Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
2057 commits 139 branches 257 tags 147 MiB
Commit graph

2057 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bill Rich
c2e3e7d53a
Split files instead of using ReadAll (#1387) 
* Split files instead of using ReadAll

* Remove dup chunk

* Actually break out of loop
 2023-06-12 14:09:05 -07:00
Dustin Decker
ca1947291b
Update sqlserver redaction, deduplication, and URI redaction (#1369) 
* Update sqlserver redaction, deduplication, and URI redaction

* don't use pointer
 2023-06-09 11:06:54 -07:00
Zachary Rice
c28c70b399
fix new git file plus plus plus bug (#1386) 2023-06-08 18:29:11 -05:00
Zubair Khan
dfb1a0cd38
Add DocuSign detector (#1382) 
* init

* look for client id and client secret, encode them for basis auth

* add tests

* test without checking the contents of response

* confirm access_token exists

* cleanup test

* explain in code that an undocumented grant_type is used

* remove use of deprecated ioutil, remove dead code, return errors instead of just logging

* directly pull access token

* update error text, remove redundant body close()

* import new detector into defaults
 2023-06-08 13:34:50 -04:00
ahrav
ce4a1fd7e6
[chore] - fix test (#1383) 
* fix test.

* fix import order.

* fix twilio test.
 2023-06-06 18:58:00 -07:00
dependabot[bot]
c8b9735834
Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1377) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-06 10:41:01 -07:00
dependabot[bot]
769d708b84
Bump github.com/mattn/go-sqlite3 from 1.14.16 to 1.14.17 (#1380) 
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.16 to 1.14.17.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.16...v1.14.17)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-06 10:40:34 -07:00
Dustin Decker
572cb0e5dc Loosen up version check for git 2023-06-01 12:17:48 -07:00
Dustin Decker
183037ab34
Check that git meets version requirements (#1373) 2023-06-01 09:41:06 -07:00
ahrav
8b7c50825e
update detector regex. (#1368) 2023-06-01 08:16:18 -07:00
dependabot[bot]
589a794e7f
Bump github.com/googleapis/gax-go/v2 from 2.8.0 to 2.9.1 (#1363) 
Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) from 2.8.0 to 2.9.1.
- [Release notes](https://github.com/googleapis/gax-go/releases)
- [Commits](https://github.com/googleapis/gax-go/compare/v2.8.0...v2.9.1)

---
updated-dependencies:
- dependency-name: github.com/googleapis/gax-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-30 21:00:23 -07:00
Dustin Decker
5358ed776b
fix mockaroo fps (#1370) 
* fix mockaroo fps

* fix test
 2023-05-30 20:58:41 -07:00
dependabot[bot]
9637f5e813
Bump cloud.google.com/go/secretmanager from 1.10.0 to 1.10.1 (#1365) 
Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.10.0...kms/v1.10.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-30 10:04:09 -07:00
dependabot[bot]
8be6ed0abb
Bump github.com/envoyproxy/protoc-gen-validate from 1.0.0 to 1.0.1 (#1366) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-30 09:00:09 -07:00
dependabot[bot]
d433bf03e3
Bump go.mongodb.org/mongo-driver from 1.11.4 to 1.11.6 (#1367) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.11.4 to 1.11.6.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.11.4...v1.11.6)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-30 08:59:55 -07:00
Dustin Decker
c8944825de
Surface missing git as an error during initialization (#1362) 2023-05-26 15:23:08 -07:00
Tim Strazzere
cbfbf5335e
Add Data member to ResultsMetadata struct. (#1358) 
When a Result is emitted, it should include
the `chunk.Data []byte` so that we can utilize
the blob of data which caused the result.

This makes it so something catching the results
does not have to maintain a collection of chunks
to correlate the two together.
 2023-05-24 09:21:41 -07:00
Mike Vanbuskirk
32a351fa02
adds linting for workflow and actions (#1356) 2023-05-22 21:43:25 -04:00
dependabot[bot]
d11f06989d
Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#1354) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-22 10:08:58 -05:00
dependabot[bot]
a9d2464301
Bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 (#1351) 
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-22 10:08:17 -05:00
Brendan Shaklovitz
3ab864aca9
Make OpenAI regex more specific (#1345) 2023-05-22 07:39:18 -07:00
dependabot[bot]
9cc3d05c31
Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#1352) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-22 09:31:51 -05:00
dependabot[bot]
596639bb6f
Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1353) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-22 09:30:56 -05:00
dependabot[bot]
ecffe724a5
Bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 (#1355) 
Bumps [github.com/go-logr/zapr](https://github.com/go-logr/zapr) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/go-logr/zapr/releases)
- [Commits](https://github.com/go-logr/zapr/compare/v1.2.3...v1.2.4)

---
updated-dependencies:
- dependency-name: github.com/go-logr/zapr
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-22 09:30:29 -05:00
Mike Vanbuskirk
1d9d6b6039
needed perms for running workflows against forks (#1348) 
Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-05-19 15:31:20 -04:00
ahrav
1da7720912
Replace context.TODO. (#1349) 2023-05-19 11:09:51 -07:00
Zachary Rice
4ba0ad480f
Add message for discord server in readme (#1344) 
* discord server

* Update README.md
 2023-05-19 11:14:50 -05:00
ahrav
0c386220dd
[chore] - Use correct detector proto (#1347) 
* Use correct detector proto.

* sort imports.
 2023-05-18 15:12:38 -07:00
trufflesteeeve
1a81709726
Check to see if StructuredData exists before attempting to print it (#1346) 2023-05-18 17:42:19 -04:00
Brendan Shaklovitz
195f9f0798
Add Base64URLSafe decoder (#1292) 
* Add Base64URLSafe decoder

* Add decoder that can decode base64 strings with '_' and '-' instead of
  of '+' and '/'.

