[Fix] Line number issue for custom detector #3997
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kashifkhan0771
changed the title
kashifkhan0771
changed the title
|
@kashifkhan0771 do we have any examples of what this looks like in the output? Can we write some tests for this? |
Currently, I did not print those secrets in the output. Instead, I stored them in the result and use them to identify the exact line number. I can add some test cases for the custom detector where we use this approach for multi-pattern. |
zricethezav
approved these changes
May 16, 2025
rosecodym
approved these changes
May 16, 2025
ahrav
approved these changes
May 16, 2025
abmussani
added a commit
to bunnyanon/trufflehog
that referenced
this pull request
May 21, 2025
* main: (121 commits) Fixed Grafana detector (trufflesecurity#4166) Reduce verbosity of chunk trace logging (trufflesecurity#4161) Increase postman logging verbosity (trufflesecurity#4160) Change github file extension log message verbosity (trufflesecurity#4159) docs: fix typos (trufflesecurity#4158) fix(twitch): Update Twitch detector to handle new RawV2 field and adjust test expectations (trufflesecurity#4150) Add a bunch of Postman logging (trufflesecurity#4154) Added DataBricks Analyzer (trufflesecurity#4135) fixed shopify detector line number (trufflesecurity#4149) chore: run setup-go after checkout (trufflesecurity#4143) Add per-chunk detection logging (trufflesecurity#4152) [Feat] Added Dropbox API OAuth2 Token Analyzer (trufflesecurity#4080) Updated Github Source Validate method (trufflesecurity#4144) replace anthropic reference with groq (trufflesecurity#4147) [Fix] Line number issue for custom detector (trufflesecurity#3997) fix(postman): prevent infinite recursion in variable substitution (trufflesecurity#4145) Add metrics to the Postman source (trufflesecurity#4142) [Feat] Implementation of Posthog Analyzer (trufflesecurity#4103) [Feat] Added Mux API Analyzer (trufflesecurity#4128) fixed name of netlify analyzer in cli output (trufflesecurity#4140) ... # Conflicts: # pkg/pb/detectorspb/detectors.pb.go # proto/detectors.proto
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
This PR resolves the incorrect line number issue for custom detectors with multiple regex patterns. It introduces a new configuration field that allows selecting one pattern as the primary. Matches from this primary regex will be used to determine the line number.
This is also helpful for detectors that append multiple matches to the RAW field. To specify a primary secret for a detector, simply add:
The engine will then use this primary secret to determine the line number. If a primary secret is not set, the engine will fall back to using the RAW field to locate the line number, as it currently does.
Related Ticket: CSM-864 | OSS-139
Checklist:
make test-community)?make lintthis requires golangci-lint)?