trufflehog

mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00

Author	SHA1	Message	Date
Richard Gomez	38f36475de	fix(parseur): ignore false positives (#2229 )	2024-01-09 17:50:30 -08:00
Shivasurya	e5289ac8e4	Updated trufflehog sourcegraph secret format (#2254 )	2024-01-06 08:48:41 -08:00
NIKHIL PANWAR	7365dba9c9	Update stripe detector regex (#2261 )	2024-01-06 08:43:39 -08:00
Dustin Decker	6b90a96ca0	Add missing import (#2246 )	2023-12-19 16:40:31 -08:00
Richard Gomez	69d5e0c993	fix(snowflake): avoid extraneous attempts (#2057 ) Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-12-19 16:04:08 -08:00
Richard Gomez	97afd570ae	feat(github): update extradata (#2219 )	2023-12-19 16:01:07 -08:00
Richard Gomez	eeb4dbd304	feat(shortcut): use tri-state verification (#2211 )	2023-12-17 15:47:14 -08:00
Richard Gomez	ded8e459bd	feat(huggingface): enhance extradata (#2222 )	2023-12-17 14:29:45 -08:00
Richard Gomez	69a70a3374	fix(myfreshworks): check for valid JSON (#2212 )	2023-12-17 10:26:38 -08:00
Richard Gomez	06b137fd93	fix(gitlab): check for valid JSON (#2218 )	2023-12-14 11:22:06 -08:00
Miccah	4db20e29f8	Update metabase verification to check for a valid JSON response (#2210 ) * Update metabase verification to check for a valid JSON response * added test tokens + cleanup --------- Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>	2023-12-13 12:18:56 -08:00
Miccah	84b7461796	[chore] Remove unnecessary string conversion in tefter detector (#2209 )	2023-12-13 11:39:16 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	6987507534	fix and refactor browserstack detector (#2208 ) * fix and refactor browserstack detector	2023-12-12 16:14:31 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	5e3ea1a8f2	Fix azurestorage detector (#2207 ) * bugfix + cleanup - update azurestorage detector raw string to use key instead of id	2023-12-12 16:07:09 -05:00
Cody Rose	405f356071	Use bad json in slackwebhooks (#2193 ) * add rotation guides to SlackWebhook tests * begin cleaning up tests * have slack webhook detector use malformed json * update test secrets --------- Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-12-11 15:04:55 -08:00
Richard Gomez	6c5fc2f212	feat(privatekey): run checks concurrently (#2139 )	2023-12-10 10:11:17 -08:00
ahrav	f772fd8b44	update regex (#2184 )	2023-12-06 17:04:38 -08:00
Dustin Decker	3167dde8a1	Deprecate some detectors (#2186 )	2023-12-06 16:57:55 -08:00
ahrav	c6e9b8ff64	use https for verification endpoints (#2185 )	2023-12-06 16:06:04 -08:00
dylanTruffle	96aa50d119	fixing how to rotate URL (#2183 )	2023-12-06 11:59:21 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	11394ea318	[thog-1548] add auto redaction for verification errors (#2106 ) * Updating VerificationError to have auto redaction logic * find/replace error	2023-12-05 08:57:52 -05:00
ahrav	c34efc3cf9	make empty slice delcration consistent (#2144 )	2023-12-01 11:03:44 -08:00
ahrav	279f915799	[chore] - fix error comparisons (#2142 ) * fix error comparisons * fix imports	2023-12-01 08:32:41 -08:00
ahrav	52ffab1034	[chore] - fix import name clashes (#2143 ) * fix import name clashes * fix missing var	2023-12-01 06:53:15 -08:00
Dustin Decker	a367f9ce34	Fix azure panic when invalid URL is constructed (#2137 )	2023-11-30 11:33:04 -08:00
Zachary Rice	d552222385	add extradata nil check and use make (#2129 ) * add extradata nil check and use make * remove some lines	2023-11-28 09:45:37 -06:00
Richard Gomez	62c628fb52	feat(telegram): add username to extradata (#2100 )	2023-11-20 14:00:09 -08:00
Dustin Decker	9e88cdf625	add extra data to github detector (#1909 ) * add extra data to github detector * Add verification error	2023-11-20 13:55:16 -08:00
Zachary Rice	d69de658b2	fix nil map assignment (#2117 )	2023-11-20 11:13:09 -06:00
joeleonjr	b2042e4e03	extract AWS account number from ID without verification (#2091 ) * added GetAccountNumFromAWSID function * refacted aws func, moved to common	2023-11-16 11:45:47 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	737d6b764d	Adding Sumo Logic how to rotate (#2103 )	2023-11-09 12:48:08 -05:00
Damanpreet Singh	d066a3fa78	Detector-Competition-Feat: Added Replicate API token detector (#2021 ) * Detector-Competition-Feat: Added Replicate API token detector * fix fullstory --------- Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-07 12:16:39 -06:00
Damanpreet Singh	bcde7856c3	Detector-Competition-Feat: Added Ngrok API token detector (#2024 ) Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-07 09:28:05 -06:00
Ankush Goel	1b93c0545c	Competition-Detector-New:added v2 version for fullstory (#2067 ) * added v2 version for fullstory * added versioner to the v1 fullstory detector	2023-11-07 08:55:06 -06:00
