Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
2115 commits 139 branches 257 tags 147 MiB
Commit graph

2115 commits

This branch
This branch
All branches
Author SHA1 Message Date
Zachary Rice
0bbe62cec5
Update tests for forks so we don't fail on everything (#1475) 
* Update gh action
 2023-07-11 08:13:00 -05:00
Miccah
5c0ffda618
Define SourceUnit enumeration interface (#1428) 
* Add CancellableWrite helper function

* Create SourceUnitEnumerator interface and EnumerationResult struct

* Implement SourceUnitEnumerator for the filesystem Source

* Omit explicit zero values
 2023-07-10 15:05:40 -05:00
dependabot[bot]
9d5c205318
Bump google.golang.org/api from 0.129.0 to 0.130.0 (#1472) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.129.0 to 0.130.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.129.0...v0.130.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-07-10 15:00:16 -05:00
Zachary Rice
d4972313ff
remove old detector (#1474) 2023-07-10 13:02:19 -05:00
dependabot[bot]
00f42c51dc
Bump github.com/TheZeroSlave/zapsentry from 1.15.0 to 1.17.0 (#1470) 
Bumps [github.com/TheZeroSlave/zapsentry](https://github.com/TheZeroSlave/zapsentry) from 1.15.0 to 1.17.0.
- [Release notes](https://github.com/TheZeroSlave/zapsentry/releases)
- [Commits](https://github.com/TheZeroSlave/zapsentry/compare/v1.15.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/TheZeroSlave/zapsentry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-07-10 12:56:28 -05:00
dependabot[bot]
ffd63c0174
Bump github.com/jlaffaye/ftp from 0.1.0 to 0.2.0 (#1471) 
Bumps [github.com/jlaffaye/ftp](https://github.com/jlaffaye/ftp) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/jlaffaye/ftp/releases)
- [Commits](https://github.com/jlaffaye/ftp/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: github.com/jlaffaye/ftp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-07-10 10:49:13 -05:00
dependabot[bot]
800695fe66
Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#1473) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/crypto/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-07-10 10:42:31 -05:00
Cody Rose
87058dd7fa
Add new verification error message field (#1463) 2023-07-10 11:15:40 -04:00
Zachary Rice
0bdd513d88
additional similarity check for base64 and plain (#1462) 
* additional similarity check for base64 and plain

* use bytes equal

* move logic into util function
 2023-07-10 10:12:59 -05:00
Zubair Khan
b38857edb4
fix missing api key, tighten up regex pattern, use response body check (#1438) 2023-07-06 16:35:52 -04:00
Richard Gomez
23757dbe0a
remove image4 detector (#1461) 2023-07-06 12:56:09 -07:00
Peter Dave Hello
7a55a146a3
Remove additional apk clean up in Dockerfile (#1440) 2023-07-06 12:55:08 -07:00
Zachary Rice
a99d89d711
fix typo (#1452) 2023-07-05 14:14:18 -05:00
dependabot[bot]
d017181251
Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 (#1442) 
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-07-05 11:12:58 -05:00
dependabot[bot]
7f56f97522
Bump google.golang.org/api from 0.128.0 to 0.129.0 (#1441) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.128.0 to 0.129.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.128.0...v0.129.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-05 11:12:48 -05:00
Zachary Rice
8a508e6bcd
Add missing keywords for sqlserver (#1449) 2023-07-05 11:12:19 -05:00
dependabot[bot]
987610d310
Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#1444) 
Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-05 09:53:56 -05:00
dependabot[bot]
598158720c
Bump cloud.google.com/go/secretmanager from 1.11.0 to 1.11.1 (#1443) 
Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.11.0...asset/v1.11.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-04 10:11:49 -07:00
dependabot[bot]
e7db276ace
Bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 (#1445) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-03 15:33:52 -07:00
Zachary Rice
452734adc8
remove head from git diff command, rename unstaged to staged (#1439) 2023-06-29 15:33:30 -05:00
Zachary Rice
18a70b64bb
Introduce trufflehog:ignore tag feature (#1433) 
* init ignore

* cleanup and add test

* update readme
 2023-06-29 08:45:56 -05:00
roxanne-tampus
00920984e3
added opsgenie detector (#650) 
* added opsgenie detector

* update interface and import

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-06-27 16:43:25 -07:00
Zubair Khan
d6375ba921
verify response body with expected keywords (#1419) 
* verify response body with expected keywords

* remove debug log

* add extra test case

* migrate from ioutil to io

* close body and only check for one keyword

* cleanup
 2023-06-27 11:46:15 -04:00
Miccah
8ea49de490
Don't return on okta credential failed verification (#1432) 2023-06-27 09:21:39 -05:00
Zachary Rice
4a77688097
use stringer again for now (#1430) 2023-06-26 14:33:54 -05:00
trufflesteeeve
11bff81def
Use url redaction in git (#1399) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-06-26 13:56:08 -05:00
dependabot[bot]
06f2d3a162
Bump github.com/xanzy/go-gitlab from 0.85.0 to 0.86.0 (#1425) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.85.0 to 0.86.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.85.0...v0.86.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-26 11:39:20 -07:00
Zubair Khan
f52946b996
Add Couchbase Detector (#1385) 
* init

