Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-13 00:17:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
2046 commits 140 branches 258 tags 164 MiB
Commit graph

2046 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
8076067b30
Bump github.com/googleapis/gax-go/v2 from 2.7.0 to 2.7.1 (#1171) 
Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/googleapis/gax-go/releases)
- [Commits](https://github.com/googleapis/gax-go/compare/v2.7.0...v2.7.1)

---
updated-dependencies:
- dependency-name: github.com/googleapis/gax-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-13 09:47:50 -05:00
Dustin Decker
585bd82d47
update integration test excludes (#1169) 2023-03-10 14:41:29 -08:00
trufflesteeeve
2b1c42ceb1
Make slack webhook detector regex more specific (#1168) 
* Make slack webhook detector regex more specific

* fixup - add better body contains check
 2023-03-10 14:01:10 -08:00
Dylan Ayrey
2f61e4f5aa
Update README.md 2023-03-09 08:18:49 -08:00
ahrav
cbf299aa77
Add gcs scanning integration (#1153) 
* Setup for GCS scanning.

* Update GCS engine w/ projectID req.

* Add concurrency field to gcsManager.

* add errgroup to gcsManager.

* Update gcs manager.

* Use defautl ADC.

* use ADC.'

* Add TOOD.

* add log to iterator completion.

* use a BinaryReader instead of concrete object for channel type.

* initial test for Chunks.

* Add tests for chunking objects.

* Add concurrency.

* update metadata to include content type and acls.

* Add object reading code.

* Add integration test.

* Add entrypoint.

* Add removed wg.Wait().

* remove dead code.

* remove build.

* Remove period from file extension.

* remove used.

* Add comment.

* Setup for GCS scanning.

* Update GCS engine w/ projectID req.

* Add concurrency field to gcsManager.

* add errgroup to gcsManager.

* Update gcs manager.

* Use defautl ADC.

* use ADC.'

* Add TOOD.

* add log to iterator completion.

* use a BinaryReader instead of concrete object for channel type.

* initial test for Chunks.

* Add tests for chunking objects.

* Add concurrency.

* update metadata to include content type and acls.

* Add object reading code.

* Add integration test.

* Add entrypoint.

* Add removed wg.Wait().

* remove dead code.

* remove build.

* remove used.

* Add file type for objects.

* Add check for file type and size.

* Add default file size.

* Add additinoal auth options and remaining CLI flags.

* Handle errors in go routines.

* Handle resuming for buckets.

* Remove redundant words in comment.

* remove ok check on bool check.

* remove extra blank line.

* Add return if handler handles chunk.

* Add comment.

* remove extra blank line.

* cleanup comment.

* Add comment.

* move up fxn.

* go mod tidy.

* Add exclusion to perf testing buckets.

* Handle blocking the channel.

* remove unused const.

* fix tests.

* fix tests.

* Handle gcs manger options better.

* update fxn name.

* Remove arg name.

* ignore buckets in gcsManager test.

* fix test.

* propulate gsManagerOpts.

* inline err check.

* Add readme.

* update readme spelling.

* fix test.
 2023-03-07 17:32:04 -08:00
dependabot[bot]
3fdef756f2
Bump github.com/getsentry/sentry-go from 0.18.0 to 0.19.0 (#1157) 
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-07 10:41:16 -08:00
dependabot[bot]
638ff804f1
Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.1.0 to 2.2.0 (#1148) 
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-06 17:07:44 -08:00
dependabot[bot]
d5cbd7b999
Bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.0 (#1147) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.5.2 to 5.6.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.5.2...v5.6.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-06 17:07:14 -08:00
dependabot[bot]
c8077145d5
Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#1158) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-06 16:11:59 -08:00
ahrav
5c99a1e754
Remove period from file extension (#1154) 
* Remove period from file extension.

