Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
1727 commits 139 branches 257 tags 147 MiB
Commit graph

1727 commits

This branch
This branch
All branches
Author SHA1 Message Date
JJ Asghar
aead0425d9
Fixed the brew install tap command (#911) 
* Fixed the brew install tap command

It seems you need to run the full tap, not just trufflehog.

Signed-off-by: JJ Asghar <awesome@ibm.com>

* Update README.md

Signed-off-by: JJ Asghar <awesome@ibm.com>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-11-11 15:21:47 -05:00
Ankush Goel
bb0fa055dc
fixed mailchimp detector (#909) 
* fixed mailchimp detector

* Use sane http client

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-11-10 09:47:25 -05:00
kstilwell
ecd25784f5
Adding Shopify detector (#875) 
* Fixes/work based on testing

* Remove some commented code

* Change how verification happens and grab additional information

* Address linter warnings.

* add shopify detector to default detectors.

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2022-11-08 16:21:57 -08:00
dependabot[bot]
02ed33d1c1
Bump go.mongodb.org/mongo-driver from 1.10.3 to 1.11.0 (#905) 2022-11-07 07:31:59 -08:00
Dustin Decker
5f0964add8 remove path for deduping URI 2022-11-06 08:12:46 -08:00
ahrav
28983036a0
only write if the filechunk has len > 0. (#903) 2022-11-05 18:19:41 -07:00
trufflesteeeve
e8cd2e7fae
Add Unknown visibility level (#902) 2022-11-04 14:28:20 -04:00
ahrav
dd141fb55f
[oc-147] - Add context to all git methods (#901) 
* Add context to all git methods.

* remove logrus.

* Add ctx.

* Address comments.

* Add error to clone failing.

* Return error.
 2022-11-03 16:36:52 -07:00
Dustin Decker
3a143f095b
add option to skip tls verification for confluence (#900) 2022-11-03 13:10:01 -07:00
Miccah
ab54ec4072
Check for closed channel in HandleFile (#895) 
* Check for closed channel in HandleFile

* Refactor to be more readable

* Fix handler search
 2022-11-02 16:35:19 -05:00
Miccah
85f5f3ea7b
Add sqlserver integration test and some default params (#891) 
* Improve anonymous redaction

* Add sqlserver integration test and some default params
 2022-11-02 11:04:49 -05:00
Dustin Decker
a7fc12240f
Do local URI verification, while attempting to defuse SSRF (#879) 
* simplify monogo pattern

* do URI verification locally, while attempting to defuse SSRF

* test SSRF defuse

* simplify err check logic per linter recommendation

* split up detectors

* address comments

* remove unused var
 2022-11-01 17:27:24 -07:00
ahrav
fe1e475a04
Prevent concurrent read and writes to visibility map. (#892) 2022-11-01 16:20:59 -07:00
dependabot[bot]
2884864cd3
Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0 (#886) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.73.1 to 0.74.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.73.1...v0.74.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 13:01:29 -05:00
dependabot[bot]
2ac483da1f
Bump github.com/TheZeroSlave/zapsentry from 1.11.0 to 1.12.0 (#887) 
Bumps [github.com/TheZeroSlave/zapsentry](https://github.com/TheZeroSlave/zapsentry) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/TheZeroSlave/zapsentry/releases)
- [Commits](https://github.com/TheZeroSlave/zapsentry/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/TheZeroSlave/zapsentry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 12:59:56 -05:00
ahrav
fe029b1098
[THOG-793] - Return all unverified results (#856) 
* Remove the check to filter and return only a single unverified result.

* Revert "Remove the check to filter and return only a single unverified result."

This reverts commit 494e432803.

* Add new CLI flag to filter unverified results.
 2022-10-31 09:36:10 -07:00
Alexandr Marchenko
c91158d8f7
remove updates check from github action (#883) 
Because action uses the latest image there is no need to check for updates each time`
 2022-10-31 09:34:33 -07:00
dependabot[bot]
6696c85d32
Bump cloud.google.com/go/secretmanager from 1.7.0 to 1.8.0 (#888) 
Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.7.0...asset/v1.8.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 08:59:58 -07:00
dependabot[bot]
4a458c9eab
Bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 (#889) 
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.15 to 1.14.16.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.15...v1.14.16)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 08:59:36 -07:00
Bill Rich
965279421c
Support common ssh repo format (#878) 
* Try ssh repo format

* Add tests
 2022-10-28 11:56:03 -07:00
Bill Rich
ab71b93f7d
Add context to handler (#877) 
* Add context to handler

* Return rather than break out of select
 2022-10-28 08:57:55 -07:00
Bill Rich
034ca4fb5b
Add bytes counter to scans (#876) 2022-10-27 12:54:22 -07:00
Dustin Decker
0c81cba918 remove noisy logging in sqlserver detector 2022-10-26 18:12:26 -07:00
Dustin Decker
ca8a5ef741
increase digitalocean token sensitivity (#872) 2022-10-26 08:22:21 -07:00
Dustin Decker
4f83dd816d
increase datadog token sensitivity (#871) 2022-10-26 08:22:10 -07:00
Dustin Decker
33c6c193e3
improve fastly validation endpoint and add extra data (#870) 2022-10-26 08:22:03 -07:00
Dustin Decker
466b9e2d6b
only detect live env razor pay and use std lib (#869) 
* only detect live env razor pay and use std lib

