gitrob 0.0.6 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +30 -7
- data/.rspec +0 -1
- data/.rubocop.yml +55 -0
- data/.travis.yml +4 -0
- data/CHANGELOG.md +42 -0
- data/CONTRIBUTING.md +137 -9
- data/Gemfile +11 -1
- data/Guardfile +42 -0
- data/LICENSE.txt +17 -18
- data/README.md +79 -29
- data/Rakefile +6 -0
- data/bin/console +34 -0
- data/bin/setup +7 -0
- data/db/migrations/001_create_assessments.rb +19 -0
- data/db/migrations/002_create_github_access_tokens.rb +11 -0
- data/db/migrations/003_create_owners.rb +24 -0
- data/db/migrations/004_create_repositories.rb +23 -0
- data/db/migrations/005_create_blobs.rb +16 -0
- data/db/migrations/006_create_flags.rb +13 -0
- data/db/migrations/007_create_comparisons.rb +17 -0
- data/db/migrations/008_create_blobs_comparisons.rb +8 -0
- data/db/migrations/009_create_comparisons_repositories.rb +8 -0
- data/db/migrations/010_create_comparisons_owners.rb +8 -0
- data/exe/gitrob +6 -0
- data/gitrob.gemspec +25 -18
- data/lib/gitrob/blob_observer.rb +103 -0
- data/lib/gitrob/cli/command.rb +58 -0
- data/lib/gitrob/cli/commands/accept_terms_of_use.rb +61 -0
- data/lib/gitrob/cli/commands/analyze/analysis.rb +75 -0
- data/lib/gitrob/cli/commands/analyze/gathering.rb +101 -0
- data/lib/gitrob/cli/commands/analyze.rb +63 -0
- data/lib/gitrob/cli/commands/banner.rb +25 -0
- data/lib/gitrob/cli/commands/configure.rb +123 -0
- data/lib/gitrob/cli/commands/server.rb +21 -0
- data/lib/gitrob/cli/progress_bar.rb +47 -0
- data/lib/gitrob/cli.rb +213 -0
- data/lib/gitrob/github/client_manager.rb +46 -0
- data/lib/gitrob/github/data_manager.rb +121 -0
- data/lib/gitrob/jobs/assessment.rb +12 -0
- data/lib/gitrob/jobs/comparison.rb +55 -0
- data/lib/gitrob/models/assessment.rb +96 -0
- data/lib/gitrob/models/blob.rb +50 -0
- data/lib/gitrob/models/comparison.rb +15 -0
- data/lib/gitrob/models/flag.rb +15 -0
- data/lib/gitrob/models/github_access_token.rb +17 -0
- data/lib/gitrob/models/owner.rb +23 -0
- data/lib/gitrob/models/repository.rb +20 -0
- data/lib/gitrob/utils.rb +19 -0
- data/lib/gitrob/version.rb +1 -1
- data/lib/gitrob/web_app.rb +292 -0
- data/lib/gitrob.rb +30 -113
- data/public/css/bootstrap.min.css +11 -0
- data/public/css/main.css +130 -0
- data/public/css/tomorrow-night.css +75 -0
- data/public/fonts/glyphicons-halflings-regular.eot +0 -0
- data/public/fonts/glyphicons-halflings-regular.svg +273 -214
- data/public/fonts/glyphicons-halflings-regular.ttf +0 -0
- data/public/fonts/glyphicons-halflings-regular.woff +0 -0
- data/public/fonts/glyphicons-halflings-regular.woff2 +0 -0
- data/public/images/blob_spinner.gif +0 -0
- data/public/images/gear_spinner.gif +0 -0
- data/public/js/bootstrap.min.js +7 -0
- data/public/js/highlight.pack.js +2 -0
- data/public/js/highlight.worker.js +13 -0
- data/public/js/jquery-2.1.4.min.js +4 -0
- data/public/js/main.js +239 -0
- data/public/robots.txt +2 -0
- data/signatures.json +541 -0
- data/views/assessments/_assessments.erb +57 -0
- data/views/assessments/_comparable_assessments.erb +38 -0
- data/views/assessments/_comparisons.erb +111 -0
- data/views/assessments/compare.erb +22 -0
- data/views/assessments/findings.erb +55 -0
- data/views/assessments/repositories.erb +35 -0
- data/views/assessments/show.erb +1 -0
- data/views/assessments/users.erb +46 -0
- data/views/blobs/show.erb +37 -0
- data/views/comparisons/show.erb +125 -0
- data/views/errors/internal_server_error.erb +9 -0
- data/views/errors/not_found.erb +5 -0