Miccah	8e3f6e98dc	Add support for user:pass@host to postgres JDBC detector (#2089 ) * Add support for user:pass@host to postgres JDBC detector * Remove ineffectual assignment	2023-11-06 17:17:37 -08:00
Corben Leo	1094190ff5	Detector-Competition-Feat: Add Overloop detector (#2080 ) * Detector-Competition-Feat: Add Overloop detector * add protos and to defaults.go --------- Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-06 16:43:31 -06:00
Damanpreet Singh	da59b72735	Detector-Competition-Feat: Added Request.Finance API token detector (#2020 ) Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-06 16:13:33 -06:00
Ankush Goel	703e158648	Detector-Competition-New : created grafana service account detector (#1960 ) * created grafana service account detector * add import --------- Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-06 15:41:37 -06:00
Ankush Goel	b2d541e0ea	Detector-Competition-Fix: fixed zulipchat detector (#1990 ) * fixed zulipchat detector * fixed testing scenarios * fixed test detector * fixed test * made chunking keyword from zulipchat to zulip * fixed email regex * fixed domain regex	2023-11-06 12:22:47 -06:00
Ankush Goel	aabfec4cdf	Competition-Detector-New: added eventbrite detector (#2072 ) * added eventbrite detector * added packagename to defaults.go --------- Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-03 16:42:13 -05:00
Ankush Goel	1371512ff3	logz.io detector (#2076 ) Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-03 16:32:35 -05:00
Ankush Goel	06b5fc25ef	Coda Detector (#2075 ) Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-03 15:50:05 -05:00
Zachary Rice	50a3a82cbb	fix (#2094 )	2023-11-03 12:56:12 -05:00
Corben Leo	de8889b406	Detector-Competition-Fix: Fix LiveAgent Detector & Verifier (#2001 ) * Detector-Competition-Fix: Fix LiveAgent Detector & Verifier * update regex	2023-11-03 12:28:20 -05:00
dylanTruffle	0b90265802	pulling short lived AWS keys into their own thing, fixes #1224 (#2088 ) * pulling short lived AWS keys into their own thing, fixes #1224 * Update awssessionkey.go * fmt --------- Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local> Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-03 11:58:49 -05:00
Miccah	600903f391	[chore] Speedup IsKnownFalsePositive using sets (#2090 ) Also check that the match is a valid UTF-8 string.	2023-11-03 08:45:00 -07:00
Corben Leo	3b9ecaa704	Detector-Competition-Fix: Fix ScraperSite (deprecated) (#2074 ) Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>	2023-11-03 11:15:53 -04:00
Corben Leo	41e9cc59e2	Detector-Competition-Fix: Fix PassBase (acquired, deprecated) (#2079 )	2023-11-03 08:59:32 -05:00
Ankush Goel	b95ed3b41a	Detector-Competition-New - Created Grafana Cloud API Key detector (#1959 ) * Created Grafana Cloud API Key detector * made the regex more bounded * added boundary to regex	2023-11-03 09:25:54 -04:00
Corben Leo	9e52e3e86f	Detector-Competition-Fix: Fix/Deprecate Prospect.io (#2081 ) * Detector-Competition-Feat: Fix/Deprecate Prospect.io * Detector-Competition-Fix: fix defaults.go	2023-11-03 07:04:42 -05:00
joeleonjr	a1d74cd887	added resource type mapping to extraData in AWS (#2087 ) * added resource type mapping to extraData in AWS * updating aws regex + logic for resource type	2023-11-02 17:03:03 -04:00
Corben Leo	b5cc6c196c	Detector-Competition-Fix: Fix FakeJSON (deprecated) (#2073 )	2023-11-02 15:43:49 -05:00
Ankush Goel	ab896890b4	fixed helpscout detector regex and verifier (#2056 )	2023-11-02 14:20:26 -05:00
Ankush Goel	965a274de9	Detector-Competition-Fix: fixed regex for databricks domain and fixed tests (#1965 ) * fixed regex for domain and fixed tests * fixed regex * fixed an issue with regex subgrouping * made recommended changes * made recommended changed * fixed RawV2	2023-11-02 11:26:31 -05:00
Ankush Goel	b6469f23ac	modified regex (#2033 )	2023-11-02 11:24:37 -05:00
dylanTruffle	4106ce7bf0	Detector-Competition-Feat: Adding Azure Container Registry Password Detector (#1958 ) * implementing azure container registry password detector * Fixing boundry feedback * whoops * update verification code * fix regex --------- Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local> Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-11-02 11:17:01 -05:00
Corben Leo	07f6c84aa4	Detector-Competition-Fix: Fix SentimentInvestor (deprecated) (#2078 )	2023-11-01 11:54:40 -05:00
