Commit graph

150 commits

Author SHA1 Message Date
Richard Gomez
96b25150d0
Add Coinbase Wallet-as-a-Service detector (#1895)
* feat(coinbase): basic Wallet-as-a-Service detector

* update test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-10-27 10:32:36 -07:00
Damanpreet Singh
eb0c0fa99f
Detector-Competition-Feat: Add Metabase Session Secret Detector (#1902)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 20:17:41 -07:00
Damanpreet Singh
bf6ece39ca
Detector-Competition-Feat: Added AppOptics API token detector (#1989)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 20:06:30 -07:00
Damanpreet Singh
4d0a40d2f3
Detector-Competition-Feat: Added ZeroTier API token detector (#1988)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 19:55:58 -07:00
Damanpreet Singh
f1a75395e8
Detector-Competition-Feat: Added BetterStack API token detector (#1987)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 19:46:56 -07:00
Corben Leo
8505d24d7d
Detector-Competition-Fix: Fix/Remove Flowdock detector (#2004)
* Detector-Competition-Fix: Fix/Remove Flowdock detector

---------

Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-26 09:35:13 -04:00
Corben Leo
b776f9c122
Detector-Competition-Fix: Fix/Remove Happi Detection & Verification (#2003)
* Detector-Competition-Fix: Fix/Remove Happi Detection & Verification

---------

Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-26 09:20:53 -04:00
Corben Leo
6914dacde3
Detector-Competition-Fix: Fix/Remove DataFire, API retired (#1995)
* Detector-Competition-Fix: Fix/Remove DataFire, API retired

* Detector-Competition-Fix: Depreciate Datafire Proto

* make protos for deprecating datafire

---------

Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-25 21:51:54 -04:00
Corben Leo
f7960265ea
Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown) (#1997)
* Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown)

* Detector-Competition-Fix: Fix/Remove QuickMetrics protos

* make protos for deprecating Blablabus (#2002)

* make protos for deprecating quickmetrics

---------

Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-25 20:05:26 -04:00
Corben Leo
51b7fcc5d6
Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired (#1996)
* Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired

* Detector-Competition-Fix: Depreciate Blabus proto
2023-10-25 18:45:40 -04:00
Corben Leo
cebd92d79e
Detector-Competition-Fix: Depreciate Glitterly (#2000) 2023-10-25 18:08:50 -04:00
Damanpreet Singh
b2811bcf78
Detector-Competition-Feat: Added Vagrant Cloud Access Token Detector (#1941)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-25 11:03:45 -05:00
Damanpreet Singh
2189dc9b0f
Detector-Competition-Feat: Added Portainer Detector (#1936)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-25 06:32:57 -07:00
ahrav
5901a92acb
deprecate scan_interval field (#1984)
* deprecate scan_interval field

* rename

* add link to docs
2023-10-25 06:18:27 -07:00
Damanpreet Singh
b2702b7839
Detector-Competition-Feat: Added OpenVPN API Detector (#1940) 2023-10-25 04:57:07 -07:00
Ankush Goel
84cb33ce3d
loggly detector (#1782)
* loggly detector

* fixed the loggly_test.go

* fixed the test file to pass the test

---------

Co-authored-by: dsingdev-rocketx <bughunter00@protonmail.com>
2023-10-24 20:06:47 -07:00
Damanpreet Singh
f467cf923c
Detector-Competition-Feat: Added PortainerToken Detector (#1938)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-24 13:48:40 -07:00
Damanpreet Singh
855aba2407
Detector-Competition-Feat: Add InstaMojo Payment Detector (#1905) 2023-10-23 16:58:25 -05:00
Damanpreet Singh
b4753a60be
Detector-Competition-New: add IP2Location api key detector (#1915) 2023-10-23 13:51:14 -05:00
Corben Leo
6c75e45958
Detector-Competition-Feat: Add ipinfo.io API key detector (#1889)
* Detector-Competition-Feat: Add ipinfo.io API key detector

