Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
2525 commits 139 branches 257 tags 147 MiB
Commit graph

2525 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ankush Goel
703e158648
Detector-Competition-New : created grafana service account detector (#1960) 
* created grafana service account detector

* add import

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-06 15:41:37 -06:00
Ankush Goel
b2d541e0ea
Detector-Competition-Fix: fixed zulipchat detector (#1990) 
* fixed zulipchat detector

* fixed testing scenarios

* fixed test detector

* fixed test

* made chunking keyword from zulipchat to zulip

* fixed email regex

* fixed domain regex
 2023-11-06 12:22:47 -06:00
Ankush Goel
6259b179b9
Grafana (#2096) 
* Created Grafana Cloud API Key detector

* made the regex more bounded

* added boundary to regex
 2023-11-06 11:13:06 -06:00
Ankush Goel
aabfec4cdf
Competition-Detector-New: added eventbrite detector (#2072) 
* added eventbrite detector

* added packagename to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 16:42:13 -05:00
Ankush Goel
1371512ff3
logz.io detector (#2076) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 16:32:35 -05:00
Ankush Goel
06b5fc25ef
Coda Detector (#2075) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 15:50:05 -05:00
Zachary Rice
50a3a82cbb
fix (#2094) 2023-11-03 12:56:12 -05:00
Corben Leo
de8889b406
Detector-Competition-Fix: Fix LiveAgent Detector & Verifier (#2001) 
* Detector-Competition-Fix: Fix LiveAgent Detector & Verifier

* update regex
 2023-11-03 12:28:20 -05:00
dylanTruffle
0b90265802
pulling short lived AWS keys into their own thing, fixes #1224 (#2088) 
* pulling short lived AWS keys into their own thing, fixes #1224

* Update awssessionkey.go

* fmt

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 11:58:49 -05:00
Cody Rose
7a156330b5
Support multiple detectors per match (#2065) 
#1711 inadvertently removed the ability to match multiple custom detectors, or multiple detectors of the same type but different version, to a given keyword. (#2060 re-added support for multiple versions of detectors globally, and #2064 re-added support for multiple custom detectors globally, but neither fixed trufflehog's inability to support multiple such detectors for a given keyword match.) This PR re-adds the removed functionality (and narrows the AhoCorasickCore interface in the process.)
 2023-11-03 12:26:18 -04:00
Miccah
600903f391
[chore] Speedup IsKnownFalsePositive using sets (#2090) 
Also check that the match is a valid UTF-8 string.
 2023-11-03 08:45:00 -07:00
Corben Leo
3b9ecaa704
Detector-Competition-Fix: Fix ScraperSite (deprecated) (#2074) 
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
 2023-11-03 11:15:53 -04:00
Corben Leo
41e9cc59e2
Detector-Competition-Fix: Fix PassBase (acquired, deprecated) (#2079) 2023-11-03 08:59:32 -05:00
Ankush Goel
b95ed3b41a
Detector-Competition-New - Created Grafana Cloud API Key detector (#1959) 
* Created Grafana Cloud API Key detector

* made the regex more bounded

* added boundary to regex
 2023-11-03 09:25:54 -04:00
Corben Leo
9e52e3e86f
Detector-Competition-Fix: Fix/Deprecate Prospect.io (#2081) 
* Detector-Competition-Feat: Fix/Deprecate Prospect.io

* Detector-Competition-Fix: fix defaults.go
 2023-11-03 07:04:42 -05:00
joeleonjr
a1d74cd887
added resource type mapping to extraData in AWS (#2087) 
* added resource type mapping to extraData in AWS

* updating aws regex + logic for resource type
 2023-11-02 17:03:03 -04:00
Corben Leo
b5cc6c196c
Detector-Competition-Fix: Fix FakeJSON (deprecated) (#2073) 2023-11-02 15:43:49 -05:00
Ankush Goel
ab896890b4
fixed helpscout detector regex and verifier (#2056) 2023-11-02 14:20:26 -05:00
Ankush Goel
965a274de9
Detector-Competition-Fix: fixed regex for databricks domain and fixed tests (#1965) 
* fixed regex for domain and fixed tests

* fixed regex

* fixed an issue with regex subgrouping

* made recommended changes

* made recommended changed

* fixed RawV2
 2023-11-02 11:26:31 -05:00
Ankush Goel
b6469f23ac
modified regex (#2033) 2023-11-02 11:24:37 -05:00
dylanTruffle
4106ce7bf0
Detector-Competition-Feat: Adding Azure Container Registry Password Detector (#1958) 
* implementing azure container registry password detector

* Fixing boundry feedback

* whoops

* update verification code

* fix regex

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-02 11:17:01 -05:00
Corben Leo
07f6c84aa4
Detector-Competition-Fix: Fix SentimentInvestor (deprecated) (#2078) 2023-11-01 11:54:40 -05:00
Miccah
9d6bc8c504
Refactor git source to support scanning units (#2083) 2023-11-01 09:52:58 -07:00
Miccah
52600a897a
[chore] Replace chunks channel with ChunkReporter in git based sources (#2082) 
ChunkReporter is more flexible and will allow code reuse for unit
chunking. ChanReporter was added as a way to maintain the original
channel functionality, so this PR should not alter existing behavior.
 2023-11-01 09:22:44 -07:00
ahrav
d55cb56db4
update comment (#2084) 
update Cache.Contents() comment
 2023-11-01 07:36:22 -07:00
Cody Rose
7197e4b3f1
use rawv2 for pubnubpublish (#2062) 
We're seeing secrets of this type flap between verified and unverified, which is expected behavior for multipart secrets without RawV2 defined. This PR adds RawV2 for secrets of this type.
 2023-11-01 10:14:28 -04:00
ahrav
95e0090bc2
[chore] - correctly handle input shorter than 512 bytes (#2077) 
* correctly handle input shorter than 512 bytes

