Commit graph

64 commits

Author SHA1 Message Date
Bill Rich
5280c3877c
Add SliceContainsString common util (#3395)
* Add SliceContainsString common util

* Include slice index and string match from slice
2024-10-10 13:23:23 -07:00
Richard Gomez
b2311b4ad2
Ignore glTF & JPEG XL files (#3325)
* feat: ignore glTF files

Inspired by https://github.com/gitleaks/gitleaks/issues/1526

* feat: ignore JPEG XL

* feat: ignore .avifs in addition to .avif
2024-09-24 08:00:02 -07:00
Dustin Decker
7e78ca385f
Add user agent suffix feature flag (#3297)
* Add user agent suffix feature flag

* unecessary concat
2024-09-13 15:20:43 -07:00
Richard Gomez
3be4661f34
feat(extensions): ignore dia diagrams (#2939) 2024-06-07 07:37:33 -07:00
Miccah
a330aa6f53
[chore] Polish channelmetrics package (#2938) 2024-06-06 17:29:23 -07:00
ahrav
ea9f8ace9f
[chore] - address comments (#2920)
* address comments

* fix test

* address comments

* update comments

* fix tests

* lint

* do the thing
2024-06-06 07:58:08 -07:00
Richard Gomez
98912a98f7
test(common/http): fix panic (#2817) 2024-05-09 18:17:14 -07:00
ahrav
99ae8f8035
Update ignore extensions (#2764) 2024-04-29 15:48:42 -07:00
ahrav
0f122edc59
ignore pbix and vsdx files (#2762) 2024-04-29 12:59:21 -07:00
ahrav
0df300c0ca
[chore] - add additional binary extension (#2760)
* add rust binary extension

* add additinal binary file extension for PyTorch serialized models
2024-04-29 08:08:00 -07:00
ahrav
b53054b605
Fix flaky test. (#2564) 2024-03-12 08:31:47 -07:00
ahrav
3da0c5e125
[feat] - Make the client configurable (#2528)
* Make the client configurable

* add comment

* add backoff option
2024-03-01 13:29:25 -08:00
Miccah
9642d4c8fd
Add flag to write job reports to disk (#2298)
* Add flag to write job reports to disk

* Fix nil pointer / non-nil interface bug

* Synchronize job report writer goroutine

* Log when the report has been written
2024-02-09 12:30:28 -08:00
Richard Gomez
8104611d6e
fix: case-insensitive ext check (#2383) 2024-02-06 10:13:53 -05:00
joeleonjr
05d189c977
fixing incorrect acct num id for some aws keys (#2332) 2024-01-23 13:27:50 -05:00
ahrav
4a66dddd81
[chore] - add additional binary extensions to skip (#2235)
* add additional binary extensions to skip

* remove whl
2023-12-20 06:57:23 -08:00
ahrav
5c6ce693c1
[feat] - Make skipping binaries configurable (#2226)
* Make skipping binaries configurable

* remove ioutil

* fix

* address comments

* address comments

* use multi-reader

* remove print

* use const

* fix test

* fix my stupidness
2023-12-15 11:46:27 -08:00
Cody Rose
ee6923a241
Remove java archives from ignored extensions (#2188)
A previous commit (5d0196957f) added .jar/.war/.ear files to the ignored extensions list, but these are archive files that we can scan, so we shouldn't exclude them.
2023-12-07 15:19:56 -05:00
Cody Rose
5d0196957f
Ignore images and binaries (#2162)
This PR expands the list of excluded file extensions to contain images and other binary files. These files can technically contain secrets, but need decoding to properly be handled, and we don't have any such decoding yet. Down the road if we want to add it we can.
2023-12-04 13:25:29 -05:00
ahrav
52ffab1034
[chore] - fix import name clashes (#2143)
* fix import name clashes

* fix missing var
2023-12-01 06:53:15 -08:00
ahrav
0e6e1dce3f
use camelcase var names (#2123) 2023-11-22 09:09:04 -08:00
Oleksandr Redko
7d10e2540e
Remove unused functions (#2122) 2023-11-22 06:58:16 -08:00
joeleonjr
b2042e4e03
extract AWS account number from ID without verification (#2091)
* added GetAccountNumFromAWSID function

* refacted aws func, moved to common
2023-11-16 11:45:47 -05:00
Miccah
136d8b9428
[chore] Fix glob package name (#1931) 2023-10-23 08:50:16 -07:00
Miccah
23ae970bb0
Add generic glob filter (#1858)
* Add generic glob filter

* Make nil filters safe

* Include glob in error

* Use better example for exclude and include test

* Allow user to configure the ambiguous case

* Rename Pass to ShouldInclude and invert logic

* Test default *Filter and Filter have the same behavior of allow

* Add property based tests

* Remove configuration for the not found ambiguous case
2023-10-18 11:48:31 -07:00
ahrav
5a5e8a607e
Common chunk reader (#1594)
* Add common chunker.

* add comment.

* use better config name.

* Add common chunk reader to s3.

* Add common chunk reader to git, gcs, circleci.

* fix chunker.

* revert gcs.

* update cancellablewrite.

* revert impl.

* update to remove totalsize.
2023-08-03 06:27:33 -07:00
ahrav
5e7a6ca11c
Concurrent detection (#1580)
* Run detection on each chunk concurrently.

* Add printer functionality.

* Add logic for dedupe.

* cleanup.

* Moddify number of notifier workers.

* Add comment.

* move consts into fxn.

* buffer resutls chan.

* fix test.

* address comments.

* return an error from Finish.

* fix test.

* fix test.

* linter.

* check err.