- data/views/index.erb +43 -28
- data/views/layout.erb +38 -12
- data/views/repositories/show.erb +49 -0
- data/views/users/show.erb +54 -0
- metadata +217 -106
- data/bin/gitrob +0 -260
- data/lib/gitrob/github/blob.rb +0 -41
- data/lib/gitrob/github/http_client.rb +0 -127
- data/lib/gitrob/github/organization.rb +0 -99
- data/lib/gitrob/github/repository.rb +0 -72
- data/lib/gitrob/github/user.rb +0 -84
- data/lib/gitrob/observers/sensitive_files.rb +0 -83
- data/lib/gitrob/progressbar.rb +0 -52
- data/lib/gitrob/util.rb +0 -11
- data/lib/gitrob/webapp.rb +0 -76
- data/models/blob.rb +0 -35
- data/models/finding.rb +0 -14
- data/models/organization.rb +0 -32
- data/models/repo.rb +0 -22
- data/models/user.rb +0 -28
- data/patterns.json +0 -394
- data/public/javascripts/bootstrap.min.js +0 -7
- data/public/javascripts/gitrob.js +0 -75
- data/public/javascripts/jquery-2.1.1.min.js +0 -4
- data/public/javascripts/lang-apollo.js +0 -2
- data/public/javascripts/lang-basic.js +0 -3
- data/public/javascripts/lang-clj.js +0 -18
- data/public/javascripts/lang-css.js +0 -2
- data/public/javascripts/lang-dart.js +0 -3
- data/public/javascripts/lang-erlang.js +0 -2
- data/public/javascripts/lang-go.js +0 -1
- data/public/javascripts/lang-hs.js +0 -2
- data/public/javascripts/lang-lisp.js +0 -3
- data/public/javascripts/lang-llvm.js +0 -1
- data/public/javascripts/lang-lua.js +0 -2
- data/public/javascripts/lang-matlab.js +0 -6
- data/public/javascripts/lang-ml.js +0 -2
- data/public/javascripts/lang-mumps.js +0 -2
- data/public/javascripts/lang-n.js +0 -4
- data/public/javascripts/lang-pascal.js +0 -3
- data/public/javascripts/lang-proto.js +0 -1
- data/public/javascripts/lang-r.js +0 -2
- data/public/javascripts/lang-rd.js +0 -1
- data/public/javascripts/lang-scala.js +0 -2
- data/public/javascripts/lang-sql.js +0 -2
- data/public/javascripts/lang-tcl.js +0 -3
- data/public/javascripts/lang-tex.js +0 -1
- data/public/javascripts/lang-vb.js +0 -2
- data/public/javascripts/lang-vhdl.js +0 -3
- data/public/javascripts/lang-wiki.js +0 -2
- data/public/javascripts/lang-xq.js +0 -3
- data/public/javascripts/lang-yaml.js +0 -2
- data/public/javascripts/prettify.js +0 -30
- data/public/javascripts/run_prettify.js +0 -34
- data/public/stylesheets/bootstrap.min.css +0 -7
- data/public/stylesheets/bootstrap.min.css.vanilla +0 -5
- data/public/stylesheets/gitrob.css +0 -88
- data/public/stylesheets/prettify.css +0 -51
- data/spec/lib/gitrob/observers/sensitive_files_spec.rb +0 -691
- data/spec/spec_helper.rb +0 -127
- data/views/blob.erb +0 -22
- data/views/organization.erb +0 -126
- data/views/repository.erb +0 -51
- data/views/user.erb +0 -51
data/signatures.json
ADDED
@@ -0,0 +1,541 @@
|
|
1
|
+
[
|
2
|
+
{
|
3
|
+
"part": "filename",
|
4
|
+
"type": "regex",
|
5
|
+
"pattern": "\\A.*_rsa\\z",
|
6
|
+
"caption": "Private SSH key",
|
7
|
+
"description": null
|
8
|
+
},
|
9
|
+
{
|
10
|
+
"part": "filename",
|
11
|
+
"type": "regex",
|
12
|
+
"pattern": "\\A.*_dsa\\z",
|
13
|
+
"caption": "Private SSH key",
|
14
|
+
"description": null
|
15
|
+
},
|
16
|
+
{
|
17
|
+
"part": "filename",
|
18
|
+
"type": "regex",
|
19
|
+
"pattern": "\\A.*_ed25519\\z",
|
20
|
+
"caption": "Private SSH key",
|
21
|
+
"description": null
|
22
|
+
},
|
23
|
+
{
|
24
|
+
"part": "filename",
|
25
|
+
"type": "regex",
|
26
|
+
"pattern": "\\A.*_ecdsa\\z",
|
27
|
+
"caption": "Private SSH key",
|
28
|
+
"description": null
|