Cody Rose	7197e4b3f1	use rawv2 for pubnubpublish (#2062 ) We're seeing secrets of this type flap between verified and unverified, which is expected behavior for multipart secrets without RawV2 defined. This PR adds RawV2 for secrets of this type.	2023-11-01 10:14:28 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	74a56de831	update braintreepayments detector to tri-state verification (#1834 ) * update braintreepayments detector to tri-state verification * Update pkg/detectors/braintreepayments/braintreepayments.go Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com> * small nits * small nits --------- Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-10-31 16:13:48 -04:00
dylanTruffle	8bac2b15ba	Detector-Competition-Feat: Adding Azure Batch keys (#1956 ) * adding azure batch * fmt * fix lint --------- Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local> Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-10-31 10:49:04 -05:00
dylanTruffle	499cb64546	Detector-Competition-Fix: Fix redis to now support SSL, and look for azure redis connection strings (#1957 ) * adding azure redis, and fixing the old detector to support ssl too * fix? * other way --------- Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local> Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-10-31 10:17:55 -05:00
Corben Leo	a4fd17c9d1	Detector-Competition-Fix: Fix AppFollow Detection & Verification (#1933 ) * Detector-Competition-Fix: Fix AppFollow Detection & Verification * fix(regex): update jwt regex for appfollow	2023-10-31 09:43:20 -05:00
Corben Leo	de4a14b3f9	Detector-Competition-Fix: Fix SalesBlink Detection & Verification (#1950 )	2023-10-30 16:10:24 -05:00
Damanpreet Singh	244ba3a214	Detector-Competition-Fix: Update formio regex to match Jwt token (#1935 )	2023-10-30 16:08:19 -05:00
Corben Leo	6a15cd8f30	Detector-Competition-Fix: Fix Bitcoin Average detector (#1929 )	2023-10-30 16:02:30 -05:00
Corben Leo	509fc6c0eb	Detector-Competition-Fix: Fix currencycloud.com API key (#1917 ) * Detector-Competition-Fix: Fix currencycloud.com API environment * Detector-Competition-Fix: Fix currencycloud.com API environment * fix(env): update environment	2023-10-30 15:56:30 -05:00
Ankush Goel	2a66d4117a	adding 'token' keyword to regex for github_old (#2037 )	2023-10-29 20:45:35 -07:00
Damanpreet Singh	7a9332152a	Detector-Competition-Feat: Added Reply.io API token detector (#2019 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-29 17:57:36 -07:00
Damanpreet Singh	0068ec54f2	Detector-Competition-Feat: Added Stripo API token detector (#2018 ) * Detector-Competition-Feat: Added Stripo API token detector * adjust regex --------- Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-29 17:26:14 -07:00
Richard Gomez	0427985ebe	feat: deno deploy detector (#2040 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-29 16:58:00 -07:00
Damanpreet Singh	3ffc0dfd22	Detector-Competition-Feat: Added Budibase API token detector (#2016 )	2023-10-29 10:12:45 -07:00
Damanpreet Singh	52b3c99868	Detector-Competition-Feat: Added LemonSqueezy API token detector (#2017 ) * Detector-Competition-Feat: Added LemonSqueezy API token detector * fix regex --------- Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-28 15:03:14 -07:00
Richard Gomez	96b25150d0	Add Coinbase Wallet-as-a-Service detector (#1895 ) * feat(coinbase): basic Wallet-as-a-Service detector * update test --------- Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-10-27 10:32:36 -07:00
Damanpreet Singh	eb0c0fa99f	Detector-Competition-Feat: Add Metabase Session Secret Detector (#1902 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-26 20:17:41 -07:00
Damanpreet Singh	bf6ece39ca	Detector-Competition-Feat: Added AppOptics API token detector (#1989 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-26 20:06:30 -07:00
Damanpreet Singh	4d0a40d2f3	Detector-Competition-Feat: Added ZeroTier API token detector (#1988 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-26 19:55:58 -07:00
Damanpreet Singh	f1a75395e8	Detector-Competition-Feat: Added BetterStack API token detector (#1987 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-26 19:46:56 -07:00
Corben Leo	98d2922bee	Detector-Competition-Fix: Fix SurveyBot Verification (#1948 )	2023-10-26 12:10:00 -05:00
Corben Leo	8505d24d7d	Detector-Competition-Fix: Fix/Remove Flowdock detector (#2004 ) * Detector-Competition-Fix: Fix/Remove Flowdock detector --------- Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com> Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>	2023-10-26 09:35:13 -04:00
Corben Leo	b776f9c122	Detector-Competition-Fix: Fix/Remove Happi Detection & Verification (#2003 ) * Detector-Competition-Fix: Fix/Remove Happi Detection & Verification --------- Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com> Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>	2023-10-26 09:20:53 -04:00
