Aaron Loo
Aaron Loo
### Issue `firestore` comes with some atomic "transformations" that are used to manipulate data without retrieving the document first, checking the value, then setting it again. These transformations are listed...
### Context If you want to manually scan more than one repository at once, you need to do them in separate invocations. ``` $ detect-secrets-server scan https://github.com/Yelp/detect-secrets $ detect-secrets-server scan...
If a repository is empty, `detect-secrets-server` will attempt to clone it, yet fail at pulling master. ``` ~/.detect-secrets-server/repos/c13c25fda3384f857b42705cca3c7483b745b5fdb17819578346d4091d97d9803286fcd9495540bfa6e7ee1051cede1d72a25b72d9b4b7c790e9d5ce4697c82c $ git --git-dir `pwd` --work-tree . pull fatal: Couldn't find remote ref...
With the new abstractions provided in `0.2.0`, we can customize the storage of metadata by adding a subclass of `detect_secrets_server.storage.base.BaseStorage`. We've been using file storage options, but it would make...
We're less concerned about private keys, if they are encrypted with a passphrase. An example format is: ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,99AD1487680054D5E49D263D3E4CBFEB ``` We probably can...
From https://github.com/Yelp/detect-secrets/pull/52, we're able to do: ``` $ detect-secrets scan --string '012345678a' ``` but what happens if the string two or more secrets? e.g. ``` $ detect-secrets scan --string '"0123456789a"...
Certain API keys use hyphens. e.g. `blahblah-aaaa-bbbb-cccc-ddddddd` This currently is not caught by the suite of HighEntropyStringPlugins.
There was a recent white paper released ([summary](https://blog.acolyer.org/2019/04/08/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/), [source](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf)). What's most interesting is on page 15, they list a variety of explicit regexes that we may be able to incorporate...
### Reproduction Steps ``` $ fuzz-lightyear https://petstore.swagger.io/v2/swagger.json -v -t user.loginUser ... simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0) ``` ### Analysis Looking at the issue, it looks like...
### Issue Currently, we perform a naive search for request sequences longer than n=1. That is, if we have three endpoints (A, B, and C) and n=2, we would generate...