gitrob 0.0.6 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +30 -7
- data/.rspec +0 -1
- data/.rubocop.yml +55 -0
- data/.travis.yml +4 -0
- data/CHANGELOG.md +42 -0
- data/CONTRIBUTING.md +137 -9
- data/Gemfile +11 -1
- data/Guardfile +42 -0
- data/LICENSE.txt +17 -18
- data/README.md +79 -29
- data/Rakefile +6 -0
- data/bin/console +34 -0
- data/bin/setup +7 -0
- data/db/migrations/001_create_assessments.rb +19 -0
- data/db/migrations/002_create_github_access_tokens.rb +11 -0
- data/db/migrations/003_create_owners.rb +24 -0
- data/db/migrations/004_create_repositories.rb +23 -0
- data/db/migrations/005_create_blobs.rb +16 -0
- data/db/migrations/006_create_flags.rb +13 -0
- data/db/migrations/007_create_comparisons.rb +17 -0
- data/db/migrations/008_create_blobs_comparisons.rb +8 -0
- data/db/migrations/009_create_comparisons_repositories.rb +8 -0
- data/db/migrations/010_create_comparisons_owners.rb +8 -0
- data/exe/gitrob +6 -0
- data/gitrob.gemspec +25 -18
- data/lib/gitrob/blob_observer.rb +103 -0
- data/lib/gitrob/cli/command.rb +58 -0
- data/lib/gitrob/cli/commands/accept_terms_of_use.rb +61 -0
- data/lib/gitrob/cli/commands/analyze/analysis.rb +75 -0
- data/lib/gitrob/cli/commands/analyze/gathering.rb +101 -0
- data/lib/gitrob/cli/commands/analyze.rb +63 -0
- data/lib/gitrob/cli/commands/banner.rb +25 -0
- data/lib/gitrob/cli/commands/configure.rb +123 -0
- data/lib/gitrob/cli/commands/server.rb +21 -0
- data/lib/gitrob/cli/progress_bar.rb +47 -0
- data/lib/gitrob/cli.rb +213 -0
- data/lib/gitrob/github/client_manager.rb +46 -0
- data/lib/gitrob/github/data_manager.rb +121 -0
- data/lib/gitrob/jobs/assessment.rb +12 -0
- data/lib/gitrob/jobs/comparison.rb +55 -0
- data/lib/gitrob/models/assessment.rb +96 -0
- data/lib/gitrob/models/blob.rb +50 -0
- data/lib/gitrob/models/comparison.rb +15 -0
- data/lib/gitrob/models/flag.rb +15 -0
- data/lib/gitrob/models/github_access_token.rb +17 -0
- data/lib/gitrob/models/owner.rb +23 -0
- data/lib/gitrob/models/repository.rb +20 -0
- data/lib/gitrob/utils.rb +19 -0
- data/lib/gitrob/version.rb +1 -1
- data/lib/gitrob/web_app.rb +292 -0
- data/lib/gitrob.rb +30 -113
- data/public/css/bootstrap.min.css +11 -0
- data/public/css/main.css +130 -0
- data/public/css/tomorrow-night.css +75 -0
- data/public/fonts/glyphicons-halflings-regular.eot +0 -0
- data/public/fonts/glyphicons-halflings-regular.svg +273 -214
- data/public/fonts/glyphicons-halflings-regular.ttf +0 -0
- data/public/fonts/glyphicons-halflings-regular.woff +0 -0
- data/public/fonts/glyphicons-halflings-regular.woff2 +0 -0
- data/public/images/blob_spinner.gif +0 -0
- data/public/images/gear_spinner.gif +0 -0
- data/public/js/bootstrap.min.js +7 -0
- data/public/js/highlight.pack.js +2 -0
- data/public/js/highlight.worker.js +13 -0
- data/public/js/jquery-2.1.4.min.js +4 -0
- data/public/js/main.js +239 -0
- data/public/robots.txt +2 -0
- data/signatures.json +541 -0
- data/views/assessments/_assessments.erb +57 -0
