search

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials
https://trufflesecurity.com
GNU Affero General Public License v3.0
15.83k stars 1.65k forks source link

CustomRegex detector does not include repository in Metadata > Git #2990

Open gsilvapt opened 3 months ago

gsilvapt commented 3 months ago

I apologise in advance if I'm breaking any rules by opening this ticket.

TruffleHog Version

3.69.0

Trace Output

Unfortunately, cannot share a output due to the sensitive data I have in hands. I wanted to nevertheless report the bug or maybe get help in figuring out why this is happening.

Expected Behavior

As with any other entry in the JSON output, the composition of the JSON looks like this:

{
  "SourceMetadata": {
    "Git": {
      "..."
      "Repository": "<link to repository>"
      ...
}

The output composition should be the the same for all detectors.

Actual Behavior

Seems the repository property is missing in the resulting JSON TruffleHog generates when custom regexes are configured. Cannot understand why exactly, if this is a known bug or something else, but since it seems to work for other detectors, then I must assume this is some sort of bug?

Steps to Reproduce

  1. Set up custom regexes to run TruffleHog with.
  2. Observe the detected secrets for CustomRegex do not contain the repository property in the Metadata key.
  3. Observe all other detections do provide this data.

Environment

Additional Context

N/A

References

N/A

k-sau commented 1 month ago

It is not returning file and line number also. Repository is returning though

Screenshot 2024-09-04 at 4 53 40 PM