trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Request Method Customization in Custom Detector

Open effortlessdevsec opened this issue 5 months ago • 2 comments

Currently, TruffleHog custom detectors do not support customization of the HTTP request method (e.g., GET, POST, PUT, DELETE) used during outbound validation. This limits compatibility with certain APIs that require specific request methods for validation or scanning workflows.

Preferred Solution

Add support for specifying the HTTP method in the custom detector configuration. For example:

custom_detector:
  name: MyDetector
  request:
    method: POST
    url: https://api.example.com/validate
    headers:
      Authorization: Bearer {{API_KEY}}
    body:
      key: "{{secret}}"

If the method field is omitted, it should default to GET to preserve backward compatibility. TruffleHog should then use the specified HTTP method when calling the external service.

Additional Context

Many API providers (e.g., AWS STS, Vault, or custom internal tools) require specific HTTP methods (often POST or PUT) to validate secrets or tokens. Without support for method customization, these integrations cannot be fully utilized with TruffleHog's custom detectors.

TruffleHog Custom Detector Documentation

effortlessdevsec avatar May 11 '25 17:05 effortlessdevsec