trufflehog

mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-14 17:07:31 +00:00

Author	SHA1	Message	Date
kstilwell	ecd25784f5	Adding Shopify detector (#875 ) * Fixes/work based on testing * Remove some commented code * Change how verification happens and grab additional information * Address linter warnings. * add shopify detector to default detectors. Co-authored-by: Dustin Decker <dustin@trufflesec.com> Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>	2022-11-08 16:21:57 -08:00
Dustin Decker	5f0964add8	remove path for deduping URI	2022-11-06 08:12:46 -08:00
ahrav	28983036a0	only write if the filechunk has len > 0. (#903 )	2022-11-05 18:19:41 -07:00
trufflesteeeve	e8cd2e7fae	Add Unknown visibility level (#902 )	2022-11-04 14:28:20 -04:00
ahrav	dd141fb55f	[oc-147] - Add context to all git methods (#901 ) * Add context to all git methods. * remove logrus. * Add ctx. * Address comments. * Add error to clone failing. * Return error.	2022-11-03 16:36:52 -07:00
Dustin Decker	3a143f095b	add option to skip tls verification for confluence (#900 )	2022-11-03 13:10:01 -07:00
Miccah	ab54ec4072	Check for closed channel in HandleFile (#895 ) * Check for closed channel in HandleFile * Refactor to be more readable * Fix handler search	2022-11-02 16:35:19 -05:00
Miccah	85f5f3ea7b	Add sqlserver integration test and some default params (#891 ) * Improve anonymous redaction * Add sqlserver integration test and some default params	2022-11-02 11:04:49 -05:00
Dustin Decker	a7fc12240f	Do local URI verification, while attempting to defuse SSRF (#879 ) * simplify monogo pattern * do URI verification locally, while attempting to defuse SSRF * test SSRF defuse * simplify err check logic per linter recommendation * split up detectors * address comments * remove unused var	2022-11-01 17:27:24 -07:00
ahrav	fe1e475a04	Prevent concurrent read and writes to visibility map. (#892 )	2022-11-01 16:20:59 -07:00
ahrav	fe029b1098	[THOG-793] - Return all unverified results (#856 ) * Remove the check to filter and return only a single unverified result. * Revert "Remove the check to filter and return only a single unverified result." This reverts commit `494e432803`. * Add new CLI flag to filter unverified results.	2022-10-31 09:36:10 -07:00
Bill Rich	965279421c	Support common ssh repo format (#878 ) * Try ssh repo format * Add tests	2022-10-28 11:56:03 -07:00
Bill Rich	ab71b93f7d	Add context to handler (#877 ) * Add context to handler * Return rather than break out of select	2022-10-28 08:57:55 -07:00
Bill Rich	034ca4fb5b	Add bytes counter to scans (#876 )	2022-10-27 12:54:22 -07:00
Dustin Decker	0c81cba918	remove noisy logging in sqlserver detector	2022-10-26 18:12:26 -07:00
Dustin Decker	ca8a5ef741	increase digitalocean token sensitivity (#872 )	2022-10-26 08:22:21 -07:00
Dustin Decker	4f83dd816d	increase datadog token sensitivity (#871 )	2022-10-26 08:22:10 -07:00
Dustin Decker	33c6c193e3	improve fastly validation endpoint and add extra data (#870 )	2022-10-26 08:22:03 -07:00
Dustin Decker	466b9e2d6b	only detect live env razor pay and use std lib (#869 ) * only detect live env razor pay and use std lib * fix shadowed var	2022-10-26 08:13:13 -07:00
Dustin Decker	dac40519e4	support github fine grained tokens and add extra data (#868 ) * support github fine grained tokens and add extra data * fix shadowed var	2022-10-26 08:13:02 -07:00
Alexandr Marchenko	60464da3ce	proposal: SqlServer connection string detector (#867 ) * sqlserver added to detectors.proto * make protos * boilerplate detector generated * wireup * initial	2022-10-26 07:46:13 -07:00
Bill Rich	d7d614cc5f	Copy buffer bytes (#864 )	2022-10-25 09:09:47 -07:00
Bill Rich	958266ea84	Run chunker in pipeline (#859 ) * Run chunker in pipeline * Move ChunkSize and PeekSize to source package. * Use new Chunk and Peek size location	2022-10-24 13:57:27 -07:00
Bill Rich	3d5f697f9a	Use line aware chunking for git. (#858 )	2022-10-24 13:00:03 -07:00
Dustin Decker	64ace363af	Change commit to trace level logging	2022-10-24 08:59:52 -07:00
