Commit graph

3580 commits

Author SHA1 Message Date
Ahrav Dutta
5a2820c164 revert s3 source file 2024-11-06 18:17:29 -08:00
Ahrav Dutta
789bd39255 more testing 2024-11-06 15:54:15 -08:00
Ahrav Dutta
804da8ef55 initial progress tracking logic 2024-11-05 15:54:01 -08:00
Ahrav Dutta
edd9cd523c updates 2024-11-05 14:06:05 -08:00
Ahrav Dutta
cd3d9d4264 add config option for s3 resumption 2024-11-05 14:03:25 -08:00
renovate[bot]
944d5dcdc2
fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.3.0 (#3561)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-11-05 11:30:54 -08:00
ahrav
bf89c89e09
[bug] - Correct Line Number Calculation (#3550)
* correclty report line number

* add addiitonal test cases
2024-11-05 08:53:18 -08:00
Kashif Khan
3f8ddd39a2
set verification error if failed to decode body (#3560) 2024-11-05 08:00:54 -08:00
Dustin Decker
5ca4a17a4c
Add owner to github tokens (#3558) 2024-11-04 14:43:30 -08:00
ahrav
fa871b0c1e
[feat] - Add Weights and Biases detector (#3551)
* add Weights and biases detector

* add to default detector list
2024-11-04 10:27:46 -08:00
ahrav
6923843bc4
[chore] - minor cleanup S3 source (#3554)
* cleanup s3 source

* revert
2024-11-04 08:54:30 -08:00
renovate[bot]
741146f17e
fix(deps): update module github.com/golang-jwt/jwt/v4 to v4.5.1 (#3555)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-11-03 14:57:15 -08:00
Cody Rose
e6d786a7d9
stop logging all GitLab projects (#3541)
#3532 stopped logging one huge GItLab slice, but there's a second one! We should stop logging it for the same reason.
2024-11-01 12:27:44 -04:00
renovate[bot]
a63bf95412
fix(deps): update module cloud.google.com/go/storage to v1.46.0 (#3544)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-31 18:33:02 -07:00
renovate[bot]
e3c5e2f32f
fix(deps): update module github.com/snowflakedb/gosnowflake to v1.12.0 (#3531)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-31 18:24:30 -07:00
renovate[bot]
0f48b680df
fix(deps): update module google.golang.org/api to v0.204.0 (#3543)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-31 18:23:40 -07:00
renovate[bot]
2efb9c19db
fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.3 (#3540)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-31 09:59:38 -07:00
Kashif Khan
bd5e287425
fixed gitlab extradata overwriting (#3537) 2024-10-31 07:14:39 -05:00
renovate[bot]
257413cc86
fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.2 (#3536)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-30 18:34:56 -07:00
Zachary Rice
4d355d414e
gcp cred not set (#3535)
* stopgap i guess

* slightly smarter
2024-10-30 16:39:31 -05:00
Zachary Rice
b6ace9d91a
strip symbol and DWARF tables (#3534) 2024-10-30 12:51:30 -05:00
Kashif Khan
84ec670228
standardize email pattern (#3524)
* standardize email pattern

* added email pattern test cases

* added negative test cases for email pattern
2024-10-30 11:39:07 -05:00
Cody Rose
d6ce0f82c3
Add Scanning team to CODEOWNERS (#3533) 2024-10-30 10:05:53 -04:00
Cody Rose
65e913e2c8
stop logging detailed group info (#3532)
Co-authored-by: Abdul Basit <basit.mussani@gmail.com>
2024-10-30 10:04:33 -04:00
Abdul Basit
9b2cef55c0
[analyze] Add Analyzer interface for Gitlab (#3232)
* implement analyzer interface for gitlab

* generated permissions, added unit test for gitlab analyzer

* revert deletion of scopes.go

* appending domain in resource names

* [chore]
moved expected output of test in json file to neat the code.

* updated the test for gitlab analyzer
to make more unique FullyQualifiedName, Ids are added for resources.

* remove unnecessary metadata field and fix github -> gitlab

* extract user id from access token json, make user as resource

* link analyzer with gitlab v2 detector

* fixed code breaking changes due to analyzer protobuf removal.

---------

Co-authored-by: Abdul Basit <abasit@folio3.com>
2024-10-30 18:46:50 +05:00
Abdul Basit
f4670aaab1
[feat] Gitlab inclusion globbing (#3500)
* Implemented gitlab inclusion globbing.
Included test.

* implemented two new flags for gitlab scan, includeRepo and excludeRepo to support globbing.
Apply globbing filter when repos is not provided.

* implemented integration test for inclusion globbing
remove test to check errors if globs are invalid.

* made changes to support glob compile errors.
modified changes to support glob compilation errors.

