eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
493 commits 5 branches 83 tags 53 MiB
Commit graph

145 commits

Author SHA1 Message Date
Mick Grove
17e0ca3594 - Updating to support Bitbucket App Passwords 
- Improved boundaries for several rules
- Added more rules
 2025-11-20 16:33:28 -08:00
Mick Grove
c6b10f0b47 - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-16 23:25:42 -08:00
Mick Grove
8d77f9d298 - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-15 08:43:54 -08:00
Mick Grove
9853d346a6 - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-15 08:23:06 -08:00
Mick Grove
f9d75eaadd - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-15 08:11:25 -08:00
Mick Grove
554ca07803 added jdbc rule and validator 2025-11-12 22:26:29 -08:00
Mick Grove
2ed94f75d7 added jdbc rule and validator 2025-11-12 22:25:33 -08:00
Mick Grove
dca955a95c v1.63.0 2025-11-10 18:47:51 -08:00
Mick Grove
06aa69b91d Fixing CI builds for Windows on GitHub Actions 2025-11-09 17:06:20 -08:00
Mick Grove
22188647bb Fixing CI builds for Windows on GitHub Actions 2025-11-09 16:50:29 -08:00
Mick Grove
4efdcc35e1 updated confluent rule with a checksum. Added zuplo rule with a checksum 2025-11-09 08:42:16 -08:00
Mick Grove
94a51c3d04 updated confluent rule with a checksum. Added zuplo rule with a checksum 2025-11-08 16:01:58 -08:00
Mick Grove
8aac161603 fixing rules 2025-11-08 10:48:00 -08:00
Mick Grove
a06bd0a32b Added checksum comparisons to pattern_requirements, new suffix, crc32, and base62 Liquid filters, and verbose logging so mismatched checksums are skipped with context rather than reported as findings. 2025-11-07 18:49:03 -08:00
Mick Grove
ccbbbad5bc Added checksum comparisons to pattern_requirements, new suffix, crc32, and base62 Liquid filters, and verbose logging so mismatched checksums are skipped with context rather than reported as findings. 2025-11-07 16:31:24 -08:00
Mick Grove
9c4e459a14 updated ci 2025-11-06 16:22:35 -08:00
Mick Grove
dd55d45b9a updated ci 2025-11-06 09:11:24 -08:00
Mick Grove
303f715a80 updated ci 2025-11-05 22:35:29 -08:00
Mick Grove
2f7410bcb4 updated ci 2025-11-05 18:30:21 -08:00
Mick Grove
f606f59f93 Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-05 17:19:11 -08:00
Mick Grove
6a5a62a5b5 Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-04 13:07:24 -08:00
Mick Grove
0f953f59a5 pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
 2025-11-04 13:55:31 -05:00
Mick Grove
ca3f175427 updated for v1.61.0 2025-10-30 22:50:41 -07:00
Mick Grove
cb22388bd1 updated smoke_branch tests 2025-10-26 11:53:29 -07:00
Mick Grove
7d9d3be132 - Fixed local filesystem scans to keep open_path_as_is enabled when opening Git repositories and only disable it for diff-based scans. 
- Created Linux and Windows specific installer script
- Updated diff-focused scanning so --branch-root-commit can be provided alongside --branch, letting you diff from a chosen commit while targeting a specific branch tip (still defaulting back to the --branch ref when the commit is omitted).
 2025-10-25 17:12:51 -07:00
Mick Grove
0ec8ebd59b added tests for --branch and --since-commit feature 2025-10-23 17:27:40 -07:00
Mick Grove
98333a4bda updated anthropic rule 2025-10-23 15:02:30 -07:00
Mick Grove
a08f588a0f updated maxmind rule 2025-10-22 18:49:20 -07:00
Mick Grove
1b181a368a - Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. 
- Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style.
- Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands.
- Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only.
- Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request.
- Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket.
 2025-10-22 16:24:09 -07:00
Mick Grove
122885199d - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 18:23:12 -07:00
Mick Grove
ec1d640b74 Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
d6d854c168 - Improved performance of tree-sitter parsing 
- Updated Windows build script to ensure static binary is produced
 2025-10-03 17:22:28 -07:00
Mick Grove
645bfa2e01 Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-24 10:06:47 -07:00
Mick Grove
def9e5d18c updated rule for AWS Secret Access key 2025-09-10 13:29:19 -07:00
Mick Grove
6a1d9e4142 - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 16:45:02 -07:00
Mick Grove
9b6c67c243 updated jwt rule 2025-09-04 23:31:34 -07:00
Mick Grove
dcd0460e8a fix ci build error 2025-08-31 10:27:16 -07:00
Mick Grove
43fce5159a Fix changes in response to code review 2025-08-30 20:07:31 -07:00
Mick Grove
9de355a5c8 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
e54dbe90d0 - Improved rules: github oauth2, diffbot, mailchimp, aws 
- Added validation to SauceLabs rule
- Added rules: shodan, bitly, flickr
 2025-08-29 17:24:26 -07:00
Mick Grove
4f77706d0c changes in response to code review 2025-08-27 15:43:31 -07:00
Mick Grove
b3f80d7a33 added top level 'self-update' cli sub command to update the binary independently. Now supports updating over homebrew managed binary 2025-08-27 15:35:01 -07:00
Mick Grove
c4cda65690 added rules for zhipu 2025-08-27 12:43:41 -07:00
Mick Grove
8798d799f9 added rules for together.ai 2025-08-27 12:20:44 -07:00
Mick Grove
41b237740b added rules for nvidia nim 2025-08-27 11:39:32 -07:00
Mick Grove
0bd7a428f6 added rules for cerbras, friendli, fireworks.ai 2025-08-27 11:25:39 -07:00
Mick Grove
1945d65a70 Added rule for 'weights and biases' 2025-08-27 10:20:04 -07:00
Mick Grove
b54f9894c2 added ollama rule 2025-08-26 10:22:18 -07:00
Mick Grove
78b9f3dd8d - Improved rules: AWS, pem 2025-08-22 16:16:00 -07:00
Mick Grove
ef4cb03226 mproved AWS rule 2025-08-22 13:26:54 -07:00