Merge pull request #4 from trufflesecurity/analyzer-http-logging

added http logging to most analyzers

pkg/analyzer/analyzers/airbrake/airbrake.go

@@ -9,6 +9,8 @@ import (
 
 	"github.com/fatih/color"
 	"github.com/jedib0t/go-pretty/table"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config"
 )
 
 type ProjectsJSON struct {
@@ -19,12 +21,12 @@ type ProjectsJSON struct {
 }
 
 // validateKey checks if the key is valid and returns the projects associated with the key
-func validateKey(key string) (bool, ProjectsJSON, error) {
+func validateKey(cfg *config.Config, key string) (bool, ProjectsJSON, error) {
 	// create struct to hold response
 	var projects ProjectsJSON
 
 	// create http client
-	client := &http.Client{}
+	client := analyzers.NewAnalyzeClient(cfg)
 
 	// create request
 	req, err := http.NewRequest("GET", "https://api.airbrake.io/api/v4/projects", nil)
@@ -56,9 +58,9 @@ func validateKey(key string) (bool, ProjectsJSON, error) {
 	return false, projects, nil
 }
 
-func AnalyzePermissions(key string, showAll bool) {
+func AnalyzePermissions(cfg *config.Config, key string) {
 	// validate key
-	valid, projects, err := validateKey(key)
+	valid, projects, err := validateKey(cfg, key)
 	if err != nil {
 		color.Red("[x]" + err.Error())
 		return

pkg/analyzer/analyzers/analyzers.go

@@ -3,10 +3,14 @@ package analyzers
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
+	"os"
+	"time"
 
 	"github.com/fatih/color"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config"
 )
 
 type PermissionType string
@@ -113,3 +117,65 @@ var GreenWriter = color.New(color.FgGreen).SprintFunc()
 var YellowWriter = color.New(color.FgYellow).SprintFunc()
 var RedWriter = color.New(color.FgRed).SprintFunc()
 var DefaultWriter = color.New().SprintFunc()
+
+type AnalyzeClient struct {
+	http.Client
+	LoggingEnabled bool
+	LogFile        string
+}
+
+func CreateLogFileName(baseName string) string {
+	// Get the current time
+	currentTime := time.Now()
+
+	// Format the time as "2024_06_30_07_15_30"
+	timeString := currentTime.Format("2006_01_02_15_04_05")
+
+	// Create the log file name
+	logFileName := fmt.Sprintf("%s_%s.log", timeString, baseName)
+	return logFileName
+}
+
+func NewAnalyzeClient(cfg *config.Config) *http.Client {
+	if !cfg.LoggingEnabled {
+		return &http.Client{}
+	}
+	return &http.Client{
+		Transport: LoggingRoundTripper{
+			parent:  http.DefaultTransport,
+			logFile: cfg.LogFile,
+		},
+	}
+}
+
+type LoggingRoundTripper struct {
+	parent http.RoundTripper
+	// TODO: io.Writer
+	logFile string
+}
+
+func (r LoggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	startTime := time.Now()
+
+	resp, err := r.parent.RoundTrip(req)
+	if err != nil {
+		return resp, err
+	}
+
+	// TODO: JSON
+	logEntry := fmt.Sprintf("Date: %s, Method: %s, Path: %s, Status: %d\n", startTime.Format(time.RFC3339), req.Method, req.URL.Path, resp.StatusCode)
+
+	// Open log file in append mode.
+	file, err := os.OpenFile(r.logFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return resp, fmt.Errorf("failed to open log file: %w", err)
+	}
+	defer file.Close()
+
+	// Write log entry to file.
+	if _, err := file.WriteString(logEntry); err != nil {
+		return resp, fmt.Errorf("failed to write log entry to file: %w", err)
+	}
+
+	return resp, nil
+}

pkg/analyzer/analyzers/asana/asana.go

@@ -9,6 +9,8 @@ import (
 
 	"github.com/fatih/color"
 	"github.com/jedib0t/go-pretty/table"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config"
 )
 
 type MeJSON struct {
@@ -22,10 +24,10 @@ type MeJSON struct {
 	} `json:"data"`
 }
 
