trufflehog/main.go

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	_ "net/http/pprof"
	"os"
	"runtime"
	"strconv"
	"time"

	"github.com/felixge/fgprof"

	"github.com/gorilla/mux"
	"github.com/sirupsen/logrus"
	"gopkg.in/alecthomas/kingpin.v2"

	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
	"github.com/trufflesecurity/trufflehog/v3/pkg/decoders"
	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
	"github.com/trufflesecurity/trufflehog/v3/pkg/output"
	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/git"
)

func main() {
	cli := kingpin.New("TruffleHog", "TruffleHog is a tool for finding credentials.")
	debug := cli.Flag("debug", "Run in debug mode").Bool()
	jsonOut := cli.Flag("json", "Output in JSON format.").Short('j').Bool()
	jsonLegacy := cli.Flag("json-legacy", "Use the pre-v3.0 JSON format. Only works with git, gitlab, and github sources.").Bool()
	concurrency := cli.Flag("concurrency", "Number of concurrent workers.").Default(strconv.Itoa(runtime.NumCPU())).Int()
	noVerification := cli.Flag("no-verification", "Don't verify the results.").Bool()
	onlyVerified := cli.Flag("only-verified", "Only output verified results.").Bool()
	// rules := cli.Flag("rules", "Path to file with custom rules.").String()
	printAvgDetectorTime := cli.Flag("print-avg-detector-time", "Print the average time spent on each detector.").Bool()

	gitScan := cli.Command("git", "Find credentials in git repositories.")
	gitScanURI := gitScan.Arg("uri", "Git repository URL. https:// or file:// schema expected.").Required().String()
	gitScanIncludePaths := gitScan.Flag("include_paths", "Path to file with newline separated regexes for files to include in scan.").Short('i').String()
	gitScanExcludePaths := gitScan.Flag("exclude_paths", "Path to file with newline separated regexes for files to exclude in scan.").Short('x').String()
	gitScanSinceCommit := gitScan.Flag("since_commit", "Commit to start scan from.").String()
	gitScanBranch := gitScan.Flag("branch", "Branch to scan.").String()
	gitScanMaxDepth := gitScan.Flag("max_depth", "Maximum depth of commits to scan.").Int()
	gitScan.Flag("allow", "No-op flag for backwards compat.").Bool()
	gitScan.Flag("entropy", "No-op flag for backwards compat.").Bool()
	gitScan.Flag("regex", "No-op flag for backwards compat.").Bool()

	githubScan := cli.Command("github", "Find credentials in GitHub repositories.")
	githubScanEndpoint := githubScan.Flag("endpoint", "GitHub endpoint.").Default("https://api.github.com").String()
	githubScanRepos := githubScan.Flag("repo", `GitHub repository to scan. You can repeat this flag. Example: "https://github.com/dustin-decker/secretsandstuff"`).Strings()
	githubScanOrgs := githubScan.Flag("org", `GitHub organization to scan. You can repeat this flag. Example: "trufflesecurity"`).Strings()
	githubScanToken := githubScan.Flag("token", "GitHub token.").String()
	githubIncludeForks := githubScan.Flag("include_forks", "Include forks in scan.").Bool()

	gitlabScan := cli.Command("gitlab", "Find credentials in GitLab repositories.")
	// TODO: Add more GitLab options
	gitlabScanEndpoint := gitlabScan.Flag("endpoint", "GitLab endpoint.").Default("https://gitlab.com").String()
	gitlabScanRepos := gitlabScan.Flag("repo", "GitLab repo url. You can repeat this flag. Leave empty to scan all repos accessible with provided credential. Example: https://gitlab.com/org/repo.git").Strings()
	gitlabScanToken := gitlabScan.Flag("token", "GitLab token.").Required().String()

	filesystemScan := cli.Command("filesystem", "Find credentials in a filesystem.")
	filesystemDirectories := filesystemScan.Flag("directory", "Path to directory to scan. You can repeat this flag.").Required().Strings()
	// TODO: Add more filesystem scan options. Currently only supports scanning a list of directories.
	// filesystemScanRecursive := filesystemScan.Flag("recursive", "Scan recursively.").Short('r').Bool()
	// filesystemScanIncludePaths := filesystemScan.Flag("include_paths", "Path to file with newline separated regexes for files to include in scan.").Short('i').String()
	// filesystemScanExcludePaths := filesystemScan.Flag("exclude_paths", "Path to file with newline separated regexes for files to exclude in scan.").Short('x').String()

