eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,148 commits 5 branches 83 tags 53 MiB
Commit graph

19 commits

Author SHA1 Message Date
Mick Grove
2866367c2e v1.80.0 2026-02-09 12:11:35 -08:00
Mick Grove
ec8761c451 Fix NPM token validation and improve revocation reliability 
- Switch validation endpoint from /-/npm/v1/user to /-/whoami which
  works for all token types regardless of scope/permissions
- Fix revocation token matching: use Regex extractor with Liquid-rendered
  prefix ({{ TOKEN | prefix: 8 }}) to locate the correct token in the
  list response instead of blindly taking objects[0]
- Add Liquid template rendering support in multi-step revocation
  extraction patterns (render_extractor) for dynamic matching
- Add debug logging of HTTP response status and body during revocation
  so -v flag shows full API responses for troubleshooting
- Include response body in extraction failure error messages

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-08 15:14:04 -08:00
Mick Grove
1a40fb3bfd Fixed AWS access key validation to support temporary/session keys (ASIA prefix) in addition to long-lived keys (AKIA prefix). 2026-02-06 17:05:32 -08:00
Mick Grove
2391c01c36 added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-04 22:57:56 -08:00
Mick Grove
363b2ce77d added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-04 22:26:57 -08:00
Mick Grove
605ff11eee
 		Merge pull request #214 from bored-engineer/patch-22 
fix(dockerhub): use username for OAT validation
 2026-02-03 08:49:49 -08:00
Mick Grove
5253204c2a preparing for v1.78.0 2026-02-02 23:22:08 -08:00
Luke Young
9091a520c8
 		fix(dockerhub): use username for OAT validation 
Signed-off-by: Luke Young <bored-engineer@users.noreply.github.com>
 2026-02-02 16:22:18 -08:00
Mick Grove
773ec70a35 Merge main into development (resolve conflicts) 2026-02-01 23:13:38 -08:00
Mick Grove
5ceab9662d fixes in response to pr review 2026-02-01 22:59:01 -08:00
Mick Grove
91c48ff7f8 fixes in response to pr review 2026-02-01 22:58:01 -08:00
Mick Grove
92ca07739a updated alibaba rule 2026-02-01 22:31:52 -08:00
Mick Grove
a5d9dae9b3 added revoke command in output for validated credentials. Exposed in the html findings viewer as well 2026-01-31 22:52:57 -08:00
Mick Grove
a31885e6f2 sync with main 2026-01-31 22:31:56 -08:00
Mick Grove
181df458ba Merge main into development 
- Added mercury.yml and neon.yml rules from main
- Merged Docker Hub Organization Access Token rule from main into updated dockerhub.yml
- Resolved file location conflicts due to rules directory restructuring
 2026-01-31 21:57:57 -08:00
Mick Grove
8491b03ff0 dockerhub rule update and docs update 2026-01-31 21:54:08 -08:00
Mick Grove
aee1050620 ensured more CLI arguments are global 2026-01-30 08:04:15 -08:00
Mick Grove
8be7941333 Added 'revoke' subcommand and support for a new optional 'revocation' structure to the rules. Supporting GitHub and Slack right now 2026-01-29 12:45:32 -08:00
Mick Grove
76be1df60c Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00