Trufflehog - not able to use regexp to through custom detector #3851
Comments
|
I tested using the YAML configuration you provided, and it worked as expected. The issue you're encountering might be due to the absence of the specified keyword in the data you're using. For the detection logic to trigger, the keyword defined in your YAML must be present in the input data. If the keyword is missing, the detector won't execute its logic. So in your case the file |
|
Hey @kashifkhan0771 , could you please clarify. I'm running into the same issue as the author here. I have a config.yaml that just has the "hog" detector defined from your README example. I created a .py file with the raw result from the example you guys provided and a file system scan did not detect the secret? It seems like scans are just not taking the config.yaml into account? I even tried adding the keyword "hog" that is defined in your config.yaml example into the file that I'm scanning and it still did not return that a secret was found. Also what do you mean that for the detection logic to trigger, the keyword defined in the yaml must be present in the input data? Like in OP's example here, his keyword is "api" and the file he's scanning has the word "API" in the key. |
|
Hi @RumitAP, You created a config file based on the Regex Detector Example and used the RAW result from the example output ( The example config consists of two regex patterns: Currently, the RAW result ( For testing, you can generate an example regex-matching string using this tool. Now, add both values to a file (e.g., Verification Server (Optional)If you also want a verification server running to check whether the token is live, follow these steps to set up a Python server. If you skip this step, the tokens will still be detected but marked as unverified since they won’t have a verification endpoint. Running the Filesystem ScanThe command from the example is: trufflehog filesystem <file_to_scan> --config <path_to_file>/config.yaml --results=verified,unknownSince this command filters results to show only verified or unknown matches, you must have a verification server running for it to work properly. If your verification server is not running, omit the trufflehog filesystem <file_to_scan> --config <path_to_file>/config.yamlThis will show unverified matches, with output similar to: I hope this clarifies the usage of custom detectors. I will also talk internally to the team to update the documentation of custom detector with proper examples. |
|
This PR will improve the custom regex detector documentation. |
|
The PR is merged! Documentation is updated with more details. If you still face any issue, feel free to open a new issue. Thank you! |
Hi,
I'm trying to configure trufflehog to use custom regexp to detect simple secrets basing on my needs, e.g. to search for passwords or access tokens.
Unfortunately I've not found a way to do it.
I've found also another post about a similar issue ( #1317 ) and I've tried to apply the suggestion included within this post's discussion to search for an api key through a custom detector.
I've created the testAPIkeyConfig.yaml file with the following content:
and the testAPIkey.json with the following content:
"API key": "([a-zA-Z0-9]{32})"and I've executed the following command:
trufflehog filesystem testAPIkey.json --config testAPIkeyConfig.yamlThe output by trufflehog is not the expected one. The API key is not highlighted by the tool:
What I'm doing wrong?
Your help will be useful for me to configure also other regexp that I would like to use.
Thanks!
The text was updated successfully, but these errors were encountered: