-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feat] - Replace regexp pkg w/ go-re2 in detectors #2324
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Amazing! This looks like the best regex replacement lib out there:
go-re2 is a drop-in replacement for the standard library regexp package which uses the C++ re2 library for improved performance with large inputs or complex expressions. By default, re2 is packaged as a WebAssembly module and accessed with the pure Go runtime, wazero. This means that it is compatible with any Go application, regardless of availability of cgo.
very cool
It's potentially not relevant, but I wanted to check with y'all on how we handle non-utf-8 strings currently. Mostly because of this quote from go-re2:
|
Great catch. Sounds like something we need to address first. |
I added some tests in the huggingface_test.go file to test with invalid utf-8 sequences. So I think we might be okay? Actually I think we are fine because we convert our []byte to a string here and Go handles replacing the invalid utf-8 characters for us, thus the regex library will be operating on valid utf-8 sequences. |
I would test the base64 decoder as well. It seems to produce invalid (?) unicode sequences if the entire input isn't valid base64. |
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [trufflesecurity/trufflehog](https://togithub.com/trufflesecurity/trufflehog) | action | minor | `v3.63.5` -> `v3.67.5` | --- ### Release Notes <details> <summary>trufflesecurity/trufflehog (trufflesecurity/trufflehog)</summary> ### [`v3.67.5`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.5) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.4...v3.67.5) #### What's Changed - Fix handling of GitHub ratelimit information by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2041 - Set GHA workdir by [@​zricethezav](https://togithub.com/zricethezav) in [trufflesecurity/trufflehog#2393 - Allow CLI version pinning in GHA ([#​2397](https://togithub.com/trufflesecurity/trufflehog/issues/2397)) by [@​skeweredlogic](https://togithub.com/skeweredlogic) in [trufflesecurity/trufflehog#2398 - \[bug] - prevent concurrent map writes by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2399 - Allow multiple domains for Forager by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2400 - Update GitParse to handle quoted binary filenames by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2391 - \[feat] - buffered file writer metrics by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2395 #### New Contributors - [@​skeweredlogic](https://togithub.com/skeweredlogic) made their first contribution in [trufflesecurity/trufflehog#2398 **Full Changelog**: trufflesecurity/trufflehog@v3.67.4...v3.67.5 ### [`v3.67.4`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.4) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.3...v3.67.4) #### What's Changed - \[feat] - use diff chan by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2387 **Full Changelog**: trufflesecurity/trufflehog@v3.67.3...v3.67.4 ### [`v3.67.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.2...v3.67.3) #### What's Changed - Disable GitHub wiki scanning by default by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2386 - Fix binary file hanging bug in git sources by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2388 - tightening opsgenie detection and verification by [@​dylanTruffle](https://togithub.com/dylanTruffle) in [trufflesecurity/trufflehog#2389 - Make `SkipFile` case-insensitive by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2383 - \[not-fixup] - Reduce memory consumption for Buffered File Writer by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2377 **Full Changelog**: trufflesecurity/trufflehog@v3.67.2...v3.67.3 ### [`v3.67.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...v3.67.2) #### What's Changed - \[bug] - unhashable map key by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2374 - custom detector docs improvement by [@​dxa4481](https://togithub.com/dxa4481) in [trufflesecurity/trufflehog#2376 - \[fixup] - correctly use the buffered file writer by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2373 **Full Changelog**: trufflesecurity/trufflehog@v3.67.1...v3.67.2 ### [`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/3.67.1...3.67.1) #### What's Changed - \[chore] Cleanup GitLab source errors by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2345 - \[feat] - concurently scan the filesystem source by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2364 **Full Changelog**: trufflesecurity/trufflehog@3.67.1...v3.67.1 ### [`v3.67.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.67.0...3.67.1) ##### What's Changed - \[chore] Cleanup GitLab source errors by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2345 - \[feat] - concurently scan the filesystem source by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2364 **Full Changelog**: trufflesecurity/trufflehog@3.67.1...v3.67.1 ### [`v3.67.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.67.