eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,156 commits 5 branches 83 tags 53 MiB
Commit graph

266 commits

Author SHA1 Message Date
Mick Grove
4a74e95756 v1.81.0 2026-02-10 19:43:34 -08:00
Mick Grove
e518fb30f2 v1.81.0 2026-02-10 19:24:19 -08:00
Mick Grove
2a8bb9c361 v1.80.0 2026-02-09 12:27:03 -08:00
Mick Grove
2866367c2e v1.80.0 2026-02-09 12:11:35 -08:00
Mick Grove
ec8761c451 Fix NPM token validation and improve revocation reliability 
- Switch validation endpoint from /-/npm/v1/user to /-/whoami which
  works for all token types regardless of scope/permissions
- Fix revocation token matching: use Regex extractor with Liquid-rendered
  prefix ({{ TOKEN | prefix: 8 }}) to locate the correct token in the
  list response instead of blindly taking objects[0]
- Add Liquid template rendering support in multi-step revocation
  extraction patterns (render_extractor) for dynamic matching
- Add debug logging of HTTP response status and body during revocation
  so -v flag shows full API responses for troubleshooting
- Include response body in extraction failure error messages

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-08 15:14:04 -08:00
Mick Grove
77d951da1a Fixed issues in response to code review 2026-02-06 21:09:51 -08:00
Mick Grove
d3dbb16d66 Fixed issues in response to code review 2026-02-06 21:02:58 -08:00
Mick Grove
1a40fb3bfd Fixed AWS access key validation to support temporary/session keys (ASIA prefix) in addition to long-lived keys (AKIA prefix). 2026-02-06 17:05:32 -08:00
Mick Grove
363b2ce77d added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-04 22:26:57 -08:00
Mick Grove
65251b7213 more changes for v1.78.0 2026-02-03 09:32:06 -08:00
Mick Grove
5253204c2a preparing for v1.78.0 2026-02-02 23:22:08 -08:00
Mick Grove
63f1d515ae preparing for v1.78.0 2026-02-02 18:39:24 -08:00
Mick Grove
32be18bef0 updated alibaba rule 2026-02-01 22:32:00 -08:00
Mick Grove
52f71c4462 updated changelog 2026-01-31 23:14:06 -08:00
Mick Grove
4fd0b74d7d updated changelog 2026-01-31 23:08:30 -08:00
Mick Grove
c40226e939 added revoke command in output for validated credentials. Exposed in the html findings viewer as well 2026-01-31 22:58:53 -08:00
Mick Grove
a5d9dae9b3 added revoke command in output for validated credentials. Exposed in the html findings viewer as well 2026-01-31 22:52:57 -08:00
Mick Grove
5eb743711b updated changelog 2026-01-30 08:07:12 -08:00
Mick Grove
aee1050620 ensured more CLI arguments are global 2026-01-30 08:04:15 -08:00
Mick Grove
8be7941333 Added 'revoke' subcommand and support for a new optional 'revocation' structure to the rules. Supporting GitHub and Slack right now 2026-01-29 12:45:32 -08:00
Mick Grove
1c45efde3e Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 22:24:35 -08:00
Mick Grove
bd4cd4c2c2 Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:57:45 -08:00
Mick Grove
76be1df60c Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
Mick Grove
38a0dd9e26 Switched compression dependencies to pure-Rust bzip2/lzma implementations and pared zip features to avoid C-based codecs for bz2/xz handling. 2026-01-23 10:45:08 -08:00
Mick Grove
216fc1dbdc Switched compression dependencies to pure-Rust bzip2/lzma implementations and pared zip features to avoid C-based codecs for bz2/xz handling. 2026-01-23 09:52:11 -08:00
Mick Grove
bf4f825c72 Switched compression dependencies to pure-Rust bzip2/lzma implementations and pared zip features to avoid C-based codecs for bz2/xz handling. 2026-01-22 22:02:08 -08:00
Mick Grove
b4feb86f47 - Fixed validation deduplication for rules with nested unnamed captures (e.g. (?<REGEX>...(ABC|DEF)...)) to use the primary capture for grouping, ensuring each unique match triggers a separate validation request. 
- Added trace-level (-vv) logging for internal validation dedup keys and grouping to aid debugging.
 2026-01-21 13:13:43 -08:00
Mick Grove
049294af3d Skipped per-repository report writes when an output file is specified and emit a single aggregated report after multi-repository scans to preserve full output content in files. 2026-01-16 12:39:44 -08:00
Mick Grove
caaa31562c Skipped per-repository report writes when an output file is specified and emit a single aggregated report after multi-repository scans to preserve full output content in files. 2026-01-16 10:03:59 -08:00
Mick Grove
8c07fb3f3c - Enhanced Access Map View: added fingerprint display, enabled searching by fingerprint, and implemented bidirectional navigation between Findings and Access Map nodes. 
- Added Slack Access Map support with granular permissions in the tree view.
 2026-01-14 21:45:55 -08:00
Mick Grove
96f585ffa3
 		Merge pull request #182 from mongodb/main 
sync with main
 2026-01-14 17:20:19 -08:00
Mick Grove
26f41fcf7a - Enhanced Access Map View: added fingerprint display, enabled searching by fingerprint, and implemented bidirectional navigation between Findings and Access Map nodes. 
- Added Slack Access Map support with granular permissions in the tree view.
 2026-01-14 17:19:02 -08:00
Mick Grove
02131a6d40
 		Merge pull request #181 from mongodb/development 
preparing v1.74.0
 2026-01-13 21:15:07 -08:00
Mick Grove
f4fc395554 preparing v1.74.0 2026-01-13 17:08:21 -08:00
Mick Grove
4f18541cb6 preparing v1.74.0 2026-01-12 22:50:05 -08:00
Himanshu Kumar Das
6ed438fe68
 		Fix UTF-8 boundary panic in HTTP response body slicing 
The body_looks_like_html() function panicked when byte index 1024 fell inside a multi-byte UTF-8 character (e.g., Chinese text from Gitee). Use is_char_boundary() to find a valid slice point instead of arbitrary byte index.