- data/views/assessments/_comparable_assessments.erb +38 -0
- data/views/assessments/_comparisons.erb +111 -0
- data/views/assessments/compare.erb +22 -0
- data/views/assessments/findings.erb +55 -0
- data/views/assessments/repositories.erb +35 -0
- data/views/assessments/show.erb +1 -0
- data/views/assessments/users.erb +46 -0
- data/views/blobs/show.erb +37 -0
- data/views/comparisons/show.erb +125 -0
- data/views/errors/internal_server_error.erb +9 -0
- data/views/errors/not_found.erb +5 -0
- data/views/index.erb +43 -28
- data/views/layout.erb +38 -12
- data/views/repositories/show.erb +49 -0
- data/views/users/show.erb +54 -0
- metadata +217 -106
- data/bin/gitrob +0 -260
- data/lib/gitrob/github/blob.rb +0 -41
- data/lib/gitrob/github/http_client.rb +0 -127
- data/lib/gitrob/github/organization.rb +0 -99
- data/lib/gitrob/github/repository.rb +0 -72
- data/lib/gitrob/github/user.rb +0 -84
- data/lib/gitrob/observers/sensitive_files.rb +0 -83
- data/lib/gitrob/progressbar.rb +0 -52
- data/lib/gitrob/util.rb +0 -11
- data/lib/gitrob/webapp.rb +0 -76
- data/models/blob.rb +0 -35
- data/models/finding.rb +0 -14
- data/models/organization.rb +0 -32
- data/models/repo.rb +0 -22
- data/models/user.rb +0 -28
- data/patterns.json +0 -394
- data/public/javascripts/bootstrap.min.js +0 -7
- data/public/javascripts/gitrob.js +0 -75
- data/public/javascripts/jquery-2.1.1.min.js +0 -4
- data/public/javascripts/lang-apollo.js +0 -2
- data/public/javascripts/lang-basic.js +0 -3
- data/public/javascripts/lang-clj.js +0 -18
- data/public/javascripts/lang-css.js +0 -2
- data/public/javascripts/lang-dart.js +0 -3
- data/public/javascripts/lang-erlang.js +0 -2
- data/public/javascripts/lang-go.js +0 -1
- data/public/javascripts/lang-hs.js +0 -2
- data/public/javascripts/lang-lisp.js +0 -3
- data/public/javascripts/lang-llvm.js +0 -1
- data/public/javascripts/lang-lua.js +0 -2
- data/public/javascripts/lang-matlab.js +0 -6
- data/public/javascripts/lang-ml.js +0 -2
- data/public/javascripts/lang-mumps.js +0 -2
- data/public/javascripts/lang-n.js +0 -4
- data/public/javascripts/lang-pascal.js +0 -3
- data/public/javascripts/lang-proto.js +0 -1
- data/public/javascripts/lang-r.js +0 -2
- data/public/javascripts/lang-rd.js +0 -1
- data/public/javascripts/lang-scala.js +0 -2
- data/public/javascripts/lang-sql.js +0 -2
- data/public/javascripts/lang-tcl.js +0 -3
- data/public/javascripts/lang-tex.js +0 -1
- data/public/javascripts/lang-vb.js +0 -2
- data/public/javascripts/lang-vhdl.js +0 -3
- data/public/javascripts/lang-wiki.js +0 -2
- data/public/javascripts/lang-xq.js +0 -3
- data/public/javascripts/lang-yaml.js +0 -2
- data/public/javascripts/prettify.js +0 -30
- data/public/javascripts/run_prettify.js +0 -34
- data/public/stylesheets/bootstrap.min.css +0 -7
- data/public/stylesheets/bootstrap.min.css.vanilla +0 -5
- data/public/stylesheets/gitrob.css +0 -88
- data/public/stylesheets/prettify.css +0 -51
- data/spec/lib/gitrob/observers/sensitive_files_spec.rb +0 -691
