[INS-344] Add New Relic Mobile App Token Detector#4810
Open
mustansir14 wants to merge 1 commit intotrufflesecurity:mainfrom
Open
[INS-344] Add New Relic Mobile App Token Detector#4810mustansir14 wants to merge 1 commit intotrufflesecurity:mainfrom
mustansir14 wants to merge 1 commit intotrufflesecurity:mainfrom
Conversation
shahzadhaider1
approved these changes
Mar 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
This PR adds the New Relic Mobile App Token Detector.
Regex:
\b((AA[0-9a-f]{40}|eu01xx[0-9a-f]{36})-NRMA)\bVerification:
For verification, we use the New Relic Android Agent Internal API:
https://mobile-collector.newrelic.com. A POST request is made to the /mobile/v5/connect endpoint. If the response status code is 400, it indicates that the key is valid but the request is malformed (since we're not sending a proper payload), while a 401 status code indicates that the key is invalid. Any other status code is treated as an error.This API is not documented, and was discovered by digging into New Relic's Android agent SDK code.
Note: For EU region keys, the host should be
https://mobile-collector.eu01.nr-data.netCorpora Test:
The detector does not appear in the list.
Checklist:
make test-community)?make lintthis requires golangci-lint)?Note
Medium Risk
Medium risk due to adding a new network-backed verification path (new HTTP call and status-code semantics) plus a protobuf enum change that affects detector type numbering/serialization.
Overview
Adds a new
newrelicmobileapptokendetector that matches US/EU Mobile App Token formats and optionally verifies tokens by POSTing to New Relic’s mobile collector endpoint (treating400as valid and401as invalid, with region recorded inExtraData).Wires the detector into
defaults.goso it runs by default, and extendsdetectors.proto/ generateddetectors.pb.gowith a newDetectorType_NewRelicMobileAppTokenenum value. Includes unit tests for the regex/keyword matching and integration tests covering verified/unverified/region behavior, plus a benchmark.Written by Cursor Bugbot for commit a5210cd. This will update automatically on new commits. Configure here.