prepping for v1.0.8

cutler-scott-newrelic · cutler-scott-newrelic · commit 000a7bb4ea65 · 2020-08-10T15:07:28.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,4 +12,12 @@
 - refactored a lot of code around entropy matching and filtering. It is now built entirely into lib.rs and thus works with all hogs. It also uses normalized entropy instead of shannon entropy directly. So entropy thresholds are now on a scale of 0-1. The formula is essentially (shannon_entropy / log_base_2(keyspace)). Finding secrets based on entropy is also integrated into all hogs. If you are implementing a custom hog, you should switch from .matches() to .matches_entropy() to get these benefits. 
 - changed whitelist to allowlist
 - factored the default ruleset into it's own JSON file in src/default_rules.json. This makes it easier for you to modify and customize.
-- After the v1.0.7 commits are made, I will upload them to DockerHub and update the README and build scripts in the repo accordingly. This first release will be done manually and future releases should be done via build_ghrelease.sh 
+- After the v1.0.7 commits are made, I will upload them to DockerHub and update the README and build scripts in the repo accordingly. This first release will be done manually and future releases should be done via build_ghrelease.sh
+
+## v1.0.8
+- reworked allow lists in a few ways:
+    - now compiles the values into regular expressions rather than using string compare
+    - includes a default allowlist when none is specified
+    - if the pattern name "<GLOBAL>" is used it will be checked against all patterns
+    - moved the allowlist code into lib.rs so that all hogs will use it by default
+    
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rusty_hogs"
-version = "1.0.7"
+version = "1.0.8"
 authors = ["Scott Cutler <scutler@newrelic.com>"]
 edition = "2018"
 description = "This project provides a set of scanners that will use regular expressions to try and detect the presence of sensitive information such as API keys, passwords, and personal information. It includes a set of regular expressions by default, but will also accept a JSON object containing your custom regular expressions."
diff --git a/README.md b/README.md
@@ -48,8 +48,8 @@ Download and unzip the [latest ZIP](https://github.com/newrelic/rusty-hog/releas
 on the releases tab. Then, run each binary with `-h` to see the usage.
 
 ```shell script
-wget https://github.com/newrelic/rusty-hog/releases/download/1.0.7/rustyhogs-musl_darwin_1.0.7.zip
-unzip rustyhogs-musl_darwin_1.0.7.zip
+wget https://github.com/newrelic/rusty-hog/releases/download/1.0.8/rustyhogs-musl_darwin_1.0.8.zip
+unzip rustyhogs-musl_darwin_1.0.8.zip
 darwin_releases/choctaw_hog -h
 ```
 
@@ -58,8 +58,8 @@ Rusty Hog Docker images can be found at the authors personal DockerHub page [her
 A Docker Image is built for each Hog and for each release. So to use choctaw_hog you would run the following commands:
 
 ```shell script
-docker pull wetfeet2000/choctaw_hog:1.0.7
-docker run -it --rm wetfeet2000/choctaw_hog:1.0.7 --help
+docker pull wetfeet2000/choctaw_hog:1.0.8
+docker run -it --rm wetfeet2000/choctaw_hog:1.0.8 --help
 ```
 
 ## How to build
@@ -288,7 +288,7 @@ properties output by the scanner.
 Each value should be a string containing a valid [https://docs.rs/regex/1.3.9/regex/#syntax](regular expression for Rust) 
 that should match the type of secret described by its corresponding key.
 
-As of version 1.0.7, the Rusty Hog engine also supports objects as values for each secret. 
+As of version 1.0.8, the Rusty Hog engine also supports objects as values for each secret. 
 The object can contain all of the following:
 
 - a pattern property with the matching regex expression (mandatory)
@@ -443,12 +443,7 @@ Keep in mind that when you submit your pull request, you'll need to sign the CLA
 
