Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scan GitHub wikis #2233

Merged
merged 1 commit into from
Jan 31, 2024
Merged

Conversation

rgmz
Copy link
Contributor

@rgmz rgmz commented Dec 16, 2023

Description:

GitHub wikis are another potential source for secrets.

This PR adds the functionality to scan wikis. It is enabled by default because wikis are just repositories that you can clone, and aren't subject to any rate limits.

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@rgmz rgmz requested review from a team as code owners December 16, 2023 00:21
Copy link
Collaborator

@rosecodym rosecodym left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this! I have some minor questions about logging, but my big question is my silliest: Where is the new flag actually checked? I feel like I'm missing something dumb.

pkg/sources/git/git.go Outdated Show resolved Hide resolved
pkg/sources/github/github.go Outdated Show resolved Hide resolved
pkg/engine/github.go Show resolved Hide resolved
@rgmz rgmz force-pushed the feat/github-scan-wikis branch 2 times, most recently from adc5962 to e59837d Compare December 19, 2023 21:12
Copy link
Collaborator

@rosecodym rosecodym left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please forgive my persnicketiness about comments - i'm trying to do my future self some favors

pkg/sources/git/git.go Outdated Show resolved Hide resolved
pkg/sources/github/github.go Show resolved Hide resolved
pkg/sources/github/github.go Outdated Show resolved Hide resolved
pkg/sources/github/github.go Outdated Show resolved Hide resolved
@rgmz
Copy link
Contributor Author

rgmz commented Dec 20, 2023

please forgive my persnicketiness about comments - i'm trying to do my future self some favors

No need to apologize, these are all valid points. Some of these are remnants from prior iterations, such as when I thought that "has_wiki": true meant the repository has a wiki (😂🔫), or when I realized that it makes more sense to check if a wiki exists in repo.go.

I've pushed a few changes that should address those comments.

@rgmz rgmz force-pushed the feat/github-scan-wikis branch 4 times, most recently from 3d22af5 to c5b5875 Compare January 30, 2024 13:22
@rgmz
Copy link
Contributor Author

rgmz commented Jan 30, 2024

Hey @rosecodym, do you have any other questions or feedback for this change?

Copy link
Collaborator

@rosecodym rosecodym left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, apologies for letting this get away from me, and thanks for the reminder. The only non-clarifying question I have is about a new flag check (marked inline).

scanFailed = true
return nil
// Scan comments, if enabled.
if s.includeGistComments || s.includeIssueComments || s.includePRComments {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Were we just ignoring these flags before? This is a surprising thing to not already see here...

Copy link
Contributor Author

@rgmz rgmz Jan 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added an explicit check because I think it's more consistent and readable to have if includeWiki { doWiki } ... if includeComments { doComments }.

The s.includeGistComments, s.includeIssueComments, and s.includePRComments weren't being ignored, but they were implemented in a way that's awkward and difficult to understand (imo). Plus I don't think it makes sense to enter a function that can return errors when the flags are disabled.

repoURL, err := git.GitURLParse(repoPath)
if err != nil {
return err
}

// Normal repository URL (https://github.com/<owner>/<repo>).
if len(trimmedURL) < 3 {
return fmt.Errorf("url missing owner and/or repo: '%s'", repoURL.String())
}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oof, strong agree. Thanks for this.

}
logger.V(2).Info(fmt.Sprintf("scanned %d/%d repos", scannedCount, len(s.repos)), "duration_seconds", time.Since(start).Seconds())
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this no longer happen if the scan panics? That's a fine change (and your version is more readable), I just want to ensure I understand the diff.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this no longer happen if the scan panics?

These changes were made based on how the code looked before #2220 was merged. Now that #2220 has been merged, the diff is a bit awkward.

