Mike Vanbuskirk
32a351fa02
adds linting for workflow and actions ( #1356 )
2023-05-22 21:43:25 -04:00
dependabot[bot]
d11f06989d
Bump golang.org/x/crypto from 0.8.0 to 0.9.0 ( #1354 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 10:08:58 -05:00
dependabot[bot]
a9d2464301
Bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 ( #1351 )
...
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go ) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases )
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.20.0...v0.21.0 )
---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 10:08:17 -05:00
Brendan Shaklovitz
3ab864aca9
Make OpenAI regex more specific ( #1345 )
2023-05-22 07:39:18 -07:00
dependabot[bot]
9cc3d05c31
Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 ( #1352 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 09:31:51 -05:00
dependabot[bot]
596639bb6f
Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 ( #1353 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 09:30:56 -05:00
dependabot[bot]
ecffe724a5
Bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 ( #1355 )
...
Bumps [github.com/go-logr/zapr](https://github.com/go-logr/zapr ) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/go-logr/zapr/releases )
- [Commits](https://github.com/go-logr/zapr/compare/v1.2.3...v1.2.4 )
---
updated-dependencies:
- dependency-name: github.com/go-logr/zapr
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 09:30:29 -05:00
Mike Vanbuskirk
1d9d6b6039
needed perms for running workflows against forks ( #1348 )
...
Co-authored-by: ahrav <ahravdutta02@gmail.com>
2023-05-19 15:31:20 -04:00
ahrav
1da7720912
Replace context.TODO. ( #1349 )
2023-05-19 11:09:51 -07:00
Zachary Rice
4ba0ad480f
Add message for discord server in readme ( #1344 )
...
* discord server
* Update README.md
2023-05-19 11:14:50 -05:00
ahrav
0c386220dd
[chore] - Use correct detector proto ( #1347 )
...
* Use correct detector proto.
* sort imports.
2023-05-18 15:12:38 -07:00
trufflesteeeve
1a81709726
Check to see if StructuredData exists before attempting to print it ( #1346 )
2023-05-18 17:42:19 -04:00
Brendan Shaklovitz
195f9f0798
Add Base64URLSafe decoder ( #1292 )
...
* Add Base64URLSafe decoder
* Add decoder that can decode base64 strings with '_' and '-' instead of
of '+' and '/'.
* Combine url-safe b64 decoder into b64 decoder
2023-05-18 08:30:47 -07:00
RuchitaKshirsagarTR
f831b62a3f
Update generic.go ( #1343 )
...
Generic API keys like shown in the example below is getting excluded:
api_key=9e107d9d372bb6826bd81d3542a419d6 because of following regex patterns:
\b[A-Fa-f0-9]{32}\b
\b[A-Fa-f0-9x]{6,99}\b
The base64 decoding logic is getting hit and NOT returning an error, and thus it continues thinking it is base64 decoded.
2023-05-17 13:30:40 -07:00
ahrav
31844b12e3
[oc-313] - Add GitHub metrics ( #1324 )
...
* Normalize repos during enumeration.
* fix test.
* Add benchmark.
* Add benchmark.
* Add more realistic benchmark values.
* add gist mocks.
* Remove old normalize fxn.
* abstract away the repo cache.
* update test.
* increase repo count.
* increase page limnit to 100.
* move callee fxns below caller for Chunks.
* Add context to normalize.
* remove extra logic in normalize repo.
* Delete new.txt
* Delete old.txt
* Handle errors in a thread safe manner.
* fix test.'
* fix test.
* handle repos that are included by users.
* Abstract include ignore logic within repoCache.
* Add better comment around repoCache.
* Rename params.
* remove commented out code.
* use repos instead of items.
* remove commented out code.
* Use ++ instead of atomic increment.
* update to use logger var.
* use cache pkg.
* Use separate file for repo logic.
* Address comments.
* fix test.
* make less sucky test.
* Update test.
* Add logs for duration and repo size.
* fix integration test.
* address comment.
2023-05-16 08:45:28 -07:00
Brendan Shaklovitz
88b4a283c4
Add extra data and structured data to plain output ( #1316 )
...
