Commit graph

1643 commits

Author SHA1 Message Date
Dustin Decker
c2ae31d060
Make AzureDevopsPersonalAccessToken verification more robust (#2359)
* Make AzureDevopsPersonalAccessToken verification more robust

* fix snifftest
2024-02-01 08:40:44 -08:00
roxanne-tampus
143e275272
update azure test files to check rawV2 (#2353) 2024-01-31 08:36:52 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
7ece4c3e66
Detectors Updates 1 for Tristate Verification (#2187)
* updating alibaba

* updating agora

* updating aeroworkflow

* updating aha

* updating artifactory

* updating abbysale

* updating abstract

* updating abuseipdb

* updating accuweather

* updating adafruitio

* updating adzuna

* cleanup on abuseipdb

* cleanup on aha

* cleanup on abuseipdb

* cleanup on aeroworkflow

* cleanup on adzuna

* cleanup on accuweather

* cleanup/refactor

* update token pattern to be explicitly 73char (old) or 64char (new)

* comment to clarify 403 on Aha

* mocking out verified case for aha + adding inactive account test

* using contact response instead of gock

* update 403 to be determinate
2024-01-30 12:20:56 -05:00
Richard Gomez
232032410c
feat(detectors): update template (#2342) 2024-01-29 21:21:23 -08:00
Dustin Decker
7befefd369
Improve fp ignore logic (#2351)
* forgot field change

* use aho corasick for filter

* reduce wordlist sensitivity
2024-01-29 11:28:46 -08:00
roxanne-tampus
303e191f38
added azuresearchquerykey detector (#2349)
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-29 10:19:51 -08:00
roxanne-tampus
06b7ebf824
added azuresearchadminkey detector (#2348)
* added azuresearchadminkey detector

* additional update

* update import

* fix raw fields for new detectors and entropy check

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-29 09:55:46 -08:00
roxanne-tampus
83dc986b07
added azurefunctionkey detector (#2337)
* added azurefunctionkey detector

* update raw field to include url

* clean up and added prefix on key pattern

* update bench script

* update imports, snifftest, and gen proto

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-29 09:20:33 -08:00
faktas2
76fcdae3a0
Add the new MaxMind license key format (#2181)
* Add the new MaxMind license key format

* feedback

* reorg rules

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-26 11:49:47 -08:00
Dustin Decker
3a6cfd9d97
Prevent print or logging in detectors (#2341)
* Prevent print or logging in detectors

* mount repo

* update job name
2024-01-26 11:39:41 -08:00
ahrav
41cfec4e1c
make sure to close connections after testing (#2343) 2024-01-26 09:24:06 -08:00
Dustin Decker
f078df43eb
Fix test (#2339) 2024-01-25 23:15:37 -08:00
Zubair Khan
76057618ba
add tri-state verification to yelp (#1736)
* init yelp tri state

* fix detector and test

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-25 22:28:16 -08:00
Richard Gomez
c6f73a7d10
Update DockerHub detector logic (#2266)
* feat(dockerhub): update logic

* updates

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-25 22:02:36 -08:00
Richard Gomez
d4a0645c29
Add Google oauth2 token detector (#2274)
* feat(google): add oauth2 token detector

* update pr

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-25 21:32:03 -08:00
joeleonjr
792266afa9
updating doppler logic (#2329)
* updating doppler logic

* added json response struct
2024-01-24 12:20:33 -05:00
roxanne-tampus
47c6539a41
added azuredevopspersonalaccesstoken detector (#2315)
* added azuredevopspersonalaccesstoken detector

* fix comment

* update raw field to include all parts of the credential

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-01-23 20:46:51 -08:00
ahrav
e44802a31d
[feat] - Replace regexp pkg w/ go-re2 in detectors (#2324)
* update detectors to use go-re regex library replacement

* update go mod and sum

* add tests with invalid utf-8

* revert
2024-01-23 13:16:22 -08:00
Cody Rose
e0a1b11a8e
Narrow Postgres detector to only look for URIs (#2314) 2024-01-23 14:42:31 -05:00
joeleonjr
443ef98e41
updating detector logic for zenscrape (#2316)
* updating detector logic for zenscrape

* updating to use status endpoint
2024-01-22 16:57:51 -05:00
ahrav
b0fd951652
[chore] - Add regex and keyword for api_org tokens (#2240)
* Add regex and keyword for api_org tokens.

