Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 06:31:57 +00:00
Code Issues Projects Releases Packages Wiki Activity
3165 commits 123 branches 240 tags 83 MiB
Commit graph

2436 commits

Author SHA1 Message Date
Richard Gomez
98912a98f7
test(common/http): fix panic (#2817) 2024-05-09 18:17:14 -07:00
ahrav
c7b72b9867
address linter (#2783) 2024-05-08 13:58:50 -07:00
Cody Rose
a317897d66
increase test chan size (#2797) 
This test has a race condition. This change makes it less likely to cause a test failure, and is a stopgap measure to de-flake the test while we investigate the underlying issue.
 2024-05-07 11:11:11 -04:00
Dustin Decker
288003519a
Add webhook source protos (#2789) 
* add webhook source protos

* update protos

* update proto

* update protos
 2024-05-06 19:43:10 -04:00
ahrav
27eae925de
Use custom fp logic for private keys (#2793) 2024-05-06 14:41:00 -07:00
ahrav
3c659a2144
set default buffer size to 64 (#2778) 2024-05-03 08:42:18 -07:00
Abdul Basit
bf25b74224
Update result's extra data for Slack (#2779) 
* add name of team and user in extra data of results, received from slack'api

* adding token type in extra data for slack
 2024-05-02 15:16:30 -05:00
Zachary Rice
4ea3a1376b
fix for infinite recursion in Postman var sub (#2780) 
* fix for infinite recursion

* oneliner
 2024-05-02 13:03:03 -05:00
NIKHIL PANWAR
94a165390b
Update rabbitmq.go regex detect amqps protocol (#2609) 
* Update rabbitmq.go regex detect amqps protocol

Old one couldn't detect amqps:// connection string, and only the amqp://

* [Revised] Update rabbitmq.go regex detect amqps protocol

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

---------

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>
 2024-05-01 13:20:54 -05:00
ahrav
7bd1fb1dcc
update imports (#2772) 2024-05-01 11:41:43 -05:00
Ankush Goel
79687683ff
Detector-Competition-Fix - fixed the alchemy detector regex (#1821) 
* fixed the alchemy detector

* added the chunk filtering for alcht_
 2024-04-30 17:01:13 -05:00
Ankush Goel
770459eb57
Detector-Fix: Reintroduce Cloudflareglobalapikey (#2101) 
* fixed cloudflare code

* readd email check

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2024-04-30 15:11:04 -05:00
Cody Rose
2f7029bc4d
Expose detector-specific false positive logic (#2743) 
This PR:

Creates an optional interface that detectors can use to customize their false positive detection
Implements this interface on detectors that have custom logic
In most cases this "custom logic" is simply a no-op because the detector does not participate in false positive detection
Eliminates inline (old-style) false positive exclusion in a few detectors that #2643 missed
 2024-04-30 16:10:26 -04:00
Ankush Goel
dc930f9594
fixed calendly api key (#2368) 2024-04-30 14:47:36 -05:00
ahrav
88967192e8
[bug] - Improve BufferedFileReader Close Behavior (#2768) 
* Dont allow read after close

* update comment

* remove defer
 2024-04-30 08:50:16 -07:00
ahrav
7e47b96631
[feat] - Add ReadFrom method to BufferedFileWriter (#2759) 
* Update write method in contentWriter interface

* fix lint

* Add a buffered file reader

* update comments

* update comment

* add compile type checks

* fix

* fix test

* inline if

* Add ReadFrom method to the BufferedFileWriter

* update test

* fix test

* update benchmark
 2024-04-30 07:41:05 -07:00
ahrav
46d4ae1334
[feat] - buffered file reader (#2731) 
* Update write method in contentWriter interface

* fix lint

* Add a buffered file reader

* update comments

* update comment

* add compile type checks

* fix

* fix test

* inline if

* magic

* update comment
 2024-04-30 07:31:37 -07:00
Richard Gomez
13bd783d2d
test(git): change length of chunks (#2767) 
This fixes one missed test in #2754 (comment).

The number of chunks doubled because each commit now has metadata + data.
 2024-04-30 08:34:12 -04:00
Miccah
6cf3a25a04
[chore] Add some happy path logs to GitLab (#2765) 2024-04-29 16:42:35 -07:00
ahrav
99ae8f8035
Update ignore extensions (#2764) 2024-04-29 15:48:42 -07:00
ahrav
591871977c
Correclty set metrics for enumerated orgs (#2757) 2024-04-29 14:26:46 -07:00
Richard Gomez
11e5febeee
feat(git): scan commit metadata (#2754) 
This is a follow-up to #2713 that fixes the strange test error.

