Tags: #go #security
// WARNING: There are regexes in trufflehog that try to match the VALUE.
// So for example, setting `AWS_SECRET_ACCESS_KEY` by itself doesn't get identified.
// Only if the VALUE assigned to it matches the expected regex pattern defined in trufflehog.
package main
import (
"fmt"
"log"
"runtime"
"sync"
// go get github.com/trufflesecurity/trufflehog/v3@latest
"github.com/trufflesecurity/trufflehog/v3/pkg/context"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
"github.com/trufflesecurity/trufflehog/v3/pkg/output"
"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
)
func main() {
ctx := context.Background()
printer := new(output.JSONPrinter)
// NOTE: To prevent a log output we have to explicitly set the concurrency.
e, err := engine.Start(ctx,
engine.WithPrinter(printer),
engine.WithConcurrency(uint8(runtime.NumCPU())),
)
if err != nil {
log.Fatal(err)
}
cfg := sources.FilesystemConfig{
Paths: []string{"./fastly.toml"},
}
if err = e.ScanFileSystem(ctx, cfg); err != nil {
log.Fatal(err)
}
var (
mu sync.Mutex
results []detectors.ResultWithMetadata
)
go func() {
for result := range e.ResultsChan() {
mu.Lock()
results = append(results, result)
mu.Unlock()
}
}()
err = e.Finish(ctx)
if err != nil {
log.Fatal(err)
}
fmt.Println("HasFoundResults:", e.HasFoundResults())
fmt.Println(e.GetMetrics().BytesScanned)
fmt.Println(e.GetMetrics().ChunksScanned)
fmt.Println(e.GetMetrics().UnverifiedSecretsFound)
fmt.Println(e.GetMetrics().VerifiedSecretsFound)
for _, r := range results {
fmt.Printf("REDACT ME: %#v\n", r.Redacted)
}
}