* fix shadowed var
 2022-10-26 08:13:13 -07:00
Dustin Decker
dac40519e4
support github fine grained tokens and add extra data (#868) 
* support github fine grained tokens and add extra data

* fix shadowed var
 2022-10-26 08:13:02 -07:00
Alexandr Marchenko
60464da3ce
proposal: SqlServer connection string detector (#867) 
* sqlserver added to detectors.proto

* make protos

* boilerplate detector generated

* wireup

* initial
 2022-10-26 07:46:13 -07:00
Bill Rich
d7d614cc5f
Copy buffer bytes (#864) 2022-10-25 09:09:47 -07:00
Dylan Ayrey
d5fef0f3e1
Update README.md (#861) 2022-10-24 14:11:14 -07:00
Bill Rich
958266ea84
Run chunker in pipeline (#859) 
* Run chunker in pipeline

* Move ChunkSize and PeekSize to source package.

* Use new Chunk and Peek size location
 2022-10-24 13:57:27 -07:00
Bill Rich
3d5f697f9a
Use line aware chunking for git. (#858) 2022-10-24 13:00:03 -07:00
dependabot[bot]
2a58268e42
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#860) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-24 10:05:16 -07:00
Dustin Decker
64ace363af Change commit to trace level logging 2022-10-24 08:59:52 -07:00
dependabot[bot]
ce36383513
Bump github.com/getsentry/sentry-go from 0.13.0 to 0.14.0 (#839) 
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-23 19:03:18 -07:00
dependabot[bot]
2e1006e1a7
Bump github.com/denisenkom/go-mssqldb from 0.12.2 to 0.12.3 (#851) 
Bumps [github.com/denisenkom/go-mssqldb](https://github.com/denisenkom/go-mssqldb) from 0.12.2 to 0.12.3.
- [Release notes](https://github.com/denisenkom/go-mssqldb/releases)
- [Commits](https://github.com/denisenkom/go-mssqldb/compare/v0.12.2...v0.12.3)

---
updated-dependencies:
- dependency-name: github.com/denisenkom/go-mssqldb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-23 19:02:27 -07:00
dependabot[bot]
477b461e18
Bump go.mongodb.org/mongo-driver from 1.10.2 to 1.10.3 (#837) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.10.2...v1.10.3)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-21 12:49:06 -07:00
dependabot[bot]
68740953cd
Bump github.com/envoyproxy/protoc-gen-validate from 0.6.8 to 0.6.13 (#838) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.6.8 to 0.6.13.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.6.8...v0.6.13)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-21 12:48:20 -07:00
ahrav
46bc010165
Add tests for including github repos. (#854) 2022-10-21 07:56:36 -07:00
trufflesteeeve
fb56b9f713
Check rate limit when getting github user (#855) 
Also, don't fetch a github user or their token when both are known. This
currently only affects the Github Token auth type. Github App
installations will continually fetch tokens every time we clone a repo.
In the future we should check the `ExpiresAt` field of the Github App
token and determine if we need to fetch a new one at that point.
 2022-10-20 18:14:28 -04:00
ahrav
029519eb01
[THOG-767] ignore gitlab repos (#853) 
* Add ability to ignore repos.

* use std library slices.Contains.

* Add tests.

* Remove zero values from test.
 2022-10-19 13:55:44 -07:00
ahrav
c203eef86f
[THOG-767] - Ignore Bitbucket and Gitlab repos (#852) 
* Add messages to BB and Gitlab source protos to allow ignoring repos.

* remove unsued field in struct.j

* Fix casing.
 2022-10-18 14:14:04 -07:00
ahrav
2d6aadcb46
[THOG-774] - GitHub ignore repo full name (#848) 
* Use github repo full name.

* fix tests.
 2022-10-14 09:20:49 -07:00
Ankush Goel
d29357c9d4
added npm detector (#841) 2022-10-13 06:04:02 -07:00
ahrav
04c9bb535e
[THOG-768] - Add ability to skip scanning Github repos (#846) 
* Add ability to skip scanning Github repos.

* remove old change.

* rename method.
 2022-10-12 16:28:24 -07:00
Miccah
4aab7b7276
Buffer commit log processing (#845) 
Some very large commits take a lot of time to process, which we can make
progress on while we are scanning the contents of other commits.
 2022-10-12 14:55:08 -05:00
ahrav
cea2a23c56
[THOG-768] - Add ignore repo list to Github proto (#843) 
* Add ignore repo list to Github proto.

* Add proto.

* Add missing proto.
 2022-10-11 15:41:33 -07:00
Dustin Decker
785cead43e
Ignore URIs where the password is redacted (#842) 
Only `*`s in the password is a redacted basic auth URI.
 2022-10-11 14:18:52 -07:00
Dustin Decker
85467538f6
remove faulty detector (#836) 2022-10-07 09:20:44 -07:00