* Add comment.
 2023-03-06 14:49:16 -08:00
Miccah
e6846ede54
Support filtering detectors by version (#1150) 
* Adjust types to use DetectorID struct

* Parse versions with detector include and exclude input

* Update detectors filter to use version

Co-authored-by: steeeve <steve@trufflesec.com>

* Implement Versioner for github, gitlab, and npm detectors

Co-authored-by: steeeve <steve@trufflesec.com>

---------

Co-authored-by: steeeve <steve@trufflesec.com>
 2023-03-02 16:33:56 -06:00
Dustin Decker
4500ac3b10
Release should only run on tags (#1146) 2023-03-02 09:57:38 -08:00
Zachary Rice
4777b77ec6
Keyword optimization (#1144) 
* init

* ignore trufflehog binary and added comment

* remove unused keywords in chunk, better comment

* remove keywords from engine struct
 2023-03-02 11:32:37 -06:00
zhuwenxing
c72840de67
Rename .pre-commit-hooks.yml to .pre-commit-hooks.yaml (#1141) 
Signed-off-by: zhuwenxing <wenxing.zhu@zilliz.com>
 2023-03-01 09:00:12 -08:00
ahrav
aa47e5e248
Only scanned staged git changes. (#1143) 2023-03-01 08:58:36 -08:00
Yassine Ilmi
0cf9139df6
Disable profiler in debug mode and add profile switch (#1136) 2023-02-28 12:49:54 -08:00
ahrav
86370333ec
Add pre-commit yml config (#1138) 
* Add pre-commit yml config.

* Add --fail flag.
 2023-02-28 11:31:24 -08:00
dependabot[bot]
64c163cd90
Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1130) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-28 08:46:04 -08:00
Miccah
3870be256c
Close response bodies (#1137) 2023-02-28 10:43:00 -06:00
ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
2315192fda
Custom regex parallel verify (#1127) 
* Refactor generating CustomRegex results into a helper function

* Added errGroup for createResults, and ensure goroutines are non-blocking

* clean return

---------

Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
 2023-02-28 11:12:24 -05:00
Miccah
6209a80ce1
[chore] Address more linter errors (#1134) 
* Address lint errors in detectors

* Update deprecated ioutil call
 2023-02-28 10:00:41 -06:00
Miccah
4efe5313f4
[chore] Address lint errors (#1133) 
* Update strings.Title to cases.Title

* Migrate go-genproto to google-cloud-go

See: https://github.com/googleapis/google-cloud-go/blob/main/migration.md

* Check error in test

* Check error from sem.Acquire

* Remove unused code
 2023-02-27 21:03:47 -06:00
Miccah
7373954ddf
[chore] Update docs for individual file scanning (#1132) 2023-02-27 21:03:19 -06:00
Miccah
d2d03426ed
Implement String for ScanErrors (#1131) 
This will concatenate all errors together into a single string. When
possible, it would be better to log the actual errors slice to take
advantage of structured logging.
 2023-02-27 21:02:59 -06:00
Miccah
dd39848709
Add ability to include and exclude detectors (#1106) 
* Add ability to include and exclude detectors

* Trim space before checking for empty items

* Explicitly check for integer overflow

* Use strconv.ParseInt instead of strconv.Atoi

* Address comments
 2023-02-27 16:46:45 -06:00
Miccah
c5b4d6f28b
Support file scanning in filesystem source (#1030) 
* Rename directories to paths

* Generate protos

* Add file scanning support to filesystem source

* Add directories back to filesystem proto

* Generate protos

* Combine paths and directories from in source

* Add filesystem filter

* Address comments
 2023-02-27 12:15:05 -06:00
Bill Rich
ae2d510ced
Gitparse message fix (#1125) 
* Fix messages being reused