29
|
+
},
|
30
|
+
{
|
31
|
+
"part": "path",
|
32
|
+
"type": "regex",
|
33
|
+
"pattern": "\\.?ssh/config\\z",
|
34
|
+
"caption": "SSH configuration file",
|
35
|
+
"description": null
|
36
|
+
},
|
37
|
+
{
|
38
|
+
"part": "extension",
|
39
|
+
"type": "match",
|
40
|
+
"pattern": "pem",
|
41
|
+
"caption": "Potential cryptographic private key",
|
42
|
+
"description": null
|
43
|
+
},
|
44
|
+
{
|
45
|
+
"part": "extension",
|
46
|
+
"type": "regex",
|
47
|
+
"pattern": "\\Akey(pair)?\\z",
|
48
|
+
"caption": "Potential cryptographic private key",
|
49
|
+
"description": null
|
50
|
+
},
|
51
|
+
{
|
52
|
+
"part": "extension",
|
53
|
+
"type": "match",
|
54
|
+
"pattern": "pkcs12",
|
55
|
+
"caption": "Potential cryptographic key bundle",
|
56
|
+
"description": null
|
57
|
+
},
|
58
|
+
{
|
59
|
+
"part": "extension",
|
60
|
+
"type": "match",
|
61
|
+
"pattern": "pfx",
|
62
|
+
"caption": "Potential cryptographic key bundle",
|
63
|
+
"description": null
|
64
|
+
},
|
65
|
+
{
|
66
|
+
"part": "extension",
|
67
|
+
"type": "match",
|
68
|
+
"pattern": "p12",
|
69
|
+
"caption": "Potential cryptographic key bundle",
|
70
|
+
"description": null
|
71
|
+
},
|
72
|
+
{
|
73
|
+
"part": "extension",
|
74
|
+
"type": "match",
|
75
|
+
"pattern": "asc",
|
76
|
+
"caption": "Potential cryptographic key bundle",
|
77
|
+
"description": null
|
78
|
+
},
|
79
|
+
{
|
80
|
+
"part": "filename",
|
81
|
+
"type": "match",
|
82
|
+
"pattern": "otr.private_key",
|
83
|
+
"caption": "Pidgin OTR private key",
|
84
|
+
"description": null
|
85
|
+
},
|
86
|
+
{
|
87
|
+
"part": "filename",
|
88
|
+
"type": "regex",
|
89
|
+
"pattern": "\\A\\.?(bash_|zsh_|z)?history\\z",
|
90
|
+
"caption": "Shell command history file",
|
91
|
+
"description": null
|
92
|
+
},
|
93
|
+
{
|
94
|
+
"part": "filename",
|
95
|
+
"type": "regex",
|
96
|
+
"pattern": "\\A\\.?mysql_history\\z",
|
97
|
+
"caption": "MySQL client command history file",
|
98
|
+
"description": null
|
99
|
+
},
|
100
|
+
{
|
101
|
+
"part": "filename",
|
102
|
+
"type": "regex",
|
103
|
+
"pattern": "\\A\\.?psql_history\\z",
|
104
|
+
"caption": "PostgreSQL client command history file",
|
105
|
+
"description": null
|
106
|
+
},
|
107
|
+
{
|
108
|
+
"part": "filename",
|
109
|
+
"type": "regex",
|
110
|
+
"pattern": "\\A\\.?pgpass\\z",
|
111
|
+
"caption": "PostgreSQL password file",
|
112
|
+
"description": null
|
113
|
+
},
|
114
|
+
{
|
115
|
+
"part": "filename",
|
116
|
+
"type": "regex",
|
117
|
+
"pattern": "\\A\\.?irb_history\\z",
|
118
|
+
"caption": "Ruby IRB console history file",
|
119
|
+
"description": null
|
120
|
+
},
|
121
|
+
{
|
122
|
+
"part": "path",
|
123
|
+
"type": "regex",
|
124
|
+
"pattern": "\\.?purple\\/accounts\\.xml\\z",
|
125
|
+
"caption": "Pidgin chat client account configuration file",
|
126
|
+
"description": null
|
127
|
+
},
|
128
|
+
{
|
129
|
+
"part": "path",
|
130
|
+
"type": "regex",
|
131
|
+
"pattern": "\\.?xchat2?\\/servlist_?\\.conf\\z",
|
132
|
+
"caption": "Hexchat/XChat IRC client server list configuration file",
|
133
|
+
"description": null
|
134
|
+
},
|
135
|
+
{
|
136
|
+
"part": "path",
|
137
|
+
"type": "regex",
|
138
|
+
"pattern": "\\.?irssi\\/config\\z",
|
139
|
+
"caption": "Irssi IRC client configuration file",
|
140
|
+
"description": null
|
141
|
+
},
|
142
|
+
{
|
143
|
+
"part": "path",
|
144
|
+
"type": "regex",
|
145
|
+
"pattern": "\\.?recon-ng\\/keys\\.db\\z",
|
146
|
+