Your understanding is correct. In fact, since @dustin-decker moved the metric and scannedCount increment to the end of the function, I should move this logging statement as well.

pkg/sources/github/github.go Outdated Show resolved Hide resolved
@rgmz rgmz force-pushed the feat/github-scan-wikis branch 2 times, most recently from a4f948a to d5ff649 Compare January 30, 2024 23:32
Copy link
Collaborator

@rosecodym rosecodym left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, thanks for doing it!

scanFailed = true
return nil
// Scan comments, if enabled.
if s.includeGistComments || s.includeIssueComments || s.includePRComments {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oof, strong agree. Thanks for this.

@rosecodym rosecodym merged commit 8e90c4e into trufflesecurity:main Jan 31, 2024
9 of 10 checks passed
@rgmz rgmz deleted the feat/github-scan-wikis branch January 31, 2024 15:52
rosecodym added a commit that referenced this pull request Feb 5, 2024
rosecodym added a commit that referenced this pull request Feb 5, 2024
The new functionality introduced by #2233 runs very slowly; this commits causes the new functionality to not run by default.
haraldh referenced this pull request in matter-labs/vault-auth-tee Feb 13, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog)
| action | minor | `v3.63.5` -> `v3.67.5` |

---

### Release Notes

<details>
<summary>trufflesecurity/trufflehog
(trufflesecurity/trufflehog)</summary>

###
[`v3.67.5`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.5)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.4...v3.67.5)

#### What's Changed

- Fix handling of GitHub ratelimit information by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2041](https://togithub.com/trufflesecurity/trufflehog/pull/2041)
- Set GHA workdir by
[@&#8203;zricethezav](https://togithub.com/zricethezav) in
[https://github.com/trufflesecurity/trufflehog/pull/2393](https://togithub.com/trufflesecurity/trufflehog/pull/2393)
- Allow CLI version pinning in GHA
([#&#8203;2397](https://togithub.com/trufflesecurity/trufflehog/issues/2397))
by [@&#8203;skeweredlogic](https://togithub.com/skeweredlogic) in
[https://github.com/trufflesecurity/trufflehog/pull/2398](https://togithub.com/trufflesecurity/trufflehog/pull/2398)
- \[bug] - prevent concurrent map writes by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2399](https://togithub.com/trufflesecurity/trufflehog/pull/2399)
- Allow multiple domains for Forager by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2400](https://togithub.com/trufflesecurity/trufflehog/pull/2400)
- Update GitParse to handle quoted binary filenames by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2391](https://togithub.com/trufflesecurity/trufflehog/pull/2391)
- \[feat] - buffered file writer metrics by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2395](https://togithub.com/trufflesecurity/trufflehog/pull/2395)

#### New Contributors

- [@&#8203;skeweredlogic](https://togithub.com/skeweredlogic) made their
first contribution in
[https://github.com/trufflesecurity/trufflehog/pull/2398](https://togithub.com/trufflesecurity/trufflehog/pull/2398)

**Full Changelog**:
trufflesecurity/trufflehog@v3.67.4...v3.67.5

###
[`v3.67.4`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.4)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.3...v3.67.4)

#### What's Changed

- \[feat] - use diff chan by [@&#8203;ahrav](https://togithub.com/ahrav)
in
[https://github.com/trufflesecurity/trufflehog/pull/2387](https://togithub.com/trufflesecurity/trufflehog/pull/2387)

**Full Changelog**:
trufflesecurity/trufflehog@v3.67.3...v3.67.4

###
[`v3.67.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.3)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.2...v3.67.3)

#### What's Changed

- Disable GitHub wiki scanning by default by
[@&#8203;rosecodym](https://togithub.com/rosecodym) in
[https://github.com/trufflesecurity/trufflehog/pull/2386](https://togithub.com/trufflesecurity/trufflehog/pull/2386)
- Fix binary file hanging bug in git sources by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2388](https://togithub.com/trufflesecurity/trufflehog/pull/2388)
- tightening opsgenie detection and verification by
[@&#8203;dylanTruffle](https://togithub.com/dylanTruffle) in
[https://github.com/trufflesecurity/trufflehog/pull/2389](https://togithub.com/trufflesecurity/trufflehog/pull/2389)
- Make `SkipFile` case-insensitive by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2383](https://togithub.com/trufflesecurity/trufflehog/pull/2383)
- \[not-fixup] - Reduce memory consumption for Buffered File Writer by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2377](https://togithub.com/trufflesecurity/trufflehog/pull/2377)