-func getMetadata(key string) (MeJSON, error) {
+func getMetadata(cfg *config.Config, key string) (MeJSON, error) {
 	var me MeJSON
 
-	client := &http.Client{}
+	client := analyzers.NewAnalyzeClient(cfg)
 	req, err := http.NewRequest("GET", "https://app.asana.com/api/1.0/users/me", nil)
 	if err != nil {
 		return me, err
@@ -50,8 +52,8 @@ func getMetadata(key string) (MeJSON, error) {
 	return me, nil
 }
 
-func AnalyzePermissions(key string, showAll bool) {
-	me, err := getMetadata(key)
+func AnalyzePermissions(cfg *config.Config, key string) {
+	me, err := getMetadata(cfg, key)
 	if err != nil {
 		color.Red("[x] ", err.Error())
 		return

pkg/analyzer/analyzers/bitbucket/bitbucket.go

@@ -9,6 +9,8 @@ import (
 
 	"github.com/fatih/color"
 	"github.com/jedib0t/go-pretty/table"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config"
 )
 
 type Repo struct {
@@ -31,10 +33,10 @@ type RepoJSON struct {
 	Values []Repo `json:"values"`
 }
 
-func getScopesAndType(key string) (string, string, error) {
+func getScopesAndType(cfg *config.Config, key string) (string, string, error) {
 
 	// client
-	client := &http.Client{}
+	client := analyzers.NewAnalyzeClient(cfg)
 
 	// request
 	req, err := http.NewRequest("GET", "https://api.bitbucket.org/2.0/repositories", nil)
@@ -59,11 +61,11 @@ func getScopesAndType(key string) (string, string, error) {
 	return credentialType, oauthScopes, nil
 }
 
-func getRepositories(key string, role string) (RepoJSON, error) {
+func getRepositories(cfg *config.Config, key string, role string) (RepoJSON, error) {
 	var repos RepoJSON
 
 	// client
-	client := &http.Client{}
+	client := analyzers.NewAnalyzeClient(cfg)
 
 	// request
 	req, err := http.NewRequest("GET", "https://api.bitbucket.org/2.0/repositories", nil)
@@ -96,12 +98,12 @@ func getRepositories(key string, role string) (RepoJSON, error) {
 	return repos, nil
 }
 
-func getAllRepos(key string) (map[string]Repo, error) {
+func getAllRepos(cfg *config.Config, key string) (map[string]Repo, error) {
 	roles := []string{"member", "contributor", "admin", "owner"}
 
 	var allRepos = make(map[string]Repo, 0)
 	for _, role := range roles {
-		repos, err := getRepositories(key, role)
+		repos, err := getRepositories(cfg, key, role)
 		if err != nil {
 			return allRepos, err
 		}
@@ -114,9 +116,9 @@ func getAllRepos(key string) (map[string]Repo, error) {
 	return allRepos, nil
 }
 
-func AnalyzePermissions(key string, showAll bool) {
+func AnalyzePermissions(cfg *config.Config, key string) {
 
-	credentialType, oauthScopes, err := getScopesAndType(key)
+	credentialType, oauthScopes, err := getScopesAndType(cfg, key)
 	if err != nil {
 		color.Red("Error: %s", err)
 		return
@@ -125,7 +127,7 @@ func AnalyzePermissions(key string, showAll bool) {
 
 	// get all repos available to user
 	// ToDo: pagination
-	repos, err := getAllRepos(key)
+	repos, err := getAllRepos(cfg, key)
 	if err != nil {
 		color.Red("Error: %s", err)
 		return

pkg/analyzer/analyzers/github/github.go

@@ -10,6 +10,7 @@ import (
 	"github.com/fatih/color"
 	gh "github.com/google/go-github/v59/github"
 	"github.com/jedib0t/go-pretty/v6/table"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config"
 )
 
 func getAllGistsForUser(client *gh.Client) ([]*gh.Gist, error) {
@@ -173,7 +174,14 @@ func checkFineGrained(resp *gh.Response, token string) (bool, error) {
 	return true, nil
 }
 
