Coverage for src \ sec_report_kit \ parsers \ trufflehog.py: 100%
31 statements
« prev ^ index » next coverage.py v7.14.0, created at 2026-05-13 08:06 +0530
1from __future__ import annotations
3from sec_report_kit.models import Finding
4from sec_report_kit.services.normalize import normalize_severity
7def _extract_findings(data: dict | list) -> list[dict]:
8 if isinstance(data, list):
9 return [item for item in data if isinstance(item, dict)]
10 if isinstance(data, dict) and (
11 "DetectorName" in data
12 or "DetectorType" in data
13 or "SourceName" in data
14 ):
15 return [data]
16 if isinstance(data, dict) and isinstance(data.get("results"), list):
17 return [item for item in data["results"] if isinstance(item, dict)]
18 return []
21def _target(entry: dict) -> str:
22 source_meta = entry.get("SourceMetadata")
23 if isinstance(source_meta, dict):
24 data = source_meta.get("Data")
25 if isinstance(data, dict):
26 fs = data.get("Filesystem")
27 if isinstance(fs, dict) and fs.get("file"):
28 return str(fs["file"])
29 git = data.get("Git")
30 if isinstance(git, dict) and git.get("file"):
31 return str(git["file"])
32 return str(entry.get("SourceName") or "repository")
35def parse_trufflehog_json(data: dict | list) -> list[Finding]:
36 findings: list[Finding] = []
38 for entry in _extract_findings(data):
39 detector = str(entry.get("DetectorName") or entry.get("DetectorType") or "trufflehog-detector")
40 verified = bool(entry.get("Verified"))
41 severity = "HIGH" if verified else "MEDIUM"
43 findings.append(
44 Finding(
45 source_type="secret-scan",
46 target=_target(entry),
47 severity=normalize_severity(severity),
48 vulnerability_id=detector,
49 package=detector,
50 installed_version="-",
51 fixed_version="-",
52 title=f"Potential secret detected by {detector}",
53 primary_url="",
54 )
55 )
57 return findings