Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-14 17:07:31 +00:00
Code Issues Projects Releases Packages Wiki Activity
3569 commits 139 branches 258 tags 180 MiB
Commit graph

3569 commits

This branch
This branch
All branches
Author SHA1 Message Date
renovate[bot]
741146f17e
fix(deps): update module github.com/golang-jwt/jwt/v4 to v4.5.1 (#3555) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-11-03 14:57:15 -08:00
Cody Rose
e6d786a7d9
stop logging all GitLab projects (#3541) 
#3532 stopped logging one huge GItLab slice, but there's a second one! We should stop logging it for the same reason.
 2024-11-01 12:27:44 -04:00
renovate[bot]
a63bf95412
fix(deps): update module cloud.google.com/go/storage to v1.46.0 (#3544) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-31 18:33:02 -07:00
renovate[bot]
e3c5e2f32f
fix(deps): update module github.com/snowflakedb/gosnowflake to v1.12.0 (#3531) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-31 18:24:30 -07:00
renovate[bot]
0f48b680df
fix(deps): update module google.golang.org/api to v0.204.0 (#3543) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-31 18:23:40 -07:00
renovate[bot]
2efb9c19db
fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.3 (#3540) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-31 09:59:38 -07:00
Kashif Khan
bd5e287425
fixed gitlab extradata overwriting (#3537) 2024-10-31 07:14:39 -05:00
renovate[bot]
257413cc86
fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.2 (#3536) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-30 18:34:56 -07:00
Zachary Rice
4d355d414e
gcp cred not set (#3535) 
* stopgap i guess

* slightly smarter
 2024-10-30 16:39:31 -05:00
Zachary Rice
b6ace9d91a
strip symbol and DWARF tables (#3534) 2024-10-30 12:51:30 -05:00
Kashif Khan
84ec670228
standardize email pattern (#3524) 
* standardize email pattern

* added email pattern test cases

* added negative test cases for email pattern
 2024-10-30 11:39:07 -05:00
Cody Rose
d6ce0f82c3
Add Scanning team to CODEOWNERS (#3533) 2024-10-30 10:05:53 -04:00
Cody Rose
65e913e2c8
stop logging detailed group info (#3532) 
Co-authored-by: Abdul Basit <basit.mussani@gmail.com>
 2024-10-30 10:04:33 -04:00
Abdul Basit
9b2cef55c0
[analyze] Add Analyzer interface for Gitlab (#3232) 
* implement analyzer interface for gitlab

* generated permissions, added unit test for gitlab analyzer

* revert deletion of scopes.go

* appending domain in resource names

* [chore]
moved expected output of test in json file to neat the code.

* updated the test for gitlab analyzer
to make more unique FullyQualifiedName, Ids are added for resources.

* remove unnecessary metadata field and fix github -> gitlab

* extract user id from access token json, make user as resource

* link analyzer with gitlab v2 detector

* fixed code breaking changes due to analyzer protobuf removal.

---------

Co-authored-by: Abdul Basit <abasit@folio3.com>
 2024-10-30 18:46:50 +05:00
Abdul Basit
f4670aaab1
[feat] Gitlab inclusion globbing (#3500) 
* Implemented gitlab inclusion globbing.
Included test.

* implemented two new flags for gitlab scan, includeRepo and excludeRepo to support globbing.
Apply globbing filter when repos is not provided.

* implemented integration test for inclusion globbing
remove test to check errors if globs are invalid.

* made changes to support glob compile errors.
modified changes to support glob compilation errors.

* removed unused context from few functions.
 2024-10-30 18:23:34 +05:00
Sahil Silare
e81ff7630c
feat: added v3 API version for the detector captaindatago (#3484) 
* feat: added `v3` API version for the detector `captaindatago`

* chore: renamed captaindata to captaindatav2

* fix: fixed v3 detector to follow new pattern

* feat: added versioner impl

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>

* feat: changed the name from v2 -> v1 and v3 -> v2

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>

---------

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>
Co-authored-by: Kashif Khan <70996046+kashifkhan0771@users.noreply.github.com>
 2024-10-30 10:40:49 +05:00
Dustin Decker
0e7bce28e6
update aws descriptions (#3529) 2024-10-29 21:10:52 -07:00
Zachary Rice
b44dc24494
enforce timeout on circleci test (#3528) 
* enforce timeout

* bump to 10s, 3s seemed too aggro
 2024-10-29 15:59:02 -05:00
Zachary Rice
3e12bcb15c
rm snifftest (#3527) 2024-10-29 13:00:00 -05:00
Cody Rose
a136e31d83
Redact more source credentials (#3526) 
This PR implements global log redaction for the credentials of most other source types. It doesn't redact for sources that don't load their credentials with Init as a way to keep the PR simple - we can do those separately.
 2024-10-29 12:42:20 -04:00
Cody Rose
f42f63271b
Create global log redaction capability (#3522) 
Some source use client libraries that can emit errors that contain sensitive information - in particular, git-facing libraries that embed tokens into repository URLs. This PR introduces a way of redacting them - starting with GitLab (where we've seen this most recently), but in theory extensible to other sources as needed.

This implementation uses a custom zap core; this might also be possible with a custom zap encoder, but I didn't test it out.

