Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-14 00:47:21 +00:00
Code Issues Projects Releases Packages Wiki Activity
2557 commits 138 branches 258 tags 165 MiB
Commit graph

21 commits

Author SHA1 Message Date
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
1a1b2ca51a
updating uri detector to use tri-state verification (#1791) 2023-09-21 11:20:40 -04:00
ahrav
a5fbc54312
[chore] - update benchmarks. (#1641) 
* update benchmarks.

* remove dupe timer reset.
 2023-08-23 14:34:10 -07:00
trufflesteeeve
d03a74776e
Fix URI detector false results when the redacted password has been URL encoded (#1489) 2023-07-14 13:35:50 -04:00
Dustin Decker
ca1947291b
Update sqlserver redaction, deduplication, and URI redaction (#1369) 
* Update sqlserver redaction, deduplication, and URI redaction

* don't use pointer
 2023-06-09 11:06:54 -07:00
Dustin Decker
e217e2fbfd
Ensure multipart credentials are deduplicated correctly (#1271) 
* Ensure multipart credentials are deduplicated correctly

* update tests
 2023-04-20 15:07:59 -07:00
Miccah
4efe5313f4
[chore] Address lint errors (#1133) 
* Update strings.Title to cases.Title

* Migrate go-genproto to google-cloud-go

See: https://github.com/googleapis/google-cloud-go/blob/main/migration.md

* Check error in test

* Check error from sem.Acquire

* Remove unused code
 2023-02-27 21:03:47 -06:00
trufflesteeeve
114f4b6989
Add Type() to detector interface (#1088) 
* Add Type() to detector interface

The goal here is to allow the detector type information to be used
without the need for reflection. This could possibly allow us to more
easily inject information into detectors or filter them out if
necessary.

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>

* remove test detector

---------

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
 2023-02-09 14:46:03 -08:00
Dustin Decker
b45369cdbb
Skip some FTP FPs (#929) 2022-11-21 06:52:21 -08:00
Dustin Decker
5f0964add8 remove path for deduping URI 2022-11-06 08:12:46 -08:00
Dustin Decker
a7fc12240f
Do local URI verification, while attempting to defuse SSRF (#879) 
* simplify monogo pattern

* do URI verification locally, while attempting to defuse SSRF

* test SSRF defuse

* simplify err check logic per linter recommendation

* split up detectors

* address comments

* remove unused var
 2022-11-01 17:27:24 -07:00
ahrav
fe029b1098
[THOG-793] - Return all unverified results (#856) 
* Remove the check to filter and return only a single unverified result.

* Revert "Remove the check to filter and return only a single unverified result."

This reverts commit 494e432803.

* Add new CLI flag to filter unverified results.
 2022-10-31 09:36:10 -07:00
Dustin Decker
785cead43e
Ignore URIs where the password is redacted (#842) 
Only `*`s in the password is a redacted basic auth URI.
 2022-10-11 14:18:52 -07:00
Miccah
c4ca7d7c8b
Mark detector tests with a build flag (#613) 2022-07-07 10:27:21 -07:00
ahrav
198cb1a786
Clean up comments. (#562) 2022-05-16 09:03:10 -07:00
trufflesteeeve
b5743277a3
Detectors that fail verification should still report the unverified secret (#440) 
* Detectors that fail verification should still report the unverified secret

* fixup - change microsoft webhook keywords, filter false positives for old github detector

* fixup - fix typo
 2022-04-21 15:32:26 -07:00
Dustin Decker
a1dfcde9a6
address detector issues (#123) 2022-04-01 18:51:41 -07:00
Dustin Decker
99372694ca check request errors 2022-03-23 16:42:34 -07:00
Dustin Decker
c80bd5e905 Fix linting and dogfood in CI 2022-03-04 08:39:23 -08:00
Dustin Decker
86c2eb507b Adding detectors (#46) 
* rename secret

* Add supporting docs and tooling for adding new detectors
 2022-03-04 08:39:22 -08:00
Dustin Decker
77418fb3f8 module v3 2022-02-15 18:54:47 -08:00
Dustin Decker
5596025b0b more detectors 2022-02-15 18:46:28 -08:00