fix(trufflehog): report the correct line numbers (#531)

Trufflehog can report wildly incorrect line numbers for secrets, and even report multiple incorrect issues for a given secret. This PR changes our trufflehog parser to scan the file for the secret and report the correct line number. As the trufflehog can report duplicates, we only output a lint issue once for a given secret. This is tested with `wrong_line_number.in.ts`, which trufflehog reports 4 issues on incorrect lines for 2 identical secrets. The parser finds these two secrets on their separate lines. This only fixes the issue for trufflehog filesystem - I'm not sure if this an issue in trufflehog git, and the files may be changed/deleted since the past.
trunk-io · Nov 9, 2023 · 091d31d · 091d31d
1 parent 419e8e3
commit 091d31d
Show file tree

Hide file tree

Showing 13 changed files with 681 additions and 14 deletions.
diff --git a/linters/actionlint/test_data/actionlint_v1.6.26_CUSTOM.check.shot b/linters/actionlint/test_data/actionlint_v1.6.26_CUSTOM.check.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing linter actionlint test CUSTOM 1`] = `
 {

diff --git a/linters/codespell/test_data/codespell_v2.2.6_basic.check.shot b/linters/codespell/test_data/codespell_v2.2.6_basic.check.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing linter codespell test basic 1`] = `
 {

diff --git a/linters/codespell/test_data/codespell_v2.2.6_dictionary.check.shot b/linters/codespell/test_data/codespell_v2.2.6_dictionary.check.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing linter codespell test dictionary 1`] = `
 {

diff --git a/linters/ktlint/test_data/ktlint_v1.0.0_basic.fmt.shot b/linters/ktlint/test_data/ktlint_v1.0.0_basic.fmt.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing formatter ktlint test basic 1`] = `
 "class MainActivity : AppCompatActivity() {

diff --git a/linters/ktlint/test_data/ktlint_v1.0.0_complex.fmt.shot b/linters/ktlint/test_data/ktlint_v1.0.0_complex.fmt.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing formatter ktlint test complex 1`] = `
 "class TestBaselineExtraErrorFile {

diff --git a/linters/ktlint/test_data/ktlint_v1.0.0_utf8.fmt.shot b/linters/ktlint/test_data/ktlint_v1.0.0_utf8.fmt.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing formatter ktlint test utf8 1`] = `
 "package demo

diff --git a/linters/mypy/test_data/mypy_v1.6.0_CUSTOM.check.shot b/linters/mypy/test_data/mypy_v1.6.0_CUSTOM.check.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing linter mypy test CUSTOM 1`] = `
 {

diff --git a/linters/remark-lint/test_data/remark_lint_v12.0.0_basic.check.shot b/linters/remark-lint/test_data/remark_lint_v12.0.0_basic.check.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing linter remark-lint test basic 1`] = `
 {

diff --git a/linters/remark-lint/test_data/remark_lint_v12.0.0_basic.fmt.shot b/linters/remark-lint/test_data/remark_lint_v12.0.0_basic.fmt.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing formatter remark-lint test basic 1`] = `
 "* this is a list item

diff --git a/linters/sourcery/test_data/sourcery_v1.10.1_basic.check.shot b/linters/sourcery/test_data/sourcery_v1.10.1_basic.check.shot
@@ -1,5 +1,4 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-// trunk-upgrade-validation:RELEASE
 
 exports[`Testing linter sourcery test basic 1`] = `
 {

diff --git a/linters/trufflehog/test_data/trufflehog_v3.59.0_wrong_line_number.check.shot b/linters/trufflehog/test_data/trufflehog_v3.59.0_wrong_line_number.check.shot
@@ -0,0 +1,41 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Testing linter trufflehog test wrong_line_number 1`] = `
+{
+  "issues": [
+    {
+      "code": "URI",
+      "file": "test_data/wrong_line_number.in.ts",
+      "isSecurity": true,
+      "level": "LEVEL_HIGH",
+      "line": "587",
+      "linter": "trufflehog",
+      "message": "Secret detected: https://admin:********@the-internet.herokuapp.com",
+      "targetType": "ALL",
+    },
+    {
+      "code": "URI",
+      "file": "test_data/wrong_line_number.in.ts",
+      "isSecurity": true,
+      "level": "LEVEL_HIGH",
+      "line": "592",
+      "linter": "trufflehog",
+      "message": "Secret detected: https://admin:********@the-internet.herokuapp.com",
+      "targetType": "ALL",
+    },
+  ],
+  "lintActions": [
+    {
+      "command": "lint",
+      "fileGroupName": "ALL",
+      "linter": "trufflehog",
+      "paths": [
+        "test_data/wrong_line_number.in.ts",
+      ],
+      "verb": "TRUNK_VERB_CHECK",
+    },
+  ],
+  "taskFailures": [],
+  "unformattedFiles": [],
+}
+`;