Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 14:42:03 +00:00
Code Issues Projects Releases Packages Wiki Activity
2032 commits 123 branches 240 tags 83 MiB
Commit graph

2032 commits

This branch
This branch
All branches
Author SHA1 Message Date
ahrav
1da7720912
Replace context.TODO. (#1349) 2023-05-19 11:09:51 -07:00
Zachary Rice
4ba0ad480f
Add message for discord server in readme (#1344) 
* discord server

* Update README.md
 2023-05-19 11:14:50 -05:00
ahrav
0c386220dd
[chore] - Use correct detector proto (#1347) 
* Use correct detector proto.

* sort imports.
 2023-05-18 15:12:38 -07:00
trufflesteeeve
1a81709726
Check to see if StructuredData exists before attempting to print it (#1346) 2023-05-18 17:42:19 -04:00
Brendan Shaklovitz
195f9f0798
Add Base64URLSafe decoder (#1292) 
* Add Base64URLSafe decoder

* Add decoder that can decode base64 strings with '_' and '-' instead of
  of '+' and '/'.

* Combine url-safe b64 decoder into b64 decoder
 2023-05-18 08:30:47 -07:00
RuchitaKshirsagarTR
f831b62a3f
Update generic.go (#1343) 
Generic API keys like shown in the example below is getting excluded:
api_key=9e107d9d372bb6826bd81d3542a419d6 because of following regex patterns:

\b[A-Fa-f0-9]{32}\b
\b[A-Fa-f0-9x]{6,99}\b

The base64 decoding logic is getting hit and NOT returning an error, and thus it continues thinking it is base64 decoded.
 2023-05-17 13:30:40 -07:00
ahrav
31844b12e3
[oc-313] - Add GitHub metrics (#1324) 
* Normalize repos during enumeration.

* fix test.

* Add benchmark.

* Add benchmark.

* Add more realistic benchmark values.

* add gist mocks.

* Remove old normalize fxn.

* abstract away the repo cache.

* update test.

* increase repo count.

* increase page limnit to 100.

* move callee fxns below caller for Chunks.

* Add context to normalize.

* remove extra logic in normalize repo.

* Delete new.txt

* Delete old.txt

* Handle errors in a thread safe manner.

* fix test.'

* fix test.

* handle repos that are included by users.

* Abstract include ignore logic within repoCache.

* Add better comment around repoCache.

* Rename params.

* remove commented out code.

* use repos instead of items.

* remove commented out code.

* Use ++ instead of atomic increment.

* update to use logger var.

* use cache pkg.

* Use separate file for repo logic.

* Address comments.

* fix test.

* make less sucky test.

* Update test.

* Add logs for duration and repo size.

* fix integration test.

* address comment.
 2023-05-16 08:45:28 -07:00
Brendan Shaklovitz
88b4a283c4
Add extra data and structured data to plain output (#1316) 
* Add extra data and structured data to plain output

* Remove duplicate ExtraData output
 2023-05-16 08:14:42 -07:00
Dustin Decker
4250773e92
GitHub basic auth (#1337) 2023-05-15 22:04:42 -07:00
ahrav
e81b908e07
Add buildkitev2 detector for newer tokens. (#1341) 2023-05-15 12:58:36 -07:00
ahrav
6db770fbe5
use md5 hash for checking if key exists. (#1257) 2023-05-15 10:04:14 -07:00
ahrav
948828ba8c
[chore] - move objectManager interface (#1332) 
* Relocate the objectManager interface to the consumer package as per Go
best practices.

* address comment.
 2023-05-15 09:30:26 -07:00
dependabot[bot]
5546033ad6
Bump golang.org/x/sync from 0.1.0 to 0.2.0 (#1334) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0.
- [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:56:34 -05:00
dependabot[bot]
a46a183334
Bump github.com/rabbitmq/amqp091-go from 1.8.0 to 1.8.1 (#1335) 
Bumps [github.com/rabbitmq/amqp091-go](https://github.com/rabbitmq/amqp091-go) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/rabbitmq/amqp091-go/releases)
- [Changelog](https://github.com/rabbitmq/amqp091-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rabbitmq/amqp091-go/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/rabbitmq/amqp091-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:56:00 -05:00
dependabot[bot]
b9eb34b3e0
Bump github.com/go-sql-driver/mysql from 1.7.0 to 1.7.1 (#1336) 
Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-sql-driver/mysql/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/go-sql-driver/mysql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:25:37 -05:00
dependabot[bot]
1df352bac5
Bump google.golang.org/api from 0.114.0 to 0.122.0 (#1342) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.114.0 to 0.122.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.114.0...v0.122.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:23:42 -05:00
dependabot[bot]
4fcea1e772
Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#1339) 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:21:39 -05:00
vickygoel
4c04bbbe85
added pulumi cloud Access token detector (#1295) 
* added pulumi cloud Access token detector

