gitrob 1.0.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/README.md +35 -2
- data/lib/gitrob/blob_observer.rb +38 -10
- data/lib/gitrob/cli/commands/analyze.rb +9 -0
- data/lib/gitrob/version.rb +1 -1
- data/signatures.json +14 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5ad1363305b13ddc14f0f3925d2f0186a49afb14
|
4
|
+
data.tar.gz: ad49ab2e0e2383f7f37672f04ddd83aa27fdc2d0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1c36118753c8cb59074a0ce9ff823b53864fc2c7931941484783bf3f6e512dc4d24e869c9e6ef1726f21aae3819e2f6fd98dcd1ab7f9c0b38062f760ca1f036f
|
7
|
+
data.tar.gz: 5c9a28a3d1ae91a23b820827fb0a385a69c4ba77f35fb885591229938e69bc460c7c0787b3afc819611cdb079bc1d03c437f9e6c703c05c55ac06c1da0d2c4fc
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,15 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
|
5
5
|
## [Unreleased]
|
6
6
|
|
7
|
+
## [1.1.0]
|
8
|
+
### Added
|
9
|
+
- Ability to define custom signatures in `~/.gitrobsignatures`
|
10
|
+
|
11
|
+
### New signatures
|
12
|
+
- Terraform variable configuration files (`filename == "terraform.tfvars"`)
|
13
|
+
Thanks to [Alfonso Cabrera](https://github.com/alfonso-cabrera)
|
14
|
+
- Environment configuration files (`filename =~ /\A\.?env\z/`)
|
15
|
+
|
7
16
|
## [1.0.1]
|
8
17
|
### Fixed
|
9
18
|
- The `--verify-ssl` command option did not properly set SSL configuration
|
data/README.md
CHANGED
@@ -70,7 +70,7 @@ See `gitrob help analyze` for more options.
|
|
70
70
|
|
71
71
|
Gitrob can analyze organizations and users on custom GitHub Enterprise installations instead of the official GitHub site. The `analyze` command takes several options to control this:
|
72
72
|
|
73
|
-
gitrob analyze johndoe --site=https://github.acme.com --endpoint=https://github.acme.com/api --access-tokens=token1,token2
|
73
|
+
gitrob analyze johndoe --site=https://github.acme.com --endpoint=https://github.acme.com/api/v3 --access-tokens=token1,token2
|
74
74
|
|
75
75
|
See `gitrob help analyze` for more options.
|
76
76
|
|
@@ -86,7 +86,40 @@ By default, the server will listen on [localhost:9393](http://localhost:9393). T
|
|
86
86
|
|
87
87
|
See `gitrob help server` for more options.
|
88
88
|
|
89
|
-
###
|
89
|
+
### Adding custom signatures
|
90
|
+
|
91
|
+
If you want to look for files that are specific to your organisation or projects, it is easy to add custom signatures.
|
92
|
+
|
93
|
+
When Gitrob starts it looks for a file at `~/.gitrobsignatures` which it expects to be a JSON document with signatures that follow the same structure as the main [signatures.json](signatures.json) file. Here is an example:
|
94
|
+
|
95
|
+
[
|
96
|
+
{
|
97
|
+
"part": "filename",
|
98
|
+
"type": "match",
|
99
|
+
"pattern": "otr.private_key",
|
100
|
+
"caption": "Pidgin OTR private key",
|
101
|
+
"description": null
|
102
|
+
}
|
103
|
+
]
|
104
|
+
|
105
|
+
This signature instructs Gitrob to flag files where the filename exactly matches `otr.private_key`. The caption and description are used in the web interface when displaying the findings.
|
106
|
+
|
107
|
+
#### Signature keys
|
108
|
+
|
109
|
+
* `part`: Can be one of:
|
110
|
+
* `path`: The complete file path
|
111
|
+
* `filename`: Only the filename
|
112
|
+
* `extension`: Only the file extension
|
113
|
+
* `type`: Can be one of:
|
114
|
+
* `match`: Simple match of part and pattern
|
115
|
+
* `regex`: Regular expression matching of part and pattern
|
116
|
+
* `pattern`: The value or regular expression to match with
|
117
|
+
* `caption`: A short description of the finding
|
118
|
+
* `description`: More detailed description if needed (set to `null` if not).
|
119
|
+
|
120
|
+
Have a look at the main [signatures.json](signatures.json) file for more examples of signatures.
|
121
|
+
|
122
|
+
**If you think other people can benefit from your custom signatures, please consider contributing them back to the Gitrob project by opening a Pull Request or an Issue. Thanks!**
|
90
123
|
|
91
124
|
## Development
|
92
125
|
|
data/lib/gitrob/blob_observer.rb
CHANGED
@@ -2,6 +2,8 @@ module Gitrob
|
|
2
2
|
class BlobObserver
|
3
3
|
SIGNATURES_FILE_PATH = File.expand_path(
|
4
4
|
"../../../signatures.json", __FILE__)
|
5
|
+
CUSTOM_SIGNATURES_FILE_PATH = File.join(
|
6
|
+
Dir.home, ".gitrobsignatures")
|
5
7
|
|
6
8
|
REQUIRED_SIGNATURE_KEYS = %w(part type pattern caption description)
|
7
9
|
ALLOWED_TYPES = %w(regex match)
|
@@ -30,23 +32,49 @@ module Gitrob
|
|
30
32
|
|
31
33
|
def self.load_signatures!