* fix prefix
2023-10-23 09:00:35 -05:00
Corben Leo
4cb67a571d
Detector-Competition-Feat: Add Privacy.com API key detector (#1888)
* Detector-Competition-Feat: Add Privacy.com API key detector

* Detector-Competition-Feat: Add Privacy.com API key detector

* cleanup: fix prefix
2023-10-20 08:45:16 -05:00
Richard Gomez
b57b1c1aa7
feat(voiceflow): basic detector (#1900) 2023-10-18 16:17:11 -05:00
s.shivasurya
040167178c
added cody gateway token detection code (#1883)
* added cody gateway token detection code

* resolved conflict
2023-10-13 09:09:04 -06:00
Corben Leo
ae3a5d1202
Detector-Competition-Feat: Add Klaviyo API Secret Detector (#1870)
* Detector-Competition-Feat: Add Klaviyo API Secret Detector

* fix(error): add s1.VerificationError and remove specific code check.

* fix(error): add s1.VerificationError and remove specific code check.
2023-10-11 08:35:04 -06:00
Corben Leo
179a7e4cbc
Detector-Competition-New: add anthropic api key detector (#1861)
* feat(anthropic): add anthropic api key detector

* Detector-Competition-Fix: fix remove debug println
2023-10-05 11:34:40 -05:00
Corben Leo
bf1cce43e5
Detector-Competition-New: add ramp.com client id & secret detector (#1862) 2023-10-05 09:40:30 -05:00
Miccah
273f1077af
Add include and ignore list to Artifactory (#1857)
* Add include and ignore list to Artifactory proto

* Generate protos
2023-10-03 16:48:30 -07:00
ahrav
cee456f484
support insecure TLS for Jira and Jenkins (#1856)
* support insecure TLS for Jira and Jenkins

* lint
2023-10-03 09:55:38 -07:00
Dylan Ayrey
de535071e1
implemented planet scale creds (passwords and API keys) (#1841)
* implemented planet scale creds (passwords and API keys)

* Add timeout, fix tests, fix indeterminate

---------

Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-10-02 14:00:36 -07:00
Dylan Ayrey
f13fe36ae2
adding azure storage detector (#1840)
* adding azure storage detector

* Fix variable name

* Escape regex

* fix test fields and update expected status code

---------

Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-10-02 13:45:45 -07:00
joeleonjr
699547b7d3
consolidated pr and issue descr/comment flags (#1827) 2023-09-27 15:54:02 -04:00
Ankush Goel
faf46175e4
added Web3 Storage detector (#1789)
* added Web3 Storage detector

* fixed the regex

* removed test and disabled token
2023-09-27 12:09:39 -05:00
joeleonjr
1e42dae734
added PR and Issue body scanning (#1816)
* added PR and Issue body scanning; adjusted CLI args to fit

* removed print statement from debugging

* removed exclude-commits; adjusted CLI flags

* minor changes to match main branch

* fixing logic

* updating README for --issues and --prs
2023-09-26 12:25:48 -04:00
Marwan Sulaiman
3aa5369608
Add Tailscale detector (#1719)
* Add tailscale detector

* PR feedback: match on first element
2023-09-07 19:11:17 -07:00
s.shivasurya
6695cf1dce
added sourcegraph token verification detection (#1730) 2023-08-31 08:47:13 -07:00
Zubair Khan
519646342e
add snowflake detector (#1653)
Detect Snowflake secrets (compound URI of account, username, password) and enrich Secret Result with account and databases that the secret has access to.
2023-08-24 13:29:58 -04:00
Mike Vanbuskirk
64dd49f9ce
add role assumption for s3 source (#1477)
* add role assumption for s3 source

* refactor role assumption to repeatable string

user can pass array of roles to assume

* refactor s3 chunks to handle passed roleARNs

* add role-session name

use timestamp to make dynamic

* add docstring for rolearn strings()

