Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
3392 commits 139 branches 257 tags 147 MiB
Commit graph

1770 commits

Author SHA1 Message Date
ahrav
bf77251543
[feat] - Update span calculation logic to use offset magnitude (#2957) 
* Add a default start offset

* update

* use keywordIdx
 2024-06-11 09:12:31 -07:00
ahrav
11b80dbdf9
[chore] - Update discordwebhook detector keyword (#2954) 
* update keyword

* use stdlib var
 2024-06-11 07:24:34 -07:00
Richard Gomez
6b52d5ad40
fix(maxmind): prevent npd panic (#2948) 2024-06-11 08:27:42 -04:00
ahrav
ce1ce29b90
[feat] - Optimize detector performance by reducing data passed to regex (#2812) 
* optimize maching detetors

* update method name

* updates

* update naming

* updates

* update comment

* updates

* remove testcase

* update default match len to 512

* update

* update test

* add support for multpart cred provider

* add ability to scan entire chunk

* encapsulate matches logic within FindDetectorMatches

* use []byte directly

* nil chunk data

* use []byte

* set hidden flag to true

* remove

* [refactor] - multi part detectors (#2906)

* Detectors beginning w/ a

* Detectors beginning w/ b

* Detectors beginning w/ c

* Detectors beginning w/ d

* Detectors beginning w/ e

* Detectors beginning w/ f

* Detectors beginning w/ f&g

* fix

* Detectors beginning w/ i-l

* Detectors beginning w/ m-p

* Detectors beginning w/ r-s

* Detectors beginning w/ t

* Detectors beginning w/ u-z

* revert alconst

* remaining fixes

* lint

* [feat] - Add Support for `compareDetectionStrategies` Mode (#2918)

* Detector comparison mode

* remove else

* return error if results dont match

* update default hidden flag to not scan entire chunks

* fix tests

* enhance encapsulation by including methods on DetectorMatch to handle merging and extracting

* remove space

* fix

* update detector

* updates

* remove else

* run comparison concurrently
 2024-06-05 13:28:19 -07:00
Richard Gomez
024b219dfb
feat(openai): add project and service account keys (#2863) 
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
 2024-06-05 11:11:50 -04:00
Dustin Decker
ef410873f2
Add Jenkins scanning (#2892) 
* add jenkins

* whoops

* adding unauthenticated jenkins scanning

* update docs

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
 2024-06-04 07:13:14 -04:00
jinjiadu
911ea4d678
chore: fix some comments (#2903) 
Signed-off-by: jinjiadu <jinjiadu@aliyun.com>
 2024-06-03 18:26:33 -04:00
Abdul Basit
e5a5b63845
integration testing for mongodb. (#2907) 
* integration testing for mongodb.

* add more test cases.
remove dead code/comments
 2024-06-03 12:59:25 -07:00
Abdul Basit
2b3284e650
Redis integration test (#2901) 
* implemented redis integration test using docker container

* rename the function and use the redis:7.0 image
 2024-05-31 11:59:06 -05:00
Richard Gomez
5575514174
fix(falsepositives): remove 'www' (#2896) 2024-05-31 11:37:27 -04:00
Abdul Basit
ddd861d4c7
consistent image of MSSQL for integration testing. (#2898) 2024-05-31 10:56:02 -04:00
Abdul Basit
d93c428b54
Update metadata for DataDog for API + APPKey (#2879) 
* put emails from response in metadata for datadog.

* removed unused type in user structure.

* filter user information based on verified, is service account and disabled boolean
also include organization detail if it is available in response.
 2024-05-31 10:50:23 -04:00
Abdul Basit
18b81013b8
Added extra data for LaunchDarkly (#2836) 
* added extra data for LaunchDarkly
- Token type like api or sdk
- name and role of First token in response of api-tokens
- total token counts associated with api-token

* renamed total_count to total_token_count

* updated & renamed fields of metadata for launchdarkly, specifically for API based tokens
 2024-05-28 14:08:53 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
b9ea2f5d4e
adding Groq detector (#2873) 
* adding Groq detector