 
 ## Feature Roadmap
-- 1.0.7:
-    - [x] Replace whitelist with allowlist
-    - [x] Improve email regex to stop extraneous matches (https://github.com/newrelic/rusty-hog/issues/11)
-    - [x] Add documentation around DockerHub and Docker usage
-    - [x] Perform at-compile-time inclusion of the default ruleset which can sit in an external JSON file
-    
+  
 - 1.1: Enterprise features
     - [ ] Support config files (instead of command line args)
     - [ ] Support environment variables instead of CLI args
diff --git a/src/bin/ankamali_hog.rs b/src/bin/ankamali_hog.rs
@@ -45,7 +45,7 @@ use rusty_hogs::{SecretScanner, SecretScannerBuilder};
 /// Main entry function that uses the [clap crate](https://docs.rs/clap/2.33.0/clap/)
 fn main() {
     let matches = clap_app!(ankamali_hog =>
-        (version: "1.0.7")
+        (version: "1.0.8")
         (author: "Scott Cutler <scutler@newrelic.com>")
         (about: "Google Drive secret scanner in Rust.")
         (@arg REGEX: --regex +takes_value "Sets a custom regex JSON file")
diff --git a/src/bin/berkshire_hog.rs b/src/bin/berkshire_hog.rs
@@ -46,7 +46,7 @@ use std::iter::FromIterator;
 /// Main entry function that uses the [clap crate](https://docs.rs/clap/2.33.0/clap/)
 fn main() {
     let matches = clap_app!(berkshire_hog =>
-        (version: "1.0.7")
+        (version: "1.0.8")
         (author: "Scott Cutler <scutler@newrelic.com>")
         (about: "S3 secret hunter in Rust. Avoid bandwidth costs, run this within a VPC!")
         (@arg REGEX: --regex +takes_value "Sets a custom regex JSON file")
diff --git a/src/bin/choctaw_hog.rs b/src/bin/choctaw_hog.rs
@@ -52,7 +52,7 @@ use rusty_hogs::{SecretScanner, SecretScannerBuilder};
 /// Main entry function that uses the [clap crate](https://docs.rs/clap/2.33.0/clap/)
 fn main() {
     let matches = clap_app!(choctaw_hog =>
-        (version: "1.0.7")
+        (version: "1.0.8")
         (author: "Scott Cutler <scutler@newrelic.com>")
         (about: "Git secret scanner in Rust")
         (@arg REGEX: -r --regex +takes_value "Sets a custom regex JSON file")
diff --git a/src/bin/duroc_hog.rs b/src/bin/duroc_hog.rs
@@ -69,7 +69,7 @@ const GZEXTENSIONS: &[&str] = &["gz", "tgz"];
 /// Main entry function that uses the [clap crate](https://docs.rs/clap/2.33.0/clap/)
 fn main() {
     let matches = clap_app!(duroc_hog =>
-        (version: "1.0.7")
+        (version: "1.0.8")
         (author: "Scott Cutler <scutler@newrelic.com>")
         (about: "File system secret scanner in Rust")
         (@arg REGEX: -r --regex +takes_value "Sets a custom regex JSON file")
diff --git a/src/bin/essex_hog.rs b/src/bin/essex_hog.rs
@@ -68,7 +68,7 @@ pub struct ConfluencePage {
 /// Main entry function that uses the [clap crate](https://docs.rs/clap/2.33.0/clap/)
 fn main() {
     let matches = clap_app!(gottingen_hog =>
-        (version: "1.0.7")
+        (version: "1.0.8")
         (author: "Emily Cain <ecain@newrelic.com>, Scott Cutler")
         (about: "Confluence secret scanner in Rust.")
         (@arg REGEX: --regex +takes_value "Sets a custom regex JSON file")
diff --git a/src/bin/gottingen_hog.rs b/src/bin/gottingen_hog.rs
@@ -60,7 +60,7 @@ pub struct JiraFinding {
 /// Main entry function that uses the [clap crate](https://docs.rs/clap/2.33.0/clap/)
 fn main() {
     let matches = clap_app!(gottingen_hog =>
-        (version: "1.0.7")
+        (version: "1.0.8")
         (author: "Emily Cain <ecain@newrelic.com>")
         (about: "Jira secret scanner in Rust.")
         (@arg REGEX: --regex +takes_value "Sets a custom regex JSON file")