**Full Changelog**:
trufflesecurity/trufflehog@v3.67.2...v3.67.3

###
[`v3.67.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.2)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.2)

#### What's Changed

- \[bug] - unhashable map key by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2374](https://togithub.com/trufflesecurity/trufflehog/pull/2374)
- custom detector docs improvement by
[@&#8203;dxa4481](https://togithub.com/dxa4481) in
[https://github.com/trufflesecurity/trufflehog/pull/2376](https://togithub.com/trufflesecurity/trufflehog/pull/2376)
- \[fixup] - correctly use the buffered file writer by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2373](https://togithub.com/trufflesecurity/trufflehog/pull/2373)

**Full Changelog**:
trufflesecurity/trufflehog@v3.67.1...v3.67.2

###
[`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...3.67.1)

#### What's Changed

- \[chore] Cleanup GitLab source errors by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2345](https://togithub.com/trufflesecurity/trufflehog/pull/2345)
- \[feat] - concurently scan the filesystem source by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2364](https://togithub.com/trufflesecurity/trufflehog/pull/2364)

**Full Changelog**:
trufflesecurity/trufflehog@3.67.1...v3.67.1

###
[`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.0...3.67.1)

##### What's Changed

- \[chore] Cleanup GitLab source errors by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2345](https://togithub.com/trufflesecurity/trufflehog/pull/2345)
- \[feat] - concurently scan the filesystem source by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2364](https://togithub.com/trufflesecurity/trufflehog/pull/2364)

**Full Changelog**:
trufflesecurity/trufflehog@3.67.1...v3.67.1

###
[`v3.67.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.0)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.3...v3.67.0)

#### What's Changed

- Make AzureDevopsPersonalAccessToken verification more robust by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2359](https://togithub.com/trufflesecurity/trufflehog/pull/2359)
- Polite Verification by [@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2356](https://togithub.com/trufflesecurity/trufflehog/pull/2356)

**Full Changelog**:
trufflesecurity/trufflehog@v3.66.3...v3.67.0

###
[`v3.66.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.3)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.2...v3.66.3)

#### What's Changed

- Allow for configuring the buffered file writer by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2319](https://togithub.com/trufflesecurity/trufflehog/pull/2319)
- added flyio protos by
[@&#8203;lonmarsDev](https://togithub.com/lonmarsDev) in
[https://github.com/trufflesecurity/trufflehog/pull/2357](https://togithub.com/trufflesecurity/trufflehog/pull/2357)
- Scan GitHub wikis by [@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2233](https://togithub.com/trufflesecurity/trufflehog/pull/2233)
- \[chore] Add filesystem integration test by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2358](https://togithub.com/trufflesecurity/trufflehog/pull/2358)
- update azure test files to check rawV2 by
[@&#8203;roxanne-tampus](https://togithub.com/roxanne-tampus) in
[https://github.com/trufflesecurity/trufflehog/pull/2353](https://togithub.com/trufflesecurity/trufflehog/pull/2353)
- \[bug] fix script change by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2360](https://togithub.com/trufflesecurity/trufflehog/pull/2360)

**Full Changelog**:
trufflesecurity/trufflehog@v3.66.2...v3.66.3

###
[`v3.66.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.2)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.1...v3.66.2)

