build: optionally exclude sources

Author: rgmz

main.go

@@ -30,7 +30,21 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/circleci"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/defaults"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/docker"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/elasticsearch"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/filesystem"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/gcs"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/git"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/github"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/gitlab"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/huggingface"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/jenkins"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/postman"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/s3"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/syslog"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/travisci"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/feature"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/handlers"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/log"
@@ -704,7 +718,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			Bare:             *gitScanBare,
 			ExcludeGlobs:     *gitScanExcludeGlobs,
 		}
-		if ref, err = eng.ScanGit(ctx, gitCfg); err != nil {
+		if ref, err = git.Scan(ctx, gitCfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan Git: %v", err)
 		}
 	case githubScan.FullCommand():
@@ -733,7 +747,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			CommentsTimeframeDays:      *githubCommentsTimeframeDays,
 			Filter:                     filter,
 		}
-		if ref, err = eng.ScanGitHub(ctx, cfg); err != nil {
+		if ref, err = github.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan Github: %v", err)
 		}
 	case githubExperimentalScan.FullCommand():
@@ -744,7 +758,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			CollisionThreshold: *githubExperimentalCollisionThreshold,
 			DeleteCachedData:   *githubExperimentalDeleteCache,
 		}
-		if ref, err = eng.ScanGitHubExperimental(ctx, cfg); err != nil {
+		if ref, err = github.ScanExperimental(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan using Github Experimental: %v", err)
 		}
 	case gitlabScan.FullCommand():
@@ -761,7 +775,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			ExcludeRepos: *gitlabScanExcludeRepos,
 			Filter:       filter,
 		}
-		if ref, err = eng.ScanGitLab(ctx, cfg); err != nil {
+		if ref, err = gitlab.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan GitLab: %v", err)
 		}
 	case filesystemScan.FullCommand():
@@ -776,7 +790,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			IncludePathsFile: *filesystemScanIncludePaths,
 			ExcludePathsFile: *filesystemScanExcludePaths,
 		}
-		if ref, err = eng.ScanFileSystem(ctx, cfg); err != nil {
+		if ref, err = filesystem.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan filesystem: %v", err)
 		}
 	case s3Scan.FullCommand():
@@ -790,7 +804,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			CloudCred:     *s3ScanCloudEnv,
 			MaxObjectSize: int64(*s3ScanMaxObjectSize),
 		}
-		if ref, err = eng.ScanS3(ctx, cfg); err != nil {
+		if ref, err = s3.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan S3: %v", err)
 		}
 	case syslogScan.FullCommand():
@@ -802,15 +816,15 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			KeyPath:     *syslogTLSKey,
 			Concurrency: *concurrency,
 		}
-		if ref, err = eng.ScanSyslog(ctx, cfg); err != nil {
+		if ref, err = syslog.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan syslog: %v", err)
 		}
 	case circleCiScan.FullCommand():
-		if ref, err = eng.ScanCircleCI(ctx, *circleCiScanToken); err != nil {
+		if ref, err = circleci.Scan(ctx, *circleCiScanToken, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan CircleCI: %v", err)
 		}
 	case travisCiScan.FullCommand():
-		if ref, err = eng.ScanTravisCI(ctx, *travisCiScanToken); err != nil {
+		if ref, err = travisci.Scan(ctx, *travisCiScanToken, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan TravisCI: %v", err)
 		}
 	case gcsScan.FullCommand():
@@ -827,7 +841,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			Concurrency:    *concurrency,
 			MaxObjectSize:  int64(*gcsMaxObjectSize),
 		}
-		if ref, err = eng.ScanGCS(ctx, cfg); err != nil {
+		if ref, err = gcs.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan GCS: %v", err)
 		}
 	case dockerScan.FullCommand():
@@ -836,7 +850,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			Images:            *dockerScanImages,
 			UseDockerKeychain: *dockerScanToken == "",
 		}
-		if ref, err = eng.ScanDocker(ctx, cfg); err != nil {
+		if ref, err = docker.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan Docker: %v", err)
 		}
 	case postmanScan.FullCommand():
@@ -873,7 +887,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			WorkspacePaths:      *postmanWorkspacePaths,
 			EnvironmentPaths:    *postmanEnvironmentPaths,
 		}
-		if ref, err = eng.ScanPostman(ctx, cfg); err != nil {
+		if ref, err = postman.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan Postman: %v", err)
 		}
 	case elasticsearchScan.FullCommand():
@@ -889,17 +903,17 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			SinceTimestamp: *elasticsearchSinceTimestamp,
 			BestEffortScan: *elasticsearchBestEffortScan,
 		}
-		if ref, err = eng.ScanElasticsearch(ctx, cfg); err != nil {
+		if ref, err = elasticsearch.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan Elasticsearch: %v", err)
 		}
 	case jenkinsScan.FullCommand():
-		cfg := engine.JenkinsConfig{
+		cfg := sources.JenkinsConfig{
 			Endpoint:              *jenkinsURL,
 			InsecureSkipVerifyTLS: *jenkinsInsecureSkipVerifyTLS,
 			Username:              *jenkinsUsername,
 			Password:              *jenkinsPassword,
 		}
-		if ref, err = eng.ScanJenkins(ctx, cfg); err != nil {
+		if ref, err = jenkins.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan Jenkins: %v", err)
 		}
 	case huggingfaceScan.FullCommand():
@@ -911,7 +925,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			return scanMetrics, fmt.Errorf("invalid config: you must specify at least one organization, user, model, space or dataset")
 		}
 
