gitrob 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +14 -0
- data/README.md +7 -1
- data/bin/gitrob +0 -2
- data/lib/gitrob/observers/sensitive_files.rb +1 -0
- data/lib/gitrob/version.rb +1 -1
- data/patterns.json +51 -2
- data/spec/lib/gitrob/observers/sensitive_files_spec.rb +73 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 233269393064c9df0a4e4cf715f89b61da4cfaf1
|
|
4
|
+
data.tar.gz: 67367c7bb7b8e9e879b69d11e8d3afc00d4c2c01
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9a073a5a96890fb8fdc37c839c2debd118f7951ea53736ce60e29dd8924e52af65d2937e8742a9041518922dfd393e212aabc5794cb751c577ae2c20b70d5afd
|
|
7
|
+
data.tar.gz: 94184271f33c605d018556bb9b0a3d61d2a8d28b767d084286011aabe2af3cc9502d7d6ae28ade7cacc13c89319b8898031bfd08cdd3577034b2e7ccd68b5fbd
|
data/CONTRIBUTING.md
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Contributing
|
|
2
|
+
|
|
3
|
+
Gitrob should be considered Beta and there is probably a good amount of bugs. Bug reports and suggestions for improvements are welcome!
|
|
4
|
+
|
|
5
|
+
Another way to help out is to contribute new patterns for sensitive files. If you know of any sensitive files that are not already identified, please submit them in a pull request. I am especially interested in sensitive web framework files and configuration files. Have a look at the [patterns.json](https://github.com/michenriksen/gitrob/blob/master/patterns.json) file to see what is already looked for.
|
|
6
|
+
|
|
7
|
+
## How to make a pull request:
|
|
8
|
+
|
|
9
|
+
1. Fork it ( https://github.com/michenriksen/gitrob/fork )
|
|
10
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
11
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
|
12
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
|
13
|
+
5. Create a new Pull Request
|
|
14
|
+
|
data/README.md
CHANGED
|
@@ -20,12 +20,18 @@ All of the members, repositories and files will be saved to a PostgreSQL databas
|
|
|
20
20
|
|
|
21
21
|
## Installation
|
|
22
22
|
|
|
23
|
-
Gitrob is written in Ruby and requires at least version 1.9.3 or above, except for version 2.2.0 which is currently not compatible. If you are on an older version, it is very easy to install newer versions with [RVM](http://rvm.io/). If you are installing Gitrob on [Kali](http://www.kali.org/), you are almost good to go, you just need to update Bundler with `gem install bundler`. It might also be necessary to install a PostgreSQL dependency with `apt-get install postgresql-server-dev-9.1` in a terminal.
|
|
23
|
+
Gitrob is written in Ruby and requires at least version 1.9.3 or above, except for version 2.2.0 which is currently not compatible. If you are on an older version, it is very easy to install newer versions with [RVM](http://rvm.io/). If you are installing Gitrob on [Kali](http://www.kali.org/), you are almost good to go, you just need to update Bundler with `gem install bundler`. It might also be necessary to install a PostgreSQL dependency with `apt-get install postgresql-server-dev-9.1` and a Ruby dependency with `apt-get install ruby1.9.1-dev` in a terminal.
|
|
24
24
|
|
|
25
25
|
Gitrob is a Ruby gem, so installation is a simple `gem install gitrob` in a terminal. This will automatically install all the code dependencies as well.
|
|
26
26
|
|
|
27
27
|
A [PostgreSQL](http://www.postgresql.org/) database is also needed for Gitrob to store its data. Installing PostgreSQL is pretty straight forward; here is an installation guide for [Mac OS X](http://www.gotealeaf.com/blog/how-to-install-postgresql-on-a-mac) and one for [Ubuntu/Debian](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-14-04) based Linux. If you're installing Gitrob on Kali, you already have PostgreSQL installed, however you need to start the server with `service postgresql start` in a terminal.
|
|
28
28
|
|
|
29
|
+
When PostgreSQL is installed, it's time to create a user and a database for Gitrob. To do so, type the following commands in a terminal:
|
|
30
|
+
|
|
31
|
+
sudo su postgres # Not necessary on Mac OS X
|
|
32
|
+
createuser -s gitrob --pwprompt
|
|
33
|
+
createdb -O gitrob gitrob
|
|
34
|
+
|
|
29
35
|
The last thing we need is a GitHub access token in order to be able to talk to their API. The easiest way is to create a [personal access token](https://github.com/settings/applications). If you plan on using Gitrob extensively or on a very big organization, it might be necessary to have multiple access tokens to prevent running into rate limiting, but they need to be from different user accounts.