#### What's Changed

- Update the template detector by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2342](https://togithub.com/trufflesecurity/trufflehog/pull/2342)
- Detectors Updates 1 for Tristate Verification by
[@&#8203;0x1](https://togithub.com/0x1) in
[https://github.com/trufflesecurity/trufflehog/pull/2187](https://togithub.com/trufflesecurity/trufflehog/pull/2187)
- Fix filesystem enumeration ignore paths bug by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2355](https://togithub.com/trufflesecurity/trufflehog/pull/2355)
- \[feat] - tmp file diffs by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2306](https://togithub.com/trufflesecurity/trufflehog/pull/2306)

**Full Changelog**:
trufflesecurity/trufflehog@v3.66.1...v3.66.2

###
[`v3.66.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.1)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.0...v3.66.1)

#### What's Changed

- Azure function key is throwing FPs by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2352](https://togithub.com/trufflesecurity/trufflehog/pull/2352)

**Full Changelog**:
trufflesecurity/trufflehog@v3.66.0...v3.66.1

###
[`v3.66.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.0)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.65.0...v3.66.0)

#### What's Changed

- \[chore] - make sure to close connections after testing by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2343](https://togithub.com/trufflesecurity/trufflehog/pull/2343)
- Prevent print or logging in detectors by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2341](https://togithub.com/trufflesecurity/trufflehog/pull/2341)
- Add the new MaxMind license key format by
[@&#8203;faktas2](https://togithub.com/faktas2) in
[https://github.com/trufflesecurity/trufflehog/pull/2181](https://togithub.com/trufflesecurity/trufflehog/pull/2181)
- updates to plain and json printing to include verification error by
[@&#8203;0x1](https://togithub.com/0x1) in
[https://github.com/trufflesecurity/trufflehog/pull/2335](https://togithub.com/trufflesecurity/trufflehog/pull/2335)
- added azurefunctionkey detector by
[@&#8203;roxanne-tampus](https://togithub.com/roxanne-tampus) in
[https://github.com/trufflesecurity/trufflehog/pull/2337](https://togithub.com/trufflesecurity/trufflehog/pull/2337)
- added azuresearchadminkey detector by
[@&#8203;roxanne-tampus](https://togithub.com/roxanne-tampus) in
[https://github.com/trufflesecurity/trufflehog/pull/2348](https://togithub.com/trufflesecurity/trufflehog/pull/2348)
- added azuresearchquerykey detector by
[@&#8203;roxanne-tampus](https://togithub.com/roxanne-tampus) in
[https://github.com/trufflesecurity/trufflehog/pull/2349](https://togithub.com/trufflesecurity/trufflehog/pull/2349)
- Improve fp ignore logic by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2351](https://togithub.com/trufflesecurity/trufflehog/pull/2351)

#### New Contributors

- [@&#8203;faktas2](https://togithub.com/faktas2) made their first
contribution in
[https://github.com/trufflesecurity/trufflehog/pull/2181](https://togithub.com/trufflesecurity/trufflehog/pull/2181)

**Full Changelog**:
trufflesecurity/trufflehog@v3.65.0...v3.66.0

###
[`v3.65.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.65.0)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.64.0...v3.65.0)

#### What's Changed

- Walk directories in filesystem source enumeration by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2313](https://togithub.com/trufflesecurity/trufflehog/pull/2313)
- added azuredevopspersonalaccesstoken detector by
[@&#8203;roxanne-tampus](https://togithub.com/roxanne-tampus) in
[https://github.com/trufflesecurity/trufflehog/pull/2315](https://togithub.com/trufflesecurity/trufflehog/pull/2315)
- updating doppler logic by
[@&#8203;joeleonjr](https://togithub.com/joeleonjr) in
[https://github.com/trufflesecurity/trufflehog/pull/2329](https://togithub.com/trufflesecurity/trufflehog/pull/2329)
- add priority semaphore to source manager by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2336](https://togithub.com/trufflesecurity/trufflehog/pull/2336)
- Add Google oauth2 token detector by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2274](https://togithub.com/trufflesecurity/trufflehog/pull/2274)
- Update DockerHub detector logic by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2266](https://togithub.com/trufflesecurity/trufflehog/pull/2266)
- Improve GitHub scan logging by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2220](https://togithub.com/trufflesecurity/trufflehog/pull/2220)
- add tri-state verification to yelp by
[@&#8203;zubairk14](https://togithub.com/zubairk14) in
[https://github.com/trufflesecurity/trufflehog/pull/1736](https://togithub.com/trufflesecurity/trufflehog/pull/1736)
- Fix broken test by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2339](https://togithub.com/trufflesecurity/trufflehog/pull/2339)

