trufflehog

mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00

Author	SHA1	Message	Date
Cody Rose	d763097fdf	implement indeterminate LDAP verification (#1574 ) This PR implements tri-state verification for the LDAP detector. This implementation looks for network errors to explicitly flag as indeterminate, rather than authentication errors to explicitly flag as determinate; this is because the error that occurs from authentication failures doesn't appear to have its own type and I didn't want to have to match on the error message text.	2023-08-03 14:02:31 -04:00
Bill Rich	0c7ed19270	Github Oauth2 verification (#1584 ) * Github Oauth2 verification * Use prefix and include RawV2 * Make gh_oauth2 a new detector * Remove unused struct * Remove versioner * Remove unused code	2023-08-02 11:16:40 -07:00
Bill Rich	1cf419e478	Expand paypal regex (#1599 )	2023-08-02 10:58:32 -07:00
Zubair Khan	0ad46381d9	tighten up regex pattern for timezoneapi (#1591 ) * tighten up regex pattern * add response body check	2023-08-01 17:30:29 -04:00
ahrav	b8c43ea58f	Fix VirusTotal deetector (#1585 )	2023-08-01 05:41:18 -07:00
Cody Rose	7d2f126411	add tri-state verification to mongodb detector (#1575 )	2023-07-31 18:23:35 -04:00
ahrav	661c6b47b7	[bug] - fix shodan detector (#1579 ) * fix shodan detector. * fix import order.	2023-07-31 11:12:52 -07:00
Miccah	32e3f1f015	Fix pubnub regular expression (#1565 ) One of the sub-groups of the UUIDv4 was missing the characters 0-9.	2023-07-31 11:37:25 -05:00
Cody Rose	61bee6c8b1	Identify transient AWS verification failures (#1563 ) It turns out that GetCallerIdentity returns a surprising quantity of transient, false-negative 403 responses that carry the SignatureDoesNotMatch error reason. I don't know why this is happening, but their transient nature makes them indeterminate verification failures and they should be flagged as such. The AWS detector has therefore been modified to specifically look for the InvalidClientTokenId error reason in 403 responses and mark all other responses as indeterminate. In addition to the functional changes this PR contains some updates to the test code that allow us to test them.	2023-07-31 12:06:11 -04:00
Cody Rose	431d26f5fa	move false positive check in alchemy detector (#1532 ) This PR makes the Alchemy detector run its known false positive check even if verification is disabled. This isn't the most important detector but it's the template for new ones so getting a good pattern nailed down is important. Moving the check allowed me to rewrite the determinacy logic to hopefully be more clear.	2023-07-28 11:36:02 -04:00
Richard Gomez	f925da7cea	fix(mongodb): detect CosmoDB access keys (#1511 ) https://learn.microsoft.com/en-us/microsoft-365/compliance/sit-defn-azure-cosmos-db-account-access-key?view=o365-worldwide	2023-07-26 16:50:12 -05:00
Zachary Rice	85f363f093	init (#1538 )	2023-07-24 19:09:57 -05:00
Miccah	93c561f324	Add match boundary to okta regular expressions (#1531 )	2023-07-24 10:52:50 -05:00
Cody Rose	ebf1038392	Support indeterminacy in alchemy and update detector docs (#1510 )	2023-07-21 14:50:14 -04:00
Cody Rose	06a562688d	capture json error (#1509 )	2023-07-21 10:44:47 -05:00
Cody Rose	20b7793828	JDBC indeterminacy (#1507 ) This PR adds an indeterminacy check to the JDBC verifiers.	2023-07-19 16:57:57 -04:00
Brandon Yan	8fad5fff79	add dockerhub scanner (#1496 ) * add dockerhub scanner * clean * clean and fix regex logic and tests * check length of userMatches before access * Use camelcase. --------- Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>	2023-07-19 09:26:28 -07:00
Cody Rose	cb1a63a4e2	unify JDBC detector ping logic (#1506 ) Previously, the various JDBC detectors would independently try to verify credentials by a process of trying various permutations of candidates one-by-one. The upcoming tri-state verification work will need to add sophistication to this process in the same way for each one, so this PR first combines all of the logic so it can be upgraded in a single spot.	2023-07-19 11:45:56 -04:00
Zubair Khan	be549a7287	add thog enterprise detector for web keys (#1448 ) * saving progress * proto changes * run make protos * verify response, add test case * resolve linter warning about unescaped . in regex pattern * resolve overlapping proto number	2023-07-18 09:53:12 -04:00