- data/spec/spec_helper.rb +0 -127
- data/views/blob.erb +0 -22
- data/views/organization.erb +0 -126
- data/views/repository.erb +0 -51
- data/views/user.erb +0 -51
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7bee31c09fd95a535639f152d7e8263f6d8371b6
|
4
|
+
data.tar.gz: ef6bd6835050fd1fbc95f257d178159ceaa4dc07
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 22d231f7dfb893caac0778a6d7b22672dc19d09b6cd89248b1331157d3bd8d214f32407a9c795eeb788ba3d4343b7e10036b23ce26acd0f48dc9ed85ceb2aab9
|
7
|
+
data.tar.gz: f4354301d88494ecdfbde6d82172b2e595f0b6380119c27a5510cf3c085f901279883da5eccfdf47a2cb5b498aedebca770fa3dea5536c2ef035211fa06e8ad5
|
data/.gitignore
CHANGED
@@ -7,12 +7,35 @@
|
|
7
7
|
/pkg/
|
8
8
|
/spec/reports/
|
9
9
|
/tmp/
|
10
|
-
*.bundle
|
11
|
-
*.so
|
12
|
-
*.o
|
13
|
-
*.a
|
14
|
-
*.swp
|
15
|
-
mkmf.log
|
16
10
|
.ruby-version
|
17
11
|
.ruby-gemset
|
18
|
-
agreement
|
12
|
+
agreement.txt
|
13
|
+
coverage
|
14
|
+
TODO.md
|
15
|
+
.directory
|
16
|
+
.Trash-*
|
17
|
+
.DS_Store
|
18
|
+
.AppleDouble
|
19
|
+
.LSOverride
|
20
|
+
Icon
|
21
|
+
._*
|
22
|
+
.DocumentRevisions-V100
|
23
|
+
.fseventsd
|
24
|
+
.Spotlight-V100
|
25
|
+
.TemporaryItems
|
26
|
+
.Trashes
|
27
|
+
.VolumeIcon.icns
|
28
|
+
.AppleDB
|
29
|
+
.AppleDesktop
|
30
|
+
Network Trash Folder
|
31
|
+
Temporary Items
|
32
|
+
.apdisk
|
33
|
+
*.tmproj
|
34
|
+
*.tmproject
|
35
|
+
tmtags
|
36
|
+
[._]*.s[a-w][a-z]
|
37
|
+
[._]s[a-w][a-z]
|
38
|
+
*.un~
|
39
|
+
Session.vim
|
40
|
+
.netrwhist
|
41
|
+
*~
|
data/.rspec
CHANGED
data/.rubocop.yml
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
AllCops:
|
2
|
+
Exclude:
|
3
|
+
- "*.gemspec"
|
4
|
+
|
5
|
+
Metrics/AbcSize:
|
6
|
+
Exclude:
|
7
|
+
- "spec/**/*"
|
8
|
+
|
9
|
+
Metrics/MethodLength:
|
10
|
+
Exclude:
|
11
|
+
- "spec/**/*"
|
12
|
+
|
13
|
+
Metrics/ClassLength:
|
14
|
+
Exclude:
|
15
|
+
- "spec/**/*"
|
16
|
+
|
17
|
+
Metrics/LineLength:
|
18
|
+
Exclude:
|
19
|
+
- "db/migrations/**"
|
20
|
+
|
21
|
+
Style/ClassAndModuleChildren:
|
22
|
+
Enabled: false
|
23
|
+
|
24
|
+
Style/Documentation:
|
25
|
+
Enabled: false
|
26
|
+
|
27
|
+
Style/DoubleNegation:
|
28
|
+
Enabled: false
|
29
|
+
|
30
|
+
Lint/AssignmentInCondition:
|
31
|
+
Enabled: false
|
32
|
+
|
33
|
+
Lint/NestedMethodDefinition:
|
34
|
+
Enabled: false
|
35
|
+
|
36
|
+
Metrics/AbcSize:
|
37
|
+
Enabled: false
|
38
|
+
Style/MultilineOperationIndentation:
|
39
|
+
Enabled: false
|
40
|
+
|
41
|
+
Style/HashSyntax:
|
42
|
+
EnforcedStyle: hash_rockets
|
43
|
+
|
44
|
+
Style/SpaceAroundEqualsInParameterDefault:
|
45
|
+
EnforcedStyle: no_space
|
46
|
+
|
47
|
+
Style/StringLiterals:
|
48
|
+
EnforcedStyle: double_quotes
|
49
|
+
|
50
|
+
Metrics/MethodLength:
|
51
|
+
CountComments: false
|
52
|
+
Max: 20
|
53
|
+
|
54
|
+
Metrics/ClassLength:
|
55
|
+
Max: 200
|
data/.travis.yml
ADDED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
# Change Log
|
2
|
+
All notable changes to this project will be documented in this file.
