Including File and Line Information for Custom Regex Detector Results?

[jjang3]

Please review the Community Note before submitting

Description

The ability to access the File and Line information from the Regex Detector example provided here:

Found unverified result 🐷🔑❓
Detector Type: CustomRegex
Decoder Type: PLAIN
Raw result: RawResultHere
Name: HogTokenDetector
File: input_file
Line: 13

from the verification server.

Preferred Solution

I am not entirely sure what the best solution would be, as the data structure sent to the server seems to be intentionally stripped down to reduce information size. One potential approach could be adding the ability in the .yaml configuration file to include the input file like this, although I am not convinced this is the best solution:

# config.yaml
detectors:
  - name: HogTokenDetector
    filename: ${input_file} <--------
    keywords:
      - hog
    regex:
      hogID: '\b(HOG[0-9A-Z]{17})\b'
      hogToken: '[^A-Za-z0-9+\/]{0,1}([A-Za-z0-9+\/]{40})[^A-Za-z0-9+\/]{0,1}'
    verify:
      - endpoint: http://localhost:8000/
        # unsafe must be set if the endpoint is HTTP
        unsafe: true
        headers:
          - "Authorization: super secret authorization header"

Additional Context

When I parse the trufflehog output into the JSON format, I noticed that {"Data":{"Filesystem":{"file":"test_folder/test_server.py","line":2}}} includes a way to get the name of the verified result file and line. However, the data structure sent to the server looks like this:

{
    "HogTokenDetector": {
        "HogID": ["HOGAAIUNNWHAHJJWUQYR"],
        "HogSecret": ["sD9vzqdSsAOxntjAJ/qZ9sw+8PvEYg0r7D1Hhh0C"],
    }
}

as explained here: https://github.com/trufflesecurity/trufflehog/tree/main?tab=readme-ov-file#verification-server-example-python

References