Commit graph

1433 commits

Author SHA1 Message Date
Shabbir B
6f801f64c7
Added a new detector for percy.io (#1284)
* Feature: Added a new detector for percy.io

* Updated variable name

---------

Co-authored-by: ahrav <ahravdutta02@gmail.com>
2023-04-25 13:18:34 -07:00
Dustin Decker
3485a6dab1
improve sqlserver detection and testing (#1285)
* improve sqlserver detection and testing

* add data source keyword
2023-04-25 11:00:37 -07:00
Yassine Ilmi
a002ba9a75
Add RawV2 Results to the JSON Output (#1273)
* Add RawV2 to JSON Output

* Adding RawV2 results to Azure, Datadog and GCP Detectors
2023-04-20 16:31:53 -07:00
Dustin Decker
e217e2fbfd
Ensure multipart credentials are deduplicated correctly (#1271)
* Ensure multipart credentials are deduplicated correctly

* update tests
2023-04-20 15:07:59 -07:00
Bill Rich
a6902ae9cb
Add configurable detectors (#1139)
* JDBC detector ignore patterns

* Remove newline

---------

Co-authored-by: Bill Rich <bill.rich@trufflesec.com>
2023-04-20 11:44:28 -07:00
ahrav
f107e1b497
Use defautl endpoints when no custom verifier provided. (#1242) 2023-04-06 08:35:01 -07:00
Dustin Decker
20d5683199
fix linting step (#1235) 2023-04-03 13:21:58 -07:00
Batuhan Ceylan
9b941efa1a
Bump go from 1.18 to 1.20 (#1230)
* Bump `go` from `1.18` to `1.20`

* satisfy linter

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-03-31 14:37:03 -07:00
Bill Rich
762641d970
Add DetectorName to Result (#1223)
* Add DetectorName to Result

* Use GetName method instead of Name
2023-03-30 09:40:05 -07:00
ahrav
0052f60090
Allow for custom verifier (#1070)
* allow for custom verifier.

* Update engine.

* use custom detectors.

* set cap.

* Update verifiers.

* Remove nil check.

* resolved nit

* handle uppercase values

* updating missing url logs

* adding more descriptive variable names

* updating logs to use correct variables

* Removing toLower for urls

* if else nits

* Adding versioning for github and gitlab

---------

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
Co-authored-by: ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
2023-03-29 12:26:39 -07:00
Gobind Singh
66eb87f414
Update verification endpoint (#1179) 2023-03-29 06:41:27 -07:00
Zachary Rice
c4f08e3f17
Run golang lint on entire repo instead of patches (#1214)
* lint on all branches to catch warnings earlier

* lint entire source on PRs

* fix lint
2023-03-28 15:01:44 -05:00
Dustin Decker
31d5655308
Fix OpenAI test (#1186)
* Add OpenAI Detector

* Add OpenAI Detector tests

* Add OpenAI Detector to defaults.go

* Removing references to github detector in tests

* update test

---------

Co-authored-by: Yassine Ilmi <Yassine.Ilmi@thomsonreuters.com>
2023-03-27 10:07:57 -07:00
garg472
3e4496156c
added new detectors and fixed mesibo detector (#1166)
* added new detectors and fixed mesibo detector

* added bscscan.com API detector

* added coinmarketcap detector

* update alchemy

* update blocknative

* update bscscan test

* update cmc test

* update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-03-16 18:57:08 -07:00
Yassine Ilmi
d382d5cb1c
Add OpenAI API Tokens detector (#1142)
* Add OpenAI Detector

* Add OpenAI Detector tests

* Add OpenAI Detector to defaults.go

* Removing references to github detector in tests
2023-03-16 17:58:22 -07:00
raju-kamble
3c1bb45bfb
updating browserstack detector user and key PrefixRegex strings (#1176)
Co-authored-by: raju-bs <raju@browserstack.com>
2023-03-16 08:41:29 -07:00
trufflesteeeve
2b1c42ceb1
Make slack webhook detector regex more specific (#1168)
* Make slack webhook detector regex more specific

