trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

`IsKnownFalsePositive` incorrectly marks value as false-positive

Open rgmz opened this issue 1 year ago • 2 comments

Please review the Community Note before submitting

TruffleHog Version

3.60.1

Trace Output

N/A

Expected Behavior

The following (valid) secret is not marked as a false-positive

9ed918b9-7ea6-4880-9734-e3822649e20b

Actual Behavior

The value is marked as a false-positive in IsKnownFalsePositive because it contains 0-9 from badlist.txt.

Steps to Reproduce

Environment

N/A

Additional Context

For things like UUIDs it doesn't make sense to use the standard IsKnownFalsePositivr function because the pattern is so specific. Perhaps it's worth adding a UUID-specific one to catch stuff like 00000-0000-...?

References

N/A

rgmz avatar Oct 23 '23 23:10 rgmz

Thanks for digging into this. I think it's reasonable to remove from that detectors that use UUIDs, but also 0-9 should be removed from the badlist data.

dustin-decker avatar Oct 24 '23 15:10 dustin-decker

I'm guessing that a-z and 0-9 are meant to exclude regex patterns such as "password":"[a-z0-9]{32}. I'm not sure how effective it is, though.

I'm working on a PR for Azure that will also add a UUID-specific method.

rgmz avatar Oct 24 '23 15:10 rgmz

Closed by https://github.com/trufflesecurity/trufflehog/pull/2351

I know that's not the most holistic improvement. This should become more configurable in the future.

dustin-decker avatar Mar 29 '24 03:03 dustin-decker