-func AnalyzePermissions(key string, show_all bool) {
+func AnalyzePermissions(cfg *config.Config, key string) {
+
+	// ToDo: Add logging for GitHub when rewrite to not use GH client.
+	if cfg.LoggingEnabled {
+		color.Red("[x] Logging not supported for GitHub Token Analysis.")
+		return
+	}
+
 	client := gh.NewClient(nil).WithAuthToken(key)
 
 	resp, err := getTokenMetadata(key, client)
@@ -188,9 +196,9 @@ func AnalyzePermissions(key string, show_all bool) {
 		return
 	} else if !fineGrained {
 		fmt.Print("\n\n")
-		analyzeClassicToken(client, key, show_all)
+		analyzeClassicToken(client, key, cfg.ShowAll)
 	} else {
 		fmt.Print("\n\n")
-		analyzeFineGrainedToken(client, key, show_all)
+		analyzeFineGrainedToken(client, key, cfg.ShowAll)
 	}
 }

pkg/analyzer/analyzers/gitlab/gitlab.go

@@ -11,6 +11,8 @@ import (
 
 	"github.com/fatih/color"
 	"github.com/jedib0t/go-pretty/table"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config"
 )
 
 // consider calling /api/v4/metadata to learn about gitlab instance version and whether neterrprises is enabled
@@ -45,10 +47,10 @@ type MetadataJSON struct {
 	Enterprise bool   `json:"enterprise"`
 }
 
-func getPersonalAccessToken(key string) (AcessTokenJSON, int, error) {
+func getPersonalAccessToken(cfg *config.Config, key string) (AcessTokenJSON, int, error) {
 	var tokens AcessTokenJSON
 
-	client := &http.Client{}
+	client := analyzers.NewAnalyzeClient(cfg)
 	req, err := http.NewRequest("GET", "https://gitlab.com/api/v4/personal_access_tokens/self", nil)
 	if err != nil {
 		color.Red("[x] Error: %s", err)
@@ -70,10 +72,10 @@ func getPersonalAccessToken(key string) (AcessTokenJSON, int, error) {
 	return tokens, resp.StatusCode, nil
 }
 
-func getAccessibleProjects(key string) ([]ProjectsJSON, error) {
+func getAccessibleProjects(cfg *config.Config, key string) ([]ProjectsJSON, error) {
 	var projects []ProjectsJSON
 
-	client := &http.Client{}
+	client := analyzers.NewAnalyzeClient(cfg)
 	req, err := http.NewRequest("GET", "https://gitlab.com/api/v4/projects", nil)
 	if err != nil {
 		color.Red("[x] Error: %s", err)
@@ -117,10 +119,10 @@ func getAccessibleProjects(key string) ([]ProjectsJSON, error) {
 	return projects, nil
 }
 
-func getMetadata(key string) (MetadataJSON, error) {
+func getMetadata(cfg *config.Config, key string) (MetadataJSON, error) {
 	var metadata MetadataJSON
 
-	client := &http.Client{}
+	client := analyzers.NewAnalyzeClient(cfg)
 	req, err := http.NewRequest("GET", "https://gitlab.com/api/v4/metadata", nil)
 	if err != nil {
 		color.Red("[x] Error: %s", err)
@@ -163,10 +165,10 @@ func getMetadata(key string) (MetadataJSON, error) {
 	return metadata, nil
 }
 
-func AnalyzePermissions(key string, showAll bool) {
+func AnalyzePermissions(cfg *config.Config, key string) {
 
 	// get personal_access_tokens accessible
-	token, statusCode, err := getPersonalAccessToken(key)
+	token, statusCode, err := getPersonalAccessToken(cfg, key)
 	if err != nil {
 		color.Red("[x] Error: %s", err)
 		return
@@ -181,7 +183,7 @@ func AnalyzePermissions(key string, showAll bool) {
 	printTokenInfo(token)
 
 	// get metadata
-	metadata, err := getMetadata(key)
+	metadata, err := getMetadata(cfg, key)
 	if err != nil {
 		color.Red("[x] Error: %s", err)
 		return
@@ -196,7 +198,7 @@ func AnalyzePermissions(key string, showAll bool) {
 	printTokenPermissions(token)
 
 	// get accessible projects
-	projects, err := getAccessibleProjects(key)
+	projects, err := getAccessibleProjects(cfg, key)
 	if err != nil {
 		color.Red("[x] Error: %s", err)
 		return