diff --git a/hack/docs/Adding_Detectors_external.md b/hack/docs/Adding_Detectors_external.md index 2a6475de968e..fc9bf42e05c2 100644 --- a/hack/docs/Adding_Detectors_external.md +++ b/hack/docs/Adding_Detectors_external.md @@ -80,7 +80,9 @@ There are two types of reasons that secret verification can fail: * The candidate secret is not actually a valid secret. * Something went wrong in the process unrelated to the candidate secret, such as a transient network error or an unexpected API response. -In Trufflehog parlance, the first type of verification response is called _determinate_ and the second type is called _indeterminate_. Verification code should distinguish between the two by returning an error object in the result struct **only** for indeterminate failures. In general, a verifier should return an error (indicating an indeterminate failure) in all cases that haven't been explicitly identified as determinate failure states. For example, consider a hypothetical authentication endpoint that returns `200 OK` for valid credentials and `403 Forbidden` for invalid credentials. The verifier for this endpoint could make an HTTP request to this endpoint and use the response status code to decide what to return: +In Trufflehog parlance, the first type of verification response is called _determinate_ and the second type is called _indeterminate_. Verification code should distinguish between the two by returning an error object in the result struct **only** for indeterminate failures. In general, a verifier should return an error (indicating an indeterminate failure) in all cases that haven't been explicitly identified as determinate failure states. + +For example, consider a hypothetical authentication endpoint that returns `200 OK` for valid credentials and `403 Forbidden` for invalid credentials. The verifier for this endpoint could make an HTTP request and use the response status code to decide what to return: * A `200` response would indicate that verification succeeded. (Or maybe any `2xx` response.) * A `403` response would indicate that verification failed **determinately** and no error object should be returned. * Any other response would indicate that verification failed **indeterminately** and an error object should be returned.