|
|
30
36
|
|
|
31
37
|
When everything is ready, simply run `gitrob --configure` and you will be presented with a configuration wizard that asks you for database connection details and GitHub access tokens. All of this configuration can be changed by running the same command again. The configuration will be saved in `~/.gitrobrc` - and yes, Gitrob is looking for this file too so watch out.
|
data/bin/gitrob
CHANGED
data/lib/gitrob/version.rb
CHANGED
data/patterns.json
CHANGED
|
@@ -36,8 +36,8 @@
|
|
|
36
36
|
},
|
|
37
37
|
{
|
|
38
38
|
"part": "extension",
|
|
39
|
-
"type": "
|
|
40
|
-
"pattern": "
|
|
39
|
+
"type": "regex",
|
|
40
|
+
"pattern": "\\Akey(pair)?\\z",
|
|
41
41
|
"caption": "Potential cryptographic private key",
|
|
42
42
|
"description": null
|
|
43
43
|
},
|
|
@@ -341,5 +341,54 @@
|
|
|
341
341
|
"pattern": "credentials.xml",
|
|
342
342
|
"caption": "Potential Jenkins credentials file",
|
|
343
343
|
"description": null
|
|
344
|
+
},
|
|
345
|
+
{
|
|
346
|
+
"part": "filename",
|
|
347
|
+
"type": "regex",
|
|
348
|
+
"pattern": "\\A\\.?htpasswd\\z",
|
|
349
|
+
"caption": "Apache htpasswd file",
|
|
350
|
+
"description": null
|
|
351
|
+
},
|
|
352
|
+
{
|
|
353
|
+
"part": "filename",
|
|
354
|
+
"type": "regex",
|
|
355
|
+
"pattern": "\\A\\.?netrc\\z",
|
|
356
|
+
"caption": "Configuration file for auto-login process",
|
|
357
|
+
"description": "Might contain username and password."
|
|
358
|
+
},
|
|
359
|
+
{
|
|
360
|
+
"part": "extension",
|
|
361
|
+
"type": "match",
|
|
362
|
+
"pattern": "kwallet",
|
|
363
|
+
"caption": "KDE Wallet Manager database file",
|
|
364
|
+
"description": null
|
|
365
|
+
},
|
|
366
|
+
{
|
|
367
|
+
"part": "filename",
|
|
368
|
+
"type": "match",
|
|
369
|
+
"pattern": "LocalSettings.php",
|
|
370
|
+
"caption": "Potential MediaWiki configuration file",
|
|
371
|
+
"description": null
|
|
372
|
+
},
|
|
373
|
+
{
|
|
374
|
+
"part": "extension",
|
|
375
|
+
"type": "match",
|
|
376
|
+
"pattern": "tblk",
|
|
377
|
+
"caption": "Tunnelblick VPN configuration file",
|
|
378
|
+
"description": null
|
|
379
|
+
},
|
|
380
|
+
{
|
|
381
|
+
"part": "path",
|
|
382
|
+
"type": "regex",
|
|
383
|
+
"pattern": "\\A\\.?gem/credentials\\z",
|
|
384
|
+
"caption": "Rubygems credentials file",
|
|
385
|
+
"description": "Might contain API key for a rubygems.org account."
