Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 22:51:55 +00:00
Code Issues Projects Releases Packages Wiki Activity
2708 commits 123 branches 240 tags 83 MiB
Commit graph

2708 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dylan Ayrey
de535071e1
implemented planet scale creds (passwords and API keys) (#1841) 
* implemented planet scale creds (passwords and API keys)

* Add timeout, fix tests, fix indeterminate

---------

Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-10-02 14:00:36 -07:00
Dylan Ayrey
f13fe36ae2
adding azure storage detector (#1840) 
* adding azure storage detector

* Fix variable name

* Escape regex

* fix test fields and update expected status code

---------

Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-10-02 13:45:45 -07:00
Dylan Ayrey
b3555f5419
Adding Howtorotate Guides to TruffleHog (#1839) 
* adding how to rotate guides

* Adding project ID to metadata

* update key name, remove comments, and ensure always present

---------

Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-10-02 13:45:17 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
f8f0c984fb
update pagerdutyapikey detector to tri-state verification (#1836) 2023-10-02 16:33:18 -04:00
Miccah
0d451aa806
Fix bug in chunker that surfaces with a flaky passed in io.Reader (#1838) 
* Fix bug in chunker that surfaces with a flaky passed in io.Reader

The chunker was previously expecting the passed in io.Reader to always
successfully read a full buffer of data, however it's valid for a Reader
to return less data than requested. When this happens, the chunker would
peek the same data that it then reads in the next iteration of the loop,
causing the same data to be scanned twice.

Co-authored-by: ahrav <ahravdutta02@gmail.com>

* Fix EOF error check

* Use io.ReadFull in Chunker

---------

Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-10-02 09:38:23 -07:00
dependabot[bot]
a750b8ef2b
Bump github.com/AzureAD/microsoft-authentication-library-for-go (#1850) 
Bumps [github.com/AzureAD/microsoft-authentication-library-for-go](https://github.com/AzureAD/microsoft-authentication-library-for-go) from 0.5.1 to 1.2.0.
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-go/releases)
- [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/main/RELEASES.md)
- [Commits](https://github.com/AzureAD/microsoft-authentication-library-for-go/compare/v0.5.1...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/AzureAD/microsoft-authentication-library-for-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 09:31:58 -07:00
dependabot[bot]
67fc50a4fb
Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.6.0 to 2.7.0 (#1851) 
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.6.0 to 2.7.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.6.0...v2.7.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 08:55:03 -07:00
dependabot[bot]
401f7f3fa9
Bump go.mongodb.org/mongo-driver from 1.12.0 to 1.12.1 (#1848) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.12.0 to 1.12.1.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.12.0...v1.12.1)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 07:46:36 -07:00
dependabot[bot]
9f2b874fb1
Bump github.com/aws/aws-sdk-go from 1.44.83 to 1.45.19 (#1847) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.83 to 1.45.19.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.83...v1.45.19)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 07:46:14 -07:00
dependabot[bot]
83391d31da
Bump docker/setup-qemu-action from 2 to 3 (#1845) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 07:45:47 -07:00
dependabot[bot]
df5fa56429
Bump goreleaser/goreleaser-action from 4 to 5 (#1844) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 07:40:28 -07:00
dependabot[bot]
222a47d9f3
Bump mikepenz/action-junit-report from 3 to 4 (#1843) 
Bumps [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) from 3 to 4.
- [Release notes](https://github.com/mikepenz/action-junit-report/releases)
- [Commits](https://github.com/mikepenz/action-junit-report/compare/v3...v4)

---
updated-dependencies:
- dependency-name: mikepenz/action-junit-report
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 07:40:00 -07:00
dependabot[bot]
dd183fab83
Bump docker/login-action from 2 to 3 (#1846) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 07:39:13 -07:00
dependabot[bot]
0fc79c5124
Bump github.com/xanzy/go-gitlab from 0.88.0 to 0.92.3 (#1849) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.88.0 to 0.92.3.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.88.0...v0.92.3)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 07:38:44 -07:00
dependabot[bot]
c7965b2df6
Bump actions/checkout from 3 to 4 (#1842) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-02 07:37:57 -07:00
Dylan Ayrey
b232ec8b4e
fixing razorpay (#1852) 
Co-authored-by: counter <counter@counters-MacBook-Air.local>
 2023-10-02 08:49:40 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
24748b3de6
add tristate verification to twitch (#1830) 
* add tristate verification to twitch

* return early

* small nits
 2023-09-29 16:17:30 -04:00
Karthik Sundari
b9a582ba51
chore(ReadMe): Update installation Doc (#1818) 2023-09-28 12:38:27 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
5df6afdbf4
Separate gitlab detectors (#1819) 
* update gitlabv2 to tri-state

* updating secret to s1 to match convention

* consolidating both versions of the gitlab detector

* remove gitlabV2 references

* Delete temp.txt

delete test file (note: these are not real secrets)

* updating gitlabV1 detector to only work w/ v1 secrets, and v2 detector only w/ v2 secrets

* update package name and add to defaults

* cleanup nesting

* lowercase package names

* update v1 detector to explicitly ignore results with glpat

* nit

* update package name
 2023-09-28 12:36:46 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
e645827fcb
[chore] add figmav2 to defaults (#1820) 
* add figma to defaults

* update figma detector package to use versioning
 2023-09-28 13:35:51 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
afd0b4cc12
Cleanup jiratoken detector (#1832) 
* cleanup nesting on jiratoken v1

* cleanup nesting on jiratoken v2
 2023-09-28 13:35:30 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
1f2e9d342f
cleanup nesting (#1831) 2023-09-28 13:34:07 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
f72c77fb69
Cleanup pubnub detector (#1826) 
* pull out verification logic for pubnub to reduce nesting

* remove comment

* return early
 2023-09-28 13:31:07 -04:00
Zachary Rice
28dbd2f704
Update alchemy_test.go to use detectors5 (#1829) 2023-09-28 11:24:45 -05:00
Zachary Rice
3b99517780
Update web3storage_test.go (#1828) 2023-09-28 11:24:29 -05:00
ahrav
c4bc8fc7fa
[bug] - correctly check err (#1824) 
* correctly check err.