|
3
|
+
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
|
+
|
5
|
+
## [Unreleased]
|
6
|
+
### Added
|
7
|
+
- Complete rewrite of Gitrob
|
8
|
+
- Analyze arbitrary amount of organizations and users
|
9
|
+
- Create and delete assessments directly from web interface
|
10
|
+
- Run Gitrob against GitHub Enterprise installations
|
11
|
+
- Compare two assessments to find new/modified files as well as new users and repositories
|
12
|
+
- Highlight interesting things such as hostnames, IPs, email addresses and tokens in files
|
13
|
+
- Detect likely testing/mock related files
|
14
|
+
- General web UI/UX improvements
|
15
|
+
- More tests
|
16
|
+
|
17
|
+
### Changed
|
18
|
+
- Use [sequel](https://rubygems.org/gems/sequel) Gem for database operations
|
19
|
+
- Use [github_api](https://rubygems.org/gems/github_api) Gem for GitHub API operations
|
20
|
+
- Use [thor](https://rubygems.org/gems/thor) Gem for CLI
|
21
|
+
- Rename `patterns.json` to `signatures.json`
|
22
|
+
|
23
|
+
### New signatures
|
24
|
+
- SSH configuration files (`path =~ /\.?ssh/config\z/`)
|
25
|
+
- Postgresql password files (`filename =~ /\A\.?pgpass\z/`)
|
26
|
+
- AWS CLI credential files (`path =~ /\.?aws/credentials\z/`)
|
27
|
+
- Day One journal files (`extension == "dayone"`)
|
28
|
+
- jrnl journal files (`filename == "journal.txt"`)
|
29
|
+
- Tugboat DigitalOcean management tool configuration files (`filename =~ /\A\.?tugboat\z/`)
|
30
|
+
- git-credential-store helper credential files (`filename =~ /\A\.?git-credentials\z/`)
|
31
|
+
- Git configuration files (`filename =~ /\A\.?gitconfig\z/`)
|
32
|
+
- Chef Knife configuration file (`filename == "knife.rb"`)
|
33
|
+
- Chef private keys (`path =~ /\.?chef/(.*)\.pem\z/`)
|
34
|
+
- cPanel backup ProFTPd credential files (`filename == "proftpdpasswd"`)
|
35
|
+
- Robomongo MongoDB manager configuration files (`filename == "robomongo.json"`)
|
36
|
+
- FileZilla FTP configuration files (`filename == "filezilla.xml"`)
|
37
|
+
- FileZilla FTP recent servers files (`filename == "recentservers.xml"`)
|
38
|
+
- Ventrilo server configuration files (`filename == "ventrilo_srv.ini"`)
|
39
|
+
- Docker configuration files (`filename =~ /\A\.?dockercfg\z/`)
|
40
|
+
- NPM configuration file (`filename =~ /\A\.?npmrc\z/`)
|
41
|
+
- Files containing word: credential (`filename =~ /credential/`)
|
42
|
+
- Files containing word: secret (`filename =~ /secret/`)
|
data/CONTRIBUTING.md
CHANGED
@@ -1,14 +1,142 @@
|
|
1
|
-
# Contributing
|
1
|
+
# Contributing to Gitrob
|
2
2
|
|
3
|
-
|
3
|
+
Have a feature idea, bug fix, or refactoring suggestion? Contributions are welcome!
|
4
4
|
|
5
|
-
|
5
|
+
## Reporting Bugs
|
6
6
|
|
7
|
-
|
7
|
+
When you are creating a bug report, please [include as many details as possible](#how-do-i-submit-a-good-bug-report). If you'd like, you can use [this template](#template-for-submitting-bug-reports) to structure the information.
|
8
8
|
|
9
|
-
|
10
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
11
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
12
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
13
|
-
5. Create a new Pull Request
|
9
|
+
### How Do I Submit A (Good) Bug Report?
|
14
10
|
|
11
|
+
* **Use a clear and descriptive title** for the issue to identify the problem.
|
12
|
+
* **Describe the exact steps which reproduce the problem** in as many details as possible. For example, start by explaining how you started Gitrob, e.g. which command exactly you used in the terminal, or how you started Gitrob otherwise. When listing steps, **don't just say what you did, but explain how you did it**.