* fixup - add better body contains check
2023-03-10 14:01:10 -08:00
Miccah
e6846ede54
Support filtering detectors by version (#1150)
* Adjust types to use DetectorID struct

* Parse versions with detector include and exclude input

* Update detectors filter to use version

Co-authored-by: steeeve <steve@trufflesec.com>

* Implement Versioner for github, gitlab, and npm detectors

Co-authored-by: steeeve <steve@trufflesec.com>

---------

Co-authored-by: steeeve <steve@trufflesec.com>
2023-03-02 16:33:56 -06:00
Miccah
3870be256c
Close response bodies (#1137) 2023-02-28 10:43:00 -06:00
Miccah
6209a80ce1
[chore] Address more linter errors (#1134)
* Address lint errors in detectors

* Update deprecated ioutil call
2023-02-28 10:00:41 -06:00
Miccah
4efe5313f4
[chore] Address lint errors (#1133)
* Update strings.Title to cases.Title

* Migrate go-genproto to google-cloud-go

See: https://github.com/googleapis/google-cloud-go/blob/main/migration.md

* Check error in test

* Check error from sem.Acquire

* Remove unused code
2023-02-27 21:03:47 -06:00
raju-kamble
d151c1363e
fixing browserstack regex username detection (#1123) 2023-02-22 08:17:48 -08:00
raju-kamble
d20f43b5c6
fix browserstack detector (#1120)
* fixing browserstack regex username detection

* fixing browserstack regex username detection

* fixing browserstack regex username detection

* fix patterns

* fix patterns

---------

Co-authored-by: raju-bs <raju@browserstack.com>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-02-21 15:33:16 -08:00
Miccah
161e499142
[chore] Remove logrus from trufflehog (#1095)
* [chore] Remove logrus from trufflehog

* Minor fixes

* Fix logFatal call

* Fix logrus call
2023-02-14 17:00:07 -06:00
trufflesteeeve
4f13090c01
Remove duplicated detectors (#1092)
In this case just Heroku and LinearAPI. But this includes the Moonclerck
detector, which appears to be a typo that got turned into a separate
detector type.

Co-authored-by: zubairk14 <zubair.khan@trufflesec.com>
2023-02-13 11:44:19 -05:00
trufflesteeeve
114f4b6989
Add Type() to detector interface (#1088)
* Add Type() to detector interface

The goal here is to allow the detector type information to be used
without the need for reflection. This could possibly allow us to more
easily inject information into detectors or filter them out if
necessary.

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>

* remove test detector

---------

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-02-09 14:46:03 -08:00
ahrav
80a68b84c2
update webex detector regex (#1062)
* update webex detector regex.

* fix regex.
2023-02-01 18:37:51 -08:00
ahrav
58b78b6a5a
Update float detector with correct User-Agent and regex (#1061)
* Update float detector with correct User-Agent and regex.

* update import order.

* update emial.

* Delete http.go

* add http back.
2023-02-01 09:48:13 -08:00
swdbo
a53758c4c4
braintree detector: use production API URL instead of the test sandbox version (#1054) 2023-02-01 08:41:52 -08:00
Cameron Lonsdale
0aa8e1cd98
Use access-token endpoint for validity check (#991) 2023-01-11 19:19:51 -08:00
Gonçalo Silva
e091fab94f
Use Todoist's REST API v2 (#978)
v1 was deprecated on December 5, 2022.
2022-12-14 16:52:19 -08:00
ahrav
054e98d108
Update slack webhook detector string check (#932)
* Update slack webhook detector check to text.