-		cfg := engine.HuggingfaceConfig{
+		cfg := sources.HuggingfaceConfig{
 			Endpoint:           *huggingfaceEndpoint,
 			Models:             *huggingfaceModels,
 			Spaces:             *huggingfaceSpaces,
@@ -932,7 +946,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			IncludePrs:         *huggingfaceIncludePrs,
 			Concurrency:        *concurrency,
 		}
-		if ref, err = eng.ScanHuggingface(ctx, cfg); err != nil {
+		if ref, err = huggingface.Scan(ctx, cfg, eng); err != nil {
 			return scanMetrics, fmt.Errorf("failed to scan HuggingFace: %v", err)
 		}
 	default:

pkg/engine/circleci.go pkg/engine/circleci/circleci.go

@@ -1,4 +1,6 @@
-package engine
+//go:build !no_circleci
+
+package circleci
 
 import (
 	"runtime"
@@ -7,13 +9,14 @@ import (
 	"google.golang.org/protobuf/types/known/anypb"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/circleci"
 )
 
-// ScanCircleCI scans CircleCI logs.
-func (e *Engine) ScanCircleCI(ctx context.Context, token string) (sources.JobProgressRef, error) {
+// Scan scans CircleCI logs.
+func Scan(ctx context.Context, token string, e *engine.Engine) (sources.JobProgressRef, error) {
 	connection := &sourcespb.CircleCI{
 		Credential: &sourcespb.CircleCI_Token{
 			Token: token,
@@ -28,11 +31,11 @@ func (e *Engine) ScanCircleCI(ctx context.Context, token string) (sources.JobPro
 	}
 
 	sourceName := "trufflehog - Circle CI"
-	sourceID, jobID, _ := e.sourceManager.GetIDs(ctx, sourceName, circleci.SourceType)
+	sourceID, jobID, _ := e.SourceManager().GetIDs(ctx, sourceName, circleci.SourceType)
 
 	circleSource := &circleci.Source{}
 	if err := circleSource.Init(ctx, "trufflehog - Circle CI", jobID, sourceID, true, &conn, runtime.NumCPU()); err != nil {
 		return sources.JobProgressRef{}, err
 	}
-	return e.sourceManager.EnumerateAndScan(ctx, sourceName, circleSource)
+	return e.SourceManager().EnumerateAndScan(ctx, sourceName, circleSource)
 }

pkg/engine/circleci/circleci_disabled.go

@@ -0,0 +1,13 @@
+//go:build no_circleci
+
+package circleci
+
+import (
+	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
+)
+
+func Scan(_ context.Context, _ string, _ *engine.Engine) (sources.JobProgressRef, error) {
+	return sources.JobProgressRef{}, engine.ErrSourceDisabled
+}

pkg/engine/docker.go pkg/engine/docker/docker.go

@@ -1,4 +1,6 @@
-package engine
+//go:build !no_docker
+
+package docker
 
 import (
 	"runtime"
@@ -7,13 +9,14 @@ import (
 	"google.golang.org/protobuf/types/known/anypb"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/docker"
 )
 