Corben Leo	6914dacde3	Detector-Competition-Fix: Fix/Remove DataFire, API retired (#1995 ) * Detector-Competition-Fix: Fix/Remove DataFire, API retired * Detector-Competition-Fix: Depreciate Datafire Proto * make protos for deprecating datafire --------- Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com> Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>	2023-10-25 21:51:54 -04:00
Corben Leo	f7960265ea	Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown) (#1997 ) * Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown) * Detector-Competition-Fix: Fix/Remove QuickMetrics protos * make protos for deprecating Blablabus (#2002) * make protos for deprecating quickmetrics --------- Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com> Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>	2023-10-25 20:05:26 -04:00
Corben Leo	51b7fcc5d6	Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired (#1996 ) * Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired * Detector-Competition-Fix: Depreciate Blabus proto	2023-10-25 18:45:40 -04:00
Corben Leo	cebd92d79e	Detector-Competition-Fix: Depreciate Glitterly (#2000 )	2023-10-25 18:08:50 -04:00
Corben Leo	386c54ecbe	Detector-Competition-Fix: Fix MeaningCloud Verification (#1946 )	2023-10-25 14:52:36 -05:00
Corben Leo	cef05b8d5a	Detector-Competition-Fix: Fix ScreenshotAPI Verification (#1949 ) * Detector-Competition-Fix: Fix ScreenshotAPI * Detector-Competition-Fix: Fix ScreenshotAPI	2023-10-25 14:50:20 -05:00
Ankush Goel	6c35dcffa5	Detector-Competition-Fix : fixed monday.com regex (#1961 ) * fixed monday.com regex * updating test secrets to use detectors5 --------- Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>	2023-10-25 12:50:07 -04:00
Damanpreet Singh	b2811bcf78	Detector-Competition-Feat: Added Vagrant Cloud Access Token Detector (#1941 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-25 11:03:45 -05:00
Corben Leo	c674f1fc34	Detector-Competition-Fix: Fix/Remove baseapi detector (no longer exists) (#1992 )	2023-10-25 07:17:08 -07:00
Damanpreet Singh	2189dc9b0f	Detector-Competition-Feat: Added Portainer Detector (#1936 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-25 06:32:57 -07:00
Damanpreet Singh	b2702b7839	Detector-Competition-Feat: Added OpenVPN API Detector (#1940 )	2023-10-25 04:57:07 -07:00
Ankush Goel	84cb33ce3d	loggly detector (#1782 ) * loggly detector * fixed the loggly_test.go * fixed the test file to pass the test --------- Co-authored-by: dsingdev-rocketx <bughunter00@protonmail.com>	2023-10-24 20:06:47 -07:00
Damanpreet Singh	f467cf923c	Detector-Competition-Feat: Added PortainerToken Detector (#1938 ) Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>	2023-10-24 13:48:40 -07:00
Damanpreet Singh	664c4884a6	fix #1751 : update facebookOauth Detector (#1921 )	2023-10-24 11:07:52 -05:00
Damanpreet Singh	8184a62e24	fix: NewRelic Detector: fallback to EU Api for verification (#1932 )	2023-10-24 11:02:39 -05:00
Corben Leo	7bc0b77374	Detector-Competition-Fix: Fix CloudSmith detection (#1944 )	2023-10-24 11:01:27 -05:00
Corben Leo	f3479194d2	Detector-Competition-Fix: Fix CodeClimate verification (#1945 )	2023-10-23 20:19:02 -05:00
Damanpreet Singh	855aba2407	Detector-Competition-Feat: Add InstaMojo Payment Detector (#1905 )	2023-10-23 16:58:25 -05:00
Corben Leo	893bb3548d	Detector-Competition-Fix: Fix SuperNotes API verification (#1947 )	2023-10-23 16:29:55 -05:00
Damanpreet Singh	b4753a60be	Detector-Competition-New: add IP2Location api key detector (#1915 )	2023-10-23 13:51:14 -05:00
Corben Leo	6c75e45958	Detector-Competition-Feat: Add ipinfo.io API key detector (#1889 ) * Detector-Competition-Feat: Add ipinfo.io API key detector * fix prefix	2023-10-23 09:00:35 -05:00
Corben Leo	4cb67a571d	Detector-Competition-Feat: Add Privacy.com API key detector (#1888 ) * Detector-Competition-Feat: Add Privacy.com API key detector * Detector-Competition-Feat: Add Privacy.com API key detector * cleanup: fix prefix	2023-10-20 08:45:16 -05:00
Corben Leo	8058006a92	Detector-Competition-Fix: Fix plaid.com API key detection (#1916 ) * Detector-Competition-Fix: Fix plaid.com API key detection * Detector-Competition-Fix: Fix plaid.com API key detection * Update plaidkey_test.go hardcode dev --------- Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>	2023-10-19 10:46:04 -05:00
ahrav	3d7207ddd5	update regex (#1919 )	2023-10-19 07:20:35 -07:00
Richard Gomez	b57b1c1aa7	feat(voiceflow): basic detector (#1900 )	2023-10-18 16:17:11 -05:00
Damanpreet Singh	a354cbd796	Fix for #1526 : Update Posthog detector (#1910 )	2023-10-18 15:21:59 -05:00
Dustin Decker	93cf523760	Tighten up regex for twist detector (#1908 )	2023-10-18 09:17:31 -07:00
Miccah	d4d4d0ec9a	Add ShannonEntropy test for an empty string (#1893 )	2023-10-16 13:50:28 -07:00
