fix: corrected verification endpoint & validation logic for bombbomb (#3462)

* fix: corrected verification endpoint for bombbomb

* fix: corrected verification endpoint and validation logic for bombbomb

* Remove debug binary file from tracking

* feat: added common jwt pattern

Signed-off-by: Sahil Silare <[email protected]>

* fix: fixed the regex to include common prefix

Signed-off-by: Sahil Silare <[email protected]>

* fix: added common prefix to JWT Pattern

Signed-off-by: Sahil Silare <[email protected]>

* chore: changed the regex to call the function `BuildRegex`

Signed-off-by: Sahil Silare <[email protected]>

---------

Signed-off-by: Sahil Silare <[email protected]>
Co-authored-by: Kashif Khan <[email protected]>

Author: sahil9001

pkg/detectors/bombbomb/bombbomb.go

@@ -21,7 +21,7 @@ var (
 	client = common.SaneHttpClient()
 
 	// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
-	keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"bombbomb"}) + `\b([a-zA-Z0-9-._]{704})\b`)
+	keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"bombbomb"}) + common.BuildRegexJWT("0,140", "0,419", "0,171"))
 )
 
 // Keywords are used for efficiently pre-filtering chunks.
@@ -48,11 +48,12 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		}
 
 		if verify {
-			req, err := http.NewRequestWithContext(ctx, "GET", "https://api.bombbomb.com/v2/lists/", nil)
+			// Reference : https://developer.bombbomb.com/api#operations-Users-UserInfo
+			req, err := http.NewRequestWithContext(ctx, "GET", "https://api.bombbomb.com/v2/user/", nil)
 			if err != nil {
 				continue
 			}
-			req.Header.Add("Authorization", resMatch)
+			req.Header.Add("Authorization", "Bearer "+resMatch)
 			res, err := client.Do(req)
 			if err == nil {
 				defer res.Body.Close()