Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-14 00:47:21 +00:00
Code Issues Projects Releases Packages Wiki Activity
1931 commits 138 branches 258 tags 165 MiB
Commit graph

1373 commits

Author SHA1 Message Date
Gobind Singh
66eb87f414
Update verification endpoint (#1179) 2023-03-29 06:41:27 -07:00
Zachary Rice
c4f08e3f17
Run golang lint on entire repo instead of patches (#1214) 
* lint on all branches to catch warnings earlier

* lint entire source on PRs

* fix lint
 2023-03-28 15:01:44 -05:00
Dustin Decker
31d5655308
Fix OpenAI test (#1186) 
* Add OpenAI Detector

* Add OpenAI Detector tests

* Add OpenAI Detector to defaults.go

* Removing references to github detector in tests

* update test

---------

Co-authored-by: Yassine Ilmi <Yassine.Ilmi@thomsonreuters.com>
 2023-03-27 10:07:57 -07:00
garg472
3e4496156c
added new detectors and fixed mesibo detector (#1166) 
* added new detectors and fixed mesibo detector

* added bscscan.com API detector

* added coinmarketcap detector

* update alchemy

* update blocknative

* update bscscan test

* update cmc test

* update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-03-16 18:57:08 -07:00
Yassine Ilmi
d382d5cb1c
Add OpenAI API Tokens detector (#1142) 
* Add OpenAI Detector

* Add OpenAI Detector tests

* Add OpenAI Detector to defaults.go

* Removing references to github detector in tests
 2023-03-16 17:58:22 -07:00
raju-kamble
3c1bb45bfb
updating browserstack detector user and key PrefixRegex strings (#1176) 
Co-authored-by: raju-bs <raju@browserstack.com>
 2023-03-16 08:41:29 -07:00
trufflesteeeve
2b1c42ceb1
Make slack webhook detector regex more specific (#1168) 
* Make slack webhook detector regex more specific

* fixup - add better body contains check
 2023-03-10 14:01:10 -08:00
Miccah
e6846ede54
Support filtering detectors by version (#1150) 
* Adjust types to use DetectorID struct

* Parse versions with detector include and exclude input

* Update detectors filter to use version

Co-authored-by: steeeve <steve@trufflesec.com>

* Implement Versioner for github, gitlab, and npm detectors

Co-authored-by: steeeve <steve@trufflesec.com>

---------

Co-authored-by: steeeve <steve@trufflesec.com>
 2023-03-02 16:33:56 -06:00
Miccah
3870be256c
Close response bodies (#1137) 2023-02-28 10:43:00 -06:00
Miccah
6209a80ce1
[chore] Address more linter errors (#1134) 
* Address lint errors in detectors

* Update deprecated ioutil call
 2023-02-28 10:00:41 -06:00
Miccah
4efe5313f4
[chore] Address lint errors (#1133) 
* Update strings.Title to cases.Title

* Migrate go-genproto to google-cloud-go

See: https://github.com/googleapis/google-cloud-go/blob/main/migration.md

* Check error in test

* Check error from sem.Acquire

* Remove unused code
 2023-02-27 21:03:47 -06:00
raju-kamble
d151c1363e
fixing browserstack regex username detection (#1123) 2023-02-22 08:17:48 -08:00
raju-kamble
d20f43b5c6
fix browserstack detector (#1120) 
* fixing browserstack regex username detection

* fixing browserstack regex username detection

* fixing browserstack regex username detection

* fix patterns

* fix patterns

---------

Co-authored-by: raju-bs <raju@browserstack.com>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-02-21 15:33:16 -08:00
Miccah
161e499142
[chore] Remove logrus from trufflehog (#1095) 
* [chore] Remove logrus from trufflehog

* Minor fixes

* Fix logFatal call

* Fix logrus call
 2023-02-14 17:00:07 -06:00
trufflesteeeve
4f13090c01
Remove duplicated detectors (#1092) 
In this case just Heroku and LinearAPI. But this includes the Moonclerck
detector, which appears to be a typo that got turned into a separate
detector type.

Co-authored-by: zubairk14 <zubair.khan@trufflesec.com>
 2023-02-13 11:44:19 -05:00
trufflesteeeve
114f4b6989
Add Type() to detector interface (#1088) 
* Add Type() to detector interface

The goal here is to allow the detector type information to be used
without the need for reflection. This could possibly allow us to more
easily inject information into detectors or filter them out if
necessary.

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>

* remove test detector

---------

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
 2023-02-09 14:46:03 -08:00
ahrav
80a68b84c2
update webex detector regex (#1062) 
* update webex detector regex.

* fix regex.
 2023-02-01 18:37:51 -08:00
ahrav
58b78b6a5a
Update float detector with correct User-Agent and regex (#1061) 
* Update float detector with correct User-Agent and regex.

* update import order.

* update emial.

* Delete http.go

* add http back.
 2023-02-01 09:48:13 -08:00
swdbo
a53758c4c4
braintree detector: use production API URL instead of the test sandbox version (#1054) 2023-02-01 08:41:52 -08:00
Cameron Lonsdale
0aa8e1cd98
Use access-token endpoint for validity check (#991) 2023-01-11 19:19:51 -08:00
Gonçalo Silva
e091fab94f
Use Todoist's REST API v2 (#978) 
v1 was deprecated on December 5, 2022.
 2022-12-14 16:52:19 -08:00
ahrav
054e98d108
Update slack webhook detector string check (#932) 
* Update slack webhook detector check to text.

