trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard
verified publisher icon trufflesecurity

Apply custom-detectors to specific file types (via inclusion or exclusion)

Open mtcolman opened this issue 1 year ago • 1 comments

Please review the Community Note before submitting

Description

Is it possible to apply regex detectors to specific filetypes? the main use case I have for this is that some filetypes specify password/secret strings without quotes around them, whilst in other filetypes this would be a parameter and thus safe for inclusion.

Preferred Solution

If we could specify in the config.yaml:

detectors:
- name: custom password detector
  keywords:
  - username
  - password
  - token
  regex:
    adjective: "[a-zA-Z0-9]{32}"
  exclude_types: [".py", ".txt", ".example"]

Additional Context

So that I could define many detectors and for each individually specify whether to apply this to certain file types. Then I can run this against an entire directory. I don't want to exclude the files from a scan, I just want to exclude them from specific detectors.

References

N/A

Thanks!

mtcolman avatar Sep 17 '24 10:09 mtcolman

Being able to exclude detectors from specific files is a useful capability. I hope the team can add it.

I created a POC in #1741, though it wouldn't work for custom detectors.

rgmz avatar Sep 17 '24 14:09 rgmz