* removed unused context from few functions.
2024-10-30 18:23:34 +05:00
Sahil Silare
e81ff7630c
feat: added v3 API version for the detector captaindatago (#3484)
* feat: added `v3` API version for the detector `captaindatago`

* chore: renamed captaindata to captaindatav2

* fix: fixed v3 detector to follow new pattern

* feat: added versioner impl

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>

* feat: changed the name from v2 -> v1 and v3 -> v2

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>

---------

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>
Co-authored-by: Kashif Khan <70996046+kashifkhan0771@users.noreply.github.com>
2024-10-30 10:40:49 +05:00
Dustin Decker
0e7bce28e6
update aws descriptions (#3529) 2024-10-29 21:10:52 -07:00
Zachary Rice
b44dc24494
enforce timeout on circleci test (#3528)
* enforce timeout

* bump to 10s, 3s seemed too aggro
2024-10-29 15:59:02 -05:00
Zachary Rice
3e12bcb15c
rm snifftest (#3527) 2024-10-29 13:00:00 -05:00
Cody Rose
a136e31d83
Redact more source credentials (#3526)
This PR implements global log redaction for the credentials of most other source types. It doesn't redact for sources that don't load their credentials with Init as a way to keep the PR simple - we can do those separately.
2024-10-29 12:42:20 -04:00
Cody Rose
f42f63271b
Create global log redaction capability (#3522)
Some source use client libraries that can emit errors that contain sensitive information - in particular, git-facing libraries that embed tokens into repository URLs. This PR introduces a way of redacting them - starting with GitLab (where we've seen this most recently), but in theory extensible to other sources as needed.

This implementation uses a custom zap core; this might also be possible with a custom zap encoder, but I didn't test it out.

(The deleted core.go file was entirely unused.)
2024-10-29 09:44:07 -04:00
dylanTruffle
fe9cd2675c
Adding basic "what is trufflehog" to the readme (#3514)
* Update README.md

* Update README.md

* Update README.md

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-10-28 11:26:44 -07:00
Kashif Khan
f164ebcd88
Handle custom detector response and include in extra data (#3411)
* Handle custom detector response and include in extra data

* Added todo

* fixed panic

* simplicity is always good

* limit the response to 200 chars

* results should print now in output
2024-10-28 13:09:14 -05:00
Sahil Silare
c6aa491201
fix: fixed validation logic for calendarific (#3480) 2024-10-28 11:26:14 -05:00
renovate[bot]
fa9c4421dc
fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (#3518)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-28 09:23:23 -07:00
Cody Rose
ad15888a33
Move DecoderType into ResultWithMetadata #3502
Result.DecoderType is only ever used by ResultWithMetadata (via its embedded Result). This unnecessarily complicates the relationship between the types and adds some warts to #3457, so this PR moves DecoderType directly into the only struct which actually uses it.
2024-10-28 12:20:42 -04:00
Kashif Khan
97fac39885
Addeded 403 account block status code handling for gitlab (#3471)
* Addeded 403 account block status code handling for gitlab

* resolved comments

* removed unmarshalling logic
2024-10-28 11:12:30 -05:00
Kashif Khan
6a367ab763
updated gcpapplicationdefaultcredentials detector results with RawV2 (#3499)
* updated results with RawV2

* censored the refresh token in result
2024-10-28 08:35:04 -05:00
renovate[bot]
03d999caf5
fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (#3512)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-26 07:49:46 -07:00
renovate[bot]
ceb6e8f400
fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (#3510)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-26 07:49:12 -07:00
renovate[bot]
0e03eca376
fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (#3498)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-26 07:48:33 -07:00
Zachary Rice
e5d138d824
Adds a logging section in the contributing guidelines (#3509)
* adding logging section in contrib doc

* sample line

* Space
2024-10-25 12:11:14 -05:00
Sahil Silare
b48f748be0
fix: fixed verifcation pattern logic for bulksms (#3478)
* fix: fixed verifcation pattern logic for `bulksms`

* fix: addressed review comments

* fix: added check to break the loop if a combination matches

* fix: fixed key verification logic

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>

---------

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>
2024-10-25 10:47:06 +05:00
Helio Machado
9cf0a4cb28
Extend algoliaadminkey with additional checks (#3459) 2024-10-24 14:16:43 -05:00
renovate[bot]
0199e25a60
fix(deps): update module google.golang.org/api to v0.203.0 (#3497)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-24 10:44:43 -07:00
Sahil Silare
1aa1871f9a
fix: added correct api endpoint for verification & logic for Aeroworkflow (#3435)
* fix: added correct api endpoint for verification

* fix: fixed pattern detection logic in aeroworkflow
2024-10-24 12:16:39 -05:00
ahrav
01a2a4a3cc
remove debug log (#3505) 2024-10-24 09:40:23 -07:00
Cody Rose
4cc10d3da1
delete unused code (#3504) 2024-10-24 10:59:30 -05:00
Sahil Silare
c37edcd72e
fix: added correct verification endpoint & validation logic for alegra (#3437)
* fix: added correct verification endpoint for alegra

* fix: fixed email regex

* fix: added correct tests and validation

* fix: fixed alegra tests
2024-10-24 17:13:14 +05:00