* remove redunant slashes.
2022-11-21 10:50:23 -08:00
Jessica
6e25664a52
add rambbitmq detector (#936)
* add rambbitmq detector

* use fixed length redaction

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2022-11-21 10:47:41 -08:00
Dustin Decker
b45369cdbb
Skip some FTP FPs (#929) 2022-11-21 06:52:21 -08:00
Dustin Decker
ae4b387448
add LDAP detector (#896) 2022-11-18 19:45:11 -08:00
Dustin Decker
b18edef01a
Enable skipping of particular key IDs (#930)
* Enable skipping of particular key IDs

* update test
2022-11-18 09:09:40 -08:00
ahrav
b8be0a64a8
Use pointer to type. (#926) 2022-11-16 10:35:48 -08:00
Ankush Goel
64cfe4d85e
Update github_old.go (#916) 2022-11-15 10:40:55 -08:00
Johann Saunier
42a82fc7e1
Update Scrapfly API Key Format (#910) 2022-11-11 15:24:17 -05:00
Ankush Goel
bb0fa055dc
fixed mailchimp detector (#909)
* fixed mailchimp detector

* Use sane http client

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2022-11-10 09:47:25 -05:00
kstilwell
ecd25784f5
Adding Shopify detector (#875)
* Fixes/work based on testing

* Remove some commented code

* Change how verification happens and grab additional information

* Address linter warnings.

* add shopify detector to default detectors.

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
2022-11-08 16:21:57 -08:00
Dustin Decker
5f0964add8 remove path for deduping URI 2022-11-06 08:12:46 -08:00
Miccah
85f5f3ea7b
Add sqlserver integration test and some default params (#891)
* Improve anonymous redaction

* Add sqlserver integration test and some default params
2022-11-02 11:04:49 -05:00
Dustin Decker
a7fc12240f
Do local URI verification, while attempting to defuse SSRF (#879)
* simplify monogo pattern

* do URI verification locally, while attempting to defuse SSRF

* test SSRF defuse

* simplify err check logic per linter recommendation

* split up detectors

* address comments

* remove unused var
2022-11-01 17:27:24 -07:00
ahrav
fe029b1098
[THOG-793] - Return all unverified results (#856)
* Remove the check to filter and return only a single unverified result.

* Revert "Remove the check to filter and return only a single unverified result."

This reverts commit 494e432803.

* Add new CLI flag to filter unverified results.
2022-10-31 09:36:10 -07:00
Dustin Decker
0c81cba918 remove noisy logging in sqlserver detector 2022-10-26 18:12:26 -07:00
Dustin Decker
ca8a5ef741
increase digitalocean token sensitivity (#872) 2022-10-26 08:22:21 -07:00
Dustin Decker
4f83dd816d
increase datadog token sensitivity (#871) 2022-10-26 08:22:10 -07:00
Dustin Decker
33c6c193e3
improve fastly validation endpoint and add extra data (#870) 2022-10-26 08:22:03 -07:00
Dustin Decker
466b9e2d6b
only detect live env razor pay and use std lib (#869)
* only detect live env razor pay and use std lib

* fix shadowed var
2022-10-26 08:13:13 -07:00
Dustin Decker
dac40519e4
support github fine grained tokens and add extra data (#868)
* support github fine grained tokens and add extra data

* fix shadowed var
2022-10-26 08:13:02 -07:00
Alexandr Marchenko
60464da3ce
proposal: SqlServer connection string detector (#867)
* sqlserver added to detectors.proto

* make protos

* boilerplate detector generated

* wireup

* initial
2022-10-26 07:46:13 -07:00
Ankush Goel
d29357c9d4
added npm detector (#841) 2022-10-13 06:04:02 -07:00
Dustin Decker
785cead43e
Ignore URIs where the password is redacted (#842)
Only `*`s in the password is a redacted basic auth URI.
2022-10-11 14:18:52 -07:00
ahrav
128002885a
Add decoder type to results. (#835) 2022-10-06 11:55:07 -07:00
Mildred Bernardo
3f6e5b44c9
Digitaloceanv2 detector (#832) 2022-10-03 18:01:01 -07:00
Mildred Bernardo
ad4b9406a7
Added digitaloceanv2 detector (#829)
* Added digitaloceanv2 detector

* import detector

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2022-09-28 09:56:35 -07:00
ahrav
db42bcf2a2
[OC-103] - Add Gemini detector (#800)
* Add Gemini detector.

