Commit graph

243 commits

Author SHA1 Message Date
Richard Gomez
d4a0645c29
Add Google oauth2 token detector (#2274)
* feat(google): add oauth2 token detector

* update pr

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-25 21:32:03 -08:00
Cody Rose
e0a1b11a8e
Narrow Postgres detector to only look for URIs (#2314) 2024-01-23 14:42:31 -05:00
Dustin Decker
2596331bca
Disable recently added postgres detector because it it too sensitive (#2303) 2024-01-13 19:52:57 -08:00
ahrav
651beff492
[feat] - Allow for the use of include/exclude path files for filesystem scans (#2297)
* Allow for the use of include/exclude path files for filesystem scans

* remove oopsie
2024-01-11 15:41:50 -08:00
dylanTruffle
3b4518cbab
adding postgres detector (#2108)
* adding postgres detector

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2024-01-10 16:19:45 -05:00
Miccah
5e78ad402e
[chore] Add test to check all versioned detectors are non-zero (#2272) 2024-01-05 12:06:59 -08:00
ahrav
39f0310f1f
[fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data; Optimize /tmp Directory Cleanup (#2253) 2023-12-22 07:41:54 -08:00
ahrav
5c6ce693c1
[feat] - Make skipping binaries configurable (#2226)
* Make skipping binaries configurable

* remove ioutil

* fix

* address comments

* address comments

* use multi-reader

* remove print

* use const

* fix test

* fix my stupidness
2023-12-15 11:46:27 -08:00
Dustin Decker
3167dde8a1
Deprecate some detectors (#2186) 2023-12-06 16:57:55 -08:00
ahrav
cb81f7d11a
[feat] - Remove go-git dependency (#2174)
* remove use of go-git for binary files

* fix it

* use limit reader

* fix comment

* fix test

* address comments

* address comments

* address comments
2023-12-06 13:38:01 -08:00
ahrav
52ffab1034
[chore] - fix import name clashes (#2143)
* fix import name clashes

* fix missing var
2023-12-01 06:53:15 -08:00
Miccah
7ecd43ab1e
[chore] Minor cleanup of source_manager.go (#2134) 2023-11-29 11:08:25 -08:00
Dustin Decker
a7d330a2a5
import missing detectors (#2119) 2023-11-21 10:30:11 -08:00
ahrav
d334b3075e
move all Git setup into Init method (#2105)
* add proto fields for git

* add uri to proto

* move all git setup into Init method

* fix logic for when to use repoPath
2023-11-16 13:59:53 -08:00
Damanpreet Singh
d066a3fa78
Detector-Competition-Feat: Added Replicate API token detector (#2021)
* Detector-Competition-Feat: Added Replicate API token detector

* fix fullstory

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-07 12:16:39 -06:00
Damanpreet Singh
bcde7856c3
Detector-Competition-Feat: Added Ngrok API token detector (#2024)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-07 09:28:05 -06:00
Ankush Goel
1b93c0545c
Competition-Detector-New:added v2 version for fullstory (#2067)
* added v2 version for fullstory

* added versioner to the v1 fullstory detector
2023-11-07 08:55:06 -06:00
Corben Leo
1094190ff5
Detector-Competition-Feat: Add Overloop detector (#2080)
* Detector-Competition-Feat: Add Overloop detector

* add protos and to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-06 16:43:31 -06:00
Damanpreet Singh
da59b72735
Detector-Competition-Feat: Added Request.Finance API token detector (#2020)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-06 16:13:33 -06:00
Ankush Goel
703e158648
Detector-Competition-New : created grafana service account detector (#1960)
* created grafana service account detector

* add import

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-06 15:41:37 -06:00
Ankush Goel
6259b179b9
Grafana (#2096)
* Created Grafana Cloud API Key detector

* made the regex more bounded

* added boundary to regex
2023-11-06 11:13:06 -06:00
Ankush Goel
aabfec4cdf
Competition-Detector-New: added eventbrite detector (#2072)
* added eventbrite detector

* added packagename to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-03 16:42:13 -05:00
Ankush Goel
1371512ff3
logz.io detector (#2076)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-03 16:32:35 -05:00
Ankush Goel
06b5fc25ef
Coda Detector (#2075)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-03 15:50:05 -05:00
dylanTruffle
0b90265802
pulling short lived AWS keys into their own thing, fixes #1224 (#2088)
* pulling short lived AWS keys into their own thing, fixes #1224

* Update awssessionkey.go

* fmt

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-03 11:58:49 -05:00
Cody Rose
7a156330b5
Support multiple detectors per match (#2065)
#1711 inadvertently removed the ability to match multiple custom detectors, or multiple detectors of the same type but different version, to a given keyword. (#2060 re-added support for multiple versions of detectors globally, and #2064 re-added support for multiple custom detectors globally, but neither fixed trufflehog's inability to support multiple such detectors for a given keyword match.) This PR re-adds the removed functionality (and narrows the AhoCorasickCore interface in the process.)
2023-11-03 12:26:18 -04:00
Corben Leo
3b9ecaa704
Detector-Competition-Fix: Fix ScraperSite (deprecated) (#2074)
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
2023-11-03 11:15:53 -04:00
Corben Leo
41e9cc59e2
Detector-Competition-Fix: Fix PassBase (acquired, deprecated) (#2079) 2023-11-03 08:59:32 -05:00
Ankush Goel
b95ed3b41a
Detector-Competition-New - Created Grafana Cloud API Key detector (#1959)
* Created Grafana Cloud API Key detector

