Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
1805 commits 139 branches 257 tags 147 MiB
Commit graph

1805 commits

This branch
This branch
All branches
Author SHA1 Message Date
Miccah
45b02f46d9
Record timestamp when a context was cancelled (#1018) 2023-01-13 12:21:09 -06:00
Cameron Lonsdale
0aa8e1cd98
Use access-token endpoint for validity check (#991) 2023-01-11 19:19:51 -08:00
ahrav
477e2a1332
Update entrypoint (#1013) 
* Update entrypoint.

* update comment.

* Call each extra arg on its own.

* Update loop.

* Update extra args.

* Use miccah's magic script.

* Fix path to bash.

* update entrypoint.

* Add bash to Dockerfile.

* update goreleaser dockerfile.
 2023-01-11 18:58:05 -08:00
Bill Rich
430d5c764c
Rename and export isGitSource (#1016) 2023-01-10 12:51:58 -08:00
Bill Rich
8b2e1d36cf
Copy metadata for line number aware sources (#1011) 
* Copy metadata for line number aware sources

* Improve style
 2023-01-10 09:35:44 -08:00
Clark Brown
864cf00337
Revert "Allow for default value to be used. (#999)" (#1004) 
This reverts commit ee6817ad85.
 2023-01-09 18:09:58 -06:00
Miccah
e5ede17c77
Validate custom regular expressions on detector initialization (#1010) 
* Validate custom regular expressions on detector initialization

* Add regex name to error message
 2023-01-09 17:30:47 -06:00
Miccah
74831f63d5
Capture callstack of canceled contexts (#979) 2023-01-09 17:27:06 -06:00
ahrav
09d4422cdb
Handle invalid regex for custom detector. (#1005) 
* Handle invalid regex for custom detector.

* Add comment highlighting invalid regex.
 2023-01-09 09:45:30 -08:00
dependabot[bot]
7de0178842
Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (#1009) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 09:32:29 -08:00
dependabot[bot]
6d384ce3e8
Bump github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 (#1008) 
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/hashicorp/go-retryablehttp/releases)
- [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.1...v0.7.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 09:31:23 -08:00
dependabot[bot]
0e24d406d5
Bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 (#1007) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.5.1 to 5.5.2.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.5.1...v5.5.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 09:30:56 -08:00
dependabot[bot]
d72c31b8b6
Bump cloud.google.com/go/secretmanager from 1.9.0 to 1.10.0 (#1006) 
Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/dlp/v1.9.0...asset/v1.10.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 09:29:26 -08:00
Yassine Ilmi
d720c0c0f3
Switch to retryableHttpClient for GitHub AuthN API Client + More Logs (#995) 
* Adding missing flags to Readme

* Use retryableHttpClient by default for GitHub

* Adding repoUrl for scanning time log

* Use WithField instead of WithFields

* Updating README with lasted --help output
 2023-01-09 09:21:56 -08:00
dependabot[bot]
705c01e5f3
Bump goreleaser/goreleaser-action from 3 to 4 (#980) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3 to 4.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 09:20:41 -08:00
Pulkit Aggarwal
fc6fd29f3f
Fix GitUrl Return (#987) 
Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-01-09 09:17:30 -08:00
ahrav
ee6817ad85
Allow for default value to be used. (#999) 2023-01-06 16:05:02 -08:00
Dustin Decker
5f6143f09a
Add Circle CI source (#997) 
* Add Circle CI source

* remove SHA1 line

* remove trim
 2023-01-05 21:44:37 -08:00
ahrav
3fadec950e
Make GA action default base an empty string. (#996) 2023-01-05 16:48:07 -08:00
Yassine Ilmi
330a6f7cdc
Removing Debug version Println to logrus debug (#993) 2023-01-03 10:36:27 -06:00
ahrav
009756dce6
add proto that was missing. (#986) 2022-12-23 13:27:07 -08:00
Miccah
8859771a2a
Remove custom log leveler (#985) 
Instead of manually using a log leveler, rely on the global one defined
in the `log` package.
 2022-12-20 19:03:53 -06:00
Miccah
130d5ae3ad
Add custom regex detector docs (#983) 2022-12-20 18:24:41 -06:00
Miccah
f5b83ee2a5
Add configuration parsing and custom detectors to engine (#968) 
* Add configuration parsing for custom detectors

* Error on empty filename
 2022-12-20 10:14:49 -06:00
dependabot[bot]
cc6bd31586
Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#982) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-19 15:45:21 -08:00
dependabot[bot]
e3b6de0fdc
Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 (#981) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.76.0 to 0.77.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.76.0...v0.77.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-19 15:32:16 -08:00
ahrav
936a139596
Allow using a glob for include list. (#977) 
* Allow using a glob for include list.

