truffleHog: init at 2.0.91

This commit adds the python3 application truffleHog, which is a stand-alone tool
that scans a git repo for unencrypted passwords.

This depends on a newer GitPython, which depends on a new major version of
gitdb, which depends on a new major version of smmap, so I've packaged those
as well in the preceding commits.

pkgs/tools/security/trufflehog/default.nix

@@ -0,0 +1,38 @@
+{ lib, pythonPackages }:
+
+let
+  truffleHogRegexes = pythonPackages.buildPythonPackage rec {
+    pname = "truffleHogRegexes";
+    version = "0.0.4";
+    src = pythonPackages.fetchPypi {
+      inherit pname version;
+      sha256 = "09vrscbb4h4w01gmamlzghxx6cvrqdscylrbdcnbjsd05xl7zh4z";
+    };
+  };
+in
+  pythonPackages.buildPythonApplication rec {
+    pname = "truffleHog";
+    version = "2.0.91";
+
+    src = pythonPackages.fetchPypi {
+      inherit pname version;
+      sha256 = "0r4c9ihy6wjh5cwli7lb6cr2yfvxrh7r6cgznql1src5gzlnkymx";
+    };
+
+    # Relax overly restricted version constraint
+    postPatch = ''
+      substituteInPlace setup.py --replace "GitPython ==" "GitPython >= "
+    '';
+
+    propagatedBuildInputs = [ pythonPackages.GitPython truffleHogRegexes ];
+
+    # Test cases run git clone and require network access
+    doCheck = false;
+
+    meta = {
+      homepage = https://github.com/dxa4481/truffleHog;
+      description = "Searches through git repositories for high entropy strings and secrets, digging deep into commit history";
+      license = with lib.licenses; [ gpl2 ];
+      maintainers = with lib.maintainers; [ bhipple ];
+    };
+  }

pkgs/top-level/all-packages.nix

@@ -21119,6 +21119,8 @@ with pkgs;
 
   tup = callPackage ../development/tools/build-managers/tup { };
 
+  trufflehog = callPackage ../tools/security/trufflehog { };
+
   tvheadend = callPackage ../servers/tvheadend { };
 
   ums = callPackage ../servers/ums { };