|
|
386
|
+
},
|
|
387
|
+
{
|
|
388
|
+
"part": "filename",
|
|
389
|
+
"type": "regex",
|
|
390
|
+
"pattern": "\\A*\\.pubxml(\\.user)?\\z",
|
|
391
|
+
"caption": "Potential MSBuild publish profile",
|
|
392
|
+
"description": null
|
|
344
393
|
}
|
|
345
394
|
]
|
|
@@ -93,10 +93,12 @@ RSpec.describe Gitrob::Observers::SensitiveFiles do
|
|
|
93
93
|
end
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
-
it 'detects files with .key extension' do
|
|
96
|
+
it 'detects files with .key(pair) extension' do
|
|
97
97
|
['privatekey.key',
|
|
98
98
|
'keys/privatekey.key',
|
|
99
99
|
'.secret.key',
|
|
100
|
+
'production.keypair',
|
|
101
|
+
'keys/privatekey.keypair'
|
|
100
102
|
].each do |path|
|
|
101
103
|
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
|
102
104
|
described_class.observe(blob)
|
|
@@ -615,5 +617,75 @@ RSpec.describe Gitrob::Observers::SensitiveFiles do
|
|
|
615
617
|
expect(blob.findings.first.caption).to eq("Potential Jenkins credentials file")
|
|
616
618
|
end
|
|
617
619
|
end
|
|
620
|
+
|
|
621
|
+
it 'detects Apache htpasswd files' do
|
|
622
|
+
['.htpasswd',
|
|
623
|
+
'htpasswd',
|
|
624
|
+
'public/htpasswd',
|
|
625
|
+
'admin/.htpasswd'
|
|
626
|
+
].each do |path|
|
|
627
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
|
628
|
+
described_class.observe(blob)
|
|
629
|
+
expect(blob.findings.first.caption).to eq("Apache htpasswd file")
|
|
630
|
+
end
|
|
631
|
+
end
|
|
632
|
+
|
|
633
|
+
it 'detects netrc files' do
|
|
634
|
+
['.netrc',
|
|
635
|
+
'netrc',
|
|
636
|
+
'dotfiles/.netrc',
|
|
637
|
+
'homefolder/netrc'
|
|
638
|
+
].each do |path|
|
|
639
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
|
640
|
+
described_class.observe(blob)
|
|
641
|
+
expect(blob.findings.first.caption).to eq("Configuration file for auto-login process")
|
|
642
|
+
expect(blob.findings.first.description).to eq("Might contain username and password.")
|
|
643
|
+
end
|
|
644
|
+
end
|
|
645
|
+
|
|
646
|
+
it 'detects KDE Wallet Manager files' do
|
|
647
|
+
['wallet.kwallet',
|
|
648
|
+
'.wallet.kwallet',
|
|
649
|
+
'dotfiles/secret.kwallet',
|
|
650
|
+
'homefolder/creds.kwallet'
|
|
651
|
+
].each do |path|
|
|
652
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
|
653
|
+
described_class.observe(blob)
|
|
654
|
+
expect(blob.findings.first.caption).to eq("KDE Wallet Manager database file")
|
|
655
|
+
end
|
|
656
|
+
end
|
|
657
|
+
|
|
658
|
+
it 'detects MediaWiki configuration files' do
|
|
659
|
+
['LocalSettings.php',
|
|
660
|
+
'mediawiki/LocalSettings.php',
|
|
661
|
+
'configs/LocalSettings.php'
|
|
662
|
+
].each do |path|
|
|
663
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
|
664
|
+
described_class.observe(blob)
|
|
665
|
+
expect(blob.findings.first.caption).to eq("Potential MediaWiki configuration file")
|
|
666
|
+
end
|
|
667
|
+
end
|
|
668
|
+
|
|
669
|
+
it 'detects Tunnelblick VPN configuration files' do
|
|
670
|
+
['vpn.tblk',
|
|
671
|
+
'secret/tunnel.tblk',
|
|
672
|
+
'configs/.tunnelblick.tblk'
|
|
673
|
+
].each do |path|
|
|
674
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
|
675
|
+
described_class.observe(blob)
|
|
676
|
+
expect(blob.findings.first.caption).to eq("Tunnelblick VPN configuration file")
|
|
677
|
+
end
|
|
678
|
+
end
|
|
679
|
+
|
|
680
|
+
it 'detects Rubygems credentials files' do
|
|
681
|
+
['.gem/credentials',
|
|
682
|
+
'gem/credentials',
|
|
683
|
+
].each do |path|
|
|
684
|
+
blob = Gitrob::Github::Blob.new(path, 1, repo).to_model(org, repo.to_model(org))
|
|
685
|
+
described_class.observe(blob)
|
|
686
|
+
expect(blob.findings.first.caption).to eq("Rubygems credentials file")
|
|
687
|
+
expect(blob.findings.first.description).to eq("Might contain API key for a rubygems.org account.")
|
|
688
|
+
end
|
|
689
|
+
end
|
|
618
690
|
end
|
|
619
691
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gitrob
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Henriksen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-02-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: httparty
|
|
@@ -216,6 +216,7 @@ extra_rdoc_files: []
|
|
|
216
216
|
files:
|
|
217
217
|
- ".gitignore"
|
|
218
218
|
- ".rspec"
|
|
219
|
+
- CONTRIBUTING.md
|
|
219
220
|
- Gemfile
|
|
220
221
|
- LICENSE.txt
|
|
221
222
|
- README.md
|