eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,510 commits 5 branches 83 tags 53 MiB
Commit graph

17 commits

Author SHA1 Message Date
Mick Grove
20e08105cf improved github organization scanning 2026-04-30 16:40:43 -07:00
Mick Grove
c387ac08d2 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:09:47 -07:00
Mick Grove
5465d903cf added kingfisher.github.9 to detect the new ~520-character stateless GitHub App installation token format (ghs_<APP_ID>_<JWT>). The legacy 36-character ghs_ rule 2026-04-26 16:56:44 -07:00
Mick Grove
69fb4352f7 cargo update 2026-04-23 16:57:51 -07:00
Mick Grove
79139e49b8 - Fixed the HTML access-map viewer dark mode so charts redraw correctly on theme changes and follow the system color scheme until manually overridden. 
- Fixed [#344](https://github.com/mongodb/kingfisher/issues/344): baseline fingerprints no longer have to be hexadecimal. The fingerprint value emitted by scan output (JSON, JSONL, pretty, SARIF) can now be copied directly into a baseline file and will match on the next scan. --manage-baseline now writes fingerprints in decimal to match scan output, and legacy 16-char hex (and 0x-prefixed hex) entries continue to be accepted, so existing baseline files keep working unchanged.
 2026-04-20 17:54:51 -07:00
Mick Grove
ab162741e8 performance improvements and rule improvements 2026-04-20 09:55:27 -07:00
Mick Grove
a13b175fc5 performance improvements and rule improvements 2026-04-19 14:50:11 -07:00
Luke Young
6048462041 working 2026-04-17 23:25:02 -07:00
Mick Grove
74cad26aed performance improvements and rule improvements 2026-04-17 11:01:46 -07:00
Mick Grove
c89e527053 bug fix 2026-04-16 06:44:12 -07:00
Mick Grove
4b89cd0606 cleaned up dependency tree 2026-04-13 21:44:45 -07:00
Mick Grove
d2008dc3b7 cleaned up dependency tree 2026-04-13 20:43:09 -07:00
Mick Grove
eee7697e24 changes in response to PR review 2026-04-08 09:42:37 -07:00
Mick Grove
0cb854872b Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary. 2026-04-07 23:20:17 -07:00
Mick Grove
413798e27d Apply open Dependabot updates 2026-04-06 23:58:55 -07:00
Mick Grove
45a565fa6e added more rules 2026-04-06 22:18:58 -07:00
Mick Grove
64d21f0f4c track Cargo.lock for reproducible builds 
Fixes Windows CI failure caused by libz-sys v1.1.26 resolving with
missing vendored zlib sources. Pinning via lockfile prevents future
surprise dependency breakage.
 2026-04-04 08:33:11 -07:00