* add detector type

* rotate leaked credentials

* tighten up username pattern

* isolated prefixregex as overrriding new line stuff

* passwordPat working now

* add username test

* fix edge case

* cleanup

* make linter happy

* make linter happy rd 2

* skip error logging

* fix test

* add password regex helper func

* make test more robust

* cleanup PR

* remove comments

* clarify prepend rationale
 2023-06-26 14:37:10 -04:00
Miccah
945c27cb82
Fix docker source to return any chunk errors (#1429) 2023-06-26 12:12:46 -05:00
Brendan Shaklovitz
da5301ea1e
Exit with non-zero exit code on chunk source error (#1286) 
* Exit with non-zero exit code on chunk source error

* Exit with a non-zero exit code whenever we hit an error getting
  chunks. Previously the error would be logged but trufflehog would exit
  with a 0 (success) status code.

* fix gcs test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-06-26 11:39:57 -05:00
dependabot[bot]
7cefea6562
Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 (#1424) 
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.29.0 to 1.30.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.29.0...pubsub/v1.30.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-26 08:44:45 -07:00
Chris Atkin
6e6895b48e
Update Slack webhook error text for verification (#1427) 
This updates the matched error text to determine the verified status of a Slack webhook, as this has been updated on Slack's API.
 2023-06-26 08:44:17 -07:00
dependabot[bot]
146ddb351b
Bump golang.org/x/sync from 0.2.0 to 0.3.0 (#1426) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.2.0 to 0.3.0.
- [Commits](https://github.com/golang/sync/compare/v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-26 08:27:48 -07:00
dependabot[bot]
ab84f1fbc6
Bump go.mongodb.org/mongo-driver from 1.11.6 to 1.12.0 (#1423) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.11.6 to 1.12.0.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.11.6...v1.12.0)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-26 08:27:09 -07:00
dependabot[bot]
3ea766e8c2
Bump github.com/go-ldap/ldap/v3 from 3.4.4 to 3.4.5 (#1422) 
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.4 to 3.4.5.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.4.4...v3.4.5)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-26 08:25:53 -07:00
Zubair Khan
cd67f6bf16
prevent www from being a key to prevent fp (#1418) 2023-06-25 11:55:11 -04:00
Dustin Decker
eeefde1ec9
Ensure results are collected correctly when verification is off, and dedupe twilio (#1420) 2023-06-23 14:14:08 -07:00
Miccah
f3152b6885
Implement SourceUnitUnmarshaller for all sources (#1416) 
* Implement CommonSourceUnitUnmarshaller

* Add SourceUnitUnmarshaller to all sources using

All sources, with the exception of git, will use the CommonSourceUnit as
they only contain a single type of unit to scan.

* Fix method comments to adhere to Go's style guide
 2023-06-23 11:15:51 -05:00
dependabot[bot]
0c643bd610
Bump github.com/docker/distribution (#1415) 
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-22 09:14:47 -07:00
Dustin Decker
e856a6890d
🎉 Add Docker image scanning 🎉 (#1412) 
* Add Docker source

* Add metrics

* Add test

* Add debugging, address PR comments, fix path output

* review suggestions
 2023-06-22 08:02:25 -07:00
dillonstreator
648ef3b52c
fix spelling errors (#1413) 2023-06-21 07:15:28 -07:00
dillonstreator
fd4b5d1d14
remove gorilla mux (#1411) 2023-06-20 17:07:03 -07:00
Zubair Khan
0c3410c5cd
add new key pat for mailgun detector (#1375) 
* add new detector key pat for mailgun

* resolve mailgun issue

* remove unused tokenPat and commented strings import

* fix closing bracket issue
 2023-06-20 19:14:56 -04:00
dependabot[bot]
df353f0b44
Bump google.golang.org/api from 0.125.0 to 0.128.0 (#1408) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.125.0 to 0.128.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.125.0...v0.128.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-20 13:24:53 -07:00
dependabot[bot]
93969f967d
Bump github.com/googleapis/gax-go/v2 from 2.10.0 to 2.11.0 (#1406) 
Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/googleapis/gax-go/releases)
- [Commits](https://github.com/googleapis/gax-go/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: github.com/googleapis/gax-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-20 13:21:19 -07:00
Zachary Rice
4938d67e66
Custom detector name (#1400) 
* hacky way to add detector name to output

* set name in custom detectors
 2023-06-20 13:55:31 -05:00
Zachary Rice
e9cce62faf
update discord invite link to one that doesn't expire (#1410) 2023-06-20 12:29:40 -05:00
dependabot[bot]
12cb4224ca
Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (#1407) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-20 10:28:00 -07:00
dependabot[bot]
84f2e72d0a
Bump github.com/getsentry/sentry-go from 0.21.0 to 0.22.0 (#1404) 
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-20 10:27:14 -07:00
Miccah
e12f0f84a1
Setup SourceUnit interface (#1393) 
* Test: Asymmetrical unmarshal API

* Test: Symmetric marshal API

* Revert "Test: Symmetric marshal API"

This reverts commit f51c64a797.

* Cleanup test example and add SourceUnitUnmarshaller interface

* Add CommonSourceUnit implementation

* Update comments

* Remove UnmarshalJSON
 2023-06-16 10:38:28 -05:00