* using prefix as keyword
 2024-05-22 15:46:14 -04:00
ahrav
fccf7c9a41
[chore] - Use http.NewRequestWithContext (#2870) 2024-05-22 06:58:12 -07:00
Abdul Basit
4b10b8a009
made changes in organization regex for azure devops. (#2866) 2024-05-20 15:02:12 -05:00
Abdul Basit
5dff334ffa
Update azure storage extra data (#2808) 
Blob service of Azure storage returns containers name in response. From that, containers name is added in extra data.
 2024-05-20 13:42:54 -04:00
Abdul Basit
15c6333987
deprecated Integromat detector becuase they are gone. (#2856) 
remove the package as well.
 2024-05-16 08:29:36 -07:00
Abdul Basit
7025b0aa35
added email and location in metadata. (#2850) 2024-05-15 12:36:22 -05:00
cuiyourong
ead4e8fa2d
chore: fix some typos in comments (#2851) 
Signed-off-by: cuiyourong <cuiyourong@gmail.com>
 2024-05-15 07:36:21 -07:00
Alexandre GUIOT--VALENTIN
0d8c3335ed
Add "Intra42" detector (#2835) 
* Add basic intra42 detector (lacks verification)

* Improve keywords/prefixes for intra42 detector

* Un-lint pkg/pb/detectorspb/detectors.pb.go to avoid bloating PR

* Add client_id match and secret verification

* Improve PrefixRegex

* Add missing entry in DetectorType_name in detectors.pb.go

* Add Intra42 to proto/detectors.proto

* Remove PrefixRegex

* Keep only identifiers as keywords

* Factorize regex (a-f0-9)
 2024-05-14 11:33:54 -07:00
ahrav
f82cf8d76d
[bug] - Fix case-sensitivity issue in PrefixRegex function (#2811) 
* correctly remove case insensitivity for the capture group

* update
 2024-05-14 08:55:36 -05:00
Richard Gomez
a00587673a
feat(sendgrid): update detector (#2833) 2024-05-13 18:44:37 -07:00
ahrav
9873c144ee
[chore] - Update GitlabV2 detector (#2840) 
* replace keyword and replace prefix

* address comment
 2024-05-13 14:13:23 -07:00
Abdul Basit
f527da9ecc
Update results's extra data for Twilio (#2807) 
* Response structure added for service api of Twilio.
added two response fields in extra data:
1) friendly_name
2) account_sid

* mark credentials verified for non-fatal errors.
also check for atleast one service in response before extracting metadata.
 2024-05-13 10:09:35 -04:00
ahrav
27eae925de
Use custom fp logic for private keys (#2793) 2024-05-06 14:41:00 -07:00
Abdul Basit
bf25b74224
Update result's extra data for Slack (#2779) 
* add name of team and user in extra data of results, received from slack'api

* adding token type in extra data for slack
 2024-05-02 15:16:30 -05:00
NIKHIL PANWAR
94a165390b
Update rabbitmq.go regex detect amqps protocol (#2609) 
* Update rabbitmq.go regex detect amqps protocol

Old one couldn't detect amqps:// connection string, and only the amqp://

* [Revised] Update rabbitmq.go regex detect amqps protocol

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

---------

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>
 2024-05-01 13:20:54 -05:00
ahrav
7bd1fb1dcc
update imports (#2772) 2024-05-01 11:41:43 -05:00
Ankush Goel
79687683ff
Detector-Competition-Fix - fixed the alchemy detector regex (#1821) 
* fixed the alchemy detector

* added the chunk filtering for alcht_
 2024-04-30 17:01:13 -05:00
Ankush Goel
770459eb57
Detector-Fix: Reintroduce Cloudflareglobalapikey (#2101) 
* fixed cloudflare code

* readd email check

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2024-04-30 15:11:04 -05:00
Cody Rose
2f7029bc4d
Expose detector-specific false positive logic (#2743) 
This PR:

Creates an optional interface that detectors can use to customize their false positive detection
Implements this interface on detectors that have custom logic
In most cases this "custom logic" is simply a no-op because the detector does not participate in false positive detection
Eliminates inline (old-style) false positive exclusion in a few detectors that #2643 missed
 2024-04-30 16:10:26 -04:00
Ankush Goel
dc930f9594
fixed calendly api key (#2368) 2024-04-30 14:47:36 -05:00
mountcount
1d92655d97
pkg: fix function names in comment (#2761) 
Signed-off-by: mountcount <cuimoman@outlook.com>
 2024-04-29 11:21:26 -05:00
Cody Rose
ba5ad5d8a9
Fix SQL Server detector tests (#2716) 
These tests were broken so I fixed them and updated them to use testcontainers, which is more robust and used in the JDBC detector tests.
 2024-04-25 10:40:46 -04:00
Dustin Decker
0ce02fc827
Make connection issues less jarring (#2730) 
* Make connection issues less jarring

* lint

* fix lint issue

* print just the connection issue in yellow

* update terminology
 2024-04-23 14:29:38 -07:00
Dustin Decker
14e44db2be
Move detectors.IsKnownFalsePositive from the detectors and into the engine (#2643) 
* Remove detectors.IsKnownFalsePositive from detectors

* Centralize false positive removal in engine

* Don't apply fp filtering on custom regex to preserve previous behavior.