* Add extra data and structured data to plain output
* Remove duplicate ExtraData output
2023-05-16 08:14:42 -07:00
Dustin Decker
4250773e92
GitHub basic auth ( #1337 )
2023-05-15 22:04:42 -07:00
ahrav
e81b908e07
Add buildkitev2 detector for newer tokens. ( #1341 )
2023-05-15 12:58:36 -07:00
ahrav
6db770fbe5
use md5 hash for checking if key exists. ( #1257 )
2023-05-15 10:04:14 -07:00
ahrav
948828ba8c
[chore] - move objectManager interface ( #1332 )
...
* Relocate the objectManager interface to the consumer package as per Go
best practices.
* address comment.
2023-05-15 09:30:26 -07:00
dependabot[bot]
5546033ad6
Bump golang.org/x/sync from 0.1.0 to 0.2.0 ( #1334 )
...
Bumps [golang.org/x/sync](https://github.com/golang/sync ) from 0.1.0 to 0.2.0.
- [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/sync
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-15 08:56:34 -05:00
dependabot[bot]
a46a183334
Bump github.com/rabbitmq/amqp091-go from 1.8.0 to 1.8.1 ( #1335 )
...
Bumps [github.com/rabbitmq/amqp091-go](https://github.com/rabbitmq/amqp091-go ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/rabbitmq/amqp091-go/releases )
- [Changelog](https://github.com/rabbitmq/amqp091-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rabbitmq/amqp091-go/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/rabbitmq/amqp091-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-15 08:56:00 -05:00
dependabot[bot]
b9eb34b3e0
Bump github.com/go-sql-driver/mysql from 1.7.0 to 1.7.1 ( #1336 )
...
Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql ) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/go-sql-driver/mysql/releases )
- [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-sql-driver/mysql/compare/v1.7.0...v1.7.1 )
---
updated-dependencies:
- dependency-name: github.com/go-sql-driver/mysql
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-15 08:25:37 -05:00
dependabot[bot]
1df352bac5
Bump google.golang.org/api from 0.114.0 to 0.122.0 ( #1342 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.114.0 to 0.122.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.114.0...v0.122.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-15 08:23:42 -05:00
dependabot[bot]
4fcea1e772
Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 ( #1339 )
...
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-15 08:21:39 -05:00
vickygoel
4c04bbbe85
added pulumi cloud Access token detector ( #1295 )
...
* added pulumi cloud Access token detector
* removed accidentally committed tokens
* added the databricks token detection
* made recommended changes
* added supabase management api token
* nuget api key detector
* added aiven.io token detector
* added prefect.io api key detector
* update protos.
---------
Co-authored-by: Developer <garg47294+1@gmail.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
2023-05-11 09:08:48 -07:00
Brendan Shaklovitz
584db86031
Support line numbers in filesystem source ( #1297 )
2023-05-09 08:02:34 -07:00
Brendan Shaklovitz
fad34d4dc6
git worktree scanning fix for #827 ( #1315 )
...
* Fix worktree scan by setting EnableDotGitCommonDir
* Change `PlainOpenOptions` to set `EnableDotGitCommonDir` to true.
In every current usage of this function, it is on an already-cloned
repository, so it should always be valid to have this set. By doing
so, it should fix some issues with worktrees.
* Remove unused go.mod replace directives
* Remove replace directives for libraries that are not in use.
2023-05-09 08:00:47 -07:00
Brendan Shaklovitz
e3213fbdeb
Do extraction after decompression ( #1320 )
...
* Fix error where some files do not get properly scanned due to order of
extraction / decompression steps. Doing decompression first ensures
that a compressed archive (e.g., gzipped zip file), is handled
correctly.
2023-05-09 07:56:08 -07:00
Bill Rich
f2924f3061
Make sure context lines are properly handled ( #1331 )
...
* Make sure context lines are properly handled
* Fix git test to account for context change
2023-05-05 12:51:27 -07:00
Miccah
6699ccd2b5
Generate protos ( #1329 )
2023-05-04 12:26:41 -05:00
Brendan Shaklovitz
87f3f27dab
Fix SquareApp detector type return value ( #1322 )
...
* Change SquareApp detector type to report as SquareApp instead of
Square.
2023-05-04 10:25:20 -07:00
ahrav
deb0f63d25
Update regex. ( #1328 )
2023-05-04 10:23:13 -07:00
ahrav
030c093392
Fix how we scan orgs ( #1327 )
...
* Fix how we scan orgs.
* fix integration test.