Corben Leo	072e1f9dcf	Detector-Competition-Fix: Add Personal Access Tokens (API Tokens Depr… (#1871 ) * Detector-Competition-Fix: Add Personal Access Tokens (API Tokens Depreciation) * fix(test): fix test debug msg * remove print	2023-10-16 08:17:12 -05:00
ahrav	5c721d1a73	[bug] - Don't modify global client var (#1890 ) * Create a new client within the verify block * remove unused var	2023-10-13 12:32:21 -07:00
s.shivasurya	040167178c	added cody gateway token detection code (#1883 ) * added cody gateway token detection code * resolved conflict	2023-10-13 09:09:04 -06:00
Corben Leo	ae3a5d1202	Detector-Competition-Feat: Add Klaviyo API Secret Detector (#1870 ) * Detector-Competition-Feat: Add Klaviyo API Secret Detector * fix(error): add s1.VerificationError and remove specific code check. * fix(error): add s1.VerificationError and remove specific code check.	2023-10-11 08:35:04 -06:00
Dustin Decker	52ed87edb7	Add an option to filter unverified results using shannon entropy (#1875 ) * Add an option to filter unverified results using shannon entropy * lint * add test, update test, and optimize	2023-10-08 19:52:28 -07:00
Dustin Decker	22ee2c5b07	Tighten up keywords (#1874 )	2023-10-06 16:28:51 -07:00
Corben Leo	77a82847af	Detector-Competition-Fix: fix notion.so false negative verification (#1866 ) * Detector-Competition-Fix: fix notion.so false negative verification * Detector-Competition-Fix: fix notion.so verification	2023-10-05 12:27:06 -05:00
Corben Leo	179a7e4cbc	Detector-Competition-New: add anthropic api key detector (#1861 ) * feat(anthropic): add anthropic api key detector * Detector-Competition-Fix: fix remove debug println	2023-10-05 11:34:40 -05:00
Corben Leo	bf1cce43e5	Detector-Competition-New: add ramp.com client id & secret detector (#1862 )	2023-10-05 09:40:30 -05:00
ahrav	cee456f484	support insecure TLS for Jira and Jenkins (#1856 ) * support insecure TLS for Jira and Jenkins * lint	2023-10-03 09:55:38 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	8d2d8c8395	add tristate verification to postman (#1837 )	2023-10-03 12:38:43 -04:00
Dylan Ayrey	de535071e1	implemented planet scale creds (passwords and API keys) (#1841 ) * implemented planet scale creds (passwords and API keys) * Add timeout, fix tests, fix indeterminate --------- Co-authored-by: counter <counter@counters-MacBook-Air.local> Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-10-02 14:00:36 -07:00
Dylan Ayrey	f13fe36ae2	adding azure storage detector (#1840 ) * adding azure storage detector * Fix variable name * Escape regex * fix test fields and update expected status code --------- Co-authored-by: counter <counter@counters-MacBook-Air.local> Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-10-02 13:45:45 -07:00
Dylan Ayrey	b3555f5419	Adding Howtorotate Guides to TruffleHog (#1839 ) * adding how to rotate guides * Adding project ID to metadata * update key name, remove comments, and ensure always present --------- Co-authored-by: counter <counter@counters-MacBook-Air.local> Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-10-02 13:45:17 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	f8f0c984fb	update pagerdutyapikey detector to tri-state verification (#1836 )	2023-10-02 16:33:18 -04:00
Dylan Ayrey	b232ec8b4e	fixing razorpay (#1852 ) Co-authored-by: counter <counter@counters-MacBook-Air.local>	2023-10-02 08:49:40 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	24748b3de6	add tristate verification to twitch (#1830 ) * add tristate verification to twitch * return early * small nits	2023-09-29 16:17:30 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	5df6afdbf4	Separate gitlab detectors (#1819 ) * update gitlabv2 to tri-state * updating secret to s1 to match convention * consolidating both versions of the gitlab detector * remove gitlabV2 references * Delete temp.txt delete test file (note: these are not real secrets) * updating gitlabV1 detector to only work w/ v1 secrets, and v2 detector only w/ v2 secrets * update package name and add to defaults * cleanup nesting * lowercase package names * update v1 detector to explicitly ignore results with glpat * nit * update package name	2023-09-28 12:36:46 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	e645827fcb	[chore] add figmav2 to defaults (#1820 ) * add figma to defaults * update figma detector package to use versioning	2023-09-28 13:35:51 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	afd0b4cc12	Cleanup jiratoken detector (#1832 ) * cleanup nesting on jiratoken v1 * cleanup nesting on jiratoken v2	2023-09-28 13:35:30 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	1f2e9d342f	cleanup nesting (#1831 )	2023-09-28 13:34:07 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	f72c77fb69	Cleanup pubnub detector (#1826 ) * pull out verification logic for pubnub to reduce nesting * remove comment * return early	2023-09-28 13:31:07 -04:00