As suspected, the failure was caused by additional diffs not being included in the test's expected data.
 2024-04-29 16:58:45 -04:00
ahrav
0f122edc59
ignore pbix and vsdx files (#2762) 2024-04-29 12:59:21 -07:00
mountcount
1d92655d97
pkg: fix function names in comment (#2761) 
Signed-off-by: mountcount <cuimoman@outlook.com>
 2024-04-29 11:21:26 -05:00
ahrav
0df300c0ca
[chore] - add additional binary extension (#2760) 
* add rust binary extension

* add additinal binary file extension for PyTorch serialized models
 2024-04-29 08:08:00 -07:00
ahrav
5d3b90799e
[bug] - Fix the metric for buffered file writer writes (#2750) 
* avoid double counting

* add disk write count back
 2024-04-25 13:04:07 -07:00
ahrav
d89b0cdace
[bug] - fix buffer size metric (#2749) 
* fix metric

* another fix
 2024-04-25 11:43:38 -07:00
Miccah
fadf9c6286
[chore] Remove broken test (#2748) 
This wasn't actually testing the fix, which is more difficult to
orchestrate than is worth.

See: https://github.com/trufflesecurity/trufflehog/pull/2742
 2024-04-25 11:27:17 -07:00
ahrav
b430dae83e
[refactor] - lazy buffer retrieval (#2745) 
* only create the contentWriter once

* update test

* Lazily fetch buffer from the pool

* fix tests

* fix test

* remove ctx
 2024-04-25 08:27:15 -07:00
ahrav
8d3404804e
[chore] - update buffered file writer metric (#2740) 
* missed one

* add comment
 2024-04-25 08:17:32 -07:00
ahrav
8ceeb5d5a1
[bug] - Refactor newDiff constructor to avoid double initialization of contentWriter (#2742) 
* only create the contentWriter once

* update test

* correclty use mock

* remove deprecated pkg
 2024-04-25 08:01:38 -07:00
Cody Rose
11452e8a57
Revert "feat(git): scan commit metadata (#2713)" (#2747) 
This reverts commit 81a9c813a1.
 2024-04-25 10:56:48 -04:00
Cody Rose
ba5ad5d8a9
Fix SQL Server detector tests (#2716) 
These tests were broken so I fixed them and updated them to use testcontainers, which is more robust and used in the JDBC detector tests.
 2024-04-25 10:40:46 -04:00
Richard Gomez
81a9c813a1
feat(git): scan commit metadata (#2713) 
This fixes #2683. It scans the commit author, committer (which is typically GitHub <noreply@github.com> for GitHub, but can be different), and message.

It also scans Git notes.
 2024-04-25 10:13:09 -04:00
ahrav
97599b19e7
update buffer metrics (#2737) 2024-04-24 07:22:06 -07:00
ahrav
ea4d9d2d32
[bug] - Correctly return the checked out buffer to the pool (#2732) 
* Make sure to return the buffer to the pool

* update comment

* defer the return

* remove anonymous function
 2024-04-23 14:38:28 -07:00
Dustin Decker
0ce02fc827
Make connection issues less jarring (#2730) 
* Make connection issues less jarring

* lint

* fix lint issue

* print just the connection issue in yellow

* update terminology
 2024-04-23 14:29:38 -07:00
ahrav
f03aa38726
[bug] - Fix disk write metric and update BufferedFileWriter file field (#2733) 
* Record the disk write after the file has been written to

* remove comment

* remove print logs
 2024-04-23 14:13:13 -07:00
Cody Rose
af095c294c
Add false positive info to proto (#2729) 
This PR adds false positive information to the Result protobuf message in anticipation of us tracking it as first-class secret metadata. We're not doing that yet (it's blocked behind #2643) but setting up the messages now means we'll be able to do it later with less of a code delta.
 2024-04-23 16:18:45 -04:00
ahrav
4a5fbf8417
[refactor] - Update Write method signature in contentWriter interface (#2721) 
* Update write method in contentWriter interface

* fix lint
 2024-04-23 08:47:53 -07:00
Dustin Decker
14e44db2be
Move detectors.IsKnownFalsePositive from the detectors and into the engine (#2643) 
* Remove detectors.IsKnownFalsePositive from detectors

* Centralize false positive removal in engine

* Don't apply fp filtering on custom regex to preserve previous behavior.