Brandon Yan	cab416b533	add launch_darkly keyword to launchdarkly scanner (#1495 )	2023-07-17 14:05:58 -05:00
Cody Rose	ee814a67bd	tweak jdbc redaction (#1490 ) JDBC redaction could fail in some irritating edge cases involving passwords that contain the @ character. The logic has been tweaked to eliminate these cases and some tests have been added.	2023-07-17 11:04:12 -04:00
Brandon Yan	9af31f00a9	add envoy api key scanner (#1482 ) * add envoy api key scanner * Use detectors4. --------- Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>	2023-07-16 16:46:28 -07:00
trufflesteeeve	d03a74776e	Fix URI detector false results when the redacted password has been URL encoded (#1489 )	2023-07-14 13:35:50 -04:00
Brandon Yan	aab8fddc67	fix twilio verification side effect (#1494 ) change POST request to GET request	2023-07-13 17:48:51 -07:00
Cody Rose	a123d5c5e1	do not report 403s as indeterminate in AWS detector (#1481 )	2023-07-11 16:35:23 -04:00
Cody Rose	b803a0f701	Report indeterminacy in AWS verifier (#1480 )	2023-07-11 15:50:31 -04:00
Zachary Rice	d4972313ff	remove old detector (#1474 )	2023-07-10 13:02:19 -05:00
Cody Rose	87058dd7fa	Add new verification error message field (#1463 )	2023-07-10 11:15:40 -04:00
Zubair Khan	b38857edb4	fix missing api key, tighten up regex pattern, use response body check (#1438 )	2023-07-06 16:35:52 -04:00
Richard Gomez	23757dbe0a	remove image4 detector (#1461 )	2023-07-06 12:56:09 -07:00
Zachary Rice	a99d89d711	fix typo (#1452 )	2023-07-05 14:14:18 -05:00
Zachary Rice	8a508e6bcd	Add missing keywords for sqlserver (#1449 )	2023-07-05 11:12:19 -05:00
roxanne-tampus	00920984e3	added opsgenie detector (#650 ) * added opsgenie detector * update interface and import --------- Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-06-27 16:43:25 -07:00
Zubair Khan	d6375ba921	verify response body with expected keywords (#1419 ) * verify response body with expected keywords * remove debug log * add extra test case * migrate from ioutil to io * close body and only check for one keyword * cleanup	2023-06-27 11:46:15 -04:00
Miccah	8ea49de490	Don't return on okta credential failed verification (#1432 )	2023-06-27 09:21:39 -05:00
Zubair Khan	f52946b996	Add Couchbase Detector (#1385 ) * init * add detector type * rotate leaked credentials * tighten up username pattern * isolated prefixregex as overrriding new line stuff * passwordPat working now * add username test * fix edge case * cleanup * make linter happy * make linter happy rd 2 * skip error logging * fix test * add password regex helper func * make test more robust * cleanup PR * remove comments * clarify prepend rationale	2023-06-26 14:37:10 -04:00
Chris Atkin	6e6895b48e	Update Slack webhook error text for verification (#1427 ) This updates the matched error text to determine the verified status of a Slack webhook, as this has been updated on Slack's API.	2023-06-26 08:44:17 -07:00
Zubair Khan	cd67f6bf16	prevent www from being a key to prevent fp (#1418 )	2023-06-25 11:55:11 -04:00
Dustin Decker	eeefde1ec9	Ensure results are collected correctly when verification is off, and dedupe twilio (#1420 )	2023-06-23 14:14:08 -07:00
dillonstreator	648ef3b52c	fix spelling errors (#1413 )	2023-06-21 07:15:28 -07:00
Zubair Khan	0c3410c5cd	add new key pat for mailgun detector (#1375 ) * add new detector key pat for mailgun * resolve mailgun issue * remove unused tokenPat and commented strings import * fix closing bracket issue	2023-06-20 19:14:56 -04:00
Dustin Decker	ca1947291b	Update sqlserver redaction, deduplication, and URI redaction (#1369 ) * Update sqlserver redaction, deduplication, and URI redaction * don't use pointer	2023-06-09 11:06:54 -07:00
Zubair Khan	dfb1a0cd38	Add DocuSign detector (#1382 ) * init * look for client id and client secret, encode them for basis auth * add tests * test without checking the contents of response * confirm access_token exists * cleanup test * explain in code that an undocumented grant_type is used * remove use of deprecated ioutil, remove dead code, return errors instead of just logging * directly pull access token * update error text, remove redundant body close() * import new detector into defaults	2023-06-08 13:34:50 -04:00
ahrav	ce4a1fd7e6	[chore] - fix test (#1383 ) * fix test. * fix import order. * fix twilio test.	2023-06-06 18:58:00 -07:00