* fix empty branch

* update excludes

* update filtering

* Add result flag option and exclude some detectors
 2024-04-22 15:18:04 -07:00
Ankush Goel
3fa86a1008
added onfleet api key detector (#2375) 
* added onfleet detector

* use organization get endpoint

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-21 10:06:51 -07:00
Julien Doutre
32652a7498
Detect Slack workflows webhook (#2569) 2024-04-19 07:21:40 -07:00
Luska
e5575cd6f2
Adding Pagarme API key detection (#2665) 
* Adding support to Pagarme API key detection

* adding scanner

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-10 17:57:25 -07:00
ahrav
867434331b
[refactor] - template detector (#2692) 
* refactor template detector to only check for 200 status code

* Replace ldap.DialTLS w/ ldap.DialURL since the former is deprecated

* sort imports
 2024-04-10 17:46:07 -07:00
fml09
c6b454e736
Remove unnecessary space in Vultr regex pattern (#2689) 
* Fix incorrect regular expression with missing closing bracket

* Remove unnecessary space in Vultr regex pattern
 2024-04-10 17:12:55 -07:00
Shreyas Sriram
08b6f90c81
Add Wiz detector (#2691) 
* Implement wiz detector

* Fix tests

* Update false positive logic
 2024-04-10 08:19:36 -07:00
Cody Rose
14b1a6e236
Handle inactive Slack account tokens (#2668) 
This PR updates the Slack detector to accommodate a previously unhandled error type. It also fixes the exiting Slack tests.
 2024-04-05 10:26:20 -04:00
redismongo
f1957fec59
chore: fix some typos (#2666) 2024-04-04 05:50:47 -07:00
ahrav
0fe39db56f
upgrade launchdarkly dep (#2650) 2024-04-03 07:24:20 -07:00
kenzht
0d3023fe74
add GCP application default credentials detector (#2530) 
* add GCP application default credentials detector

* add a comment

* update Keywords to better match the key

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-01 11:27:40 -07:00
Shreyas Sriram
31ad1eed30
Add JupiterOne detector (#2446) 
* Add JupiterOne bootstrap

* Implement verification logic

* Cleanup

* Fix verificationError

* Undo unnecessary changes

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-03-29 19:14:04 -07:00
dylanTruffle
7fccb52b16
Fixing nitro check (#2631) 
* Fixing nitro check

* remove dupe detector and disable Alconst

---------

Co-authored-by: Dylan Ayrey <dylan@Dylans-MacBook-Pro.local>
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2024-03-27 11:39:58 -07:00
ahrav
369d79080e
[bugfix] - Update the Anthropic detector (#2629) 
* Update the Anthropic detector

* update comment
 2024-03-26 15:01:32 -07:00
fml09
9da396e237
Fix incorrect regular expression with missing closing bracket (#2616) 2024-03-26 13:32:14 -05:00
ahrav
11afc3215b
[chore] - upgrade dep (#2618) 
* upgrade dep

* remove dupe deps
 2024-03-26 11:21:07 -07:00
Ankush Goel
6dbe80806b
Dockerhub v2 detector (#2361) 
* Dockerhub v2 detector

* update package structure

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:30:35 -07:00
Richard Gomez
441d9ff005
Update Snyk detector (#2559) 
* feat(snyk): add extradata from api

* update test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:14:48 -07:00
faktas2
72fb2b9deb
MaxMind detector uses the right endpoint (#2577) 
* MaxMind detector uses the right endpoint

The endpoint that the current detector uses fails in validating the license key as some license keys do not have permissions to the geoip API. This commit is to make the detector use the right endpoint https://dev.maxmind.com/license-key-validation-api

* Remove RawV2

* Remove trimspace and extra if branch

* Add the proper tests

* Use SetVerificationError

* Add SetVerificationError

* update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-22 09:10:44 -07:00
Miccah
931a28a537
[chore] Replace "Trufflehog" with "TruffleHog" (#2584) 2024-03-18 11:01:25 -07:00
Richard Gomez
fd7e7e6e29
fix(github): response can be nil (#2583) 2024-03-16 01:12:44 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
2ef7a4a49f
pull out verification logic from github detectors (#2554) 
* pull out verification logic from github detectors

