From d72855e64717f905846d126e4d627d7161784e68 Mon Sep 17 00:00:00 2001
From: RENAUDIN BRIEUC <brieuc.renaudin@backmarket.com>
Date: Mon, 6 May 2024 11:38:23 +0200
Subject: [PATCH] feat(trufflehog_v3): add link field and deduplicate issues
 based on it

---
 dojo/settings/settings.dist.py   | 3 ++-
 dojo/tools/trufflehog3/parser.py | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
index 611bad2b65d..2ea7677b92d 100644
--- a/dojo/settings/settings.dist.py
+++ b/dojo/settings/settings.dist.py
@@ -1242,6 +1242,7 @@ def saml2_attrib_map_format(dict):
     'kube-bench Scan': ['title', 'vuln_id_from_tool', 'description'],
     'Threagile risks report': ['title', 'cwe', "severity"],
     'Trufflehog Scan': ['title', 'description', 'line'],
+    'Trufflehog3 Scan': ['url', 'component_name'],
     'Humble Json Importer': ['title'],
     'MSDefender Parser': ['title', 'description'],
     'HCLAppScan XML': ['title', 'description'],
@@ -1319,7 +1320,7 @@ def saml2_attrib_map_format(dict):
 # List of fields that are known to be usable in hash_code computation)
 # 'endpoints' is a pseudo field that uses the endpoints (for dynamic scanners)
 # 'unique_id_from_tool' is often not needed here as it can be used directly in the dedupe algorithm, but it's also possible to use it for hashing
-HASHCODE_ALLOWED_FIELDS = ['title', 'cwe', 'vulnerability_ids', 'line', 'file_path', 'payload', 'component_name', 'component_version', 'description', 'endpoints', 'unique_id_from_tool', 'severity', 'vuln_id_from_tool', 'mitigation']
+HASHCODE_ALLOWED_FIELDS = ['title', 'cwe', 'vulnerability_ids', 'line', 'file_path', 'payload', 'component_name', 'component_version', 'description', 'endpoints', 'unique_id_from_tool', 'severity', 'vuln_id_from_tool', 'mitigation','url']
 
 # Adding fields to the hash_code calculation regardless of the previous settings
 HASH_CODE_FIELDS_ALWAYS = ['service']
diff --git a/dojo/tools/trufflehog3/parser.py b/dojo/tools/trufflehog3/parser.py
index 3302af93c83..f980712f717 100644
--- a/dojo/tools/trufflehog3/parser.py
+++ b/dojo/tools/trufflehog3/parser.py
@@ -113,6 +113,7 @@ def get_finding_current(self, json_data, test, dupes):
         # author = json_data.get('author')
         commit = json_data.get("commit")
         date = json_data.get("date")
+        link = json_data.get("link", "")
 
         title = f"{message} found in {file}"
 
@@ -165,5 +166,6 @@ def get_finding_current(self, json_data, test, dupes):
                 dynamic_finding=False,
                 static_finding=True,
                 nb_occurences=1,
+                url=link
             )
             dupes[dupe_key] = finding