githack 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 45b9752319cd83954a52829df8728540731f5fe7
-  data.tar.gz: 99461ea4306976cdcedfea9927d13b778c96fda4
+  metadata.gz: a900b5b7270b5e428ca145df3ff430d2ba06d936
+  data.tar.gz: 7f63c2b10228956cc19120b2787bebcdfbb560bb
 SHA512:
-  metadata.gz: e5908cddcecc60d86ba4ccf49a9685af8e930ccdf88d9a48507c2bfb442e7ec0274460c01ae1e2e85f800042d6e43723fcda6dd8090b53c080575dfd789b26af
-  data.tar.gz: 6da3344fb2cbd29c67d0648d947bfa82b0a9a09b04a47497f4db7825072632500864fd1b9a25258b623d9dbb28a1329e925b8f2f8c4f5140d44249ea43b87848
+  metadata.gz: 071452db5375ca0af30f609e9432b90b2b636cd494309be220375d519665476c59a548f3176785a0da81244643a423bcd6d1878e70aae55b50a7f0c485042e86
+  data.tar.gz: 6f92e2fdf1374fdd0171921a41ed44add19aa473ad7fdfa682852dd5ffbe277db4b27410a1833c1ac503d471156ed0b98cc05156e279f11a3264c7ed2cf24ac3

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    githack (0.2.0)
+    githack (0.3.0)
       git (~> 1.5)
       tty-spinner (~> 0.8)
 
@@ -38,4 +38,4 @@ DEPENDENCIES
   rspec (~> 3.0)
 
 BUNDLED WITH
-   1.16.1
+   1.16.3

data/README.md

@@ -2,18 +2,16 @@
 
 [![Gem Version](https://badge.fury.io/rb/githack.svg)](https://rubygems.org/gems/githack)
 
-Crawl [Git][git]'s commits of a given repository to find forgotten credentials
+Crawl [Git][git]'s commits of a given repository to find forgotten credentials according to given framework.
 
-Currently support:
+> [See documentation ](https://www.rubydoc.info/gems/githack/Githack/Repositories) to know which framework is currently supported
 
-- [Ruby on Rails](https://rubyonrails.org)
-
-  - _config/secrets.yml_
-  - _config/database.yml_
 
 ## Dependencies
 
-You need to install [Git][git]. Exemple for Debian based distributions:
+You need to install [Git][git].
+
+Exemple for Debian based distributions:
 
 ```bash
 $ sudo apt install git
@@ -44,31 +42,44 @@ Simply use tis to clone the remote repository in your temporary folder
 ```ruby
 require 'githack'
 
-repository = Githack::RailsRepository.new 'https://github.com/RaspberryCook/website'
+repository = Githack::Repositories::Rails::v4.new 'https://github.com/RaspberryCook/website'
 ```
 
-And then you can search on repository like this:
+And then you can search on repository using `databases` or `secrets` who returns `Array<Githack::Leak>`. `Githack::Leak` contains `sha`, `file` and `content`:
 
 ```ruby
-repository.search_rails_config_database
-# [{"adapter"=>"mysql2", "database"=>"raspberry_cook", "encoding"=>"utf8", "username"=>"raspberry_cook", "password"=>"secret", "host"=>"localhost", "pool"=>5, "timeout"=>5000}])
-
-repository.search_rails_config_secrets
-# [{"development"=>{"marmiton_password"=>"20462046"}, "production"=>{"marmiton_password"=>"20462046"}, "test"=>{"marmiton_password"=>"20462046"}}])
+repository.databases.each do |leak|
+  # <Githack::Leak:Githack::Leak:0x00556db18af998 ...  >,
+  puts leak.sha
+  # => 566fac779248c345192512423770f14cf4af1435
+  puts leak.file
+  # => /tmp/https___github_com_madeindjs_fooder/config/database.yml
+  puts leak.content
+  # "development:\n" +
+  # "  adapter: mysql2\n" +
+  # "  database: raspberry_cook\n" +
+  # "  encoding: utf8\n" +
+  # "  username: raspberry_cook\n" +
+  # "  password: secret\n" +
+  # "  host:  localhost\n" +
+end
+
+repository.secrets.each do |leak|
+  # ....
+end
 ```
 
 Theses methods will:
 
 1. Search all commit were file changed
 2. Checkout on theses commit to get file content
-3. Filter only usefull informations
 
 ### As command line tool
 
 Simply use
 