"caption": "Recon-ng web reconnaissance framework API key database",
|
147
|
+
"description": null
|
148
|
+
},
|
149
|
+
{
|
150
|
+
"part": "filename",
|
151
|
+
"type": "regex",
|
152
|
+
"pattern": "\\A\\.?dbeaver-data-sources.xml\\z",
|
153
|
+
"caption": "DBeaver SQL database manager configuration file",
|
154
|
+
"description": null
|
155
|
+
},
|
156
|
+
{
|
157
|
+
"part": "filename",
|
158
|
+
"type": "regex",
|
159
|
+
"pattern": "\\A\\.?muttrc\\z",
|
160
|
+
"caption": "Mutt e-mail client configuration file",
|
161
|
+
"description": null
|
162
|
+
},
|
163
|
+
{
|
164
|
+
"part": "filename",
|
165
|
+
"type": "regex",
|
166
|
+
"pattern": "\\A\\.?s3cfg\\z",
|
167
|
+
"caption": "S3cmd configuration file",
|
168
|
+
"description": null
|
169
|
+
},
|
170
|
+
{
|
171
|
+
"part": "path",
|
172
|
+
"type": "regex",
|
173
|
+
"pattern": "\\.?aws/credentials\\z",
|
174
|
+
"caption": "AWS CLI credentials file",
|
175
|
+
"description": null
|
176
|
+
},
|
177
|
+
{
|
178
|
+
"part": "filename",
|
179
|
+
"type": "regex",
|
180
|
+
"pattern": "\\A\\.?trc\\z",
|
181
|
+
"caption": "T command-line Twitter client configuration file",
|
182
|
+
"description": null
|
183
|
+
},
|
184
|
+
{
|
185
|
+
"part": "extension",
|
186
|
+
"type": "match",
|
187
|
+
"pattern": "ovpn",
|
188
|
+
"caption": "OpenVPN client configuration file",
|
189
|
+
"description": null
|
190
|
+
},
|
191
|
+
{
|
192
|
+
"part": "filename",
|
193
|
+
"type": "regex",
|
194
|
+
"pattern": "\\A\\.?gitrobrc\\z",
|
195
|
+
"caption": "Well, this is awkward... Gitrob configuration file",
|
196
|
+
"description": null
|
197
|
+
},
|
198
|
+
{
|
199
|
+
"part": "filename",
|
200
|
+
"type": "regex",
|
201
|
+
"pattern": "\\A\\.?(bash|zsh)rc\\z",
|
202
|
+
"caption": "Shell configuration file",
|
203
|
+
"description": "Shell configuration files might contain information such as server hostnames, passwords and API keys."
|
204
|
+
},
|
205
|
+
{
|
206
|
+
"part": "filename",
|
207
|
+
"type": "regex",
|
208
|
+
"pattern": "\\A\\.?(bash_|zsh_)?profile\\z",
|
209
|
+
"caption": "Shell profile configuration file",
|
210
|
+
"description": "Shell configuration files might contain information such as server hostnames, passwords and API keys."
|
211
|
+
},
|
212
|
+
{
|
213
|
+
"part": "filename",
|
214
|
+
"type": "regex",
|
215
|
+
"pattern": "\\A\\.?(bash_|zsh_)?aliases\\z",
|
216
|
+
"caption": "Shell command alias configuration file",
|
217
|
+
"description": "Shell configuration files might contain information such as server hostnames, passwords and API keys."
|
218
|
+
},
|
219
|
+
{
|
220
|
+
"part": "filename",
|
221
|
+
"type": "match",
|
222
|
+
"pattern": "secret_token.rb",
|
223
|
+
"caption": "Ruby On Rails secret token configuration file",
|
224
|
+
"description": "If the Rails secret token is known, it can allow for remote code execution. (http://www.exploit-db.com/exploits/27527/)"
|
225
|
+
},
|
226
|
+
{
|
227
|
+
"part": "filename",
|
228
|
+
"type": "match",
|
229
|
+
"pattern": "omniauth.rb",
|
230
|
+
"caption": "OmniAuth configuration file",
|
231
|
+
"description": "The OmniAuth configuration file might contain client application secrets."
|
232
|
+
},
|
233
|
+
{
|
234
|
+
"part": "filename",
|
235
|
+
"type": "match",
|
236
|
+
"pattern": "carrierwave.rb",
|
237
|
+
"caption": "Carrierwave configuration file",
|
238
|
+
"description": "Can contain credentials for online storage systems such as Amazon S3 and Google Storage."
