Handle custom detector response and include in extra data #3411
Conversation
|
@kashifkhan0771 could you take a look at the test failure: |
|
| if err != nil { | ||
| return fmt.Errorf("failed to read response body: %v", err) | ||
| } |
There was a problem hiding this comment.
This looks like it's returning an error for the FromData call, is that right? I think that may not be what we want to do for two reasons:
- it will break the loop so other configs aren't tested
- it seems like it would be a non-determinant error (if those exist in custom detectors), and should maybe set the verification error
There was a problem hiding this comment.
There other parts that also return an error, this is just one example.
There was a problem hiding this comment.
I think I did that out of habit. I’ve fixed it now, and we’re continuing to the next step instead of returning an error.
| // helper function to handle JSON response | ||
| func handleJSONResponse(body []byte) (string, error) { | ||
| var respBody interface{} | ||
| err := json.Unmarshal(body, &respBody) | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to unmarshal JSON: %v", err) | ||
| } | ||
|
|
||
| // convert JSON map to a formatted string | ||
| jsonString, err := json.MarshalIndent(respBody, "", " ") | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to marshal JSON: %v", err) | ||
| } | ||
|
|
||
| return strings.TrimSpace(string(jsonString)), nil | ||
| } |
There was a problem hiding this comment.
Why does this function unmarshal then marshal?
There was a problem hiding this comment.
Ah, I think I might have over-engineered this, even though @ahrav warned me not to! 😅 I was trying to get the response into a nicely formatted JSON string, but I realize now that it's not really necessary. We can just stick to simple string conversion instead.
|
|
||
| // read the Content-Type header and response body | ||
| respContentType := resp.Header.Get("Content-Type") | ||
| body, err := io.ReadAll(resp.Body) |
There was a problem hiding this comment.
@mcastorina I could not recall where we had a discussion about PII. I remember, we decided not to include PII in extraData. Will this needed to be care here as well ?
There was a problem hiding this comment.
That's a great point. Custom detector servers are user supplied (or at least user configured), so I don't think PII would be an issue here.. @zricethezav what are your thoughts?
There was a problem hiding this comment.
| responseStr := string(body) | ||
|
|
||
| // store the processed response in ExtraData | ||
| result.ExtraData["response"] = responseStr |
There was a problem hiding this comment.
@kashifkhan0771 Thought: storing the entire response could lead to some large outputs. This could be annoying for users who already are using custom detectors.
One option could be limit the response to 200 characters. I don't feel comfortable merging this PR as is.
@kashifkhan0771 additionally, I tried spinning up a verification server and testing this myself but found that the only thing that could printed in the output was the name of the customer verifier: "ExtraData":{"name":"HogTokenDetector"} when using the --json flag. A mock test might help here, although I have a suspicion there might be some other issues considering I'm not able to surface additional ExtraData past the name of the custom verifier in the output.
@CameronLonsdale what is your use case for ExtraData? How are you using TruffleHog to surface this data (what command and flags)?
There was a problem hiding this comment.
For me, I always run trufflehog with --json --only-verified. I wanted to surface data from my custom patterns that are the responses from verifying the credential against the API. So this would typically be a JSON blob which tells me info about the user which corresponds to the token I just verified.
I wrap trufflehog around custom code to sync results to Jira etc so hence why JSON. But I would expect the extraData to show up in CLI output aswell, so truncating it to be readable at the terminal makes sense.
There was a problem hiding this comment.
@zricethezav @CameronLonsdale I added the limit of 200 chars for response. I am not sure how to test the custom detector. If anyone of you can guide me how to do it. I can test locally to understand why it is not printing the extra data in output.
There was a problem hiding this comment.
Thank you, @mcastorina, for your guidance on running the custom detector. I successfully tested it and identified the issue that was preventing the results from printing. I've fixed it now. Please review my changes.
kashifkhan0771
force-pushed
the
update/custom-detector-resp
branch
from
b854936
to
36c6519
Compare
| // NOTE: I don't believe this is being set anywhere else, hence the map assignment. | ||
| result.ExtraData = map[string]string{ | ||
| "name": c.GetName(), | ||
| } |
There was a problem hiding this comment.
This was the reason the response result wasn't being printed! 😛 @zricethezav
There was a problem hiding this comment.
Let me know if the name is something we want to print. I can make the change to append it.
* main: (76 commits) update aws descriptions (trufflesecurity#3529) enforce timeout on circleci test (trufflesecurity#3528) rm snifftest (trufflesecurity#3527) Redact more source credentials (trufflesecurity#3526) Create global log redaction capability (trufflesecurity#3522) Adding basic "what is trufflehog" to the readme (trufflesecurity#3514) Handle custom detector response and include in extra data (trufflesecurity#3411) fix: fixed validation logic for `calendarific` (trufflesecurity#3480) fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (trufflesecurity#3518) Move DecoderType into ResultWithMetadata trufflesecurity#3502 Addeded 403 account block status code handling for gitlab (trufflesecurity#3471) updated gcpapplicationdefaultcredentials detector results with RawV2 (trufflesecurity#3499) fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (trufflesecurity#3512) fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (trufflesecurity#3510) fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (trufflesecurity#3498) Adds a logging section in the contributing guidelines (trufflesecurity#3509) fix: fixed verifcation pattern logic for `bulksms` (trufflesecurity#3478) Extend `algoliaadminkey` with additional checks (trufflesecurity#3459) fix(deps): update module google.golang.org/api to v0.203.0 (trufflesecurity#3497) fix: added correct api endpoint for verification & logic for Aeroworkflow (trufflesecurity#3435) ...
Description:
This PR handle custom detector response and include it in the ExtraData
Issue:
#3385
Checklist:
make test-community)?make lintthis requires golangci-lint)?