Zachary Rice	28dbd2f704	Update alchemy_test.go to use detectors5 (#1829 )	2023-09-28 11:24:45 -05:00
Zachary Rice	3b99517780	Update web3storage_test.go (#1828 )	2023-09-28 11:24:29 -05:00
Ankush Goel	faf46175e4	added Web3 Storage detector (#1789 ) * added Web3 Storage detector * fixed the regex * removed test and disabled token	2023-09-27 12:09:39 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	1715e7ad23	updating browserstack detector to use tri-state verification (#1785 ) * updating browserstack detector to use tri-state verification * cleaning up nested conditions	2023-09-25 15:34:13 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	af1434e05a	updating microsoft teams webhook detector to use tri-state verification (#1792 ) * updating microsoft teams webhook detector to use tri-state verification * cleaning up nested conditions	2023-09-25 15:30:41 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	ac18096da0	updating myfreshworks detector to use tri-state verification (#1779 ) * updating secret regex to include underscores and updating tests to have secret and domain within 20char range of keyword * updating myfreshworks detector to use tri-state verification	2023-09-25 13:27:23 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	cc9f5739dd	update figma to use tri-state verification (#1814 )	2023-09-25 13:26:18 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	f4ddc8b39e	adding support for new version of figma token (#1813 )	2023-09-22 18:13:49 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	1a1b2ca51a	updating uri detector to use tri-state verification (#1791 )	2023-09-21 11:20:40 -04:00
Ankush Goel	63eaccd208	fixed rubygems detector (#1781 ) Co-authored-by: dsingdev-rocketx <bughunter00@protonmail.com>	2023-09-19 06:59:30 -07:00
Ankush Goel	f9ea22f72b	Update sonarcloud.go (#1784 )	2023-09-18 08:24:51 -07:00
ahrav	22876f8381	replace interface{} with any. (#1771 )	2023-09-15 04:35:15 -07:00
Miccah	dbcb888063	Update Source interface to use SourceID and JobID types (#1774 ) The previous implementation used int64 for both, which can be mixed up easily. Using distinct types adds a layer of type safety checked by the compiler.	2023-09-14 11:28:24 -07:00
âh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	91340c1e00	updating sendbirdorganizationapi detector to use tri-state verification (#1763 )	2023-09-12 10:48:11 -04:00
ahrav	90a07f0352	[chore] - fix slackwebhook detector (#1761 ) * fix slackwebhook detector. * sort imports. * add test for 400.	2023-09-11 12:48:40 -07:00
Dustin Decker	72b3fa31a3	Improve private key detector (#1760 ) * Surface extra data and check private keys directly against gitlab and github * fix encrpypted private key test * implement feedback * mod tidy * fix change * Set timeout for SSH connections	2023-09-11 12:05:27 -07:00
Zubair Khan	3f84a6700e	add tri state verification to slack (not slack webhook) (#1731 ) * add client, add known false positive check * fix idiosyncracies * cleanup * cleanup comment * add unexpected error test case --------- Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-09-11 08:38:43 -07:00
Cody Rose	2c32b14df1	always close aws response body (#1758 )	2023-09-11 10:42:14 -04:00
ahrav	e53a72abd2	[chore] - Sentry detector update (#1746 ) * add test case for account deactivated. * Handle empty case.	2023-09-11 07:26:09 -07:00
Cody Rose	62ce9bac8b	Retry AWS verification 403s (#1757 ) This PR introduces retries on 403s in the AWS detector in attempt to work around erroneous SignatureDoesNotMatch errors. As part of the work, the detector has been refactored somewhat, resulting in two minor semantic changes: Errors crafting the verification HTTP request no longer result in the candidate secret being discarded. The known-words-based false positive check now runs (and potentially discards candidate secrets) even if verification is disabled. This unifies its behavior with the hash-based false positive check.	2023-09-08 15:32:53 -04:00
Marwan Sulaiman	3aa5369608	Add Tailscale detector (#1719 ) * Add tailscale detector * PR feedback: match on first element	2023-09-07 19:11:17 -07:00
ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	8d66fde6de	updating sendgrid detector to use tri-state verification (#1735 ) * updating sendgrid detector to use tri-state verification	2023-09-07 14:21:03 -04:00
Harmon Herring	bf581ae9f9	Fix pagerdutyapikey Detector (#1749 ) * Fix pagerdutyapikey detector by broadening regex * Add 'pd' to list of pagerdutyapikey keywords	2023-09-06 09:15:39 -07:00
ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	d3e7c5acc2	updating jiratoken and jiratokenV2 to use tri-state verification + updating tests (#1744 )	2023-09-05 16:32:05 -04:00
ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d	b28a2b9177	updating sendbird detector to use tri-state verification (#1737 ) * updating sendbird detector to use tri-state verification	2023-09-05 10:39:05 -04:00
ahrav	000065b225	[chore] - fix sentry detector (#1738 ) * fix sentry detector to check response. * use err. * address comments.	2023-09-01 10:33:21 -07:00
s.shivasurya	0a949d7131	iterating on suggestions (#1742 )	2023-09-01 10:20:18 -07:00
Mike Vanbuskirk	2e4b17d3f4	update jira detector to match new variable tokens (#1720 ) * update jira detector to match new variable tokens * add versioned interface * use _v2 format for naming packages w. versioner - also added documentation for internal/external contrib. * migrate jira and jira_v2 secrets tests to newer version * add v2 specific domain and email * add support for tri-state verification --------- Co-authored-by: Zubair Khan <zkhan124@umd.edu>	2023-09-01 12:14:36 -04:00
Zubair Khan	78bbb89a30	add tri-state verification for twilio detector (#1729 ) * add tri state for twilio * save progress * fix twilio tristate test * resolve lint issue	2023-08-31 12:06:18 -04:00
s.shivasurya	6695cf1dce	added sourcegraph token verification detection (#1730 )	2023-08-31 08:47:13 -07:00
Zubair Khan	07702ea06d	update slack webhook with tri-state verification (#1724 ) * add tristate basics * update test * cleanup * fix leading space * fix accidental comment * save changes * update secret in gsm, fix bug * fix linter issue * cleanup * use defaultClient	2023-08-30 18:18:17 -04:00
ahrav	d6afca682b	remove fmt.Print (#1727 )	2023-08-30 07:17:38 -07:00
Zubair Khan	519646342e	add snowflake detector (#1653 ) Detect Snowflake secrets (compound URI of account, username, password) and enrich Secret Result with account and databases that the secret has access to.	2023-08-24 13:29:58 -04:00
trufflesteeeve	4b7f0c860a	Update launchdarkly regex, support sdk keys, add tri-state verification (#1645 )	2023-08-24 12:17:34 -04:00
ahrav	a5fbc54312	[chore] - update benchmarks. (#1641 ) * update benchmarks. * remove dupe timer reset.	2023-08-23 14:34:10 -07:00
Cody Rose	ed06217862	Add tri-state verification to sqlserver detector (#1624 ) This is a different detector than the general JDBC detector.	2023-08-21 10:05:45 -04:00
Zubair Khan	62d359eba4	add salesforce detector (#1608 ) * setup * update time out case to return detector result * fix * remove unneeded comment * remove debug print * cleanup * more robust error handling * reflect new detector template changes * fixes * mark response body check err as indeterminate	2023-08-16 10:42:04 -04:00
Brandon Yan	2de5c0b217	change verification endpoint (#1611 )	2023-08-14 11:50:11 -07:00
Zubair Khan	ea6e8b6bb5	add huggingface detector (#1621 ) * init huggingface detector * completed test	2023-08-14 14:22:04 -04:00
Cody Rose	09795c3591	fix alchemy test error message (#1622 )	2023-08-14 13:12:46 -04:00
Cody Rose	c9f58b3780	Support indeterminate verification in Gitlab detector (#1613 )	2023-08-11 13:36:01 -04:00
Cody Rose	62cbef5292	stop saving alchemy url (#1614 ) Verification of an Alchemy secret requires putting the candidate secret directly into a URL. This makes the URL potentially sensitive, and if the request fails, we don't want to save it anywhere that might inadvertently get logged elsewhere - like the resulting error message. (Despite verification failing, this error message is only saved if the failure is indeterminate, which means that the secret might actually be live.)	2023-08-11 10:09:05 -04:00
Cody Rose	18f854d142	Add tri-state verification to pubnub publish key detector (#1616 )	2023-08-11 10:08:26 -04:00
Cody Rose	2570fdc244	fix error msg in alchemy test (#1617 )	2023-08-11 09:54:37 -04:00
Cody Rose	e5aeb219de	implement tri-state verification in FTP detector (#1604 ) This PR implements tri-state verification in the FTP detector. The verification timeout was made injectable to support a new test case. Some test cases that had already been broken have been fixed as well.	2023-08-09 09:52:23 -04:00
Cody Rose	18b3d3dd01	Tweak template detector test code (#1609 ) The test code for the Alchemy detector, which is used as a template for new detectors, had a few little warts that I cleaned up.	2023-08-07 11:04:59 -04:00
Bill Rich	c2b49b060b	Detect API keys without app keys (#1605 )	2023-08-03 15:11:54 -07:00
Bill Rich	cda88ebdf0	Adjust regex and add tests (#1602 )	2023-08-03 15:11:45 -07:00