ahrav	8b7c50825e	update detector regex. (#1368 )	2023-06-01 08:16:18 -07:00
Dustin Decker	5358ed776b	fix mockaroo fps (#1370 ) * fix mockaroo fps * fix test	2023-05-30 20:58:41 -07:00
Tim Strazzere	cbfbf5335e	Add Data member to ResultsMetadata struct. (#1358 ) When a Result is emitted, it should include the `chunk.Data []byte` so that we can utilize the blob of data which caused the result. This makes it so something catching the results does not have to maintain a collection of chunks to correlate the two together.	2023-05-24 09:21:41 -07:00
Brendan Shaklovitz	3ab864aca9	Make OpenAI regex more specific (#1345 )	2023-05-22 07:39:18 -07:00
ahrav	0c386220dd	[chore] - Use correct detector proto (#1347 ) * Use correct detector proto. * sort imports.	2023-05-18 15:12:38 -07:00
RuchitaKshirsagarTR	f831b62a3f	Update generic.go (#1343 ) Generic API keys like shown in the example below is getting excluded: api_key=9e107d9d372bb6826bd81d3542a419d6 because of following regex patterns: \b[A-Fa-f0-9]{32}\b \b[A-Fa-f0-9x]{6,99}\b The base64 decoding logic is getting hit and NOT returning an error, and thus it continues thinking it is base64 decoded.	2023-05-17 13:30:40 -07:00
ahrav	e81b908e07	Add buildkitev2 detector for newer tokens. (#1341 )	2023-05-15 12:58:36 -07:00
vickygoel	4c04bbbe85	added pulumi cloud Access token detector (#1295 ) * added pulumi cloud Access token detector * removed accidentally committed tokens * added the databricks token detection * made recommended changes * added supabase management api token * nuget api key detector * added aiven.io token detector * added prefect.io api key detector * update protos. --------- Co-authored-by: Developer <garg47294+1@gmail.com> Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>	2023-05-11 09:08:48 -07:00
Brendan Shaklovitz	87f3f27dab	Fix SquareApp detector type return value (#1322 ) * Change SquareApp detector type to report as SquareApp instead of Square.	2023-05-04 10:25:20 -07:00
ahrav	deb0f63d25	Update regex. (#1328 )	2023-05-04 10:23:13 -07:00
Jason Solis	c13c56283d	add tineswebhook detector (#1304 )	2023-05-01 07:48:58 -07:00
Miccah	b1675194ca	Implement EndpointCustomizer (#1291 ) * Implement EndpointCustomizer Add the EndpointCustomizer interface and EndpointSetter convenience struct, implement EndpointCustomizer for github and gitlab detectors, and add parsing, verification, and applying user-supplied configuration. * Check error from SetEndpoints * Rename variable for clarity	2023-04-27 12:23:50 -05:00
Aman Sakhuja	2a3f8942ee	Fixed contentfulpersonalaccesstoken regex (#1199 )	2023-04-26 14:32:36 -07:00
Shabbir B	d1cbc54fc6	Updated BrowserStack detector endpoint (#1290 ) Updated endpoint	2023-04-26 08:59:24 -07:00
ahrav	15ed428e28	update jira detector. (#1288 )	2023-04-25 17:26:51 -07:00
Shabbir B	6f801f64c7	Added a new detector for percy.io (#1284 ) * Feature: Added a new detector for percy.io * Updated variable name --------- Co-authored-by: ahrav <ahravdutta02@gmail.com>	2023-04-25 13:18:34 -07:00
Dustin Decker	3485a6dab1	improve sqlserver detection and testing (#1285 ) * improve sqlserver detection and testing * add data source keyword	2023-04-25 11:00:37 -07:00
Yassine Ilmi	a002ba9a75	Add RawV2 Results to the JSON Output (#1273 ) * Add RawV2 to JSON Output * Adding RawV2 results to Azure, Datadog and GCP Detectors	2023-04-20 16:31:53 -07:00
Dustin Decker	e217e2fbfd	Ensure multipart credentials are deduplicated correctly (#1271 ) * Ensure multipart credentials are deduplicated correctly * update tests	2023-04-20 15:07:59 -07:00
Bill Rich	a6902ae9cb	Add configurable detectors (#1139 ) * JDBC detector ignore patterns * Remove newline --------- Co-authored-by: Bill Rich <bill.rich@trufflesec.com>	2023-04-20 11:44:28 -07:00
ahrav	f107e1b497	Use defautl endpoints when no custom verifier provided. (#1242 )	2023-04-06 08:35:01 -07:00
Dustin Decker	20d5683199	fix linting step (#1235 )	2023-04-03 13:21:58 -07:00
Batuhan Ceylan	9b941efa1a	Bump `go` from `1.18` to `1.20` (#1230 ) * Bump `go` from `1.18` to `1.20` * satisfy linter --------- Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-03-31 14:37:03 -07:00
Bill Rich	762641d970	Add DetectorName to Result (#1223 ) * Add DetectorName to Result * Use GetName method instead of Name	2023-03-30 09:40:05 -07:00