* made the regex more bounded

* added boundary to regex
2023-11-03 09:25:54 -04:00
Corben Leo
9e52e3e86f
Detector-Competition-Fix: Fix/Deprecate Prospect.io (#2081)
* Detector-Competition-Feat: Fix/Deprecate Prospect.io

* Detector-Competition-Fix: fix defaults.go
2023-11-03 07:04:42 -05:00
Corben Leo
b5cc6c196c
Detector-Competition-Fix: Fix FakeJSON (deprecated) (#2073) 2023-11-02 15:43:49 -05:00
dylanTruffle
4106ce7bf0
Detector-Competition-Feat: Adding Azure Container Registry Password Detector (#1958)
* implementing azure container registry password detector

* Fixing boundry feedback

* whoops

* update verification code

* fix regex

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-02 11:17:01 -05:00
Corben Leo
07f6c84aa4
Detector-Competition-Fix: Fix SentimentInvestor (deprecated) (#2078) 2023-11-01 11:54:40 -05:00
dylanTruffle
8bac2b15ba
Detector-Competition-Feat: Adding Azure Batch keys (#1956)
* adding azure batch

* fmt

* fix lint

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-10-31 10:49:04 -05:00
Cody Rose
e58a2913ea
Support multiple custom detectors (#2064)
#1711 accidentally removed the ability to support multiple custom detectors. This PR partially adds back this capability: Multiple custom detectors are now supported overall, but only one custom detector can be returned for a given keyword match.
2023-10-30 18:17:17 -04:00
Cody Rose
45059864f8
Re-add detector version (#2060)
#2010 mistakenly removed detector version tracking from the Aho Corasick wrapper. This PR re-adds it.
2023-10-30 15:34:33 -04:00
Dustin Decker
05fae156e1
Add TravisCI source (#1877)
* Add TravisCI source

* update test to use sourcestest

* Remove jobPage loop

ListByBuild does not support pagination, so this was infinitely
repeating. https://developer.travis-ci.com/resource/jobs#find

* Continue chunking on error

* review updates

* update readme

---------

Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
2023-10-30 07:28:25 -07:00
Cody Rose
876a55821b
Remove verify flag from Aho-Corasick core (#2010)
The Aho-Corasick wrapper we have tracks information about whether verification should be enabled on an individual detector basis, but that functionality isn't related to the matching functionality of Aho-Corasick, and including it complicates the implementation. This PR removes it to simplify some things.

This PR removes some code that supported a potential future implementation of detector-specific verification settings, but that feature has not actually been implemented yet, so there's no loss of functionality. If we want that feature we can add it back on top of this in a more separated way.
2023-10-30 09:52:51 -04:00
Damanpreet Singh
7a9332152a
Detector-Competition-Feat: Added Reply.io API token detector (#2019)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-29 17:57:36 -07:00
Damanpreet Singh
0068ec54f2
Detector-Competition-Feat: Added Stripo API token detector (#2018)
* Detector-Competition-Feat: Added Stripo API token detector

* adjust regex

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-29 17:26:14 -07:00
Richard Gomez
0427985ebe
feat: deno deploy detector (#2040)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-29 16:58:00 -07:00
Damanpreet Singh
3ffc0dfd22
Detector-Competition-Feat: Added Budibase API token detector (#2016) 2023-10-29 10:12:45 -07:00
Damanpreet Singh
52b3c99868
Detector-Competition-Feat: Added LemonSqueezy API token detector (#2017)
* Detector-Competition-Feat: Added LemonSqueezy API token detector

* fix regex

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-28 15:03:14 -07:00
Richard Gomez
96b25150d0
Add Coinbase Wallet-as-a-Service detector (#1895)
* feat(coinbase): basic Wallet-as-a-Service detector

* update test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-10-27 10:32:36 -07:00
Damanpreet Singh
eb0c0fa99f
Detector-Competition-Feat: Add Metabase Session Secret Detector (#1902)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 20:17:41 -07:00
Damanpreet Singh
bf6ece39ca
Detector-Competition-Feat: Added AppOptics API token detector (#1989)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 20:06:30 -07:00
Damanpreet Singh
4d0a40d2f3
Detector-Competition-Feat: Added ZeroTier API token detector (#1988)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 19:55:58 -07:00
Damanpreet Singh
f1a75395e8
Detector-Competition-Feat: Added BetterStack API token detector (#1987)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 19:46:56 -07:00
Corben Leo
8505d24d7d
Detector-Competition-Fix: Fix/Remove Flowdock detector (#2004)
* Detector-Competition-Fix: Fix/Remove Flowdock detector

---------

Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-26 09:35:13 -04:00
Corben Leo
b776f9c122
Detector-Competition-Fix: Fix/Remove Happi Detection & Verification (#2003)
* Detector-Competition-Fix: Fix/Remove Happi Detection & Verification

---------

Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-26 09:20:53 -04:00