Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Including File and Line Information for Custom Regex Detector Results? #3915

Open
jjang3 opened this issue Feb 14, 2025 · 0 comments
Open

Including File and Line Information for Custom Regex Detector Results? #3915

jjang3 opened this issue Feb 14, 2025 · 0 comments

Comments

@jjang3
Copy link

jjang3 commented Feb 14, 2025

Please review the Community Note before submitting

Description

The ability to access the File and Line information from the Regex Detector example provided here:

Found unverified result πŸ·πŸ”‘β“
Detector Type: CustomRegex
Decoder Type: PLAIN
Raw result: RawResultHere
Name: HogTokenDetector
File: input_file
Line: 13

from the verification server.

Preferred Solution

I am not entirely sure what the best solution would be, as the data structure sent to the server seems to be intentionally stripped down to reduce information size. One potential approach could be adding the ability in the .yaml configuration file to include the input file like this, although I am not convinced this is the best solution:

# config.yaml
detectors:
  - name: HogTokenDetector
    filename: ${input_file} <--------
    keywords:
      - hog
    regex:
      hogID: '\b(HOG[0-9A-Z]{17})\b'
      hogToken: '[^A-Za-z0-9+\/]{0,1}([A-Za-z0-9+\/]{40})[^A-Za-z0-9+\/]{0,1}'
    verify:
      - endpoint: http://localhost:8000/
        # unsafe must be set if the endpoint is HTTP
        unsafe: true
        headers:
          - "Authorization: super secret authorization header"

Additional Context

When I parse the trufflehog output into the JSON format, I noticed that {"Data":{"Filesystem":{"file":"test_folder/test_server.py","line":2}}} includes a way to get the name of the verified result file and line. However, the data structure sent to the server looks like this:

{
    "HogTokenDetector": {
        "HogID": ["HOGAAIUNNWHAHJJWUQYR"],
        "HogSecret": ["sD9vzqdSsAOxntjAJ/qZ9sw+8PvEYg0r7D1Hhh0C"],
    }
}

as explained here: https://github.com/trufflesecurity/trufflehog/tree/main?tab=readme-ov-file#verification-server-example-python

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

1 participant