Commit graph

2263 commits

Author SHA1 Message Date
dependabot[bot]
9d5c205318
Bump google.golang.org/api from 0.129.0 to 0.130.0 (#1472)
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.129.0 to 0.130.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.129.0...v0.130.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-07-10 15:00:16 -05:00
Zachary Rice
d4972313ff
remove old detector (#1474) 2023-07-10 13:02:19 -05:00
dependabot[bot]
00f42c51dc
Bump github.com/TheZeroSlave/zapsentry from 1.15.0 to 1.17.0 (#1470)
Bumps [github.com/TheZeroSlave/zapsentry](https://github.com/TheZeroSlave/zapsentry) from 1.15.0 to 1.17.0.
- [Release notes](https://github.com/TheZeroSlave/zapsentry/releases)
- [Commits](https://github.com/TheZeroSlave/zapsentry/compare/v1.15.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/TheZeroSlave/zapsentry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-07-10 12:56:28 -05:00
dependabot[bot]
ffd63c0174
Bump github.com/jlaffaye/ftp from 0.1.0 to 0.2.0 (#1471)
Bumps [github.com/jlaffaye/ftp](https://github.com/jlaffaye/ftp) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/jlaffaye/ftp/releases)
- [Commits](https://github.com/jlaffaye/ftp/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: github.com/jlaffaye/ftp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-07-10 10:49:13 -05:00
dependabot[bot]
800695fe66
Bump golang.org/x/crypto from 0.10.0 to 0.11.0 (#1473)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/crypto/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-07-10 10:42:31 -05:00
Cody Rose
87058dd7fa
Add new verification error message field (#1463) 2023-07-10 11:15:40 -04:00
Zachary Rice
0bdd513d88
additional similarity check for base64 and plain (#1462)
* additional similarity check for base64 and plain

* use bytes equal

* move logic into util function
2023-07-10 10:12:59 -05:00
Zubair Khan
b38857edb4
fix missing api key, tighten up regex pattern, use response body check (#1438) 2023-07-06 16:35:52 -04:00
Richard Gomez
23757dbe0a
remove image4 detector (#1461) 2023-07-06 12:56:09 -07:00
Peter Dave Hello
7a55a146a3
Remove additional apk clean up in Dockerfile (#1440) 2023-07-06 12:55:08 -07:00
Zachary Rice
a99d89d711
fix typo (#1452) 2023-07-05 14:14:18 -05:00
dependabot[bot]
d017181251
Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 (#1442)
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-07-05 11:12:58 -05:00
dependabot[bot]
7f56f97522
Bump google.golang.org/api from 0.128.0 to 0.129.0 (#1441)
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.128.0 to 0.129.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.128.0...v0.129.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-05 11:12:48 -05:00
Zachary Rice
8a508e6bcd
Add missing keywords for sqlserver (#1449) 2023-07-05 11:12:19 -05:00
dependabot[bot]
987610d310
Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#1444)
Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-05 09:53:56 -05:00
dependabot[bot]
598158720c
Bump cloud.google.com/go/secretmanager from 1.11.0 to 1.11.1 (#1443)
Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.11.0 to 1.11.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.11.0...asset/v1.11.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-04 10:11:49 -07:00
dependabot[bot]
e7db276ace
Bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 (#1445)
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-03 15:33:52 -07:00
Zachary Rice
452734adc8
remove head from git diff command, rename unstaged to staged (#1439) 2023-06-29 15:33:30 -05:00
Zachary Rice
18a70b64bb
Introduce trufflehog:ignore tag feature (#1433)
* init ignore

* cleanup and add test

* update readme
2023-06-29 08:45:56 -05:00
roxanne-tampus
00920984e3
added opsgenie detector (#650)
* added opsgenie detector

* update interface and import

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-06-27 16:43:25 -07:00
Zubair Khan
d6375ba921
verify response body with expected keywords (#1419)
* verify response body with expected keywords

* remove debug log

* add extra test case

* migrate from ioutil to io

* close body and only check for one keyword

* cleanup
2023-06-27 11:46:15 -04:00
Miccah
8ea49de490
Don't return on okta credential failed verification (#1432) 2023-06-27 09:21:39 -05:00
Zachary Rice
4a77688097
use stringer again for now (#1430) 2023-06-26 14:33:54 -05:00
trufflesteeeve
11bff81def
Use url redaction in git (#1399)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-06-26 13:56:08 -05:00
dependabot[bot]
06f2d3a162
Bump github.com/xanzy/go-gitlab from 0.85.0 to 0.86.0 (#1425)
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.85.0 to 0.86.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.85.0...v0.86.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 11:39:20 -07:00
Zubair Khan
f52946b996
Add Couchbase Detector (#1385)
* init

* add detector type

* rotate leaked credentials

* tighten up username pattern

* isolated prefixregex as overrriding new line stuff

* passwordPat working now

* add username test

* fix edge case

* cleanup

* make linter happy

* make linter happy rd 2

* skip error logging

* fix test

* add password regex helper func

* make test more robust

* cleanup PR

* remove comments

* clarify prepend rationale
2023-06-26 14:37:10 -04:00
Miccah
945c27cb82
Fix docker source to return any chunk errors (#1429) 2023-06-26 12:12:46 -05:00
Brendan Shaklovitz
da5301ea1e
Exit with non-zero exit code on chunk source error (#1286)
* Exit with non-zero exit code on chunk source error

* Exit with a non-zero exit code whenever we hit an error getting
  chunks. Previously the error would be logged but trufflehog would exit
  with a 0 (success) status code.

