Custom regex are not working about trufflehog HOT 9 CLOSED

I made some changes recently, and the documentation isn't up to date. For custom regexes, try the flag --rules and then the path to a json object formatted like this: https://github.com/dxa4481/truffleHog/blob/dev/testRules.json

I will update the documentation shortly

from trufflehog.

Right now it looks like you have entropy enabled, which is why it flagged on a high source of entropy (highlighted in orange). Disable entropy with --entropy false and enable regex checks with --regex

from trufflehog.

I provided --rules= and I am not getting the issue anymore. But the output still does not show the security keys in code. Tested the regex in rubular.com and it works perfectly.
Can you please guide me? I am new to Python.

from trufflehog.

Debugged the issue and found that the code checks only history, not the current changes in the local repository. That is the reason it is printing entropicDiff which does not go through regex check.
But what is the point of printing entropicDiff if that does not match any security regex? The purpose is to get details of commits where security keys got committed. Right?
Please tell your opinion on this @dxa4481

from trufflehog.

I'm not sure I follow what the issue is you're describing. Can you paste some output and tell me what the problem is?

I've updated the documentation

from trufflehog.

Though the code has some AWS access and secret key in the code, the output gives only this output, which is coming from the find_entropy method in truffleHog.py file.

I after getting the output from the find_entropy method the code should check whether that is matching to the security key regex or not. Otherwise, we will get a lot of false positive outputs like this.

from trufflehog.

This solution worked and now I am not getting any output.

Is there any way to check the current changes in code locally? Or truffleHog only checks the previous commits?

from trufflehog.

You need to commit your code to git for trufflehog to scan it. Trufflehog exclusively scans commits, it won't check your local file system.

from trufflehog.

I created custom regex for JWT and stored in json format, executed with
sudo trufflehog --regex --entropy=False --max_depth=5 --rules pat.json https://github.com/REDACT.git

but i have an error showing something like this ....
`Traceback (most recent call last):
File "/opt/homebrew/lib/python3.9/site-packages/truffleHog/truffleHog.py", line 60, in main
rules = json.loads(ruleFile.read())
File "/opt/homebrew/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/opt/homebrew/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/opt/homebrew/Cellar/[email protected]/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Invalid \escape: line 2 column 41 (char 42)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/homebrew/bin/trufflehog", line 8, in
sys.exit(main())
File "/opt/homebrew/lib/python3.9/site-packages/truffleHog/truffleHog.py", line 64, in main
raise("Error reading rules file")
TypeError: exceptions must derive from BaseException`

can someone help me with this..!!

from trufflehog.