**Full Changelog**:
trufflesecurity/trufflehog@v3.64.0...v3.65.0

###
[`v3.64.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.64.0)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.11...v3.64.0)

#### What's Changed

- Add prometheus metrics to measure hook execution time by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2312](https://togithub.com/trufflesecurity/trufflehog/pull/2312)
- updating detector logic for zenscrape by
[@&#8203;joeleonjr](https://togithub.com/joeleonjr) in
[https://github.com/trufflesecurity/trufflehog/pull/2316](https://togithub.com/trufflesecurity/trufflehog/pull/2316)
- fix for incorrect AWS account number identification by
[@&#8203;joeleonjr](https://togithub.com/joeleonjr) in
[https://github.com/trufflesecurity/trufflehog/pull/2332](https://togithub.com/trufflesecurity/trufflehog/pull/2332)
- Narrow Postgres detector to only look for URIs by
[@&#8203;rosecodym](https://togithub.com/rosecodym) in
[https://github.com/trufflesecurity/trufflehog/pull/2314](https://togithub.com/trufflesecurity/trufflehog/pull/2314)
- Update Gitlab repo count in tests by
[@&#8203;rosecodym](https://togithub.com/rosecodym) in
[https://github.com/trufflesecurity/trufflehog/pull/2333](https://togithub.com/trufflesecurity/trufflehog/pull/2333)
- \[feat] - Replace regexp pkg w/ go-re2 in detectors by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2324](https://togithub.com/trufflesecurity/trufflehog/pull/2324)

**Full Changelog**:
trufflesecurity/trufflehog@v3.63.11...v3.64.0

###
[`v3.63.11`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.11)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.10...v3.63.11)

#### What's Changed

- \[fixup] - save 8 bytes per chunk by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2310](https://togithub.com/trufflesecurity/trufflehog/pull/2310)
- fix(deps): update module github.com/hashicorp/golang-lru to v2 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2054](https://togithub.com/trufflesecurity/trufflehog/pull/2054)
- \[chore] - Update Chunk struct comment by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2317](https://togithub.com/trufflesecurity/trufflehog/pull/2317)
- fix(deps): update golang.org/x/exp digest to
[`1b97071`](https://togithub.com/trufflesecurity/trufflehog/commit/1b97071)
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2318](https://togithub.com/trufflesecurity/trufflehog/pull/2318)
- fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.1 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2320](https://togithub.com/trufflesecurity/trufflehog/pull/2320)
- fix(deps): update module github.com/envoyproxy/protoc-gen-validate to
v1.0.4 by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2322](https://togithub.com/trufflesecurity/trufflehog/pull/2322)
- fix(deps): update module github.com/aws/aws-sdk-go to v1.50.0 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2325](https://togithub.com/trufflesecurity/trufflehog/pull/2325)
- \[chore] - reduce test time by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2321](https://togithub.com/trufflesecurity/trufflehog/pull/2321)

**Full Changelog**:
trufflesecurity/trufflehog@v3.63.10...v3.63.11

###
[`v3.63.10`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.10)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.9...v3.63.10)

