Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-13 00:17:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
2011 commits 140 branches 258 tags 164 MiB
Commit graph

2011 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bill Rich
f2924f3061
Make sure context lines are properly handled (#1331) 
* Make sure context lines are properly handled

* Fix git test to account for context change
 2023-05-05 12:51:27 -07:00
Miccah
6699ccd2b5
Generate protos (#1329) 2023-05-04 12:26:41 -05:00
Brendan Shaklovitz
87f3f27dab
Fix SquareApp detector type return value (#1322) 
* Change SquareApp detector type to report as SquareApp instead of
  Square.
 2023-05-04 10:25:20 -07:00
ahrav
deb0f63d25
Update regex. (#1328) 2023-05-04 10:23:13 -07:00
ahrav
030c093392
Fix how we scan orgs (#1327) 
* Fix how we scan orgs.

* fix integration test.
 2023-05-04 08:07:11 -07:00
Brendan Shaklovitz
be4147a24e
Output git timestamps as UTC times (#1323) 2023-05-03 11:47:00 -05:00
ahrav
323c093818
Normalize GitHub repos during enumeration (#1269) 
* Normalize repos during enumeration.

* fix test.

* Add benchmark.

* Add benchmark.

* Add more realistic benchmark values.

* add gist mocks.

* Remove old normalize fxn.

* abstract away the repo cache.

* update test.

* increase repo count.

* increase page limnit to 100.

* move callee fxns below caller for Chunks.

* Add context to normalize.

* remove extra logic in normalize repo.

* Delete new.txt

* Delete old.txt

* Handle errors in a thread safe manner.

* fix test.'

* fix test.

* handle repos that are included by users.

* Abstract include ignore logic within repoCache.

* Add better comment around repoCache.

* Rename params.

* remove commented out code.

* use repos instead of items.

* remove commented out code.

* Use ++ instead of atomic increment.

* update to use logger var.

* use cache pkg.

* Address comments.

* fix test.

* make less sucky test.

* Update test.
 2023-05-03 08:35:53 -07:00
ahrav
9cb91a6e4f
Extend cache interface (#1318) 
* Extend cache interface.

* update test.
 2023-05-03 08:21:00 -07:00
ahrav
714c480931
Add log to track git log size (#1325) 
* Add log to track git log size.

* Add calc for large commits and last commit.
 2023-05-02 16:36:39 -07:00
Zachary Rice
21258f4160
add performance test (#1301) 
* add performance test

* only run on PRs, test out failure

* remove extras
 2023-05-01 10:54:05 -05:00
Dustin Decker
65305ed9f6
Scan only for verified secrets in our CI (#1310) 2023-05-01 10:28:46 -05:00
dependabot[bot]
156aaac745
Bump github.com/lib/pq from 1.10.8 to 1.10.9 (#1307) 
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.8 to 1.10.9.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.8...v1.10.9)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-01 07:55:12 -07:00
dependabot[bot]
531d17bd3a
Bump github.com/mholt/archiver/v4 from 4.0.0-alpha.7 to 4.0.0-alpha.8 (#1305) 
Bumps [github.com/mholt/archiver/v4](https://github.com/mholt/archiver) from 4.0.0-alpha.7 to 4.0.0-alpha.8.
- [Release notes](https://github.com/mholt/archiver/releases)
- [Changelog](https://github.com/mholt/archiver/blob/master/.goreleaser.yml)
- [Commits](https://github.com/mholt/archiver/compare/v4.0.0-alpha.7...v4.0.0-alpha.8)

---
updated-dependencies:
- dependency-name: github.com/mholt/archiver/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-01 07:49:15 -07:00
Jason Solis
c13c56283d
add tineswebhook detector (#1304) 2023-05-01 07:48:58 -07:00
dependabot[bot]
56cd1df414
Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.3.0 to 2.4.0 (#1306) 
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-01 07:41:11 -07:00
ahrav
67972683ea
[chore] - format log msg (#1299) 
* format log msg.

* snake.

* lowercase repo.
 2023-04-27 17:14:00 -07:00
ahrav
a2266b4e28
add additional logging (#1298) 
* add additional logging.

* update test.

* remove continue.

* address comments.
 2023-04-27 16:48:04 -07:00
Miccah
b1675194ca
Implement EndpointCustomizer (#1291) 
* Implement EndpointCustomizer

Add the EndpointCustomizer interface and EndpointSetter convenience struct,
implement EndpointCustomizer for github and gitlab detectors, and add
parsing, verification, and applying user-supplied configuration.