* fix empty branch

* update excludes

* update filtering

* Add result flag option and exclude some detectors
 2024-04-22 15:18:04 -07:00
Ankush Goel
3fa86a1008
added onfleet api key detector (#2375) 
* added onfleet detector

* use organization get endpoint

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-21 10:06:51 -07:00
Julien Doutre
32652a7498
Detect Slack workflows webhook (#2569) 2024-04-19 07:21:40 -07:00
Luska
e5575cd6f2
Adding Pagarme API key detection (#2665) 
* Adding support to Pagarme API key detection

* adding scanner

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-10 17:57:25 -07:00
ahrav
867434331b
[refactor] - template detector (#2692) 
* refactor template detector to only check for 200 status code

* Replace ldap.DialTLS w/ ldap.DialURL since the former is deprecated

* sort imports
 2024-04-10 17:46:07 -07:00
fml09
c6b454e736
Remove unnecessary space in Vultr regex pattern (#2689) 
* Fix incorrect regular expression with missing closing bracket

* Remove unnecessary space in Vultr regex pattern
 2024-04-10 17:12:55 -07:00
Shreyas Sriram
08b6f90c81
Add Wiz detector (#2691) 
* Implement wiz detector

* Fix tests

* Update false positive logic
 2024-04-10 08:19:36 -07:00
Cody Rose
b745cfd495
Enrich Gitlab enumeration logging (#2678) 
This PR modifies the GitLab source:

* emits a new "groups enumerated" metric
* logs more information about group enumeration
* emits the repo enumeration metric inside getAllProjectRepos, which means it will work when units are flipped on
* emits the repo enumeration metric more granularly
 2024-04-08 10:47:05 -04:00
Cody Rose
14b1a6e236
Handle inactive Slack account tokens (#2668) 
This PR updates the Slack detector to accommodate a previously unhandled error type. It also fixes the exiting Slack tests.
 2024-04-05 10:26:20 -04:00
ahrav
3cb7aedf4a
[bug] - Add ASCII validation check for base64 decoding (#2671) 
* Correclt handle invalid base64 with ascii check

* remove parallel
 2024-04-04 16:59:13 -07:00
redismongo
f1957fec59
chore: fix some typos (#2666) 2024-04-04 05:50:47 -07:00
ahrav
a8132839f8
[chore] - update go-github dep manually (#2664) 
* update go-github dep

* remove commented out line
 2024-04-03 19:19:14 -07:00
ahrav
0fe39db56f
upgrade launchdarkly dep (#2650) 2024-04-03 07:24:20 -07:00
Richard Gomez
d0d59c2e77
chore: remove duplicate jiratoken.v2 detector (#2657) 2024-04-02 18:12:06 -07:00
kenzht
0d3023fe74
add GCP application default credentials detector (#2530) 
* add GCP application default credentials detector

* add a comment

* update Keywords to better match the key

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-01 11:27:40 -07:00
Shreyas Sriram
31ad1eed30
Add JupiterOne detector (#2446) 
* Add JupiterOne bootstrap

* Implement verification logic

* Cleanup

* Fix verificationError

* Undo unnecessary changes

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-03-29 19:14:04 -07:00
Richard Gomez
3b58a15a84
Fix GitHub enumeration & rate-limiting logic (#2625) 
This is a follow-up to #2379.

It fixes the following issues:

GitHub API calls missing rate-limit handling
The fix for Refactor GitHub source #2379 (comment) inadvertently resulting in duplicate API calls
 2024-03-29 10:29:46 -04:00
dylanTruffle
7fccb52b16
Fixing nitro check (#2631) 
* Fixing nitro check

* remove dupe detector and disable Alconst

---------

Co-authored-by: Dylan Ayrey <dylan@Dylans-MacBook-Pro.local>
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2024-03-27 11:39:58 -07:00
Dustin Decker
612ff1a0f1
Use Lstat to identify non-regular files in filesystem source (#2628) 
* Use Lstat to identify non-regular files in filesystem source

