Richard Gomez
Richard Gomez
### Description: This is a POC to fix #1517. Skipping detectors on chunks that are known to be problematic (e.g., #1460) should improve performance by reducing the number of false-positives...
### Description: This fixes #1939. ### Checklist: * [x] Tests passing (`make test-community`)? * [ ] Lint passing (`make lint` this requires [golangci-lint](https://golangci-lint.run/usage/install/#local-installation))?
Please review the [Community Note](https://github.com/trufflesecurity/trufflehog/blob/main/.github/community_note.md) before submitting ## Description When a verification test fails, the log output should include this information so that _potentially valid_ secrets aren't discounted. For instance,...
This mostly fixes #1512, although it would be valuable to add real secrets to test verification of multiple hosts, connection options, etc.
### Description: This fixes #1588. In my experience, this find _significantly more_ secrets with a negligible performance impact. ~The only issue is that these secrets are technically not a part...
### Description: This fixes #1455. It matches new npm tokens (`npm_xxx...`), old npm tokens (`NpmToken.0000-...`, `0000-...`), and "non-standard" tokens such as Artifactory using a JWT or GitHub packages using a...
Please review the [Community Note](https://github.com/trufflesecurity/trufflehog/blob/main/.github/community_note.md) before submitting ### TruffleHog Version 3.63.7 ### Description Rar archives can cause an unhandled panic. This can be reliably reproduced by scanning [microsoft/RecursiveExtractor](https://github.com/microsoft/RecursiveExtractor). The specific...
Please review the [Community Note](https://github.com/trufflesecurity/trufflehog/blob/main/.github/community_note.md) before submitting ### TruffleHog Version Latest ### Trace Output N/A ### Expected Behavior Detectors like [DockerHub](https://github.com/trufflesecurity/trufflehog/blob/857a37160074198a128f176f6534fd318d3c9494/pkg/detectors/dockerhub/dockerhub.go#L25) which require both a username and password should pick...
### Description Since @lc is doing a great job validating existing detectors, I figured it would be useful to do a high-level check of any domains that no longer resolve...
Please review the [Community Note](https://github.com/trufflesecurity/trufflehog/blob/main/.github/community_note.md) before submitting ## Description While uncommon, data that contains secrets can be encoded as [HTML entites](https://www.freeformatter.com/html-entities.html). This likely wouldn't be detected with the current solution....