	s3Scan := cli.Command("s3", "Find credentials in S3 buckets.")
	s3ScanKey := s3Scan.Flag("key", "S3 key used to authenticate.").String()
	s3ScanSecret := s3Scan.Flag("secret", "S3 secret used to authenticate.").String()
	s3ScanCloudEnv := s3Scan.Flag("cloud-environment", "Use IAM credentials in cloud environment.").Bool()
	s3ScanBuckets := s3Scan.Flag("bucket", "Name of S3 bucket to scan. You can repeat this flag.").Strings()
	cmd := kingpin.MustParse(cli.Parse(os.Args[1:]))

	// When setting a base commit, chunks must be scanned in order.
	if *gitScanSinceCommit != "" {
		*concurrency = 1
	}

	if *jsonOut {
		logrus.SetFormatter(&logrus.JSONFormatter{})
	}
	if *debug {
		logrus.SetLevel(logrus.DebugLevel)
	} else {
		logrus.SetLevel(logrus.InfoLevel)
	}

	if *debug {
		go func() {
			router := mux.NewRouter()
			router.PathPrefix("/debug/pprof").Handler(http.DefaultServeMux)
			router.PathPrefix("/debug/fgprof").Handler(fgprof.Handler())
			logrus.Info("starting pprof and fgprof server on :18066 /debug/pprof and /debug/fgprof")
			if err := http.ListenAndServe(":18066", router); err != nil {
				logrus.Error(err)
			}
		}()
	}

	ctx := context.TODO()
	e := engine.Start(ctx,
		engine.WithConcurrency(*concurrency),
		engine.WithDecoders(decoders.DefaultDecoders()...),
		engine.WithDetectors(!*noVerification, engine.DefaultDetectors()...),
	)

	filter, err := common.FilterFromFiles(*gitScanIncludePaths, *gitScanExcludePaths)
	if err != nil {
		logrus.WithError(err).Fatal("could not create filter")
	}

	var repoPath string
	switch cmd {
	case gitScan.FullCommand():
		var remote bool
		repoPath, remote, err = git.PrepareRepo(*gitScanURI)
		if err != nil || repoPath == "" {
			logrus.WithError(err).Fatal("error preparing git repo for scanning")
		}
		if remote {
			defer os.RemoveAll(repoPath)
		}
		err = e.ScanGit(ctx, repoPath, *gitScanBranch, *gitScanSinceCommit, *gitScanMaxDepth, filter)
		if err != nil {
			logrus.WithError(err).Fatal("Failed to scan git.")
		}
	case githubScan.FullCommand():
		if len(*githubScanOrgs) == 0 && len(*githubScanRepos) == 0 {
			log.Fatal("You must specify at least one organization or repository.")
		}
		err = e.ScanGitHub(ctx, *githubScanEndpoint, *githubScanRepos, *githubScanOrgs, *githubScanToken, *githubIncludeForks, filter, *concurrency)
		if err != nil {
			logrus.WithError(err).Fatal("Failed to scan git.")
		}
	case gitlabScan.FullCommand():
		err := e.ScanGitLab(ctx, *gitlabScanEndpoint, *gitlabScanToken, *gitlabScanRepos)
		if err != nil {
			logrus.WithError(err).Fatal("Failed to scan GitLab.")
		}
	case filesystemScan.FullCommand():
		err := e.ScanFileSystem(ctx, *filesystemDirectories)
		if err != nil {
			logrus.WithError(err).Fatal("Failed to scan filesystem")
		}
	case s3Scan.FullCommand():
		err := e.ScanS3(ctx, *s3ScanKey, *s3ScanSecret, *s3ScanCloudEnv, *s3ScanBuckets)
		if err != nil {
			logrus.WithError(err).Fatal("Failed to scan S3.")
		}
	}

	if !*jsonLegacy && !*jsonOut {
		fmt.Fprintf(os.Stderr, "🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷\n\n")
	}

	foundResults := false
	for r := range e.ResultsChan() {
		if *onlyVerified && !r.Verified {
			continue
		}
		foundResults = true