 ```bash
-$ githack.rb https://github.com/RaspberryCook/website
+$ githack.rb --framework=Rails::V4 https://github.com/madeindjs/fooder
 ```
 
 ## Development
@@ -79,7 +90,35 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/githack. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/madeindjs/githack. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+### Add new framwork to support
+
+Fork this repository & create a new file based on `Githack::Repositories::Rails`
+
+```bash
+$ cp lib/githack/repositories/rails.rb
+```
+
+Then simply overwride
+
+```ruby
+# lib/githack/repositories/your_framework.rb
+module Githack
+  module Repositories
+    # Module who hold all version of your framework
+    module YourFramework
+      # Represent a version of your framework
+      class V1 < Githack::Repository
+        # Represent the path to secrets files
+        DATABASE_PATHS = [File.join('config', 'database.php')].freeze
+        # Represent the path to database configuration files
+        SECRET_PATH = [File.join('config', 'secrets.yml')].freeze
+      end
+    end
+  end
+end
+```
 
 ## Code of Conduct
 

data/bin/githack.rb

@@ -8,14 +8,19 @@ url = nil
 
 options = {
   skip_config_secrets: false,
-  skip_config_database: false
+  skip_config_database: false,
+  framework: nil
 }
 
-OptionParser.new do |opts|
+optparse = OptionParser.new do |opts|
   opts.banner = 'Usage: githack.rb URL with URL as remote URL of a Git repository (currently works only for Rails project)'
 
   url = ARGV.pop
 
+  opts.on '-f', '--framework FRAMEWORK', 'Specify repository framework to target to find leaked data', 'use without parameter to get the complete list' do |framework|
+    options[:framework] = framework
+  end
+
   opts.on '--skip_config_secrets', 'Not search for config/secrets.yml' do |_o|
     options[:skip_config_secrets] = true
   end
@@ -24,22 +29,41 @@ OptionParser.new do |opts|
     options[:skip_config_secrets] = true
   end
 
+  opts.on('-h', '--help', 'Display this screen') do
+    puts opts
+    exit
+  end
+
   unless url
     puts "You must provide a Git remote URL\r\n\r\n"
     puts opts
     exit
   end
-end.parse!
+end
+
+optparse.parse!
+
+unless Githack::Repositories.get_availables_frameworks_versions_pretty.include?(options[:framework])
+
+  puts "You must specify framework\r\n\r\n"
+  Githack::Repositories.get_availables_frameworks_versions_pretty.each do |framework|
+    puts format('  - %s', framework)
+  end
+
+  exit
+end
+
+framework_class = Githack::Repositories.const_get(options[:framework])
 
 spinner = TTY::Spinner.new '[:spinner] Cloning repository ...'
 spinner.auto_spin
-repository = Githack::RailsRepository.new url
+repository = framework_class.new url
 spinner.stop('Done!')
 
 unless options[:skip_config_database]
   spinner = TTY::Spinner.new '[:spinner] Search in config/database.yml (Rails) ...'
   spinner.auto_spin
-  result = repository.search_rails_config_database
+  result = repository.databases
   spinner.stop('Done!')
   pp result
 end
@@ -47,7 +71,7 @@ end
 unless options[:skip_config_secrets]
   spinner = TTY::Spinner.new '[:spinner] Search in config/secrets.yml (Rails) ...'
   spinner.auto_spin
-  result = repository.search_rails_config_secrets
+  result = repository.secrets
   spinner.stop('Done!')
   pp result
 end

data/lib/githack.rb

@@ -1,6 +1,42 @@
 require 'githack/version'
-require 'githack/rails_repository'
+require 'githack/repositories/cakephp'
+require 'githack/repositories/laravel'
+require 'githack/repositories/rails'
+require 'githack/repositories/symfony'
+require 'githack/leak'
 
 module Githack
-  # Your code goes here...
+  # Represent frameworks available to parse leaked data
+  module Repositories
+    # Get all class available as repository
+    #
+    # @return [Array<Class>]
+    def self.get_availables_frameworks_versions
+      available = []
+
+      frameworks = Githack::Repositories.constants.select do |c|
+        Githack::Repositories.const_get(c).is_a? Module
+      end
+
+      frameworks.each do |framework|
+        framework_module = Githack::Repositories.const_get(framework)
+
+        Githack::Repositories.const_get(framework).constants.each do |v|
+          v_class = framework_module.const_get(v)
+          available << v_class if v_class.is_a? Class
+        end
+      end
+
+      available
+    end
+
+    # Get all class available as repository as pretty string
+    #
+    # @return [Array<String>]
+    def self.get_availables_frameworks_versions_pretty
+      Repositories.get_availables_frameworks_versions.map do |framework|
+        framework.to_s.gsub('Githack::Repositories::', '')
+      end.sort
+    end
+  end
 end

data/lib/githack/leak.rb

@@ -0,0 +1,11 @@
+module Githack
+  class Leak
+    attr_reader :sha, :content, :file
+
+    def initialize(sha, file)
+      @sha = sha
+      @file = file
+      @content = File.read(file)
+    end
+  end
+end

data/lib/githack/repositories/cakephp.rb

@@ -0,0 +1,23 @@
+require 'githack/repository'
+
+module Githack
+  module Repositories
+    module CakePHP
+      class V3 < Githack::Repository
+        DATABASE_PATHS = [
+          File.join('config', 'app.php')
+        ].freeze
+
+        # SECRET_PATH = ['config', 'secrets.yml']
+      end
+
+      class V2 < Githack::Repository
+        DATABASE_PATHS = [
+          File.join('app', 'Config', 'database.php')
+        ].freeze
+
+        # SECRET_PATH = ['config', 'secrets.yml']
+      end
+    end
+  end
+end

data/lib/githack/repositories/laravel.rb

@@ -0,0 +1,23 @@
+require 'githack/repository'
+
+module Githack
+  module Repositories
+    module Laravel
+      class V5 < Githack::Repository
+        DATABASE_PATHS = [
+          File.join('config', 'database.php')
+        ].freeze
+
+        # SECRET_PATH = ['config', 'secrets.yml']
+      end
+
+      class V4 < V5
+        DATABASE_PATHS = [
+          File.join('app', 'config', 'database.php')
+        ].freeze
+
+        # SECRET_PATH = ['config', 'secrets.yml']
+      end
+    end
+  end
+end

data/lib/githack/repositories/rails.rb

@@ -0,0 +1,23 @@
+require 'githack/repository'
+
+module Githack
+  module Repositories
+    module Rails
+      class V5 < Githack::Repository
+        SECRET_PATHS = [
+          File.join('config', 'secrets.yml')
+        ].freeze
+
+        DATABASE_PATHS = [
+          File.join('config', 'database.yml')
+        ].freeze
+      end
+
+      class V4 < V5
+      end
+
+      class V3 < V5
+      end
+    end
+  end
+end

data/lib/githack/repositories/symfony.rb

@@ -0,0 +1,49 @@
+require 'githack/repository'
+
+module Githack
+  module Repositories
+    module Symfony
+      class V4 < Githack::Repository
+        SECRET_PATHS = ['.env'].freeze
+
+        # https://symfony.com/doc/4.1/doctrine.html
+        DATABASE_PATHS = [
+          File.join('config', 'packages', 'doctrine.yaml'),
+          File.join('config', 'packages', 'doctrine.xml'),
+          File.join('config', 'packages', 'doctrine.php')
+        ].freeze
+      end
+
+      class V3 < Githack::Repository
+        SECRET_PATHS = ['.env'].freeze
+
+        # https://symfony.com/doc/3.3/doctrine.html
+        DATABASE_PATHS = [
+          File.join('app', 'config', 'parameters.xml'),
+          File.join('app', 'config', 'parameters.yml'),
+          File.join('app', 'config', 'parameters.php')
+        ].freeze
+      end
+
+      class V2 < Githack::Repository
+        SECRET_PATHS = ['.env'].freeze
+
+        # https://symfony.com/doc/2.8/doctrine.html
+        DATABASE_PATHS = [
+          File.join('app', 'config', 'config.xml'),
+          File.join('app', 'config', 'config.yml'),
+          File.join('app', 'config', 'config.php')
+        ].freeze
+      end
+
+      class V1 < Githack::Repository
+        SECRET_PATHS = [].freeze
+
+        # https://symfony.com/legacy/doc/reference/1_4/en/07-Databases
+        DATABASE_PATHS = [
+          File.join('config', 'databases.yml')
+        ].freeze
+      end
+    end
+  end
+end

data/lib/githack/repository.rb

@@ -1,11 +1,17 @@
 require 'tmpdir'
 require 'yaml'
 require 'git'
+require 'githack/leak'
 
 module Githack
   class Repository
     attr_reader :git, :remote, :name, :path
 
+    # Represent the path to secrets files
+    SECRET_PATH = [].freeze
+    # Represent the path to database configuration files
