Integration with Yelp detect-secrets

include/python_detector

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+# detector of python and boto3
+pythonDetector(){
+    PYTHON_BIN=$(which python)
+    PYTHON_PIP_BOTO3=$(pip list|grep boto3)
+    if [ -z "${PYTHON_BIN}" ]; then
+        echo -e "\n$RED ERROR!$NORMAL python not found. Make sure it is installed correctly and in your \$PATH\n"
+        EXITCODE=1
+        exit $EXITCODE
+    else
+        PYTHON_INSTALLED=1
+        if [ -z "${PYTHON_PIP_BOTO3}" ]; then
+            echo -e "\n$RED ERROR!$NORMAL python library boto3 not found. Make sure it is installed correctly\n"
+            EXITCODE=1
+            exit $EXITCODE
+        else
+            PYTHON_PIP_BOTO3_INSTALLED=1
+        fi
+    fi  
+}

include/secrets_detector

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+# detector and configuration of detect-secrets
+secretsDetector(){
+    PYTHON_PIP_DETECTSECRETS=$(which detect-secrets)
+    if [ -z "${PYTHON_PIP_DETECTSECRETS}" ]; then
+        echo -e "\n$RED ERROR!$NORMAL python library detect-secrets not found. Make sure it is installed correctly and in your \$PATH\n"
+        EXITCODE=1
+        exit $EXITCODE
+    else
+        SECRETS_TEMP_FOLDER="$PROWLER_DIR/secrets-$ACCOUNT_NUM"
+        if [[ ! -d $SECRETS_TEMP_FOLDER ]]; then 
+            mkdir $SECRETS_TEMP_FOLDER
+        fi 
+        PYTHON_PIP_DETECTSECRETS_INSTALLED=1
+        # Sets the entropy limit for high entropy base64 strings. Value
+        # must be between 0.0 and 8.0, defaults is 4.5.
+        BASE64_LIMIT=3.0
+        # Sets the entropy limit for high entropy hex strings. Value
+        # must be between 0.0 and 8.0, defaults is 3.0.
+        HEX_LIMIT=3.0
+        case $1 in
+            file )
+                # this is to scan a file
+                detect-secrets scan --hex-limit $HEX_LIMIT --base64-limit $BASE64_LIMIT $2 | \
+                jq -r '.results[]|.[] | [.line_number, .type]|@csv' | wc -l 
+                #jq -r '.results[] | .[] | "\(.line_number)\t\(.type)"'
+                # this command must return values in two colums:
+                # line in file and type of secrets found
+                ;;
+            string )
+                # this is to scan a given string 
+                detect-secrets scan --hex-limit $HEX_LIMIT --base64-limit $BASE64_LIMIT --string $2 | \
+                grep True| wc -l
+            ;;
+            folder )
+                # this is to scan a given folder with all lambda files 
+                detect-secrets scan --hex-limit $HEX_LIMIT --base64-limit $BASE64_LIMIT --all-files $2 | \
+                jq -r '.results[]|.[] | [.line_number, .type]|@csv' | wc -l
+            ;;
+        esac 
+    fi  
+}