Merge branch 'main' of github.com:trufflesecurity/trufflehog into old…

…-detector-batch-1

Makefile

@@ -1,4 +1,4 @@
-PROTOS_IMAGE ?= trufflesecurity/protos:1.18-0
+PROTOS_IMAGE ?= trufflesecurity/protos:1.21-0
 
 .PHONY: check
 .PHONY: lint
@@ -59,7 +59,7 @@ protos-windows:
 
 release-protos-image:
 	docker buildx build --push --platform=linux/amd64,linux/arm64 \
-	-t trufflesecurity/protos:1.18-0 -f hack/Dockerfile.protos .
+	-t trufflesecurity/protos:1.21-0 -f hack/Dockerfile.protos .
 
 snifftest:
 	./hack/snifftest/snifftest.sh

examples/README.md

@@ -0,0 +1,14 @@
+# Examples
+This folder contains various examples like custom detectors, scripts, etc. Feel free to contribute!
+
+### Generic Detector
+An often requested feature for TruffleHog is a generic detector. By default, we do not support generic detection as it would result in lots of false positives. However, if you want to attempt detect generic secrets you can use a custom detector. 
+
+#### Try it out:
+```
+wget UPDATE ONCE MERGED
+trufflehog filesystem --config=$PWD/generic.yml $PWD
+
+# to filter so that _only_ generic credentials are logged:
+trufflehog filesystem --config=$PWD/generic.yml --json --no-verification $PWD | awk '/generic-api-key/{print $0}'
+```

examples/generic.yml

@@ -0,0 +1,15 @@
+detectors:
+- name: generic-api-key
+  keywords:
+  - key
+  - api
+  - token
+  - secret
+  - client
+  - passwd
+  - password
+  - auth
+  - access
+  regex:
+    # borrowing the gitleaks generic-api-key regex
+    generic-api-key: "(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\"|\\s|=|\\x60){0,5}([0-9a-z\\-_.=]{10,150})(?:['|\"|\\n|\\r|\\s|\\x60|;]|$)"

hack/Dockerfile.protos

@@ -1,6 +1,6 @@
 # trufflesecurity/protos:1.18-0
 
-FROM golang:1.18-buster
+FROM golang:1.21-bullseye
 
 ARG TARGETARCH
 ARG TARGETOS