eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,293 commits 5 branches 83 tags 53 MiB
Commit graph

138 commits

Author SHA1 Message Date
Mick Grove
b99cbf9f50 v1.88.0 2026-03-11 20:59:44 -07:00
Mick Grove
b518e349df v1.87.0 2026-03-09 20:46:08 -07:00
Mick Grove
0983581b76 improved yelp and perplexity rules 2026-03-07 07:40:26 -08:00
Mick Grove
fcac8cf1b7 rules updated 2026-03-03 16:47:59 -08:00
Mick Grove
e3bd776406 Fix redis URI matching and sqlite row budget 2026-02-28 14:25:05 -08:00
Mick Grove
4f2738b957 changes in response to PR review 2026-02-28 12:16:08 -07:00
Mick Grove
3220ed3a80 Merge branch 'codex/pr-244-mergeable' into development 
* codex/pr-244-mergeable:
  Add Jira comment and changelog scanning
 2026-02-28 11:14:19 -07:00
Mick Grove
719b91301d Add Jira comment and changelog scanning 2026-02-28 11:13:00 -07:00
Mick Grove
0ae4e8445c Updated kingfisher scan to accept Git repository URLs as positional targets (for example kingfisher scan github.com/org/repo or kingfisher scan https://gitlab.com/group/project.git) without requiring --git-url. 2026-02-26 23:14:18 -07:00
Mick Grove
92f43d2e29 added --turbo mode 2026-02-24 12:25:12 -07:00
Mick Grove
aa29ee0e99 added '--fast' mode which sets maximum scan speed. Omits git commit context and will not base64 decode 2026-02-23 22:34:23 -07:00
Mick Grove
1f4ccb8144 Automatically extracts and scans SQLite database contents for secrets stored in table rows 2026-02-22 23:35:18 -07:00
Mick Grove
51d782a917 Fixes in response to PR review 2026-02-16 09:43:16 -08:00
Mick Grove
0ddf3fc10f Fixes in response to PR review 2026-02-16 07:34:32 -08:00
Mick Grove
39a4e217e3 Kingfisher can now generate an auditor-friendly HTML report 2026-02-15 14:29:42 -08:00
Mick Grove
470120369b refactored code 2026-02-14 14:08:48 -08:00
Mick Grove
5882468177 Added optional validation rate limiting via --validation-rps (global) and repeatable --validation-rps-rule <RULE_SELECTOR=RPS> (per-rule override) for both scan and validate. Throttling now applies across built-in validator types (HTTP/gRPC plus AWS, GCP, Coinbase, MongoDB, Postgres, MySQL, JDBC, JWT, and Azure Storage). Rule selectors support the short form (for example, github=2 matches kingfisher.github.*) with longest-prefix precedence when multiple selectors apply. 2026-02-12 12:33:59 -08:00
Mick Grove
2866367c2e v1.80.0 2026-02-09 12:11:35 -08:00
Mick Grove
9ae6053804 more changes for v1.78.0 2026-02-03 09:37:53 -08:00
Mick Grove
5253204c2a preparing for v1.78.0 2026-02-02 23:22:08 -08:00
Mick Grove
301c656f38 Fix build issues 2026-02-02 08:17:41 -08:00
Mick Grove
8be7941333 Added 'revoke' subcommand and support for a new optional 'revocation' structure to the rules. Supporting GitHub and Slack right now 2026-01-29 12:45:32 -08:00
Mick Grove
7237a931d5 v1.73.0 2026-01-01 22:24:57 -08:00
Mick Grove
61986c469c updated ci build 2025-12-22 09:04:36 -08:00
Mick Grove
587dfc5892 - Fixed deduplication for dependency-provider rules so dependent validations run per blob 
- Updated Artifactory rule entropy and added new artifactory rule
 2025-12-21 22:07:45 -08:00
Mick Grove
2ec6aa5915 fixing test failures 2025-12-16 23:51:22 -08:00
Mick Grove
14d41d560f updated README 2025-12-16 21:13:00 -08:00
Mick Grove
c3123ecbdb fixed test 2025-12-13 13:32:38 -08:00
Mick Grove
962f3ad9ba bug fix 2025-12-12 21:30:51 -08:00
Mick Grove
195f086afc added dark mode for finding + access map viewer 2025-12-12 17:21:17 -08:00
Mick Grove
f1a77a736c Updated precommit behavior and docs 2025-12-09 12:56:55 -08:00
Mick Grove
1f9d692e9f Updated dockerfile to fix failing docker image publishing 2025-12-05 12:44:38 -08:00
Mick Grove
078fa16e6a - Reduced per-match memory usage by compacting stored source locations and interning repeated capture names. 
- Stored optional validation response bodies as boxed strings to avoid allocating empty payloads and to streamline validator caches.
- Parallelized git cloning based on the configured job count and begin scanning repositories as soon as each clone finishes to reduce end-to-end scan times.
- Combined per-repository results into a single aggregate summary after scans complete.
- Added initial access-map support and report viewer html file. Currently beta features.
 2025-12-04 22:02:30 -08:00
Mick Grove
eeafe2fe6b updated tests 2025-11-24 11:08:31 -08:00
Mick Grove
0acaaa0680 Updated Summary to include scan date, kingfisher version ran, and latest kingfisher version available 2025-11-24 10:36:58 -08:00
Mick Grove
ec1e3a3432 - Fixed deduplication to consider rule identifiers so overlapping patterns are not merged before validation 
- Moved 'URI with Username and Secret' to a low-confidence rule
 2025-11-23 11:32:27 -08:00
Mick Grove
42797b747d v1.65.0 2025-11-16 23:30:14 -08:00
Mick Grove
c6b10f0b47 - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-16 23:25:42 -08:00
Mick Grove
f9d75eaadd - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-15 08:11:25 -08:00
Mick Grove
debf3beb8e Fixed broken tests 2025-11-13 15:22:48 -08:00
Mick Grove
2ed94f75d7 added jdbc rule and validator 2025-11-12 22:25:33 -08:00
Mick Grove
d6c1dfc9d0 updated allocator 2025-11-11 13:24:06 -08:00
Mick Grove
dca955a95c v1.63.0 2025-11-10 18:47:51 -08:00
Mick Grove
4efdcc35e1 updated confluent rule with a checksum. Added zuplo rule with a checksum 2025-11-09 08:42:16 -08:00
Mick Grove
8aac161603 fixing rules 2025-11-08 10:48:00 -08:00
Mick Grove
f606f59f93 Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-05 17:19:11 -08:00
Mick Grove
6a5a62a5b5 Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-04 13:07:24 -08:00
Mick Grove
a3e426e6ee Automatically set --no-dedup whenever --manage-baseline is supplied so baseline management retains every occurrence of a finding 2025-11-04 14:06:35 -05:00
Mick Grove
0f953f59a5 pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
 2025-11-04 13:55:31 -05:00
Mick Grove
ca3f175427 updated for v1.61.0 2025-10-30 22:50:41 -07:00