* implement analyzer interface for stripe
* consider cateogry as unbound resource if there is no permission with it.
* check for key existence in map.
pass on analysis info from Stripe detector.
test change to remove analysis info.
* remove Valid boolean from metadata of analyzer result
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* Add POC analyze sub-command
* Address lint errors
* added http logging to most analyzers
* Use custom RoundTripper with default http.Client
* [chore] Embed scopes at compile time
* [chore] Move subcommand check up to prevent printing metrics
* Create framework of interfaces, structs, and protos
* Implement Analyzer for airbrake
* Add FullAccess permission constant
* Implement Analyzer for asana
* Implement Analyzer for bitbucket
* Implement Analyzer for github
* Implement Analyzer for gitlab
* Implemente Analyzer for huggingface
* Implement Analyzer for mailchimp
* implement analyzer for mailgun
* update cli cmd
* Implement analyzer for openai
* fix timing issue on scopes
* print permissions only if restricted key
* Implement Analyzer for mysql
* enable loggin check
* fixed the formatting issue to wrap sub-errors
* implemented analyzer for opsgenie
* implemented analyzer for postgres
* use format string
* implemented analyzer for sendgrid
* simplify returning the error
* implemented analyzer for postman
* added handling of workspace error
* Update protos to match OSS
* Generate protos
* Update data structures to match OSS
* Update airbrake implementation
* Remove asana implementation
* Remove mailchimp implementation
* Update openai implementation to match OSS
* Remove gitlab implementation
* Remove huggingface implementation
* Remove bitbucket implementation
* Fix permission in airbrake
* Remove github implementation
* Remove mailgun implementation
* Cleanup compiler errors
* Implement Analyzer interface for github
* Add parents to github resources
* Add fine_grained to github metadata
* Update with changes from main
* Remove unused function stubs
---------
Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
Co-authored-by: Hon <8292703+hxnyk@users.noreply.github.com>
Co-authored-by: Abdul Basit <abasit@folio3.com>
Co-authored-by: Abdul Basit <basit.mussani@gmail.com>
The AWS detector verifies credentials in a weird hacky way to work around some non-obvious STS behavior. This workaround does not work for canary tokens, so I updated the test secrets to use non-canary tokens. This PR updates the tests to match the secrets file changes.
* [analyze] Implement Analyzer interface for github
* Make github repo and user enumeration configurable
* Add AnalysisInfo to github detector
* Use AnalyzeAndPrintPermissions from the CLI
* Add POC analyze sub-command
* Address lint errors
* [chore] Embed scopes at compile time
* [chore] Move subcommand check up to prevent printing metrics
* added http logging to most analyzers
* Use custom RoundTripper with default http.Client
* Create framework of interfaces, structs, and protos
* Merge main
* Add AnalysisInfo to detectors.Result
* Hide analyze subcommand
* Update gen_proto.sh
* Update protos
* Make protos
* Update analyzer data types
* Rename argument to credentialInfo
---------
Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
* implemented a netsuite detector
* implemented the netsuite detector with modified test.
* clean up go.sum by running `go mod tidy`
* implemented a netsuite detector
* implemented the netsuite detector with modified test.
* clean up go.sum by running `go mod tidy`
* Incorporated suggestion by Ahrav
- optimized nonce generation logic.
- use string builder as compare to concatenation.
* fix go.sum
* fix import
* fix
---------
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