ahrav	0052f60090	Allow for custom verifier (#1070 ) * allow for custom verifier. * Update engine. * use custom detectors. * set cap. * Update verifiers. * Remove nil check. * resolved nit * handle uppercase values * updating missing url logs * adding more descriptive variable names * updating logs to use correct variables * Removing toLower for urls * if else nits * Adding versioning for github and gitlab --------- Co-authored-by: ahmed <ahmed.zahran@trufflesec.com> Co-authored-by: ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>	2023-03-29 12:26:39 -07:00
Gobind Singh	66eb87f414	Update verification endpoint (#1179 )	2023-03-29 06:41:27 -07:00
Zachary Rice	c4f08e3f17	Run golang lint on entire repo instead of patches (#1214 ) * lint on all branches to catch warnings earlier * lint entire source on PRs * fix lint	2023-03-28 15:01:44 -05:00
Dustin Decker	31d5655308	Fix OpenAI test (#1186 ) * Add OpenAI Detector * Add OpenAI Detector tests * Add OpenAI Detector to defaults.go * Removing references to github detector in tests * update test --------- Co-authored-by: Yassine Ilmi <Yassine.Ilmi@thomsonreuters.com>	2023-03-27 10:07:57 -07:00
garg472	3e4496156c	added new detectors and fixed mesibo detector (#1166 ) * added new detectors and fixed mesibo detector * added bscscan.com API detector * added coinmarketcap detector * update alchemy * update blocknative * update bscscan test * update cmc test * update tests --------- Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-03-16 18:57:08 -07:00
Yassine Ilmi	d382d5cb1c	Add OpenAI API Tokens detector (#1142 ) * Add OpenAI Detector * Add OpenAI Detector tests * Add OpenAI Detector to defaults.go * Removing references to github detector in tests	2023-03-16 17:58:22 -07:00
raju-kamble	3c1bb45bfb	updating browserstack detector user and key PrefixRegex strings (#1176 ) Co-authored-by: raju-bs <raju@browserstack.com>	2023-03-16 08:41:29 -07:00
trufflesteeeve	2b1c42ceb1	Make slack webhook detector regex more specific (#1168 ) * Make slack webhook detector regex more specific * fixup - add better body contains check	2023-03-10 14:01:10 -08:00
Miccah	e6846ede54	Support filtering detectors by version (#1150 ) * Adjust types to use DetectorID struct * Parse versions with detector include and exclude input * Update detectors filter to use version Co-authored-by: steeeve <steve@trufflesec.com> * Implement Versioner for github, gitlab, and npm detectors Co-authored-by: steeeve <steve@trufflesec.com> --------- Co-authored-by: steeeve <steve@trufflesec.com>	2023-03-02 16:33:56 -06:00
Miccah	3870be256c	Close response bodies (#1137 )	2023-02-28 10:43:00 -06:00
Miccah	6209a80ce1	[chore] Address more linter errors (#1134 ) * Address lint errors in detectors * Update deprecated ioutil call	2023-02-28 10:00:41 -06:00
Miccah	4efe5313f4	[chore] Address lint errors (#1133 ) * Update strings.Title to cases.Title * Migrate go-genproto to google-cloud-go See: https://github.com/googleapis/google-cloud-go/blob/main/migration.md * Check error in test * Check error from sem.Acquire * Remove unused code	2023-02-27 21:03:47 -06:00
raju-kamble	d151c1363e	fixing browserstack regex username detection (#1123 )	2023-02-22 08:17:48 -08:00
raju-kamble	d20f43b5c6	fix browserstack detector (#1120 ) * fixing browserstack regex username detection * fixing browserstack regex username detection * fixing browserstack regex username detection * fix patterns * fix patterns --------- Co-authored-by: raju-bs <raju@browserstack.com> Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2023-02-21 15:33:16 -08:00
Miccah	161e499142	[chore] Remove logrus from trufflehog (#1095 ) * [chore] Remove logrus from trufflehog * Minor fixes * Fix logFatal call * Fix logrus call	2023-02-14 17:00:07 -06:00
trufflesteeeve	4f13090c01	Remove duplicated detectors (#1092 ) In this case just Heroku and LinearAPI. But this includes the Moonclerck detector, which appears to be a typo that got turned into a separate detector type. Co-authored-by: zubairk14 <zubair.khan@trufflesec.com>	2023-02-13 11:44:19 -05:00
trufflesteeeve	114f4b6989	Add Type() to detector interface (#1088 ) * Add Type() to detector interface The goal here is to allow the detector type information to be used without the need for reflection. This could possibly allow us to more easily inject information into detectors or filter them out if necessary. Co-authored-by: ahmed <ahmed.zahran@trufflesec.com> * remove test detector --------- Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>	2023-02-09 14:46:03 -08:00