|
13
|
+
* **Describe the behavior you observed after following the steps** and point out what exactly is the problem with that behavior.
|
14
|
+
* **Explain which behavior you expected to see instead and why.**
|
15
|
+
* **Include screenshots and animated GIFs** which show you following the described steps and clearly demonstrate the problem. You can use [this tool](http://www.cockos.com/licecap/) to record GIFs on OSX and Windows, and [this tool](https://github.com/colinkeenan/silentcast) or [this tool](https://github.com/GNOME/byzanz) on Linux.
|
16
|
+
* **If you're reporting that Gitrob crashed**, include a stack trace/debugging information in a [code block](https://help.github.com/articles/markdown-basics/#multiple-lines), a [file attachment](https://help.github.com/articles/file-attachments-on-issues-and-pull-requests/), or put it in a [gist](https://gist.github.com/) and provide link to that gist.
|
17
|
+
* **If the problem wasn't triggered by a specific action**, describe what you were doing before the problem happened and share more information using the guidelines below.
|
18
|
+
|
19
|
+
Provide more context by answering these questions:
|
20
|
+
|
21
|
+
* **Did the problem start happening recently** (e.g. after updating to a new version of Gitrob) or was this always a problem?
|
22
|
+
* If the problem started happening recently, **can you reproduce the problem in an older version of Gitrob?** What's the most recent version in which the problem doesn't happen?
|
23
|
+
* **Can you reliably reproduce the issue?** If not, provide details about how often the problem happens and under which conditions it normally happens.
|
24
|
+
* If the problem is related to analyzing organizations, **does the problem happen for all organizations or only some?**
|
25
|
+
|
26
|
+
Include details about your configuration and environment:
|
27
|
+
|
28
|
+
* **Which version of Gitrob are you using?** You can get the exact version by running `gitrob` in your terminal, or by looking at the Footer area of the web application.
|
29
|
+
* **What's the name and version of the OS you're using**?
|
30
|
+
* **What version of Ruby are you running Gitrob with**? You can check the version with `ruby --version` in a terminal
|
31
|
+
* **What version of PostgreSQL do you have installed?** You can check the version with `postgres --version` in a terminal
|
32
|
+
|
33
|
+
### Template For Submitting Bug Reports
|
34
|
+
|
35
|
+
[Short description of problem here]
|
36
|
+
|
37
|
+
**Reproduction Steps:**
|
38
|
+
|
39
|
+
1. [First Step]
|
40
|
+
2. [Second Step]
|
41
|
+
3. [Other Steps...]
|
42
|
+
|
43
|
+
**Expected behavior:**
|
44
|
+
|
45
|
+
[Describe expected behavior here]
|
46
|
+
|
47
|
+
**Observed behavior:**
|
48
|
+
|
49
|
+
[Describe observed behavior here]
|
50
|
+
|
51
|
+
**Screenshots and GIFs**
|
52
|
+
|
53
|
+
![Screenshots and GIFs which follow reproduction steps to demonstrate the problem](url)
|
54
|
+
|
55
|
+
**Gitrob version:** [Enter Gitrob version here]
|
56
|
+
**OS and version:** [Enter OS name and version here]
|
57
|
+
**Ruby version:** [Enter Ruby version here]
|
58
|
+
**PostgreSQL version:** [Enter PostgreSQL version here]
|
59
|
+
|
60
|
+
**Additional information:**
|
61
|
+
|
62
|
+
* Problem started happening recently, didn't happen in an older version of Gitrob: [Yes/No]
|
63
|
+
* Problem can be reliably reproduced, doesn't happen randomly: [Yes/No]
|
64
|
+
* Problem happens with all assessments, not only some assessments: [Yes/No]
|
65
|
+
|
66
|
+
## Suggesting Enhancements
|
67
|
+
|
68
|
+
When you are creating an enhancement suggestion, please [include as many details as possible](#how-do-i-submit-a-good-enhancement-suggestion). If you'd like, you can use [this template](#template-for-submitting-enhancement-suggestions) to structure the information.