2023-05-04 08:07:11 -07:00
Brendan Shaklovitz
be4147a24e
Output git timestamps as UTC times ( #1323 )
2023-05-03 11:47:00 -05:00
ahrav
323c093818
Normalize GitHub repos during enumeration ( #1269 )
...
* Normalize repos during enumeration.
* fix test.
* Add benchmark.
* Add benchmark.
* Add more realistic benchmark values.
* add gist mocks.
* Remove old normalize fxn.
* abstract away the repo cache.
* update test.
* increase repo count.
* increase page limnit to 100.
* move callee fxns below caller for Chunks.
* Add context to normalize.
* remove extra logic in normalize repo.
* Delete new.txt
* Delete old.txt
* Handle errors in a thread safe manner.
* fix test.'
* fix test.
* handle repos that are included by users.
* Abstract include ignore logic within repoCache.
* Add better comment around repoCache.
* Rename params.
* remove commented out code.
* use repos instead of items.
* remove commented out code.
* Use ++ instead of atomic increment.
* update to use logger var.
* use cache pkg.
* Address comments.
* fix test.
* make less sucky test.
* Update test.
2023-05-03 08:35:53 -07:00
ahrav
9cb91a6e4f
Extend cache interface ( #1318 )
...
* Extend cache interface.
* update test.
2023-05-03 08:21:00 -07:00
ahrav
714c480931
Add log to track git log size ( #1325 )
...
* Add log to track git log size.
* Add calc for large commits and last commit.
2023-05-02 16:36:39 -07:00
Zachary Rice
21258f4160
add performance test ( #1301 )
...
* add performance test
* only run on PRs, test out failure
* remove extras
2023-05-01 10:54:05 -05:00
Dustin Decker
65305ed9f6
Scan only for verified secrets in our CI ( #1310 )
2023-05-01 10:28:46 -05:00
dependabot[bot]
156aaac745
Bump github.com/lib/pq from 1.10.8 to 1.10.9 ( #1307 )
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.10.8 to 1.10.9.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.10.8...v1.10.9 )
---
updated-dependencies:
- dependency-name: github.com/lib/pq
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-01 07:55:12 -07:00
dependabot[bot]
531d17bd3a
Bump github.com/mholt/archiver/v4 from 4.0.0-alpha.7 to 4.0.0-alpha.8 ( #1305 )
...
Bumps [github.com/mholt/archiver/v4](https://github.com/mholt/archiver ) from 4.0.0-alpha.7 to 4.0.0-alpha.8.
- [Release notes](https://github.com/mholt/archiver/releases )
- [Changelog](https://github.com/mholt/archiver/blob/master/.goreleaser.yml )
- [Commits](https://github.com/mholt/archiver/compare/v4.0.0-alpha.7...v4.0.0-alpha.8 )
---
updated-dependencies:
- dependency-name: github.com/mholt/archiver/v4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-01 07:49:15 -07:00
Jason Solis
c13c56283d
add tineswebhook detector ( #1304 )
2023-05-01 07:48:58 -07:00
dependabot[bot]
56cd1df414
Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.3.0 to 2.4.0 ( #1306 )
...
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.3.0...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-01 07:41:11 -07:00
ahrav
67972683ea
[chore] - format log msg ( #1299 )
...
* format log msg.
* snake.
* lowercase repo.
2023-04-27 17:14:00 -07:00
ahrav
a2266b4e28
add additional logging ( #1298 )
...
* add additional logging.
* update test.
* remove continue.
* address comments.
2023-04-27 16:48:04 -07:00
Miccah
b1675194ca
Implement EndpointCustomizer ( #1291 )
...
* Implement EndpointCustomizer
Add the EndpointCustomizer interface and EndpointSetter convenience struct,
implement EndpointCustomizer for github and gitlab detectors, and add
parsing, verification, and applying user-supplied configuration.
* Check error from SetEndpoints
* Rename variable for clarity
2023-04-27 12:23:50 -05:00
Dustin Decker
4086895249
add scripts to benchmark and plot performance across tags ( #1293 )
...
* add scripts to benchmark and plot performance across tags
* missing newline
* fmt
2023-04-26 15:43:23 -07:00
Brendan Shaklovitz
10902f802a
Add max object size flag for s3 bucket scanning ( #1294 )
...
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-04-26 15:39:43 -07:00
Aman Sakhuja
2a3f8942ee
Fixed contentfulpersonalaccesstoken regex ( #1199 )
2023-04-26 14:32:36 -07:00