trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard
verified publisher icon trufflesecurity

badlist.txt filters out valid secrets when "no-verification" is used

Open AlfredBerg opened this issue 1 year ago • 0 comments

TruffleHog Version

trufflehog 3.81.9

Trace Output

Expected Behavior

The slack webhook should be detected

Actual Behavior

The detector finds the webhook, but it is then filtered out by FilterKnownFalsePositives. The slack webhook is filtered out here https://github.com/trufflesecurity/trufflehog/blob/3b0b2909ca94209ad753f0eccfd185e8be0f3d62/pkg/detectors/falsepositives.go#L82 since it matches https: over in the badlist https://github.com/trufflesecurity/trufflehog/blob/3b0b2909ca94209ad753f0eccfd185e8be0f3d62/pkg/detectors/badlist.txt#L210
At least https: and http: should probably be removed from that list.

Steps to Reproduce

  1. Create a file named slack with a valid slack webhook (looks something like https://hooks.slack.com/services/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, this one is not valid though)
  2. run trufflehog --no-update filesystem slack
  3. The secret is not detected

Environment

  • OS: Debian GNU/Linux 12

Additional Context

References

  • #1953

AlfredBerg avatar Aug 24 '24 10:08 AlfredBerg