Skip to content

rebase#1

Merged
goodgary merged 291 commits intogoodgary:masterfrom
gitleaks:master
Oct 8, 2022
Merged

rebase#1
goodgary merged 291 commits intogoodgary:masterfrom
gitleaks:master

Conversation

@goodgary
Copy link
Owner

@goodgary goodgary commented Oct 8, 2022
edited
Loading

Description:

Explain the purpose of the PR.

Checklist:

  • Does your PR pass tests?
  • Have you written new tests for your changes?
  • Have you lint your code locally prior to submission?

mercuriete and others added 30 commits April 8, 2021 10:23
@mercuriete
docs(Dockerfile): Fix example of usage on Dockerfile (#545)
144362b 
* Closes #544

Co-authored-by: mercuriete <mercuriete@gmail.com>
@zricethezav
Pypi GitHub rules (#546)
190877a 
* adding pypi and basic azure rules

* Adding new github format
@zricethezav
splitting out github rules and retabbing
5d7b771
@zricethezav
Update README.md
a2019a4
@zricethezav
Update README.md
6f5ad9d
Docker-based pre-commit configuration example (#551)
e6934bf 
* Docker-based pre-commit configuration example

* Docker-based pre-commit configuration example
@zricethezav
Bug 553 global allowlist (#554)
12d276a 
* add global file check

* rm whitespace
Add pre-commit support (#552)
e7553b0 
* Add pre-commit support

* Update README.md
@AmitHofree
Removed unnecessary backslashes
f735c9a
@bplaxco
Include offenderEntropy in the JSON output (#549)
8250e40 
* Pass the entropy data back to the Leak struct

Do this to make it easier to tune entropy checks and make decisions in
systems consuming the output.

~ B'ezrat Hashem ~

* Return negative number when entropy not checked

That way you can tell the difference between not checking or an
actual entropy level of 0

~ B'ezrat Hashem ~

* Make sure to handle range checks properly

Make sure to show when something had an entropy returned but was outside
range, or didn't have a hit at all, etc...

~ B'zrat Hashem ~

* Add a few doc strings

Follow the project's conventiona add a comment above the methods

~ B'ezrat Hashem ~

* Update tests and get them to pass

~ B'ezrat Hashem ~

* Remove checked in `.got` files

~ B'ezrat Hashem ~

* Add `*.got` to the `.gitignore`

Make sure the test output files aren't checked-in

~ B'ezrat Hashem ~
@zricethezav
Bump version for pre-commit
28fd47e
@zricethezav
Update README.md
9ab4241
@Tomy2e
SSH auth: Add custom username support (#536)
25c3e92 
* Add support for custom username when using SSH auth
Previously, the user "git" was hard-coded
This commit also adds support for ssh:// URLs

* Add comment to explain username parsing
@Normo
Fix example in leaky-repo.toml (#559)
e74e629 
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
@w0rmr1d3r
Fix issue #523 (#561)
c1c4a93 
* updating documentation regarding issue #523

* improving README.md file
@zricethezav
Update README.md
a80ce0d
@zricethezav
Update README.md
9324184
@twierzchowski
Update type in config example (#597)
f62617d
@emmahsax
Remove --commit-from and --commit-to from docs (#605)
67e3603
fix(git-symlink-commits): fix handling symbolic links in a git reposi…
c8e97d9 
…tory
@ivankalitaonefootball
Fix default twitter rules (#614)
aa91fd3 
Regexps for default Twitter rules ("Twitter Secret Key" and "Twitter Client
ID") have a small flaw that make the default configuration vulnerable to
some false-positives.

I believe these rules should detect the cases like (SOME_CLIENT_ID should
be longer):
```
"twitter_client_id": "SOME_CLIENT_ID"
```

However, currently the twitter rules also detect the false positives for the
cases like:
```
someObj := twitter.NewObjectWithALongName()
config.Twitter.DomainAccessToken
```

I'm trying to address this issue the similar way it's done for facebook client
ids and AWS secret keys, where the secret is expected to be quoted.
@rotem-cider
Updated RuleId in Sarif (#613)
127df8a
@Ido-DY
fix(git-symlink-commits): fix handling symbolic links in a git reposi…
a32ef6a 
…tory (#612)
@zricethezav
Update alpine, use gitleaks user instead of root (#615)
3c1751e 
* Updating alpine, use gitleaks user instead of root

* remove comments
@zricethezav
use embed pkg for default config, update deps (#616)
abc73e2
@zricethezav
bump golang docker version
17a3943
@zricethezav
GitHub test (#617)
0fd68c9 
* drop travis

* remove travis

* rename, use example

* typo

* different syntax

* rename to test

* split test and build into two jobs

* add gosec job

* drop gosec for now
@zricethezav
Create maintenance.md
aadd938
@zricethezav
Fix premature exit for nogit scans, limit goroutines (#619)
6ddf27c 
* fix premature exit on nogit scan, actually limit concurreny for nogit

* removing files scanned log
@Ido-DY
Merge branch 'zricethezav:master' into master
f88abe9
zricethezav and others added 29 commits August 8, 2022 14:16
@zricethezav
safe file checking (#946)
6748a89
@zricethezav
Feat/add fingerprint no git (#952)
1b3f10c 
* no-git support fingerprint support

