Create kubeconfig detector

[rgmz]

Description:

This creates a detector to match both JSON and YAML kubeconfig files¹².

While it works, it clashes against many of TruffleHog's current limitations.

1. Using regular expression to match/parse structured data
2. It requires all the relevant data to be committed at once, otherwise it won't be detected (Multi-part secrets are not reliably detected #2267).
3. It won't work on larger configs that get split by the chunker

   trufflehog/pkg/sources/chunker.go

   Lines 13 to 14 in 0024b6c

   	// ChunkSize is the maximum size of a chunk.
   	ChunkSize = 10 * 1024

✅ Found verified result 🐷🔑
Detector Type: KubeConfig
Decoder Type: PLAIN
Raw result: eyJhbGci...
User: system:serviceaccount:default:namespace/sa-name
Type: TokenAuth
Namespaces: default,kube1,kube2,kube3,kube4 (+ more)
Server: https://console.openshift.example.com:443
File: /home/user/.kube/config
Line: 59

TODO

• Configure sending mutual TLS
• Test mutual TLS auth
• Add test cases for obvious non-matches
  • https://github.com/kubernetes/client-go/blob/b7b3ea539440e6d0efc6ef4dab644108016788c0/1.4/tools/clientcmd/loader_test.go
• Add test case for this kubernetes/examples@50c2301#diff-2065905535ff4e50c6b7c67cada76e55e86c2f1c9378198c96de8647222288d2R200-R224 (user 'lithe-cocoa-92103_kubernetes@lithe-cocoa-92103_kubernetes' has no associated auth info)
• Handle JSON payloads with null values https://github.com/microsoft/azure-pipelines-tasks/blob/c7a37a8550bfc27d8f2d3f5849091c8e0fa18c7f/common-npm-packages/utility-common-v2/kubectlutility.ts#L54
• Handle clusters with name before server (https://github.com/SurbhiKharche/swe645-hw3/blob/af64bf1e6a96f4523cd68cc605a58381f25f54d6/kubeconfig#L23)
• Add multi-part detector struct

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

Footnotes

1. https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/ ↩

2. https://www.redhat.com/sysadmin/kubeconfig ↩