trufflehog
trufflehog copied to clipboard
trufflesecurity
Json output/report is not valid json object.
TruffleHog Version
trufflehog 3.7.3
Expected Behavior
A Valid JSON -> Array of Objects
[
{"SourceMetadata":{"Data":{"Github":{"link":"https://github.com/trufflesecurity/test_keys/blob/77b2a3e56973785a52ba4ae4b8dac61d4bac016f/keys","repository":"https://github.com/trufflesecurity/test_keys.git","commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","email":"[email protected]","file":"keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":3}}},"SourceID":0,"SourceType":7,"SourceName":"trufflehog - github","DetectorType":17,"DetectorName":"URI","Verified":true,"Raw":"aHR0cHM6Ly9hZG1pbjphZG1pbkB0aGUtaW50ZXJuZXQuaGVyb2t1YXBwLmNvbS9iYXNpY19hdXRo","Redacted":"https://*****:*****@the-internet.herokuapp.com/basic_auth","ExtraData":null,"StructuredData":null},
{"SourceMetadata":{"Data":{"Github":{"link":"https://github.com/trufflesecurity/test_keys/blob/77b2a3e56973785a52ba4ae4b8dac61d4bac016f/keys","repository":"https://github.com/trufflesecurity/test_keys.git","commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","email":"[email protected]","file":"keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":3}}},"SourceID":0,"SourceType":7,"SourceName":"trufflehog - github","DetectorType":17,"DetectorName":"URI","Verified":true,"Raw":"aHR0cHM6Ly9hZG1pbjphZG1pbkB0aGUtaW50ZXJuZXQuaGVyb2t1YXBwLmNvbS9iYXNpY19hdXRo","Redacted":"https://*****:*****@the-internet.herokuapp.com/basic_auth","ExtraData":null,"StructuredData":null}
]
Actual Behavior
Json Output is not Valid. As Result I`m getting 4 different Json Blocks. Which represent the entire report. If the report consists of several elements, then it must be an array of objects, and not just individual objects that cannot be correctly parsed.
{"SourceMetadata":{"Data":{"Github":{"link":"https://github.com/trufflesecurity/test_keys/blob/77b2a3e56973785a52ba4ae4b8dac61d4bac016f/keys","repository":"https://github.com/trufflesecurity/test_keys.git","commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","email":"[email protected]","file":"keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":3}}},"SourceID":0,"SourceType":7,"SourceName":"trufflehog - github","DetectorType":17,"DetectorName":"URI","Verified":true,"Raw":"aHR0cHM6Ly9hZG1pbjphZG1pbkB0aGUtaW50ZXJuZXQuaGVyb2t1YXBwLmNvbS9iYXNpY19hdXRo","Redacted":"https://*****:*****@the-internet.herokuapp.com/basic_auth","ExtraData":null,"StructuredData":null}
{"SourceMetadata":{"Data":{"Github":{"link":"https://github.com/trufflesecurity/test_keys/blob/77b2a3e56973785a52ba4ae4b8dac61d4bac016f/keys","repository":"https://github.com/trufflesecurity/test_keys.git","commit":"77b2a3e56973785a52ba4ae4b8dac61d4bac016f","email":"[email protected]","file":"keys","timestamp":"2022-06-16 10:27:56 -0700 -0700","line":3}}},"SourceID":0,"SourceType":7,"SourceName":"trufflehog - github","DetectorType":17,"DetectorName":"URI","Verified":true,"Raw":"aHR0cHM6Ly9hZG1pbjphZG1pbkB0aGUtaW50ZXJuZXQuaGVyb2t1YXBwLmNvbS9iYXNpY19hdXRo","Redacted":"https://*****:*****@the-internet.herokuapp.com/basic_auth","ExtraData":null,"StructuredData":null}
Steps to Reproduce
Steps to reproduce are very simple. Just run thos command
docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo https://github.com/trufflesecurity/test_keys --json
This is a serious problem when you want to parse the results, any update related to this bug?
I'm not alone! ))) No - no one has answered yet. Alternatively, in an intermediate step, you can separate the objects with coma and wrap them in one json. Then it will be valid. But this is a crutch that should not be.
This is newline-delimited json: http://ndjson.org/
It is so you can parse each line as one result. This is the only way to stream JSON, otherwise you have to wait until the end and parse a large array.