* Add regex and test code for Gemini detector.

* Remove else.

* Add commentary.

* Address comments.

* Use regular else.

* Make nice and complicated.

* use regular detection pattern.

* Add detector to default detectors.
2022-09-26 11:48:48 -07:00
rahuljaisinghani
3645a6e7b9
Browserstack regex (#808)
* Update browserstack.go

* Update browserstack.go
2022-09-25 13:32:45 -07:00
Miccah
ddc81bd7c1
[THOG-162] Implement JDBC verification for select drivers (#792)
* [THOG-162] Implement JDBC verification for select drivers

Also includes integration tests for postgres and mysql via docker. To
run, execute the following (untested what will happen if the docker
images aren't installed):

go test -tags=detectors,integration ./pkg/detectors/jdbc

* Make jdbc regex a bit more strict

* Surface the context to allow the caller to set a timeout
2022-09-21 17:50:48 +02:00
Joseph Lucas
b02cf7e032
Adding detector for Nvidia NGC (#797)
* template

* minimum viable regex

* valid api 401

* passing tests

* snake to camelcase
2022-09-20 08:20:18 -07:00
Ankush Goel
44bc023da6
Update readme.go (#795)
* Update readme.go

Readme has change the way they issue their keys

now its like rdme_{70} ascii chars

* Update readme.go

* Update readme.go

* Update readme.go

The tester seems to be working fine with the new defaultclient code
2022-09-18 12:19:35 -07:00
ahrav
c4492b1fdc
Add support for MongoDB detector. (#793)
* Add support for MongoDB detector.

* Remove extra line.

* Remove unused arg.

* Add context around found secret test.

* Remove unused arg.
2022-09-15 05:47:09 -07:00
ahrav
33ab1cfeb2
[OC-101] - Prevent Gitlab detector panic (#799) 2022-09-15 05:00:15 -07:00
Dustin Decker
67e8df96a4
Add AWS account information (#782)
* Add AWS account information

* nit
2022-09-06 17:55:03 -07:00
Apoorv Munshi
33ff9178e4
fix regex pattern for confluent detector (#778)
* fix regex pattern for confluent detector

* remove RawV2 filed from detectors.Result

* add RawV2 field back
2022-09-06 10:42:36 -07:00
Dustin Decker
b9d6f11609
clean up detectors (#776) 2022-09-02 12:00:02 -07:00
Max Thomson
d7123c6965
Fix Honeycomb detector with both key formats (#777) 2022-09-02 11:44:16 -07:00
Dustin Decker
aba56523b6
Fix okta detector (#771) 2022-09-01 20:05:06 -07:00
roxanne-tampus
cc2df10e49
fix issue in codacy (#758)
* updated endpoint

* add tags
2022-08-31 17:32:22 -07:00
roxanne-tampus
18bca4b442
Enhancement in Gitlab detector (#588)
* enhancement on regex

* accepts both old and new token

* added gitlabv2 test file
2022-08-30 11:58:32 -07:00
ahrav
37c4eea66a
[chore] - ioutil.ReadFile is deprecated (#753)
* Use os.ReadFile.

* Update imports.

* remove unused import.
2022-08-30 09:41:12 -07:00
Dustin Decker
2452e93a80
Import 27 new detectors (#737) 2022-08-26 12:35:06 -07:00
Marlon
098d4a9e7d
added appointed scanner (#425)
* added appointed scanner

* fix comment

* fix comment

* fix comment

* fix issue

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2022-08-25 10:40:35 -07:00
Marlon
8709b4fdc6
added apilayer scanner (#368)
* added apilayer scanner

* fix comment

* fix comment
2022-08-25 10:36:41 -07:00
roxanne-tampus
024c847f83
Added braintreepayments detector (#541)
* added braintreepayments detector

* updated condition based on suggestion

* enhancements

* enhancement

* enhancement for valid response
2022-08-25 10:34:53 -07:00
roxanne-tampus
8a9229cf73
Added duply detector (#552)
* Added duply detector