* fix test
 2024-03-26 15:22:42 -07:00
ahrav
369d79080e
[bugfix] - Update the Anthropic detector (#2629) 
* Update the Anthropic detector

* update comment
 2024-03-26 15:01:32 -07:00
fml09
9da396e237
Fix incorrect regular expression with missing closing bracket (#2616) 2024-03-26 13:32:14 -05:00
ahrav
11afc3215b
[chore] - upgrade dep (#2618) 
* upgrade dep

* remove dupe deps
 2024-03-26 11:21:07 -07:00
Richard Gomez
95dc8d6e16
Fix additional GitHub test errors #2614 2024-03-26 09:34:12 -04:00
Richard Gomez
9d4cf87c02
fix(github): resolve panic & test failures (#2608) 2024-03-22 09:49:01 -07:00
Ankush Goel
6dbe80806b
Dockerhub v2 detector (#2361) 
* Dockerhub v2 detector

* update package structure

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:30:35 -07:00
Richard Gomez
441d9ff005
Update Snyk detector (#2559) 
* feat(snyk): add extradata from api

* update test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:14:48 -07:00
faktas2
72fb2b9deb
MaxMind detector uses the right endpoint (#2577) 
* MaxMind detector uses the right endpoint

The endpoint that the current detector uses fails in validating the license key as some license keys do not have permissions to the geoip API. This commit is to make the detector use the right endpoint https://dev.maxmind.com/license-key-validation-api

* Remove RawV2

* Remove trimspace and extra if branch

* Add the proper tests

* Use SetVerificationError

* Add SetVerificationError

* update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:10:44 -07:00
Richard Gomez
baf7ea1458
feat(gitparse): avoid uneeded calls to strconv.Unquote (#2605) 2024-03-22 08:35:10 -07:00
Richard Gomez
80e8a67c2d
Refactor GitHub source (#2379) 
* refactor(github): cleanup logic

* fix(github): lookup wikis per-repo

* refactor(github): change scanErrs.String output

---------

Co-authored-by: Bill Rich <bill.rich@gmail.com>
 2024-03-21 14:07:39 -07:00
Miccah
3a7266e540
[chore] Fix potential resource leak in postman source (#2606) 
This moves workspace unpacking to a helper function to leverage a defer,
which ensures the file is always closed.
 2024-03-21 10:21:13 -05:00
Zachary Rice
1216fa23c9
strings contain keyword check, add collection name to keywords (#2602) 2024-03-21 09:35:38 -05:00
Zachary Rice
b11ce72338
Postman Source (#2579) 
postman source

Co-authored-by: Miccah <m.castorina93@gmail.com>

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
 2024-03-20 11:36:20 -05:00
Richard Gomez
aa862e46bb
fix(git): decode unicode paths (#2585) 2024-03-19 08:50:27 -07:00
Miccah
931a28a537
[chore] Replace "Trufflehog" with "TruffleHog" (#2584) 2024-03-18 11:01:25 -07:00
Richard Gomez
fd7e7e6e29
fix(github): response can be nil (#2583) 2024-03-16 01:12:44 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
2ef7a4a49f
pull out verification logic from github detectors (#2554) 
* pull out verification logic from github detectors

* deduplicate verify github logic

* pull out nil check

* return nil instead of empty struct

* skip gh old test bc we can't make new tokens
 2024-03-15 15:00:45 -04:00
Richard Gomez
f5025fd382
Add --results flag (#2372) 
This is a follow-up to #2107 and #2335. It adds a new (hidden) --results flag that allows a user to show any combination of verified, unverified, and indeterminate secrets.
 2024-03-15 10:19:31 -04:00
ahrav
800cc6d90b
[chore] - Record metrics before reset (#2556) 
* Record buffer metrics before resetting.