|
239
|
+
},
|
240
|
+
{
|
241
|
+
"part": "filename",
|
242
|
+
"type": "match",
|
243
|
+
"pattern": "schema.rb",
|
244
|
+
"caption": "Ruby On Rails database schema file",
|
245
|
+
"description": "Contains information on the database schema of a Ruby On Rails application."
|
246
|
+
},
|
247
|
+
{
|
248
|
+
"part": "filename",
|
249
|
+
"type": "match",
|
250
|
+
"pattern": "database.yml",
|
251
|
+
"caption": "Potential Ruby On Rails database configuration file",
|
252
|
+
"description": "Might contain database credentials."
|
253
|
+
},
|
254
|
+
{
|
255
|
+
"part": "filename",
|
256
|
+
"type": "match",
|
257
|
+
"pattern": "settings.py",
|
258
|
+
"caption": "Django configuration file",
|
259
|
+
"description": "Might contain database credentials, online storage system credentials, secret keys, etc."
|
260
|
+
},
|
261
|
+
{
|
262
|
+
"part": "filename",
|
263
|
+
"type": "regex",
|
264
|
+
"pattern": "\\A(.*)?config(\\.inc)?\\.php\\z",
|
265
|
+
"caption": "PHP configuration file",
|
266
|
+
"description": "Might contain credentials and keys."
|
267
|
+
},
|
268
|
+
{
|
269
|
+
"part": "extension",
|
270
|
+
"type": "match",
|
271
|
+
"pattern": "kdb",
|
272
|
+
"caption": "KeePass password manager database file",
|
273
|
+
"description": null
|
274
|
+
},
|
275
|
+
{
|
276
|
+
"part": "extension",
|
277
|
+
"type": "match",
|
278
|
+
"pattern": "agilekeychain",
|
279
|
+
"caption": "1Password password manager database file",
|
280
|
+
"description": null
|
281
|
+
},
|
282
|
+
{
|
283
|
+
"part": "extension",
|
284
|
+
"type": "match",
|
285
|
+
"pattern": "keychain",
|
286
|
+
"caption": "Apple Keychain database file",
|
287
|
+
"description": null
|
288
|
+
},
|
289
|
+
{
|
290
|
+
"part": "extension",
|
291
|
+
"type": "regex",
|
292
|
+
"pattern": "\\Akey(store|ring)\\z",
|
293
|
+
"caption": "GNOME Keyring database file",
|
294
|
+
"description": null
|
295
|
+
},
|
296
|
+
{
|
297
|
+
"part": "extension",
|
298
|
+
"type": "match",
|
299
|
+
"pattern": "log",
|
300
|
+
"caption": "Log file",
|
301
|
+
"description": "Log files might contain information such as references to secret HTTP endpoints, session IDs, user information, passwords and API keys."
|
302
|
+
},
|
303
|
+
{
|
304
|
+
"part": "extension",
|
305
|
+
"type": "match",
|
306
|
+
"pattern": "pcap",
|
307
|
+
"caption": "Network traffic capture file",
|
308
|
+
"description": null
|
309
|
+
},
|
310
|
+
{
|
311
|
+
"part": "extension",
|
312
|
+
"type": "regex",
|
313
|
+
"pattern": "\\Asql(dump)?\\z",
|
314
|
+
"caption": "SQL dump file",
|
315
|
+
"description": null
|
316
|
+
},
|
317
|
+
{
|
318
|
+
"part": "extension",
|
319
|
+
"type": "match",
|
320
|
+
"pattern": "gnucash",
|
321
|
+
"caption": "GnuCash database file",
|
322
|
+
"description": null
|
323
|
+
},
|
324
|
+
{
|
325
|
+
"part": "filename",
|
326
|
+
"type": "regex",
|
327
|
+
"pattern": "backup",
|
328
|
+
"caption": "Contains word: backup",
|
329
|
+
"description": null
|
330
|
+
},
|
331
|
+
{
|
332
|
+
"part": "filename",
|
333
|
+
"type": "regex",
|
334
|
+
"pattern": "dump",
|
335
|
+
"caption": "Contains word: dump",
|
336
|
+
"description": null
|
337
|
+
},
|
338
|
+
{
|
339
|
+
"part": "filename",
|
340
|
+
"type": "regex",
|
341
|
+
"pattern": "password",
|
342
|
+
"caption": "Contains word: password",
|
343
|
+
"description": null
|
344
|
+
},
|
345
|
+
{
|
346
|
+
"part": "filename",
|
347
|
+
"type": "regex",
|
348
|
+
"pattern": "credential",
|
349
|
+