ahrav	46bc010165	Add tests for including github repos. (#854 )	2022-10-21 07:56:36 -07:00
trufflesteeeve	fb56b9f713	Check rate limit when getting github user (#855 ) Also, don't fetch a github user or their token when both are known. This currently only affects the Github Token auth type. Github App installations will continually fetch tokens every time we clone a repo. In the future we should check the `ExpiresAt` field of the Github App token and determine if we need to fetch a new one at that point.	2022-10-20 18:14:28 -04:00
ahrav	029519eb01	[THOG-767] ignore gitlab repos (#853 ) * Add ability to ignore repos. * use std library slices.Contains. * Add tests. * Remove zero values from test.	2022-10-19 13:55:44 -07:00
ahrav	c203eef86f	[THOG-767] - Ignore Bitbucket and Gitlab repos (#852 ) * Add messages to BB and Gitlab source protos to allow ignoring repos. * remove unsued field in struct.j * Fix casing.	2022-10-18 14:14:04 -07:00
ahrav	2d6aadcb46	[THOG-774] - GitHub ignore repo full name (#848 ) * Use github repo full name. * fix tests.	2022-10-14 09:20:49 -07:00
Ankush Goel	d29357c9d4	added npm detector (#841 )	2022-10-13 06:04:02 -07:00
ahrav	04c9bb535e	[THOG-768] - Add ability to skip scanning Github repos (#846 ) * Add ability to skip scanning Github repos. * remove old change. * rename method.	2022-10-12 16:28:24 -07:00
Miccah	4aab7b7276	Buffer commit log processing (#845 ) Some very large commits take a lot of time to process, which we can make progress on while we are scanning the contents of other commits.	2022-10-12 14:55:08 -05:00
ahrav	cea2a23c56	[THOG-768] - Add ignore repo list to Github proto (#843 ) * Add ignore repo list to Github proto. * Add proto. * Add missing proto.	2022-10-11 15:41:33 -07:00
Dustin Decker	785cead43e	Ignore URIs where the password is redacted (#842 ) Only `*`s in the password is a redacted basic auth URI.	2022-10-11 14:18:52 -07:00
Dustin Decker	85467538f6	remove faulty detector (#836 )	2022-10-07 09:20:44 -07:00
ahrav	128002885a	Add decoder type to results. (#835 )	2022-10-06 11:55:07 -07:00
Mildred Bernardo	3f6e5b44c9	Digitaloceanv2 detector (#832 )	2022-10-03 18:01:01 -07:00
Miccah	2bc4985061	Add SSH config option for the git source (#830 ) * Add SSH config option for the git source The auth message is empty since we use the git binary underneath to handle the SSH authentication. * Import digitaloceanv2	2022-09-28 20:40:01 +02:00
Mildred Bernardo	ad4b9406a7	Added digitaloceanv2 detector (#829 ) * Added digitaloceanv2 detector * import detector Co-authored-by: Dustin Decker <dustin@trufflesec.com>	2022-09-28 09:56:35 -07:00
Mildred Bernardo	80dcfbe9db	Added DigitalOceanV2 detector (#828 )	2022-09-27 17:51:10 -07:00
trufflesteeeve	02310a64f3	Add token auth to JIRA proto (#824 )	2022-09-27 15:39:51 -04:00
Miccah	891996f546	Do not fail scanning if we cannot enumerate gists (#826 )	2022-09-27 20:59:10 +02:00
Dustin Decker	c88e84d3f0	Fix json output which was previously b64 encoding bytes instead of printing the string (#825 )	2022-09-27 11:57:35 -07:00
Bill Rich	1c00014051	Include public/private in github metadata (#812 ) * Include public/private in github metadata * CR feedback * Fix typos and naming	2022-09-26 14:55:46 -07:00
Dustin Decker	97a73710de	403 on listing user gist should not fail org scan (#822 )	2022-09-26 14:37:25 -07:00
Dustin Decker	752c848640	Show clone path for git repos (#823 )	2022-09-26 14:36:55 -07:00
ahrav	db42bcf2a2	[OC-103] - Add Gemini detector (#800 ) * Add Gemini detector. * Add regex and test code for Gemini detector. * Remove else. * Add commentary. * Address comments. * Use regular else. * Make nice and complicated. * use regular detection pattern. * Add detector to default detectors.	2022-09-26 11:48:48 -07:00
rahuljaisinghani	3645a6e7b9	Browserstack regex (#808 ) * Update browserstack.go * Update browserstack.go	2022-09-25 13:32:45 -07:00
Bill Rich	e3107ad6bb	Move head and base normalization to source (#818 )	2022-09-23 08:58:45 -07:00

1 2 3 4 5 ...

1556 commits