* address comments.
2023-07-31 11:12:08 -07:00
Cody Rose
61bee6c8b1
Identify transient AWS verification failures (#1563)
It turns out that GetCallerIdentity returns a surprising quantity of transient, false-negative 403 responses that carry the SignatureDoesNotMatch error reason. I don't know why this is happening, but their transient nature makes them indeterminate verification failures and they should be flagged as such. The AWS detector has therefore been modified to specifically look for the InvalidClientTokenId error reason in 403 responses and mark all other responses as indeterminate.

In addition to the functional changes this PR contains some updates to the test code that allow us to test them.
2023-07-31 12:06:11 -04:00
Cody Rose
ebf1038392
Support indeterminacy in alchemy and update detector docs (#1510) 2023-07-21 14:50:14 -04:00
Miccah
5c0ffda618
Define SourceUnit enumeration interface (#1428)
* Add CancellableWrite helper function

* Create SourceUnitEnumerator interface and EnumerationResult struct

* Implement SourceUnitEnumerator for the filesystem Source

* Omit explicit zero values
2023-07-10 15:05:40 -05:00
Zachary Rice
0bdd513d88
additional similarity check for base64 and plain (#1462)
* additional similarity check for base64 and plain

* use bytes equal

* move logic into util function
2023-07-10 10:12:59 -05:00
Zubair Khan
d6375ba921
verify response body with expected keywords (#1419)
* verify response body with expected keywords

* remove debug log

* add extra test case

* migrate from ioutil to io

* close body and only check for one keyword

* cleanup
2023-06-27 11:46:15 -04:00
Zubair Khan
f52946b996
Add Couchbase Detector (#1385)
* init

* add detector type

* rotate leaked credentials

* tighten up username pattern

* isolated prefixregex as overrriding new line stuff

* passwordPat working now

* add username test

* fix edge case

* cleanup

* make linter happy

* make linter happy rd 2

* skip error logging

* fix test

* add password regex helper func

* make test more robust

* cleanup PR

* remove comments

* clarify prepend rationale
2023-06-26 14:37:10 -04:00
Dustin Decker
e856a6890d
🎉 Add Docker image scanning 🎉 (#1412)
* Add Docker source

* Add metrics

* Add test

* Add debugging, address PR comments, fix path output

* review suggestions
2023-06-22 08:02:25 -07:00
Bill Rich
6d9ae7acbb
Make trace error message so newlines aren't escaped (#1396) 2023-06-14 17:24:31 -07:00
ahrav
5c99a1e754
Remove period from file extension (#1154)
* Remove period from file extension.

* Add comment.
2023-03-06 14:49:16 -08:00
Miccah
4efe5313f4
[chore] Address lint errors (#1133)
* Update strings.Title to cases.Title

* Migrate go-genproto to google-cloud-go

See: https://github.com/googleapis/google-cloud-go/blob/main/migration.md

* Check error in test

* Check error from sem.Acquire

* Remove unused code
2023-02-27 21:03:47 -06:00
Miccah
161e499142
[chore] Remove logrus from trufflehog (#1095)
* [chore] Remove logrus from trufflehog

* Minor fixes

* Fix logFatal call

* Fix logrus call
2023-02-14 17:00:07 -06:00
Alexandr Marchenko
b29b78c10d
filesystem support for exclude and include filters (2nd attemp) (#1033)
* fix filter issue - empty lines should be ignored

* filesystem support for filter exclude

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-01-26 09:33:45 -08:00
Dustin Decker
bc27fef7bc
remove logger from retryable client, it is not respecting loglevels (#1020) 2023-01-13 15:28:00 -08:00
Yassine Ilmi
d720c0c0f3
Switch to retryableHttpClient for GitHub AuthN API Client + More Logs (#995)
* Adding missing flags to Readme

* Use retryableHttpClient by default for GitHub

* Adding repoUrl for scanning time log

* Use WithField instead of WithFields

* Updating README with lasted --help output
2023-01-09 09:21:56 -08:00
Dustin Decker
28dd25beeb
S3 scanner improvements (#938) 2022-11-21 19:15:26 -08:00
Miccah
696f5c68f4
Log the stack trace and recover object (#923)
* Log the stack trace and recover object

* Remove stderr log
2022-11-15 16:48:02 -06:00
Bill Rich
958266ea84
Run chunker in pipeline (#859)
* Run chunker in pipeline

* Move ChunkSize and PeekSize to source package.

* Use new Chunk and Peek size location
2022-10-24 13:57:27 -07:00
ahrav
92f40c2031
[THOG-709] - Recover from detector panics (#810) 2022-09-22 07:01:10 -07:00
Dustin Decker
c12be4d98d Add Retryable HTTP client that suports custom timeout 2022-09-07 18:23:20 -07:00
Dustin Decker
fa9479100e
Add common sentry recover library and add into goroutines (#738)
* Add common sentry recover library and add into goroutines

* fix nits
2022-08-29 11:45:37 -07:00
Bill Rich
af34a6a108
Check for nil filter (#714) 2022-08-15 14:24:19 -07:00
Bill Rich
a473b9aa99
Use re-readable reader and common chunker (#703)
* Use re-readable reader and common chunker

* Linter feedback

* Break on error
2022-08-10 15:32:49 -07:00
ahrav
dcc102a81c
[Thog-371] Utilize config struct for engine scans (#700)
* Use a config struct when scanning and engine source.

* fix tests.

* Move test_helpers to the sources pkg.

* Handle ScanGit error in tests.

* adderss comments.

* Use functional options.

* Remove temp var.

* Add better var names for the setup functions for each config.

* Remove unused var.

* fix error logs.

* fix error logs.

* single line.

* remove blank lines.
2022-08-10 10:11:13 -07:00