eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
311 commits 5 branches 83 tags 53 MiB
Commit graph

127 commits

Author SHA1 Message Date
Mick Grove
ba12a5b2be preparing for v1.48.0 2025-09-05 09:31:52 -07:00
Mick Grove
80aef7e6d7 preparing for v1.48.0 2025-09-05 09:31:43 -07:00
Mick Grove
8d15c8eabf - Improved error message when self-update cannot find the current binary 
- Optimized memory usage via string interning and extensive data sharing
- Replaced quadratic match filtering with a per-rule span map, fixing missed secrets in extremely large files and improving scan performance
- Support scanning extremely large files by chunking input into 1 GiB segments with small overlaps, avoiding vectorscan buffer limits while preserving match offsets
- Always use chunked vectorscan, eliminating the slow regex fallback for blobs over 4 GiB
- Skip Base64 scanning for blobs over 64 MB to avoid a second pass over massive files
- Increased max-file-size default to 64 MB (up from 25 MB)
 2025-09-04 21:51:24 -07:00
Mick Grove
52b2c02ee9 Optimized memory usage via string interning and extensive data sharing 2025-09-03 09:52:49 -07:00
Mick Grove
c3513ea206 Optimized memory usage via string interning and extensive data sharing 2025-09-02 19:54:44 -07:00
Mick Grove
23102f4b59 Improved error message when self-update cannot find the current binary 2025-09-02 13:59:01 -07:00
Mick Grove
def8789c31 fix windows x64 builds 2025-08-31 17:26:30 -07:00
Mick Grove
43fce5159a Fix changes in response to code review 2025-08-30 20:07:31 -07:00
Mick Grove
5c33aa0b71 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:22 -07:00
Mick Grove
5638a6cb45 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:11 -07:00
Mick Grove
9de355a5c8 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
e54dbe90d0 - Improved rules: github oauth2, diffbot, mailchimp, aws 
- Added validation to SauceLabs rule
- Added rules: shodan, bitly, flickr
 2025-08-29 17:24:26 -07:00
Mick Grove
b3f80d7a33 added top level 'self-update' cli sub command to update the binary independently. Now supports updating over homebrew managed binary 2025-08-27 15:35:01 -07:00
Mick Grove
c4cda65690 added rules for zhipu 2025-08-27 12:43:41 -07:00
Mick Grove
639fc60955 Added a new install-precommit subcommand that installs a git pre-commit hook, prompting or accepting --global/--repo flags to control scope and configuring the hook to run kingfisher --quiet --only-valid --no-update-check 2025-08-22 17:33:03 -07:00
Mick Grove
231b92e52e Added a new install-precommit subcommand that installs a git pre-commit hook, prompting or accepting --global/--repo flags to control scope and configuring the hook to run kingfisher --quiet --only-valid --no-update-check 2025-08-22 17:26:48 -07:00
Mick Grove
d841b72e6c fixed failing tests 2025-08-21 16:10:52 -07:00
Mick Grove
81d2f47c67 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00
Mick Grove
f820aaad6e - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 2025-08-20 20:41:19 -07:00
Mick Grove
6e4c94ddc3 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 2025-08-20 20:41:11 -07:00
Mick Grove
32b11dd409 Added '--skip-regex' and '--skip-word' flags to ignore secrets matching custom patterns or skipwords 2025-08-19 19:19:13 -07:00
Mick Grove
d3bf941c5f Added '--skip-regex' and '--skip-word' flags to ignore secrets matching custom patterns or skipwords 2025-08-19 19:18:25 -07:00
Mick Grove
2411b86b78 - Fixed issue with self-update on Linux 
- Reverted the change to json and jsonl outputs by rule
 2025-08-19 11:55:28 -07:00
Mick Grove
343c08ed00 Fixed issue with self-update on Linux 2025-08-19 09:30:26 -07:00
Mick Grove
951b62d61e - Added rules for clearbit, kickbox, azure container registry, improved Azure Storage key 
- Grouped JSON and JSONL outputs by rule, restoring matches arrays in reports
 2025-08-18 22:56:34 -07:00
Mick Grove
ab6ac8943a fixing windows tests 2025-08-17 21:11:09 -07:00
Mick Grove
14cd646ece fixing issues reported by code review 2025-08-17 18:02:36 -07:00
Mick Grove
2b062163e2 fixed failing tests 2025-08-17 17:41:51 -07:00
Mick Grove
125858c060 fixed failing tests 2025-08-17 17:41:34 -07:00
Mick Grove
80058136af removed serde_utils and added Authress rule 2025-08-16 07:34:02 -07:00
Mick Grove
6fb119d501 removed serde_utils and added Authress rule 2025-08-16 07:33:36 -07:00
Mick Grove
695b051e24 Improved language detection 2025-08-15 16:08:46 -07:00
Mick Grove
19baf9c43d refactored rule loading 2025-08-15 13:13:54 -07:00
Mick Grove
5b8e83f5e7 refactored rule loading 2025-08-15 13:13:33 -07:00
Mick Grove
9b282cb33f code cleanup' 2025-08-15 09:07:25 -07:00
Mick Grove
14fccc9cc6 - Added support for scanning gitlab subgroups, with 'kingfisher scan --gitlab-group my-group --gitlab-include-subgroups' 2025-08-14 09:25:18 -07:00
Mick Grove
f90c0a6eff Improved Tailscale api key detectors 2025-08-13 09:13:50 -07:00
Mick Grove
8c71eae231 Dropped the “prevalidated” flag from rule definitions and validation logic so every finding now flows through the standard active/inactive/unknown pipeline, simplifying rule configuration and preventing special‑case bypasses 2025-08-13 08:22:53 -07:00
Mick Grove
98ce4b9296 Added support for scanning Confluence pages 2025-08-11 09:03:58 -07:00
Mick Grove
35e4b9011d Added support for scanning Confluence pages 2025-08-11 08:26:49 -07:00
Mick Grove
39588cc098 Added support for scanning Confluence pages 2025-08-11 08:25:24 -07:00
Mick Grove
22c5594b53 Added support for scanning Confluence pages 2025-08-10 21:51:31 -07:00
Mick Grove
f4a1e85b26 removed unused cli argument, snippet-length 2025-08-10 17:27:36 -07:00
Mick Grove
706723e384 removed unused cli argument, snippet-length 2025-08-10 17:25:32 -07:00
Mick Grove
2fd6cd30e1 - --quiet now suppresses scan summaries and rule statistics unless --rule-stats is explicitly provided 
- Added X Consumer key detection and validation
 2025-08-09 15:36:12 -07:00
Mick Grove
c419c164a8 GitLab: include nested subgroup projects when enumerating group repositories 2025-08-08 21:42:49 -07:00
Mick Grove
2c7b0f7705 GitLab: include nested subgroup projects when enumerating group repositories 2025-08-08 18:08:17 -07:00
Mick Grove
b0ce44f709 GitLab: include nested subgroup projects when enumerating group repositories 2025-08-08 15:12:33 -07:00
Mick Grove
96a08ed8ed GitLab: include nested subgroup projects when enumerating group repositories 2025-08-08 15:11:44 -07:00
Mick Grove
97956bcc3f GitLab: include nested subgroup projects when enumerating group repositories 2025-08-08 15:11:36 -07:00