|
32
34
|
@signatures = []
|
33
|
-
JSON.load(File.read(SIGNATURES_FILE_PATH))
|
35
|
+
signatures = JSON.load(File.read(SIGNATURES_FILE_PATH))
|
36
|
+
validate_signatures!(signatures)
|
37
|
+
signatures.each_with_index do |signature|
|
34
38
|
@signatures << Signature.new(signature)
|
35
39
|
end
|
36
|
-
validate_signatures!
|
37
40
|
rescue CorruptSignaturesError => e
|
38
41
|
raise e
|
39
42
|
rescue
|
40
43
|
raise CorruptSignaturesError, "Could not parse signature file"
|
41
44
|
end
|
42
45
|
|
43
|
-
def self.
|
46
|
+
def self.unload_signatures
|
47
|
+
@signatures = []
|
48
|
+
end
|
49
|
+
|
50
|
+
def self.custom_signatures?
|
51
|
+
File.exist?(CUSTOM_SIGNATURES_FILE_PATH)
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.load_custom_signatures!
|
55
|
+
signatures = JSON.load(File.read(CUSTOM_SIGNATURES_FILE_PATH))
|
56
|
+
validate_signatures!(signatures)
|
57
|
+
signatures.each do |signature|
|
58
|
+
@signatures << Signature.new(signature)
|
59
|
+
end
|
60
|
+
rescue CorruptSignaturesError => e
|
61
|
+
raise e
|
62
|
+
rescue
|
63
|
+
raise CorruptSignaturesError, "Could not parse signature file"
|
64
|
+
end
|
65
|
+
|
66
|
+
def self.validate_signatures!(signatures)
|
44
67
|
if !signatures.is_a?(Array) || signatures.empty?
|
45
68
|
fail CorruptSignaturesError,
|
46
69
|
"Signature file contains no signatures"
|
47
70
|
end
|
48
|
-
signatures.
|
49
|
-
|
71
|
+
signatures.each_with_index do |signature, index|
|
72
|
+
begin
|
73
|
+
validate_signature!(signature)
|
74
|
+
rescue CorruptSignaturesError => e
|
75
|
+
raise CorruptSignaturesError,
|
76
|
+
"Validation failed for Signature ##{index + 1}: #{e.message}"
|
77
|
+
end
|
50
78
|
end
|
51
79
|
end
|
52
80
|
|
@@ -58,7 +86,7 @@ module Gitrob
|
|
58
86
|
|
59
87
|
def self.validate_signature_keys!(signature)
|
60
88
|
REQUIRED_SIGNATURE_KEYS.each do |key|
|
61
|
-
unless signature.
|
89
|
+
unless signature.key?(key)
|
62
90
|
fail CorruptSignaturesError,
|
63
91
|
"Missing required signature key: #{key}"
|
64
92
|
end
|
@@ -66,16 +94,16 @@ module Gitrob
|
|
66
94
|
end
|
67
95
|
|
68
96
|
def self.validate_signature_type!(signature)
|
69
|
-
unless ALLOWED_TYPES.include?(signature
|
97
|
+
unless ALLOWED_TYPES.include?(signature["type"])
|
70
98
|
fail CorruptSignaturesError,
|
71
|
-
"Invalid signature type: #{signature
|
99
|
+
"Invalid signature type: #{signature['type']}"
|
72
100
|
end
|
73
101
|
end
|
74
102
|
|
75
103
|
def self.validate_signature_part!(signature)
|
76
|
-
unless ALLOWED_PARTS.include?(signature
|
104
|
+
unless ALLOWED_PARTS.include?(signature["part"])
|
77
105
|
fail CorruptSignaturesError,
|
78
|
-
"Invalid signature part: #{signature
|
106
|
+
"Invalid signature part: #{signature['part']}"
|
79
107
|
end
|
80
108
|
end
|
81
109
|
|
@@ -40,6 +40,15 @@ module Gitrob
|
|
40
40
|
task("Loading signatures...", true) do
|
41
41
|
Gitrob::BlobObserver.load_signatures!
|
42
42
|
end
|
43
|
+
|
44
|
+
if Gitrob::BlobObserver.custom_signatures?
|
45
|
+
task("Loading custom signatures...", true) do
|
46
|
+
Gitrob::BlobObserver.load_custom_signatures!
|
47
|
+
end
|
48
|
+
info("Please consider contributing your custom signatures to the " \
|
49
|
+
"Gitrob project.")
|
50
|
+
end
|
51
|
+
info("Loaded #{Gitrob::BlobObserver.signatures.count} signatures")
|
43
52
|
end
|
44
53
|
|
45
54
|
def start_web_server
|
data/lib/gitrob/version.rb
CHANGED
data/signatures.json
CHANGED
@@ -537,5 +537,19 @@
|
|
537
537
|
"pattern": "\\A\\.?npmrc\\z",
|
538
538
|
"caption": "NPM configuration file",
|
539
539
|
"description": "Might contain credentials for NPM registries"
|
540
|
+
},
|
541
|
+
{
|
542
|
+
"part": "filename",
|
543
|
+
"type": "match",
|
544
|
+
"pattern": "terraform.tfvars",
|
545
|
+
"caption": "Terraform variable config file",
|
546
|
+
"description": "Might contain credentials for terraform providers"
|
547
|
+
},
|
548
|
+
{
|
549
|
+
"part": "filename",
|
550
|
+
"type": "regex",
|
551
|
+
"pattern": "\\A\\.?env\\z",
|
552
|
+
"caption": "Environment configuration file",
|
553
|
+
"description": null
|
540
554
|
}
|
541
555
|
]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gitrob
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Henriksen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-04-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|