* Address comment.
 2024-03-12 09:35:18 -07:00
ahrav
b53054b605
Fix flaky test. (#2564) 2024-03-12 08:31:47 -07:00
ahrav
2e65773b27
use custom grow method (#2555) 2024-03-08 12:16:52 -08:00
joeleonjr
0bbb68931c
Canary verification (#2531) 
* verify canaries against SNS; get ARN

* clean comments

* Update tests and logic

* added test for invalid canary secret

* added verify logic for canaries

* go mod tidy

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-07 18:18:18 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
d7a33055ad
add version to extra data + moving existing versioned detectors into subdirectory format (#2471) 
* moving existing versioned detectors into subdirectory format

* update docs for adding version number to extra data

* nits
 2024-03-07 15:48:27 -05:00
Dustin Decker
dbf6965152
DB is not needed for ping command (#2540) 2024-03-06 17:08:37 -08:00
Cody Rose
b7f08db1ef
Redact secret in git command output (#2539) 
When we fail to clone a git repository we log the command output to help with diagnosis. However, this output can include credentials in certain cases (such as certain errors associated with redirects). We don't want to log credentials when this happens.
 2024-03-06 11:51:35 -05:00
Cody Rose
28ed81f0a2
Add naive S3 ignorelist (#2536) 
This PR adds the ability to exclude buckets from S3 scans. The capability is pretty rudimentary right now, and does not support globbing. If both lists are specified the source to fail to initialize.
 2024-03-05 08:01:20 -05:00
Richard Gomez
cbc0f0f48e
Create basic escaped unicode decoder (#2456) 
* feat(decoders): basic escaped unicode

* wip: handle unicode notation
Experimenting with this.. might remove
 2024-03-02 11:27:44 -08:00
ahrav
3da0c5e125
[feat] - Make the client configurable (#2528) 
* Make the client configurable

* add comment

* add backoff option
 2024-03-01 13:29:25 -08:00
Dylan Ayrey
7620906b07
Ignore canary IDs in notifications (#2526) 
* Update aws.go

* Update aws.go

* Update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-02-28 16:52:50 -08:00
Dustin Decker
8ed0c0ad5d
Remove one filter word (#2525) 
Removes a problematic word from the unverified filtering while we work on a more holistic fix.
 2024-02-28 15:46:39 -08:00
trufflesteeeve
12ff21f245
Improve Gitlab default URL handling (#2491) 
Co-authored-by: Miccah <m.castorina93@gmail.com>
 2024-02-28 14:15:11 -05:00
Simon Whitaker
431586ce78
Implement detectors.EndpointCustomizer on datadogtoken (#2510) 
Closes #2265
 2024-02-28 10:52:01 -06:00
Dustin Decker
ad9d4e53e1
JDBC test and parsing improvements (#2516) 
* JDBC test and parsing improvements

- Uses net/url for more robust URI parsing
- Supports common JDBC formats for MySQL
- Supports URI format for MSSQL
- Uses allowlist for params across all drivers
- Uses testcontainers-go for integration testing - much faster, more robust, no port collisions
- Uses gofakeit for random data (db, user, password) generation in integration tests
- Adds connection timeouts
- Use Microsoft's driver for MSSQL

* go mod tidy
 2024-02-28 08:51:37 -08:00
Dustin Decker
5805f11ac6
Improve monogo and snowflake detectors (#2518) 
* Set timeouts on mongo connection string

* use lightened snowflake driver

* update param
 2024-02-28 08:26:27 -08:00
Dustin Decker
2d2ca4d3d6
fix prefix check when returning early (#2503) 2024-02-24 09:15:54 -08:00
Dustin Decker
8a825fde52
Clean up some detectors (#2501) 2024-02-23 15:04:02 -08:00
ahrav
9ef5151200
Gitlab scan targets (#2470) 
* add method to scan targets

* Add logic to handle targetted scan

* address comments

* remove pagination opts

* add kvp with scan type
 2024-02-23 07:40:52 -08:00
Dustin Decker
d53b83b58e
Identify some canary tokens without detonation (#2500) 
* Identify canary tokens

* Update README.md

* Update README.md

---------

Co-authored-by: dylanTruffle <52866392+dylanTruffle@users.noreply.github.com>
 2024-02-21 09:42:21 -08:00
Miccah
c60443891b
Add Display method to SourceUnit and Kind member to the CommonSourceUnit (#2450) 
* Add Display method to SourceUnit and Kind member to the CommonSourceUnit

* Make SourceUnitID return the ID and a kind

These two values together uniquely represent a unit.
 2024-02-20 11:24:13 -08:00
Zachary Rice
bccba20d3e
concurrency uint8 to int (#2488) 
* concurrency uint8 to uint16

* jk, use int

* git test fix
 2024-02-20 09:35:40 -06:00
ahrav
5290023c2d
use read full (#2474) 2024-02-20 07:21:16 -08:00