eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,048 commits 5 branches 83 tags 53 MiB
Commit graph

1,048 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mick Grove
96f585ffa3
 		Merge pull request #182 from mongodb/main 
sync with main
 2026-01-14 17:20:19 -08:00
Mick Grove
26f41fcf7a - Enhanced Access Map View: added fingerprint display, enabled searching by fingerprint, and implemented bidirectional navigation between Findings and Access Map nodes. 
- Added Slack Access Map support with granular permissions in the tree view.
 2026-01-14 17:19:02 -08:00
Mick Grove
02131a6d40
 		Merge pull request #181 from mongodb/development v1.74.0 
preparing v1.74.0
 2026-01-13 21:15:07 -08:00
Mick Grove
bcf3e278a1 preparing v1.74.0 2026-01-13 18:08:46 -08:00
Mick Grove
f4fc395554 preparing v1.74.0 2026-01-13 17:08:21 -08:00
Mick Grove
a93419bd33 preparing v1.74.0 2026-01-13 14:26:50 -08:00
Mick Grove
e10f6c6e2a
 		Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Mick Grove <mick.grove@mongodb.com>
 2026-01-13 10:37:37 -08:00
Mick Grove
b0c05ff8a2 preparing v1.74.0 2026-01-13 10:32:20 -08:00
Mick Grove
51588dbb6a preparing v1.74.0 2026-01-13 10:32:09 -08:00
Mick Grove
c77c95be3f
 		Merge pull request #180 from AkshayJainG/add-short-openai-key-detection 
Add detection for short sk-None- prefixed OpenAI API keys
 2026-01-13 08:41:23 -08:00
Akshay Jain
69d447dcc9 Add detection for short sk-None- prefixed OpenAI API keys 
OpenAI issues keys with sk-None- prefix in both short (56 char) and long
(130+ char) formats. The existing openai.2 rule only matches long keys
with {100,} minimum length. This adds openai.3 to detect the short variant:
sk-None- followed by exactly 48 alphanumeric characters.

Fixes detection gap where trufflehog found valid keys that kingfisher missed.
 2026-01-13 13:40:16 +05:30
Mick Grove
abe546fd59 preparing v1.74.0 2026-01-12 22:51:40 -08:00
Mick Grove
4f18541cb6 preparing v1.74.0 2026-01-12 22:50:05 -08:00
Mick Grove
75dd8f66dc
 		Merge pull request #178 from AkshayJainG/add-scraperapi-rule 
Add ScraperAPI key detection rule
 2026-01-12 22:44:25 -08:00
Mick Grove
065e18be63
 		Merge pull request #179 from himanshudas/main 
Fix UTF-8 boundary panic in HTTP response body slicing
 2026-01-12 22:44:18 -08:00
Himanshu Kumar Das
6ed438fe68
 		Fix UTF-8 boundary panic in HTTP response body slicing 
The body_looks_like_html() function panicked when byte index 1024 fell inside a multi-byte UTF-8 character (e.g., Chinese text from Gitee). Use is_char_boundary() to find a valid slice point instead of arbitrary byte index.

