From 36aa1451bdba8f06e7c0237d1b616c6f986a020b Mon Sep 17 00:00:00 2001 From: atkins Date: Fri, 22 Sep 2023 14:08:56 -0600 Subject: [PATCH 1/2] Update protos image to use correct go version (#1810) * Update protos image to use correct go version * Update image tag to match version * use bullseye * update proto image --------- Co-authored-by: Dustin Decker --- Makefile | 4 ++-- hack/Dockerfile.protos | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index eacb889e0e8b..261c884fe07d 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -PROTOS_IMAGE ?= trufflesecurity/protos:1.18-0 +PROTOS_IMAGE ?= trufflesecurity/protos:1.21-0 .PHONY: check .PHONY: lint @@ -59,7 +59,7 @@ protos-windows: release-protos-image: docker buildx build --push --platform=linux/amd64,linux/arm64 \ - -t trufflesecurity/protos:1.18-0 -f hack/Dockerfile.protos . + -t trufflesecurity/protos:1.21-0 -f hack/Dockerfile.protos . snifftest: ./hack/snifftest/snifftest.sh diff --git a/hack/Dockerfile.protos b/hack/Dockerfile.protos index 610494c12168..4cf3f71fdf57 100644 --- a/hack/Dockerfile.protos +++ b/hack/Dockerfile.protos @@ -1,6 +1,6 @@ # trufflesecurity/protos:1.18-0 -FROM golang:1.18-buster +FROM golang:1.21-bullseye ARG TARGETARCH ARG TARGETOS From 995eb64d3864466082d119ee0199adc838b9c566 Mon Sep 17 00:00:00 2001 From: Zachary Rice Date: Fri, 22 Sep 2023 15:26:20 -0500 Subject: [PATCH 2/2] examples folder (#1734) * wip examples folder * Rename examples.md to README.md --- examples/README.md | 14 ++++++++++++++ examples/generic.yml | 15 +++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 examples/README.md create mode 100644 examples/generic.yml diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 000000000000..affcd3a2e082 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,14 @@ +# Examples +This folder contains various examples like custom detectors, scripts, etc. Feel free to contribute! + +### Generic Detector +An often requested feature for TruffleHog is a generic detector. By default, we do not support generic detection as it would result in lots of false positives. However, if you want to attempt detect generic secrets you can use a custom detector. + +#### Try it out: +``` +wget UPDATE ONCE MERGED +trufflehog filesystem --config=$PWD/generic.yml $PWD + +# to filter so that _only_ generic credentials are logged: +trufflehog filesystem --config=$PWD/generic.yml --json --no-verification $PWD | awk '/generic-api-key/{print $0}' +``` diff --git a/examples/generic.yml b/examples/generic.yml new file mode 100644 index 000000000000..04a226d21f61 --- /dev/null +++ b/examples/generic.yml @@ -0,0 +1,15 @@ +detectors: +- name: generic-api-key + keywords: + - key + - api + - token + - secret + - client + - passwd + - password + - auth + - access + regex: + # borrowing the gitleaks generic-api-key regex + generic-api-key: "(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\"|\\s|=|\\x60){0,5}([0-9a-z\\-_.=]{10,150})(?:['|\"|\\n|\\r|\\s|\\x60|;]|$)"