* add tests

* reorder tests

* add another test case

* update test

* address comment
 2023-10-31 16:42:42 -07:00
ahrav
89b6315e19
[chore] - add binutils dep to dockerfile (#2061) 
* add binutils dep to dockerfile

* add cpio

* add dep
 2023-10-31 16:40:19 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
74a56de831
update braintreepayments detector to tri-state verification (#1834) 
* update braintreepayments detector to tri-state verification

* Update pkg/detectors/braintreepayments/braintreepayments.go

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>

* small nits

* small nits

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-10-31 16:13:48 -04:00
dylanTruffle
8bac2b15ba
Detector-Competition-Feat: Adding Azure Batch keys (#1956) 
* adding azure batch

* fmt

* fix lint

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-10-31 10:49:04 -05:00
dylanTruffle
499cb64546
Detector-Competition-Fix: Fix redis to now support SSL, and look for azure redis connection strings (#1957) 
* adding azure redis, and fixing the old detector to support ssl too

* fix?

* other way

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-10-31 10:17:55 -05:00
Corben Leo
a4fd17c9d1
Detector-Competition-Fix: Fix AppFollow Detection & Verification (#1933) 
* Detector-Competition-Fix: Fix AppFollow Detection & Verification

* fix(regex): update jwt regex for appfollow
 2023-10-31 09:43:20 -05:00
ahrav
a9b056de0a
Centralize logic for checking archive extraction tools (#2063) 
* Centralize logic for checking archive extraction tools

* simplify
 2023-10-30 20:14:51 -07:00
Miccah
57203a56cd
[chore] Fix SourceManager flaky test (#2059) 
* [chore] Fix SourceManager flaky test

Sorting by EndTime is not deterministic, however sorting by StartTime
should be. StartTime is set in a goroutine that's limited by
WithConcurrentUnits, so it should happen in order that the units are
received.

* Sort by unit ID
 2023-10-30 19:16:55 -07:00
Cody Rose
e58a2913ea
Support multiple custom detectors (#2064) 
#1711 accidentally removed the ability to support multiple custom detectors. This PR partially adds back this capability: Multiple custom detectors are now supported overall, but only one custom detector can be returned for a given keyword match.
 2023-10-30 18:17:17 -04:00
Corben Leo
de4a14b3f9
Detector-Competition-Fix: Fix SalesBlink Detection & Verification (#1950) 2023-10-30 16:10:24 -05:00
Damanpreet Singh
244ba3a214
Detector-Competition-Fix: Update formio regex to match Jwt token (#1935) 2023-10-30 16:08:19 -05:00
Corben Leo
6a15cd8f30
Detector-Competition-Fix: Fix Bitcoin Average detector (#1929) 2023-10-30 16:02:30 -05:00
Corben Leo
509fc6c0eb
Detector-Competition-Fix: Fix currencycloud.com API key (#1917) 
* Detector-Competition-Fix: Fix currencycloud.com API environment

* Detector-Competition-Fix: Fix currencycloud.com API environment

* fix(env): update environment
 2023-10-30 15:56:30 -05:00
Cody Rose
45059864f8
Re-add detector version (#2060) 
#2010 mistakenly removed detector version tracking from the Aho Corasick wrapper. This PR re-adds it.
 2023-10-30 15:34:33 -04:00
Dustin Decker
3c2270ae65
update kingpin import (#2053) 2023-10-30 10:58:38 -07:00
Dustin Decker
05fae156e1
Add TravisCI source (#1877) 
* Add TravisCI source

* update test to use sourcestest

* Remove jobPage loop

ListByBuild does not support pagination, so this was infinitely
repeating. https://developer.travis-ci.com/resource/jobs#find

* Continue chunking on error

* review updates

* update readme

---------

Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
 2023-10-30 07:28:25 -07:00
Cody Rose
876a55821b
Remove verify flag from Aho-Corasick core (#2010) 
The Aho-Corasick wrapper we have tracks information about whether verification should be enabled on an individual detector basis, but that functionality isn't related to the matching functionality of Aho-Corasick, and including it complicates the implementation. This PR removes it to simplify some things.

This PR removes some code that supported a potential future implementation of detector-specific verification settings, but that feature has not actually been implemented yet, so there's no loss of functionality. If we want that feature we can add it back on top of this in a more separated way.
 2023-10-30 09:52:51 -04:00
Ankush Goel
2a66d4117a
adding 'token' keyword to regex for github_old (#2037) 2023-10-29 20:45:35 -07:00
renovate[bot]
efe772331c
Update module github.com/go-git/go-git/v5 to v5.10.0 (#2023) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-29 18:01:01 -07:00
Damanpreet Singh
7a9332152a
Detector-Competition-Feat: Added Reply.io API token detector (#2019) 
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2023-10-29 17:57:36 -07:00
renovate[bot]
9a04208555
fix(deps): update module sigs.k8s.io/yaml to v1.4.0 (#2047) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-29 17:42:18 -07:00
Damanpreet Singh
0068ec54f2
Detector-Competition-Feat: Added Stripo API token detector (#2018) 
* Detector-Competition-Feat: Added Stripo API token detector

* adjust regex

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2023-10-29 17:26:14 -07:00
Richard Gomez
0427985ebe
feat: deno deploy detector (#2040) 
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2023-10-29 16:58:00 -07:00
renovate[bot]
a9cc772061
Update module google.golang.org/api to v0.148.0 (#2045) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-29 16:56:53 -07:00