Signed-off-by: Himanshu Kumar Das <1238723+himanshudas@users.noreply.github.com>
 2026-01-13 03:40:06 +05:30
Akshay Jain
98d009deae Add ScraperAPI key detection rule 
Adds a new rule to detect ScraperAPI keys with:
- Pattern matching for 32-character alphanumeric keys
- Live validation against ScraperAPI endpoint
- Medium confidence with entropy check (min 3.5)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-07 13:38:53 +05:30
Mick Grove
f164122349
 		Merge pull request #175 from mongodb/mickgmdb-README-video-update v1.73.0 
Update demo link in README.md
 2026-01-02 16:06:23 -08:00
Mick Grove
bb038df5ff
 		Update demo link in README.md 
Signed-off-by: Mick Grove <mick.grove@mongodb.com>
 2026-01-02 16:06:03 -08:00
Mick Grove
51bf9d02da
 		Merge pull request #173 from mongodb/development 
v1.73.0
 2026-01-02 15:38:08 -08:00
Mick Grove
b54e5329a2 v1.73.0 2026-01-02 13:29:45 -08:00
Mick Grove
7bde8a9a9b v1.73.0 2026-01-02 13:04:30 -08:00
Mick Grove
6c464fdb19 v1.73.0 2026-01-02 13:03:18 -08:00
Mick Grove
f19c9cbe2b v1.73.0 2026-01-02 12:52:51 -08:00
Mick Grove
08cccfd6ef v1.73.0 2026-01-02 12:49:58 -08:00
Mick Grove
239a200c22 v1.73.0 2026-01-01 22:34:51 -08:00
Mick Grove
7237a931d5 v1.73.0 2026-01-01 22:24:57 -08:00
Mick Grove
900aefddf2 v1.73.0 2026-01-01 22:24:32 -08:00
Mick Grove
bc0080b4e2
 		Merge pull request #169 from mongodb/development v1.72.0 
v1.72.0
 2025-12-22 13:39:56 -08:00
Mick Grove
37afe7fff5 - Map SARIF result levels from rule confidence 
- Added tag selection support to the bash and PowerShell install scripts.
 2025-12-22 11:31:13 -08:00
Mick Grove
7f7b2d7cb9 - Map SARIF result levels from rule confidence 
- Added tag selection support to the bash and PowerShell install scripts.
 2025-12-22 09:47:12 -08:00
Mick Grove
c66069fe4b - Map SARIF result levels from rule confidence 
- Added tag selection support to the bash and PowerShell install scripts.
 2025-12-22 09:45:58 -08:00
Mick Grove
61986c469c updated ci build 2025-12-22 09:04:36 -08:00
Mick Grove
7f0d7b11ee updated ci build 2025-12-22 09:04:25 -08:00
Mick Grove
f9761fc906 updated jsonwebtoken 2025-12-22 08:44:07 -08:00
Mick Grove
3207176814 updated jsonwebtoken 2025-12-22 00:40:21 -08:00
Mick Grove
d50ff3ff66 updated jsonwebtoken 2025-12-22 00:36:36 -08:00
Mick Grove
c0e0c7bc2d updated jsonwebtoken 2025-12-22 00:26:21 -08:00
Mick Grove
ef63dfb4a7 updated jsonwebtoken 2025-12-22 00:25:20 -08:00
Mick Grove
f1d139242f Aliased "kingfisher self-update" as "kingfisher update" 2025-12-21 23:55:39 -08:00
Mick Grove
957f95d456 Aliased "kingfisher self-update" as "kingfisher update" 2025-12-21 23:43:01 -08:00
Mick Grove
64b5e46b2b - Fixed deduplication for dependency-provider rules so dependent validations run per blob 
- Updated Artifactory rule entropy and added new artifactory rule
 2025-12-21 22:08:51 -08:00
Mick Grove
78c0a1f158 - Fixed deduplication for dependency-provider rules so dependent validations run per blob 
- Updated Artifactory rule entropy and added new artifactory rule
 2025-12-21 22:08:21 -08:00
Mick Grove
587dfc5892 - Fixed deduplication for dependency-provider rules so dependent validations run per blob 
- Updated Artifactory rule entropy and added new artifactory rule
 2025-12-21 22:07:45 -08:00
Mick Grove
3bd2ae9243
 		Merge pull request #168 from mongodb/main 
sync dev and main
 2025-12-21 19:38:12 -08:00
Mick Grove
02edefdb96
 		Merge pull request #166 from trevermckee/feature/add-jfrog-reference-token-checks 
Add JFrog Artifactory Reference Token rule.
 2025-12-21 19:36:43 -08:00
Trever McKee
093dbd58f6 Add JFrog Artifactory Reference Token rule. 2025-12-19 11:11:29 -08:00
Mick Grove
255f320da3
 		Merge pull request #165 from mongodb/development v1.71.0 
v1.71.0
 2025-12-17 12:22:30 -08:00
Mick Grove
0b8f98ea16 fixed rule 2025-12-17 12:21:26 -08:00
Mick Grove
7985f1206c
 		Merge pull request #164 from mongodb/development 
v1.71.0
 2025-12-17 12:15:43 -08:00