* updating gitleaksignore w/ no-git false positives

* fix test
@zricethezav
draft: bump gitdiff, add git.Err state, better log messages (#954)
b6b7cfb 
* bump gitdiff, add git.Err state, better log messages

* remove cmd.Start

* forgot to start...
@zricethezav
add prefect and readme rules (#961)
e35cb67
@jmatosgrafana
Add grafana tokens rules (#959)
adf512e 
* Add grafana tokens rules

* Adding upper bound limits to Grafana tokens
@zricethezav
ignore empty files (#965)
e47867d
@akashchandwani
Update version in readme file (#972)
7d9dd26
@zricethezav
Pretty output (#973)
96eed6a 
pretty output
@zricethezav
add fingerprint to output
8622c39
@zricethezav
update gitleaksignore
b934591
@very-doge-wow
refactor: more precise rule for private keys (#930)
c8681e4 
* refactor: more precise rule for private keys

The current regex didn't match PGP private keys anymore, since they start with `BEGIN PGP PRIVATE KEY BLOCK` and the `BLOCK` never matched for the existing regex. I've made that part optional so that all strings matching for the current regex will still match for the new regex.

* refactor: more precise rule for private keys

Co-authored-by: Fabian F Groß <fabian.f.gross@deutschebahn.com>
@akashchandwani
Add pre-commit autoupdate command to README.md (#978)
6202053
@gawansch
Add baseline (#975)
4f6ee2b 
* Add baseline

* Update doc, add error, move baseline to detect namespace, ignore findings instead of reactively filter them out

* Update detect/detect.go

Co-authored-by: Zachary Rice <zricezrice@gmail.com>

* Update IsNew function (no check on tags - omit finger print check)

* Update README.md

Co-authored-by: Zachary Rice <zricezrice@gmail.com>

* Update examples in readme to make it ensure it's clear that a baseline is indeed a gitleaks report

* Fix test - updated tags doesn't make a finding new

* Add missing err assignment

* Allow scanner to continue without baseline if file is malformed

* Fix typo in comment

* Fix control flow err. (Real life testing)

* Fix wording

* Auto-ignore baseline path
@maltemorgenstern
add rule for microsoft teams webhooks (#970)
3f0293d
@b4bay
Issue #980: Add support for Telegram Bot API Token (#981)
fc98cbf 
* Issue #980: Add support for Telegram Bot API Token

* Replace test with random bot_id length by tests with fixed one.
Add tests for the corner cases.

Co-authored-by: Alex Goncharov <b4bay@users.noreply.github.com>
@durkinza
Adding quiet mode to silence banner (#852)
7dbfe8d 
* Adding quiet mode to silence banner

* Changing flag description. Adding flag to README

* Updating argument name

* updating variable name to aline with argument

* fixing readme spacing

* Fixing variable name
@zricethezav
Update README.md
33082a9
@zricethezav
Update .gitleaksignore
817aa7b
@zricethezav
Update README.md
9b15f0d
@mojotx
Minor cleanup to error handling and logging (#985)
db43f9a 
* silence warning about unchecked errors

* go-fmt change to add newline

* Zerolog requires you to always call .Msg()

When logging with zerolog, you need to always end with .Msg(), even if
you just pass an empty string.

If you read the README on https://github.com/rs/zerolog, they write:

> It is very important to note that when using the zerolog
> chaining API, as shown above (log.Info().Msg("hello world"), the
> chain must have either the Msg or Msgf method call. If you
> forget to add either of these, the log will not occur and there
> is no compile time error to alert you of this.

* Create empty slice without literal

* Fix variable / package name collision with literal

instead of having a variable named "config", which collides with the
package name "config", just pass a literal config.Config{} struct to the
function

* Replace call to deprecated ioutil.ReadAll()

Use io.ReadAll() instead

* Check error when closing jsonFile

Make it a warning and log error
@nnnkkk7
Upgrade go version to 1.19 (#987)
e93d8cb 
* upgrade go version to 1.19

* upgrade go version to 1.19 in dockerfile and test.yml
@becojo
Detect Slack Workflow Webhook URLs (#989)
177e9f4
@alexgit2k
Output number of commits at info-level. (#991)
55d1da1
@JoostVoskuil
Exclude dacpac refactorlogs (#990)
eb2bfe5 
Dacpac refactorlogs contains Key's that are false positives. This commit excludes those files.
@zricethezav
Create USERS.md
f710d68
@zricethezav
Update USERS.md (#996)
67b0a29
@caarlos0
docs: added goreleaser to user list (#997)
c02d830 
Thanks for gitleaks, its amazing to have it in the pipeline so I can have some extra peace of mind!
@Dentrax
docs: add Trendyol to users (#998)
289b757
@michenriksen
Add detection rules for DigitalOcean tokens (#1002)
2678a54 
* Add detection rules for DigitalOcean tokens

* go fmt correction
@goodgary goodgary merged commit 6ea64f5 into goodgary:master Oct 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.