eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
315 commits 5 branches 83 tags 53 MiB
Commit graph

33 commits

Author SHA1 Message Date
Mick Grove
7b193f89a7 - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 22:35:17 -07:00
Mick Grove
611f19fd74 - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 16:45:02 -07:00
Mick Grove
9dd8487d54 preparing for v1.48.0 2025-09-05 09:31:52 -07:00
Mick Grove
ac34f35f61 Optimized memory usage via string interning and extensive data sharing 2025-09-02 19:54:44 -07:00
Mick Grove
2a85f66e4a fix windows x64 builds 2025-08-31 17:26:30 -07:00
Mick Grove
3bed8b36f2 Fix changes in response to code review 2025-08-30 20:07:31 -07:00
Mick Grove
aa2c3ba0cc Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:22 -07:00
Mick Grove
984231e25c Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
b2b5791190 - Improved rules: github oauth2, diffbot, mailchimp, aws 
- Added validation to SauceLabs rule
- Added rules: shodan, bitly, flickr
 2025-08-29 17:24:26 -07:00
Mick Grove
332f2c59f9 added top level 'self-update' cli sub command to update the binary independently. Now supports updating over homebrew managed binary 2025-08-27 15:35:01 -07:00
Mick Grove
910196d11d fixed failing tests 2025-08-21 16:10:52 -07:00
Mick Grove
245fb20670 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00
Mick Grove
a912043eb9 changes in response to code review 2025-08-07 18:45:46 -07:00
Mick Grove
0bdd68c900 JWT tokens without both 'iss' and 'aud' are no longer reported as active credentials 2025-08-07 18:30:40 -07:00
Mick Grove
b71fb5e6e2 JWT tokens without both 'iss' and 'aud' are no longer reported as active credentials 2025-08-07 17:21:16 -07:00
Mick Grove
664cfd0e5c - Fixed header precedence so custom HTTP validation headers like "Accept" are preserved 
- Added new Heroku rule
 2025-08-04 19:32:19 -07:00
Mick Grove
8a74eba160 - New rules: Telegram bot token, OpenWeatherMap, Apify 
- New OpenAI detectors added (@joshlarsen)
- Fixed bug that broke validation when using unnamed group captures
 2025-08-01 16:56:04 -07:00
Mick Grove
0ef4144710 Fixed validation caching for HTTP validators to include rendered headers so inactive secrets no longer appear active, in some cases. Removed pre-commit installation hook, due to bugs 2025-08-01 09:18:29 -07:00
Mick Grove
97135c01fd Fixed validation caching for HTTP validators to include rendered headers so inactive secrets no longer appear active, in some cases 2025-08-01 09:15:24 -07:00
Mick Grove
f0a99dcfcd bug fixes in response to code review. Also added support for ed25519 coinbase cdp api keys 2025-07-31 18:29:21 -07:00
Mick Grove
51bc64339c - Fixed issue when more than 1 named capture group is used in a rule variable 
- Added 2 new liquid template filters: 'b64dec' and 'es256_sign'
- Added custom validator for Coinbase, and a Coinbase rule that uses it
 2025-07-31 16:52:50 -07:00
Mick Grove
793b9e847c Fixed Gitlab support. Added pre-commit and pre-receive installation scripts. 2025-07-23 19:57:33 -07:00
Mick Grove
8f587f62de Updating GitHub Action to generate Docker image. Added rules for Diffbot, ai21, baseten. Fixed supabase rule. Added 'alg' to JWT validation output 2025-07-18 15:26:18 -07:00
Mick Grove
572d8146e7 upgraded cargo dependencies 2025-07-17 14:31:09 -07:00
Mick Grove
352d8ff659 change that hoists the redirect-free reqwest::Client into a single, lazily-initialized static so every call to validate_jwt re-uses the same handle (and therefore the same connection-pool, DNS cache, TLS session cache, etc) 2025-07-14 17:22:51 -07:00
Mick Grove
ee6332a78d change that hoists the redirect-free reqwest::Client into a single, lazily-initialized static so every call to validate_jwt re-uses the same handle (and therefore the same connection-pool, DNS cache, TLS session cache, etc) 2025-07-14 17:22:37 -07:00
Mick Grove
93f1e3b1da JWT validation performs OpenID Connect discovery using the iss claim and verifies signatures via JWKS 2025-07-14 15:31:44 -07:00
Mick Grove
b2a4263669 Added PR review suggestions 2025-07-09 16:00:54 -07:00
Mick Grove
dcb2191fe8 Added validation for Alibaba rule 2025-07-09 15:03:07 -07:00
Mick Grove
cd4f626502 Added support for HTTP request bodies in rule validation. Added mistral and perplexity rule 2025-07-08 17:49:12 -07:00
Mick Grove
28af26b23a Introduced flag – skip files/dirs whose path resembles tests (, , , , ), reducing noise. 2025-06-28 09:16:42 -07:00
Mick Grove
87d2a83e3e Fix: HTML detection now requires both HTML content-type and html tag, fixing webhook false negatives 2025-06-27 15:28:34 -07:00
Mick Grove
fc4aee9e41 preparing for v1.12 2025-06-24 17:17:16 -07:00