Commit graph

3433 commits

Author SHA1 Message Date
Charlie Gunyon
02c508da11
Add Sentry protobufs (#3263)
* Add Sentry protobufs

* Use more descriptive field name for an event's ID in protobufs
2024-09-04 11:36:49 -07:00
Dustin Decker
db0108f731
Make worker multipliers configurable (#3267) 2024-09-04 11:36:26 -07:00
0x1
7eb5b5b12c
add rotation links (#3257) 2024-09-04 10:45:04 -04:00
Dustin Decker
6bbb683ead
Reduce high freq keywords (#3265) 2024-09-03 16:58:46 -07:00
Dustin Decker
8999eab89d
Add central feature flags (#3264)
* Add central feature flags

* use atomic

* tidy
2024-09-03 15:54:41 -07:00
Hon
f52d8e872d
Add huggingface tui config (#3060)
* add huggingface tui config

* update readme

* undo auto format
2024-09-03 12:54:39 -07:00
Shreyas Sriram
15faaba61c
Add Robinhood Crypto detector (#3254)
* Add Robinhood Crypto detector

* Address comment - use single keyword
2024-08-29 14:05:52 -07:00
ahrav
06bbd6fd49
Update buffer (#3255) 2024-08-29 13:40:26 -07:00
Cody Rose
dbc1464c63
Download files when reverifying (#3252)
The previous implementation of targeted file scanning pulled patches out of commit data, which didn't work for binary files (because GitHub doesn't return patches for them). This PR changes the system to always just download the requested file and scan it, which means we get binary file support.
2024-08-29 16:10:11 -04:00
Hon
247b56ad0b
update rotation guide link for teams (#3248) 2024-08-26 14:34:18 -07:00
Nash
69f5d9b76d
Th 899 postman panic issue (#3245)
* Fixed the checks for local exported data

* Fixed the check for local export files

* Fixed the check for local export files

* Fixed the check for local export files

* Merge branch 'main' into th-899-postman-panic-issue

* minor changes in the tests

* test update

* test
2024-08-26 14:46:05 -04:00
Cody Rose
3b0b2909ca
Strip leading +/- from github target diffs (#3244)
The GitHub source generates chunks for targeted scans differently than it does for "normal" scans. One difference was the presence of leading + and - characters, which can interfere with detection in some cases.
2024-08-23 15:21:58 -04:00
Cody Rose
8f299ff8cd
Skip filtration for targeted scans #3243
There is a scenario in which results filtration is known to cause problems, and this PR disables it in that scenario. (It should cause problems more generally, but lacking any concrete cases of that, I want to tread lightly.)
2024-08-23 10:59:07 -04:00
Cody Rose
f39a5254ff
Customize results cleaning (using smuggled interface) (#3235)
We have identified some cases in which the results "cleaning" logic (the logic that eliminates superfluous results) should not run. In order to allow this, we need to expose the cleaning logic to the engine. This PR does so by doing these things:

- Create a CustomResultsCleaner interface that can be implemented by detectors that want to use custom cleaning logic
- Implement this interface for the aws and awssessionkey detectors (and remove their previous invocation of their custom cleaning logic)
- Modify the engine to invoke this logic (conditionally)

This PR also removes the "custom" cleaning logic for the opsgenie, razorpay, and twilio detectors, because it was added erroneously.

This is an alternative implementation of #3233.
2024-08-21 09:42:20 -04:00
renovate[bot]
a0400c197d
fix(deps): update module cloud.google.com/go/secretmanager to v1.14.0 (#3240)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-20 15:36:42 -07:00
renovate[bot]
0e8b433c93
fix(deps): update testcontainers-go monorepo to v0.33.0 (#3239)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-20 13:18:54 -07:00
renovate[bot]
f56f321a3a
fix(deps): update module google.golang.org/api to v0.193.0 (#3238)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-20 09:58:10 -07:00
renovate[bot]
4f945bf65c
fix(deps): update module google.golang.org/api to v0.192.0 (#3237)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-20 09:28:51 -07:00
renovate[bot]
772f1649b9
fix(deps): update module github.com/prometheus/client_golang to v1.20.1 (#3236)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-20 08:59:15 -07:00
renovate[bot]
3f4d411083
chore(deps): update golang docker tag to v1.23 (#3228)
* chore(deps): update golang docker tag to v1.23

* Update Dockerfile.protos

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-08-20 08:28:04 -07:00
renovate[bot]
e5cba6983a
fix(deps): update module github.com/charmbracelet/bubbletea to v0.27.0 (#3229)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-20 07:58:38 -07:00
renovate[bot]
3625d6a3b9
fix(deps): update module github.com/sendgrid/sendgrid-go to v3.15.0+incompatible (#3214)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-16 19:34:49 -07:00
Dustin Decker
fe5624c709
Improve domain / url handling in detectors (#3221)
* Strip path and params and use new client

* update clients

* additional client updates

* revert client
2024-08-15 11:34:28 -07:00
Abdul Basit
e8a297f13b
Support for kebab case and dot notation in permission generation tool (#3222)
* support for fullstop and hypen in permissions.yaml