ahrav	80a68b84c2	update webex detector regex (#1062 ) * update webex detector regex. * fix regex.	2023-02-01 18:37:51 -08:00
ahrav	58b78b6a5a	Update float detector with correct User-Agent and regex (#1061 ) * Update float detector with correct User-Agent and regex. * update import order. * update emial. * Delete http.go * add http back.	2023-02-01 09:48:13 -08:00
swdbo	a53758c4c4	braintree detector: use production API URL instead of the test sandbox version (#1054 )	2023-02-01 08:41:52 -08:00
Cameron Lonsdale	0aa8e1cd98	Use access-token endpoint for validity check (#991 )	2023-01-11 19:19:51 -08:00
Gonçalo Silva	e091fab94f	Use Todoist's REST API v2 (#978 ) v1 was deprecated on December 5, 2022.	2022-12-14 16:52:19 -08:00
ahrav	054e98d108	Update slack webhook detector string check (#932 ) * Update slack webhook detector check to text. * remove redunant slashes.	2022-11-21 10:50:23 -08:00
Jessica	6e25664a52	add rambbitmq detector (#936 ) * add rambbitmq detector * use fixed length redaction Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2022-11-21 10:47:41 -08:00
Dustin Decker	b45369cdbb	Skip some FTP FPs (#929 )	2022-11-21 06:52:21 -08:00
Dustin Decker	ae4b387448	add LDAP detector (#896 )	2022-11-18 19:45:11 -08:00
Dustin Decker	b18edef01a	Enable skipping of particular key IDs (#930 ) * Enable skipping of particular key IDs * update test	2022-11-18 09:09:40 -08:00
ahrav	b8be0a64a8	Use pointer to type. (#926 )	2022-11-16 10:35:48 -08:00
Ankush Goel	64cfe4d85e	Update github_old.go (#916 )	2022-11-15 10:40:55 -08:00
Johann Saunier	42a82fc7e1	Update Scrapfly API Key Format (#910 )	2022-11-11 15:24:17 -05:00
Ankush Goel	bb0fa055dc	fixed mailchimp detector (#909 ) * fixed mailchimp detector * Use sane http client Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2022-11-10 09:47:25 -05:00
kstilwell	ecd25784f5	Adding Shopify detector (#875 ) * Fixes/work based on testing * Remove some commented code * Change how verification happens and grab additional information * Address linter warnings. * add shopify detector to default detectors. Co-authored-by: Dustin Decker <dustin@trufflesec.com> Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>	2022-11-08 16:21:57 -08:00
Dustin Decker	5f0964add8	remove path for deduping URI	2022-11-06 08:12:46 -08:00
Miccah	85f5f3ea7b	Add sqlserver integration test and some default params (#891 ) * Improve anonymous redaction * Add sqlserver integration test and some default params	2022-11-02 11:04:49 -05:00
Dustin Decker	a7fc12240f	Do local URI verification, while attempting to defuse SSRF (#879 ) * simplify monogo pattern * do URI verification locally, while attempting to defuse SSRF * test SSRF defuse * simplify err check logic per linter recommendation * split up detectors * address comments * remove unused var	2022-11-01 17:27:24 -07:00
ahrav	fe029b1098	[THOG-793] - Return all unverified results (#856 ) * Remove the check to filter and return only a single unverified result. * Revert "Remove the check to filter and return only a single unverified result." This reverts commit `494e432803`. * Add new CLI flag to filter unverified results.	2022-10-31 09:36:10 -07:00
Dustin Decker	0c81cba918	remove noisy logging in sqlserver detector	2022-10-26 18:12:26 -07:00
Dustin Decker	ca8a5ef741	increase digitalocean token sensitivity (#872 )	2022-10-26 08:22:21 -07:00
Dustin Decker	4f83dd816d	increase datadog token sensitivity (#871 )	2022-10-26 08:22:10 -07:00
Dustin Decker	33c6c193e3	improve fastly validation endpoint and add extra data (#870 )	2022-10-26 08:22:03 -07:00
Dustin Decker	466b9e2d6b	only detect live env razor pay and use std lib (#869 ) * only detect live env razor pay and use std lib * fix shadowed var	2022-10-26 08:13:13 -07:00
Dustin Decker	dac40519e4	support github fine grained tokens and add extra data (#868 ) * support github fine grained tokens and add extra data * fix shadowed var	2022-10-26 08:13:02 -07:00
Alexandr Marchenko	60464da3ce	proposal: SqlServer connection string detector (#867 ) * sqlserver added to detectors.proto * make protos * boilerplate detector generated * wireup * initial	2022-10-26 07:46:13 -07:00
