diff --git a/go.mod b/go.mod index f80e69dab0cb..4d619d18cc2c 100644 --- a/go.mod +++ b/go.mod @@ -54,8 +54,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 github.com/google/go-cmp v0.6.0 github.com/google/go-containerregistry v0.20.1 - github.com/google/go-github/v59 v59.0.0 - github.com/google/go-github/v62 v62.0.0 + github.com/google/go-github/v63 v63.0.0 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.13.0 github.com/hashicorp/go-retryablehttp v0.7.7 @@ -108,7 +107,7 @@ require ( google.golang.org/api v0.189.0 google.golang.org/protobuf v1.34.2 gopkg.in/h2non/gock.v1 v1.1.2 - gopkg.in/yaml.v2 v2.4.0 + gopkg.in/yaml.v3 v3.0.1 pault.ag/go/debian v0.16.0 pgregory.net/rapid v1.1.0 sigs.k8s.io/yaml v1.4.0 @@ -206,6 +205,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/flatbuffers v23.5.26+incompatible // indirect + github.com/google/go-github/v62 v62.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 // indirect github.com/google/s2a-go v0.1.7 // indirect @@ -307,6 +307,5 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20240722135656-d784300faade // indirect google.golang.org/grpc v1.64.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect pault.ag/go/topsort v0.1.1 // indirect ) diff --git a/go.sum b/go.sum index ccfd6e406d43..d26c946cb477 100644 --- a/go.sum +++ b/go.sum @@ -24,8 +24,6 @@ cloud.google.com/go/longrunning v0.5.9 h1:haH9pAuXdPAMqHvzX0zlWQigXT7B0+CL4/2nXX cloud.google.com/go/longrunning v0.5.9/go.mod h1:HD+0l9/OOW0za6UWdKJtXoFAX/BGg/3Wj8p10NeWF7c= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/secretmanager v1.13.4 h1:pizLSVUkZ8RdeQL5Vswj/3ujVC4kSY5eTxAWyMwQ1uc= -cloud.google.com/go/secretmanager v1.13.4/go.mod h1:SjKHs6rx0ELUqfbRWrWq4e7SiNKV7QMWZtvZsQm3k5w= cloud.google.com/go/secretmanager v1.13.5 h1:tXlHvpm97mFD0Lv50N4U4zlXfkoTNay3BmpNA/W7/oI= cloud.google.com/go/secretmanager v1.13.5/go.mod h1:/OeZ88l5Z6nBVilV0SXgv6XJ243KP2aIhSWRMrbvDCQ= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= @@ -394,10 +392,10 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0= github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= -github.com/google/go-github/v59 v59.0.0 h1:7h6bgpF5as0YQLLkEiVqpgtJqjimMYhBkD4jT5aN3VA= -github.com/google/go-github/v59 v59.0.0/go.mod h1:rJU4R0rQHFVFDOkqGWxfLNo6vEk4dv40oDjhV/gH6wM= github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4= github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4= +github.com/google/go-github/v63 v63.0.0 h1:13xwK/wk9alSokujB9lJkuzdmQuVn2QCPeck76wR3nE= +github.com/google/go-github/v63 v63.0.0/go.mod h1:IqbcrgUmIcEaioWrGYei/09o+ge5vhffGOcxrO0AfmA= github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -1071,8 +1069,6 @@ google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240722135656-d784300faade h1:lKFsS7wpngDgSCeFn7MoLy+wBDQZ1UQIJD4UNM1Qvkg= google.golang.org/genproto v0.0.0-20240722135656-d784300faade/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= google.golang.org/genproto/googleapis/api v0.0.0-20240722135656-d784300faade h1:WxZOF2yayUHpHSbUE6NMzumUzBxYc3YGwo0YHnbzsJY= google.golang.org/genproto/googleapis/api v0.0.0-20240722135656-d784300faade/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= google.golang.org/genproto/googleapis/rpc v0.0.0-20240722135656-d784300faade h1:oCRSWfwGXQsqlVdErcyTt4A93Y8fo0/9D4b1gnI++qo= diff --git a/pkg/analyzer/analyzers/github/classictoken.go b/pkg/analyzer/analyzers/github/classictoken.go index 9728981e91c6..6ea64ac9fbb5 100644 --- a/pkg/analyzer/analyzers/github/classictoken.go +++ b/pkg/analyzer/analyzers/github/classictoken.go @@ -6,7 +6,7 @@ import ( "strings" "github.com/fatih/color" - gh "github.com/google/go-github/v59/github" + gh "github.com/google/go-github/v63/github" "github.com/jedib0t/go-pretty/v6/table" "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers" "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config" diff --git a/pkg/analyzer/analyzers/github/finegrained.go b/pkg/analyzer/analyzers/github/finegrained.go index a92e292eb137..439ca24994cd 100644 --- a/pkg/analyzer/analyzers/github/finegrained.go +++ b/pkg/analyzer/analyzers/github/finegrained.go @@ -10,7 +10,7 @@ import ( "strings" "github.com/fatih/color" - gh "github.com/google/go-github/v59/github" + gh "github.com/google/go-github/v63/github" "github.com/jedib0t/go-pretty/v6/table" "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config" ) @@ -112,7 +112,7 @@ var acctPermFuncMap = map[string]func(client *gh.Client, user *gh.User) (string, GIT_KEYS: getGitKeysPermission, LIMITS: getLimitsPermission, PLAN: getPlanPermission, - //PRIVATE_INVITES: getPrivateInvitesPermission, // Skipped until API better documented + // PRIVATE_INVITES: getPrivateInvitesPermission, // Skipped until API better documented PROFILE: getProfilePermission, SIGNING_KEYS: getSigningKeysPermission, STARRING: getStarringPermission, @@ -591,7 +591,7 @@ func getEnvironmentsPermission(client *gh.Client, repo *gh.Repository, currentAc // Risk: Extremely Low // GET /repositories/{repository_id}/environments/{environment_name}/variables - _, resp, err := client.Actions.ListEnvVariables(context.Background(), int(*repo.ID), *envResp.Environments[0].Name, &gh.ListOptions{}) + _, resp, err := client.Actions.ListEnvVariables(context.Background(), *repo.Owner.Login, *repo.Name, *envResp.Environments[0].Name, &gh.ListOptions{}) switch resp.StatusCode { case 403: return NO_ACCESS, nil @@ -604,7 +604,7 @@ func getEnvironmentsPermission(client *gh.Client, repo *gh.Repository, currentAc // Risk: Very Low // -> We're updating an environment variable with an invalid payload. Even if we did, the name would be (see RANDOM_STRING above) and the value would be nil. // PATCH /repositories/{repository_id}/environments/{environment_name}/variables/{variable_name} - resp, err = client.Actions.UpdateEnvVariable(context.Background(), int(*repo.ID), *envResp.Environments[0].Name, &gh.ActionsVariable{Name: RANDOM_STRING}) + resp, err = client.Actions.UpdateEnvVariable(context.Background(), *repo.Owner.Login, *repo.Name, *envResp.Environments[0].Name, &gh.ActionsVariable{Name: RANDOM_STRING}) switch resp.StatusCode { case 403: return READ_ONLY, nil diff --git a/pkg/analyzer/analyzers/github/github.go b/pkg/analyzer/analyzers/github/github.go index 4fb4f94a5d95..2574c85e1468 100644 --- a/pkg/analyzer/analyzers/github/github.go +++ b/pkg/analyzer/analyzers/github/github.go @@ -7,8 +7,9 @@ import ( "time" "github.com/fatih/color" - gh "github.com/google/go-github/v59/github" + gh "github.com/google/go-github/v63/github" "github.com/jedib0t/go-pretty/v6/table" + "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers" "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config" "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/pb/analyzerpb" diff --git a/pkg/analyzer/analyzers/stripe/stripe.go b/pkg/analyzer/analyzers/stripe/stripe.go index b96db2c6d09c..769baa5a61d5 100644 --- a/pkg/analyzer/analyzers/stripe/stripe.go +++ b/pkg/analyzer/analyzers/stripe/stripe.go @@ -14,9 +14,10 @@ import ( "github.com/fatih/color" "github.com/jedib0t/go-pretty/table" + "gopkg.in/yaml.v3" + "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers" "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config" - "gopkg.in/yaml.v2" ) const ( @@ -124,7 +125,7 @@ func checkKeyType(key string) (string, error) { } func checkKeyEnv(key string) (string, error) { - //remove first 3 characters + // remove first 3 characters key = key[3:] if strings.HasPrefix(key, LIVE_PREFIX) { return LIVE, nil diff --git a/pkg/sources/git/git.go b/pkg/sources/git/git.go index 19a1b6aae3c3..c1add5da79d2 100644 --- a/pkg/sources/git/git.go +++ b/pkg/sources/git/git.go @@ -19,7 +19,7 @@ import ( "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v63/github" "golang.org/x/oauth2" "golang.org/x/sync/semaphore" "google.golang.org/protobuf/proto" diff --git a/pkg/sources/github/github.go b/pkg/sources/github/github.go index 043ab145920a..0cd1b4209000 100644 --- a/pkg/sources/github/github.go +++ b/pkg/sources/github/github.go @@ -14,13 +14,12 @@ import ( "sync/atomic" "time" - "golang.org/x/exp/rand" - "golang.org/x/oauth2" - "github.com/bradleyfalzon/ghinstallation/v2" "github.com/go-logr/logr" "github.com/gobwas/glob" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v63/github" + "golang.org/x/exp/rand" + "golang.org/x/oauth2" "golang.org/x/sync/errgroup" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" diff --git a/pkg/sources/github/github_test.go b/pkg/sources/github/github_test.go index 41e5e3d8cc43..5071007af4d5 100644 --- a/pkg/sources/github/github_test.go +++ b/pkg/sources/github/github_test.go @@ -17,9 +17,8 @@ import ( "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v63/github" "github.com/stretchr/testify/assert" - "github.com/trufflesecurity/trufflehog/v3/pkg/sources" "golang.org/x/sync/errgroup" "google.golang.org/protobuf/types/known/anypb" "gopkg.in/h2non/gock.v1" @@ -28,6 +27,7 @@ import ( "github.com/trufflesecurity/trufflehog/v3/pkg/context" "github.com/trufflesecurity/trufflehog/v3/pkg/pb/credentialspb" "github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb" + "github.com/trufflesecurity/trufflehog/v3/pkg/sources" ) func createTestSource(src *sourcespb.GitHub) (*Source, *anypb.Any) { diff --git a/pkg/sources/github/repo.go b/pkg/sources/github/repo.go index 4cb652c43af2..3b019638b518 100644 --- a/pkg/sources/github/repo.go +++ b/pkg/sources/github/repo.go @@ -10,7 +10,7 @@ import ( "sync" gogit "github.com/go-git/go-git/v5" - "github.com/google/go-github/v62/github" + "github.com/google/go-github/v63/github" "github.com/trufflesecurity/trufflehog/v3/pkg/context" "github.com/trufflesecurity/trufflehog/v3/pkg/giturl"