Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 06:31:57 +00:00
Code Issues Projects Releases Packages Wiki Activity
2931 commits 123 branches 240 tags 83 MiB
Commit graph

2324 commits

Author SHA1 Message Date
Richard Gomez
95dc8d6e16
Fix additional GitHub test errors #2614 2024-03-26 09:34:12 -04:00
Richard Gomez
9d4cf87c02
fix(github): resolve panic & test failures (#2608) 2024-03-22 09:49:01 -07:00
Ankush Goel
6dbe80806b
Dockerhub v2 detector (#2361) 
* Dockerhub v2 detector

* update package structure

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:30:35 -07:00
Richard Gomez
441d9ff005
Update Snyk detector (#2559) 
* feat(snyk): add extradata from api

* update test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:14:48 -07:00
faktas2
72fb2b9deb
MaxMind detector uses the right endpoint (#2577) 
* MaxMind detector uses the right endpoint

The endpoint that the current detector uses fails in validating the license key as some license keys do not have permissions to the geoip API. This commit is to make the detector use the right endpoint https://dev.maxmind.com/license-key-validation-api

* Remove RawV2

* Remove trimspace and extra if branch

* Add the proper tests

* Use SetVerificationError

* Add SetVerificationError

* update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:10:44 -07:00
Richard Gomez
baf7ea1458
feat(gitparse): avoid uneeded calls to strconv.Unquote (#2605) 2024-03-22 08:35:10 -07:00
Richard Gomez
80e8a67c2d
Refactor GitHub source (#2379) 
* refactor(github): cleanup logic

* fix(github): lookup wikis per-repo

* refactor(github): change scanErrs.String output

---------

Co-authored-by: Bill Rich <bill.rich@gmail.com>
 2024-03-21 14:07:39 -07:00
Miccah
3a7266e540
[chore] Fix potential resource leak in postman source (#2606) 
This moves workspace unpacking to a helper function to leverage a defer,
which ensures the file is always closed.
 2024-03-21 10:21:13 -05:00
Zachary Rice
1216fa23c9
strings contain keyword check, add collection name to keywords (#2602) 2024-03-21 09:35:38 -05:00
Zachary Rice
b11ce72338
Postman Source (#2579) 
postman source

Co-authored-by: Miccah <m.castorina93@gmail.com>

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
 2024-03-20 11:36:20 -05:00
Richard Gomez
aa862e46bb
fix(git): decode unicode paths (#2585) 2024-03-19 08:50:27 -07:00
Miccah
931a28a537
[chore] Replace "Trufflehog" with "TruffleHog" (#2584) 2024-03-18 11:01:25 -07:00
Richard Gomez
fd7e7e6e29
fix(github): response can be nil (#2583) 2024-03-16 01:12:44 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
2ef7a4a49f
pull out verification logic from github detectors (#2554) 
* pull out verification logic from github detectors

* deduplicate verify github logic

* pull out nil check

* return nil instead of empty struct

* skip gh old test bc we can't make new tokens
 2024-03-15 15:00:45 -04:00
Richard Gomez
f5025fd382
Add --results flag (#2372) 
This is a follow-up to #2107 and #2335. It adds a new (hidden) --results flag that allows a user to show any combination of verified, unverified, and indeterminate secrets.
 2024-03-15 10:19:31 -04:00
ahrav
800cc6d90b
[chore] - Record metrics before reset (#2556) 
* Record buffer metrics before resetting.

* Address comment.
 2024-03-12 09:35:18 -07:00
ahrav
b53054b605
Fix flaky test. (#2564) 2024-03-12 08:31:47 -07:00
ahrav
2e65773b27
use custom grow method (#2555) 2024-03-08 12:16:52 -08:00
joeleonjr
0bbb68931c
Canary verification (#2531) 
* verify canaries against SNS; get ARN

* clean comments

* Update tests and logic

* added test for invalid canary secret

* added verify logic for canaries

* go mod tidy

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-07 18:18:18 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
d7a33055ad
add version to extra data + moving existing versioned detectors into subdirectory format (#2471) 
* moving existing versioned detectors into subdirectory format

* update docs for adding version number to extra data

* nits
 2024-03-07 15:48:27 -05:00
Dustin Decker
dbf6965152
DB is not needed for ping command (#2540) 2024-03-06 17:08:37 -08:00
Cody Rose
b7f08db1ef
Redact secret in git command output (#2539) 
When we fail to clone a git repository we log the command output to help with diagnosis. However, this output can include credentials in certain cases (such as certain errors associated with redirects). We don't want to log credentials when this happens.
 2024-03-06 11:51:35 -05:00
Cody Rose
28ed81f0a2
Add naive S3 ignorelist (#2536) 
This PR adds the ability to exclude buckets from S3 scans. The capability is pretty rudimentary right now, and does not support globbing. If both lists are specified the source to fail to initialize.
 2024-03-05 08:01:20 -05:00
Richard Gomez
cbc0f0f48e
Create basic escaped unicode decoder (#2456) 
* feat(decoders): basic escaped unicode