* updated the readme.
2024-08-15 10:07:42 -07:00
Miccah
daa45cfac4
[chore] Ignore analyzer implementation tests in test-community (#3219)
Many analyzer tests require GCP credentials, which the community does
not have access to. It's best to ignore these tests, which would
otherwise immediately fail for unrelated community contributions.
2024-08-14 14:02:25 -07:00
Miccah
3db9ed7c74
[chore] Fix lint errors (#3218)
* [chore] Fix lint errors under analyzer package

* Fix lint error in source manager test

* Use Sprint instead of Sprintf where appropriate
2024-08-14 13:49:24 -07:00
Miccah
c381e901cc
[analyze] Fix GitHub token expiration parsing (#3205)
* [analyze] Fix GitHub token expiration parsing

* Update test
2024-08-14 10:13:05 -07:00
Miccah
baf642e264
[analyze] Capture the hierarchy of GitHub permissions (#3127) 2024-08-14 10:12:38 -07:00
renovate[bot]
0ba37dbbd1
chore(deps): update sigstore/cosign-installer action to v3.6.0 (#3211)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-13 11:17:40 -07:00
Miccah
97f8a4834b
Add metrics for command invocation (#3185) 2024-08-13 08:50:36 -07:00
0x1
8cf1ec2824
remove two letter keyword (#3210) 2024-08-13 09:09:36 -05:00
renovate[bot]
e9f8123776
fix(deps): update module cloud.google.com/go/secretmanager to v1.13.6 (#3208)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-10 09:33:28 -07:00
Cody Rose
9718ec6a51
Capture decoding time metric (#3209)
We're trying to track down some slowness.
2024-08-09 15:19:16 -04:00
renovate[bot]
f2c7bb93be
fix(deps): update module github.com/google/go-containerregistry to v0.20.2 (#3184)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-09 08:02:50 -07:00
ahrav
a966a47b63
[bug] - Correctly Handle Large Files in BufferedReadSeeker (#3203)
* handle large files correctly

* return if http get fails
2024-08-08 12:07:45 -07:00
Cody Rose
239f35921d
Log when a detector ignores the timeout (#3201)
If a detector ignores the configured timeout it is probably because of I/O blocking, which degrades the efficiency of the detector worker pool when it happens a lot. In the worst case, a detector that fully hangs will zombify its worker, causing really bad performance problems. When this happens, we don't really have a good way to notice other than seeing scan throughput drop suspiciously. This PR adds explicit logging when detection takes longer than it should so we have a better chance of catching this.

(This problem theoretically can spring up anywhere, in any worker, but the detector fleet is vast, uses network I/O, and is implemented by a much larger group of people, so this sort of problem is much more likely to slip into detector implementations than anywhere else in the codebase. We could generalize this mechanism, but I don't want to make that investment before seeing if this smaller change captures the information we need.)
2024-08-08 14:58:23 -04:00
renovate[bot]
713521c433
fix(deps): update module go.mongodb.org/mongo-driver to v1.16.1 (#3197)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-08 11:00:59 -07:00
Miccah
39f5f547e1
[analyze] Fix double-print in postgres analyzer (#3199)
* [analyze] Fix double-print in postgres analyzer

* Continue on error in github analyzer
2024-08-07 16:10:43 -07:00
renovate[bot]
d0726eb949
fix(deps): update module golang.org/x/net to v0.28.0 (#3187)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-07 12:12:12 -07:00
Miccah
bf2afc9751
[analyze] Deduplicate finegrained GitHub permissions (#3196) 2024-08-07 11:22:29 -07:00
Dustin Decker
fc4829a387
Fixes for a few finegrained token issues (#3194)
* Fixes a few finegrained issues

* remove some code
2024-08-07 07:48:00 -07:00
Miccah
8b37ae11ca
[analyze] Add basic section to README (#3190) 2024-08-07 07:26:01 -07:00
Miccah
7730fc826b
[analyze] Bandaid solution for occasional slow startups (#3191)
* [analyze] Bandaid solution for occasional slow startups

* Speed up shutdown

* Add link to upstream issue

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-08-06 22:24:58 -07:00
Hon
ab8c843fec
Analyzer capitalization (#3188)
* capitalization

* Lowercase analyze labels for the subcommand

* Canonicalize input and lowercase when matching command

* add warning

---------

Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
2024-08-06 17:00:40 -07:00
Miccah
a8777fcad9
[analyze] Add analyze option to main TUI and unhide subcommand (#3186)
This is currently a one-way operation. Once you select "analyze" you
cannot get back to the main menu.
2024-08-06 15:30:50 -07:00
renovate[bot]
8c6f852a9c
fix(deps): update module golang.org/x/text to v0.17.0 (#3183)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-06 11:10:22 -07:00
renovate[bot]
8ea60861ba
fix(deps): update module golang.org/x/crypto to v0.26.0 (#3182)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-06 11:10:00 -07:00
Dustin Decker
29de521ed0
Improve finegrained token support (#3179) 2024-08-05 18:55:05 -07:00
Miccah
a373f6bd78
[chore] Use custom HTTP client in sendgrid analyzer (#3178) 2024-08-05 17:47:37 -07:00
Miccah
1df83f79ef
[analyze] Separate SID from token in twilio analyzer (#3177)
* [analyze] Separate SID from token in twilio analyzer

* Fix test

* Set sid in detector
2024-08-05 17:46:57 -07:00