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.3...v3.67.0) #### What's Changed - Make AzureDevopsPersonalAccessToken verification more robust by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2359 - Polite Verification by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2356 **Full Changelog**: trufflesecurity/trufflehog@v3.66.3...v3.67.0 ### [`v3.66.3`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.3) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.2...v3.66.3) #### What's Changed - Allow for configuring the buffered file writer by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2319 - added flyio protos by [@​lonmarsDev](https://togithub.com/lonmarsDev) in [trufflesecurity/trufflehog#2357 - Scan GitHub wikis by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2233 - \[chore] Add filesystem integration test by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2358 - update azure test files to check rawV2 by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [trufflesecurity/trufflehog#2353 - \[bug] fix script change by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2360 **Full Changelog**: trufflesecurity/trufflehog@v3.66.2...v3.66.3 ### [`v3.66.2`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.2) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.1...v3.66.2) #### What's Changed - Update the template detector by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2342 - Detectors Updates 1 for Tristate Verification by [@​0x1](https://togithub.com/0x1) in [trufflesecurity/trufflehog#2187 - Fix filesystem enumeration ignore paths bug by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2355 - \[feat] - tmp file diffs by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2306 **Full Changelog**: trufflesecurity/trufflehog@v3.66.1...v3.66.2 ### [`v3.66.1`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.1) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.66.0...v3.66.1) #### What's Changed - Azure function key is throwing FPs by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2352 **Full Changelog**: trufflesecurity/trufflehog@v3.66.0...v3.66.1 ### [`v3.66.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.66.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.65.0...v3.66.0) #### What's Changed - \[chore] - make sure to close connections after testing by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2343 - Prevent print or logging in detectors by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2341 - Add the new MaxMind license key format by [@​faktas2](https://togithub.com/faktas2) in [trufflesecurity/trufflehog#2181 - updates to plain and json printing to include verification error by [@​0x1](https://togithub.com/0x1) in [trufflesecurity/trufflehog#2335 - added azurefunctionkey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [trufflesecurity/trufflehog#2337 - added azuresearchadminkey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [trufflesecurity/trufflehog#2348 - added azuresearchquerykey detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [trufflesecurity/trufflehog#2349 - Improve fp ignore logic by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2351 #### New Contributors - [@​faktas2](https://togithub.com/faktas2) made their first contribution in [trufflesecurity/trufflehog#2181 **Full Changelog**: trufflesecurity/trufflehog@v3.65.0...v3.66.0 ### [`v3.65.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.65.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.64.0...v3.65.0) #### What's Changed - Walk directories in filesystem source enumeration by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2313 - added azuredevopspersonalaccesstoken detector by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [trufflesecurity/trufflehog#2315 - updating doppler logic by [@​joeleonjr](https://togithub.com/joeleonjr) in [trufflesecurity/trufflehog#2329 - add priority semaphore to source manager by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2336 - Add Google oauth2 token detector by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2274 - Update DockerHub detector logic by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2266 - Improve GitHub scan logging by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2220 - add tri-state verification to yelp by [@​zubairk14](https://togithub.com/zubairk14) in [trufflesecurity/trufflehog#1736 - Fix broken test by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2339 **Full Changelog**: trufflesecurity/trufflehog@v3.64.0...v3.65.0 ### [`v3.64.0`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.64.0) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.11...v3.64.0) #### What's Changed - Add prometheus metrics to measure hook execution time by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2312 - updating detector logic for zenscrape by [@​joeleonjr](https://togithub.com/joeleonjr) in [trufflesecurity/trufflehog#2316 - fix for incorrect AWS account number identification by [@​joeleonjr](https://togithub.com/joeleonjr) in [trufflesecurity/trufflehog#2332 - Narrow Postgres detector to only look for URIs by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2314 - Update Gitlab repo count in tests by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2333 - \[feat] - Replace regexp pkg w/ go-re2 in detectors by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2324 **Full Changelog**: trufflesecurity/trufflehog@v3.63.11...v3.64.0 ### [`v3.63.11`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.11) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.10...v3.63.11) #### What's Changed - \[fixup] - save 8 bytes per chunk by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2310 - fix(deps): update module github.com/hashicorp/golang-lru to v2 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2054 - \[chore] - Update Chunk struct comment by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2317 - fix(deps): update golang.org/x/exp digest to [`1b97071`](https://togithub.com/trufflesecurity/trufflehog/commit/1b97071) by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2318 - fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.1 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2320 - fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.0.4 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2322 - fix(deps): update module github.com/aws/aws-sdk-go to v1.50.0 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2325 - \[chore] - reduce test time by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2321 **Full Changelog**: trufflesecurity/trufflehog@v3.63.10...v3.63.11 ### [`v3.63.10`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.10) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.9...v3.63.10) #### What's Changed - added azure protos by [@​roxanne-tampus](https://togithub.com/roxanne-tampus) in [trufflesecurity/trufflehog#2304 - \[fixup ] - Allow ssh cloning with AWS Code Commit by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2307 - Assume unauthenticated github scans have public visibility by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2308 - \[chore] - Add regex and keyword for api_org tokens by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2240 **Full Changelog**: trufflesecurity/trufflehog@v3.63.9...v3.63.10 ### [`v3.63.9`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.9) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.8...v3.63.9) #### What's Changed - \[chore] - update docs for pre-commit by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2280 - Ignore common false positives for Parseur Detector by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2229 - Ignore common Signable false positives by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2230 - fix(deps): update golang.org/x/exp digest to [`be819d1`](https://togithub.com/trufflesecurity/trufflehog/commit/be819d1) by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2281 - \[chore] - update test by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2283 - adding postgres detector by [@​dylanTruffle](https://togithub.com/dylanTruffle) in [trufflesecurity/trufflehog#2108 - fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.1 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2282 - fix(deps): update golang.org/x/exp digest to [`0dcbfd6`](https://togithub.com/trufflesecurity/trufflehog/commit/0dcbfd6) by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2284 - fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.3 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2285 - Extend memory cache by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2275 - fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.19 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2286 - chore(deps): update alpine docker tag to v3.19 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2287 - chore(deps): update sigstore/cosign-installer action to v3.3.0 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2290 - fix(deps): update module cloud.google.com/go/storage to v1.36.0 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2291 - fix(deps): update module github.com/aws/aws-sdk-go to v1.49.18 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2292 - feat(installation): Implement checksum signature verification by [@​hibare](https://togithub.com/hibare) in [trufflesecurity/trufflehog#2157 - fix(deps): update module github.com/aws/aws-sdk-go to v1.49.19 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2294 - fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.9.0 by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2295 - \[chore] - small updates by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2288 - \[feat] - Allow for the use of include/exclude path files for filesystem scans by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2297 - Individuate archive tests by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2293 - \[feat] - Provide CLI flag to only use custom verifiers by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2299 - Disable postgres detector because it it too sensitive by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2303 **Full Changelog**: trufflesecurity/trufflehog@v3.63.8...v3.63.9 ### [`v3.63.8`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.8) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.7...v3.63.8) #### What's Changed - Fix commit message single quote escaping on GitHub Action by [@​0x2b3bfa0](https://togithub.com/0x2b3bfa0) in [trufflesecurity/trufflehog#2259 - fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 \[security] by [@​renovate](https://togithub.com/renovate) in [trufflesecurity/trufflehog#2263 - Fix non-ASCII whitespace on GitHub Action by [@​0x2b3bfa0](https://togithub.com/0x2b3bfa0) in [trufflesecurity/trufflehog#2270 - Update GitParse logic to handle edge case. by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2206 - \[chore] Add test to check all versioned detectors are non-zero by [@​mcastorina](https://togithub.com/mcastorina) in [trufflesecurity/trufflehog#2272 - Update stripe detector regex by [@​NikhilPanwar](https://togithub.com/NikhilPanwar) in [trufflesecurity/trufflehog#2261 - Update to Sourcegraph Access token format by [@​shivasurya](https://togithub.com/shivasurya) in [trufflesecurity/trufflehog#2254 - Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by [@​dependabot](https://togithub.com/dependabot) in [trufflesecurity/trufflehog#2278 - Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 by [@​dependabot](https://togithub.com/dependabot) in [trufflesecurity/trufflehog#2279 - Wrap temp deletion err by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2277 - 1833 Fix syslog udp by [@​df3rry](https://togithub.com/df3rry) in [trufflesecurity/trufflehog#1835 #### New Contributors - [@​0x2b3bfa0](https://togithub.com/0x2b3bfa0) made their first contribution in [trufflesecurity/trufflehog#2259 - [@​NikhilPanwar](https://togithub.com/NikhilPanwar) made their first contribution in [trufflesecurity/trufflehog#2261 - [@​df3rry](https://togithub.com/df3rry) made their first contribution in [trufflesecurity/trufflehog#1835 **Full Changelog**: trufflesecurity/trufflehog@v3.63.7...v3.63.8 ### [`v3.63.7`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.7) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.6...v3.63.7) #### What's Changed - Add skip archive support by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2257 - Skip all binaries by [@​bill-rich](https://togithub.com/bill-rich) in [trufflesecurity/trufflehog#2256 - Add handlerOpts back by [@​bill-rich](https://togithub.com/bill-rich) in [trufflesecurity/trufflehog#2258 - Use directory iterator instead of walkdir by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2260 **Full Changelog**: trufflesecurity/trufflehog@v3.63.6...v3.63.7 ### [`v3.63.6`](https://togithub.com/trufflesecurity/trufflehog/releases/tag/v3.63.6) [Compare Source](https://togithub.com/trufflesecurity/trufflehog/compare/v3.63.5...v3.63.6) #### What's Changed - Adds basic if/else check if pid slice is empty by [@​codevbus](https://togithub.com/codevbus) in [trufflesecurity/trufflehog#2244 - \[fixup] - move cleanup to run by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2245 - shallow cloning + GitHub Action by [@​joeleonjr](https://togithub.com/joeleonjr) in [trufflesecurity/trufflehog#2138 - Update GitHub extradata by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2219 - Avoid extraneous authentication attempts when verifying Snowflake by [@​rgmz](https://togithub.com/rgmz) in [trufflesecurity/trufflehog#2057 - Add missing import by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2246 - \[bug] - Bug archive handler memory leak by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2247 - \[chore] - use snake_case for naming by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2238 - \[chore] - add additional binary extensions to skip by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2235 - \[chore] - lower logging level by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2249 - \[bug] - Fix Context Timeout-Induced Goroutine Leak in readInChunks by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2251 - Dedupe some source log keys by [@​rosecodym](https://togithub.com/rosecodym) in [trufflesecurity/trufflehog#2250 - \[fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data; Optimize /tmp Directory Cleanup by [@​ahrav](https://togithub.com/ahrav) in [trufflesecurity/trufflehog#2253 - Use walkdir for tmp cleanup by [@​dustin-decker](https://togithub.com/dustin-decker) in [trufflesecurity/trufflehog#2255 **Full Changelog**: trufflesecurity/trufflehog@v3.63.5...v3.63.6 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Description:
Replace the standard library regexp with go-re2, a drop-in regexp library that benchmarks significantly faster for our typical detector input size (100 bytes - 10kB). go-re2 shows close to 10x performance gains on large test data, which matches the ~10kB chunk size our detectors operate on. By swapping the regexp library, we stand to see major efficiency improvements in our detectors without changing any logic. go-re2 is optimized for input in the 100 byte to 10kB range, making it a natural fit for our ~10kB chunk data. This change will enable faster and more scalable detectors as our input grows over time.
Note: The go-re2 authors state the library performs worse than standard regexp on tiny (~10 byte) input data, as shown in benchmarks. However, given our typical chunk size of ~10kB, we expect go-re2 to provide better performance despite this tradeoff. Our input rarely drops to 10 byte sizes, so we are making an informed decision to optimize for mid-sized data at the small cost of edge case efficiency.
Note: We cannot use a go mod replace directive since that is not allowed on standard library packages. The regexp import path is thus updated for all detectors. ref thread in which Russ explains why this is not possible.
Checklist:
make test-community
)?make lint
this requires golangci-lint)?