Bugfix/trufflehog detectors yaml#355
Open
shreelshah12 wants to merge 2 commits into
Open
Conversation
…ctor files The shipped configs/trufflehog_detectors.yaml was invalid YAML, so load_config_from_file() always threw, silently fell back to 3 built-in detectors, and never loaded the file's detectors (GitHub issue: custom detectors not applied; 'mapping values are not allowed here, line 6'). Two structural bugs fixed: - detector item keys were over-indented (the line-6 parse error) - detectors were a bare top-level sequence instead of being nested under the top-level 'detectors:' key the loader reads Also: - Make the fallback loud: log at ERROR that custom detectors are NOT applied, instead of masking a broken config. - Support an optional, git-ignored custom_trufflehog_detectors.yaml that is merged into the shipped detectors (custom wins on name clash), so customers add their own without editing the shipped file. Adds a .sample template and .gitignore entry. Co-authored-by: Isaac
Remove references to past behavior/bugs from comments and the fallback log message; describe only what the files and code do. Co-authored-by: Isaac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The shipped
configs/trufflehog_detectors.yamlwas invalid YAML, so the secret scanner failed to load it and silently ran with only the 3 built-in fallback detectors — the file's detectors were never applied. This fixes the structure (detectors nested under adetectors:key with correct indentation) so all detectors load.It also adds support for an optional, git-ignored
custom_trufflehog_detectors.yamlthat is merged into the shipped detectors at scan time (with a.sampletemplate), so customers can add their own detectors without editing the shipped file or losing them on upgrade.Type of Change