Cody Rose	d763097fdf	implement indeterminate LDAP verification (#1574 ) This PR implements tri-state verification for the LDAP detector. This implementation looks for network errors to explicitly flag as indeterminate, rather than authentication errors to explicitly flag as determinate; this is because the error that occurs from authentication failures doesn't appear to have its own type and I didn't want to have to match on the error message text.	2023-08-03 14:02:31 -04:00
Bill Rich	0c7ed19270	Github Oauth2 verification (#1584 ) * Github Oauth2 verification * Use prefix and include RawV2 * Make gh_oauth2 a new detector * Remove unused struct * Remove versioner * Remove unused code	2023-08-02 11:16:40 -07:00
Bill Rich	1cf419e478	Expand paypal regex (#1599 )	2023-08-02 10:58:32 -07:00
Zubair Khan	0ad46381d9	tighten up regex pattern for timezoneapi (#1591 ) * tighten up regex pattern * add response body check	2023-08-01 17:30:29 -04:00
ahrav	b8c43ea58f	Fix VirusTotal deetector (#1585 )	2023-08-01 05:41:18 -07:00
Cody Rose	7d2f126411	add tri-state verification to mongodb detector (#1575 )	2023-07-31 18:23:35 -04:00
ahrav	661c6b47b7	[bug] - fix shodan detector (#1579 ) * fix shodan detector. * fix import order.	2023-07-31 11:12:52 -07:00
Miccah	32e3f1f015	Fix pubnub regular expression (#1565 ) One of the sub-groups of the UUIDv4 was missing the characters 0-9.	2023-07-31 11:37:25 -05:00
Cody Rose	61bee6c8b1	Identify transient AWS verification failures (#1563 ) It turns out that GetCallerIdentity returns a surprising quantity of transient, false-negative 403 responses that carry the SignatureDoesNotMatch error reason. I don't know why this is happening, but their transient nature makes them indeterminate verification failures and they should be flagged as such. The AWS detector has therefore been modified to specifically look for the InvalidClientTokenId error reason in 403 responses and mark all other responses as indeterminate. In addition to the functional changes this PR contains some updates to the test code that allow us to test them.	2023-07-31 12:06:11 -04:00
Cody Rose	431d26f5fa	move false positive check in alchemy detector (#1532 ) This PR makes the Alchemy detector run its known false positive check even if verification is disabled. This isn't the most important detector but it's the template for new ones so getting a good pattern nailed down is important. Moving the check allowed me to rewrite the determinacy logic to hopefully be more clear.	2023-07-28 11:36:02 -04:00
Richard Gomez	f925da7cea	fix(mongodb): detect CosmoDB access keys (#1511 ) https://learn.microsoft.com/en-us/microsoft-365/compliance/sit-defn-azure-cosmos-db-account-access-key?view=o365-worldwide	2023-07-26 16:50:12 -05:00
Zachary Rice	85f363f093	init (#1538 )	2023-07-24 19:09:57 -05:00
Miccah	93c561f324	Add match boundary to okta regular expressions (#1531 )	2023-07-24 10:52:50 -05:00
Cody Rose	ebf1038392	Support indeterminacy in alchemy and update detector docs (#1510 )	2023-07-21 14:50:14 -04:00
Cody Rose	06a562688d	capture json error (#1509 )	2023-07-21 10:44:47 -05:00
Cody Rose	20b7793828	JDBC indeterminacy (#1507 ) This PR adds an indeterminacy check to the JDBC verifiers.	2023-07-19 16:57:57 -04:00
Brandon Yan	8fad5fff79	add dockerhub scanner (#1496 ) * add dockerhub scanner * clean * clean and fix regex logic and tests * check length of userMatches before access * Use camelcase. --------- Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>	2023-07-19 09:26:28 -07:00
Cody Rose	cb1a63a4e2	unify JDBC detector ping logic (#1506 ) Previously, the various JDBC detectors would independently try to verify credentials by a process of trying various permutations of candidates one-by-one. The upcoming tri-state verification work will need to add sophistication to this process in the same way for each one, so this PR first combines all of the logic so it can be upgraded in a single spot.	2023-07-19 11:45:56 -04:00
Zubair Khan	be549a7287	add thog enterprise detector for web keys (#1448 ) * saving progress * proto changes * run make protos * verify response, add test case * resolve linter warning about unescaped . in regex pattern * resolve overlapping proto number	2023-07-18 09:53:12 -04:00
Brandon Yan	cab416b533	add launch_darkly keyword to launchdarkly scanner (#1495 )	2023-07-17 14:05:58 -05:00
Cody Rose	ee814a67bd	tweak jdbc redaction (#1490 ) JDBC redaction could fail in some irritating edge cases involving passwords that contain the @ character. The logic has been tweaked to eliminate these cases and some tests have been added.	2023-07-17 11:04:12 -04:00
Brandon Yan	9af31f00a9	add envoy api key scanner (#1482 ) * add envoy api key scanner * Use detectors4. --------- Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>	2023-07-16 16:46:28 -07:00

... 2 3 4 5 6 ...

1770 commits