Ankush Goel	d29357c9d4	added npm detector (#841 )	2022-10-13 06:04:02 -07:00
Dustin Decker	785cead43e	Ignore URIs where the password is redacted (#842 ) Only `*`s in the password is a redacted basic auth URI.	2022-10-11 14:18:52 -07:00
ahrav	128002885a	Add decoder type to results. (#835 )	2022-10-06 11:55:07 -07:00
Mildred Bernardo	3f6e5b44c9	Digitaloceanv2 detector (#832 )	2022-10-03 18:01:01 -07:00
Mildred Bernardo	ad4b9406a7	Added digitaloceanv2 detector (#829 ) * Added digitaloceanv2 detector * import detector Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2022-09-28 09:56:35 -07:00
ahrav	db42bcf2a2	[OC-103] - Add Gemini detector (#800 ) * Add Gemini detector. * Add regex and test code for Gemini detector. * Remove else. * Add commentary. * Address comments. * Use regular else. * Make nice and complicated. * use regular detection pattern. * Add detector to default detectors.	2022-09-26 11:48:48 -07:00
rahuljaisinghani	3645a6e7b9	Browserstack regex (#808 ) * Update browserstack.go * Update browserstack.go	2022-09-25 13:32:45 -07:00
Miccah	ddc81bd7c1	[THOG-162] Implement JDBC verification for select drivers (#792 ) * [THOG-162] Implement JDBC verification for select drivers Also includes integration tests for postgres and mysql via docker. To run, execute the following (untested what will happen if the docker images aren't installed): go test -tags=detectors,integration ./pkg/detectors/jdbc * Make jdbc regex a bit more strict * Surface the context to allow the caller to set a timeout	2022-09-21 17:50:48 +02:00
Joseph Lucas	b02cf7e032	Adding detector for Nvidia NGC (#797 ) * template * minimum viable regex * valid api 401 * passing tests * snake to camelcase	2022-09-20 08:20:18 -07:00
Ankush Goel	44bc023da6	Update readme.go (#795 ) * Update readme.go Readme has change the way they issue their keys now its like rdme_{70} ascii chars * Update readme.go * Update readme.go * Update readme.go The tester seems to be working fine with the new defaultclient code	2022-09-18 12:19:35 -07:00
ahrav	c4492b1fdc	Add support for MongoDB detector. (#793 ) * Add support for MongoDB detector. * Remove extra line. * Remove unused arg. * Add context around found secret test. * Remove unused arg.	2022-09-15 05:47:09 -07:00
ahrav	33ab1cfeb2	[OC-101] - Prevent Gitlab detector panic (#799 )	2022-09-15 05:00:15 -07:00
Dustin Decker	67e8df96a4	Add AWS account information (#782 ) * Add AWS account information * nit	2022-09-06 17:55:03 -07:00
Apoorv Munshi	33ff9178e4	fix regex pattern for confluent detector (#778 ) * fix regex pattern for confluent detector * remove RawV2 filed from detectors.Result * add RawV2 field back	2022-09-06 10:42:36 -07:00
Dustin Decker	b9d6f11609	clean up detectors (#776 )	2022-09-02 12:00:02 -07:00
Max Thomson	d7123c6965	Fix Honeycomb detector with both key formats (#777 )	2022-09-02 11:44:16 -07:00
Dustin Decker	aba56523b6	Fix okta detector (#771 )	2022-09-01 20:05:06 -07:00
roxanne-tampus	cc2df10e49	fix issue in codacy (#758 ) * updated endpoint * add tags	2022-08-31 17:32:22 -07:00
roxanne-tampus	18bca4b442	Enhancement in Gitlab detector (#588 ) * enhancement on regex * accepts both old and new token * added gitlabv2 test file	2022-08-30 11:58:32 -07:00
ahrav	37c4eea66a	[chore] - ioutil.ReadFile is deprecated (#753 ) * Use os.ReadFile. * Update imports. * remove unused import.	2022-08-30 09:41:12 -07:00
Dustin Decker	2452e93a80	Import 27 new detectors (#737 )	2022-08-26 12:35:06 -07:00
Marlon	098d4a9e7d	added appointed scanner (#425 ) * added appointed scanner * fix comment * fix comment * fix comment * fix issue Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2022-08-25 10:40:35 -07:00
Marlon	8709b4fdc6	added apilayer scanner (#368 ) * added apilayer scanner * fix comment * fix comment	2022-08-25 10:36:41 -07:00
roxanne-tampus	024c847f83	Added braintreepayments detector (#541 ) * added braintreepayments detector * updated condition based on suggestion * enhancements * enhancement * enhancement for valid response	2022-08-25 10:34:53 -07:00
roxanne-tampus	8a9229cf73	Added duply detector (#552 ) * Added duply detector * enhancement	2022-08-25 10:33:34 -07:00
roxanne-tampus	77fabe6191	Added gtmetrix detector (#554 )	2022-08-25 10:33:02 -07:00
roxanne-tampus	6f07c59354	Added monkeylearn detector (#553 )	2022-08-25 10:32:32 -07:00
