trufflehog
trufflehog copied to clipboard
trufflesecurity
Custom regex in filenames
The rules flag can be really useful, but I noticed that filenames are not verified, so a rule to match .htpasswd wouldn't be part of a found regex. In some cases, it is easier to detect potential secrets using the filename instead of its contents.
Would it be possible to include this feature? By the way, I modified truffleHog to check filenames with a conditional elif secret_regexes[key].findall(blob.a_blob.name) in regex_check and added a try statement to catch exceptions when a_blob doesn't have a name property, but there are probably better ways to do it.
That's a good point, I'll put it on the backlog. I've been kind of busy with life prepping for a defcon talk and other things, so feature development has slowed down a little, but I'll do my best to get around to it eventually.
Hi @dxa4481, i was just wondering if there is any news about this feature. Of course we also can contribute to this, it s just to know the status of this request before forking and diving into the code.
I did not find any pull request dealing with this issue. @rsmith31415 what about your code ? Thanks a lot.
Give me some time this weekend, and I'll sit down and try to merge some of these issues
No prob, no rush, i also updated the regex check function to match the filenames in diff blobs but on my side i used blob.a_path and i tried to match the regexp even if we have a binary file (ex .kdbx). I did not pull request yet because i import trufflehog in a custom python script and i did not implement the new args parsing, new regexes in trufflehogRegexes, etc ... However i will share some code as soon as i ll be on my laptop. Cheers.
