Trufflehog new (#537)

* Create truffleHogAllowRules.json

* Create trufflehog-exception.py

* Create exclude-patterns.txt

* Update .gitignore

* Create trufflehog-scan.yaml

* Update exclude-patterns.txt

* Update exclude-patterns.txt

---------

Co-authored-by: Pandurang Patil <[email protected]>

.github/workflows/trufflehog-scan.yaml

@@ -0,0 +1,47 @@
+name: TruffleHog Scan
+
+on:
+  push:
+    branches:
+      - trufflehog-new
+      - main
+      - dev
+  pull_request:
+    branches:
+      - main
+      - dev
+
+jobs:
+  trufflehog-scan:
+    runs-on: ubuntu-22.04
+    services:
+      docker:
+        image: docker:19.03.12
+        options: --privileged
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      - name: Set up Docker
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y docker-ce docker-ce-cli containerd.io
+
+      - name: TruffleHog scan
+        run: |
+          echo "Starting TruffleHog scan..."
+          docker run -v "$PWD:/pwd" -v $GITHUB_WORKSPACE:/privado ghcr.io/trufflesecurity/trufflehog:latest filesystem --directory /privado --exclude_paths /privado/trufflehog/exclude-patterns.txt > trufflehog_output.text
+          python3 $GITHUB_WORKSPACE/trufflehog/trufflehog-exception.py
+          echo "TruffleHog scan completed."
+          cat trufflehog_filtered_output.text
+          if grep -qE 'Found (unverified|verified) result' trufflehog_filtered_output.text; then
+            echo "TruffleHog found sensitive information. Failing the pipeline."
+            exit 1
+          else
+            echo "No sensitive information found."
+          fi

.gitignore

@@ -248,4 +248,6 @@ privado
 notes.md
 
 #Directory created by IDE
-workspace
+workspace
+
+trufflehog_filtered_output.text

trufflehog/exclude-patterns.txt

@@ -0,0 +1,6 @@
+^/privado/trufflehog_output.text
+^/privadot/rufflehog/exclude-patterns.txt
+^/privado/.git
+^/privado/trufflehog/truffleHogAllowRules.json
+^/privado/trufflehog_filtered_output.text
+^/privado/rules/

trufflehog/truffleHogAllowRules.json

@@ -0,0 +1,2 @@
+[
+]

trufflehog/trufflehog-exception.py

@@ -0,0 +1,41 @@
+import json
+
+# Load patterns from the JSON file
+with open("./trufflehog/truffleHogAllowRules.json", "r") as f:
+    patterns_list = json.load(f)
+
+# Compile the patterns into regex objects
+patterns = [re.compile(pattern) for pattern in patterns_list]
+
+# Function to determine if a block should be excluded
+def should_exclude(block):
+    for pattern in patterns:
+        if any(pattern.search(line) for line in block):
+            return True
+    return False
+
+# Read the input file
+with open("trufflehog_output.text", "r") as f:
+    lines = f.readlines()
+
+# Process the file and remove matching blocks
+output_lines = []
+current_block = []
+
+for line in lines:
+    if line.startswith("Found unverified result"):
+        if current_block and not should_exclude(current_block):
+            output_lines.extend(current_block)
+        current_block = [line]
+    else:
+        current_block.append(line)
+
+# Append the last block if it doesn't match the patterns
+if current_block and not should_exclude(current_block):
+    output_lines.extend(current_block)
+
+# Write the filtered output to a new file
+with open("trufflehog_filtered_output.text", "w") as f:
+    f.writelines(output_lines)
+
+print("Filtered output saved to trufflehog_filtered_output.text")