+    DATABASE_PATH = [].freeze
+
     def initialize(remote)
       @remote = remote
       @name = remote.gsub /[^0-9A-Z]/i, '_'
@@ -18,40 +24,61 @@ module Githack
              end
     end
 
-    protected
+    # Get all changements for config/secrets.yml file (who contains some API keys)
+    #
+    # @return [Array<Githack::Leak>]
+    def secrets
+      leaks = []
+      files = self.class::SECRET_PATHS.map { |f| File.join(@path, f) }
 
-    # Checkout on all file changes
+      get_leaks(*files).each do |leak|
+        leaks << leak
+        yield lead if block_given?
+      end
+      leaks
+    end
+
+    # Get all changements for config/database.yml file (who contains database configuration for Ruby on Rails Framework)
     #
-    # @param file <String> absolute filepath
-    # @yield <Hash> YAML file parsed
-    def checkout_on_yaml_file_change(file)
-      checkout_on_file_change(file) do
-        begin
-          data = YAML.safe_load(File.read(file))
-          yield data
-        rescue Psych::SyntaxError => e
-          # can't parse YAML file
-        end
+    # @return [Array<Githack::Leak>]
+    def databases
+      leaks = []
+      files = self.class::DATABASE_PATHS.map { |f| File.join(@path, f) }
+
+      get_leaks(*files).each do |leak|
+        leaks << leak
+        yield lead if block_given?
       end
+      leaks
     end
 
+    protected
+
     # Checkout on all file changes
     #
-    # @param file <String> absolute filepath
-    # @yield <Git::Log>
-    def checkout_on_file_change(file)
+    # @yield [Githack::Leak]
+    def get_leaks(*files)
+      leaks = []
       @git.checkout 'master'
-      begin
-        @git.log.object(file).each do |commit|
-          @git.checkout commit
-          next unless File.exist? file
 
-          yield commit
+      files.each do |file|
+        begin
+          @git.log.object(file).each do |commit|
+            @git.checkout commit
+            next unless File.exist? file
+
+            leak = Githack::Leak.new(commit.sha, file)
+            leaks << leak
+
+            yield leak if block_given?
+          end
+        rescue StandardError
+          Psych::BadAlias
         end
-      rescue StandardError
-        Psych::BadAlias
+        @git.checkout 'master'
       end
-      @git.checkout 'master'
+
+      leaks
     end
   end
 end

data/lib/githack/version.rb

@@ -1,3 +1,3 @@
 module Githack
-  VERSION = '0.2.0'.freeze
+  VERSION = '0.3.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: githack
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Rousseau Alexandre
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-19 00:00:00.000000000 Z
+date: 2018-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: git
@@ -101,7 +101,11 @@ files:
 - bin/setup
 - githack.gemspec
 - lib/githack.rb
-- lib/githack/rails_repository.rb
+- lib/githack/leak.rb
+- lib/githack/repositories/cakephp.rb
+- lib/githack/repositories/laravel.rb
+- lib/githack/repositories/rails.rb
+- lib/githack/repositories/symfony.rb
 - lib/githack/repository.rb
 - lib/githack/version.rb
 homepage: https://github.com/madeindjs/githack

data/lib/githack/rails_repository.rb

@@ -1,35 +0,0 @@
-require 'githack/repository'
-
-module Githack
-  class RailsRepository < Repository
-    # Get all changements for config/secrets.yml file (who contains some API keys)
-    def search_rails_config_secrets
-      results = []
-
-      absolute_file_path = File.join @path, 'config', 'secrets.yml'
-
-      checkout_on_yaml_file_change(absolute_file_path) do |secrets|
-        results << secrets
-      end
-
-      results.uniq
-    end
-
-    # Get all changements for config/database.yml file (who contains database configuration for Ruby on Rails Framework)
-    def search_rails_config_database
-      results = []
-
-      absolute_file_path = File.join @path, 'config', 'database.yml'
-
-      checkout_on_yaml_file_change(absolute_file_path) do |configs|
-        configs.each do |config|
-          config_data = config[1]
-          next if config_data['adapter'] == 'sqlite3'
-          results << config_data
-        end
-      end
-
-      results.uniq
-    end
-    end
-end