* implement analyzer interface for shopify
* fixed shopify analyzer according to new code and generated permissions
* shopify analyzer test added
* [chore]
- key validations
- linked analyzer with detectors
* [chore]
- moved redundant initialize to global.
* [chore]
moved expected output of test in json file to neat the code.
* [Fixes]
- Fixed permission and category resource issue in shopify analyzer
- corrected test for shopify analyzer
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface, add unit test and link with detector for mailgun
* [chore] moved expected output of test in json file to neat the code.
corrected variable name for test in detector bucket
* append domain id in fully qualified name of domain resources
* [Fixes]
domains will be added as resource in bindings and permissions.
updated the test.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for mysql
* add integration test for mysql analyzer
* linked detectors with analyzers for jdbc and mysql
validation for connection string in analyzer
* refactored secretInfoToAnalyzerResult func
* generated permissions for mysql analyzer
* [chore]
- optimization in execution flow
- use test-container library for analyze test.
* added host in secret info struct
simplified the mysql test due to huge structure
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for postgres
* added unit test for postgres analyzer
* refactored code in postgres analyzer
* generate permissions for postgres analyzer
* renamed variable
* [chore] corrected the variable name.
* appended hostname to distinguish the resources.
updated the test.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for sourcegraph
* created permission for sourcegraph
test for sourcegraph.
added email in resource metadata.
* handling of missing keys in map
* linked sourcegraph detector to analyzer
* update the fullyqualidied name of resource to make it unique.
updated the test.
* add current user email in metadata
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* impelmented analyzer interface with data models for Asana
* add unit test for asana analyzer
* link asana detector with analyzer
* added permission for asana
linked detector with only positive cases.
* to make test cleaner moved want json in external file.
Moreover without sorting test will not be able to compare.
* use general functions to avoid code duplication.
optimize app permission making logic.
* [fix] assigned bindings to results.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for slack
* slack analyzer adjusted for new changes in main, unit test added
* link detector with analyzer for slack
* added generated permissions for slack analyzer
* generate permission fix, keep dot in permissions intact
* removed scope from permission and put it metadata.
* [chore]
moved expected output of test in json file to neat the code.
added team id in fully qualified name of user resource.
check permissions before adding it in bindings.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for mailchimp
* link detector with analyzer for mailchimp
* fix analyzer type
* add mailchimp analyzer test
* [chore] appended string to make fulllyqualifiedname as unique.
* [chore]
moved expected output of test in json file to neat the code.
removed PII information in metadata.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for sendgrid
* add unit test for sendgrid analyzer
* fixed sendgrid detector.
linked analyzer with sendgrid detector.
handling if key not found in map
* category as resource.
if subcategory is present then subcategory will become resource with parent category
* corrected test and remove hardcoded boolean for printing in sendgrid
* incorporate code refactoring and suggestion for FullyQualifiedName for subcategory by Miccah.
* generate permissions for sendgrid analyzer
* [NIT] rather than updating the global scopes variable, ProcessPermission will return new list of categories with Permission and eliminate those which are not in generated one.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for opsgenie and add unit tests
* Add analyzer interface for opsgenie
linked detector with analyzers
fixed test cases.
* generate permissions for opsgenie and change scope names to lowercase for consistency
* fixed unboundedresources slice issue.
username as fullqualifiedname
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for postman and add unit test
* analyzer interface inplementation for postman
linked detector with analyzer for postman
add permission for postman
* [fix] linter in postman
* considered Miccah comments about fullyqualifiedName and code refactoring.
* moved want result to expected output file.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
We have identified some cases in which the results "cleaning" logic (the logic that eliminates superfluous results) should not run. In order to allow this, we need to expose the cleaning logic to the engine. This PR does so by doing these things:
- Create a CustomResultsCleaner interface that can be implemented by detectors that want to use custom cleaning logic
- Implement this interface for the aws and awssessionkey detectors (and remove their previous invocation of their custom cleaning logic)
- Modify the engine to invoke this logic (conditionally)
This PR also removes the "custom" cleaning logic for the opsgenie, razorpay, and twilio detectors, because it was added erroneously.
This is an alternative implementation of #3233.
* implemented analyzer interface with data models for HuggingFace
* correct test for huggingface due to new addition of key in detection result.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for square
* linked detector with analyzer for square
fix test for square.
* code refactoring
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for stripe
* consider cateogry as unbound resource if there is no permission with it.
* check for key existence in map.
pass on analysis info from Stripe detector.
test change to remove analysis info.
* remove Valid boolean from metadata of analyzer result
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
The AWS detector verifies credentials in a weird hacky way to work around some non-obvious STS behavior. This workaround does not work for canary tokens, so I updated the test secrets to use non-canary tokens. This PR updates the tests to match the secrets file changes.
* [analyze] Implement Analyzer interface for github
* Make github repo and user enumeration configurable
* Add AnalysisInfo to github detector
* Use AnalyzeAndPrintPermissions from the CLI
* Add POC analyze sub-command
* Address lint errors
* [chore] Embed scopes at compile time
* [chore] Move subcommand check up to prevent printing metrics
* added http logging to most analyzers
* Use custom RoundTripper with default http.Client
* Create framework of interfaces, structs, and protos
* Merge main
* Add AnalysisInfo to detectors.Result
* Hide analyze subcommand
* Update gen_proto.sh
* Update protos
* Make protos
* Update analyzer data types
* Rename argument to credentialInfo
---------
Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
* implemented a netsuite detector
* implemented the netsuite detector with modified test.
* clean up go.sum by running `go mod tidy`
* implemented a netsuite detector
* implemented the netsuite detector with modified test.
* clean up go.sum by running `go mod tidy`
* Incorporated suggestion by Ahrav
- optimized nonce generation logic.
- use string builder as compare to concatenation.
* fix go.sum
* fix import
* fix
---------
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
* adding v1 eleven labs
* updating elevenlabs to support old and new version
* fixing status codes
* lint fixes
* adding test for v2
* adding test for v1
* return err
---------
Co-authored-by: Dylan Ayrey <dylan@Dylans-MacBook-Pro.local>
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