#### What's Changed

- added azure protos by
[@&#8203;roxanne-tampus](https://togithub.com/roxanne-tampus) in
[https://github.com/trufflesecurity/trufflehog/pull/2304](https://togithub.com/trufflesecurity/trufflehog/pull/2304)
- \[fixup ] - Allow ssh cloning with AWS Code Commit by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2307](https://togithub.com/trufflesecurity/trufflehog/pull/2307)
- Assume unauthenticated github scans have public visibility by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2308](https://togithub.com/trufflesecurity/trufflehog/pull/2308)
- \[chore] - Add regex and keyword for api_org tokens by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2240](https://togithub.com/trufflesecurity/trufflehog/pull/2240)

**Full Changelog**:
trufflesecurity/trufflehog@v3.63.9...v3.63.10

###
[`v3.63.9`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.9)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.8...v3.63.9)

#### What's Changed

- \[chore] - update docs for pre-commit by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2280](https://togithub.com/trufflesecurity/trufflehog/pull/2280)
- Ignore common false positives for Parseur Detector by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2229](https://togithub.com/trufflesecurity/trufflehog/pull/2229)
- Ignore common Signable false positives by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2230](https://togithub.com/trufflesecurity/trufflehog/pull/2230)
- fix(deps): update golang.org/x/exp digest to
[`be819d1`](https://togithub.com/trufflesecurity/trufflehog/commit/be819d1)
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2281](https://togithub.com/trufflesecurity/trufflehog/pull/2281)
- \[chore] - update test by [@&#8203;ahrav](https://togithub.com/ahrav)
in
[https://github.com/trufflesecurity/trufflehog/pull/2283](https://togithub.com/trufflesecurity/trufflehog/pull/2283)
- adding postgres detector by
[@&#8203;dylanTruffle](https://togithub.com/dylanTruffle) in
[https://github.com/trufflesecurity/trufflehog/pull/2108](https://togithub.com/trufflesecurity/trufflehog/pull/2108)
- fix(deps): update module
github.com/azuread/microsoft-authentication-library-for-go to v1.2.1 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2282](https://togithub.com/trufflesecurity/trufflehog/pull/2282)
- fix(deps): update golang.org/x/exp digest to
[`0dcbfd6`](https://togithub.com/trufflesecurity/trufflehog/commit/0dcbfd6)
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2284](https://togithub.com/trufflesecurity/trufflehog/pull/2284)
- fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.3
by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2285](https://togithub.com/trufflesecurity/trufflehog/pull/2285)
- Extend memory cache by [@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2275](https://togithub.com/trufflesecurity/trufflehog/pull/2275)
- fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.19 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2286](https://togithub.com/trufflesecurity/trufflehog/pull/2286)
- chore(deps): update alpine docker tag to v3.19 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2287](https://togithub.com/trufflesecurity/trufflehog/pull/2287)
- chore(deps): update sigstore/cosign-installer action to v3.3.0 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2290](https://togithub.com/trufflesecurity/trufflehog/pull/2290)
- fix(deps): update module cloud.google.com/go/storage to v1.36.0 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2291](https://togithub.com/trufflesecurity/trufflehog/pull/2291)
- fix(deps): update module github.com/aws/aws-sdk-go to v1.49.18 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2292](https://togithub.com/trufflesecurity/trufflehog/pull/2292)
- feat(installation): Implement checksum signature verification by
[@&#8203;hibare](https://togithub.com/hibare) in
[https://github.com/trufflesecurity/trufflehog/pull/2157](https://togithub.com/trufflesecurity/trufflehog/pull/2157)
- fix(deps): update module github.com/aws/aws-sdk-go to v1.49.19 by
[@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2294](https://togithub.com/trufflesecurity/trufflehog/pull/2294)
- fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to
v2.9.0 by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2295](https://togithub.com/trufflesecurity/trufflehog/pull/2295)
- \[chore] - small updates by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2288](https://togithub.com/trufflesecurity/trufflehog/pull/2288)
- \[feat] - Allow for the use of include/exclude path files for
filesystem scans by [@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2297](https://togithub.com/trufflesecurity/trufflehog/pull/2297)
- Individuate archive tests by
[@&#8203;rosecodym](https://togithub.com/rosecodym) in
[https://github.com/trufflesecurity/trufflehog/pull/2293](https://togithub.com/trufflesecurity/trufflehog/pull/2293)
- \[feat] - Provide CLI flag to only use custom verifiers by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2299](https://togithub.com/trufflesecurity/trufflehog/pull/2299)
- Disable postgres detector because it it too sensitive by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2303](https://togithub.com/trufflesecurity/trufflehog/pull/2303)