roxanne-tampus	e192aee66a	Added twist detector (#549 ) * Added twist detector * enhancement * auth enhancement * enhancements * enhancement	2022-08-25 10:31:43 -07:00
roxanne-tampus	64f15a7bfe	Added holistic detector (#556 ) * Added holistic detector * enhancement	2022-08-25 10:30:43 -07:00
roxanne-tampus	ebd6b5565b	Added transferwise detector (#558 ) * Added transferwise detector * update version * updated regex	2022-08-25 10:29:29 -07:00
roxanne-tampus	4982755db2	Added ecostruxureit detector (#555 ) * Added ecostruxureit detector * updated regex	2022-08-25 10:27:43 -07:00
Marlon	7ccf69d419	added parseur detector (#454 ) * added parseur detector * fix comment * fix comment	2022-08-25 10:26:23 -07:00
Marlon	45aaa25fe8	added docparser detector (#458 ) * added docparser detector * fix comment * remove A on regex	2022-08-25 10:25:25 -07:00
Marlon	0063d50652	added formsite detector (#467 ) * added formsite detector * fix comment * fix comment	2022-08-25 10:24:23 -07:00
Marlon	956a58fd95	added lemlist detector (#469 ) * added lemlist detector * fix comment	2022-08-25 10:23:09 -07:00
Marlon	38f6cc07ea	added prodpad detector (#470 ) * added prodpad detector * fix comment	2022-08-25 10:22:32 -07:00
Mildred Bernardo	bfa5e642a3	added flightlabs detector (#475 ) * added flightlabs detector * Modified the regex based on comment * code enhancement * Changed the valid response filter	2022-08-25 10:22:02 -07:00
Marlon	c2d42878c8	added codeclimate detector (#484 ) * added codeclimate detector * fix comment * fix comment * fix comment	2022-08-25 10:20:49 -07:00
Marlon	3d04abced8	added getresponse detector (#506 ) * added getresponse detector * fix comment	2022-08-25 10:20:00 -07:00
Marlon	b79b8e4ec7	added heatmapapi detector (#509 ) * added heatmapapi detector * fix comment	2022-08-25 10:18:16 -07:00
Marlon	be4fedbcb4	added demio detector (#512 ) * added demio detector * fix comment and change regex	2022-08-25 10:16:53 -07:00
Marlon	608eb45797	added kanbantool detector (#513 ) * added kanbantool detector * fix comment * fix comment	2022-08-25 10:15:19 -07:00
Marlon	da1d3b3a01	Feature/salesmate detector (#514 ) * added salesmate detector * push change * fix change	2022-08-25 10:13:25 -07:00
Marlon	0ff5cdd623	added tokeet detector (#515 ) * added tokeet detector * fix comment * fix comment * fix comment	2022-08-25 10:12:17 -07:00
Marlon	cded7a5489	added websitepulse detector (#516 ) * added websitepulse detector * fix comment	2022-08-25 10:11:10 -07:00
Marlon	ea3aba852d	Feature/scalr detector (#519 ) * added scalr detetor * added scalr detector * fix comment * fix comment * fix comment * fix comment	2022-08-25 10:03:59 -07:00
Max Thomson	e9f4cf99e5	Add Honeycomb detector (#687 ) * Add Honeycomb detector * Update pattern Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2022-08-24 16:50:31 -07:00
ahrav	2cab951ee5	[Thog-628] update detector results hash v2 (#710 ) * Start updating detectors that have two part creds to record the raw result as ID + secret. * Add more detectors. * More detectors. * More detectors. * remove comment out imports.	2022-08-12 14:53:37 -07:00
ahrav	30ebe84e3e	[THOG-608] - Fix linter errors. (#701 ) * Fix linter errors. * Fix gist adding test. * Update test string for mock JSON reply. * Remove if.	2022-08-09 19:20:02 -07:00
Dustin Decker	8826e369cf	AWS detector should detect with leading '+' (#698 )	2022-08-08 09:30:08 -07:00
Dustin Decker	2d3ddad076	Pr/589 (#654 ) * added common regex patterns for detectors * For HexPattern * enhancements * used parseInt * enhancement * enhanced regex for email and subdomain * enhancement for email pattern * update pattern and detector Co-authored-by: Roxanne Tampus <roxannetampus02@gmail.com>	2022-07-12 08:34:02 -07:00
Dustin Decker	c2426df4d6	Disable sentiment verifier and update teams webhook to avoid being stateful (#646 )	2022-07-07 16:55:45 -07:00
Miccah	c4ca7d7c8b	Mark detector tests with a build flag (#613 )	2022-07-07 10:27:21 -07:00
Miccah	8e6289e70c	Test numeric password redaction (#644 )	2022-07-07 10:13:50 -07:00
ahrav	5ac54ac107	[THOG-531] - remove ending word boundary AWS detector (#637 ) * Remove the ending word boundary for the AWS dectector. This will prevent missing secrets that end with / due to it not being ASCII. * Update regex to be more strict.	2022-07-07 10:10:33 -07:00
