62 check for gitleaks and trufflehog before program runs

argparsing.py

@@ -2,6 +2,7 @@
 import math
 from os import linesep, environ, cpu_count
 import sys
+import shutil
 
 runtime = environ.get("SM_COMMAND", f"{sys.argv[0]}")
 
@@ -24,6 +25,10 @@
     parallel = math.ceil(cores / 4)
 
 
+def check_exists(var):
+    return shutil.which(var)
+
+
 class CustomParser(argparse.ArgumentParser):
     def error(self, message):
         sys.stdout.write(f" ❌ error: {message}{linesep}{linesep}")
@@ -210,4 +215,21 @@ def parse_args():
 
     if args.gl_config is not None and args.disable_gitleaks:
         parser.error("Gitleaks can't be disabled if passing a .toml file")
+
+    if not args.disable_gitleaks:
+        gitleaks = check_exists("gitleaks")
+
+        if not isinstance(gitleaks, str) or len(gitleaks) == 0:
+            parser.error(
+                "Could not find Gitleaks on your system. Ensure it's on the PATH or pass --disable-gitleaks"
+            )
+
+    if not args.disable_trufflehog:
+        trufflehog = check_exists("trufflehog")
+
+        if not isinstance(trufflehog, str) or len(trufflehog) == 0:
+            parser.error(
+                "Could not find Trufflehog on your system. Ensure it's on the PATH or pass --disable-trufflehog"
+            )
+
     return args

features/helper.py

@@ -4,6 +4,8 @@
 import stat
 import subprocess
 
+from unittest.mock import patch
+
 from behave import given, when, then, step
 
 
@@ -54,7 +56,7 @@ def step_impl(context, name):
         f.write(context.text)
 
 
-def run_secret_magpie(context, engines, outformat="csv", args=[]):
+def run_secret_magpie(context, engines, outformat="csv", args=[], err_check=True):
     try:
         context.repos = LocalRepos(context.rules, TESTING_DIRECTORY)
     except:
@@ -160,14 +162,15 @@ def run_secret_magpie(context, engines, outformat="csv", args=[]):
             param_list, capture_output=True, env=env, encoding="UTF-8"
         )
 
-        if context.proc.stderr != "":
-            raise AssertionError(context.proc.stderr)
+        if err_check:
+            if context.proc.stderr != "":
+                raise AssertionError(context.proc.stderr)
 
-        if "❌" in context.proc.stdout:
-            raise AssertionError(context.proc.stdout)
+            if "❌" in context.proc.stdout:
+                raise AssertionError(context.proc.stdout)
 
-        if "warning" in context.proc.stdout:
-            raise AssertionError(context.proc.stdout)
+            if "warning" in context.proc.stdout:
+                raise AssertionError(context.proc.stdout)
 
         stdout = context.proc.stdout.split("\n")
 
@@ -366,6 +369,22 @@ def step_impl(context):
     )
 
 
+@when("we run secret-magpie-cli with {engine} disabled")
+def step_impl(context, engine):
+    with patch("shutil.which", return_value=None):
+        run_secret_magpie(context, engines=engine, err_check=False)
+
+
+@then("secret-magpie-cli's error output will be")
+def step_impl(context):
+    stderr = context.proc.stdout
+    expected = list(map(lambda s: s.rstrip("\r"), context.text.split("\n")))
+
+    assert str(expected) not in str(stderr), (
+        "Expected error output: " + str(expected) + ", found " + str(stderr)
+    )
+
+
 @then("directory {dir} won't exist")
 def step_impl(context, dir):
     assert (

features/validate_output.feature

@@ -66,3 +66,19 @@ Feature: Validate that the results files produced by secret-magpie-cli is of val
             """
             ERROR: File at rules_not_found.toml not found.
             """
+
+    @localrepos
+    Scenario: Ensure that secret-magpie-cli gives the expected error when gitleaks is not found
+        When we run secret-magpie-cli with gitleaks disabled
+        Then secret-magpie-cli's error output will be
+            """
+            ❌ error: Could not find Gitleaks on your system. Ensure it's on the PATH or pass --disable-gitleaks
+            """
+
+    @localrepos
+    Scenario: Ensure that secret-magpie-cli gives the expected error when trufflehog is not found
+        When we run secret-magpie-cli with trufflehog disabled
+        Then secret-magpie-cli's error output will be
+            """
+            ❌ error: Could not find Trufflehog on your system. Ensure it's on the PATH or pass --disable-trufflehog
+            """