From b6ace9d91a12f895b36043ce35e30545b4d6ca54 Mon Sep 17 00:00:00 2001 From: Zachary Rice Date: Wed, 30 Oct 2024 12:51:30 -0500 Subject: [PATCH 1/4] strip symbol and DWARF tables (#3534) --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 77bc73d8cf0a..e951f957960a 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -2,7 +2,7 @@ version: 2 builds: - binary: trufflehog ldflags: - - -X 'github.com/trufflesecurity/trufflehog/v3/pkg/version.BuildVersion={{ .Version }}' + - -s -w -X 'github.com/trufflesecurity/trufflehog/v3/pkg/version.BuildVersion={{ .Version }}' env: [CGO_ENABLED=0] goos: - linux From 4d355d414e2d6c674bcebfe40cb648e22f6457ae Mon Sep 17 00:00:00 2001 From: Zachary Rice Date: Wed, 30 Oct 2024 16:39:31 -0500 Subject: [PATCH 2/4] gcp cred not set (#3535) * stopgap i guess * slightly smarter --- .../gcpapplicationdefaultcredentials.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go b/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go index a732c16508d3..5504c10361eb 100644 --- a/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go +++ b/pkg/detectors/gcpapplicationdefaultcredentials/gcpapplicationdefaultcredentials.go @@ -80,7 +80,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result DetectorType: detectorspb.DetectorType_GCPApplicationDefaultCredentials, Raw: []byte(detectedClientID), RawV2: []byte(detectedClientID + creds.RefreshToken), - Redacted: creds.RefreshToken[:3] + "..." + creds.RefreshToken[min(len(creds.RefreshToken)-1, 47):], // censor the refresh token + } + + if len(creds.RefreshToken) > 3 { + s1.Redacted = creds.RefreshToken[:3] + "..." + creds.RefreshToken[min(len(creds.RefreshToken)-1, 47):] } if verify { From 257413cc86d7c1be709dde14371fdf2424f635eb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:34:56 -0700 Subject: [PATCH 3/4] fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.2 (#3536) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6c9d10cefcda..88587d3045fa 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/bill-rich/go-syslog v0.0.0-20220413021637-49edb52a574c github.com/bitfinexcom/bitfinex-api-go v0.0.0-20210608095005-9e0b26f200fb github.com/bradleyfalzon/ghinstallation/v2 v2.11.0 - github.com/brianvoe/gofakeit/v7 v7.1.1 + github.com/brianvoe/gofakeit/v7 v7.1.2 github.com/charmbracelet/bubbles v0.18.0 github.com/charmbracelet/bubbletea v0.27.0 github.com/charmbracelet/glamour v0.7.0 diff --git a/go.sum b/go.sum index bf483f93330a..05fa2d064f50 100644 --- a/go.sum +++ b/go.sum @@ -178,6 +178,8 @@ github.com/brianvoe/gofakeit/v7 v7.0.4 h1:Mkxwz9jYg8Ad8NvT9HA27pCMZGFQo08MK6jD0Q github.com/brianvoe/gofakeit/v7 v7.0.4/go.mod h1:QXuPeBw164PJCzCUZVmgpgHJ3Llj49jSLVkKPMtxtxA= github.com/brianvoe/gofakeit/v7 v7.1.1 h1:/DEG+f/mFtqqNjhZ0AXA0aDzrnfE85AcAKVE+mMdxAQ= github.com/brianvoe/gofakeit/v7 v7.1.1/go.mod h1:QXuPeBw164PJCzCUZVmgpgHJ3Llj49jSLVkKPMtxtxA= +github.com/brianvoe/gofakeit/v7 v7.1.2 h1:vSKaVScNhWVpf1rlyEKSvO8zKZfuDtGqoIHT//iNNb8= +github.com/brianvoe/gofakeit/v7 v7.1.2/go.mod h1:QXuPeBw164PJCzCUZVmgpgHJ3Llj49jSLVkKPMtxtxA= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= From bd5e28742553ef0649d7af310dc4e3755f070b36 Mon Sep 17 00:00:00 2001 From: Kashif Khan <70996046+kashifkhan0771@users.noreply.github.com> Date: Thu, 31 Oct 2024 17:14:39 +0500 Subject: [PATCH 4/4] fixed gitlab extradata overwriting (#3537) --- pkg/detectors/gitlab/v1/gitlab.go | 4 +++- pkg/detectors/gitlab/v2/gitlab_v2.go | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg/detectors/gitlab/v1/gitlab.go b/pkg/detectors/gitlab/v1/gitlab.go index 5e9c0ea94b54..ce0c070f5897 100644 --- a/pkg/detectors/gitlab/v1/gitlab.go +++ b/pkg/detectors/gitlab/v1/gitlab.go @@ -72,7 +72,9 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result if verify { isVerified, extraData, verificationErr := s.verifyGitlab(ctx, resMatch) s1.Verified = isVerified - s1.ExtraData = extraData + for key, value := range extraData { + s1.ExtraData[key] = value + } s1.SetVerificationError(verificationErr, resMatch) s1.AnalysisInfo = map[string]string{ diff --git a/pkg/detectors/gitlab/v2/gitlab_v2.go b/pkg/detectors/gitlab/v2/gitlab_v2.go index 98233fe4ac0b..18e55084da5b 100644 --- a/pkg/detectors/gitlab/v2/gitlab_v2.go +++ b/pkg/detectors/gitlab/v2/gitlab_v2.go @@ -61,7 +61,9 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result if verify { isVerified, extraData, verificationErr := s.verifyGitlab(ctx, resMatch) s1.Verified = isVerified - s1.ExtraData = extraData + for key, value := range extraData { + s1.ExtraData[key] = value + } s1.SetVerificationError(verificationErr, resMatch) s1.AnalysisInfo = map[string]string{