Skip to content

Commit

Permalink
feat(trufflehog_v3): add link field and deduplicate issues based on it
Browse files Browse the repository at this point in the history
  • Loading branch information
brieucR committed May 6, 2024
1 parent f2c3cf5 commit f2af82c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
3 changes: 2 additions & 1 deletion dojo/settings/settings.dist.py
Original file line number Diff line number Diff line change
Expand Up @@ -1242,6 +1242,7 @@ def saml2_attrib_map_format(dict):
'kube-bench Scan': ['title', 'vuln_id_from_tool', 'description'],
'Threagile risks report': ['title', 'cwe', "severity"],
'Trufflehog Scan': ['title', 'description', 'line'],
'Trufflehog3 Scan': ['url', 'component_name'],
'Humble Json Importer': ['title'],
'MSDefender Parser': ['title', 'description'],
'HCLAppScan XML': ['title', 'description'],
Expand Down Expand Up @@ -1319,7 +1320,7 @@ def saml2_attrib_map_format(dict):
# List of fields that are known to be usable in hash_code computation)
# 'endpoints' is a pseudo field that uses the endpoints (for dynamic scanners)
# 'unique_id_from_tool' is often not needed here as it can be used directly in the dedupe algorithm, but it's also possible to use it for hashing
HASHCODE_ALLOWED_FIELDS = ['title', 'cwe', 'vulnerability_ids', 'line', 'file_path', 'payload', 'component_name', 'component_version', 'description', 'endpoints', 'unique_id_from_tool', 'severity', 'vuln_id_from_tool', 'mitigation']
HASHCODE_ALLOWED_FIELDS = ['title', 'cwe', 'vulnerability_ids', 'line', 'file_path', 'payload', 'component_name', 'component_version', 'description', 'endpoints', 'unique_id_from_tool', 'severity', 'vuln_id_from_tool', 'mitigation', 'url']

# Adding fields to the hash_code calculation regardless of the previous settings
HASH_CODE_FIELDS_ALWAYS = ['service']
Expand Down
2 changes: 2 additions & 0 deletions dojo/tools/trufflehog3/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ def get_finding_current(self, json_data, test, dupes):
# author = json_data.get('author')
commit = json_data.get("commit")
date = json_data.get("date")
link = json_data.get("link", "")

title = f"{message} found in {file}"

Expand Down Expand Up @@ -165,5 +166,6 @@ def get_finding_current(self, json_data, test, dupes):
dynamic_finding=False,
static_finding=True,
nb_occurences=1,
url=link
)
dupes[dupe_key] = finding

0 comments on commit f2af82c

Please sign in to comment.