Merge branch 'master' into gosecMapperRework

mitre · Jul 30, 2024 · 555f1e5 · 555f1e5
2 parents f11b42e + 7650fcc
commit 555f1e5
Show file tree

Hide file tree

Showing 24 changed files with 6,002 additions and 28 deletions.
diff --git a/apps/backend/package.json b/apps/backend/package.json
@@ -64,7 +64,7 @@
     "@types/js-levenshtein": "^1.1.0",
     "@types/ms": "^0.7.31",
     "@types/multer": "^1.4.5",
-    "@types/node": "^20.1.0",
+    "@types/node": "^22.0.0",
     "@types/passport-github": "^1.1.5",
     "@types/passport-jwt": "^4.0.0",
     "@types/passport-local": "^1.0.33",

diff --git a/apps/frontend/package.json b/apps/frontend/package.json
@@ -44,7 +44,7 @@
     "@types/lru-cache": "^7.10.10",
     "@types/luxon": "^3.3.1",
     "@types/mustache": "^4.1.1",
-    "@types/node": "^20.1.0",
+    "@types/node": "^22.0.0",
     "@types/prismjs": "^1.16.1",
     "@types/sanitize-html": "^2.3.1",
     "@types/triple-beam": "^1.3.2",

diff --git a/apps/frontend/src/components/global/upload_tabs/FileReader.vue b/apps/frontend/src/components/global/upload_tabs/FileReader.vue
@@ -47,6 +47,7 @@
                   <li>Scoutsuite</li>
                   <li>Snyk</li>
                   <li>Tenable (API)</li>
+                  <li>Trufflehog</li>
                   <li>Twistlock</li>
                   <li>Veracode</li>
                   <li>XCCDF Results (native OpenSCAP and SCC outputs)</li>

diff --git a/apps/frontend/src/store/report_intake.ts b/apps/frontend/src/store/report_intake.ts
@@ -25,6 +25,7 @@ import {
   SarifMapper,
   ScoutsuiteMapper,
   SnykResults,
+  TrufflehogResults,
   TwistlockResults,
   VeracodeMapper,
   XCCDFResultsMapper,
@@ -270,7 +271,9 @@ export class InspecIntake extends VuexModule {
       case INPUT_TYPES.CHECKLIST:
         return new ChecklistResults(convertOptions.data).toHdf();
       case INPUT_TYPES.GOSEC:
-        return new GosecMapper(convertOptions.data).toHdf();
+        return new GoSecMapper(convertOptions.data).toHdf();
+      case INPUT_TYPES.TRUFFLEHOG:
+        return new TrufflehogResults(convertOptions.data).toHdf();
       default:
         return SnackbarModule.failure(
           `Invalid file uploaded (${filename}), no fingerprints matched.`

diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md
@@ -25,10 +25,11 @@ OHDF Converters supplies several methods to convert various types of security to
 18. [**snyk-mapper**] - Snyk results JSON file
 19. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
 20. [**splunk-mapper**] - Splunk instance
-21. [**twistlock-mapper**] - Twistlock CLI output file
-22. [**veracode-mapper**] - Veracode Scan Results XML file
-23. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
-24. [**zap-mapper**] - OWASP ZAP results JSON
+21. [**trufflehog-mapper**] - Trufflehog results json file 
+22. [**twistlock-mapper**] - Twistlock CLI output file
+23. [**veracode-mapper**] - Veracode Scan Results XML file
+24. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
+25. [**zap-mapper**] - OWASP ZAP results JSON
 
 ### NOTICE
 

diff --git a/libs/hdf-converters/index.ts b/libs/hdf-converters/index.ts
@@ -33,6 +33,7 @@ export * from './src/scoutsuite-mapper';
 export * from './src/snyk-mapper';
 export * from './src/sonarqube-mapper';
 export * from './src/splunk-mapper';
+export * from './src/trufflehog-mapper';
 export * from './src/twistlock-mapper';
 export * from './src/utils/attestations';
 export * from './src/utils/compliance';

diff --git a/libs/hdf-converters/package.json b/libs/hdf-converters/package.json
@@ -65,7 +65,7 @@
   "devDependencies": {
     "@types/jest": "^27.0.0",
     "@types/lodash": "^4.14.161",
-    "@types/node": "^20.1.0",
+    "@types/node": "^22.0.0",
     "jest": "^27.0.6",
     "quicktype": "^15.0.260",
     "ts-jest": "^29.1.0",