* deduplicate verify github logic

* pull out nil check

* return nil instead of empty struct

* skip gh old test bc we can't make new tokens
 2024-03-15 15:00:45 -04:00
joeleonjr
0bbb68931c
Canary verification (#2531) 
* verify canaries against SNS; get ARN

* clean comments

* Update tests and logic

* added test for invalid canary secret

* added verify logic for canaries

* go mod tidy

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-03-07 18:18:18 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
d7a33055ad
add version to extra data + moving existing versioned detectors into subdirectory format (#2471) 
* moving existing versioned detectors into subdirectory format

* update docs for adding version number to extra data

* nits
 2024-03-07 15:48:27 -05:00
Dustin Decker
dbf6965152
DB is not needed for ping command (#2540) 2024-03-06 17:08:37 -08:00
ahrav
3da0c5e125
[feat] - Make the client configurable (#2528) 
* Make the client configurable

* add comment

* add backoff option
 2024-03-01 13:29:25 -08:00
Dylan Ayrey
7620906b07
Ignore canary IDs in notifications (#2526) 
* Update aws.go

* Update aws.go

* Update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-02-28 16:52:50 -08:00
Dustin Decker
8ed0c0ad5d
Remove one filter word (#2525) 
Removes a problematic word from the unverified filtering while we work on a more holistic fix.
 2024-02-28 15:46:39 -08:00
Simon Whitaker
431586ce78
Implement detectors.EndpointCustomizer on datadogtoken (#2510) 
Closes #2265
 2024-02-28 10:52:01 -06:00
Dustin Decker
ad9d4e53e1
JDBC test and parsing improvements (#2516) 
* JDBC test and parsing improvements

- Uses net/url for more robust URI parsing
- Supports common JDBC formats for MySQL
- Supports URI format for MSSQL
- Uses allowlist for params across all drivers
- Uses testcontainers-go for integration testing - much faster, more robust, no port collisions
- Uses gofakeit for random data (db, user, password) generation in integration tests
- Adds connection timeouts
- Use Microsoft's driver for MSSQL

* go mod tidy
 2024-02-28 08:51:37 -08:00
Dustin Decker
5805f11ac6
Improve monogo and snowflake detectors (#2518) 
* Set timeouts on mongo connection string

* use lightened snowflake driver

* update param
 2024-02-28 08:26:27 -08:00
Dustin Decker
2d2ca4d3d6
fix prefix check when returning early (#2503) 2024-02-24 09:15:54 -08:00
Dustin Decker
8a825fde52
Clean up some detectors (#2501) 2024-02-23 15:04:02 -08:00
Dustin Decker
d53b83b58e
Identify some canary tokens without detonation (#2500) 
* Identify canary tokens

* Update README.md

* Update README.md

---------

Co-authored-by: dylanTruffle <52866392+dylanTruffle@users.noreply.github.com>
 2024-02-21 09:42:21 -08:00
ahrav
5c313c14db
tighten keyword match (#2473) 2024-02-16 13:38:07 -08:00
Zachary Rice
834163acf5
add lazy quantifier to prefixregex (#2466) 2024-02-15 17:08:27 -06:00
Zachary Rice
bd729ce48e
add missing prefixregex (#2468) 2024-02-15 07:13:57 -06:00
Dustin Decker
a9817a3292
Remove some noisy / less useful detectors (#2467) 2024-02-14 15:27:03 -08:00
Richard Gomez
9572628dc6
chore(gcp): ignore known test creds (#2413) 2024-02-12 10:29:00 -06:00
Miccah
4acf3ccb80
[chore] Ensure Postgres detector respects context deadline (#2408) 2024-02-10 23:32:05 -08:00
dylanTruffle
901c851698
tightening opsgenie detection and verification (#2389) 
Co-authored-by: Dylan Ayrey <dylan@Dylans-MacBook-Pro.local>
 2024-02-05 17:31:09 -08:00
Dustin Decker
c2ae31d060
Make AzureDevopsPersonalAccessToken verification more robust (#2359) 
* Make AzureDevopsPersonalAccessToken verification more robust

* fix snifftest
 2024-02-01 08:40:44 -08:00
roxanne-tampus
143e275272
update azure test files to check rawV2 (#2353) 2024-01-31 08:36:52 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
7ece4c3e66
Detectors Updates 1 for Tristate Verification (#2187) 
* updating alibaba

