The GitHub source currently applies its authentication configuration as the first step of enumeration. This is incompatible with both targeted scans and scan job reports, and also means that authentication logic has to be duplicated into the validation flow. This PR moves it into Init so that it's available to targeted scans and, eventually, unit-specific scans. This also allows us to remove the copy of the old logic that was in Validate.
As part of the work I've also cleaned up the integration test suite. (Several of them were apparently disabled back when they ran on every push, but now that we're not doing that, we can re-enable them.)
* implemented analyzer interface with data models for HuggingFace
* correct test for huggingface due to new addition of key in detection result.
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* implement analyzer interface for square
* linked detector with analyzer for square
fix test for square.
* code refactoring
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* Add progress bar to CFOR
* unused vars
* explicitly ignore progress errors
* removed print statements
* use stderr
---------
Co-authored-by: joeleonjr <20135619+joeleonjr@users.noreply.github.com>
Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
* alpha feature for scanning hidden commits on github
* improvements re: git operations
* lint updates
* updating with exec block due to no gh token
* reworked logic into new source
* fixed collisions threshold flag input
* fixed IOutil issues
* removed additions from GH config
---------
Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
* implement analyzer interface for stripe
* consider cateogry as unbound resource if there is no permission with it.
* check for key existence in map.
pass on analysis info from Stripe detector.
test change to remove analysis info.
* remove Valid boolean from metadata of analyzer result
---------
Co-authored-by: Abdul Basit <abasit@folio3.com>
* Add POC analyze sub-command
* Address lint errors
* added http logging to most analyzers
* Use custom RoundTripper with default http.Client
* [chore] Embed scopes at compile time
* [chore] Move subcommand check up to prevent printing metrics
* Create framework of interfaces, structs, and protos
* Implement Analyzer for airbrake
* Add FullAccess permission constant
* Implement Analyzer for asana
* Implement Analyzer for bitbucket
* Implement Analyzer for github
* Implement Analyzer for gitlab
* Implemente Analyzer for huggingface
* Implement Analyzer for mailchimp
* implement analyzer for mailgun
* update cli cmd
* Implement analyzer for openai
* fix timing issue on scopes
* print permissions only if restricted key
* Implement Analyzer for mysql
* enable loggin check
* fixed the formatting issue to wrap sub-errors
* implemented analyzer for opsgenie
* implemented analyzer for postgres
* use format string
* implemented analyzer for sendgrid
* simplify returning the error
* implemented analyzer for postman
* added handling of workspace error
* Update protos to match OSS
* Generate protos
* Update data structures to match OSS
* Update airbrake implementation
* Remove asana implementation
* Remove mailchimp implementation
* Update openai implementation to match OSS
* Remove gitlab implementation
* Remove huggingface implementation
* Remove bitbucket implementation
* Fix permission in airbrake
* Remove github implementation
* Remove mailgun implementation
* Cleanup compiler errors
* Implement Analyzer interface for github
* Add parents to github resources
* Add fine_grained to github metadata
* Update with changes from main
* Remove unused function stubs
---------
Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
Co-authored-by: Hon <8292703+hxnyk@users.noreply.github.com>
Co-authored-by: Abdul Basit <abasit@folio3.com>
Co-authored-by: Abdul Basit <basit.mussani@gmail.com>
The AWS detector verifies credentials in a weird hacky way to work around some non-obvious STS behavior. This workaround does not work for canary tokens, so I updated the test secrets to use non-canary tokens. This PR updates the tests to match the secrets file changes.
