credential-digger
credential-digger copied to clipboard
SAP
A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock:
At the current stage we are not supporting M1 (or M2) out-of-the-box. Some dependencies are not actually compatible (e.g., `hyperscan`). Moreover, also docker may have some architectural issues. Initial steps...
`psycopg` library v3 is out and we should update our `PgClient` component
During the scan, when adding discoveries via postgres, some discoveries may raise an exception ``` Traceback (most recent call last): File "/Users/marco/git/credential-digger/venv/bin/credentialdigger", line 8, in sys.exit(main()) File "/Users/marco/git/credential-digger/venv/lib/python3.9/site-packages/credentialdigger/__main__.py", line 7,...
`hyperscan` v0.3.0 [has just been released](https://github.com/darvid/python-hyperscan/releases/tag/v0.3.0). This new package version includes binaries for hyperscan library, so `libhyperscan5` (or `libhyperscan4` for older OS versions) is not supposed to be installed anymore....
The module does not support the Windows OS, it would be great to add such a feature to make the project OS independent. State: Work in progress... ⌛
It enters an infinite loop. Tested client: sqlite Reproduce the bug: While on *discoveries view* page (http://0.0.0.0:5000/discoveries?url=https://github.com/user/repo), any attempt to sort discoveries via "category" or "snippet" fails on the server...
If a scan raises an error (either in the scanner, or models, or db), the discoveries are not inserted in the db, but the UI shows the scan as completed...
Sometimes, the scan fails due to a tokeniser error raised by the PasswordModel For example (scanning repo `https://github.com/wuest-amiconsult/BTP-Day2-Bookshop-Exercise`) ``` Exception in thread credentialdigger@https://github.com/wuest-amiconsult/BTP-Day2-Bookshop-Exercise: Traceback (most recent call last): File "/usr/local/Cellar/[email protected]/3.9.7_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py",...
The current version of the Discoveries counter is displaying the total number of discoveries including the false positive ones. This counter should be improved to display the total real leaks...
From the UI is not possible to know what version of the tool is being run. It could be a good idea to have a "tag" (maybe in the header?)...