		switch {
		case *jsonLegacy:
			legacy := output.ConvertToLegacyJSON(&r, repoPath)
			out, err := json.Marshal(legacy)
			if err != nil {
				logrus.WithError(err).Fatal("could not marshal result")
			}
			fmt.Println(string(out))
		case *jsonOut:
			out, err := json.Marshal(r)
			if err != nil {
				logrus.WithError(err).Fatal("could not marshal result")
			}
			fmt.Println(string(out))
		default:
			output.PrintPlainOutput(&r)
		}
	}
	logrus.Debugf("scanned %d chunks", e.ChunksScanned())

	if *printAvgDetectorTime {
		printAverageDetectorTime(e)
	}

	if foundResults {
		os.Exit(1)
	}
}

func printAverageDetectorTime(e *engine.Engine) {
	fmt.Fprintln(os.Stderr, "Average detector time is the measurement of average time spent on each detector when results are returned.")
	for detectorName, durations := range e.DetectorAvgTime() {
		var total time.Duration
		for _, d := range durations {
			total += d
		}
		avgDuration := total / time.Duration(len(durations))
		fmt.Fprintf(os.Stderr, "%s: %s\n", detectorName, avgDuration)
	}
}
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`package main`

			`import (`
			`"context"`
			`"encoding/json"`
			`"fmt"`
			`"log"`
Record avg detector time 2022-02-07 18:29:06 +00:00			`"net/http"`
			`_ "net/http/pprof"`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`"os"`
			`"runtime"`
			`"strconv"`
Record avg detector time 2022-02-07 18:29:06 +00:00			`"time"`

			`"github.com/felixge/fgprof"`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00
Record avg detector time 2022-02-07 18:29:06 +00:00			`"github.com/gorilla/mux"`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`"github.com/sirupsen/logrus"`
improvements 2022-02-16 01:38:19 +00:00			`"gopkg.in/alecthomas/kingpin.v2"`
Integrate GitHub source 2022-01-20 00:13:59 +00:00
module v3 2022-02-10 18:54:33 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/common"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/decoders"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/engine"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/output"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/sources/git"`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`)`

			`func main() {`
			`cli := kingpin.New("TruffleHog", "TruffleHog is a tool for finding credentials.")`
			`debug := cli.Flag("debug", "Run in debug mode").Bool()`
Initial docs and release automation (#5) 2022-01-19 00:59:18 +00:00			`jsonOut := cli.Flag("json", "Output in JSON format.").Short('j').Bool()`
Add --json-legacy flag to make output match pre-v3.0 2022-01-20 00:48:37 +00:00			`jsonLegacy := cli.Flag("json-legacy", "Use the pre-v3.0 JSON format. Only works with git, gitlab, and github sources.").Bool()`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`concurrency := cli.Flag("concurrency", "Number of concurrent workers.").Default(strconv.Itoa(runtime.NumCPU())).Int()`
updates 2022-01-19 06:24:56 +00:00			`noVerification := cli.Flag("no-verification", "Don't verify the results.").Bool()`
only verified results 2022-01-27 04:38:31 +00:00			`onlyVerified := cli.Flag("only-verified", "Only output verified results.").Bool()`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`// rules := cli.Flag("rules", "Path to file with custom rules.").String()`
Record avg detector time 2022-02-07 18:29:06 +00:00			`printAvgDetectorTime := cli.Flag("print-avg-detector-time", "Print the average time spent on each detector.").Bool()`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00
			`gitScan := cli.Command("git", "Find credentials in git repositories.")`
			`gitScanURI := gitScan.Arg("uri", "Git repository URL. https:// or file:// schema expected.").Required().String()`
Include and exclude paths args for gitscan (#6) * include and exclude paths gitscan args Add support for include_paths and exclude_paths arguments when scanning git sources. * Improve variable name Co-authored-by: Bill Rich <hrich@Bills-MacBook-Pro.local> 2022-01-14 20:40:50 +00:00			`gitScanIncludePaths := gitScan.Flag("include_paths", "Path to file with newline separated regexes for files to include in scan.").Short('i').String()`
			`gitScanExcludePaths := gitScan.Flag("exclude_paths", "Path to file with newline separated regexes for files to exclude in scan.").Short('x').String()`
Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`gitScanSinceCommit := gitScan.Flag("since_commit", "Commit to start scan from.").String()`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`gitScanBranch := gitScan.Flag("branch", "Branch to scan.").String()`
Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`gitScanMaxDepth := gitScan.Flag("max_depth", "Maximum depth of commits to scan.").Int()`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`gitScan.Flag("allow", "No-op flag for backwards compat.").Bool()`
			`gitScan.Flag("entropy", "No-op flag for backwards compat.").Bool()`
			`gitScan.Flag("regex", "No-op flag for backwards compat.").Bool()`