"caption": "Contains word: credential",
|
350
|
+
"description": null
|
351
|
+
},
|
352
|
+
{
|
353
|
+
"part": "filename",
|
354
|
+
"type": "regex",
|
355
|
+
"pattern": "secret",
|
356
|
+
"caption": "Contains word: secret",
|
357
|
+
"description": null
|
358
|
+
},
|
359
|
+
{
|
360
|
+
"part": "filename",
|
361
|
+
"type": "regex",
|
362
|
+
"pattern": "private.*key",
|
363
|
+
"caption": "Contains words: private, key",
|
364
|
+
"description": null
|
365
|
+
},
|
366
|
+
{
|
367
|
+
"part": "filename",
|
368
|
+
"type": "match",
|
369
|
+
"pattern": "jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml",
|
370
|
+
"caption": "Jenkins publish over SSH plugin file",
|
371
|
+
"description": null
|
372
|
+
},
|
373
|
+
{
|
374
|
+
"part": "filename",
|
375
|
+
"type": "match",
|
376
|
+
"pattern": "credentials.xml",
|
377
|
+
"caption": "Potential Jenkins credentials file",
|
378
|
+
"description": null
|
379
|
+
},
|
380
|
+
{
|
381
|
+
"part": "filename",
|
382
|
+
"type": "regex",
|
383
|
+
"pattern": "\\A\\.?htpasswd\\z",
|
384
|
+
"caption": "Apache htpasswd file",
|
385
|
+
"description": null
|
386
|
+
},
|
387
|
+
{
|
388
|
+
"part": "filename",
|
389
|
+
"type": "regex",
|
390
|
+
"pattern": "\\A(\\.|_)?netrc\\z",
|
391
|
+
"caption": "Configuration file for auto-login process",
|
392
|
+
"description": "Might contain username and password."
|
393
|
+
},
|
394
|
+
{
|
395
|
+
"part": "extension",
|
396
|
+
"type": "match",
|
397
|
+
"pattern": "kwallet",
|
398
|
+
"caption": "KDE Wallet Manager database file",
|
399
|
+
"description": null
|
400
|
+
},
|
401
|
+
{
|
402
|
+
"part": "filename",
|
403
|
+
"type": "match",
|
404
|
+
"pattern": "LocalSettings.php",
|
405
|
+
"caption": "Potential MediaWiki configuration file",
|
406
|
+
"description": null
|
407
|
+
},
|
408
|
+
{
|
409
|
+
"part": "extension",
|
410
|
+
"type": "match",
|
411
|
+
"pattern": "tblk",
|
412
|
+
"caption": "Tunnelblick VPN configuration file",
|
413
|
+
"description": null
|
414
|
+
},
|
415
|
+
{
|
416
|
+
"part": "path",
|
417
|
+
"type": "regex",
|
418
|
+
"pattern": "\\.?gem/credentials\\z",
|
419
|
+
"caption": "Rubygems credentials file",
|
420
|
+
"description": "Might contain API key for a rubygems.org account."
|
421
|
+
},
|
422
|
+
{
|
423
|
+
"part": "filename",
|
424
|
+
"type": "regex",
|
425
|
+
"pattern": "\\A*\\.pubxml(\\.user)?\\z",
|
426
|
+
"caption": "Potential MSBuild publish profile",
|
427
|
+
"description": null
|
428
|
+
},
|
429
|
+
{
|
430
|
+
"part": "filename",
|
431
|
+
"type": "match",
|
432
|
+
"pattern": "Favorites.plist",
|
433
|
+
"caption": "Sequel Pro MySQL database manager bookmark file",
|
434
|
+
"description": null
|
435
|
+
},
|
436
|
+
{
|
437
|
+
"part": "filename",
|
438
|
+
"type": "match",
|
439
|
+
"pattern": "configuration.user.xpl",
|
440
|
+
"caption": "Little Snitch firewall configuration file",
|
441
|
+
"description": "Contains traffic rules for applications"
|
442
|
+
},
|
443
|
+
{
|
444
|
+
"part": "extension",
|
445
|
+
"type": "match",
|
446
|
+
"pattern": "dayone",
|
447
|
+
"caption": "Day One journal file",
|
448
|
+
"description": null
|
449
|
+
},
|
450
|
+
{
|
451
|
+
"part": "filename",
|
452
|
+
"type": "match",
|
453
|
+
"pattern": "journal.txt",
|
454
|
+
"caption": "Potential jrnl journal file",
|
455
|
+
"description": null
|
456
|
+
},
|
457
|
+
{
|
458
|
+
"part": "filename",
|
459
|
+
"type": "regex",
|
460
|
+
"pattern": "\\A\\.?tugboat\\z",
|
461
|
+
