From 3fc1694e8ae7fe148288e9e0a0f3e47008fdd580 Mon Sep 17 00:00:00 2001
From: Benjamin Hipple <bhipple@protonmail.com>
Date: Sat, 12 May 2018 10:59:54 -0400
Subject: [PATCH] truffleHog: init at 2.0.91

This commit adds the python3 application truffleHog, which is a stand-alone tool
that scans a git repo for unencrypted passwords.

This depends on a newer GitPython, which depends on a new major version of
gitdb, which depends on a new major version of smmap, so I've packaged those
as well in the preceding commits.
---
 pkgs/tools/security/trufflehog/default.nix | 38 ++++++++++++++++++++++
 pkgs/top-level/all-packages.nix            |  2 ++
 2 files changed, 40 insertions(+)
 create mode 100644 pkgs/tools/security/trufflehog/default.nix

diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix
new file mode 100644
index 000000000000..f805670a5d5e
--- /dev/null
+++ b/pkgs/tools/security/trufflehog/default.nix
@@ -0,0 +1,38 @@
+{ lib, pythonPackages }:
+
+let
+  truffleHogRegexes = pythonPackages.buildPythonPackage rec {
+    pname = "truffleHogRegexes";
+    version = "0.0.4";
+    src = pythonPackages.fetchPypi {
+      inherit pname version;
+      sha256 = "09vrscbb4h4w01gmamlzghxx6cvrqdscylrbdcnbjsd05xl7zh4z";
+    };
+  };
+in
+  pythonPackages.buildPythonApplication rec {
+    pname = "truffleHog";
+    version = "2.0.91";
+
+    src = pythonPackages.fetchPypi {
+      inherit pname version;
+      sha256 = "0r4c9ihy6wjh5cwli7lb6cr2yfvxrh7r6cgznql1src5gzlnkymx";
+    };
+
+    # Relax overly restricted version constraint
+    postPatch = ''
+      substituteInPlace setup.py --replace "GitPython ==" "GitPython >= "
+    '';
+
+    propagatedBuildInputs = [ pythonPackages.GitPython truffleHogRegexes ];
+
+    # Test cases run git clone and require network access
+    doCheck = false;
+
+    meta = {
+      homepage = https://github.com/dxa4481/truffleHog;
+      description = "Searches through git repositories for high entropy strings and secrets, digging deep into commit history";
+      license = with lib.licenses; [ gpl2 ];
+      maintainers = with lib.maintainers; [ bhipple ];
+    };
+  }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 774f2becdd4d..90f9edcd9f11 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -21119,6 +21119,8 @@ with pkgs;
 
   tup = callPackage ../development/tools/build-managers/tup { };
 
+  trufflehog = callPackage ../tools/security/trufflehog { };
+
   tvheadend = callPackage ../servers/tvheadend { };
 
   ums = callPackage ../servers/ums { };