* make sure role ars are passed into source

* refactor role assumption functionality

break s3 bucket scanning into sep. function

* add log check on assume role

* fix role iteration

- Make sure s3 struct is populated with roles
- add separate new client instantiation for role-based access
- iterates through each role

* add comment

* protobuf revert for merge

* re-run make proto

* lint cleanup

* cleanup TODOs

* drop redundant switch case in assumerole client

* use less verbose 'ctx' designator

* breakout functionality from Chunks

- separate functions for:
- enumerating buckets to scan
- scanning objects within the buckets

* remake protobuf defs

* allow scan to continue on single bucket err

* add readme docs

* minor fixups
2023-08-17 20:30:20 -04:00
Zubair Khan
62d359eba4
add salesforce detector (#1608)
* setup

* update time out case to return detector result

* fix

* remove unneeded comment

* remove debug print

* cleanup

* more robust error handling

* reflect new detector template changes

* fixes

* mark response body check err as indeterminate
2023-08-16 10:42:04 -04:00
Zubair Khan
ea6e8b6bb5
add huggingface detector (#1621)
* init huggingface detector

* completed test
2023-08-14 14:22:04 -04:00
Bill Rich
0c7ed19270
Github Oauth2 verification (#1584)
* Github Oauth2 verification

* Use prefix and include RawV2

* Make gh_oauth2 a new detector

* Remove unused struct

* Remove versioner

* Remove unused code
2023-08-02 11:16:40 -07:00
Richard Gomez
e0faac8d1c
Fix runtime error when scanning Gist comments (#1552)
* fix(github): fix runtime error from gist comments

* fix(github): add flag to scan Gist comments
2023-07-31 08:57:42 -05:00
Zubair Khan
9f3809f19e
gdrive proto change (#1566) 2023-07-28 10:38:51 -04:00
ahrav
ade5d91d5c
Add azure repos protos. (#1559) 2023-07-26 19:53:10 -07:00
Brandon Yan
8fad5fff79
add dockerhub scanner (#1496)
* add dockerhub scanner

* clean

* clean and fix regex logic and tests

* check length of userMatches before access

* Use camelcase.

---------

Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
2023-07-19 09:26:28 -07:00
Zubair Khan
be549a7287
add thog enterprise detector for web keys (#1448)
* saving progress

* proto changes

* run make protos

* verify response, add test case

* resolve linter warning about unescaped . in regex pattern

* resolve overlapping proto number
2023-07-18 09:53:12 -04:00
Brandon Yan
9af31f00a9
add envoy api key scanner (#1482)
* add envoy api key scanner

* Use detectors4.

---------

Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
2023-07-16 16:46:28 -07:00
Zubair Khan
4334af4d34
scan GitHub PR and issue comments (#1435)
* issue comment scanning

* save progress

* test

* test for pr comment and issue comment

* add pagination support

* linter stuff

* make linter happy

* remove debug log

* readd logging

* github issue resolved

* var const block and handle rate limit

* remove magic number

* make gitURLParse a public function to use more generally

* fix test bug

* make comment scanning OPT-IN
2023-07-11 15:13:33 -04:00
Cody Rose
87058dd7fa
Add new verification error message field (#1463) 2023-07-10 11:15:40 -04:00
Zubair Khan
f52946b996
Add Couchbase Detector (#1385)
* init

* add detector type

* rotate leaked credentials

* tighten up username pattern

* isolated prefixregex as overrriding new line stuff

* passwordPat working now

* add username test

* fix edge case

* cleanup

* make linter happy

* make linter happy rd 2

* skip error logging

* fix test

* add password regex helper func

* make test more robust

* cleanup PR

* remove comments

* clarify prepend rationale
2023-06-26 14:37:10 -04:00
Dustin Decker
e856a6890d
🎉 Add Docker image scanning 🎉 (#1412)
* Add Docker source

* Add metrics

* Add test

* Add debugging, address PR comments, fix path output

* review suggestions
2023-06-22 08:02:25 -07:00