eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,525 commits 5 branches 83 tags 53 MiB
Commit graph

186 commits

Author SHA1 Message Date
Mick Grove
1636b07810 preparing for v1.100.0 2026-05-18 09:42:04 -07:00
Mick Grove
31663b03b5 Release binary trimmed from 34 MB to 26 MB (~24% smaller). Switched jsonwebtoken to its rust_crypto backend (eliminates our scanner's pull on aws-lc-rs), bumped workspace hmac 0.12→0.13, sha1 0.10→0.11, sha2 0.10→0.11 to deduplicate our internal crypto code with the AWS sigv4 side, and migrated affected call sites in kingfisher-core, kingfisher-rules, and kingfisher-scanner to the digest-0.11 API (hex::encode for hex digests, explicit KeyInit import for HMAC). 2026-05-07 13:46:17 -07:00
Mick Grove
910d6d9dd3 preparing for v1.99.0 2026-05-04 19:24:46 -07:00
Mick Grove
a9cdaea6cd preparing for v1.99.0 2026-05-04 14:48:41 -07:00
Mick Grove
0e1fe0cede webhook support and kingfisher configuration yaml support 2026-05-03 23:10:45 -07:00
Mick Grove
a4cf3990a5 webhook support and kingfisher configuration yaml support 2026-05-03 22:11:26 -07:00
Mick Grove
1619737e2c improved access map viewer 2026-04-30 18:11:10 -07:00
Mick Grove
90737f098c copilot fixes 2026-04-30 09:29:23 -07:00
Mick Grove
2c08659563 copilot fixes 2026-04-30 00:32:49 -07:00
Mick Grove
c94bd89195 copilot fixes 2026-04-29 23:42:33 -07:00
Mick Grove
30b9eba427 copilot fixes 2026-04-29 22:50:31 -07:00
Mick Grove
c387ac08d2 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:09:47 -07:00
Mick Grove
0b89e4b02f added blog posts 2026-04-28 19:21:44 -07:00
Mick Grove
cafa97f8d1 Updated rule 2026-04-27 14:26:07 -07:00
Mick Grove
19dafa42ea Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances. 2026-04-27 13:20:16 -07:00
Mick Grove
5465d903cf added kingfisher.github.9 to detect the new ~520-character stateless GitHub App installation token format (ghs_<APP_ID>_<JWT>). The legacy 36-character ghs_ rule 2026-04-26 16:56:44 -07:00
Mick Grove
ceff3ab1c5 performance improvements and rule improvements 2026-04-24 00:23:50 -07:00
Mick Grove
a4e8117c8e performance improvements and rule improvements 2026-04-24 00:14:56 -07:00
Mick Grove
cb4951c62c performance improvements and rule improvements 2026-04-23 17:25:07 -07:00
Mick Grove
eb339505f6 performance improvements and rule improvements 2026-04-23 16:54:21 -07:00
Mick Grove
d8e0a41fe8 performance improvements and rule improvements 2026-04-23 14:42:10 -07:00
Mick Grove
30fcc49d92 performance improvements and rule improvements 2026-04-22 21:44:09 -07:00
Mick Grove
88e8604dc5 performance improvements and rule improvements 2026-04-22 20:41:44 -07:00
Mick Grove
2ef065abf9 performance improvements and rule improvements 2026-04-21 16:54:01 -07:00
Mick Grove
3645db2214 performance improvements and rule improvements 2026-04-21 16:44:49 -07:00
Mick Grove
d19893dd6f performance improvements and rule improvements 2026-04-21 16:08:14 -07:00
Mick Grove
0afd39416c performance improvements and rule improvements 2026-04-21 14:52:03 -07:00
Mick Grove
bc65ce9d5b performance improvements and rule improvements 2026-04-21 14:32:32 -07:00
Mick Grove
b213e706c1 performance improvements and rule improvements 2026-04-21 14:08:50 -07:00
Mick Grove
79139e49b8 - Fixed the HTML access-map viewer dark mode so charts redraw correctly on theme changes and follow the system color scheme until manually overridden. 
- Fixed [#344](https://github.com/mongodb/kingfisher/issues/344): baseline fingerprints no longer have to be hexadecimal. The fingerprint value emitted by scan output (JSON, JSONL, pretty, SARIF) can now be copied directly into a baseline file and will match on the next scan. --manage-baseline now writes fingerprints in decimal to match scan output, and legacy 16-char hex (and 0x-prefixed hex) entries continue to be accepted, so existing baseline files keep working unchanged.
 2026-04-20 17:54:51 -07:00
Mick Grove
ab162741e8 performance improvements and rule improvements 2026-04-20 09:55:27 -07:00
Mick Grove
f22b7768e9 fix(github): address PR review feedback 
- Update X-GitHub-Api-Version to 2026-03-10 for /credentials/revoke
  endpoint (the endpoint is only documented under this API version).
- Clarify sha256_b32 filter description: note that the optional `len`
  parameter may produce output that is not valid RFC 4648 Base32.
- Move base32 to [workspace.dependencies] and reference it via
  .workspace = true from both the root crate and kingfisher-rules
  to avoid version skew.
 2026-04-20 08:44:41 -07:00
Mick Grove
745b32011d performance improvements and rule improvements 2026-04-19 22:04:10 -07:00
Mick Grove
2ca40c1ad8 performance improvements and rule improvements 2026-04-19 20:04:28 -07:00
Mick Grove
c50b3ba292 performance improvements and rule improvements 2026-04-19 16:33:13 -07:00
Mick Grove
a13b175fc5 performance improvements and rule improvements 2026-04-19 14:50:11 -07:00
Mick Grove
9ca6750d6d performance improvements and rule improvements 2026-04-19 09:10:48 -07:00
Mick Grove
c73a0228a9 performance improvements and rule improvements 2026-04-19 08:48:56 -07:00
Mick Grove
2ba2883d28 performance improvements and rule improvements 2026-04-18 08:50:55 -07:00
Mick Grove
9cf09bf831 performance improvements and rule improvements 2026-04-18 08:45:21 -07:00
Mick Grove
3d4b5a5d33 performance improvements and rule improvements 2026-04-18 08:43:21 -07:00
Mick Grove
42d07b7e7c performance improvements and rule improvements 2026-04-18 08:27:51 -07:00
Mick Grove
102c147fad performance improvements and rule improvements 2026-04-18 08:09:57 -07:00
Luke Young
6048462041 working 2026-04-17 23:25:02 -07:00
Luke Young
9cf22e27fc
 		fix(kingfisher.github.1): add checksum validation for GitHub fine-grained PATs 
Updated GitHub PAT rule to include checksum validation.

Signed-off-by: Luke Young <bored-engineer@users.noreply.github.com>
 2026-04-17 22:10:03 -07:00
Mick Grove
5ff11a14dc performance improvements and rule improvements 2026-04-17 18:01:36 -07:00
Mick Grove
af109ec01e performance improvements and rule improvements 
Made-with: Cursor
 2026-04-17 17:13:12 -07:00
Mick Grove
e4cd6dd164 performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
Mick Grove
6ca8665d2b performance improvements and rule improvements 2026-04-17 16:36:30 -07:00
Mick Grove
385c2187ee performance improvements and rule improvements 2026-04-17 16:14:22 -07:00