Add configuration parsing for custom detectors

trufflesecurity · Dec 14, 2022 · a159c70 · a159c70
1 parent 861ad05
commit a159c70
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 0 deletions.
diff --git a/main.go b/main.go
@@ -19,6 +19,7 @@ import (
 	"gopkg.in/alecthomas/kingpin.v2"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/config"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/decoders"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
@@ -41,6 +42,7 @@ var (
 	noVerification   = cli.Flag("no-verification", "Don't verify the results.").Bool()
 	onlyVerified     = cli.Flag("only-verified", "Only output verified results.").Bool()
 	filterUnverified = cli.Flag("filter-unverified", "Only output first unverified result per chunk per detector if there are more than one results.").Bool()
+	configFilename   = cli.Flag("config", "Path to configuration file.").String()
 	// rules = cli.Flag("rules", "Path to file with custom rules.").String()
 	printAvgDetectorTime = cli.Flag("print-avg-detector-time", "Print the average time spent on each detector.").Bool()
 	noUpdate             = cli.Flag("no-update", "Don't check for updates.").Bool()
@@ -181,10 +183,17 @@ func run(state overseer.State) {
 
 	defer func() { _ = sync() }()
 
+	conf, err := config.Read(*configFilename)
+	if err != nil {
+		logger.Error(err, "error parsing the provided configuration file")
+		os.Exit(1)
+	}
+
 	e := engine.Start(ctx,
 		engine.WithConcurrency(*concurrency),
 		engine.WithDecoders(decoders.DefaultDecoders()...),
 		engine.WithDetectors(!*noVerification, engine.DefaultDetectors()...),
+		engine.WithDetectors(!*noVerification, conf.Detectors...),
 		engine.WithFilterUnverified(*filterUnverified),
 	)
 

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -0,0 +1,48 @@
+package config
+
+import (
+	"os"
+
+	"github.com/trufflesecurity/trufflehog/v3/pkg/custom_detectors"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/custom_detectorspb"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/protoyaml"
+)
+
+// Config holds user supplied configuration.
+type Config struct {
+	Detectors []detectors.Detector
+}
+
+// Read parses a given filename into a Config.
+func Read(filename string) (*Config, error) {
+	if filename == "" {
+		return &Config{}, nil
+	}
+	input, err := os.ReadFile(filename)
+	if err != nil {
+		return nil, err
+	}
+	return NewYAML(input)
+}
+
+// NewYAML parses the given YAML data into a Config.
+func NewYAML(input []byte) (*Config, error) {
+	// Parse the raw YAML into a structure.
+	var messages custom_detectorspb.CustomDetectors
+	if err := protoyaml.UnmarshalStrict(input, &messages); err != nil {
+		return nil, err
+	}
+	// Convert the structured YAML into detectors.
+	var detectors []detectors.Detector
+	for _, detectorConfig := range messages.Detectors {
+		detector, err := custom_detectors.NewWebhookCustomRegex(detectorConfig)
+		if err != nil {
+			return nil, err
+		}
+		detectors = append(detectors, detector)
+	}
+	return &Config{
+		Detectors: detectors,
+	}, nil
+}