(The deleted core.go file was entirely unused.)
 2024-10-29 09:44:07 -04:00
dylanTruffle
fe9cd2675c
Adding basic "what is trufflehog" to the readme (#3514) 
* Update README.md

* Update README.md

* Update README.md

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-10-28 11:26:44 -07:00
Kashif Khan
f164ebcd88
Handle custom detector response and include in extra data (#3411) 
* Handle custom detector response and include in extra data

* Added todo

* fixed panic

* simplicity is always good

* limit the response to 200 chars

* results should print now in output
 2024-10-28 13:09:14 -05:00
Sahil Silare
c6aa491201
fix: fixed validation logic for calendarific (#3480) 2024-10-28 11:26:14 -05:00
renovate[bot]
fa9c4421dc
fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (#3518) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-28 09:23:23 -07:00
Cody Rose
ad15888a33
Move DecoderType into ResultWithMetadata #3502 
Result.DecoderType is only ever used by ResultWithMetadata (via its embedded Result). This unnecessarily complicates the relationship between the types and adds some warts to #3457, so this PR moves DecoderType directly into the only struct which actually uses it.
 2024-10-28 12:20:42 -04:00
Kashif Khan
97fac39885
Addeded 403 account block status code handling for gitlab (#3471) 
* Addeded 403 account block status code handling for gitlab

* resolved comments

* removed unmarshalling logic
 2024-10-28 11:12:30 -05:00
Kashif Khan
6a367ab763
updated gcpapplicationdefaultcredentials detector results with RawV2 (#3499) 
* updated results with RawV2

* censored the refresh token in result
 2024-10-28 08:35:04 -05:00
renovate[bot]
03d999caf5
fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (#3512) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-26 07:49:46 -07:00
renovate[bot]
ceb6e8f400
fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (#3510) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-26 07:49:12 -07:00
renovate[bot]
0e03eca376
fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (#3498) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-26 07:48:33 -07:00
Zachary Rice
e5d138d824
Adds a logging section in the contributing guidelines (#3509) 
* adding logging section in contrib doc

* sample line

* Space
 2024-10-25 12:11:14 -05:00
Sahil Silare
b48f748be0
fix: fixed verifcation pattern logic for bulksms (#3478) 
* fix: fixed verifcation pattern logic for `bulksms`

* fix: addressed review comments

* fix: added check to break the loop if a combination matches

* fix: fixed key verification logic

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>

---------

Signed-off-by: Sahil Silare <sahilsilare@gmail.com>
 2024-10-25 10:47:06 +05:00
Helio Machado
9cf0a4cb28
Extend algoliaadminkey with additional checks (#3459) 2024-10-24 14:16:43 -05:00
renovate[bot]
0199e25a60
fix(deps): update module google.golang.org/api to v0.203.0 (#3497) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-24 10:44:43 -07:00
Sahil Silare
1aa1871f9a
fix: added correct api endpoint for verification & logic for Aeroworkflow (#3435) 
* fix: added correct api endpoint for verification

* fix: fixed pattern detection logic in aeroworkflow
 2024-10-24 12:16:39 -05:00
ahrav
01a2a4a3cc
remove debug log (#3505) 2024-10-24 09:40:23 -07:00
Cody Rose
4cc10d3da1
delete unused code (#3504) 2024-10-24 10:59:30 -05:00
Sahil Silare
c37edcd72e
fix: added correct verification endpoint & validation logic for alegra (#3437) 
* fix: added correct verification endpoint for alegra

* fix: fixed email regex

* fix: added correct tests and validation

* fix: fixed alegra tests
 2024-10-24 17:13:14 +05:00
renovate[bot]
0608b22e4f
fix(deps): update module google.golang.org/api to v0.202.0 (#3496) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-23 09:20:04 -07:00
Richard Gomez
06e37caa04
chore: re-order log context fields (#3430) 2024-10-23 10:53:15 -04:00
renovate[bot]
9ad281a915
fix(deps): update module github.com/fatih/color to v1.18.0 (#3492) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-22 09:43:49 -07:00
Sahil Silare
d78239c9f5
feat: validation & verification fix for apiscience to apimetrics (#3475) 2024-10-22 11:31:32 -05:00
Sahil Silare
3f9ba20a1c
fix: fixed validation logic for cannyio (#3482) 2024-10-22 11:20:12 -05:00
ahrav
0b64fa0805
update error messages (#3490) 
Co-authored-by: Abdul Basit <basit.mussani@gmail.com>
 2024-10-22 07:54:55 -07:00
ahrav
2d1dc73c9e
[fix] - Inadvertent s3 body close (#3491) 
* fix object retrival

* update comment
 2024-10-21 19:54:06 -07:00
Bill Rich
abecab0d8f
Remove proto (#3489) 
Only used for tracking analyzer types
 2024-10-21 17:16:26 -07:00
renovate[bot]
86d2c6ded3
fix(deps): update testcontainers-go monorepo to v0.34.0 (#3488) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-21 08:44:06 -07:00
renovate[bot]
5c99a9964a
fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.1 (#3487) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-10-21 08:43:05 -07:00
Cody Rose
3ab60865c8
Extract FP logic correctly at other call site #3476 2024-10-21 09:51:53 -04:00