eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/src
History
Mick Grove b7b6dfdeb2 copilot fixes
2026-04-30 09:02:49 -07:00
..
access_map Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
cli copilot fixes 2026-04-29 22:50:31 -07:00
matcher performance improvements and rule improvements 2026-04-19 16:33:13 -07:00
parser copilot fixes 2026-04-29 22:50:31 -07:00
reporter copilot fixes 2026-04-30 08:38:14 -07:00
scanner copilot fixes 2026-04-30 09:02:49 -07:00
validation updates to new rules 2026-04-15 17:13:10 -07:00
access_map.rs Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
azure.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
baseline.rs performance improvements and rule improvements 2026-04-24 00:14:56 -07:00
binary.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
bitbucket.rs refactored code 2026-02-14 13:12:26 -08:00
blob.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
bstring_escape.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
bstring_table.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
confluence.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
content_type.rs refactored code 2026-02-14 13:12:26 -08:00
decompress.rs performance improvements and rule improvements 2026-04-19 22:38:39 -07:00
defaults.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
direct_revoke.rs copilot fixes 2026-04-29 22:50:31 -07:00
direct_validate.rs Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
entropy.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
finding_data.rs - Reduced per-match memory usage by compacting stored source locations and interning repeated capture names. 2025-12-04 22:02:30 -08:00
findings_store.rs Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
gcs.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
git_binary.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
git_commit_metadata.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
git_host.rs refactored code 2026-02-14 13:12:26 -08:00
git_metadata_graph.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
git_repo_enumerator.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
git_url.rs Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-24 10:06:47 -07:00
gitea.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
github.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
gitlab.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
grpc_validation.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
guesser.rs Improved language detection 2025-08-15 16:08:46 -07:00
huggingface.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
inline_ignore.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
jira.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
lib.rs Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
liquid_filters.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
location.rs Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
main.rs copilot fixes 2026-04-29 22:50:31 -07:00
origin.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
parser.rs changes in response to PR review 2026-04-08 13:14:39 -07:00
postman.rs Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:46:17 -07:00
provider_endpoints.rs added blog posts 2026-04-28 19:21:44 -07:00
pyc.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
reporter.rs copilot fixes 2026-04-30 09:02:49 -07:00
rule_loader.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
rule_profiling.rs preparing for v1.12 2025-06-24 17:17:16 -07:00
rules.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
rules_database.rs performance improvements and rule improvements 2026-04-19 14:50:11 -07:00
s3.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
safe_list.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
scanner_pool.rs preparing for v1.12 2025-06-24 17:17:16 -07:00
slack.rs - New rules: Telegram bot token, OpenWeatherMap, Apify 2025-08-01 16:56:04 -07:00
snippet.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
sqlite.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
teams.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
template_vars.rs cleaned up dependency tree 2026-04-13 20:43:09 -07:00
toon.rs Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows 2026-03-15 15:00:59 -07:00
update.rs preparing v1.74.0 2026-01-12 22:50:05 -08:00
util.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
validation.rs Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances. 2026-04-27 13:20:16 -07:00
validation_body.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
validation_rate_limit.rs performance improvements and rule improvements 2026-04-17 16:53:21 -07:00