"caption": "Tugboat DigitalOcean management tool configuration",
|
462
|
+
"description": null
|
463
|
+
},
|
464
|
+
{
|
465
|
+
"part": "filename",
|
466
|
+
"type": "regex",
|
467
|
+
"pattern": "\\A\\.?git-credentials\\z",
|
468
|
+
"caption": "git-credential-store helper credentials file",
|
469
|
+
"description": null
|
470
|
+
},
|
471
|
+
{
|
472
|
+
"part": "filename",
|
473
|
+
"type": "regex",
|
474
|
+
"pattern": "\\A\\.?gitconfig\\z",
|
475
|
+
"caption": "Git configuration file",
|
476
|
+
"description": null
|
477
|
+
},
|
478
|
+
{
|
479
|
+
"part": "filename",
|
480
|
+
"type": "match",
|
481
|
+
"pattern": "knife.rb",
|
482
|
+
"caption": "Chef Knife configuration file",
|
483
|
+
"description": "Might contain references to Chef servers"
|
484
|
+
},
|
485
|
+
{
|
486
|
+
"part": "path",
|
487
|
+
"type": "regex",
|
488
|
+
"pattern": "\\.?chef/(.*)\\.pem\\z",
|
489
|
+
"caption": "Chef private key",
|
490
|
+
"description": "Can be used to authenticate against Chef servers"
|
491
|
+
},
|
492
|
+
{
|
493
|
+
"part": "filename",
|
494
|
+
"type": "match",
|
495
|
+
"pattern": "proftpdpasswd",
|
496
|
+
"caption": "cPanel backup ProFTPd credentials file",
|
497
|
+
"description": "Contains usernames and password hashes for FTP accounts"
|
498
|
+
},
|
499
|
+
{
|
500
|
+
"part": "filename",
|
501
|
+
"type": "match",
|
502
|
+
"pattern": "robomongo.json",
|
503
|
+
"caption": "Robomongo MongoDB manager configuration file",
|
504
|
+
"description": "Might contain credentials for MongoDB databases"
|
505
|
+
},
|
506
|
+
{
|
507
|
+
"part": "filename",
|
508
|
+
"type": "match",
|
509
|
+
"pattern": "filezilla.xml",
|
510
|
+
"caption": "FileZilla FTP configuration file",
|
511
|
+
"description": "Might contain credentials for FTP servers"
|
512
|
+
},
|
513
|
+
{
|
514
|
+
"part": "filename",
|
515
|
+
"type": "match",
|
516
|
+
"pattern": "recentservers.xml",
|
517
|
+
"caption": "FileZilla FTP recent servers file",
|
518
|
+
"description": "Might contain credentials for FTP servers"
|
519
|
+
},
|
520
|
+
{
|
521
|
+
"part": "filename",
|
522
|
+
"type": "match",
|
523
|
+
"pattern": "ventrilo_srv.ini",
|
524
|
+
"caption": "Ventrilo server configuration file",
|
525
|
+
"description": "Might contain passwords"
|
526
|
+
},
|
527
|
+
{
|
528
|
+
"part": "filename",
|
529
|
+
"type": "regex",
|
530
|
+
"pattern": "\\A\\.?dockercfg\\z",
|
531
|
+
"caption": "Docker configuration file",
|
532
|
+
"description": "Might contain credentials for public or private Docker registries"
|
533
|
+
},
|
534
|
+
{
|
535
|
+
"part": "filename",
|
536
|
+
"type": "regex",
|
537
|
+
"pattern": "\\A\\.?npmrc\\z",
|
538
|
+
"caption": "NPM configuration file",
|
539
|
+
"description": "Might contain credentials for NPM registries"
|
540
|
+
}
|
541
|
+
]
|
@@ -0,0 +1,57 @@
|
|
1
|
+
<table class="table assessments" id="assessments_table" data-refresh-endpoint="/assessments/_table">
|
2
|
+
<thead>
|
3
|
+
<tr>
|
4
|
+
<th></th>
|
5
|
+
<th>Date</th>
|
6
|
+
<th>Repositories</th>
|
7
|
+
<th>Files</th>
|
8
|
+
<th>Findings</th>
|
9
|
+
<th></th>
|
10
|
+
</tr>
|
11
|
+
</thead>
|
12
|
+
<% @assessments.each do |assessment| %>
|
13
|
+
<% if !assessment.finished %>
|
14
|
+
<tr class="assessment-row unfinished">
|
15
|
+
<% else %>
|
16
|
+
<tr class="assessment-row">
|
17
|
+
<% end %>
|
18
|
+
<td class="owners" data-href="/assessments/<%=h assessment.id %>/findings">
|
19
|
+
<% if assessment.owners.count.zero? %>
|
20
|
+
...
