Commit graph

3530 commits

Author SHA1 Message Date
Dustin Decker
c2e5506b95
Change log verbosity for detection errors (#3171) 2024-08-04 20:47:41 -07:00
renovate[bot]
38db52ec1f
fix(deps): update github.com/tailscale/depaware digest to 585336c (#3166)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-04 10:17:22 -07:00
renovate[bot]
41a4b0839c
fix(deps): update module golang.org/x/sync to v0.8.0 (#3169)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-04 10:16:49 -07:00
renovate[bot]
4b75ab8c63
fix(deps): update module golang.org/x/oauth2 to v0.22.0 (#3168)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-04 09:32:13 -07:00
Richard Gomez
f335d486ef
Update Zulip detector (#2897)
* fix(zulip): prevent false positives

* update extra data

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-08-04 09:30:15 -07:00
Dustin Decker
88359addc5
update pattern (#3167) 2024-08-04 09:12:09 -07:00
Miccah
37a130fb58
[analyze] Use permission enum values in openai analyzer (#3165) 2024-08-02 16:20:45 -07:00
ahrav
0a3451a1ba
[bug] - Create a new context with timeout per request (#3163)
* Create a new context with timeout per request

* match timeout

* use context timeout

* reduce timeout
2024-08-02 14:46:37 -07:00
Miccah
f939572a43
[analyze] Fix off-by-one error in generated data structures (#3162)
* [analyze] Fix off-by-one error in generated data structures

* Generate data structures

* Fix finegrained checks
2024-08-02 14:22:22 -07:00
renovate[bot]
6ddae129b5
fix(deps): update module github.com/schollz/progressbar/v3 to v3.14.6 (#3158)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-02 14:19:23 -07:00
joeleonjr
4498c4be7c
Update README.md (#3160) 2024-08-02 14:18:36 -07:00
ahrav
c549b5bd15
[bug] - add context timeout to ssh verification (#3161)
* add context timeout to ssh verification

* fix test
2024-08-02 12:39:50 -07:00
ahrav
29613220b0
[chore] - log detector type on error (#3159)
* log detector type on error

* update error message

* update log

* update message
2024-08-02 10:54:59 -07:00
ahrav
ddb7211ded
[chore] - set custom transport for the Docker client (#3156)
* set custom transport for docker

* fix lint
2024-08-02 08:51:59 -07:00
Abdul Basit
04a13385a8
Add Analyzers interface for HuggingFace (#3140)
* implemented analyzer interface with data models for HuggingFace

* correct test for huggingface due to new addition of key in detection result.

---------

Co-authored-by: Abdul Basit <abasit@folio3.com>
2024-08-02 08:20:11 -07:00
joeleonjr
f927076483
quick patch for cfor enumeration (#3155)
Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
2024-08-02 11:12:43 -04:00
renovate[bot]
fe9ac9d0bf
fix(deps): update module google.golang.org/api to v0.190.0 (#3146)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-02 08:09:40 -07:00
Abdul Basit
c1645e8c27
Add Analyzers interface for Square (#3141)
* implement analyzer interface for square

* linked detector with analyzer for square
fix test for square.

* code refactoring

---------

Co-authored-by: Abdul Basit <abasit@folio3.com>
2024-08-02 08:00:25 -07:00
ahrav
170f6ab624
enable mutex and block profiler (#3154) 2024-08-02 07:56:09 -07:00
Miccah
eccbca730d
[fix] Always configure the engine with the default detectors (#3152)
If detectors are not wanted by a user, they can be filtered out via
the `--include-detectors` or `--exclude-detectors` flag.
2024-08-02 07:48:39 -07:00
Dustin Decker
05e4635824
Add progress bar to CFOR (#3151)
* Add progress bar to CFOR

* unused vars

* explicitly ignore progress errors

* removed print statements

* use stderr

---------

Co-authored-by: joeleonjr <20135619+joeleonjr@users.noreply.github.com>
Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
2024-08-02 07:43:59 -07:00
ahrav
fba1a8b410
[perf] - Leverage pgzip for Parallel decompression (#3149) 2024-08-02 04:11:10 -07:00
joeleonjr
7d606e2480
CFOR Commit Scanner (#3145)
* alpha feature for scanning hidden commits on github

* improvements re: git operations

* lint updates

* updating with exec block due to no gh token

* reworked logic into new source

* fixed collisions threshold flag input

* fixed IOutil issues

* removed additions from GH config

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
2024-08-01 23:04:20 -04:00
Miccah
38e844f968
[chore] Only set default detectors if none are provided (#3147) 2024-08-01 17:15:06 -07:00
Dustin Decker
605d037e45
add twilio analyze relationships (#3148)
* add twilio analyze relationships

* unused struct
2024-08-01 17:04:44 -07:00
ahrav
b193febab5
[chore] - move automaxprocs to init (#3143)
* move automaxprocs to init

* revert
2024-08-01 11:31:03 -07:00
Miccah
f776b481d1
[analyze] Combine access level into permission value (#3144) 2024-08-01 11:09:59 -07:00
Abdul Basit
843120427d
Add Analyze interface to Stripe (#3132)
* implement analyzer interface for stripe

* consider cateogry as unbound resource if there is no permission with it.

* check for key existence in map.
pass on analysis info from Stripe detector.
test change to remove analysis info.

