Update gitleaks generation script

README.md

@@ -33,13 +33,12 @@ Contribution is always welcome! Please feel free to report issues on Github and
 ## 📌 Ideas to Start on
 
 # Using
-For Trufflehog v2
-$> ./convert-rules.py --db ../db/rules-stable.yml --type trufflehog
-For Gitleaks
-$> ./convert-rules.py --db ../db/rules-stable.yml --type  gitleaks
+For Trufflehog v2 `./convert-rules.py --db ../db/rules-stable.yml --type trufflehog`
+
+For Gitleaks `./convert-rules.py --db ../db/rules-stable.yml --type  gitleaks`
 
 Optional:
---export - Set filename, extension will be added by type (gitleaks = toml, trufflehog = json)
+`--export` - Set filename, extension will be added by type (gitleaks = toml, trufflehog = json)
 
 Would like to contribute to secrets-patterns-db? Here are some ideas that you may start with:
 

scripts/convert-rules.py

@@ -5,47 +5,48 @@
 import argparse
 
 
-def trufflehog_output(y):
+def trufflehog_output(args, y):
     output = {}
     for i in y["patterns"]:
-        if i["pattern"]["confidence"] != "high":
+        if args.low_confidence is None and i["pattern"]["confidence"] != "high":
             continue
         output.update({i["pattern"]["name"]: i["pattern"]["regex"]})
 
     return json.dumps(output, indent=4, sort_keys=True)
 
 
-def gitleaks_output(y):
+def gitleaks_output(args, y):
     s = 'title = "gitleaks config"'
 
     for i in y["patterns"]:
-        if i["pattern"]["confidence"] != "high":
+        if args.low_confidence is None and i["pattern"]["confidence"] != "high":
             continue
         s += f"""
 [[rules]]
+    id = '''{i["pattern"]["name"]}'''
     description = '''{i["pattern"]["name"]}'''
     regex = '''{i["pattern"]["regex"]}'''
-    tags = ["secret"]
+    keywords = ["secret"]
 """
     return s
 
 
-def main(arg):
-    f = open(arg.database_file, "r")
+def main(args):
+    f = open(args.database_file, "r")
     y = yaml.safe_load(f.read())
     f.close()
 
     output_string = ""
     ext_string = ""
-    if arg.output_type == "trufflehog":
+    if args.output_type == "trufflehog":
         output_string = trufflehog_output(y)
         ext_string = "json"
-    elif arg.output_type == "gitleaks":
-        output_string = gitleaks_output(y)
+    elif args.output_type == "gitleaks":
+        output_string = gitleaks_output(args, y)
         ext_string = "toml"
 
-    if arg.export_filename is not None:              
-        f = open(f"{arg.export_filename}.{ext_string}", "w")
+    if args.export_filename is not None:              
+        f = open(f"{args.export_filename}.{ext_string}", "w")
         f.write(output_string)
         f.close()
     else:
@@ -56,7 +57,8 @@ def main(arg):
     parser = argparse.ArgumentParser(description='Convert yaml database file to rules for trufflehog or gitleaks')
     parser.add_argument("--db", dest = "database_file", required = True, help = "The yaml database file")
     parser.add_argument("--type", dest= "output_type", required = True, choices=['trufflehog', 'gitleaks'], help = "Supported output types: trufflehog, gitleaks")
-    parser.add_argument('--export', dest="export_filename", help = "Give filename, extension toml/json will be added")
+    parser.add_argument('-e', '--export', dest="export_filename", help = "Give filename, extension toml/json will be added")
+    parser.add_argument('-l', '--low_confidence', help = "Add low confidence entries", action='store_true')
     args = parser.parse_args()
 
     main(args)