* Combine url-safe b64 decoder into b64 decoder
 2023-05-18 08:30:47 -07:00
RuchitaKshirsagarTR
f831b62a3f
Update generic.go (#1343) 
Generic API keys like shown in the example below is getting excluded:
api_key=9e107d9d372bb6826bd81d3542a419d6 because of following regex patterns:

\b[A-Fa-f0-9]{32}\b
\b[A-Fa-f0-9x]{6,99}\b

The base64 decoding logic is getting hit and NOT returning an error, and thus it continues thinking it is base64 decoded.
 2023-05-17 13:30:40 -07:00
ahrav
31844b12e3
[oc-313] - Add GitHub metrics (#1324) 
* Normalize repos during enumeration.

* fix test.

* Add benchmark.

* Add benchmark.

* Add more realistic benchmark values.

* add gist mocks.

* Remove old normalize fxn.

* abstract away the repo cache.

* update test.

* increase repo count.

* increase page limnit to 100.

* move callee fxns below caller for Chunks.

* Add context to normalize.

* remove extra logic in normalize repo.

* Delete new.txt

* Delete old.txt

* Handle errors in a thread safe manner.

* fix test.'

* fix test.

* handle repos that are included by users.

* Abstract include ignore logic within repoCache.

* Add better comment around repoCache.

* Rename params.

* remove commented out code.

* use repos instead of items.

* remove commented out code.

* Use ++ instead of atomic increment.

* update to use logger var.

* use cache pkg.

* Use separate file for repo logic.

* Address comments.

* fix test.

* make less sucky test.

* Update test.

* Add logs for duration and repo size.

* fix integration test.

* address comment.
 2023-05-16 08:45:28 -07:00
Brendan Shaklovitz
88b4a283c4
Add extra data and structured data to plain output (#1316) 
* Add extra data and structured data to plain output

* Remove duplicate ExtraData output
 2023-05-16 08:14:42 -07:00
Dustin Decker
4250773e92
GitHub basic auth (#1337) 2023-05-15 22:04:42 -07:00
ahrav
e81b908e07
Add buildkitev2 detector for newer tokens. (#1341) 2023-05-15 12:58:36 -07:00
ahrav
6db770fbe5
use md5 hash for checking if key exists. (#1257) 2023-05-15 10:04:14 -07:00
ahrav
948828ba8c
[chore] - move objectManager interface (#1332) 
* Relocate the objectManager interface to the consumer package as per Go
best practices.

* address comment.
 2023-05-15 09:30:26 -07:00
dependabot[bot]
5546033ad6
Bump golang.org/x/sync from 0.1.0 to 0.2.0 (#1334) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0.
- [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:56:34 -05:00
dependabot[bot]
a46a183334
Bump github.com/rabbitmq/amqp091-go from 1.8.0 to 1.8.1 (#1335) 
Bumps [github.com/rabbitmq/amqp091-go](https://github.com/rabbitmq/amqp091-go) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/rabbitmq/amqp091-go/releases)
- [Changelog](https://github.com/rabbitmq/amqp091-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rabbitmq/amqp091-go/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/rabbitmq/amqp091-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:56:00 -05:00
dependabot[bot]
b9eb34b3e0
Bump github.com/go-sql-driver/mysql from 1.7.0 to 1.7.1 (#1336) 
Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-sql-driver/mysql/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/go-sql-driver/mysql
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:25:37 -05:00
dependabot[bot]
1df352bac5
Bump google.golang.org/api from 0.114.0 to 0.122.0 (#1342) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.114.0 to 0.122.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.114.0...v0.122.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:23:42 -05:00
dependabot[bot]
4fcea1e772
Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#1339) 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-15 08:21:39 -05:00
vickygoel
4c04bbbe85
added pulumi cloud Access token detector (#1295) 
* added pulumi cloud Access token detector

* removed accidentally committed tokens

* added the databricks token detection

* made recommended changes

* added supabase management api token

* nuget api key detector

* added aiven.io token detector

* added prefect.io api key detector

* update protos.

---------

Co-authored-by: Developer <garg47294+1@gmail.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-05-11 09:08:48 -07:00
Brendan Shaklovitz
584db86031
Support line numbers in filesystem source (#1297) 2023-05-09 08:02:34 -07:00
Brendan Shaklovitz
fad34d4dc6
git worktree scanning fix for #827 (#1315) 
* Fix worktree scan by setting EnableDotGitCommonDir

* Change `PlainOpenOptions` to set `EnableDotGitCommonDir` to true.
  In every current usage of this function, it is on an already-cloned
  repository, so it should always be valid to have this set. By doing
  so, it should fix some issues with worktrees.

* Remove unused go.mod replace directives

* Remove replace directives for libraries that are not in use.
 2023-05-09 08:00:47 -07:00
Brendan Shaklovitz
e3213fbdeb
Do extraction after decompression (#1320) 
* Fix error where some files do not get properly scanned due to order of
  extraction / decompression steps. Doing decompression first ensures
  that a compressed archive (e.g., gzipped zip file), is handled
  correctly.
 2023-05-09 07:56:08 -07:00
Bill Rich
f2924f3061
Make sure context lines are properly handled (#1331) 
* Make sure context lines are properly handled

* Fix git test to account for context change
 2023-05-05 12:51:27 -07:00
Miccah
6699ccd2b5
Generate protos (#1329) 2023-05-04 12:26:41 -05:00
Brendan Shaklovitz
87f3f27dab
Fix SquareApp detector type return value (#1322) 
* Change SquareApp detector type to report as SquareApp instead of
  Square.
 2023-05-04 10:25:20 -07:00
ahrav
deb0f63d25
Update regex. (#1328) 2023-05-04 10:23:13 -07:00