Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
1819 commits 139 branches 257 tags 147 MiB
Commit graph

1610 commits

Author SHA1 Message Date
Alexandr Marchenko
b29b78c10d
filesystem support for exclude and include filters (2nd attemp) (#1033) 
* fix filter issue - empty lines should be ignored

* filesystem support for filter exclude

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-01-26 09:33:45 -08:00
Bill Rich
00ebb2ed64
Full git log when targeting base merge commit (#1044) 
* Full git log when targeting merge commits

* Full log is needed whenever base is specified.
 2023-01-26 09:17:54 -08:00
Dustin Decker
4ef546a06b
fix github integration tests (#1042) 2023-01-25 08:57:39 -08:00
Bill Rich
ac1dd23d37
Limit diff size to prevent out of control memory use. (#1035) 
* Limit diff size to prevent out of control memory use.

* Group consts
 2023-01-23 10:14:10 -08:00
ahrav
2088f030f9
Add location to Teams metadata. (#1034) 2023-01-23 08:12:05 -08:00
ahmed
2060ae1c47
Updated stdout to print results in alphabetical order for consistent output (#1032) 2023-01-19 12:58:50 -05:00
ahrav
1621403e11
Add concurrency to CircleCi source (#1029) 
* Small cleanup of CircleCi source.

* Add concurrency to circleci.

* merge w/ cleanup branch.

* Rdefine loop var.

* Delete github.go

* reverge file delete.

* Add debug log for scan errors.

* make collecting scanned errors thread safe.

* pre-allocate errors slice.
 2023-01-17 12:24:49 -08:00
ahrav
319ae64a02
[chore] - Small cleanup of CircleCi source (#1028) 
* Small cleanup of CircleCi source.

* address comments.

* Add context to methods as first param.
 2023-01-17 09:36:18 -08:00
Dustin Decker
bc27fef7bc
remove logger from retryable client, it is not respecting loglevels (#1020) 2023-01-13 15:28:00 -08:00
Miccah
45b02f46d9
Record timestamp when a context was cancelled (#1018) 2023-01-13 12:21:09 -06:00
Cameron Lonsdale
0aa8e1cd98
Use access-token endpoint for validity check (#991) 2023-01-11 19:19:51 -08:00
Bill Rich
430d5c764c
Rename and export isGitSource (#1016) 2023-01-10 12:51:58 -08:00
Bill Rich
8b2e1d36cf
Copy metadata for line number aware sources (#1011) 
* Copy metadata for line number aware sources

* Improve style
 2023-01-10 09:35:44 -08:00
Miccah
e5ede17c77
Validate custom regular expressions on detector initialization (#1010) 
* Validate custom regular expressions on detector initialization

* Add regex name to error message
 2023-01-09 17:30:47 -06:00
Miccah
74831f63d5
Capture callstack of canceled contexts (#979) 2023-01-09 17:27:06 -06:00
ahrav
09d4422cdb
Handle invalid regex for custom detector. (#1005) 
* Handle invalid regex for custom detector.

* Add comment highlighting invalid regex.
 2023-01-09 09:45:30 -08:00
Yassine Ilmi
d720c0c0f3
Switch to retryableHttpClient for GitHub AuthN API Client + More Logs (#995) 
* Adding missing flags to Readme

* Use retryableHttpClient by default for GitHub

* Adding repoUrl for scanning time log

* Use WithField instead of WithFields

* Updating README with lasted --help output
 2023-01-09 09:21:56 -08:00
Pulkit Aggarwal
fc6fd29f3f
Fix GitUrl Return (#987) 
Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-01-09 09:17:30 -08:00
Dustin Decker
5f6143f09a
Add Circle CI source (#997) 
* Add Circle CI source

* remove SHA1 line

* remove trim
 2023-01-05 21:44:37 -08:00
ahrav
009756dce6
add proto that was missing. (#986) 2022-12-23 13:27:07 -08:00
Miccah
f5b83ee2a5
Add configuration parsing and custom detectors to engine (#968) 
* Add configuration parsing for custom detectors

* Error on empty filename
 2022-12-20 10:14:49 -06:00
ahrav
936a139596
Allow using a glob for include list. (#977) 
* Allow using a glob for include list.

* Update command flag.

* Make comment more clear.

* update comment.

* Allow scanning repo and org at the same time.
 2022-12-16 13:28:16 -08:00
Gonçalo Silva
e091fab94f
Use Todoist's REST API v2 (#978) 
v1 was deprecated on December 5, 2022.
 2022-12-14 16:52:19 -08:00
Miccah
861ad057c7
Implement CustomRegex detector (#950) 
* Remove verifying successRanges because it is unused in webhook

* Move custom_detectors validation code into its own file

* Initial implementation of custom regex detector

Secret verification is done via webhook.