* wip: handle unicode notation
Experimenting with this.. might remove
 2024-03-02 11:27:44 -08:00
ahrav
3da0c5e125
[feat] - Make the client configurable (#2528) 
* Make the client configurable

* add comment

* add backoff option
 2024-03-01 13:29:25 -08:00
Dylan Ayrey
7620906b07
Ignore canary IDs in notifications (#2526) 
* Update aws.go

* Update aws.go

* Update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-02-28 16:52:50 -08:00
Dustin Decker
8ed0c0ad5d
Remove one filter word (#2525) 
Removes a problematic word from the unverified filtering while we work on a more holistic fix.
 2024-02-28 15:46:39 -08:00
trufflesteeeve
12ff21f245
Improve Gitlab default URL handling (#2491) 
Co-authored-by: Miccah <m.castorina93@gmail.com>
 2024-02-28 14:15:11 -05:00
Simon Whitaker
431586ce78
Implement detectors.EndpointCustomizer on datadogtoken (#2510) 
Closes #2265
 2024-02-28 10:52:01 -06:00
Dustin Decker
ad9d4e53e1
JDBC test and parsing improvements (#2516) 
* JDBC test and parsing improvements

- Uses net/url for more robust URI parsing
- Supports common JDBC formats for MySQL
- Supports URI format for MSSQL
- Uses allowlist for params across all drivers
- Uses testcontainers-go for integration testing - much faster, more robust, no port collisions
- Uses gofakeit for random data (db, user, password) generation in integration tests
- Adds connection timeouts
- Use Microsoft's driver for MSSQL

* go mod tidy
 2024-02-28 08:51:37 -08:00
Dustin Decker
5805f11ac6
Improve monogo and snowflake detectors (#2518) 
* Set timeouts on mongo connection string

* use lightened snowflake driver

* update param
 2024-02-28 08:26:27 -08:00
Dustin Decker
2d2ca4d3d6
fix prefix check when returning early (#2503) 2024-02-24 09:15:54 -08:00
Dustin Decker
8a825fde52
Clean up some detectors (#2501) 2024-02-23 15:04:02 -08:00
ahrav
9ef5151200
Gitlab scan targets (#2470) 
* add method to scan targets

* Add logic to handle targetted scan

* address comments

* remove pagination opts

* add kvp with scan type
 2024-02-23 07:40:52 -08:00
Dustin Decker
d53b83b58e
Identify some canary tokens without detonation (#2500) 
* Identify canary tokens

* Update README.md

* Update README.md

---------

Co-authored-by: dylanTruffle <52866392+dylanTruffle@users.noreply.github.com>
 2024-02-21 09:42:21 -08:00
Miccah
c60443891b
Add Display method to SourceUnit and Kind member to the CommonSourceUnit (#2450) 
* Add Display method to SourceUnit and Kind member to the CommonSourceUnit

* Make SourceUnitID return the ID and a kind

These two values together uniquely represent a unit.
 2024-02-20 11:24:13 -08:00
Zachary Rice
bccba20d3e
concurrency uint8 to int (#2488) 
* concurrency uint8 to uint16

* jk, use int

* git test fix
 2024-02-20 09:35:40 -06:00
ahrav
5290023c2d
use read full (#2474) 2024-02-20 07:21:16 -08:00
ahrav
afccf2cf5f
[chore] - upgrade lru cache version (#2487) 2024-02-19 18:07:31 -08:00
ahrav
41301bec8a
move clenaup outside the engine (#2475) 2024-02-17 08:06:24 -08:00
ahrav
5c313c14db
tighten keyword match (#2473) 2024-02-16 13:38:07 -08:00
Miccah
88c1bb3289
[chore] Increase TestMaxDiffSize timeout (#2472) 2024-02-16 11:09:25 -08:00
Zachary Rice
834163acf5
add lazy quantifier to prefixregex (#2466) 2024-02-15 17:08:27 -06:00
ahrav
40bbab8add
[cleanup] - Extract buffer logic (#2409) 
* extract the buffer logic into it's own package

* address comments
 2024-02-15 11:40:34 -08:00
ahrav
5568b2e0a6
update gitlab proto (#2469) 
* update gitlab proto

* update protos
 2024-02-15 10:23:41 -08:00
Zachary Rice
bd729ce48e
add missing prefixregex (#2468) 2024-02-15 07:13:57 -06:00
Dustin Decker
a9817a3292
Remove some noisy / less useful detectors (#2467) 2024-02-14 15:27:03 -08:00
Miccah
216a29d7cf
[chore] Add some doc comments to source manager (#2434) 2024-02-13 07:54:48 -08:00
ahrav
e8006f1bee
2396 since commit stopped working (#2402) 
* Ensure we handle commits with no diffs correctly.

* cleanup

* add nil check

* address comments

* move comment

* revert

* add comment
 2024-02-13 07:21:22 -08:00
Richard Gomez
9572628dc6
chore(gcp): ignore known test creds (#2413) 2024-02-12 10:29:00 -06:00