Secrets - Cloudflare token

[random-robbie]

Any one else getting loads of notfications that there is a cloudflare token found but it's just some random token from the CSP headers?

i.e.

description: 'Possible secret (Cloudflareapitoken): [''[cloudflare.com](http://cloudflare.com/)\\/report\\/v3?s=FRDqxrXdkzFDjaSzt8nhSD41r0DIL6BbghR3j3ut'']'
host: [businesshub.affirm.com](http://businesshub.affirm.com/)

description: 'Possible secret (Cloudflareapitoken): [''[cloudflare.com](http://cloudflare.com/)\\/report\\/v3?s=7ZsXuJqYQeHKTLJYF7RYuhuYBDKmBTyXzjTS15wN'']'
host: [app.shopify.com](http://app.shopify.com/)
url: https://app.shopify.com/

description: 'Possible secret (Cloudflareapitoken): [''[cloudflare.com](http://cloudflare.com/)\\/report\\/v3?s=8CVaAlFm7R18QmTqIxqsgQYngi94fIzvv5MUCyLd'']'
host: [accounts.shopify.com](http://accounts.shopify.com/)
url: https://accounts.shopify.com/

[random-robbie]

also the same with heroku.

description: 'Possible secret (Heroku): [''[heroku.com/reports?ts=1705664413&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6](http://heroku.com/reports?ts=1705664413&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6)'',
  ''[heroku.com/reports?ts=1705664413&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6](http://heroku.com/reports?ts=1705664413&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6)'']'
host: [bin.mailgun.net](http://bin.mailgun.net/)
url: https://bin.mailgun.net/b8868d5

[TheTechromancer]

Yeah I've run into these occasionally as well. Those signatures can probably just be deleted from secrets-patterns-db.

EDIT: in the future we would like to greatly improve BBOT's secret detection capabilities, either with better signatures or with AI. If this is interesting to you there are a couple related discussions you can check out:

• Module Idea: TruffleHog #922
• Use AI to Detect Exposed Secrets #907