jdbc url with just host and port triggers false alert #3856
Description
Please review the Community Note before submitting
TruffleHog Version
3.88.2
Trace Output
https://gist.github.com/david-gang/370f0b4ec43afe9a2bcd835c635a01fb
Expected Behavior
this is part of a local docker compose environment:
flyway:
image: flyway/flyway:10
depends_on:
- postgres
command: migrate
volumes:
- ./flyway/sql:/flyway/sql
- ./flyway/conf:/flyway/conf
environment:
FLYWAY_URL: jdbc:postgresql://postgres:5432/mydb
FLYWAY_USER: postgres
FLYWAY_PASSWORD: password
FLYWAY_SCHEMAS: public
FLYWAY_LOCATIONS: filesystem:/flyway/sql
Trufflehog shouldn't issue an error as i did not add here an username or password in the url
Actual Behavior
trufflehog fails with output
Found unverified result 🐷🔑❓
Verification issue: dial tcp: lookup postgres: no such host
dial tcp: lookup postgres: no such host
Detector Type: JDBC
Decoder Type: PLAIN
Raw result: jdbc:postgresql://postgres:5432/mydb
File: backend/docker-compose.yaml
Line: 25
I also don't understand that he does not alarm on FLYWAY_USER and FLYWAY_PASSWORD.
Steps to Reproduce
Take teh snippet above and save it into a file.
Run trufflehog
Environment
- OS: [e.g. iOS]
- Version [e.g. 22]
Additional Context
I know i can either exclude the detector or the file but this is not a nice solution.
References
- #0000