* fix gcs test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
Co-authored-by: ahrav <ahravdutta02@gmail.com>
2023-06-26 11:39:57 -05:00
dependabot[bot]
7cefea6562
Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 (#1424)
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.29.0 to 1.30.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.29.0...pubsub/v1.30.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 08:44:45 -07:00
Chris Atkin
6e6895b48e
Update Slack webhook error text for verification (#1427)
This updates the matched error text to determine the verified status of a Slack webhook, as this has been updated on Slack's API.
2023-06-26 08:44:17 -07:00
dependabot[bot]
146ddb351b
Bump golang.org/x/sync from 0.2.0 to 0.3.0 (#1426)
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.2.0 to 0.3.0.
- [Commits](https://github.com/golang/sync/compare/v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 08:27:48 -07:00
dependabot[bot]
ab84f1fbc6
Bump go.mongodb.org/mongo-driver from 1.11.6 to 1.12.0 (#1423)
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.11.6 to 1.12.0.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.11.6...v1.12.0)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 08:27:09 -07:00
dependabot[bot]
3ea766e8c2
Bump github.com/go-ldap/ldap/v3 from 3.4.4 to 3.4.5 (#1422)
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.4 to 3.4.5.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.4.4...v3.4.5)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 08:25:53 -07:00
Zubair Khan
cd67f6bf16
prevent www from being a key to prevent fp (#1418) 2023-06-25 11:55:11 -04:00
Dustin Decker
eeefde1ec9
Ensure results are collected correctly when verification is off, and dedupe twilio (#1420) 2023-06-23 14:14:08 -07:00
Miccah
f3152b6885
Implement SourceUnitUnmarshaller for all sources (#1416)
* Implement CommonSourceUnitUnmarshaller

* Add SourceUnitUnmarshaller to all sources using

All sources, with the exception of git, will use the CommonSourceUnit as
they only contain a single type of unit to scan.

* Fix method comments to adhere to Go's style guide
2023-06-23 11:15:51 -05:00
dependabot[bot]
0c643bd610
Bump github.com/docker/distribution (#1415)
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-22 09:14:47 -07:00
Dustin Decker
e856a6890d
🎉 Add Docker image scanning 🎉 (#1412)
* Add Docker source

* Add metrics

* Add test

* Add debugging, address PR comments, fix path output

* review suggestions
2023-06-22 08:02:25 -07:00
dillonstreator
648ef3b52c
fix spelling errors (#1413) 2023-06-21 07:15:28 -07:00
dillonstreator
fd4b5d1d14
remove gorilla mux (#1411) 2023-06-20 17:07:03 -07:00
Zubair Khan
0c3410c5cd
add new key pat for mailgun detector (#1375)
* add new detector key pat for mailgun

* resolve mailgun issue

* remove unused tokenPat and commented strings import

* fix closing bracket issue
2023-06-20 19:14:56 -04:00
dependabot[bot]
df353f0b44
Bump google.golang.org/api from 0.125.0 to 0.128.0 (#1408)
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.125.0 to 0.128.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.125.0...v0.128.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 13:24:53 -07:00
dependabot[bot]
93969f967d
Bump github.com/googleapis/gax-go/v2 from 2.10.0 to 2.11.0 (#1406)
Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/googleapis/gax-go/releases)
- [Commits](https://github.com/googleapis/gax-go/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: github.com/googleapis/gax-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 13:21:19 -07:00
Zachary Rice
4938d67e66
Custom detector name (#1400)
* hacky way to add detector name to output

* set name in custom detectors
2023-06-20 13:55:31 -05:00
Zachary Rice
e9cce62faf
update discord invite link to one that doesn't expire (#1410) 2023-06-20 12:29:40 -05:00
dependabot[bot]
12cb4224ca
Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (#1407)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 10:28:00 -07:00
dependabot[bot]
84f2e72d0a
Bump github.com/getsentry/sentry-go from 0.21.0 to 0.22.0 (#1404)
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 10:27:14 -07:00
Miccah
e12f0f84a1
Setup SourceUnit interface (#1393)
* Test: Asymmetrical unmarshal API

* Test: Symmetric marshal API

* Revert "Test: Symmetric marshal API"

This reverts commit f51c64a797.

* Cleanup test example and add SourceUnitUnmarshaller interface

* Add CommonSourceUnit implementation

* Update comments

* Remove UnmarshalJSON
2023-06-16 10:38:28 -05:00
Bill Rich
401688d0a8
Add Validator interface and example (#1397)
* Add Validator interface and example

* Close sockets and improve error messages

* Remove duplicate error

* Use var declaration so err slice can be nil
2023-06-15 08:24:32 -07:00
Bill Rich
6d9ae7acbb
Make trace error message so newlines aren't escaped (#1396) 2023-06-14 17:24:31 -07:00