* removed accidentally committed tokens

* added the databricks token detection

* made recommended changes

* added supabase management api token

* nuget api key detector

* added aiven.io token detector

* added prefect.io api key detector

* update protos.

---------

Co-authored-by: Developer <garg47294+1@gmail.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-05-11 09:08:48 -07:00
Brendan Shaklovitz
584db86031
Support line numbers in filesystem source (#1297) 2023-05-09 08:02:34 -07:00
Brendan Shaklovitz
fad34d4dc6
git worktree scanning fix for #827 (#1315) 
* Fix worktree scan by setting EnableDotGitCommonDir

* Change `PlainOpenOptions` to set `EnableDotGitCommonDir` to true.
  In every current usage of this function, it is on an already-cloned
  repository, so it should always be valid to have this set. By doing
  so, it should fix some issues with worktrees.

* Remove unused go.mod replace directives

* Remove replace directives for libraries that are not in use.
 2023-05-09 08:00:47 -07:00
Brendan Shaklovitz
e3213fbdeb
Do extraction after decompression (#1320) 
* Fix error where some files do not get properly scanned due to order of
  extraction / decompression steps. Doing decompression first ensures
  that a compressed archive (e.g., gzipped zip file), is handled
  correctly.
 2023-05-09 07:56:08 -07:00
Bill Rich
f2924f3061
Make sure context lines are properly handled (#1331) 
* Make sure context lines are properly handled

* Fix git test to account for context change
 2023-05-05 12:51:27 -07:00
Miccah
6699ccd2b5
Generate protos (#1329) 2023-05-04 12:26:41 -05:00
Brendan Shaklovitz
87f3f27dab
Fix SquareApp detector type return value (#1322) 
* Change SquareApp detector type to report as SquareApp instead of
  Square.
 2023-05-04 10:25:20 -07:00
ahrav
deb0f63d25
Update regex. (#1328) 2023-05-04 10:23:13 -07:00
ahrav
030c093392
Fix how we scan orgs (#1327) 
* Fix how we scan orgs.

* fix integration test.
 2023-05-04 08:07:11 -07:00
Brendan Shaklovitz
be4147a24e
Output git timestamps as UTC times (#1323) 2023-05-03 11:47:00 -05:00
ahrav
323c093818
Normalize GitHub repos during enumeration (#1269) 
* Normalize repos during enumeration.

* fix test.

* Add benchmark.

* Add benchmark.

* Add more realistic benchmark values.

* add gist mocks.

* Remove old normalize fxn.

* abstract away the repo cache.

* update test.

* increase repo count.

* increase page limnit to 100.

* move callee fxns below caller for Chunks.

* Add context to normalize.

* remove extra logic in normalize repo.

* Delete new.txt

* Delete old.txt

* Handle errors in a thread safe manner.

* fix test.'

* fix test.

* handle repos that are included by users.

* Abstract include ignore logic within repoCache.

* Add better comment around repoCache.

* Rename params.

* remove commented out code.

* use repos instead of items.

* remove commented out code.

* Use ++ instead of atomic increment.

* update to use logger var.

* use cache pkg.

* Address comments.

* fix test.

* make less sucky test.

* Update test.
 2023-05-03 08:35:53 -07:00
ahrav
9cb91a6e4f
Extend cache interface (#1318) 
* Extend cache interface.

* update test.
 2023-05-03 08:21:00 -07:00
ahrav
714c480931
Add log to track git log size (#1325) 
* Add log to track git log size.

