Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 14:42:03 +00:00
Code Issues Projects Releases Packages Wiki Activity
1698 commits 123 branches 240 tags 83 MiB
Commit graph

1698 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bill Rich
d7d614cc5f
Copy buffer bytes (#864) 2022-10-25 09:09:47 -07:00
Dylan Ayrey
d5fef0f3e1
Update README.md (#861) 2022-10-24 14:11:14 -07:00
Bill Rich
958266ea84
Run chunker in pipeline (#859) 
* Run chunker in pipeline

* Move ChunkSize and PeekSize to source package.

* Use new Chunk and Peek size location
 2022-10-24 13:57:27 -07:00
Bill Rich
3d5f697f9a
Use line aware chunking for git. (#858) 2022-10-24 13:00:03 -07:00
dependabot[bot]
2a58268e42
Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#860) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-24 10:05:16 -07:00
Dustin Decker
64ace363af Change commit to trace level logging 2022-10-24 08:59:52 -07:00
dependabot[bot]
ce36383513
Bump github.com/getsentry/sentry-go from 0.13.0 to 0.14.0 (#839) 
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-23 19:03:18 -07:00
dependabot[bot]
2e1006e1a7
Bump github.com/denisenkom/go-mssqldb from 0.12.2 to 0.12.3 (#851) 
Bumps [github.com/denisenkom/go-mssqldb](https://github.com/denisenkom/go-mssqldb) from 0.12.2 to 0.12.3.
- [Release notes](https://github.com/denisenkom/go-mssqldb/releases)
- [Commits](https://github.com/denisenkom/go-mssqldb/compare/v0.12.2...v0.12.3)

---
updated-dependencies:
- dependency-name: github.com/denisenkom/go-mssqldb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-23 19:02:27 -07:00
dependabot[bot]
477b461e18
Bump go.mongodb.org/mongo-driver from 1.10.2 to 1.10.3 (#837) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.10.2 to 1.10.3.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.10.2...v1.10.3)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-21 12:49:06 -07:00
dependabot[bot]
68740953cd
Bump github.com/envoyproxy/protoc-gen-validate from 0.6.8 to 0.6.13 (#838) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.6.8 to 0.6.13.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.6.8...v0.6.13)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-21 12:48:20 -07:00
ahrav
46bc010165
Add tests for including github repos. (#854) 2022-10-21 07:56:36 -07:00
trufflesteeeve
fb56b9f713
Check rate limit when getting github user (#855) 
Also, don't fetch a github user or their token when both are known. This
currently only affects the Github Token auth type. Github App
installations will continually fetch tokens every time we clone a repo.
In the future we should check the `ExpiresAt` field of the Github App
token and determine if we need to fetch a new one at that point.
 2022-10-20 18:14:28 -04:00
ahrav
029519eb01
[THOG-767] ignore gitlab repos (#853) 
* Add ability to ignore repos.

* use std library slices.Contains.

* Add tests.

* Remove zero values from test.
 2022-10-19 13:55:44 -07:00
ahrav
c203eef86f
[THOG-767] - Ignore Bitbucket and Gitlab repos (#852) 
* Add messages to BB and Gitlab source protos to allow ignoring repos.

* remove unsued field in struct.j

* Fix casing.
 2022-10-18 14:14:04 -07:00
ahrav
2d6aadcb46
[THOG-774] - GitHub ignore repo full name (#848) 
* Use github repo full name.

* fix tests.
 2022-10-14 09:20:49 -07:00
Ankush Goel
d29357c9d4
added npm detector (#841) 2022-10-13 06:04:02 -07:00
ahrav
04c9bb535e
[THOG-768] - Add ability to skip scanning Github repos (#846) 
* Add ability to skip scanning Github repos.

* remove old change.

* rename method.
 2022-10-12 16:28:24 -07:00
Miccah
4aab7b7276
Buffer commit log processing (#845) 
Some very large commits take a lot of time to process, which we can make
progress on while we are scanning the contents of other commits.
 2022-10-12 14:55:08 -05:00
ahrav
cea2a23c56
[THOG-768] - Add ignore repo list to Github proto (#843) 
* Add ignore repo list to Github proto.

* Add proto.

* Add missing proto.
 2022-10-11 15:41:33 -07:00
Dustin Decker
785cead43e
Ignore URIs where the password is redacted (#842) 
Only `*`s in the password is a redacted basic auth URI.
 2022-10-11 14:18:52 -07:00
Dustin Decker
85467538f6
remove faulty detector (#836) 2022-10-07 09:20:44 -07:00
ahrav
128002885a
Add decoder type to results. (#835) 2022-10-06 11:55:07 -07:00
Mildred Bernardo
3f6e5b44c9
Digitaloceanv2 detector (#832) 2022-10-03 18:01:01 -07:00
Miccah
2bc4985061
Add SSH config option for the git source (#830) 
* Add SSH config option for the git source

The auth message is empty since we use the git binary underneath to
handle the SSH authentication.

