gitrob 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0171119bcd3912ad9ee1967af3c23ac9d5b901e5
4
- data.tar.gz: 5626794c851de7b3ab38489bebf25338faa8d215
3
+ metadata.gz: 5ad1363305b13ddc14f0f3925d2f0186a49afb14
4
+ data.tar.gz: ad49ab2e0e2383f7f37672f04ddd83aa27fdc2d0
5
5
  SHA512:
6
- metadata.gz: 4bb217ad1504c7abc823684cb49cc001812e61b415e4a1a33a4c1bf74e922aa411fc568b6962e3f360f32102acfec33dcb688b79ae6e88a3f951b690915ae53a
7
- data.tar.gz: 27d602e2e9df9bcfb7960faab9ac4ee1f0adac237d9d70302df5ba08a665d59c3ca82c52473b3a5ef682c6358eb948e14e0d99dcb0288cd7da23a09bb5dfeed2
6
+ metadata.gz: 1c36118753c8cb59074a0ce9ff823b53864fc2c7931941484783bf3f6e512dc4d24e869c9e6ef1726f21aae3819e2f6fd98dcd1ab7f9c0b38062f760ca1f036f
7
+ data.tar.gz: 5c9a28a3d1ae91a23b820827fb0a385a69c4ba77f35fb885591229938e69bc460c7c0787b3afc819611cdb079bc1d03c437f9e6c703c05c55ac06c1da0d2c4fc
@@ -4,6 +4,15 @@ This project adheres to [Semantic Versioning](http://semver.org/).
4
4
 
5
5
  ## [Unreleased]
6
6
 
7
+ ## [1.1.0]
8
+ ### Added
9
+ - Ability to define custom signatures in `~/.gitrobsignatures`
10
+
11
+ ### New signatures
12
+ - Terraform variable configuration files (`filename == "terraform.tfvars"`)
13
+ Thanks to [Alfonso Cabrera](https://github.com/alfonso-cabrera)
14
+ - Environment configuration files (`filename =~ /\A\.?env\z/`)
15
+
7
16
  ## [1.0.1]
8
17
  ### Fixed
9
18
  - The `--verify-ssl` command option did not properly set SSL configuration
data/README.md CHANGED
@@ -70,7 +70,7 @@ See `gitrob help analyze` for more options.
70
70
 
71
71
  Gitrob can analyze organizations and users on custom GitHub Enterprise installations instead of the official GitHub site. The `analyze` command takes several options to control this:
72
72
 
73
- gitrob analyze johndoe --site=https://github.acme.com --endpoint=https://github.acme.com/api --access-tokens=token1,token2
73
+ gitrob analyze johndoe --site=https://github.acme.com --endpoint=https://github.acme.com/api/v3 --access-tokens=token1,token2
74
74
 
75
75
  See `gitrob help analyze` for more options.
76
76
 
@@ -86,7 +86,40 @@ By default, the server will listen on [localhost:9393](http://localhost:9393). T
86
86
 
87
87
  See `gitrob help server` for more options.
88
88
 
89
- ### Starting the web server
89
+ ### Adding custom signatures
90
+
91
+ If you want to look for files that are specific to your organisation or projects, it is easy to add custom signatures.
92
+
93
+ When Gitrob starts it looks for a file at `~/.gitrobsignatures` which it expects to be a JSON document with signatures that follow the same structure as the main [signatures.json](signatures.json) file. Here is an example:
94
+
95
+ [
96
+ {
97
+ "part": "filename",
98
+ "type": "match",
99
+ "pattern": "otr.private_key",
100
+ "caption": "Pidgin OTR private key",
101
+ "description": null
102
+ }
103
+ ]
104
+
105
+ This signature instructs Gitrob to flag files where the filename exactly matches `otr.private_key`. The caption and description are used in the web interface when displaying the findings.
106
+
107
+ #### Signature keys
108
+
109
+ * `part`: Can be one of:
110
+ * `path`: The complete file path
111
+ * `filename`: Only the filename
112
+ * `extension`: Only the file extension
113
+ * `type`: Can be one of:
114
+ * `match`: Simple match of part and pattern
115
+ * `regex`: Regular expression matching of part and pattern
116
+ * `pattern`: The value or regular expression to match with
117
+ * `caption`: A short description of the finding
118
+ * `description`: More detailed description if needed (set to `null` if not).
119
+
120
+ Have a look at the main [signatures.json](signatures.json) file for more examples of signatures.
121
+
122
+ **If you think other people can benefit from your custom signatures, please consider contributing them back to the Gitrob project by opening a Pull Request or an Issue. Thanks!**
90
123
 
91
124
  ## Development
92
125
 
@@ -2,6 +2,8 @@ module Gitrob
2
2
  class BlobObserver
3
3
  SIGNATURES_FILE_PATH = File.expand_path(
4
4
  "../../../signatures.json", __FILE__)
5
+ CUSTOM_SIGNATURES_FILE_PATH = File.join(
6
+ Dir.home, ".gitrobsignatures")
5
7
 