|
21
|
+
<% else %>
|
22
|
+
<% assessment.owners_dataset.limit(10).order(:type).each do |owner| %>
|
23
|
+
<img src="<%=h owner.avatar_url %>" width="30" height="30" alt="<%=h owner.login %>" title="<%=h owner.login %>" class="img-rounded" data-toggle="tooltip" data-placement="bottom" />
|
24
|
+
<% end %>
|
25
|
+
<% if assessment.owners_count > 10 %>
|
26
|
+
<small>and <%= assessment.owners_count - 10 %> more</small>
|
27
|
+
<% end %>
|
28
|
+
<% end %>
|
29
|
+
</td>
|
30
|
+
<td><%=h assessment.created_at.strftime("%Y-%m-%d %H:%M") %></td>
|
31
|
+
<td>
|
32
|
+
<% if !assessment.finished %>
|
33
|
+
<img src="/images/gear_spinner.gif" alt="In progress..." title="In progress..." data-toggle="tooltip" data-placement="bottom" />
|
34
|
+
<% else %>
|
35
|
+
<%=h assessment.repositories_count %>
|
36
|
+
<% end %>
|
37
|
+
</td>
|
38
|
+
<td>
|
39
|
+
<% if !assessment.finished %>
|
40
|
+
<img src="/images/gear_spinner.gif" alt="In progress..." title="In progress..." data-toggle="tooltip" data-placement="bottom" />
|
41
|
+
<% else %>
|
42
|
+
<%=h assessment.blobs_count %>
|
43
|
+
<% end %>
|
44
|
+
</td>
|
45
|
+
<td>
|
46
|
+
<% if !assessment.finished %>
|
47
|
+
<img src="/images/gear_spinner.gif" alt="In progress..." title="In progress..." data-toggle="tooltip" data-placement="bottom" />
|
48
|
+
<% else %>
|
49
|
+
<%=h assessment.findings_count %>
|
50
|
+
<% end %>
|
51
|
+
</td>
|
52
|
+
<td>
|
53
|
+
<a class="btn btn-default btn-xs glyphicon glyphicon-trash delete-assessment" title="Delete assessment" data-toggle="tooltip" data-placement="bottom" href="#" data-assessment-id="<%=h assessment.id %>"></a>
|
54
|
+
</td>
|
55
|
+
</tr>
|
56
|
+
<% end %>
|
57
|
+
</table>
|
@@ -0,0 +1,38 @@
|
|
1
|
+
<% if @assessments.count.zero? %>
|
2
|
+
<div class="alert alert-danger" role="alert">
|
3
|
+
<strong>There are currently no comparable assessments.</strong>
|
4
|
+
<p>Assessments need to have at least one user in common to be comparable.</p>
|
5
|
+
</div>
|
6
|
+
<% else %>
|
7
|
+
<table class="table assessments comparable-assessments" id="assessments_table">
|
8
|
+
<thead>
|
9
|
+
<tr>
|
10
|
+
<th></th>
|
11
|
+
<th>Date</th>
|
12
|
+
<th>Repositories</th>
|
13
|
+
<th>Files</th>
|
14
|
+
<th>Findings</th>
|
15
|
+
<th></th>
|
16
|
+
</tr>
|
17
|
+
</thead>
|
18
|
+
<tbody>
|
19
|
+
<% @assessments.each do |assessment| %>
|
20
|
+
<tr class="assessment-row">
|
21
|
+
<td class="owners" data-href="/assessments/<%=h assessment.id %>">
|
22
|
+
<% assessment.owners_dataset.limit(10).order(:type).each do |owner| %>
|
23
|
+
<img src="<%=h owner.avatar_url %>" width="30" height="30" alt="<%=h owner.login %>" title="<%=h owner.login %>" class="img-rounded" data-toggle="tooltip" data-placement="bottom" />
|
24
|
+
<% end %>
|
25
|
+
<% if assessment.owners_count > 10 %>
|
26
|
+
<small>and <%= assessment.owners_count - 10 %> more</small>
|
27
|
+
<% end %>
|
28
|
+
</td>
|
29
|
+
<td><%=h assessment.created_at.strftime("%Y-%m-%d %H:%M") %></td>
|
30
|
+
<td><%=h assessment.repositories_count %></td>
|
31
|
+
<td><%=h assessment.blobs_count %></td>
|
32
|
+
<td><%=h assessment.findings_count %></td>
|
33
|
+
<td><button data-assessment-id="<%=h @assessment.id %>" data-other-assessment-id="<%=h assessment.id %>" class="btn btn-primary btn-success compare-assessments"><span class="glyphicon glyphicon-eye-open"></span> Compare</button></td>
|
34
|
+
</tr>
|
35
|
+
<% end %>
|
36
|
+
</tbody>
|
37
|
+
</table>
|
38
|
+
<% end %>
|