|
69
|
+
|
70
|
+
### Before Submitting An Enhancement Suggestion
|
71
|
+
|
72
|
+
* **Perform a [cursory search](https://github.com/michenriksen/gitrob/issues?utf8=%E2%9C%93&q=is%3Aissue)** to see if the enhancement has already been suggested. If it has, add a comment to the existing issue instead of opening a new one.
|
73
|
+
|
74
|
+
### How Do I Submit A (Good) Enhancement Suggestion?
|
75
|
+
|
76
|
+
Enhancement suggestions are tracked as [GitHub issues](https://guides.github.com/features/issues/). Create an issue and provide the following information:
|
77
|
+
|
78
|
+
* **Use a clear and descriptive title** for the issue to identify the suggestion.
|
79
|
+
* **Provide a step-by-step description of the suggested enhancement** in as many details as possible.
|
80
|
+
* **Provide specific examples to demonstrate the steps**. Include copy/pasteable snippets which you use in those examples, as [Markdown code blocks](https://help.github.com/articles/markdown-basics/#multiple-lines).
|
81
|
+
* **Describe the current behavior** and **explain which behavior you expected to see instead** and why.
|
82
|
+
* **Include screenshots and animated GIFs** which help you demonstrate the steps or point out the part of Gitrob which the suggestion is related to. You can use [this tool](http://www.cockos.com/licecap/) to record GIFs on OSX and Windows, and [this tool](https://github.com/colinkeenan/silentcast) or [this tool](https://github.com/GNOME/byzanz) on Linux.
|
83
|
+
* **Explain why this enhancement would be useful** to most Gitrob users.
|
84
|
+
* **Specify which version of Gitrob you're using.** You can get the exact version by running `gitrob` in your terminal, or by looking at the Footer area of the web application.
|
85
|
+
* **Specify the name and version of the OS you're using.**
|
86
|
+
|
87
|
+
### Template For Submitting Enhancement Suggestions
|
88
|
+
|
89
|
+
[Short description of suggestion]
|
90
|
+
|
91
|
+
**Steps which explain the enhancement**
|
92
|
+
|
93
|
+
1. [First Step]
|
94
|
+
2. [Second Step]
|
95
|
+
3. [Other Steps...]
|
96
|
+
|
97
|
+
**Current and suggested behavior**
|
98
|
+
|
99
|
+
[Describe current and suggested behavior here]
|
100
|
+
|
101
|
+
**Why would the enhancement be useful to most users**
|
102
|
+
|
103
|
+
[Explain why the enhancement would be useful to most users]
|
104
|
+
|
105
|
+
**Screenshots and GIFs**
|
106
|
+
|
107
|
+
![Screenshots and GIFs which demonstrate the steps or part of Gitrob the enhancement suggestion is related to](url)
|
108
|
+
|
109
|
+
**Gitrob Version:** [Enter Gitrob version here]
|
110
|
+
**OS and Version:** [Enter OS name and version here]
|
111
|
+
|
112
|
+
|
113
|
+
## Pull Requests
|
114
|
+
|
115
|
+
1. Check [Issues][] to see if your contribution has already been discussed and/or implemented.
|
116
|
+
2. If not, open an issue to discuss your contribution. I won't accept all changes and do not want to waste your time.
|
117
|
+
3. Once you have the :thumbsup:, fork the repo, make your changes, and open a PR.
|
118
|
+
4. Don't forget to add your contribution and credit yourself in `CHANGELOG.md`!
|
119
|
+
|
120
|
+
## Coding Guidelines
|
121
|
+
|
122
|
+
* This project has a coding style enforced by [RuboCop][]. Use hash rockets and double-quoted strings, and otherwise try to follow the [Ruby style guide][style].
|
123
|
+
* Writing tests is strongly encouraged! This project uses RSpec.
|
124
|
+
|
125
|
+
## Getting Started
|
126
|
+
|
127
|
+
After checking out the repo, run `bin/setup` to install dependencies.