* enhancement
2022-08-25 10:33:34 -07:00
roxanne-tampus
77fabe6191
Added gtmetrix detector (#554) 2022-08-25 10:33:02 -07:00
roxanne-tampus
6f07c59354
Added monkeylearn detector (#553) 2022-08-25 10:32:32 -07:00
roxanne-tampus
e192aee66a
Added twist detector (#549)
* Added twist detector

* enhancement

* auth enhancement

* enhancements

* enhancement
2022-08-25 10:31:43 -07:00
roxanne-tampus
64f15a7bfe
Added holistic detector (#556)
* Added holistic detector

* enhancement
2022-08-25 10:30:43 -07:00
roxanne-tampus
ebd6b5565b
Added transferwise detector (#558)
* Added transferwise detector

* update version

* updated regex
2022-08-25 10:29:29 -07:00
roxanne-tampus
4982755db2
Added ecostruxureit detector (#555)
* Added ecostruxureit detector

* updated regex
2022-08-25 10:27:43 -07:00
Marlon
7ccf69d419
added parseur detector (#454)
* added parseur detector

* fix comment

* fix comment
2022-08-25 10:26:23 -07:00
Marlon
45aaa25fe8
added docparser detector (#458)
* added docparser detector

* fix comment

* remove A on regex
2022-08-25 10:25:25 -07:00
Marlon
0063d50652
added formsite detector (#467)
* added formsite detector

* fix comment

* fix comment
2022-08-25 10:24:23 -07:00
Marlon
956a58fd95
added lemlist detector (#469)
* added lemlist detector

* fix comment
2022-08-25 10:23:09 -07:00
Marlon
38f6cc07ea
added prodpad detector (#470)
* added prodpad detector

* fix comment
2022-08-25 10:22:32 -07:00
Mildred Bernardo
bfa5e642a3
added flightlabs detector (#475)
* added flightlabs detector

* Modified the regex based on comment

* code enhancement

* Changed the valid response filter
2022-08-25 10:22:02 -07:00
Marlon
c2d42878c8
added codeclimate detector (#484)
* added codeclimate detector

* fix comment

* fix comment

* fix comment
2022-08-25 10:20:49 -07:00
Marlon
3d04abced8
added getresponse detector (#506)
* added getresponse detector

* fix comment
2022-08-25 10:20:00 -07:00
Marlon
b79b8e4ec7
added heatmapapi detector (#509)
* added heatmapapi detector

* fix comment
2022-08-25 10:18:16 -07:00
Marlon
be4fedbcb4
added demio detector (#512)
* added demio detector

* fix comment and change regex
2022-08-25 10:16:53 -07:00
Marlon
608eb45797
added kanbantool detector (#513)
* added kanbantool detector

* fix comment

* fix comment
2022-08-25 10:15:19 -07:00
Marlon
da1d3b3a01
Feature/salesmate detector (#514)
* added salesmate detector

* push change

* fix change
2022-08-25 10:13:25 -07:00
Marlon
0ff5cdd623
added tokeet detector (#515)
* added tokeet detector

* fix comment

* fix comment

* fix comment
2022-08-25 10:12:17 -07:00
Marlon
cded7a5489
added websitepulse detector (#516)
* added websitepulse detector

* fix comment
2022-08-25 10:11:10 -07:00
Marlon
ea3aba852d
Feature/scalr detector (#519)
* added scalr detetor

* added scalr detector

* fix comment

* fix comment

* fix comment

* fix comment
2022-08-25 10:03:59 -07:00
Max Thomson
e9f4cf99e5
Add Honeycomb detector (#687)
* Add Honeycomb detector

* Update pattern

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2022-08-24 16:50:31 -07:00
ahrav
2cab951ee5
[Thog-628] update detector results hash v2 (#710)
* Start updating detectors that have two part creds to record the raw result as ID + secret.

* Add more detectors.

* More detectors.

* More detectors.

* remove comment out imports.
2022-08-12 14:53:37 -07:00