eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/tests
History
Exact
Erich Blume 5d0b2d8355 feat(gitea): add --clone-url-base flag for clone URL rewriting 
When scanning a self-hosted Gitea/Forgejo instance, the API may be
reachable at a different hostname than the git clone endpoint (e.g.,
internal API vs. public clone URL behind a reverse proxy). The
--clone-url-base flag rewrites the scheme, host, and port of clone
URLs returned by the API, preserving the path.

Example:
  kingfisher scan gitea \
    --api-url https://forge.internal.example.com/api/v1/ \
    --clone-url-base https://forge.internal.example.com/ \
    --user eblume

This avoids routing clone traffic through an external proxy when the
API and git endpoints share the same internal host but the instance's
ROOT_URL points to the public endpoint.

Includes unit tests for the URL rewriting function and an integration
test using wiremock to verify the full enumeration path.
2026-05-30 22:00:53 -07:00
..
cli.rs Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows 2026-03-15 15:00:59 -07:00
cli_access_map_output.rs Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
cli_failure.rs Fix redis URI matching and sqlite row budget 2026-02-28 14:25:05 -08:00
cli_git_clone_flags.rs changes in response to PR review 2026-02-28 12:16:08 -07:00
cli_subcommands.rs add docker --archive support 2026-05-28 13:54:59 -07:00
cli_validate_revoke.rs copilot fixes 2026-04-30 12:07:15 -07:00
dependent_rule_dedup.rs fixed performance regression 2026-04-09 11:59:31 -07:00
fingerprint_dedup.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
int_allowlist.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_base64.rs copilot fixes 2026-04-29 23:16:21 -07:00
int_bitbucket.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_context_verification.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
int_dedup.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_gitea_clone_url_base.rs feat(gitea): add --clone-url-base flag for clone URL rewriting 2026-05-30 22:00:53 -07:00
int_github.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_gitlab.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_jwt_provider.rs test(jwt): generate ephemeral RSA keypair in RS256 regression test 2026-05-21 21:56:01 -04:00
int_local_path_validation.rs Updated dockerfile to fix failing docker image publishing 2025-12-05 12:44:38 -08:00
int_postman.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_quiet.rs Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows 2026-03-15 15:00:59 -07:00
int_redact.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_rules_no_validated_findings.rs performance improvements and rule improvements 2026-04-24 00:14:56 -07:00
int_s3.rs refactored output reporting and formatting logic 2025-08-04 08:58:06 -07:00
int_slack.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_teams.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_uri_parsing.rs v1.87.0 2026-03-09 20:46:08 -07:00
int_validation_cache.rs add docker --archive support 2026-05-28 13:54:59 -07:00
int_vulnerable_files.rs add docker --archive support 2026-05-28 13:54:59 -07:00
jdbc_rule.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
library_crates_external_project.rs performance improvements and rule improvements 2026-04-24 13:51:23 -07:00
live_db_validation.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
pre_commit_installer.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
smoke_archive.rs preparing for v1.100.0 2026-05-18 09:42:04 -07:00
smoke_baseline.rs v1.63.0 2025-11-10 18:47:51 -08:00
smoke_branch.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
smoke_check_rules.rs Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-04 13:07:24 -08:00
smoke_docker.rs fixed failing windows test 2026-05-28 23:59:19 -07:00
smoke_exclude.rs v1.63.0 2025-11-10 18:47:51 -08:00
smoke_fs.rs v1.63.0 2025-11-10 18:47:51 -08:00
smoke_git.rs v1.73.0 2026-01-01 22:24:57 -08:00
smoke_github_homebrew.rs Updated kingfisher scan to accept Git repository URLs as positional targets (for example kingfisher scan github.com/org/repo or kingfisher scan https://gitlab.com/group/project.git) without requiring --git-url. 2026-02-26 23:14:18 -07:00
smoke_sqlite.rs Automatically extracts and scans SQLite database contents for secrets stored in table rows 2026-02-22 23:35:18 -07:00
smoke_update.rs --self-update (alias --update) on a scan or other command now **re-execs into the freshly installed binary** so the current invocation completes with the new code and the latest detection rules. Previously the on-disk binary was replaced but the running process kept using the old in-memory version, requiring a second invocation to pick up the changes. On Unix this is a true exec() (same PID); on Windows the new binary is spawned and the parent exits with its status code. The explicit kingfisher self-update subcommand still updates and exits without re-execing. Self-update now also covers Windows arm64 (the asset was already published; the runtime cfg map gained the missing arm). See docs/ADVANCED.md → *Update Checks*. 2026-05-01 20:14:27 -07:00
tls_mode.rs more changes for v1.78.0 2026-02-03 09:37:53 -08:00