* Add calc for large commits and last commit.
 2023-05-02 16:36:39 -07:00
Zachary Rice
21258f4160
add performance test (#1301) 
* add performance test

* only run on PRs, test out failure

* remove extras
 2023-05-01 10:54:05 -05:00
Dustin Decker
65305ed9f6
Scan only for verified secrets in our CI (#1310) 2023-05-01 10:28:46 -05:00
dependabot[bot]
156aaac745
Bump github.com/lib/pq from 1.10.8 to 1.10.9 (#1307) 
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.8 to 1.10.9.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.8...v1.10.9)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-01 07:55:12 -07:00
dependabot[bot]
531d17bd3a
Bump github.com/mholt/archiver/v4 from 4.0.0-alpha.7 to 4.0.0-alpha.8 (#1305) 
Bumps [github.com/mholt/archiver/v4](https://github.com/mholt/archiver) from 4.0.0-alpha.7 to 4.0.0-alpha.8.
- [Release notes](https://github.com/mholt/archiver/releases)
- [Changelog](https://github.com/mholt/archiver/blob/master/.goreleaser.yml)
- [Commits](https://github.com/mholt/archiver/compare/v4.0.0-alpha.7...v4.0.0-alpha.8)

---
updated-dependencies:
- dependency-name: github.com/mholt/archiver/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-01 07:49:15 -07:00
Jason Solis
c13c56283d
add tineswebhook detector (#1304) 2023-05-01 07:48:58 -07:00
dependabot[bot]
56cd1df414
Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.3.0 to 2.4.0 (#1306) 
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-01 07:41:11 -07:00
ahrav
67972683ea
[chore] - format log msg (#1299) 
* format log msg.

* snake.

* lowercase repo.
 2023-04-27 17:14:00 -07:00
ahrav
a2266b4e28
add additional logging (#1298) 
* add additional logging.

* update test.

* remove continue.

* address comments.
 2023-04-27 16:48:04 -07:00
Miccah
b1675194ca
Implement EndpointCustomizer (#1291) 
* Implement EndpointCustomizer

Add the EndpointCustomizer interface and EndpointSetter convenience struct,
implement EndpointCustomizer for github and gitlab detectors, and add
parsing, verification, and applying user-supplied configuration.

* Check error from SetEndpoints

* Rename variable for clarity
 2023-04-27 12:23:50 -05:00
Dustin Decker
4086895249
add scripts to benchmark and plot performance across tags (#1293) 
* add scripts to benchmark and plot performance across tags

* missing newline

* fmt
 2023-04-26 15:43:23 -07:00
Brendan Shaklovitz
10902f802a
Add max object size flag for s3 bucket scanning (#1294) 
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-04-26 15:39:43 -07:00
Aman Sakhuja
2a3f8942ee
Fixed contentfulpersonalaccesstoken regex (#1199) 2023-04-26 14:32:36 -07:00
Shabbir B
d1cbc54fc6
Updated BrowserStack detector endpoint (#1290) 
Updated endpoint
 2023-04-26 08:59:24 -07:00
Miccah
5a86c18302
Fix include and exclude detector logic (#1267) 
* Fix include and exclude detector logic

* Fix test

* Add more clarifying comments
 2023-04-26 10:49:54 -05:00
ahrav
622700b6ec
update proto to allow for ignoring projects. (#1289) 2023-04-26 07:30:43 -07:00
ahrav
15ed428e28
update jira detector. (#1288) 2023-04-25 17:26:51 -07:00
Shabbir B
6f801f64c7
Added a new detector for percy.io (#1284) 
* Feature: Added a new detector for percy.io

* Updated variable name

---------

Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-04-25 13:18:34 -07:00
Dustin Decker
3485a6dab1
improve sqlserver detection and testing (#1285) 
* improve sqlserver detection and testing

* add data source keyword
 2023-04-25 11:00:37 -07:00
ahrav
34f5db64ae
Small optimizations for the base64 decoder (#1278) 
* Small optimizations.

* remove unnecessary timer reset.

* remove blank lines.

* remove test file.

* Move b64 character mapping creation to init.
 2023-04-24 11:27:07 -07:00
dependabot[bot]
91bd843ba7
Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 (#1282) 
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.29.0 to 1.30.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.29.0...spanner/v1.30.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 10:37:48 -07:00