret

This can be done from the apps dashboard: The app's secret can be regenerated.

Check for suspicious activity

This feature is not currently available.

Details for Atlassian Oauth2 Keys

• Family: credentials

• Category: collaboration_tool

• Company: Atlassian

• High recall: False

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: True

• Only valid secrets raise an alert: True

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.2

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^[aps]?cssc?~?$
    - ^lock$
    - ^storyboard(c|er)?~?$
    - ^xib$
    - ipynb
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - atlassian
    - jira
    - confluence
    - bitbucket

Examples

- text: |
    oauthEndpoint = oauth2.Endpoint{
    +		AuthURL:  "https://auth.atlassian.com/authorize",
    +		TokenURL: "https://auth.atlassian.com/oauth/token",
    +	}
    +	oauthConfig = &oauth2.Config{
    +		RedirectURL:  "http://localhost:3000/auth/jira/callback",
    +		ClientID:     "W4JMs69BbCohnWUozR70fyhEGFyHC3qH",
    +		ClientSecret: "DXEQC92LCtFAayTskHnFdf_0if7t8XhFznW_68dNHQXxX--n6PwSRFyEckem6X9n",
    +		Scopes:       []string{"read:jira-user", "read:jira-work", "offline_access"},
    +		Endpoint:     oauthEndpoint,
    +	}
    +)

  client_id: W4JMs69BbCohnWUozR70fyhEGFyHC3qH
  client_secret: DXEQC92LCtFAayTskHnFdf_0if7t8XhFznW_68dNHQXxX--n6PwSRFyEckem6X9n

- text: |
    JIRA_CLIENT=s1JWjiFNbAurXIGu2KzSoRD9EF93vjLZ
    JIRA_SECRET=HEJdIgN55jQYZLXDN6hlTJjIjsHms4z0Xtga45XrmLsASTI1X_TE-67VdpwEiv8e

  client_id: s1JWjiFNbAurXIGu2KzSoRD9EF93vjLZ
  client_secret: HEJdIgN55jQYZLXDN6hlTJjIjsHms4z0Xtga45XrmLsASTI1X_TE-67VdpwEiv8e
- text: |
    ```
    oauthEndpoint = oauth2.Endpoint{ 
    +		AuthURL:  "https://auth.atlassian.com/authorize", 
    +		TokenURL: "https://auth.atlassian.com/oauth/token", 
    +	} +	oauthConfig = &oauth2.Config{ 
    +		RedirectURL:  "http://localhost:3000/auth/jira/callback", 
    +		ClientID:     "W4JMs69BbCohnWUozR70fyhEGFyHC3qH", 
    +		ClientSecret: "DXEQC92LCtFAayTskHnFdf_0if7t8XhFznW_68dNHQXxX--n6PwSRFyEckem6X9n", 
    +		Scopes:       []string{"read:jira-user", "read:jira-work", "offline_access"}, 
    +		Endpoint:     oauthEndpoint, 
    +	} 
    +)
    ```

  client_id: W4JMs69BbCohnWUozR70fyhEGFyHC3qH
  client_secret: DXEQC92LCtFAayTskHnFdf_0if7t8XhFznW_68dNHQXxX--n6PwSRFyEckem6X9n

- text: |
    JIRA_CLIENT=ig5qKaLWNFrD2q0B21W9veYp0QgrdHy4
    JIRA_SECRET=ATOAsfm4Gyg8ZPKADORt63I3ka-1wXX7zIYcY7GCoDdT7dqnOFZdkiXxCzUw75xWrK5f6BBA64E3

  client_id: ig5qKaLWNFrD2q0B21W9veYp0QgrdHy4
  client_secret: ATOAsfm4Gyg8ZPKADORt63I3ka-1wXX7zIYcY7GCoDdT7dqnOFZdkiXxCzUw75xWrK5f6BBA64E3