-// ScanDocker scans a given docker connection.
-func (e *Engine) ScanDocker(ctx context.Context, c sources.DockerConfig) (sources.JobProgressRef, error) {
+// Scan scans a given docker connection.
+func Scan(ctx context.Context, c sources.DockerConfig, e *engine.Engine) (sources.JobProgressRef, error) {
 	connection := &sourcespb.Docker{Images: c.Images}
 
 	switch {
@@ -33,11 +36,11 @@ func (e *Engine) ScanDocker(ctx context.Context, c sources.DockerConfig) (source
 	}
 
 	sourceName := "trufflehog - docker"
-	sourceID, jobID, _ := e.sourceManager.GetIDs(ctx, sourceName, docker.SourceType)
+	sourceID, jobID, _ := e.SourceManager().GetIDs(ctx, sourceName, docker.SourceType)
 
 	dockerSource := &docker.Source{}
 	if err := dockerSource.Init(ctx, sourceName, jobID, sourceID, true, &conn, runtime.NumCPU()); err != nil {
 		return sources.JobProgressRef{}, err
 	}
-	return e.sourceManager.EnumerateAndScan(ctx, sourceName, dockerSource)
+	return e.SourceManager().EnumerateAndScan(ctx, sourceName, dockerSource)
 }

pkg/engine/docker/docker_disabled.go

@@ -0,0 +1,13 @@
+//go:build no_docker
+
+package docker
+
+import (
+	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
+)
+
+func Scan(_ context.Context, _ sources.DockerConfig, _ *engine.Engine) (sources.JobProgressRef, error) {
+	return sources.JobProgressRef{}, engine.ErrSourceDisabled
+}

pkg/engine/elasticsearch.go pkg/engine/elasticsearch/elasticsearch.go

@@ -1,4 +1,6 @@
-package engine
+//go:build !no_elasticsearch
+
+package elasticsearch
 
 import (
 	"runtime"
@@ -7,13 +9,14 @@ import (
 	"google.golang.org/protobuf/types/known/anypb"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/elasticsearch"
 )
 
-// ScanElasticsearch scans a Elasticsearch installation.
-func (e *Engine) ScanElasticsearch(ctx context.Context, c sources.ElasticsearchConfig) (sources.JobProgressRef, error) {
+// Scan scans a Elasticsearch installation.
+func Scan(ctx context.Context, c sources.ElasticsearchConfig, e *engine.Engine) (sources.JobProgressRef, error) {
 	connection := &sourcespb.Elasticsearch{
 		Nodes:          c.Nodes,
 		Username:       c.Username,
@@ -35,11 +38,11 @@ func (e *Engine) ScanElasticsearch(ctx context.Context, c sources.ElasticsearchC
 	}
 
 	sourceName := "trufflehog - Elasticsearch"
-	sourceID, jobID, _ := e.sourceManager.GetIDs(ctx, sourceName, elasticsearch.SourceType)
+	sourceID, jobID, _ := e.SourceManager().GetIDs(ctx, sourceName, elasticsearch.SourceType)
 
 	elasticsearchSource := &elasticsearch.Source{}
 	if err := elasticsearchSource.Init(ctx, sourceName, jobID, sourceID, true, &conn, runtime.NumCPU()); err != nil {
 		return sources.JobProgressRef{}, err
 	}
-	return e.sourceManager.EnumerateAndScan(ctx, sourceName, elasticsearchSource)
+	return e.SourceManager().EnumerateAndScan(ctx, sourceName, elasticsearchSource)
 }

pkg/engine/elasticsearch/elasticsearch_disabled.go

@@ -0,0 +1,14 @@
+//go:build no_elasticsearch
+
+package elasticsearch
+
+import (
+	"context"
+
+	"github.com/trufflesecurity/trufflehog/v3/pkg/engine"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
+)
+
+func Scan(_ context.Context, _ sources.ElasticsearchConfig, _ *engine.Engine) (sources.JobProgressRef, error) {
+	return sources.JobProgressRef{}, engine.ErrSourceDisabled
+}

pkg/engine/engine.go

@@ -33,9 +33,12 @@ import (
 
 var detectionTimeout = detectors.DefaultResponseTimeout
 
-var errOverlap = errors.New(
-	"More than one detector has found this result. For your safety, verification has been disabled." +
-		"You can override this behavior by using the --allow-verification-overlap flag.",
+var (
+	ErrSourceDisabled = errors.New("trufflehog was compiled without this source")
+	errOverlap        = errors.New(
+		"More than one detector has found this result. For your safety, verification has been disabled." +
+			"You can override this behavior by using the --allow-verification-overlap flag.",
+	)
 )
 
 // Metrics for the scan engine for external consumption.
@@ -219,6 +222,10 @@ type Engine struct {
 	verificationOverlapWorkerMultiplier int
 }
 
+func (e *Engine) SourceManager() *sources.SourceManager {
+	return e.sourceManager
+}
+
 // NewEngine creates a new Engine instance with the provided configuration.
 func NewEngine(ctx context.Context, cfg *Config) (*Engine, error) {
 	verificationCache := verificationcache.New(cfg.VerificationResultCache, cfg.VerificationCacheMetrics)