trufflehog
trufflehog copied to clipboard
Include VerificationError details in log output
Please review the Community Note before submitting
Description
When a verification test fails, the log output should include this information so that potentially valid secrets aren't discounted.
For instance, if a slow remote server can cause the request to timeout:
Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded
Which in turn will cause the secret to be reported as "unverified" without information about the failure, or excluded altogether if using --only-verified
.
Found unverified result 🐷🔑❓
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147
Preferred Solution
Two potential solutions come to mind.
- Add "VeriticationError" to outputs such as PlainPrinter.
Found unverified result 🐷🔑❓
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147
VerificationError: Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded
- Add a third case for results that include
VerificationError
that perhaps can still show up with--only-verified
.
Failed to verify result 🐷🔑❌
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147
VerificationError: Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded
Additional Context
This may only be applicable to plain output. I haven't tested it with JSON or anything else.
References
N/A
Partially fixed by #2335.