From 33e2afe7090df6b6f4f58ce5f5391618203d6e2a Mon Sep 17 00:00:00 2001
From: Hadi <112569860+anotherhadi@users.noreply.github.com>
Date: Tue, 19 May 2026 20:26:16 +0200
Subject: [PATCH] Init trufflehog plugin

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
---
 plugins/trufflehog.lua | 51 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 plugins/trufflehog.lua

diff --git a/plugins/trufflehog.lua b/plugins/trufflehog.lua
new file mode 100644
index 0000000..b336f1a
--- /dev/null
+++ b/plugins/trufflehog.lua
@@ -0,0 +1,51 @@
+Plugin = {
+  name        = "TruffleHog",
+  description = [[
+Scans request and response bodies for secrets using [TruffleHog](https://github.com/trufflesecurity/trufflehog).
+
+Requires `trufflehog` v3+ to be installed and available in PATH.
+
+Each finding is stored on the **Findings** page with the matched detector output.
+Findings are deduplicated per host+path+body content so repeated requests do not create duplicates.
+  ]],
+  on_request  = { sync = false },
+  on_response = { sync = false },
+  disable_by_default = true,
+}
+
+local function scan(label, content, host, path)
+  if not content or content == "" then return end
+  local out, err = shell_pipe("f=$(mktemp) && cat > \"$f\" && trufflehog filesystem --no-color \"$f\"; rc=$?; rm -f \"$f\"; exit $rc", content)
+  if err and err ~= "" then
+    log("trufflehog error on " .. label .. ": " .. err)
+    return
+  end
+  if not out or out == "" then return end
+  local blocks = {}
+  local current = nil
+  for line in out:gmatch("[^\n]+") do
+    if line:match("^Found ") then
+      if current then table.insert(blocks, current) end
+      current = line
+    elseif current then
+      current = current .. "\n" .. line
+    end
+  end
+  if current then table.insert(blocks, current) end
+  for _, block in ipairs(blocks) do
+    create_finding({
+      title       = "Secret detected in " .. label .. " (" .. host .. ")",
+      description = "**Host:** `" .. host .. "`  \n**Path:** `" .. path .. "`\n\n```\n" .. block .. "\n```",
+      key         = host .. "|" .. path .. "|" .. label .. "|" .. block,
+      severity    = "high",
+    })
+  end
+end
+
+function on_request(req)
+  scan("request", req:get_body(), req.host, req.path)
+end
+
+function on_response(req, res)
+  scan("response", res:get_body(), req.host, req.path)
+end