Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
1986 commits 139 branches 257 tags 147 MiB
Commit graph

1986 commits

This branch
This branch
All branches
Author SHA1 Message Date
Miccah
e6846ede54
Support filtering detectors by version (#1150) 
* Adjust types to use DetectorID struct

* Parse versions with detector include and exclude input

* Update detectors filter to use version

Co-authored-by: steeeve <steve@trufflesec.com>

* Implement Versioner for github, gitlab, and npm detectors

Co-authored-by: steeeve <steve@trufflesec.com>

---------

Co-authored-by: steeeve <steve@trufflesec.com>
 2023-03-02 16:33:56 -06:00
Dustin Decker
4500ac3b10
Release should only run on tags (#1146) 2023-03-02 09:57:38 -08:00
Zachary Rice
4777b77ec6
Keyword optimization (#1144) 
* init

* ignore trufflehog binary and added comment

* remove unused keywords in chunk, better comment

* remove keywords from engine struct
 2023-03-02 11:32:37 -06:00
zhuwenxing
c72840de67
Rename .pre-commit-hooks.yml to .pre-commit-hooks.yaml (#1141) 
Signed-off-by: zhuwenxing <wenxing.zhu@zilliz.com>
 2023-03-01 09:00:12 -08:00
ahrav
aa47e5e248
Only scanned staged git changes. (#1143) 2023-03-01 08:58:36 -08:00
Yassine Ilmi
0cf9139df6
Disable profiler in debug mode and add profile switch (#1136) 2023-02-28 12:49:54 -08:00
ahrav
86370333ec
Add pre-commit yml config (#1138) 
* Add pre-commit yml config.

* Add --fail flag.
 2023-02-28 11:31:24 -08:00
dependabot[bot]
64c163cd90
Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1130) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-28 08:46:04 -08:00
Miccah
3870be256c
Close response bodies (#1137) 2023-02-28 10:43:00 -06:00
ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
2315192fda
Custom regex parallel verify (#1127) 
* Refactor generating CustomRegex results into a helper function

* Added errGroup for createResults, and ensure goroutines are non-blocking

* clean return

---------

Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
 2023-02-28 11:12:24 -05:00
Miccah
6209a80ce1
[chore] Address more linter errors (#1134) 
* Address lint errors in detectors

* Update deprecated ioutil call
 2023-02-28 10:00:41 -06:00
Miccah
4efe5313f4
[chore] Address lint errors (#1133) 
* Update strings.Title to cases.Title

* Migrate go-genproto to google-cloud-go

See: https://github.com/googleapis/google-cloud-go/blob/main/migration.md

* Check error in test

* Check error from sem.Acquire

* Remove unused code
 2023-02-27 21:03:47 -06:00
Miccah
7373954ddf
[chore] Update docs for individual file scanning (#1132) 2023-02-27 21:03:19 -06:00
Miccah
d2d03426ed
Implement String for ScanErrors (#1131) 
This will concatenate all errors together into a single string. When
possible, it would be better to log the actual errors slice to take
advantage of structured logging.
 2023-02-27 21:02:59 -06:00
Miccah
dd39848709
Add ability to include and exclude detectors (#1106) 
* Add ability to include and exclude detectors

* Trim space before checking for empty items

* Explicitly check for integer overflow

* Use strconv.ParseInt instead of strconv.Atoi

* Address comments
 2023-02-27 16:46:45 -06:00
Miccah
c5b4d6f28b
Support file scanning in filesystem source (#1030) 
* Rename directories to paths

* Generate protos

* Add file scanning support to filesystem source

* Add directories back to filesystem proto

* Generate protos

* Combine paths and directories from in source

* Add filesystem filter

* Address comments
 2023-02-27 12:15:05 -06:00
Bill Rich
ae2d510ced
Gitparse message fix (#1125) 
* Fix messages being reused

* Add comment about change.
 2023-02-23 15:20:54 -08:00
dependabot[bot]
05f6bd369f
Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.80.2 (#1117) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.80.2.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.78.0...v0.80.2)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 09:33:16 -08:00
raju-kamble
d151c1363e
fixing browserstack regex username detection (#1123) 2023-02-22 08:17:48 -08:00
ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
ee5b028c67
Adding initial protos for Google Drive scanner (#1121) 2023-02-22 10:04:46 -05:00
dependabot[bot]
38562df0f6
Bump github.com/rabbitmq/amqp091-go from 1.6.0 to 1.7.0 (#1103) 
Bumps [github.com/rabbitmq/amqp091-go](https://github.com/rabbitmq/amqp091-go) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/rabbitmq/amqp091-go/releases)
- [Changelog](https://github.com/rabbitmq/amqp091-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rabbitmq/amqp091-go/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/rabbitmq/amqp091-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 15:36:46 -08:00
dependabot[bot]
4f0e66f064
Bump github.com/TheZeroSlave/zapsentry from 1.12.0 to 1.14.0 (#1118) 
Bumps [github.com/TheZeroSlave/zapsentry](https://github.com/TheZeroSlave/zapsentry) from 1.12.0 to 1.14.0.
- [Release notes](https://github.com/TheZeroSlave/zapsentry/releases)
- [Commits](https://github.com/TheZeroSlave/zapsentry/compare/v1.12.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/TheZeroSlave/zapsentry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 15:36:16 -08:00
dependabot[bot]
0b4e3a66b1
Bump go.mongodb.org/mongo-driver from 1.11.1 to 1.11.2 (#1119) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 15:35:53 -08:00
dependabot[bot]
a293033386
Bump golang.org/x/net from 0.6.0 to 0.7.0 (#1122) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 15:35:21 -08:00
raju-kamble
d20f43b5c6
fix browserstack detector (#1120) 
* fixing browserstack regex username detection