* remove Valid boolean from metadata of analyzer result

---------

Co-authored-by: Abdul Basit <abasit@folio3.com>
2024-08-01 08:23:06 -07:00
ahrav
048ec26c92
move concurrency (#3135) 2024-07-31 18:58:18 -07:00
ahrav
fd257350dd
[chore] - address linter (#3133)
* addres linter

* fix
2024-07-31 17:30:51 -07:00
ahrav
b56fffb6cd
[chore] - Set GOMAXPROCS (#3136)
* use automaxprocs

* remove newline
2024-07-31 17:10:03 -07:00
Hon
555e1ceeee
Export maps from permission generation (#3137)
* Adjust permission generation to make maps exportable

* fix bug and add twilio
2024-07-31 16:49:56 -07:00
Dustin Decker
25b01019b3
Add permissions lookup tables (#3125)
* OpenAI LUT

* github LUT

* cleanup

* add test

* update

* update

* update openai

* update

* Add Analyze interface to Twilio (#3128)

* Add Analyze interface to Twilio

* add readme
2024-07-31 13:01:29 -07:00
Abdul Basit
6fccac7f3d
Separate out printing statements with anlayzer logic for SourceGraph (#3119)
* Separated printing and analyzes functionality for sourcegraph

* remove second call to fetch userinfo in sourcegraph.
2024-07-31 10:08:42 -07:00
0x1
b4b4ebaa03
nitro detector was removed and needed to be deprecated (#3102) 2024-07-31 07:07:35 -07:00
Abdul Basit
24b7029d4d
Separate out printing statements with anlayzer logic for Stripe (#3120)
* Separated printing and analyzes functionality for stripe

* removed logging enabled check
2024-07-31 07:07:10 -07:00
Abdul Basit
a2c7219d65
Separate out printing statements with anlayzer logic for Slack (#3121)
* Separated printing and analyzes functionality for slack

* removed logging enabled check
2024-07-31 07:06:46 -07:00
Cody Rose
3ab975edb3
Update GitHub integration tests (#3124)
#1816 and #2995 both updated the GitHub source without updating its integration tests. This PR updates those tests, bringing them back into success.
2024-07-31 09:28:10 -04:00
Dustin Decker
a3d3565248
Add new canary ID (#3117) 2024-07-30 20:44:58 -07:00
Abdul Basit
67c01aee6e
Separated printing and analyzes functionality for twilio (#3118) 2024-07-30 20:44:44 -07:00
Abdul Basit
02fb3879eb
Separated printing and analyzes functionality for square (#3122) 2024-07-30 20:44:07 -07:00
Abdul Basit
acd529d9dc
Separated printing and analyzes functionality for shopify (#3123) 2024-07-30 20:43:46 -07:00
renovate[bot]
6a36eb3a9b
fix(deps): update module github.com/aws/aws-sdk-go to v1.55.5 (#3116)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-30 14:54:04 -07:00
Miccah
20de56d441
Analyzer partial implementations (#3114)
* Add POC analyze sub-command

* Address lint errors

* added http logging to most analyzers

* Use custom RoundTripper with default http.Client

* [chore] Embed scopes at compile time

* [chore] Move subcommand check up to prevent printing metrics

* Create framework of interfaces, structs, and protos

* Implement Analyzer for airbrake

* Add FullAccess permission constant

* Implement Analyzer for asana

* Implement Analyzer for bitbucket

* Implement Analyzer for github

* Implement Analyzer for gitlab

* Implemente Analyzer for huggingface

* Implement Analyzer for mailchimp

* implement analyzer for mailgun

* update cli cmd

* Implement analyzer for openai

* fix timing issue on scopes

* print permissions only if restricted key

* Implement Analyzer for mysql

* enable loggin check

* fixed the formatting issue to wrap sub-errors

* implemented analyzer for opsgenie

* implemented analyzer for postgres

* use format string

* implemented analyzer for sendgrid

* simplify returning the error

* implemented analyzer for postman

* added handling of workspace error

* Update protos to match OSS

* Generate protos

* Update data structures to match OSS

* Update airbrake implementation

* Remove asana implementation

* Remove mailchimp implementation

* Update openai implementation to match OSS

* Remove gitlab implementation

* Remove huggingface implementation

* Remove bitbucket implementation

* Fix permission in airbrake

* Remove github implementation

* Remove mailgun implementation

* Cleanup compiler errors

* Implement Analyzer interface for github

* Add parents to github resources

* Add fine_grained to github metadata

* Update with changes from main

* Remove unused function stubs

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
Co-authored-by: Hon <8292703+hxnyk@users.noreply.github.com>
Co-authored-by: Abdul Basit <abasit@folio3.com>
Co-authored-by: Abdul Basit <basit.mussani@gmail.com>
2024-07-30 09:13:48 -07:00
Harmon Herring
f664472da1
Include default detectors when using a config that contains detectors (#3115)
* include default detectors when config file is used

* fix test
2024-07-29 14:36:40 -07:00
Cody Rose
ed8bc501e5
Use non-canary credentials for AWS tests (#3109)
The AWS detector verifies credentials in a weird hacky way to work around some non-obvious STS behavior. This workaround does not work for canary tokens, so I updated the test secrets to use non-canary tokens. This PR updates the tests to match the secrets file changes.
2024-07-29 10:11:27 -04:00
ahrav
55fe05d0b4
fix dep versions (#3106) 2024-07-26 17:44:23 -07:00
Miccah
14e7a82fbf
[analyze] Add description and user to openai metadata (#3111)
Also rename the type from "org" to "organization" to match github.
2024-07-26 16:24:50 -07:00
Dustin Decker
c048487739
Support openai project and fine grained tokens (#3112) 2024-07-26 15:31:17 -07:00
Miccah
9d089c2188
[analyze] Implement Analyzer interface for github (#3110)
* [analyze] Implement Analyzer interface for github

* Make github repo and user enumeration configurable

* Add AnalysisInfo to github detector

* Use AnalyzeAndPrintPermissions from the CLI
2024-07-26 14:47:03 -07:00