eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
462 commits 5 branches 83 tags 53 MiB
Commit graph

135 commits

Author SHA1 Message Date
Mick Grove
c856373fb5 updated confluent rule with a checksum. Added zuplo rule with a checksum 2025-11-09 08:42:16 -08:00
Mick Grove
1ee9e804b0 updated confluent rule with a checksum. Added zuplo rule with a checksum 2025-11-08 16:01:58 -08:00
Mick Grove
065b26a220 fixing rules 2025-11-08 10:48:00 -08:00
Mick Grove
76a7422666 Added checksum comparisons to pattern_requirements, new suffix, crc32, and base62 Liquid filters, and verbose logging so mismatched checksums are skipped with context rather than reported as findings. 2025-11-07 18:49:03 -08:00
Mick Grove
12730bb609 Added checksum comparisons to pattern_requirements, new suffix, crc32, and base62 Liquid filters, and verbose logging so mismatched checksums are skipped with context rather than reported as findings. 2025-11-07 16:31:24 -08:00
Mick Grove
5b9c4743a5 updated ci 2025-11-06 16:22:35 -08:00
Mick Grove
724690dba8 updated ci 2025-11-06 09:11:24 -08:00
Mick Grove
563c1a4be0 updated ci 2025-11-05 22:35:29 -08:00
Mick Grove
c9555422b4 updated ci 2025-11-05 18:30:21 -08:00
Mick Grove
dc02abac63 Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-05 17:19:11 -08:00
Mick Grove
046ac6a052 Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-04 13:07:24 -08:00
Mick Grove
c0e4910d1f pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
 2025-11-04 13:55:31 -05:00
Mick Grove
96f268d638 updated for v1.61.0 2025-10-30 22:50:41 -07:00
Mick Grove
ef45ead4b1 updated smoke_branch tests 2025-10-26 11:53:29 -07:00
Mick Grove
3627323cb0 - Fixed local filesystem scans to keep open_path_as_is enabled when opening Git repositories and only disable it for diff-based scans. 
- Created Linux and Windows specific installer script
- Updated diff-focused scanning so --branch-root-commit can be provided alongside --branch, letting you diff from a chosen commit while targeting a specific branch tip (still defaulting back to the --branch ref when the commit is omitted).
 2025-10-25 17:12:51 -07:00
Mick Grove
1ca9c023ac added tests for --branch and --since-commit feature 2025-10-23 17:27:40 -07:00
Mick Grove
01460fe00c updated anthropic rule 2025-10-23 15:02:30 -07:00
Mick Grove
a655bc8803 updated maxmind rule 2025-10-22 18:49:20 -07:00
Mick Grove
5f8baed46c - Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. 
- Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style.
- Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands.
- Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only.
- Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request.
- Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket.
 2025-10-22 16:24:09 -07:00
Mick Grove
212bda4100 - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 18:23:12 -07:00
Mick Grove
69dc42f5bb Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
74e47fc592 - Improved performance of tree-sitter parsing 
- Updated Windows build script to ensure static binary is produced
 2025-10-03 17:22:28 -07:00
Mick Grove
69c14f7451 Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-24 10:06:47 -07:00
Mick Grove
e74a42c20b updated rule for AWS Secret Access key 2025-09-10 13:29:19 -07:00
Mick Grove
611f19fd74 - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 16:45:02 -07:00
Mick Grove
2ee204ce3c updated jwt rule 2025-09-04 23:31:34 -07:00
Mick Grove
e03ab5972d fix ci build error 2025-08-31 10:27:16 -07:00
Mick Grove
3bed8b36f2 Fix changes in response to code review 2025-08-30 20:07:31 -07:00
Mick Grove
984231e25c Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
b2b5791190 - Improved rules: github oauth2, diffbot, mailchimp, aws 
- Added validation to SauceLabs rule
- Added rules: shodan, bitly, flickr
 2025-08-29 17:24:26 -07:00
Mick Grove
96f1784953 changes in response to code review 2025-08-27 15:43:31 -07:00
Mick Grove
332f2c59f9 added top level 'self-update' cli sub command to update the binary independently. Now supports updating over homebrew managed binary 2025-08-27 15:35:01 -07:00
Mick Grove
c2de3bc25c added rules for zhipu 2025-08-27 12:43:41 -07:00
Mick Grove
d1bd843567 added rules for together.ai 2025-08-27 12:20:44 -07:00
Mick Grove
4194b01306 added rules for nvidia nim 2025-08-27 11:39:32 -07:00
Mick Grove
49640c5338 added rules for cerbras, friendli, fireworks.ai 2025-08-27 11:25:39 -07:00
Mick Grove
8135bf6b37 Added rule for 'weights and biases' 2025-08-27 10:20:04 -07:00
Mick Grove
bbbb0f33bb added ollama rule 2025-08-26 10:22:18 -07:00
Mick Grove
96293385f5 - Improved rules: AWS, pem 2025-08-22 16:16:00 -07:00
Mick Grove
6f06b1acb3 mproved AWS rule 2025-08-22 13:26:54 -07:00
Mick Grove
f51abc00b0 fixed failing tests 2025-08-21 16:13:03 -07:00
Mick Grove
29e09906b7 fixed failing tests 2025-08-21 16:11:34 -07:00
Mick Grove
245fb20670 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00
Mick Grove
c3257a7e6f fixed example in rule 2025-08-18 23:32:15 -07:00
Mick Grove
41a4ebb60f - Added rules for clearbit, kickbox, azure container registry, improved Azure Storage key 
- Grouped JSON and JSONL outputs by rule, restoring matches arrays in reports
 2025-08-18 22:56:34 -07:00
Mick Grove
23c727f57d added more rules 2025-08-16 20:36:22 -07:00
Mick Grove
768d9c7899 added more rules 2025-08-16 20:23:27 -07:00
Mick Grove
0d89e682da added more rules 2025-08-16 14:54:01 -07:00
Mick Grove
a5c9c442d9 added clickhouse rule and validation 2025-08-16 08:41:39 -07:00
Mick Grove
f645212c57 removed serde_utils and added Authress rule 2025-08-16 07:35:52 -07:00