diff --git a/...verters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog-report-example.json b/...verters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog-report-example.json
@@ -0,0 +1,32 @@
+{
+    "SourceMetadata": {
+        "Data": {
+            "Git": {
+                "commit": "0416560b1330d8ac42045813251d85c688717eaf",
+                "file": "new_key",
+                "email": "counter \u003c[email protected]\u003e",
+                "repository": "https://github.com/trufflesecurity/test_keys",
+                "timestamp": "2023-10-19 02:56:37 +0000",
+                "line": 2
+            }
+        }
+    },
+    "SourceID": 1,
+    "SourceType": 16,
+    "SourceName": "trufflehog - git",
+    "DetectorType": 2,
+    "DetectorName": "AWS",
+    "DecoderName": "PLAIN",
+    "Verified": true,
+    "Raw": "AKIAQYLPMN5HHHFPZAM2",
+    "RawV2": "AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU",
+    "Redacted": "AKIAQYLPMN5HHHFPZAM2",
+    "ExtraData": {
+        "account": "052310077262",
+        "arn": "arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope",
+        "is_canary": "true",
+        "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries",
+        "resource_type": "Access key"
+    },
+    "StructuredData": null
+}
diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog.json
@@ -0,0 +1,92 @@
+[
+    {
+        "SourceMetadata": {
+            "Data": {
+                "Git": {
+                    "commit": "0416560b1330d8ac42045813251d85c688717eaf",
+                    "file": "new_key",
+                    "email": "counter \u003c[email protected]\u003e",
+                    "repository": "https://github.com/trufflesecurity/test_keys",
+                    "timestamp": "2023-10-19 02:56:37 +0000",
+                    "line": 2
+                }
+            }
+        },
+        "SourceID": 1,
+        "SourceType": 16,
+        "SourceName": "trufflehog - git",
+        "DetectorType": 2,
+        "DetectorName": "AWS",
+        "DecoderName": "PLAIN",
+        "Verified": true,
+        "Raw": "AKIAQYLPMN5HHHFPZAM2",
+        "RawV2": "AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU",
+        "Redacted": "AKIAQYLPMN5HHHFPZAM2",
+        "ExtraData": {
+            "account": "052310077262",
+            "arn": "arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope",
+            "is_canary": "true",
+            "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries",
+            "resource_type": "Access key"
+        },
+        "StructuredData": null
+    },
+    {
+        "SourceMetadata": {
+            "Data": {
+                "Git": {
+                    "commit": "fbc14303ffbf8fb1c2c1914e8dda7d0121633aca",
+                    "file": "keys",
+                    "email": "counter \u003c[email protected]\u003e",
+                    "repository": "https://github.com/trufflesecurity/test_keys",
+                    "timestamp": "2022-06-16 17:17:40 +0000",
+                    "line": 4
+                }
+            }
+        },
+        "SourceID": 1,
+        "SourceType": 16,
+        "SourceName": "trufflehog - git",
+        "DetectorType": 2,
+        "DetectorName": "AWS",
+        "DecoderName": "PLAIN",
+        "Verified": true,
+        "Raw": "AKIAYVP4CIPPERUVIFXG",
+        "RawV2": "AKIAYVP4CIPPERUVIFXGZt2U1h267eViPnuSA+JO5ABhiu4T7XUMSZ+Y2Oth",
+        "Redacted": "AKIAYVP4CIPPERUVIFXG",
+        "ExtraData": {
+            "account": "595918472158",
+            "arn": "arn:aws:iam::595918472158:user/canarytokens.com@@mirux23ppyky6hx3l6vclmhnj",
+            "is_canary": "true",
+            "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries",
+            "resource_type": "Access key"
+        },
+        "StructuredData": null
+    },
+    {
+        "SourceMetadata": {
+            "Data": {
+                "Git": {
+                    "commit": "77b2a3e56973785a52ba4ae4b8dac61d4bac016f",
+                    "file": "keys",
+                    "email": "counter \u003c[email protected]\u003e",
+                    "repository": "https://github.com/trufflesecurity/test_keys",
+                    "timestamp": "2022-06-16 17:27:56 +0000",
+                    "line": 3
+                }
+            }
+        },
+        "SourceID": 1,
+        "SourceType": 16,
+        "SourceName": "trufflehog - git",
+        "DetectorType": 17,
+        "DetectorName": "URI",
+        "DecoderName": "PLAIN",
+        "Verified": true,
+        "Raw": "https://admin:[email protected]",
+        "RawV2": "https://admin:[email protected]/basic_auth",
+        "Redacted": "https://admin:********@the-internet.herokuapp.com",
+        "ExtraData": null,
+        "StructuredData": null
+    }
+]