* Add comment about change.
 2023-02-23 15:20:54 -08:00
dependabot[bot]
05f6bd369f
Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.80.2 (#1117) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.80.2.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.78.0...v0.80.2)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 09:33:16 -08:00
raju-kamble
d151c1363e
fixing browserstack regex username detection (#1123) 2023-02-22 08:17:48 -08:00
ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
ee5b028c67
Adding initial protos for Google Drive scanner (#1121) 2023-02-22 10:04:46 -05:00
dependabot[bot]
38562df0f6
Bump github.com/rabbitmq/amqp091-go from 1.6.0 to 1.7.0 (#1103) 
Bumps [github.com/rabbitmq/amqp091-go](https://github.com/rabbitmq/amqp091-go) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/rabbitmq/amqp091-go/releases)
- [Changelog](https://github.com/rabbitmq/amqp091-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rabbitmq/amqp091-go/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/rabbitmq/amqp091-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 15:36:46 -08:00
dependabot[bot]
4f0e66f064
Bump github.com/TheZeroSlave/zapsentry from 1.12.0 to 1.14.0 (#1118) 
Bumps [github.com/TheZeroSlave/zapsentry](https://github.com/TheZeroSlave/zapsentry) from 1.12.0 to 1.14.0.
- [Release notes](https://github.com/TheZeroSlave/zapsentry/releases)
- [Commits](https://github.com/TheZeroSlave/zapsentry/compare/v1.12.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/TheZeroSlave/zapsentry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 15:36:16 -08:00
dependabot[bot]
0b4e3a66b1
Bump go.mongodb.org/mongo-driver from 1.11.1 to 1.11.2 (#1119) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 15:35:53 -08:00
dependabot[bot]
a293033386
Bump golang.org/x/net from 0.6.0 to 0.7.0 (#1122) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 15:35:21 -08:00
raju-kamble
d20f43b5c6
fix browserstack detector (#1120) 
* fixing browserstack regex username detection

* fixing browserstack regex username detection

* fixing browserstack regex username detection

* fix patterns

* fix patterns

---------

Co-authored-by: raju-bs <raju@browserstack.com>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-02-21 15:33:16 -08:00
dependabot[bot]
9ef9e9870d
Bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 (#1116) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 13:42:36 -08:00
Bill Rich
f1582aafa9
Drop tabs for filenames with spaces (#1115) 2023-02-16 17:15:32 -08:00
Bill Rich
9158dcaa80
Correctly parse most filenames with ' and ' (#1113) 2023-02-16 14:11:35 -08:00
ahrav
012fdfe3a2
Update helper text for max-archive-size. (#1114) 2023-02-16 13:56:55 -08:00
ahrav
ea71756e20
[chore] - archive size helper text (#1110) 2023-02-15 10:08:26 -08:00
ahrav
ea40c0f306
Add the unit for max archive size. (#1108) 2023-02-15 09:45:27 -08:00
dependabot[bot]
bcecbcd3d4
Bump github.com/getsentry/sentry-go from 0.17.0 to 0.18.0 (#1102) 
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-14 20:56:35 -06:00
dependabot[bot]
926f490c9f
Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#1101) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-14 20:55:34 -06:00
dependabot[bot]
bd17aa91e3
Bump golang.org/x/text from 0.6.0 to 0.7.0 (#1100) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-14 20:54:24 -06:00
Miccah
161e499142
[chore] Remove logrus from trufflehog (#1095) 
* [chore] Remove logrus from trufflehog

* Minor fixes

* Fix logFatal call

* Fix logrus call
 2023-02-14 17:00:07 -06:00
Miccah
c6826c4574
Fix nil scan options (#1107) 2023-02-14 12:09:45 -06:00
SAYGIN Metin
f2139a7615
Github filter support for exclude and include (#1087) 
* test

* Add missing head and base hash back.

---------

Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-02-14 08:40:53 -08:00
Dustin Decker
26c455d302
add more confluence options (#1105) 2023-02-13 13:58:02 -08:00
Mike Vanbuskirk
57983aed4e
adds TESTING doc w. steps for local GHA tests (#1093) 
make doc wording more explicit
 2023-02-13 13:06:50 -05:00
trufflesteeeve
4f13090c01
Remove duplicated detectors (#1092) 
In this case just Heroku and LinearAPI. But this includes the Moonclerck
detector, which appears to be a typo that got turned into a separate
detector type.

Co-authored-by: zubairk14 <zubair.khan@trufflesec.com>
 2023-02-13 11:44:19 -05:00