-
Notifications
You must be signed in to change notification settings - Fork 136
/
Copy pathconvert-rules.py
executable file
·62 lines (49 loc) · 1.79 KB
/
convert-rules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env python3
import sys
import json
import yaml
import argparse
def trufflehog_output(y):
output = {}
for i in y["patterns"]:
if i["pattern"]["confidence"] != "high":
continue
output.update({i["pattern"]["name"]: i["pattern"]["regex"]})
return json.dumps(output, indent=4, sort_keys=True)
def gitleaks_output(y):
s = 'title = "gitleaks config"'
for i in y["patterns"]:
if i["pattern"]["confidence"] != "high":
continue
s += f"""
[[rules]]
description = '''{i["pattern"]["name"]}'''
regex = '''{i["pattern"]["regex"]}'''
tags = ["secret"]
"""
return s
def main(arg):
f = open(arg.database_file, "r")
y = yaml.safe_load(f.read())
f.close()
output_string = ""
ext_string = ""
if arg.output_type == "trufflehog":
output_string = trufflehog_output(y)
ext_string = "json"
elif arg.output_type == "gitleaks":
output_string = gitleaks_output(y)
ext_string = "toml"
if arg.export_filename is not None:
f = open(f"{arg.export_filename}.{ext_string}", "w")
f.write(output_string)
f.close()
else:
print(output_string)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Convert yaml database file to rules for trufflehog or gitleaks')
parser.add_argument("--db", dest = "database_file", required = True, help = "The yaml database file")
parser.add_argument("--type", dest= "output_type", required = True, choices=['trufflehog', 'gitleaks'], help = "Supported output types: trufflehog, gitleaks")
parser.add_argument('--export', dest="export_filename", help = "Give filename, extension toml/json will be added")
args = parser.parse_args()
main(args)