Description
Please review the Community Note before submitting
Description
The ability to access the File and Line information from the Regex Detector example provided here:
Found unverified result π·πβ
Detector Type: CustomRegex
Decoder Type: PLAIN
Raw result: RawResultHere
Name: HogTokenDetector
File: input_file
Line: 13
from the verification server.
Preferred Solution
I am not entirely sure what the best solution would be, as the data structure sent to the server seems to be intentionally stripped down to reduce information size. One potential approach could be adding the ability in the .yaml configuration file to include the input file like this, although I am not convinced this is the best solution:
# config.yaml
detectors:
- name: HogTokenDetector
filename: ${input_file} <--------
keywords:
- hog
regex:
hogID: '\b(HOG[0-9A-Z]{17})\b'
hogToken: '[^A-Za-z0-9+\/]{0,1}([A-Za-z0-9+\/]{40})[^A-Za-z0-9+\/]{0,1}'
verify:
- endpoint: http://localhost:8000/
# unsafe must be set if the endpoint is HTTP
unsafe: true
headers:
- "Authorization: super secret authorization header"
Additional Context
When I parse the trufflehog output into the JSON format, I noticed that {"Data":{"Filesystem":{"file":"test_folder/test_server.py","line":2}}} includes a way to get the name of the verified result file and line. However, the data structure sent to the server looks like this:
{
"HogTokenDetector": {
"HogID": ["HOGAAIUNNWHAHJJWUQYR"],
"HogSecret": ["sD9vzqdSsAOxntjAJ/qZ9sw+8PvEYg0r7D1Hhh0C"],
}
}
as explained here: https://github.com/trufflesecurity/trufflehog/tree/main?tab=readme-ov-file#verification-server-example-python
Activity