trufflesteeeve	d1a81afbb5	Only include one result per AWS Key ID, preferably verified (#619 ) Also ignore unverified results that match hashes, because they are probably just hashes.	2022-06-17 16:22:36 -04:00
trufflesteeeve	26bf1664eb	Move aws detector back to ID checking against secrets, make ID the redacted secret (#617 )	2022-06-09 15:06:08 -07:00
ahrav	143fa333f3	[THOG-403] Fix var naming. (#586 ) * remove profililing. * rename uri to URI. * change var declaration.	2022-05-25 15:23:20 -07:00
Dustin Decker	43955b9a38	Use GetCallerIdentity for AWS verification (#585 )	2022-05-25 14:45:28 -07:00
roxanne-tampus	80c6579226	Updated aws detector (#579 )	2022-05-24 05:07:54 -07:00
Marlon	cd8fdec3aa	added codemagic detector (#480 )	2022-05-23 20:20:33 -07:00
roxanne-tampus	da872f5c27	modified Alibaba detector to use standard library (#568 ) * added alibaba detector * enhancement * enhancement and ran mod tidy * fixed	2022-05-23 18:37:01 -07:00
roxanne-tampus	66dc7efac0	Added postbacks detector (#551 ) * Added postbacks detector * enhancement	2022-05-23 18:17:52 -07:00
roxanne-tampus	83dfed9257	Added zipcodebase detector (#550 ) * Added zipcodebase detector * regex enhancement	2022-05-23 18:15:49 -07:00
roxanne-tampus	75972a6f81	Added zenrows detector (#548 )	2022-05-23 18:14:52 -07:00
roxanne-tampus	d5e034fddd	Added tefter detector (#547 ) * Added tefter detector * enhancement	2022-05-23 18:14:01 -07:00
roxanne-tampus	3bbc9ef394	Added diggernaut detector (#546 )	2022-05-23 18:13:12 -07:00
roxanne-tampus	f509261727	added convertapi detector (#545 )	2022-05-23 18:12:22 -07:00
roxanne-tampus	d5f8ddd804	Added collect2 detector (#544 ) * added collect2 detector * enhancement as suggested	2022-05-23 18:11:32 -07:00
roxanne-tampus	c9f1f61c49	Added cloudconvert detector (#543 ) * added cloudconvert detector * updated regex	2022-05-23 18:10:02 -07:00
Dustin Decker	509ae79143	add missing import	2022-05-23 15:48:50 -07:00
valerie gale	9d1c1e958a	enhancements in amplitude detector (#575 ) * enhancements in amplitude detector * enhancements in amplitude detector	2022-05-23 09:20:35 -07:00
Dustin Decker	4d3c2d70e5	use go 1.18 (#566 ) * use go 1.18 in CI * require go 1.18 * use latest linter * rename ci check * improve regex issues identified by codeql	2022-05-19 09:01:50 -07:00
Marlon	8c38708d1c	added instabot detector (#511 ) * added instabot detector * fix comment	2022-05-18 22:38:25 -07:00
Marlon	5ae2bfc81d	added uclassify detector (#510 )	2022-05-18 22:33:40 -07:00
Mildred Bernardo	bec77af76d	added speechtextai detector (#488 ) * added speechtextai detector * Modified based on comment * Changed the keyword to speechtext * Changed speechtextai to speechtext	2022-05-18 22:33:05 -07:00
Marlon	f6a0f65f25	added vbout detector (#481 ) * added vbout detector * fix comment	2022-05-18 22:32:29 -07:00
Mildred Bernardo	13f5748db1	added pollsapi detector (#477 )	2022-05-18 22:31:11 -07:00
Marlon	93922fe14f	added databox detector (#447 )	2022-05-18 22:30:18 -07:00
Mildred Bernardo	3e3cb2784e	added simfin detector (#476 ) * added simfin detector * Modified based on comment * code enhancement	2022-05-18 22:16:14 -07:00
Marlon	2cdb3c6bbc	added besnappy detector (#508 ) * added besnappy detector * fix comment	2022-05-18 22:14:57 -07:00
roxanne-tampus	5219c8aaff	Added twitch detector (#542 ) * added braintreepayments detector * added twitch detector * revert commit * enhancement	2022-05-17 18:52:37 -07:00
Marlon	2549f2efa3	added interseller detector (#504 ) * added interseller detector * fix comment	2022-05-16 20:39:02 -07:00
Marlon	5f9c9f4506	added tickettailor detector (#468 ) * added tickettailor detector * fix comment	2022-05-16 20:36:08 -07:00
Marlon	43bfdcfdf0	added rentman detector (#449 ) * added rentman detector * fix comment	2022-05-16 20:09:57 -07:00
Marlon	f8950741fa	added onesignal detector (#448 ) * added onesignal detector * fix comment	2022-05-16 20:08:49 -07:00
Marlon	0d18a7750b	added bulksms detector (#446 ) * added bulksms detector * fix comment * fix comment	2022-05-16 20:07:59 -07:00
Marlon	4e13695dce	added stormboard scanner (#367 ) * added stormboard scanner * remove unused imports * fix comment	2022-05-16 20:01:20 -07:00
ahrav	198cb1a786	Clean up comments. (#562 )	2022-05-16 09:03:10 -07:00

... 2 3 4 5 6 ...

1592 commits