* Update command flag.

* Make comment more clear.

* update comment.

* Allow scanning repo and org at the same time.
 2022-12-16 13:28:16 -08:00
Gonçalo Silva
e091fab94f
Use Todoist's REST API v2 (#978) 
v1 was deprecated on December 5, 2022.
 2022-12-14 16:52:19 -08:00
Miccah
861ad057c7
Implement CustomRegex detector (#950) 
* Remove verifying successRanges because it is unused in webhook

* Move custom_detectors validation code into its own file

* Initial implementation of custom regex detector

Secret verification is done via webhook.

* Add CustomRegex detector type

* Add upper bound to permutation

* Return early if the context is canceled

* Add headers from configuration

* Add detector name as a key in the JSON body

* Implement faster algorithm for productIndices
 2022-12-14 10:26:53 -06:00
Bill Rich
36ca2601e0
Add s3 object count to trace logs (#975) 
* Add s3 object count to trace logs

* fix debug level
 2022-12-13 16:46:09 -08:00
Miccah
7ac7fdae44
Add more logging for git sources (#974) 2022-12-13 17:51:57 -06:00
dependabot[bot]
6dd0441f6c
Bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.9.1 (#963) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.6.13 to 0.9.1.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.6.13...v0.9.1)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-12 16:02:35 -08:00
dependabot[bot]
a0b8edd987
Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.1 (#972) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.4.2 to 5.5.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.4.2...v5.5.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-12 15:56:26 -08:00
ahrav
26befdd1ec
[bug] - Handle error when scanning s3 bucket. (#969) 
* Handle error when scanning s# bucket.

* move wait outside loop.

* Add logging.

* revert changes.

* remove.

* revert.
 2022-12-12 10:10:06 -08:00
dependabot[bot]
4020c4002b
Bump github.com/getsentry/sentry-go from 0.15.0 to 0.16.0 (#973) 
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.15.0 to 0.16.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-12 10:09:44 -08:00
dependabot[bot]
aada296ddc
Bump go.mongodb.org/mongo-driver from 1.11.0 to 1.11.1 (#971) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-12 10:08:52 -08:00
Bill Rich
f3249009f7
Bump github.com/bill-rich/disk-buffer-reader from v0.1.6 to v0.1.7 (#970) 2022-12-09 15:52:41 -08:00
dependabot[bot]
544359eee6
Bump github.com/xanzy/go-gitlab from 0.74.0 to 0.76.0 (#934) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.74.0 to 0.76.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.74.0...v0.76.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-09 17:01:27 -06:00
Dustin Decker
7de9bdd12d
Support globbing with ignore repos (#967) 2022-12-09 12:10:42 -08:00
ahrav
a72b9feb35
Only scan org with --org flag. (#931) 2022-12-06 16:18:48 -08:00
dependabot[bot]
f008d4bead
Bump go.uber.org/zap from 1.23.0 to 1.24.0 (#955) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.23.0...v1.24.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-06 15:38:28 -08:00
dependabot[bot]
6ee3000e53
Bump github.com/go-sql-driver/mysql from 1.6.0 to 1.7.0 (#954) 
Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-sql-driver/mysql/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/go-sql-driver/mysql
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-06 15:37:32 -08:00
Pulkit Aggarwal
d96b7f8468
Update Adding_Detectors_external.md (#957) 2022-12-06 15:36:55 -08:00
Bill Rich
335ce85ce4
Export line number code (#962) 2022-12-06 15:31:15 -08:00
Bill Rich
4e2ce4f6fe
Pre-commit not GH action PR (#961) 2022-12-06 14:32:25 -08:00
Bill Rich
33d32d2de4
Don't scan the --since-commit target (#960) 2022-12-06 13:24:27 -08:00
Bill Rich
1a1c2e275e
Change chunker test source (#959) 
* Change chunker test source

* Emit chunk if the size isn't 0
 2022-12-06 12:45:08 -08:00
Bill Rich
9f99ee470d
Integration test fixes (#956) 
* Adjust repo count for new app

* Fix chunk test count
 2022-12-06 08:42:24 -08:00
Dylan Ayrey
c3e596e853
Update README.md (#952) 2022-12-02 12:09:25 -08:00
Miccah
2a2bcd93ac
Add CustomRegex validation (#939) 
* Add validation skeleton

* Add custom detector validation with tests

* Validate and test regex vars

* Implement RegexVarString

* Use RegexVarString for validating regex variables

* Add numerics to the regex variable matching

Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
 2022-12-02 11:26:22 -06:00