Dustin Decker
Dustin Decker
I'll upload an example soon. We've added several new variables. Also there is no more automatic TLS, we made a number of changes so that we could terminate TLS externally.
TruffleHog detects secrets that can be verified against their provider. Password variables typically won't be flagged. The AWS example would not be surfaced unless there was also the secret value....
Should we consider url encoding path elements? It seems like this could have just as easily been a different special character. I'm surprised it wasn't already encoded.
What about this? Seems cleaner to not have a temp file or the Env: part of the config: ``` depth=$(($(jq length $GITHUB_ENV ```
Proposal 2 seems ideal because it seems pretty rare to need to look backward
Should be resolved now by https://github.com/trufflesecurity/trufflehog/pull/3161
Re-opened. It seems that #3161 didn't fully address this and was in the release that you reported.
Yes those are the two targets for now. You are correct about database verification.
I think we should consider using json instead of structpb so we can support timestamps. Structpb types are pretty barebones
Thank you for the contribution, @Fenrisfulsur. We're going to try to consolidate this into a MySQL detector which includes this format as well as other connection strings and will reuse...