eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,479 commits 5 branches 83 tags 53 MiB
Commit graph

144 commits

Author SHA1 Message Date
Mick Grove
79139e49b8 - Fixed the HTML access-map viewer dark mode so charts redraw correctly on theme changes and follow the system color scheme until manually overridden. 
- Fixed [#344](https://github.com/mongodb/kingfisher/issues/344): baseline fingerprints no longer have to be hexadecimal. The fingerprint value emitted by scan output (JSON, JSONL, pretty, SARIF) can now be copied directly into a baseline file and will match on the next scan. --manage-baseline now writes fingerprints in decimal to match scan output, and legacy 16-char hex (and 0x-prefixed hex) entries continue to be accepted, so existing baseline files keep working unchanged.
 2026-04-20 17:54:51 -07:00
Mick Grove
ab162741e8 performance improvements and rule improvements 2026-04-20 09:55:27 -07:00
Mick Grove
f22b7768e9 fix(github): address PR review feedback 
- Update X-GitHub-Api-Version to 2026-03-10 for /credentials/revoke
  endpoint (the endpoint is only documented under this API version).
- Clarify sha256_b32 filter description: note that the optional `len`
  parameter may produce output that is not valid RFC 4648 Base32.
- Move base32 to [workspace.dependencies] and reference it via
  .workspace = true from both the root crate and kingfisher-rules
  to avoid version skew.
 2026-04-20 08:44:41 -07:00
Mick Grove
a13b175fc5 performance improvements and rule improvements 2026-04-19 14:50:11 -07:00
Mick Grove
74cad26aed performance improvements and rule improvements 2026-04-17 11:01:46 -07:00
Mick Grove
c89e527053 bug fix 2026-04-16 06:44:12 -07:00
Mick Grove
5411a52211 updated to rust 1.94 2026-04-14 14:20:28 -07:00
Mick Grove
d2008dc3b7 cleaned up dependency tree 2026-04-13 20:43:09 -07:00
Mick Grove
0cb854872b Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary. 2026-04-07 23:20:17 -07:00
Mick Grove
413798e27d Apply open Dependabot updates 2026-04-06 23:58:55 -07:00
Mick Grove
f72d0c0622 Bump jsonwebtoken to 10.3.0 2026-04-06 22:48:20 -07:00
Mick Grove
45a565fa6e added more rules 2026-04-06 22:18:58 -07:00
Mick Grove
2444d83e5d more rules 2026-04-03 23:43:49 -07:00
Mick Grove
e1e61f5374 updated dependencies 2026-04-02 23:26:36 -07:00
Mick Grove
c171704884 updated vectorscan 2026-04-02 19:35:30 -07:00
Mick Grove
e2664e33ed updated dependencies 2026-04-01 17:25:19 -07:00
Mick Grove
d42620919f updated dependencies 2026-04-01 14:58:08 -07:00
Mick Grove
13bad3f172 added more access-maps 2026-04-01 13:39:24 -07:00
Mick Grove
19fe52a9bf added more access-maps 2026-04-01 10:20:52 -07:00
Mick Grove
b9da8e2829 added more rules 2026-03-29 08:19:34 -07:00
Mick Grove
d609900d56 updated dependencies 2026-03-24 08:55:34 -07:00
Mick Grove
5fa4ce59b7 openssf scorecard suggested improvements 
Made-with: Cursor
 2026-03-19 23:39:36 -07:00
Mick Grove
f0a3bee587 added --max-validation-response-length <BYTES> 2026-03-16 22:25:32 -07:00
Mick Grove
349b8165aa Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows 2026-03-15 15:00:59 -07:00
Mick Grove
1339f03e9d fixed version number 2026-03-15 14:00:43 -07:00
Mick Grove
bc1093ca4a v1.90.0 2026-03-15 13:59:07 -07:00
Mick Grove
60931c11a9 added Teams support 2026-03-13 17:39:34 -07:00