* address comments.

* update.

* add comment.

* update comment.
 2023-09-27 15:52:07 -07:00
Cody Rose
e9efed85c2
Use S3 credentials waterfall (#1823) 
This PR updates the S3 source to use explicitly configured credentials if they're available and follow the normal AWS credentials waterfall if they're not. This is irrespective of whether role assumption is configured. This changes the previous behavior, which was to use waterfall credentials only if role assumption was configured and explicitly configured credentials only when it was not.
 2023-09-27 16:57:47 -04:00
joeleonjr
699547b7d3
consolidated pr and issue descr/comment flags (#1827) 2023-09-27 15:54:02 -04:00
Ankush Goel
faf46175e4
added Web3 Storage detector (#1789) 
* added Web3 Storage detector

* fixed the regex

* removed test and disabled token
 2023-09-27 12:09:39 -05:00
Zachary Rice
f2d0f809a8
Update Adding_Detectors_external.md (#1822) 
* Update Adding_Detectors_external.md

* Update Adding_Detectors_external.md

* Update Adding_Detectors_external.md

* Lil more
 2023-09-26 17:18:58 -05:00
ahrav
bf47fd69bb
Github partial scan (#1804) 
* Add ability for targetted partial scans of Github.

* update comment.

* add more tests.

* add additiional test.

* address comments.
 2023-09-26 12:38:33 -07:00
joeleonjr
1e42dae734
added PR and Issue body scanning (#1816) 
* added PR and Issue body scanning; adjusted CLI args to fit

* removed print statement from debugging

* removed exclude-commits; adjusted CLI flags

* minor changes to match main branch

* fixing logic

* updating README for --issues and --prs
 2023-09-26 12:25:48 -04:00
Zachary Rice
44c8cfffd1
Update Adding_Detectors_external.md (#1817) 2023-09-26 08:23:07 -05:00
Shubham Hibare
b71ea27a69
Implement an installation script with CheckSum Validation (#1808) 
* Add installation script

* Update README.md

* Change set -e to set -o errexit

* Remove non-required dir  existence test

* Switch && to ||
 2023-09-25 12:48:23 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
1715e7ad23
updating browserstack detector to use tri-state verification (#1785) 
* updating browserstack detector to use tri-state verification

* cleaning up nested conditions
 2023-09-25 15:34:13 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
af1434e05a
updating microsoft teams webhook detector to use tri-state verification (#1792) 
* updating microsoft teams webhook detector to use tri-state verification

* cleaning up nested conditions
 2023-09-25 15:30:41 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
ac18096da0
updating myfreshworks detector to use tri-state verification (#1779) 
* updating secret regex to include underscores and updating tests to have secret and domain within 20char range of keyword

* updating myfreshworks detector to use tri-state verification
 2023-09-25 13:27:23 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
cc9f5739dd
update figma to use tri-state verification (#1814) 2023-09-25 13:26:18 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
f4ddc8b39e
adding support for new version of figma token (#1813) 2023-09-22 18:13:49 -04:00
Zachary Rice
2d3bb7560d
Update README.md (#1811) 2023-09-22 16:51:14 -05:00
Zachary Rice
995eb64d38
examples folder (#1734) 
* wip examples folder

* Rename examples.md to README.md
 2023-09-22 15:26:20 -05:00
atkins
36aa1451bd
Update protos image to use correct go version (#1810) 
* Update protos image to use correct go version

* Update image tag to match version

* use bullseye

* update proto image

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-09-22 14:08:56 -06:00
ahrav
6affc903e1
add line to link for azure repos. (#1801) 2023-09-21 16:07:11 -07:00
Dustin Decker
5afc7a32ca
fix detector test action (#1805) 2023-09-21 15:16:00 -07:00
Dustin Decker
b66bd9544c
aggregate detector tests daily (#1800) 
* aggregate detector tests daily

* add manual dispatch

* fix test
 2023-09-21 10:32:40 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
62b2195502
Adding new function SetProgressOngoing to be used when the source does not yet know how many items it is scanning and does not want to display a percentage complete. (#1802) 
Co-Authored-By: @mcastorina
 2023-09-21 13:26:10 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
1a1b2ca51a
updating uri detector to use tri-state verification (#1791) 2023-09-21 11:20:40 -04:00
dependabot[bot]
590115bca4
Bump golang.org/x/oauth2 from 0.10.0 to 0.12.0 (#1799) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.10.0 to 0.12.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.10.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-20 19:49:12 -07:00
dependabot[bot]
9b01c3d71c
Bump github.com/go-ldap/ldap/v3 from 3.4.5 to 3.4.6 (#1796) 
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.5 to 3.4.6.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.4.5...v3.4.6)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-20 17:58:21 -07:00
dependabot[bot]
16f885b2fc
Bump github.com/charmbracelet/bubbletea from 0.24.1 to 0.24.2 (#1798) 
Bumps [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) from 0.24.1 to 0.24.2.
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](https://github.com/charmbracelet/bubbletea/compare/v0.24.1...v0.24.2)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-20 17:22:52 -07:00