* Add CustomRegex detector type

* Add upper bound to permutation

* Return early if the context is canceled

* Add headers from configuration

* Add detector name as a key in the JSON body

* Implement faster algorithm for productIndices
 2022-12-14 10:26:53 -06:00
Bill Rich
36ca2601e0
Add s3 object count to trace logs (#975) 
* Add s3 object count to trace logs

* fix debug level
 2022-12-13 16:46:09 -08:00
Miccah
7ac7fdae44
Add more logging for git sources (#974) 2022-12-13 17:51:57 -06:00
ahrav
26befdd1ec
[bug] - Handle error when scanning s3 bucket. (#969) 
* Handle error when scanning s# bucket.

* move wait outside loop.

* Add logging.

* revert changes.

* remove.

* revert.
 2022-12-12 10:10:06 -08:00
Dustin Decker
7de9bdd12d
Support globbing with ignore repos (#967) 2022-12-09 12:10:42 -08:00
ahrav
a72b9feb35
Only scan org with --org flag. (#931) 2022-12-06 16:18:48 -08:00
Bill Rich
335ce85ce4
Export line number code (#962) 2022-12-06 15:31:15 -08:00
Bill Rich
33d32d2de4
Don't scan the --since-commit target (#960) 2022-12-06 13:24:27 -08:00
Bill Rich
1a1c2e275e
Change chunker test source (#959) 
* Change chunker test source

* Emit chunk if the size isn't 0
 2022-12-06 12:45:08 -08:00
Bill Rich
9f99ee470d
Integration test fixes (#956) 
* Adjust repo count for new app

* Fix chunk test count
 2022-12-06 08:42:24 -08:00
Miccah
2a2bcd93ac
Add CustomRegex validation (#939) 
* Add validation skeleton

* Add custom detector validation with tests

* Validate and test regex vars

* Implement RegexVarString

* Use RegexVarString for validating regex variables

* Add numerics to the regex variable matching

Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
 2022-12-02 11:26:22 -06:00
Miccah
5a339b0ca1
Add test for configuring custom regex with webhook verification (#946) 2022-12-02 11:23:20 -06:00
Bill Rich
f1ec9e74eb
Close files to clean up tmp files (#940) 2022-11-22 13:13:34 -08:00
Bill Rich
79cae3b82b
Add newlines when file is split (#937) 2022-11-22 09:01:39 -08:00
Dustin Decker
28dd25beeb
S3 scanner improvements (#938) 2022-11-21 19:15:26 -08:00
Miccah
4409210b87
Add custom detectors configuration parsing (#927) 
* Add custom_detectors proto

* Generate proto code

* Create custom_detectors package

Also create protoyaml package to test YAML unmarshalling the
configuration.

* Simplify custom_detectors proto by removing connection

* Generate proto code

* Update custom_detectors parsing tests
 2022-11-21 15:10:38 -06:00
ahrav
054e98d108
Update slack webhook detector string check (#932) 
* Update slack webhook detector check to text.

* remove redunant slashes.
 2022-11-21 10:50:23 -08:00
Jessica
6e25664a52
add rambbitmq detector (#936) 
* add rambbitmq detector

* use fixed length redaction

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-11-21 10:47:41 -08:00
Dustin Decker
b45369cdbb
Skip some FTP FPs (#929) 2022-11-21 06:52:21 -08:00
Thiago Lages de Alencar
9757c339d9
Fix error message (#933) 2022-11-20 05:31:11 -08:00
Dustin Decker
ae4b387448
add LDAP detector (#896) 2022-11-18 19:45:11 -08:00
Dustin Decker
b18edef01a
Enable skipping of particular key IDs (#930) 
* Enable skipping of particular key IDs

* update test
 2022-11-18 09:09:40 -08:00
Miccah
b3d3f531a4
Return an error from ReadToMax when it panics (#925) 2022-11-16 14:24:05 -06:00
ahrav
b8be0a64a8
Use pointer to type. (#926) 2022-11-16 10:35:48 -08:00
Miccah
86f9e1288f
Initialize scan options if given a nil pointer (#924) 2022-11-15 17:01:59 -06:00
Miccah
696f5c68f4
Log the stack trace and recover object (#923) 
* Log the stack trace and recover object

* Remove stderr log
 2022-11-15 16:48:02 -06:00
Jessica
3d501975e4
Add filter as scan option to gitlab module's git scan (#919) 2022-11-15 13:02:37 -08:00