			`githubScan := cli.Command("github", "Find credentials in GitHub repositories.")`
Integrate GitHub source 2022-01-20 00:13:59 +00:00			`githubScanEndpoint := githubScan.Flag("endpoint", "GitHub endpoint.").Default("https://api.github.com").String()`
			githubScanRepos := githubScan.Flag("repo", `GitHub repository to scan. You can repeat this flag. Example: "https://github.com/dustin-decker/secretsandstuff"`).Strings()
			githubScanOrgs := githubScan.Flag("org", `GitHub organization to scan. You can repeat this flag. Example: "trufflesecurity"`).Strings()
			`githubScanToken := githubScan.Flag("token", "GitHub token.").String()`
add include forks option (#37) 2022-02-04 17:52:48 +00:00			`githubIncludeForks := githubScan.Flag("include_forks", "Include forks in scan.").Bool()`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00
Add GitLab support to CLI (#78) * Add GitLab support to CLI * Update cli message Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2022-03-15 00:05:15 +00:00			`gitlabScan := cli.Command("gitlab", "Find credentials in GitLab repositories.")`
			`// TODO: Add more GitLab options`
			`gitlabScanEndpoint := gitlabScan.Flag("endpoint", "GitLab endpoint.").Default("https://gitlab.com").String()`
			`gitlabScanRepos := gitlabScan.Flag("repo", "GitLab repo url. You can repeat this flag. Leave empty to scan all repos accessible with provided credential. Example: https://gitlab.com/org/repo.git").Strings()`
			`gitlabScanToken := gitlabScan.Flag("token", "GitLab token.").Required().String()`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00
Add filesystem scan to CLI (#77) * Add filesystem scan to CLI * Fix linter errors * Update message Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2022-03-15 00:04:19 +00:00			`filesystemScan := cli.Command("filesystem", "Find credentials in a filesystem.")`
			`filesystemDirectories := filesystemScan.Flag("directory", "Path to directory to scan. You can repeat this flag.").Required().Strings()`
			`// TODO: Add more filesystem scan options. Currently only supports scanning a list of directories.`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`// filesystemScanRecursive := filesystemScan.Flag("recursive", "Scan recursively.").Short('r').Bool()`
			`// filesystemScanIncludePaths := filesystemScan.Flag("include_paths", "Path to file with newline separated regexes for files to include in scan.").Short('i').String()`
			`// filesystemScanExcludePaths := filesystemScan.Flag("exclude_paths", "Path to file with newline separated regexes for files to exclude in scan.").Short('x').String()`

Add s3 support to CLI (#76) * Add s3 support to CLI * Clean up comments Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2022-03-15 00:07:07 +00:00			`s3Scan := cli.Command("s3", "Find credentials in S3 buckets.")`
			`s3ScanKey := s3Scan.Flag("key", "S3 key used to authenticate.").String()`
			`s3ScanSecret := s3Scan.Flag("secret", "S3 secret used to authenticate.").String()`
			`s3ScanCloudEnv := s3Scan.Flag("cloud-environment", "Use IAM credentials in cloud environment.").Bool()`
			`s3ScanBuckets := s3Scan.Flag("bucket", "Name of S3 bucket to scan. You can repeat this flag.").Strings()`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`cmd := kingpin.MustParse(cli.Parse(os.Args[1:]))`

Add parent results to ignore list (#47) * Add parent results to ignore list * Force concurrency to 1 when base commit is set 2022-02-23 15:40:18 +00:00			`// When setting a base commit, chunks must be scanned in order.`
			`if *gitScanSinceCommit != "" {`
			`*concurrency = 1`
			`}`

Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`if *jsonOut {`
			`logrus.SetFormatter(&logrus.JSONFormatter{})`
			`}`
			`if *debug {`
			`logrus.SetLevel(logrus.DebugLevel)`
			`} else {`
			`logrus.SetLevel(logrus.InfoLevel)`
			`}`

add debug pprof server and metrics server 2022-02-04 03:07:39 +00:00			`if *debug {`
			`go func() {`
Record avg detector time 2022-02-07 18:29:06 +00:00			`router := mux.NewRouter()`
			`router.PathPrefix("/debug/pprof").Handler(http.DefaultServeMux)`
			`router.PathPrefix("/debug/fgprof").Handler(fgprof.Handler())`
module v3 2022-02-10 18:54:33 +00:00			`logrus.Info("starting pprof and fgprof server on :18066 /debug/pprof and /debug/fgprof")`
Record avg detector time 2022-02-07 18:29:06 +00:00			`if err := http.ListenAndServe(":18066", router); err != nil {`
module v3 2022-02-10 18:54:33 +00:00			`logrus.Error(err)`
Record avg detector time 2022-02-07 18:29:06 +00:00			`}`
add debug pprof server and metrics server 2022-02-04 03:07:39 +00:00			`}()`
			`}`

Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`ctx := context.TODO()`
			`e := engine.Start(ctx,`
			`engine.WithConcurrency(*concurrency),`
			`engine.WithDecoders(decoders.DefaultDecoders()...),`
updates 2022-01-19 06:24:56 +00:00			`engine.WithDetectors(!*noVerification, engine.DefaultDetectors()...),`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`)`

Include and exclude paths args for gitscan (#6) * include and exclude paths gitscan args Add support for include_paths and exclude_paths arguments when scanning git sources. * Improve variable name Co-authored-by: Bill Rich <hrich@Bills-MacBook-Pro.local> 2022-01-14 20:40:50 +00:00			`filter, err := common.FilterFromFiles(gitScanIncludePaths, gitScanExcludePaths)`
			`if err != nil {`
fix logging 2022-02-16 05:49:54 +00:00			`logrus.WithError(err).Fatal("could not create filter")`
Include and exclude paths args for gitscan (#6) * include and exclude paths gitscan args Add support for include_paths and exclude_paths arguments when scanning git sources. * Improve variable name Co-authored-by: Bill Rich <hrich@Bills-MacBook-Pro.local> 2022-01-14 20:40:50 +00:00			`}`

Add --json-legacy flag to make output match pre-v3.0 2022-01-20 00:48:37 +00:00			`var repoPath string`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`switch cmd {`
			`case gitScan.FullCommand():`
Add --json-legacy flag to make output match pre-v3.0 2022-01-20 00:48:37 +00:00			`var remote bool`
			`repoPath, remote, err = git.PrepareRepo(*gitScanURI)`
Support remote git repos using https (#9) Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-15 00:07:45 +00:00			`if err != nil \|\| repoPath == "" {`
			`logrus.WithError(err).Fatal("error preparing git repo for scanning")`
			`}`
			`if remote {`
			`defer os.RemoveAll(repoPath)`
			`}`
Resolve a ref as arg for --since_commit (#57) 2022-03-01 04:25:24 +00:00			`err = e.ScanGit(ctx, repoPath, gitScanBranch, gitScanSinceCommit, *gitScanMaxDepth, filter)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`if err != nil {`
			`logrus.WithError(err).Fatal("Failed to scan git.")`
			`}`
			`case githubScan.FullCommand():`
Integrate GitHub source 2022-01-20 00:13:59 +00:00			`if len(githubScanOrgs) == 0 && len(githubScanRepos) == 0 {`
			`log.Fatal("You must specify at least one organization or repository.")`
			`}`
add include forks option (#37) 2022-02-04 17:52:48 +00:00			`err = e.ScanGitHub(ctx, githubScanEndpoint, githubScanRepos, githubScanOrgs, githubScanToken, githubIncludeForks, filter, concurrency)`
Integrate GitHub source 2022-01-20 00:13:59 +00:00			`if err != nil {`
			`logrus.WithError(err).Fatal("Failed to scan git.")`
			`}`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`case gitlabScan.FullCommand():`
Add GitLab support to CLI (#78) * Add GitLab support to CLI * Update cli message Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2022-03-15 00:05:15 +00:00			`err := e.ScanGitLab(ctx, gitlabScanEndpoint, gitlabScanToken, *gitlabScanRepos)`
			`if err != nil {`
			`logrus.WithError(err).Fatal("Failed to scan GitLab.")`
			`}`
Integrate GitHub source 2022-01-20 00:13:59 +00:00			`case filesystemScan.FullCommand():`
Add filesystem scan to CLI (#77) * Add filesystem scan to CLI * Fix linter errors * Update message Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2022-03-15 00:04:19 +00:00			`err := e.ScanFileSystem(ctx, *filesystemDirectories)`
			`if err != nil {`
			`logrus.WithError(err).Fatal("Failed to scan filesystem")`
			`}`
Integrate GitHub source 2022-01-20 00:13:59 +00:00			`case s3Scan.FullCommand():`
Add s3 support to CLI (#76) * Add s3 support to CLI * Clean up comments Co-authored-by: Dustin Decker <dustin@trufflesec.com> 2022-03-15 00:07:07 +00:00			`err := e.ScanS3(ctx, s3ScanKey, s3ScanSecret, s3ScanCloudEnv, s3ScanBuckets)`
			`if err != nil {`
			`logrus.WithError(err).Fatal("Failed to scan S3.")`
			`}`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`

Add --json-legacy flag to make output match pre-v3.0 2022-01-20 00:48:37 +00:00			`if !jsonLegacy && !jsonOut {`
print banner to stderr 2022-02-08 17:12:41 +00:00			`fmt.Fprintf(os.Stderr, "🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷\n\n")`
Add --json-legacy flag to make output match pre-v3.0 2022-01-20 00:48:37 +00:00			`}`
Improve plain output 2022-01-20 17:43:37 +00:00
Fix linting and dogfood in CI 2022-03-01 04:38:13 +00:00			`foundResults := false`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`for r := range e.ResultsChan() {`
only verified results 2022-01-27 04:38:31 +00:00			`if *onlyVerified && !r.Verified {`
			`continue`
			`}`
Fix linting and dogfood in CI 2022-03-01 04:38:13 +00:00			`foundResults = true`
Improve plain output 2022-01-20 17:43:37 +00:00
Add --json-legacy flag to make output match pre-v3.0 2022-01-20 00:48:37 +00:00			`switch {`
			`case *jsonLegacy:`
			`legacy := output.ConvertToLegacyJSON(&r, repoPath)`
			`out, err := json.Marshal(legacy)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`if err != nil {`
			`logrus.WithError(err).Fatal("could not marshal result")`
			`}`
			`fmt.Println(string(out))`
Add --json-legacy flag to make output match pre-v3.0 2022-01-20 00:48:37 +00:00			`case *jsonOut:`
			`out, err := json.Marshal(r)`
			`if err != nil {`
			`logrus.WithError(err).Fatal("could not marshal result")`
			`}`
			`fmt.Println(string(out))`
			`default:`
improved plain output 2022-01-21 02:14:16 +00:00			`output.PrintPlainOutput(&r)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`
			`}`
improved plain output 2022-01-21 02:14:16 +00:00			`logrus.Debugf("scanned %d chunks", e.ChunksScanned())`
Record avg detector time 2022-02-07 18:29:06 +00:00
			`if *printAvgDetectorTime {`
			`printAverageDetectorTime(e)`
			`}`
Fix linting and dogfood in CI 2022-03-01 04:38:13 +00:00
			`if foundResults {`
			`os.Exit(1)`
			`}`
Record avg detector time 2022-02-07 18:29:06 +00:00			`}`

			`func printAverageDetectorTime(e *engine.Engine) {`
			`fmt.Fprintln(os.Stderr, "Average detector time is the measurement of average time spent on each detector when results are returned.")`
			`for detectorName, durations := range e.DetectorAvgTime() {`
			`var total time.Duration`
			`for _, d := range durations {`
			`total += d`
			`}`
			`avgDuration := total / time.Duration(len(durations))`
			`fmt.Fprintf(os.Stderr, "%s: %s\n", detectorName, avgDuration)`
			`}`
Add --json-legacy flag to make output match pre-v3.0 2022-01-20 00:48:37 +00:00			`}`