* handle org token auth struct

* update keywords
2024-01-16 15:25:26 -08:00
dylanTruffle
3b4518cbab
adding postgres detector (#2108)
* adding postgres detector

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2024-01-10 16:19:45 -05:00
Richard Gomez
04bf244f38
fix(signable): ignore common false positives (#2230) 2024-01-09 17:53:25 -08:00
Richard Gomez
38f36475de
fix(parseur): ignore false positives (#2229) 2024-01-09 17:50:30 -08:00
Shivasurya
e5289ac8e4
Updated trufflehog sourcegraph secret format (#2254) 2024-01-06 08:48:41 -08:00
NIKHIL PANWAR
7365dba9c9
Update stripe detector regex (#2261) 2024-01-06 08:43:39 -08:00
Dustin Decker
6b90a96ca0
Add missing import (#2246) 2023-12-19 16:40:31 -08:00
Richard Gomez
69d5e0c993
fix(snowflake): avoid extraneous attempts (#2057)
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-12-19 16:04:08 -08:00
Richard Gomez
97afd570ae
feat(github): update extradata (#2219) 2023-12-19 16:01:07 -08:00
Richard Gomez
eeb4dbd304
feat(shortcut): use tri-state verification (#2211) 2023-12-17 15:47:14 -08:00
Richard Gomez
ded8e459bd
feat(huggingface): enhance extradata (#2222) 2023-12-17 14:29:45 -08:00
Richard Gomez
69a70a3374
fix(myfreshworks): check for valid JSON (#2212) 2023-12-17 10:26:38 -08:00
Richard Gomez
06b137fd93
fix(gitlab): check for valid JSON (#2218) 2023-12-14 11:22:06 -08:00
Miccah
4db20e29f8
Update metabase verification to check for a valid JSON response (#2210)
* Update metabase verification to check for a valid JSON response

* added test tokens + cleanup

---------

Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-12-13 12:18:56 -08:00
Miccah
84b7461796
[chore] Remove unnecessary string conversion in tefter detector (#2209) 2023-12-13 11:39:16 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
6987507534
fix and refactor browserstack detector (#2208)
* fix and refactor browserstack detector
2023-12-12 16:14:31 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
5e3ea1a8f2
Fix azurestorage detector (#2207)
* bugfix + cleanup - update azurestorage detector raw string to use key instead of id
2023-12-12 16:07:09 -05:00
Cody Rose
405f356071
Use bad json in slackwebhooks (#2193)
* add rotation guides to SlackWebhook tests

* begin cleaning up tests

* have slack webhook detector use malformed json

* update test secrets

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-12-11 15:04:55 -08:00
Richard Gomez
6c5fc2f212
feat(privatekey): run checks concurrently (#2139) 2023-12-10 10:11:17 -08:00
ahrav
f772fd8b44
update regex (#2184) 2023-12-06 17:04:38 -08:00
Dustin Decker
3167dde8a1
Deprecate some detectors (#2186) 2023-12-06 16:57:55 -08:00
ahrav
c6e9b8ff64
use https for verification endpoints (#2185) 2023-12-06 16:06:04 -08:00
dylanTruffle
96aa50d119
fixing how to rotate URL (#2183) 2023-12-06 11:59:21 -08:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
11394ea318
[thog-1548] add auto redaction for verification errors (#2106)
* Updating VerificationError to have auto redaction logic
* find/replace error
2023-12-05 08:57:52 -05:00
ahrav
c34efc3cf9
make empty slice delcration consistent (#2144) 2023-12-01 11:03:44 -08:00
ahrav
279f915799
[chore] - fix error comparisons (#2142)
* fix error comparisons

* fix imports
2023-12-01 08:32:41 -08:00
ahrav
52ffab1034
[chore] - fix import name clashes (#2143)
* fix import name clashes

* fix missing var
2023-12-01 06:53:15 -08:00
Dustin Decker
a367f9ce34
Fix azure panic when invalid URL is constructed (#2137) 2023-11-30 11:33:04 -08:00
Zachary Rice
d552222385
add extradata nil check and use make (#2129)
* add extradata nil check and use make

* remove some lines
2023-11-28 09:45:37 -06:00
Richard Gomez
62c628fb52
feat(telegram): add username to extradata (#2100) 2023-11-20 14:00:09 -08:00