-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create global log redaction capability #3522
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dustin-decker
approved these changes
Oct 28, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great. Don't forget to update the redactor for other sources though (can be in a follow-up PR)
zricethezav
approved these changes
Oct 29, 2024
abmussani
added a commit
to abmussani/trufflehog
that referenced
this pull request
Oct 30, 2024
* main: (76 commits) update aws descriptions (trufflesecurity#3529) enforce timeout on circleci test (trufflesecurity#3528) rm snifftest (trufflesecurity#3527) Redact more source credentials (trufflesecurity#3526) Create global log redaction capability (trufflesecurity#3522) Adding basic "what is trufflehog" to the readme (trufflesecurity#3514) Handle custom detector response and include in extra data (trufflesecurity#3411) fix: fixed validation logic for `calendarific` (trufflesecurity#3480) fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (trufflesecurity#3518) Move DecoderType into ResultWithMetadata trufflesecurity#3502 Addeded 403 account block status code handling for gitlab (trufflesecurity#3471) updated gcpapplicationdefaultcredentials detector results with RawV2 (trufflesecurity#3499) fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (trufflesecurity#3512) fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (trufflesecurity#3510) fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (trufflesecurity#3498) Adds a logging section in the contributing guidelines (trufflesecurity#3509) fix: fixed verifcation pattern logic for `bulksms` (trufflesecurity#3478) Extend `algoliaadminkey` with additional checks (trufflesecurity#3459) fix(deps): update module google.golang.org/api to v0.203.0 (trufflesecurity#3497) fix: added correct api endpoint for verification & logic for Aeroworkflow (trufflesecurity#3435) ...
This was referenced Dec 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Some source use client libraries that can emit errors that contain sensitive information - in particular, git-facing libraries that embed tokens into repository URLs. This PR introduces a way of redacting them - starting with GitLab (where we've seen this most recently), but in theory extensible to other sources as needed.
This implementation uses a custom zap core; this might also be possible with a custom zap encoder, but I didn't test it out.
(The deleted core.go file was entirely unused.)
Checklist:
make test-community
)?make lint
this requires golangci-lint)?