* updating agora

* updating aeroworkflow

* updating aha

* updating artifactory

* updating abbysale

* updating abstract

* updating abuseipdb

* updating accuweather

* updating adafruitio

* updating adzuna

* cleanup on abuseipdb

* cleanup on aha

* cleanup on abuseipdb

* cleanup on aeroworkflow

* cleanup on adzuna

* cleanup on accuweather

* cleanup/refactor

* update token pattern to be explicitly 73char (old) or 64char (new)

* comment to clarify 403 on Aha

* mocking out verified case for aha + adding inactive account test

* using contact response instead of gock

* update 403 to be determinate
 2024-01-30 12:20:56 -05:00
Richard Gomez
232032410c
feat(detectors): update template (#2342) 2024-01-29 21:21:23 -08:00
Dustin Decker
7befefd369
Improve fp ignore logic (#2351) 
* forgot field change

* use aho corasick for filter

* reduce wordlist sensitivity
 2024-01-29 11:28:46 -08:00
roxanne-tampus
303e191f38
added azuresearchquerykey detector (#2349) 
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-01-29 10:19:51 -08:00
roxanne-tampus
06b7ebf824
added azuresearchadminkey detector (#2348) 
* added azuresearchadminkey detector

* additional update

* update import

* fix raw fields for new detectors and entropy check

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-01-29 09:55:46 -08:00
roxanne-tampus
83dc986b07
added azurefunctionkey detector (#2337) 
* added azurefunctionkey detector

* update raw field to include url

* clean up and added prefix on key pattern

* update bench script

* update imports, snifftest, and gen proto

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-01-29 09:20:33 -08:00
faktas2
76fcdae3a0
Add the new MaxMind license key format (#2181) 
* Add the new MaxMind license key format

* feedback

* reorg rules

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-01-26 11:49:47 -08:00
Dustin Decker
3a6cfd9d97
Prevent print or logging in detectors (#2341) 
* Prevent print or logging in detectors

* mount repo

* update job name
 2024-01-26 11:39:41 -08:00
ahrav
41cfec4e1c
make sure to close connections after testing (#2343) 2024-01-26 09:24:06 -08:00
Dustin Decker
f078df43eb
Fix test (#2339) 2024-01-25 23:15:37 -08:00
Zubair Khan
76057618ba
add tri-state verification to yelp (#1736) 
* init yelp tri state

* fix detector and test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-01-25 22:28:16 -08:00
Richard Gomez
c6f73a7d10
Update DockerHub detector logic (#2266) 
* feat(dockerhub): update logic

* updates

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-01-25 22:02:36 -08:00
Richard Gomez
d4a0645c29
Add Google oauth2 token detector (#2274) 
* feat(google): add oauth2 token detector

* update pr

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-01-25 21:32:03 -08:00
joeleonjr
792266afa9
updating doppler logic (#2329) 
* updating doppler logic

* added json response struct
 2024-01-24 12:20:33 -05:00
roxanne-tampus
47c6539a41
added azuredevopspersonalaccesstoken detector (#2315) 
* added azuredevopspersonalaccesstoken detector

* fix comment

* update raw field to include all parts of the credential

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2024-01-23 20:46:51 -08:00
ahrav
e44802a31d
[feat] - Replace regexp pkg w/ go-re2 in detectors (#2324) 
* update detectors to use go-re regex library replacement

* update go mod and sum

* add tests with invalid utf-8

* revert
 2024-01-23 13:16:22 -08:00
Cody Rose
e0a1b11a8e
Narrow Postgres detector to only look for URIs (#2314) 2024-01-23 14:42:31 -05:00
joeleonjr
443ef98e41
updating detector logic for zenscrape (#2316) 
* updating detector logic for zenscrape

* updating to use status endpoint
 2024-01-22 16:57:51 -05:00
ahrav
b0fd951652
[chore] - Add regex and keyword for api_org tokens (#2240) 
* Add regex and keyword for api_org tokens.

* handle org token auth struct

* update keywords
 2024-01-16 15:25:26 -08:00
dylanTruffle
3b4518cbab
adding postgres detector (#2108) 
* adding postgres detector

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
 2024-01-10 16:19:45 -05:00
Richard Gomez
04bf244f38
fix(signable): ignore common false positives (#2230) 2024-01-09 17:53:25 -08:00