Mick Grove
b99cbf9f50 v1.88.0 2026-03-11 20:59:44 -07:00
Mick Grove
0983581b76 improved yelp and perplexity rules 2026-03-07 07:40:26 -08:00
Mick Grove
fcac8cf1b7 rules updated 2026-03-03 16:47:59 -08:00
Mick Grove
1f4ccb8144 Automatically extracts and scans SQLite database contents for secrets stored in table rows 2026-02-22 23:35:18 -07:00
Mick Grove
32d40c0b53 added pipedrive and amplitude 2026-02-17 16:42:44 -08:00
Mick Grove
f62bfe103b tree sitter scanning improvements 2026-02-14 11:13:59 -08:00
Mick Grove
816d5c40ba wip 1.83 2026-02-13 16:41:28 -08:00
Mick Grove
60c72292c7 Added optional validation rate limiting via --validation-rps (global) and repeatable --validation-rps-rule <RULE_SELECTOR=RPS> (per-rule override) for both scan and validate. Throttling now applies across built-in validator types (HTTP/gRPC plus AWS, GCP, Coinbase, MongoDB, Postgres, MySQL, JDBC, JWT, and Azure Storage). Rule selectors support the short form (for example, github=2 matches kingfisher.github.*) with longest-prefix precedence when multiple selectors apply. 2026-02-12 13:15:51 -08:00
Mick Grove
265e569c60 - Fixed validation flakiness under service rate limiting by retrying HTTP validations on 429/408 in addition to transient 5xx failures. 
- Prevented transient HTTP validation failures (429/5xx) from being cached, avoiding cache poisoning that could suppress later successful validations in the same scan.
 2026-02-11 11:38:24 -08:00
Mick Grove
e518fb30f2 v1.81.0 2026-02-10 19:24:19 -08:00
Mick Grove
2866367c2e v1.80.0 2026-02-09 12:11:35 -08:00
Mick Grove
1a40fb3bfd Fixed AWS access key validation to support temporary/session keys (ASIA prefix) in addition to long-lived keys (AKIA prefix). 2026-02-06 17:05:32 -08:00
Mick Grove
363b2ce77d added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-04 22:26:57 -08:00
Mick Grove
63f1d515ae preparing for v1.78.0 2026-02-02 18:39:24 -08:00
Mick Grove
8be7941333 Added 'revoke' subcommand and support for a new optional 'revocation' structure to the rules. Supporting GitHub and Slack right now 2026-01-29 12:45:32 -08:00
Mick Grove
76be1df60c Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
Mick Grove
bf4f825c72 Switched compression dependencies to pure-Rust bzip2/lzma implementations and pared zip features to avoid C-based codecs for bz2/xz handling. 2026-01-22 22:02:08 -08:00
Mick Grove
b4feb86f47 - Fixed validation deduplication for rules with nested unnamed captures (e.g. (?<REGEX>...(ABC|DEF)...)) to use the primary capture for grouping, ensuring each unique match triggers a separate validation request. 
- Added trace-level (-vv) logging for internal validation dedup keys and grouping to aid debugging.
 2026-01-21 13:13:43 -08:00
Mick Grove
26f41fcf7a - Enhanced Access Map View: added fingerprint display, enabled searching by fingerprint, and implemented bidirectional navigation between Findings and Access Map nodes. 
- Added Slack Access Map support with granular permissions in the tree view.
 2026-01-14 17:19:02 -08:00
Mick Grove
4f18541cb6 preparing v1.74.0 2026-01-12 22:50:05 -08:00
Mick Grove
7237a931d5 v1.73.0 2026-01-01 22:24:57 -08:00
Mick Grove
f9761fc906 updated jsonwebtoken 2025-12-22 08:44:07 -08:00
Mick Grove
d50ff3ff66 updated jsonwebtoken 2025-12-22 00:36:36 -08:00