Skip to content

Commit

Permalink
Merge pull request #1687 from domwhewell-sage/enhance_trufflehog_output
Browse files Browse the repository at this point in the history
Added RawV2 to trufflehog output
  • Loading branch information
TheTechromancer authored Aug 21, 2024
2 parents ec66fb5 + c1415cc commit 1e04373
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 8 deletions.
25 changes: 19 additions & 6 deletions bbot/modules/trufflehog.py
Original file line number Diff line number Diff line change
Expand Up @@ -90,17 +90,25 @@ async def handle_event(self, event):
host = event.host
else:
host = str(event.parent.host)
async for decoder_name, detector_name, raw_result, verified, source_metadata in self.execute_trufflehog(
module, path
):
async for (
decoder_name,
detector_name,
raw_result,
rawv2_result,
verified,
source_metadata,
) in self.execute_trufflehog(module, path):
if verified:
data = {
"severity": "High",
"description": f"Verified Secret Found. Detector Type: [{detector_name}] Decoder Type: [{decoder_name}] Secret: [{raw_result}] Details: [{source_metadata}]",
"description": f"Verified Secret Found. Detector Type: [{detector_name}] Decoder Type: [{decoder_name}] Details: [{source_metadata}]",
"host": host,
}
if description:
data["description"] += f" Description: [{description}]"
data["description"] += f" Raw result: [{raw_result}]"
if rawv2_result:
data["description"] += f" RawV2 result: [{rawv2_result}]"
await self.emit_event(
data,
"VULNERABILITY",
Expand All @@ -109,11 +117,14 @@ async def handle_event(self, event):
)
else:
data = {
"description": f"Potential Secret Found. Detector Type: [{detector_name}] Decoder Type: [{decoder_name}] Secret: [{raw_result}] Details: [{source_metadata}]",
"description": f"Potential Secret Found. Detector Type: [{detector_name}] Decoder Type: [{decoder_name}] Details: [{source_metadata}]",
"host": host,
}
if description:
data["description"] += f" Description: [{description}]"
data["description"] += f" Raw result: [{raw_result}]"
if rawv2_result:
data["description"] += f" RawV2 result: [{rawv2_result}]"
await self.emit_event(
data,
"FINDING",
Expand Down Expand Up @@ -162,11 +173,13 @@ async def execute_trufflehog(self, module, path):

raw_result = j.get("Raw", "")

rawv2_result = j.get("RawV2", "")

verified = j.get("Verified", False)

source_metadata = j.get("SourceMetadata", {})

yield (decoder_name, detector_name, raw_result, verified, source_metadata)
yield (decoder_name, detector_name, raw_result, rawv2_result, verified, source_metadata)
finally:
stats_file.unlink()

Expand Down
5 changes: 3 additions & 2 deletions bbot/test/test_step_2/module_tests/test_module_trufflehog.py
Original file line number Diff line number Diff line change
Expand Up @@ -851,7 +851,8 @@ def check(self, module_test, events):
if e.type == "VULNERABILITY"
and (e.data["host"] == "hub.docker.com" or e.data["host"] == "github.com")
and "Verified Secret Found." in e.data["description"]
and "Secret: [https://admin:[email protected]]" in e.data["description"]
and "Raw result: [https://admin:[email protected]]" in e.data["description"]
and "RawV2 result: [https://admin:[email protected]/basic_auth]" in e.data["description"]
]
assert 3 == len(vuln_events), "Failed to find secret in events"
github_repo_event = [e for e in vuln_events if "test_keys" in e.data["description"]][0].parent
Expand Down Expand Up @@ -898,7 +899,7 @@ def check(self, module_test, events):
if e.type == e.type == "FINDING"
and (e.data["host"] == "hub.docker.com" or e.data["host"] == "github.com")
and "Potential Secret Found." in e.data["description"]
and "Secret: [https://admin:[email protected]]" in e.data["description"]
and "Raw result: [https://admin:[email protected]]" in e.data["description"]
]
assert 3 == len(finding_events), "Failed to find secret in events"
github_repo_event = [e for e in finding_events if "test_keys" in e.data["description"]][0].parent
Expand Down

0 comments on commit 1e04373

Please sign in to comment.