trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Include VerificationError details in log output

Open rgmz opened this issue 8 months ago • 1 comments

Please review the Community Note before submitting

Description

When a verification test fails, the log output should include this information so that potentially valid secrets aren't discounted.

For instance, if a slow remote server can cause the request to timeout:

Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded

Which in turn will cause the secret to be reported as "unverified" without information about the failure, or excluded altogether if using --only-verified.

Found unverified result 🐷🔑❓
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147

Preferred Solution

Two potential solutions come to mind.

  1. Add "VeriticationError" to outputs such as PlainPrinter.
Found unverified result 🐷🔑❓
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147
VerificationError: Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded
  1. Add a third case for results that include VerificationError that perhaps can still show up with --only-verified.
Failed to verify result 🐷🔑❌
Detector Type: ScrapingBee
Decoder Type: PLAIN
Raw result: TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ
File: pkg/detectors/scrapingbee/scrapingbee_test.go
Line: 147
VerificationError: Get "https://app.scrapingbee.com/api/v1/?api_key=TQ9CCAZSORUPU1NMZXZEM11VY7K3NC6HJPBNYP2V4CZZXUY9SWEULNDHOZ77XGWO9FASA12XWFVWUBZJ&url=https://httpbin.org/anything?json&render_js=false": context deadline exceeded

Additional Context

This may only be applicable to plain output. I haven't tested it with JSON or anything else.

References

N/A

rgmz avatar Oct 19 '23 12:10 rgmz

Partially fixed by #2335.

rgmz avatar Jan 30 '24 13:01 rgmz