gitrob 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/bin/gitrob +4 -0
- data/lib/gitrob/version.rb +1 -1
- data/patterns.json +48 -6
- data/spec/lib/gitrob/observers/sensitive_files_spec.rb +61 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 81f068944463add65ad8508310610cba768c41bd
|
4
|
+
data.tar.gz: c5f00cff14c11e36f8a2335e471b897a8317a08e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7e2397c9c5d6a4ae6aa1f5f87ebb145202eb8549f3182baa8f3b3b1a4bc81d587d2d590b2b2d990cfd63d20dbee0d0291d979c52f06e0dbbade31b88696ff14d
|
7
|
+
data.tar.gz: c171532f79547e5a9822123f96973a21b35c4e332ccbfcdbbe7041778853cbfbbe8540954f0048b1937dfb1a123f78362af4ba603f90fa2349f72f4db64cdae1
|
data/README.md
CHANGED
@@ -20,7 +20,7 @@ All of the members, repositories and files will be saved to a PostgreSQL databas
|
|
20
20
|
|
21
21
|
## Installation
|
22
22
|
|
23
|
-
Gitrob is written in Ruby and requires at least version 1.9.3 or above. If you are on an older version, it is very easy to install newer versions with [RVM](http://rvm.io/). If you are installing Gitrob on [Kali](http://www.kali.org/), you are almost good to go, you just need to update Bundler with `gem install bundler
|
23
|
+
Gitrob is written in Ruby and requires at least version 1.9.3 or above, except for version 2.2.0 which is currently not compatible. If you are on an older version, it is very easy to install newer versions with [RVM](http://rvm.io/). If you are installing Gitrob on [Kali](http://www.kali.org/), you are almost good to go, you just need to update Bundler with `gem install bundler`. It might also be necessary to install a PostgreSQL dependency with `apt-get install postgresql-server-dev-9.1` in a terminal.
|
24
24
|
|
25
25
|
Gitrob is a Ruby gem, so installation is a simple `gem install gitrob` in a terminal. This will automatically install all the code dependencies as well.
|
26
26
|
|
data/bin/gitrob
CHANGED
@@ -242,6 +242,10 @@ class App
|
|
242
242
|
on('--no-banner', "Don't print Gitrob banner")
|
243
243
|
|
244
244
|
begin
|
245
|
+
if ARGV.empty?
|
246
|
+
Gitrob::fatal("No options given; see gitrob --help for options.")
|
247
|
+
end
|
248
|
+
|
245
249
|
go!
|
246
250
|
rescue Gitrob::Github::HttpClient::MissingAccessTokensError
|
247
251
|
Gitrob::fatal("Configuration file does not contain any GitHub access tokens. Run Gitrob with --configure flag to set it up.")
|
data/lib/gitrob/version.rb
CHANGED
data/patterns.json
CHANGED
@@ -1,22 +1,29 @@
|
|
1
1
|
[
|
2
2
|
{
|
3
3
|
"part": "filename",
|
4
|
-
"type": "
|
5
|
-
"pattern": "
|
4
|
+
"type": "regex",
|
5
|
+
"pattern": "\\A.*_rsa\\z",
|
6
6
|
"caption": "Private SSH key",
|
7
7
|
"description": null
|
8
8
|
},
|
9
9
|
{
|
10
10
|
"part": "filename",
|
11
|
-
"type": "
|
12
|
-
"pattern": "
|
11
|
+
"type": "regex",
|
12
|
+
"pattern": "\\A.*_dsa\\z",
|
13
13
|
"caption": "Private SSH key",
|
14
14
|
"description": null
|
15
15
|
},
|
16
16
|
{
|
17
17
|
"part": "filename",
|
18
|
-
"type": "
|
19
|
-
"pattern": "
|
18
|
+
"type": "regex",
|
19
|
+
"pattern": "\\A.*_ed25519\\z",
|
20
|
+
"caption": "Private SSH key",
|
21
|
+
"description": null
|
22
|
+
},
|
23
|
+
{
|
24
|
+
"part": "filename",
|
25
|
+
"type": "regex",
|
26
|
+
"pattern": "\\A.*_ecdsa\\z",
|
20
27
|
"caption": "Private SSH key",
|
21
28
|
"description": null
|
22
29
|
},
|
@@ -223,6 +230,20 @@
|
|
223
230
|
"caption": "Potential Ruby On Rails database configuration file",
|
224
231
|
"description": "Might contain database credentials."
|
225
232
|
},
|
233
|
+
{
|
234
|
+
"part": "filename",
|
235
|
+
"type": "match",
|
236
|
+
"pattern": "settings.py",
|
237
|
+
"caption": "Django configuration file",
|
238
|
+
"description": "Might contain database credentials, online storage system credentials, secret keys, etc."
|
239
|
+
},
|
240
|
+
{
|
241
|
+
"part": "filename",
|
242
|
+
"type": "regex",
|
243
|
+
"pattern": "\\A(.*)?config(\\.inc)?\\.php\\z",
|
244
|
+
"caption": "PHP configuration file",
|
245
|
+
"description": "Might contain credentials and keys."
