Added benchmark support for gitleaks, added secret coverage %

mmg1 · Nov 15, 2019 · e71b253 · e71b253
1 parent e491914
commit e71b253
Showing 1 changed file with 39 additions and 15 deletions.
diff --git a/.leaky-meta/benchmark.py b/.leaky-meta/benchmark.py
@@ -38,6 +38,22 @@ def get_secret_count_detectsecrets():
 
     return cmd, finds
 
+def get_secret_count_gitleaks():
+    finds = {}
+    cmd = ['gitleaks', '--report=.leaky-meta/gitleaks.json', '--repo-path', '.']
+    stdout, stderr = get_command_stdout(cmd)
+    with open('gitleaks.json') as f:
+        data = json.load(f)
+    for obj in  data:
+        filename = obj.get('file')
+        if not filename in finds:
+            finds[filename] = 0
+        finds[filename] += 1
+
+    # Clean up
+    os.remove('gitleaks.json')
+    return cmd, finds
+
 def get_secret_count_trufflehog():
     finds = {}
     trufflehog_cmd = ['trufflehog', '--json', '--regex', '.']
@@ -58,25 +74,25 @@ def build_markdown_rows(secrets_function, expected_counts):
         name = row[0]
         expected = row[1] + row[2]
         if not name in secrets:
-            dat[name] = {"name": name, "found": 0, "expected": expected, "false_positives" :0 }
+            dat[name] = {'name': name, 'found': 0, 'expected': expected, 'false_positives' :0 }
             continue
 
         found = secrets[name]
         # If found > expected, we have false positives. This will be negative or zero of there's no false positives.
         false_positives = found - expected
         # This will be zero or positive.
         false_positives = max(false_positives, 0)
-        dat[name] = {"name": name, "found": found, "expected": expected, "false_positives" :false_positives }
+        dat[name] = {'name': name, 'found': found, 'expected': expected, 'false_positives' :false_positives }
     return cmd, dat
 
 def build_table_header(filename_cols):
-    template = "File Name{}|  Found/Total   | False Positives |\n{}|----------------|-----------------|\n"
-    # 9 = len("File Name")
-    return template.format(" " * (filename_cols - 9), "-" * filename_cols)
+    template = 'File Name{}|  Found/Total   | False Positives |\n{}|----------------|-----------------|\n'
+    # 9 = len('File Name')
+    return template.format(' ' * (filename_cols - 9), '-' * filename_cols)
 
 def build_md_table(secrets_function):
     # {name}{padding}| {found}/{total} |{false positives}
-    print_template = "{}{}| {}/{} | {}\n"
+    print_template = '{}{}| {}/{} | {}\n'
 
     expected_counts = [x for x in get_secret_counts()]
     # Get the max length of a filename, so we can put a column seperator after it
@@ -99,7 +115,7 @@ def build_md_table(secrets_function):
 
         # Determine right padding for name column
         right_padding = sep_col - len(name)
-        right_padding_str = (" " * right_padding)
+        right_padding_str = (' ' * right_padding)
 
         # For metrics we exclude false positives.
         total_finds += found - false_positives
@@ -115,7 +131,7 @@ def build_md(secrets_function, tool_url):
     header_fmt = 'Tool: {}  ' \
                  '\nCommand Used: `{}`  ' \
                  '\nFiles covered: {}/{} ({}% coverage)  ' \
-                 '\nTotal finds: {}/{}  ' \
+                 '\nTotal finds: {}/{} ({}% coverage)  ' \
                  '\nFalse Positives: {}  ' \
                  '\n\n{}'
 
@@ -126,18 +142,26 @@ def build_md(secrets_function, tool_url):
 
     # Get a % coverage value
     file_coverage = (files_covered / total_files) * 100
+
+    find_coverage = (total_finds / total_expected) * 100
+
     # Sanity!
     file_coverage = round(file_coverage, 2)
+    find_coverage = round(find_coverage, 2)
     out = header_fmt.format(tool_url, cmd,
-                           files_covered, total_files, file_coverage,
-                           total_finds, total_expected, false_positives, table)
+                           files_covered, total_files, file_coverage, 
+                           total_finds, total_expected, find_coverage,
+                           false_positives, table)
     return out
 
-if __name__ == "__main__":
-    detect_secrets = build_md(get_secret_count_detectsecrets, "https://github.com/Yelp/detect-secrets")
-    truffle_hog = build_md(get_secret_count_trufflehog, "https://github.com/dxa4481/truffleHog")
-    with open('benchmarking' + os.path.sep + "TRUFFLEHOG.md", 'w+') as f:
+if __name__ == '__main__':
+    detect_secrets = build_md(get_secret_count_detectsecrets, 'https://github.com/Yelp/detect-secrets')
+    truffle_hog = build_md(get_secret_count_trufflehog, 'https://github.com/dxa4481/truffleHog')
+    gitleaks = build_md(get_secret_count_gitleaks, 'https://github.com/zricethezav/gitleaks')
+    with open('benchmarking' + os.path.sep + 'TRUFFLEHOG.md', 'w+') as f:
         f.write(truffle_hog)
-    with open('benchmarking' + os.path.sep + "DETECT-SECRETS.md", 'w+') as f:
+    with open('benchmarking' + os.path.sep + 'DETECT-SECRETS.md', 'w+') as f:
         f.write(detect_secrets)
+    with open('benchmarking' + os.path.sep + 'GITLEAKS.md', 'w+') as f:
+        f.write(gitleaks)