Signed-off-by: Himanshu Kumar Das <1238723+himanshudas@users.noreply.github.com>
 2026-01-13 03:40:06 +05:30
Mick Grove
7237a931d5 v1.73.0 2026-01-01 22:24:57 -08:00
Mick Grove
37afe7fff5 - Map SARIF result levels from rule confidence 
- Added tag selection support to the bash and PowerShell install scripts.
 2025-12-22 11:31:13 -08:00
Mick Grove
c66069fe4b - Map SARIF result levels from rule confidence 
- Added tag selection support to the bash and PowerShell install scripts.
 2025-12-22 09:45:58 -08:00
Mick Grove
61986c469c updated ci build 2025-12-22 09:04:36 -08:00
Mick Grove
c0e0c7bc2d updated jsonwebtoken 2025-12-22 00:26:21 -08:00
Mick Grove
f1d139242f Aliased "kingfisher self-update" as "kingfisher update" 2025-12-21 23:55:39 -08:00
Mick Grove
957f95d456 Aliased "kingfisher self-update" as "kingfisher update" 2025-12-21 23:43:01 -08:00
Mick Grove
587dfc5892 - Fixed deduplication for dependency-provider rules so dependent validations run per blob 
- Updated Artifactory rule entropy and added new artifactory rule
 2025-12-21 22:07:45 -08:00
Mick Grove
2ec6aa5915 fixing test failures 2025-12-16 23:51:22 -08:00
Mick Grove
14d41d560f updated README 2025-12-16 21:13:00 -08:00
Mick Grove
e67a827e45 improved Jira support and fixed salesforce rule 2025-12-16 18:28:10 -08:00
Mick Grove
d155a33334 improved Jira support and working on salesforce rule, which is broken atm 2025-12-16 16:53:02 -08:00
Mick Grove
9c5e78ccfb bug fix 2025-12-12 21:51:57 -08:00
Mick Grove
962f3ad9ba bug fix 2025-12-12 21:30:51 -08:00