**Full Changelog**:
trufflesecurity/trufflehog@v3.63.8...v3.63.9

###
[`v3.63.8`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.8)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.7...v3.63.8)

#### What's Changed

- Fix commit message single quote escaping on GitHub Action by
[@&#8203;0x2b3bfa0](https://togithub.com/0x2b3bfa0) in
[https://github.com/trufflesecurity/trufflehog/pull/2259](https://togithub.com/trufflesecurity/trufflehog/pull/2259)
- fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0
\[security] by [@&#8203;renovate](https://togithub.com/renovate) in
[https://github.com/trufflesecurity/trufflehog/pull/2263](https://togithub.com/trufflesecurity/trufflehog/pull/2263)
- Fix non-ASCII whitespace on GitHub Action by
[@&#8203;0x2b3bfa0](https://togithub.com/0x2b3bfa0) in
[https://github.com/trufflesecurity/trufflehog/pull/2270](https://togithub.com/trufflesecurity/trufflehog/pull/2270)
- Update GitParse logic to handle edge case. by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2206](https://togithub.com/trufflesecurity/trufflehog/pull/2206)
- \[chore] Add test to check all versioned detectors are non-zero by
[@&#8203;mcastorina](https://togithub.com/mcastorina) in
[https://github.com/trufflesecurity/trufflehog/pull/2272](https://togithub.com/trufflesecurity/trufflehog/pull/2272)
- Update stripe detector regex by
[@&#8203;NikhilPanwar](https://togithub.com/NikhilPanwar) in
[https://github.com/trufflesecurity/trufflehog/pull/2261](https://togithub.com/trufflesecurity/trufflehog/pull/2261)
- Update to Sourcegraph Access token format by
[@&#8203;shivasurya](https://togithub.com/shivasurya) in
[https://github.com/trufflesecurity/trufflehog/pull/2254](https://togithub.com/trufflesecurity/trufflehog/pull/2254)
- Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/trufflesecurity/trufflehog/pull/2278](https://togithub.com/trufflesecurity/trufflehog/pull/2278)
- Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/trufflesecurity/trufflehog/pull/2279](https://togithub.com/trufflesecurity/trufflehog/pull/2279)
- Wrap temp deletion err by
[@&#8203;rosecodym](https://togithub.com/rosecodym) in
[https://github.com/trufflesecurity/trufflehog/pull/2277](https://togithub.com/trufflesecurity/trufflehog/pull/2277)
- 1833 Fix syslog udp by [@&#8203;df3rry](https://togithub.com/df3rry)
in
[https://github.com/trufflesecurity/trufflehog/pull/1835](https://togithub.com/trufflesecurity/trufflehog/pull/1835)

#### New Contributors

- [@&#8203;0x2b3bfa0](https://togithub.com/0x2b3bfa0) made their first
contribution in
[https://github.com/trufflesecurity/trufflehog/pull/2259](https://togithub.com/trufflesecurity/trufflehog/pull/2259)
- [@&#8203;NikhilPanwar](https://togithub.com/NikhilPanwar) made their
first contribution in
[https://github.com/trufflesecurity/trufflehog/pull/2261](https://togithub.com/trufflesecurity/trufflehog/pull/2261)
- [@&#8203;df3rry](https://togithub.com/df3rry) made their first
contribution in
[https://github.com/trufflesecurity/trufflehog/pull/1835](https://togithub.com/trufflesecurity/trufflehog/pull/1835)

