eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,152 commits 5 branches 83 tags 53 MiB
Commit graph

1,152 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mick Grove
e518fb30f2 v1.81.0 2026-02-10 19:24:19 -08:00
Mick Grove
2a8bb9c361 v1.80.0 2026-02-09 12:27:03 -08:00
Mick Grove
a24f38fdfd v1.80.0 2026-02-09 12:19:11 -08:00
Mick Grove
209f7611ef v1.80.0 2026-02-09 12:14:50 -08:00
Mick Grove
2866367c2e v1.80.0 2026-02-09 12:11:35 -08:00
Mick Grove
ec8761c451 Fix NPM token validation and improve revocation reliability 
- Switch validation endpoint from /-/npm/v1/user to /-/whoami which
  works for all token types regardless of scope/permissions
- Fix revocation token matching: use Regex extractor with Liquid-rendered
  prefix ({{ TOKEN | prefix: 8 }}) to locate the correct token in the
  list response instead of blindly taking objects[0]
- Add Liquid template rendering support in multi-step revocation
  extraction patterns (render_extractor) for dynamic matching
- Add debug logging of HTTP response status and body during revocation
  so -v flag shows full API responses for troubleshooting
- Include response body in extraction failure error messages

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-08 15:14:04 -08:00
Mick Grove
95e9407700 Fixed readme 2026-02-07 09:21:41 -08:00
Mick Grove
ede6e62019 Fixed PyPi github action 2026-02-07 09:12:50 -08:00
Mick Grove
4c89ee59da Fixed PyPi github action 2026-02-07 09:03:57 -08:00
Mick Grove
124b3eb014 Fixed PyPi github action 2026-02-07 08:58:06 -08:00
Mick Grove
77d951da1a Fixed issues in response to code review 2026-02-06 21:09:51 -08:00
Mick Grove
d3dbb16d66 Fixed issues in response to code review 2026-02-06 21:02:58 -08:00
Mick Grove
1a40fb3bfd Fixed AWS access key validation to support temporary/session keys (ASIA prefix) in addition to long-lived keys (AKIA prefix). 2026-02-06 17:05:32 -08:00
Mick Grove
3f0fa7afde added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-05 17:16:49 -08:00
Mick Grove
065641d299 added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-04 22:59:21 -08:00
Mick Grove
ce9825429e added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-04 22:58:46 -08:00
Mick Grove
2391c01c36 added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-04 22:57:56 -08:00
Mick Grove
363b2ce77d added multi-step revocation support. Added revocation support for SendGrid, Netlify, Tailscale, ElevenLabs, Sourcegraph, MongoDB Atlas, Twilio, and NPM using multi-step (lookup ID then delete) pattern. 2026-02-04 22:26:57 -08:00
Mick Grove
1c3ea6cb22 initial support for distribution via pypi wheels 2026-02-04 12:43:13 -08:00
Mick Grove
3294b2baf7 initial support for distribution via pypi wheels 2026-02-04 12:43:13 -08:00
Mick Grove
54775f0f43
 		Merge branch 'main' into development 
Signed-off-by: Mick Grove <mick.grove@mongodb.com>
 2026-02-03 09:44:40 -08:00
Mick Grove
9f18e1ead3 more changes for v1.78.0 2026-02-03 09:39:34 -08:00
Mick Grove
9ae6053804 more changes for v1.78.0 2026-02-03 09:37:53 -08:00
Mick Grove
65251b7213 more changes for v1.78.0 2026-02-03 09:32:06 -08:00
Mick Grove
605ff11eee
 		Merge pull request #214 from bored-engineer/patch-22 
fix(dockerhub): use username for OAT validation
 2026-02-03 08:49:49 -08:00
Mick Grove
f2d2e19ec5
 		Merge pull request #215 from mongodb/development 
v1.78.0
 2026-02-03 08:49:18 -08:00
Mick Grove
5253204c2a preparing for v1.78.0 2026-02-02 23:22:08 -08:00
Mick Grove
63f1d515ae preparing for v1.78.0 2026-02-02 18:39:24 -08:00
Luke Young
9091a520c8
 		fix(dockerhub): use username for OAT validation 
Signed-off-by: Luke Young <bored-engineer@users.noreply.github.com>
 2026-02-02 16:22:18 -08:00
Mick Grove
2f41d159e2
 		Merge pull request #213 from mongodb/development v1.77.0 
v1.77.0
 2026-02-02 10:39:34 -08:00
Mick Grove
301c656f38 Fix build issues 2026-02-02 08:17:41 -08:00
Mick Grove
773ec70a35 Merge main into development (resolve conflicts) 2026-02-01 23:13:38 -08:00
Mick Grove
5ceab9662d fixes in response to pr review 2026-02-01 22:59:01 -08:00
Mick Grove
91c48ff7f8 fixes in response to pr review 2026-02-01 22:58:01 -08:00
Mick Grove
32be18bef0 updated alibaba rule 2026-02-01 22:32:00 -08:00
Mick Grove
92ca07739a updated alibaba rule 2026-02-01 22:31:52 -08:00
Mick Grove
52f71c4462 updated changelog 2026-01-31 23:14:06 -08:00
Mick Grove
4fd0b74d7d updated changelog 2026-01-31 23:08:30 -08:00
Mick Grove
c40226e939 added revoke command in output for validated credentials. Exposed in the html findings viewer as well 2026-01-31 22:58:53 -08:00
Mick Grove
a5d9dae9b3 added revoke command in output for validated credentials. Exposed in the html findings viewer as well 2026-01-31 22:52:57 -08:00
Mick Grove
9be5a04603 sync with main 2026-01-31 22:32:57 -08:00
Mick Grove
a31885e6f2 sync with main 2026-01-31 22:31:56 -08:00
Mick Grove
c8b770be1d
 		Merge pull request #208 from bored-engineer/bored-engineer-patch-2 
feat(age): add rules for post-quantum keys (MLKEM768-X25519)
 2026-01-31 22:11:29 -08:00
Mick Grove
89cf63dda4
 		Merge pull request #196 from bored-engineer/patch-5 
fix(aws): improve kingfisher.aws.6 regex
 2026-01-31 22:10:56 -08:00
Mick Grove
26ee54b4e8
 		Merge pull request #210 from bored-engineer/patch-21 
fix(aws): improve kingfisher.aws.1 regex
 2026-01-31 22:10:35 -08:00
Mick Grove
181df458ba Merge main into development 
- Added mercury.yml and neon.yml rules from main
- Merged Docker Hub Organization Access Token rule from main into updated dockerhub.yml
- Resolved file location conflicts due to rules directory restructuring
 2026-01-31 21:57:57 -08:00
Mick Grove
8491b03ff0 dockerhub rule update and docs update 2026-01-31 21:54:08 -08:00
Luke Young
eaa99a77c4
 		Update regex pattern for AWS Access Key ID 
Refactor regex pattern for AWS Access Key ID rule.

Signed-off-by: Luke Young <bored-engineer@users.noreply.github.com>
 2026-01-31 13:30:17 -08:00
Luke Young
408de4384d
 		Fix regex pattern formatting in age.yml 2026-01-31 13:27:52 -08:00
Luke Young
f3b049ba84
 		Merge branch 'main' into bored-engineer-patch-2 
Signed-off-by: Luke Young <bored-engineer@users.noreply.github.com>
 2026-01-31 13:27:24 -08:00