search

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials
https://trufflesecurity.com
GNU Affero General Public License v3.0
15.83k stars 1.65k forks source link

Missing detections after update #2974

Open TheTechromancer opened 3 months ago

TheTechromancer commented 3 months ago

Hi, first off thanks for making this tool, it's awesome! 🔥

We've written some tests for our trufflehog module in BBOT, which have recently started failing.

The test that's failing is for the detection of an unverified secret, specifically https://admin:admin@internal.host.com.

It appears that the latest version of trufflehog (3.78.1) fails to detect this secret, while 3.75.1 detects it with no problems.

For now we've pinned the old version and disabled updates; but I wanted to report the issue in case it's been missed by your own tests.

Thanks!

domwhewell-sage commented 3 months ago

I believe this would be addressed by https://github.com/trufflesecurity/trufflehog/issues/2960