Support exclude regexes, excludewords, and entropy filters for custom…

… detectors (#3860) * Simple implementation of exclude regexes, stopwords, and entropy checks for customdetectors * better name * readme blurb and example * link
trufflesecurity · Jan 30, 2025 · 853e1e8 · 853e1e8
1 parent 9ecaf07
commit 853e1e8
Show file tree

Hide file tree

Showing 6 changed files with 1,639 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -656,6 +656,10 @@ TruffleHog will send a JSON POST request containing the regex matches to a
 configured webhook endpoint. If the endpoint responds with a `200 OK` response
 status code, the secret is considered verified.
 
+Custom Detectors support a few different filtering mechanisms: entropy, regex targeting the entire match, regex targeting the captured secret, 
+and excluded word lists checked against the secret (captured group if present, entire match if capture group is not present). Note that if
+your custom detector has multiple `regex` set (in this example `hogID`, and `hogToken`), then the filters get applied to each regex. [Here](examples/generic_with_filters.yml) is an example of a custom detector using these filters.
+
 **NB:** This feature is alpha and subject to change.
 
 ## Regex Detector Example
@@ -749,6 +753,8 @@ with HTTPServer(('', 8000), Verifier) as server:
         pass
 ```
 
+
+
 ## :mag: Analyze
 
 TruffleHog supports running a deeper analysis of a credential to view its permissions and the resources it has access to.