* Check error from SetEndpoints

* Rename variable for clarity
 2023-04-27 12:23:50 -05:00
Dustin Decker
4086895249
add scripts to benchmark and plot performance across tags (#1293) 
* add scripts to benchmark and plot performance across tags

* missing newline

* fmt
 2023-04-26 15:43:23 -07:00
Brendan Shaklovitz
10902f802a
Add max object size flag for s3 bucket scanning (#1294) 
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-04-26 15:39:43 -07:00
Aman Sakhuja
2a3f8942ee
Fixed contentfulpersonalaccesstoken regex (#1199) 2023-04-26 14:32:36 -07:00
Shabbir B
d1cbc54fc6
Updated BrowserStack detector endpoint (#1290) 
Updated endpoint
 2023-04-26 08:59:24 -07:00
Miccah
5a86c18302
Fix include and exclude detector logic (#1267) 
* Fix include and exclude detector logic

* Fix test

* Add more clarifying comments
 2023-04-26 10:49:54 -05:00
ahrav
622700b6ec
update proto to allow for ignoring projects. (#1289) 2023-04-26 07:30:43 -07:00
ahrav
15ed428e28
update jira detector. (#1288) 2023-04-25 17:26:51 -07:00
Shabbir B
6f801f64c7
Added a new detector for percy.io (#1284) 
* Feature: Added a new detector for percy.io

* Updated variable name

---------

Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-04-25 13:18:34 -07:00
Dustin Decker
3485a6dab1
improve sqlserver detection and testing (#1285) 
* improve sqlserver detection and testing

* add data source keyword
 2023-04-25 11:00:37 -07:00
ahrav
34f5db64ae
Small optimizations for the base64 decoder (#1278) 
* Small optimizations.

* remove unnecessary timer reset.

* remove blank lines.

* remove test file.

* Move b64 character mapping creation to init.
 2023-04-24 11:27:07 -07:00
dependabot[bot]
91bd843ba7
Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 (#1282) 
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.29.0 to 1.30.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.29.0...spanner/v1.30.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 10:37:48 -07:00
dependabot[bot]
584ab043a2
Bump github.com/envoyproxy/protoc-gen-validate from 0.10.1 to 1.0.0 (#1280) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.10.1 to 1.0.0.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Changelog](https://github.com/bufbuild/protoc-gen-validate/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.10.1...v1.0.0)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 10:27:10 -07:00
dependabot[bot]
7578a3a56e
Bump google.golang.org/api from 0.118.0 to 0.119.0 (#1279) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.118.0 to 0.119.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.118.0...v0.119.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 10:12:12 -07:00
ahrav
800ac30ea0
optimize base64 decoder. (#1277) 2023-04-20 20:36:46 -07:00
ahrav
abdff53d5d
optimize utf-8 decoder (#1275) 
* optimize utf-8 decoder.

* remove string conversion.
 2023-04-20 16:52:34 -07:00
Yassine Ilmi
a002ba9a75
Add RawV2 Results to the JSON Output (#1273) 
* Add RawV2 to JSON Output

* Adding RawV2 results to Azure, Datadog and GCP Detectors
 2023-04-20 16:31:53 -07:00
ahrav
cec1543894
Add utf16 decoder proto. (#1276) 2023-04-20 15:25:36 -07:00
Dustin Decker
e217e2fbfd
Ensure multipart credentials are deduplicated correctly (#1271) 
* Ensure multipart credentials are deduplicated correctly

* update tests
 2023-04-20 15:07:59 -07:00
ahrav
4116a24b1c
Add utf16 decoder (#1274) 
* Add utf16 decoder.

* Add test for utf-8.

* Remove else if.

* optimize to use a single loop.
 2023-04-20 15:07:49 -07:00
Bill Rich
a6902ae9cb
Add configurable detectors (#1139) 
* JDBC detector ignore patterns

* Remove newline

---------

Co-authored-by: Bill Rich <bill.rich@trufflesec.com>
 2023-04-20 11:44:28 -07:00
Zubair Khan
6dd24d17d4
Switch Endpoint Field to Client ID (#1270) 
* no longer using endpoint, but do need client id

* use oauth2 credential type
 2023-04-19 16:54:37 -04:00
ahrav
5b2b434a8a
Allow multipel team IDs. (#1259) 2023-04-19 11:47:25 -07:00
ah̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
1c1f034468
Adding Google drive to MetaData proto (#1264) 2023-04-19 10:49:40 -04:00
dependabot[bot]
661e62f006
Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.83.0 (#1268) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.83.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.81.0...v0.83.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-18 08:48:26 -07:00
dependabot[bot]
92244019a9
Bump github.com/lib/pq from 1.10.7 to 1.10.8 (#1260) 
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.7 to 1.10.8.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.7...v1.10.8)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-18 08:36:17 -07:00
Miccah
dfc5a9f5db
[chore] Log possible duplicate detectors (#1266) 
* [chore] Log possible duplicate detectors

* Fix typos
 2023-04-18 10:36:00 -05:00
dependabot[bot]
f5ecbc857b
Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 (#1262) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.81.0...v0.82.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-18 08:34:01 -07:00
dependabot[bot]
42975c6d1e
Bump google.golang.org/api from 0.114.0 to 0.118.0 (#1261) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.114.0 to 0.118.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.114.0...v0.118.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-18 08:33:14 -07:00
Bill Rich
0507f0eb87
Only add detectors once (#1265) 2023-04-17 14:10:13 -07:00
ahrav
531e3ef6c3
Add team name to proto. (#1258) 2023-04-14 09:07:23 -07:00
Dustin Decker
97ce27153a
[]bytes were being logged as b64ed string (#1255) 2023-04-14 06:43:26 -07:00
Zachary Rice
1c89e79c2d
Remove toLower call on decoded chunk (#1254) 
* remove to lower on decoded data

* clean up
 2023-04-14 07:29:32 -05:00