* Import digitaloceanv2
 2022-09-28 20:40:01 +02:00
Mildred Bernardo
ad4b9406a7
Added digitaloceanv2 detector (#829) 
* Added digitaloceanv2 detector

* import detector

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-09-28 09:56:35 -07:00
Mildred Bernardo
80dcfbe9db
Added DigitalOceanV2 detector (#828) 2022-09-27 17:51:10 -07:00
trufflesteeeve
02310a64f3
Add token auth to JIRA proto (#824) 2022-09-27 15:39:51 -04:00
Miccah
891996f546
Do not fail scanning if we cannot enumerate gists (#826) 2022-09-27 20:59:10 +02:00
Dustin Decker
c88e84d3f0
Fix json output which was previously b64 encoding bytes instead of printing the string (#825) 2022-09-27 11:57:35 -07:00
Bill Rich
1c00014051
Include public/private in github metadata (#812) 
* Include public/private in github metadata

* CR feedback

* Fix typos and naming
 2022-09-26 14:55:46 -07:00
Dustin Decker
97a73710de
403 on listing user gist should not fail org scan (#822) 2022-09-26 14:37:25 -07:00
Dustin Decker
752c848640
Show clone path for git repos (#823) 2022-09-26 14:36:55 -07:00
ahrav
db42bcf2a2
[OC-103] - Add Gemini detector (#800) 
* Add Gemini detector.

* Add regex and test code for Gemini detector.

* Remove else.

* Add commentary.

* Address comments.

* Use regular else.

* Make nice and complicated.

* use regular detection pattern.

* Add detector to default detectors.
 2022-09-26 11:48:48 -07:00
dependabot[bot]
336fe8d511
Bump cloud.google.com/go/secretmanager from 1.5.0 to 1.7.0 (#820) 
Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.5.0 to 1.7.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/dlp/v1.5.0...redis/v1.7.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 10:57:02 -07:00
rahuljaisinghani
3645a6e7b9
Browserstack regex (#808) 
* Update browserstack.go

* Update browserstack.go
 2022-09-25 13:32:45 -07:00
Bill Rich
e3107ad6bb
Move head and base normalization to source (#818) 2022-09-23 08:58:45 -07:00
ahrav
f2f5b6dba8
Fix recover. (#817) 2022-09-22 15:47:42 -07:00
ahrav
92f40c2031
[THOG-709] - Recover from detector panics (#810) 2022-09-22 07:01:10 -07:00
Dustin Decker
e8f1bb9127 Import NGC detector 2022-09-21 16:26:58 -07:00
trufflesteeeve
63fcf33ce6
Fix improper github org member pagination (#814) 
I'm not sure I fully understand why this issue exists. But I think the
short version is this: When we attempted to paginate users, we would set
a variable's Page value. But that variable appears to not actually be a
pointer, despite being added as one. It probably has to do with how
struct embedding works. Either way, if we make the overall options
variable the whole thing, and update its embedded struct with our page
variable, everything works out.
 2022-09-21 16:22:42 -07:00
Bill Rich
509cf8b6fa
Use headref and check empty commits for base (#815) 2022-09-21 16:04:01 -07:00
Miccah
ddc81bd7c1
[THOG-162] Implement JDBC verification for select drivers (#792) 
* [THOG-162] Implement JDBC verification for select drivers

Also includes integration tests for postgres and mysql via docker. To
run, execute the following (untested what will happen if the docker
images aren't installed):

go test -tags=detectors,integration ./pkg/detectors/jdbc

* Make jdbc regex a bit more strict

* Surface the context to allow the caller to set a timeout
 2022-09-21 17:50:48 +02:00
Joseph Lucas
b02cf7e032
Adding detector for Nvidia NGC (#797) 
* template

* minimum viable regex

* valid api 401

* passing tests

* snake to camelcase
 2022-09-20 08:20:18 -07:00
Dustin Decker
335e676caa
Provide user when during private clones with token and fix integration tests (#811) 2022-09-19 15:53:21 -07:00
Bill Rich
593f1e6754
Include apiClient in Github source (#804) 2022-09-19 14:31:48 -07:00
Dustin Decker
fcd580406e
A few improvements (#809) 
* Run integration tests

* Update examples

* Import mongodb
 2022-09-19 13:23:25 -07:00
dependabot[bot]
4382fd3441
Bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.8 (#807) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.6.7 to 0.6.8.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.6.7...v0.6.8)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-19 12:47:46 +02:00
Ankush Goel
44bc023da6
Update readme.go (#795) 
* Update readme.go

Readme has change the way they issue their keys

now its like rdme_{70} ascii chars

* Update readme.go

* Update readme.go

* Update readme.go

The tester seems to be working fine with the new defaultclient code
 2022-09-18 12:19:35 -07:00
Miccah
59d6d29c02
Add location to Slack and Confluence metadata (#802) 
Location indicates where in the source a secret was found. For example,
Slack could be in a message or in an attachment.
 2022-09-16 22:58:14 +02:00
trufflesteeeve
57e46f9b76
Add SlackRealtime proto message (#803) 2022-09-16 16:49:51 -04:00