**Full Changelog**:
trufflesecurity/trufflehog@v3.63.7...v3.63.8

###
[`v3.63.7`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.7)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.6...v3.63.7)

#### What's Changed

- Add skip archive support by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2257](https://togithub.com/trufflesecurity/trufflehog/pull/2257)
- Skip all binaries by
[@&#8203;bill-rich](https://togithub.com/bill-rich) in
[https://github.com/trufflesecurity/trufflehog/pull/2256](https://togithub.com/trufflesecurity/trufflehog/pull/2256)
- Add handlerOpts back by
[@&#8203;bill-rich](https://togithub.com/bill-rich) in
[https://github.com/trufflesecurity/trufflehog/pull/2258](https://togithub.com/trufflesecurity/trufflehog/pull/2258)
- Use directory iterator instead of walkdir by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2260](https://togithub.com/trufflesecurity/trufflehog/pull/2260)

**Full Changelog**:
trufflesecurity/trufflehog@v3.63.6...v3.63.7

###
[`v3.63.6`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.6)

[Compare
Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.5...v3.63.6)

#### What's Changed

- Adds basic if/else check if pid slice is empty by
[@&#8203;codevbus](https://togithub.com/codevbus) in
[https://github.com/trufflesecurity/trufflehog/pull/2244](https://togithub.com/trufflesecurity/trufflehog/pull/2244)
- \[fixup] - move cleanup to run by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2245](https://togithub.com/trufflesecurity/trufflehog/pull/2245)
- shallow cloning + GitHub Action by
[@&#8203;joeleonjr](https://togithub.com/joeleonjr) in
[https://github.com/trufflesecurity/trufflehog/pull/2138](https://togithub.com/trufflesecurity/trufflehog/pull/2138)
- Update GitHub extradata by [@&#8203;rgmz](https://togithub.com/rgmz)
in
[https://github.com/trufflesecurity/trufflehog/pull/2219](https://togithub.com/trufflesecurity/trufflehog/pull/2219)
- Avoid extraneous authentication attempts when verifying Snowflake by
[@&#8203;rgmz](https://togithub.com/rgmz) in
[https://github.com/trufflesecurity/trufflehog/pull/2057](https://togithub.com/trufflesecurity/trufflehog/pull/2057)
- Add missing import by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2246](https://togithub.com/trufflesecurity/trufflehog/pull/2246)
- \[bug] - Bug archive handler memory leak by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2247](https://togithub.com/trufflesecurity/trufflehog/pull/2247)
- \[chore] - use snake_case for naming by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2238](https://togithub.com/trufflesecurity/trufflehog/pull/2238)
- \[chore] - add additional binary extensions to skip by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2235](https://togithub.com/trufflesecurity/trufflehog/pull/2235)
- \[chore] - lower logging level by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2249](https://togithub.com/trufflesecurity/trufflehog/pull/2249)
- \[bug] - Fix Context Timeout-Induced Goroutine Leak in readInChunks by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2251](https://togithub.com/trufflesecurity/trufflehog/pull/2251)
- Dedupe some source log keys by
[@&#8203;rosecodym](https://togithub.com/rosecodym) in
[https://github.com/trufflesecurity/trufflehog/pull/2250](https://togithub.com/trufflesecurity/trufflehog/pull/2250)
- \[fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data;
Optimize /tmp Directory Cleanup by
[@&#8203;ahrav](https://togithub.com/ahrav) in
[https://github.com/trufflesecurity/trufflehog/pull/2253](https://togithub.com/trufflesecurity/trufflehog/pull/2253)
- Use walkdir for tmp cleanup by
[@&#8203;dustin-decker](https://togithub.com/dustin-decker) in
[https://github.com/trufflesecurity/trufflehog/pull/2255](https://togithub.com/trufflesecurity/trufflehog/pull/2255)

**Full Changelog**:
trufflesecurity/trufflehog@v3.63.5...v3.63.6

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/matter-labs/vault-auth-tee).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants