From 78b344d7b8c21359ce40923c12a2238329e488f8 Mon Sep 17 00:00:00 2001 From: Miccah Date: Fri, 1 Apr 2022 20:22:37 -0500 Subject: [PATCH] Add --include-members flag to scan all members of an organization (#118) * Add --member-repos flag to scan all members of an organization * Move flag to the githubScan sub-command Co-authored-by: Miccah Castorina --- main.go | 3 ++- pkg/engine/github.go | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index f7d563dfb..567422efb 100644 --- a/main.go +++ b/main.go @@ -53,6 +53,7 @@ func main() { githubScanOrgs := githubScan.Flag("org", `GitHub organization to scan. You can repeat this flag. Example: "trufflesecurity"`).Strings() githubScanToken := githubScan.Flag("token", "GitHub token.").String() githubIncludeForks := githubScan.Flag("include-forks", "Include forks in scan.").Bool() + githubIncludeMembers := githubScan.Flag("include-members", "Include organization member repositories in scan.").Bool() gitlabScan := cli.Command("gitlab", "Find credentials in GitLab repositories.") // TODO: Add more GitLab options @@ -138,7 +139,7 @@ func main() { if len(*githubScanOrgs) == 0 && len(*githubScanRepos) == 0 { log.Fatal("You must specify at least one organization or repository.") } - err = e.ScanGitHub(ctx, *githubScanEndpoint, *githubScanRepos, *githubScanOrgs, *githubScanToken, *githubIncludeForks, filter, *concurrency) + err = e.ScanGitHub(ctx, *githubScanEndpoint, *githubScanRepos, *githubScanOrgs, *githubScanToken, *githubIncludeForks, filter, *concurrency, *githubIncludeMembers) if err != nil { logrus.WithError(err).Fatal("Failed to scan git.") } diff --git a/pkg/engine/github.go b/pkg/engine/github.go index 4483d00f5..438c26b89 100644 --- a/pkg/engine/github.go +++ b/pkg/engine/github.go @@ -12,12 +12,13 @@ import ( "github.com/trufflesecurity/trufflehog/v3/pkg/sources/github" ) -func (e *Engine) ScanGitHub(ctx context.Context, endpoint string, repos, orgs []string, token string, includeForks bool, filter *common.Filter, concurrency int) error { +func (e *Engine) ScanGitHub(ctx context.Context, endpoint string, repos, orgs []string, token string, includeForks bool, filter *common.Filter, concurrency int, includeMembers bool) error { source := github.Source{} connection := sourcespb.GitHub{ Endpoint: endpoint, Organizations: orgs, Repositories: repos, + ScanUsers: includeMembers, } if len(token) > 0 { connection.Credential = &sourcespb.GitHub_Token{