* remove redunant slashes.
 2022-11-21 10:50:23 -08:00
Jessica
6e25664a52
add rambbitmq detector (#936) 
* add rambbitmq detector

* use fixed length redaction

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-11-21 10:47:41 -08:00
Dustin Decker
b45369cdbb
Skip some FTP FPs (#929) 2022-11-21 06:52:21 -08:00
Dustin Decker
ae4b387448
add LDAP detector (#896) 2022-11-18 19:45:11 -08:00
Dustin Decker
b18edef01a
Enable skipping of particular key IDs (#930) 
* Enable skipping of particular key IDs

* update test
 2022-11-18 09:09:40 -08:00
ahrav
b8be0a64a8
Use pointer to type. (#926) 2022-11-16 10:35:48 -08:00
Ankush Goel
64cfe4d85e
Update github_old.go (#916) 2022-11-15 10:40:55 -08:00
Johann Saunier
42a82fc7e1
Update Scrapfly API Key Format (#910) 2022-11-11 15:24:17 -05:00
Ankush Goel
bb0fa055dc
fixed mailchimp detector (#909) 
* fixed mailchimp detector

* Use sane http client

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-11-10 09:47:25 -05:00
kstilwell
ecd25784f5
Adding Shopify detector (#875) 
* Fixes/work based on testing

* Remove some commented code

* Change how verification happens and grab additional information

* Address linter warnings.

* add shopify detector to default detectors.

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2022-11-08 16:21:57 -08:00
Dustin Decker
5f0964add8 remove path for deduping URI 2022-11-06 08:12:46 -08:00
Miccah
85f5f3ea7b
Add sqlserver integration test and some default params (#891) 
* Improve anonymous redaction

* Add sqlserver integration test and some default params
 2022-11-02 11:04:49 -05:00
Dustin Decker
a7fc12240f
Do local URI verification, while attempting to defuse SSRF (#879) 
* simplify monogo pattern

* do URI verification locally, while attempting to defuse SSRF

* test SSRF defuse

* simplify err check logic per linter recommendation

* split up detectors

* address comments

* remove unused var
 2022-11-01 17:27:24 -07:00
ahrav
fe029b1098
[THOG-793] - Return all unverified results (#856) 
* Remove the check to filter and return only a single unverified result.

* Revert "Remove the check to filter and return only a single unverified result."

This reverts commit 494e432803.

* Add new CLI flag to filter unverified results.
 2022-10-31 09:36:10 -07:00
Dustin Decker
0c81cba918 remove noisy logging in sqlserver detector 2022-10-26 18:12:26 -07:00
Dustin Decker
ca8a5ef741
increase digitalocean token sensitivity (#872) 2022-10-26 08:22:21 -07:00
Dustin Decker
4f83dd816d
increase datadog token sensitivity (#871) 2022-10-26 08:22:10 -07:00
Dustin Decker
33c6c193e3
improve fastly validation endpoint and add extra data (#870) 2022-10-26 08:22:03 -07:00
Dustin Decker
466b9e2d6b
only detect live env razor pay and use std lib (#869) 
* only detect live env razor pay and use std lib

* fix shadowed var
 2022-10-26 08:13:13 -07:00
Dustin Decker
dac40519e4
support github fine grained tokens and add extra data (#868) 
* support github fine grained tokens and add extra data

* fix shadowed var
 2022-10-26 08:13:02 -07:00
Alexandr Marchenko
60464da3ce
proposal: SqlServer connection string detector (#867) 
* sqlserver added to detectors.proto

* make protos

* boilerplate detector generated

* wireup

* initial
 2022-10-26 07:46:13 -07:00
Ankush Goel
d29357c9d4
added npm detector (#841) 2022-10-13 06:04:02 -07:00
Dustin Decker
785cead43e
Ignore URIs where the password is redacted (#842) 
Only `*`s in the password is a redacted basic auth URI.
 2022-10-11 14:18:52 -07:00
ahrav
128002885a
Add decoder type to results. (#835) 2022-10-06 11:55:07 -07:00
Mildred Bernardo
3f6e5b44c9
Digitaloceanv2 detector (#832) 2022-10-03 18:01:01 -07:00
Mildred Bernardo
ad4b9406a7
Added digitaloceanv2 detector (#829) 
* Added digitaloceanv2 detector

* import detector

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-09-28 09:56:35 -07:00
ahrav
db42bcf2a2
[OC-103] - Add Gemini detector (#800) 
* Add Gemini detector.

* Add regex and test code for Gemini detector.

* Remove else.

* Add commentary.

* Address comments.

* Use regular else.

* Make nice and complicated.

* use regular detection pattern.

* Add detector to default detectors.
 2022-09-26 11:48:48 -07:00
rahuljaisinghani
3645a6e7b9
Browserstack regex (#808) 
* Update browserstack.go

* Update browserstack.go
 2022-09-25 13:32:45 -07:00
Miccah
ddc81bd7c1
[THOG-162] Implement JDBC verification for select drivers (#792) 
* [THOG-162] Implement JDBC verification for select drivers

Also includes integration tests for postgres and mysql via docker. To
run, execute the following (untested what will happen if the docker
images aren't installed):

go test -tags=detectors,integration ./pkg/detectors/jdbc

* Make jdbc regex a bit more strict

* Surface the context to allow the caller to set a timeout
 2022-09-21 17:50:48 +02:00