6
8
  REQUIRED_SIGNATURE_KEYS = %w(part type pattern caption description)
7
9
  ALLOWED_TYPES = %w(regex match)
@@ -30,23 +32,49 @@ module Gitrob
30
32
 
31
33
  def self.load_signatures!
32
34
  @signatures = []
33
- JSON.load(File.read(SIGNATURES_FILE_PATH)).each do |signature|
35
+ signatures = JSON.load(File.read(SIGNATURES_FILE_PATH))
36
+ validate_signatures!(signatures)
37
+ signatures.each_with_index do |signature|
34
38
  @signatures << Signature.new(signature)
35
39
  end
36
- validate_signatures!
37
40
  rescue CorruptSignaturesError => e
38
41
  raise e
39
42
  rescue
40
43
  raise CorruptSignaturesError, "Could not parse signature file"
41
44
  end
42
45
 
43
- def self.validate_signatures!
46
+ def self.unload_signatures
47
+ @signatures = []
48
+ end
49
+
50
+ def self.custom_signatures?
51
+ File.exist?(CUSTOM_SIGNATURES_FILE_PATH)
52
+ end
53
+
54
+ def self.load_custom_signatures!
55
+ signatures = JSON.load(File.read(CUSTOM_SIGNATURES_FILE_PATH))
56
+ validate_signatures!(signatures)
57
+ signatures.each do |signature|
58
+ @signatures << Signature.new(signature)
59
+ end
60
+ rescue CorruptSignaturesError => e
61
+ raise e
62
+ rescue
63
+ raise CorruptSignaturesError, "Could not parse signature file"
64
+ end
65
+
66
+ def self.validate_signatures!(signatures)
44
67
  if !signatures.is_a?(Array) || signatures.empty?
45
68
  fail CorruptSignaturesError,
46
69
  "Signature file contains no signatures"
47
70
  end
48
- signatures.each do |signature|
49
- validate_signature!(signature)
71
+ signatures.each_with_index do |signature, index|
72
+ begin
73
+ validate_signature!(signature)
74
+ rescue CorruptSignaturesError => e
75
+ raise CorruptSignaturesError,
76
+ "Validation failed for Signature ##{index + 1}: #{e.message}"
77
+ end
50
78
  end
51
79
  end
52
80
 
@@ -58,7 +86,7 @@ module Gitrob
58
86
 
59
87
  def self.validate_signature_keys!(signature)
60
88
  REQUIRED_SIGNATURE_KEYS.each do |key|
61
- unless signature.respond_to?(key)
89
+ unless signature.key?(key)
62
90
  fail CorruptSignaturesError,
63
91
  "Missing required signature key: #{key}"
64
92
  end
@@ -66,16 +94,16 @@ module Gitrob
66
94
  end
67
95
 
68
96
  def self.validate_signature_type!(signature)
69
- unless ALLOWED_TYPES.include?(signature.type)
97
+ unless ALLOWED_TYPES.include?(signature["type"])
70
98
  fail CorruptSignaturesError,
71
- "Invalid signature type: #{signature.type}"
99
+ "Invalid signature type: #{signature['type']}"
72
100
  end
73
101
  end
74
102
 
75
103
  def self.validate_signature_part!(signature)
76
- unless ALLOWED_PARTS.include?(signature.part)
104
+ unless ALLOWED_PARTS.include?(signature["part"])
77
105
  fail CorruptSignaturesError,
78
- "Invalid signature part: #{signature.part}"
106
+ "Invalid signature part: #{signature['part']}"
79
107
  end
80
108
  end
81
109
 
@@ -40,6 +40,15 @@ module Gitrob
40
40
  task("Loading signatures...", true) do
41
41
  Gitrob::BlobObserver.load_signatures!
42
42
  end
43
+
44
+ if Gitrob::BlobObserver.custom_signatures?
45
+ task("Loading custom signatures...", true) do
46
+ Gitrob::BlobObserver.load_custom_signatures!
47
+ end
48
+ info("Please consider contributing your custom signatures to the " \
49
+ "Gitrob project.")
50
+ end
51
+ info("Loaded #{Gitrob::BlobObserver.signatures.count} signatures")
43
52
  end
44
53
 
45
54
  def start_web_server
@@ -1,3 +1,3 @@
1
1
  module Gitrob
2
- VERSION = "1.0.1"
2
+ VERSION = "1.1.0"
3
3
  end
@@ -537,5 +537,19 @@
537
537
  "pattern": "\\A\\.?npmrc\\z",
538
538
  "caption": "NPM configuration file",
539
539
  "description": "Might contain credentials for NPM registries"
540
+ },
541
+ {
542
+ "part": "filename",
543
+ "type": "match",
544
+ "pattern": "terraform.tfvars",
545
+ "caption": "Terraform variable config file",
546
+ "description": "Might contain credentials for terraform providers"
547
+ },
548
+ {
549
+ "part": "filename",
550
+ "type": "regex",
551
+ "pattern": "\\A\\.?env\\z",
552
+ "caption": "Environment configuration file",
553
+ "description": null
540
554
  }
541
555
  ]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitrob
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Henriksen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-03-24 00:00:00.000000000 Z
11
+ date: 2016-04-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor