eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/src
History
Mick Grove 1830a140d8 preparing for v1.100.0
2026-05-18 22:28:19 -04:00
..
access_map preparing for v1.99.0 2026-05-04 14:48:41 -07:00
alerts preparing for v1.99.0 2026-05-04 19:00:45 -07:00
cli preparing for v1.99.0 2026-05-04 23:10:16 -07:00
matcher performance improvements and rule improvements 2026-04-19 16:33:13 -07:00
parser copilot fixes 2026-04-29 22:50:31 -07:00
reporter preparing for v1.99.0 2026-05-04 13:26:11 -07:00
scanner preparing for v1.100.0 2026-05-18 18:33:42 -07:00
validation preparing for v1.100.0 2026-05-18 18:12:27 -07:00
access_map.rs added SLSA provenance 2026-05-02 00:14:31 -07:00
azure.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
baseline.rs performance improvements and rule improvements 2026-04-24 00:14:56 -07:00
binary.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
bitbucket.rs refactored code 2026-02-14 13:12:26 -08:00
blob.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
bstring_escape.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
bstring_table.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
confluence.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
content_type.rs refactored code 2026-02-14 13:12:26 -08:00
decompress.rs preparing for v1.100.0 2026-05-18 22:28:19 -04:00
defaults.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
direct_revoke.rs copilot fixes 2026-04-29 22:50:31 -07:00
direct_validate.rs preparing for v1.99.0 2026-05-04 14:48:41 -07:00
entropy.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
finding_data.rs - Reduced per-match memory usage by compacting stored source locations and interning repeated capture names. 2025-12-04 22:02:30 -08:00
findings_store.rs Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
gcs.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
git_binary.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
git_commit_metadata.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
git_host.rs refactored code 2026-02-14 13:12:26 -08:00
git_metadata_graph.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
git_repo_enumerator.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
git_url.rs Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-24 10:06:47 -07:00
gitea.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
github.rs preparing for v1.100.0 2026-05-18 14:27:01 -07:00
gitlab.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
grpc_validation.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
guesser.rs Improved language detection 2025-08-15 16:08:46 -07:00
huggingface.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
inline_ignore.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
jira.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
lib.rs - Archive scanning now reaches inside Android/iOS app packages: added apk, aab, and ipa to the recognized ZIP-based archive formats so secrets embedded in APK/AAB/IPA contents (e.g. classes*.dex, res/values/strings.xml) are extracted and matched. -- 2026-05-06 17:50:35 -07:00
liquid_filters.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
location.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
main.rs preparing for v1.100.0 2026-05-18 13:03:16 -07:00
origin.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
parser.rs changes in response to PR review 2026-04-08 13:14:39 -07:00
postman.rs Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:46:17 -07:00
provider_endpoints.rs added blog posts 2026-04-28 19:21:44 -07:00
pyc.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
reporter.rs preparing for v1.99.0 2026-05-04 13:26:11 -07:00
rule_loader.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
rule_profiling.rs preparing for v1.12 2025-06-24 17:17:16 -07:00
rules.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
rules_database.rs performance improvements and rule improvements 2026-04-19 14:50:11 -07:00
s3.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
safe_list.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
scanner_pool.rs preparing for v1.12 2025-06-24 17:17:16 -07:00
slack.rs - New rules: Telegram bot token, OpenWeatherMap, Apify 2025-08-01 16:56:04 -07:00
snippet.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
sqlite.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
teams.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
template_vars.rs cleaned up dependency tree 2026-04-13 20:43:09 -07:00
toon.rs Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows 2026-03-15 15:00:59 -07:00
update.rs preparing for v1.99.0 2026-05-04 18:03:29 -07:00
util.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
validation.rs preparing for v1.100.0 2026-05-18 18:33:42 -07:00
validation_body.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
validation_rate_limit.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00