* fixing browserstack regex username detection

* fixing browserstack regex username detection

* fix patterns

* fix patterns

---------

Co-authored-by: raju-bs <raju@browserstack.com>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-02-21 15:33:16 -08:00
dependabot[bot]
9ef9e9870d
Bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 (#1116) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-21 13:42:36 -08:00
Bill Rich
f1582aafa9
Drop tabs for filenames with spaces (#1115) 2023-02-16 17:15:32 -08:00
Bill Rich
9158dcaa80
Correctly parse most filenames with ' and ' (#1113) 2023-02-16 14:11:35 -08:00
ahrav
012fdfe3a2
Update helper text for max-archive-size. (#1114) 2023-02-16 13:56:55 -08:00
ahrav
ea71756e20
[chore] - archive size helper text (#1110) 2023-02-15 10:08:26 -08:00
ahrav
ea40c0f306
Add the unit for max archive size. (#1108) 2023-02-15 09:45:27 -08:00
dependabot[bot]
bcecbcd3d4
Bump github.com/getsentry/sentry-go from 0.17.0 to 0.18.0 (#1102) 
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-14 20:56:35 -06:00
dependabot[bot]
926f490c9f
Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#1101) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-14 20:55:34 -06:00
dependabot[bot]
bd17aa91e3
Bump golang.org/x/text from 0.6.0 to 0.7.0 (#1100) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-14 20:54:24 -06:00
Miccah
161e499142
[chore] Remove logrus from trufflehog (#1095) 
* [chore] Remove logrus from trufflehog

* Minor fixes

* Fix logFatal call

* Fix logrus call
 2023-02-14 17:00:07 -06:00
Miccah
c6826c4574
Fix nil scan options (#1107) 2023-02-14 12:09:45 -06:00
SAYGIN Metin
f2139a7615
Github filter support for exclude and include (#1087) 
* test

* Add missing head and base hash back.

---------

Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-02-14 08:40:53 -08:00
Dustin Decker
26c455d302
add more confluence options (#1105) 2023-02-13 13:58:02 -08:00
Mike Vanbuskirk
57983aed4e
adds TESTING doc w. steps for local GHA tests (#1093) 
make doc wording more explicit
 2023-02-13 13:06:50 -05:00
trufflesteeeve
4f13090c01
Remove duplicated detectors (#1092) 
In this case just Heroku and LinearAPI. But this includes the Moonclerck
detector, which appears to be a typo that got turned into a separate
detector type.

Co-authored-by: zubairk14 <zubair.khan@trufflesec.com>
 2023-02-13 11:44:19 -05:00
Dustin Decker
ae14e4506f
add smoke test (#1099) 2023-02-11 11:09:36 -08:00
Dustin Decker
0c66d30c1f
Revert "Make detectors configurable (#1084)" (#1097) 
This reverts commit 67784f6928.
 2023-02-11 08:12:13 -08:00
ahrav
67784f6928
Make detectors configurable (#1084) 
* Make detectors configurable.

* remove redundant check.

* add number of detectors.

* update comment.

* remove reflect.

* inline key.

* replace name w/ type.

* remove temp var.

* fix test name.

* fix engine start.

* add filter unverified to engine.

* reorder engine args.

* Address comments.

* Add include and exclude.

* update comments.

* add comment.

* add comment.
 2023-02-10 16:30:38 -08:00
ahrav
c5c8d10d28
[chore] - Remove monolithic config struct (#1091) 
* REmove monolithic config struct.

* fix broken test.
 2023-02-10 12:43:00 -08:00
Miccah
d317ddb51a
[chore] Remove logrus from circleci, filesystem, gitlab, and s3 sources (#1089) 
* [chore] Remove logrus from circleci, filesystem, gitlab, and s3 sources

* Address comments
 2023-02-10 11:02:55 -06:00
dependabot[bot]
29be679370
Bump github.com/joho/godotenv from 1.4.0 to 1.5.1 (#1075) 
Bumps [github.com/joho/godotenv](https://github.com/joho/godotenv) from 1.4.0 to 1.5.1.
- [Release notes](https://github.com/joho/godotenv/releases)
- [Commits](https://github.com/joho/godotenv/compare/v1.4.0...v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/joho/godotenv
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-09 20:02:06 -08:00
Miccah
0ce72ccda3
[chore] Remove logrus from github source (#1086) 
* [chore] Remove logrus from github source

* Fix handleRateLimit test

* Fix tests
 2023-02-09 18:02:04 -06:00
Miccah
58e8c1e4ac
[chore] Remove logrus from engine package (#1085) 2023-02-09 16:55:19 -06:00
trufflesteeeve
114f4b6989
Add Type() to detector interface (#1088) 
* Add Type() to detector interface

The goal here is to allow the detector type information to be used
without the need for reflection. This could possibly allow us to more
easily inject information into detectors or filter them out if
necessary.

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>

* remove test detector

---------

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
 2023-02-09 14:46:03 -08:00
ahrav
e47cc2451f
Dont pre-allocate errors slice. (#1083) 2023-02-08 17:33:30 -08:00