|
246
|
+
},
|
226
247
|
{
|
227
248
|
"part": "extension",
|
228
249
|
"type": "match",
|
@@ -299,5 +320,26 @@
|
|
299
320
|
"pattern": "password",
|
300
321
|
"caption": "Contains word: password",
|
301
322
|
"description": null
|
323
|
+
},
|
324
|
+
{
|
325
|
+
"part": "filename",
|
326
|
+
"type": "regex",
|
327
|
+
"pattern": "private.*key",
|
328
|
+
"caption": "Contains words: private, key",
|
329
|
+
"description": null
|
330
|
+
},
|
331
|
+
{
|
332
|
+
"part": "filename",
|
333
|
+
"type": "match",
|
334
|
+
"pattern": "jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml",
|
335
|
+
"caption": "Jenkins publish over SSH plugin file",
|
336
|
+
"description": null
|
337
|
+
},
|
338
|
+
{
|
339
|
+
"part": "filename",
|
340
|
+
"type": "match",
|
341
|
+
"pattern": "credentials.xml",
|
342
|
+
"caption": "Potential Jenkins credentials file",
|
343
|
+
"description": null
|
302
344
|
}
|
303
345
|
]
|
@@ -58,14 +58,21 @@ RSpec.describe Gitrob::Observers::SensitiveFiles do
|
|
58
58
|
|
59
59
|
it 'detects private keys' do
|
60
60
|
['id_rsa',
|
61
|
+
'production_rsa',
|
61
62
|
'.ssh/id_rsa',
|
62
63
|
'ssh/id_rsa',
|
63
64
|
'privatekeys/id_rsa',
|
65
|
+
'id_dsa',
|
66
|
+
'key_dsa',
|
67
|
+
'.ssh/id_dsa',
|
68
|
+
'privatekeys/id_dsa',
|
64
69
|
'id_ed25519',
|
70
|
+
'user_ed25519',
|
65
71
|
'.ssh/id_ed25519',
|
66
72
|
'privatekeys/id_ed25519',
|
67
73
|
'.ssh/id_ecdsa',
|
68
74
|
'id_ecdsa',
|
75
|
+
'jenkins_ecdsa',
|
69
76
|
'ssh/id_ecdsa',
|
70
77
|
'privatekeys/id_ecdsa'
|
71
78
|
].each do |path|
|
@@ -438,6 +445,29 @@ RSpec.describe Gitrob::Observers::SensitiveFiles do
|
|
438
445
|
end
|
439
446
|
end
|
440
447
|
|
448
|
+
it 'detects Django settings files' do
|
449
|
+
['settings.py',
|
450
|
+
].each do |path|
|
451
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
452
|
+
described_class.observe(blob)
|
453
|
+
expect(blob.findings.first.caption).to eq("Django configuration file")
|
454
|
+
expect(blob.findings.first.description).to eq("Might contain database credentials, online storage system credentials, secret keys, etc.")
|
455
|
+
end
|
456
|
+
end
|
457
|
+
|
458
|
+
it 'detects PHP configuration files' do
|
459
|
+
['config.php',
|
460
|
+
'config/config.inc.php',
|
461
|
+
'db_config.php',
|
462
|
+
'secret_config.inc.php'
|
463
|
+
].each do |path|
|
464
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
465
|
+
described_class.observe(blob)
|
466
|
+
expect(blob.findings.first.caption).to eq("PHP configuration file")
|
467
|
+
expect(blob.findings.first.description).to eq("Might contain credentials and keys.")
|
468
|
+
end
|
469
|
+
end
|
470
|
+
|
441
471
|
it 'detects KeePass database files' do
|
442
472
|
['keepass.kdb',
|
443
473
|
'secret/pwd.kdb'
|
@@ -554,5 +584,36 @@ RSpec.describe Gitrob::Observers::SensitiveFiles do
|
|
554
584
|
expect(blob.findings.first.caption).to eq("Contains word: password")
|
555
585
|
end
|
556
586
|
end
|
587
|
+
|
588
|
+
it 'detects files containing wordis: private, key' do
|
589
|
+
['privatekey.asc',
|
590
|
+
'super_private_key.asc',
|
591
|
+
'private/private_keys.tar.gz'
|
592
|
+
].each do |path|
|
593
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
594
|
+
described_class.observe(blob)
|
595
|
+
expect(blob.findings.last.caption).to eq("Contains words: private, key")
|
596
|
+
end
|
597
|
+
end
|
598
|
+
|
599
|
+
it 'detects Jenkins publish over ssh plugin configuration files' do
|
600
|
+
['jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml',
|
601
|
+
'jenkins/jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml'
|
602
|
+
].each do |path|
|
603
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
604
|
+
described_class.observe(blob)
|
605
|
+
expect(blob.findings.first.caption).to eq("Jenkins publish over SSH plugin file")
|
606
|
+
end
|
607
|
+
end
|
608
|
+
|
609
|
+
it 'detects Jenkins credentials files' do
|
610
|
+
['credentials.xml',
|
611
|
+
'jenkins/credentials.xml'
|
612
|
+
].each do |path|
|
613
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
614
|
+
described_class.observe(blob)
|
615
|
+
expect(blob.findings.first.caption).to eq("Potential Jenkins credentials file")
|
616
|
+
end
|
617
|
+
end
|
557
618
|
end
|
558
619
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gitrob
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Henriksen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-01-
|
11
|
+
date: 2015-01-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: httparty
|