|
128
|
+
|
129
|
+
Gitrob offers the following development and testing commands:
|
130
|
+
|
131
|
+
* `bin/console` loads your working copy of Gitrob into an irb session
|
132
|
+
* `bundle exec gitrob` runs your working copy of the Gitrob executable
|
133
|
+
* `rake` executes all of Gitrob's tests and RuboCop checks
|
134
|
+
|
135
|
+
A Guardfile is also present, so if you'd like to use Guard to do a TDD workflow, then:
|
136
|
+
|
137
|
+
1. Run `bundle install --with guard` to get the optional guard dependencies
|
138
|
+
2. Run `guard` to monitor the filesystem and automatically run tests as you work
|
139
|
+
|
140
|
+
[Issues]: https://github.com/michenriksen/gitrob/issues
|
141
|
+
[RuboCop]: https://github.com/bbatsov/rubocop
|
142
|
+
[style]: https://github.com/bbatsov/ruby-style-guide
|
data/Gemfile
CHANGED
@@ -1,4 +1,14 @@
|
|
1
|
-
source
|
1
|
+
source "https://rubygems.org"
|
2
2
|
|
3
3
|
# Specify your gem's dependencies in gitrob.gemspec
|
4
4
|
gemspec
|
5
|
+
|
6
|
+
# Optional development dependencies; requires bundler >= 1.10.
|
7
|
+
# Note that these gems assume a Ruby 2.2 environment. Install them using:
|
8
|
+
#
|
9
|
+
# bundle install --with guard
|
10
|
+
#
|
11
|
+
group :guard, :optional => true do
|
12
|
+
gem "guard-rspec"
|
13
|
+
gem "terminal-notifier-guard"
|
14
|
+
end
|
data/Guardfile
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
# A sample Guardfile
|
2
|
+
# More info at https://github.com/guard/guard#readme
|
3
|
+
|
4
|
+
## Uncomment and set this to only include directories you want to watch
|
5
|
+
# directories %w(app lib config test spec features) \
|
6
|
+
# .select{|d| Dir.exists?(d) ? d : UI.warning("Directory #{d} does not exist")}
|
7
|
+
|
8
|
+
## Note: if you are using the `directories` clause above and you are not
|
9
|
+
## watching the project directory ('.'), then you will want to move
|
10
|
+
## the Guardfile to a watched dir and symlink it back, e.g.
|
11
|
+
#
|
12
|
+
# $ mkdir config
|
13
|
+
# $ mv Guardfile config/
|
14
|
+
# $ ln -s config/Guardfile .
|
15
|
+
#
|
16
|
+
# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
|
17
|
+
|
18
|
+
# Note: The cmd option is now required due to the increasing number of ways
|
19
|
+
# rspec may be run, below are examples of the most common uses.
|
20
|
+
# * bundler: 'bundle exec rspec'
|
21
|
+
# * bundler binstubs: 'bin/rspec'
|
22
|
+
# * spring: 'bin/rspec' (This will use spring if running and you have
|
23
|
+
# installed the spring binstubs per the docs)
|
24
|
+
# * zeus: 'zeus rspec' (requires the server to be started separately)
|
25
|
+
# * 'just' rspec: 'rspec'
|
26
|
+
|
27
|
+
guard :rspec, :cmd => "bundle exec rspec -f doc", :title => "Gitrob" do
|
28
|
+
require "guard/rspec/dsl"
|
29
|
+
dsl = Guard::RSpec::Dsl.new(self)
|
30
|
+
|
31
|
+
# Feel free to open issues for suggestions and improvements
|
32
|
+
|
33
|
+
# RSpec files
|
34
|
+
rspec = dsl.rspec
|
35
|
+
watch(rspec.spec_helper) { rspec.spec_dir }
|
36
|
+
watch(rspec.spec_support) { rspec.spec_dir }
|
37
|
+
watch(rspec.spec_files)
|
38
|
+
|
39
|
+
# Ruby files
|
40
|
+
ruby = dsl.ruby
|
41
|
+
dsl.watch_spec_files_for(ruby.lib_files)
|
42
|
+
end
|
data/LICENSE.txt
CHANGED
@@ -1,22 +1,21 @@
|
|
1
|
-
|
1
|
+
The MIT License (MIT)
|
2
2
|
|
3
|
-
|
3
|
+
Copyright (c) 2016 Michael Henriksen
|
4
4
|
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
the following conditions:
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
12
11
|
|
13
|
-
The above copyright notice and this permission notice shall be
|
14
|
-
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
15
14
|
|
16
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
OF
|
22
|
-
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
CHANGED
@@ -1,53 +1,103 @@
|
|
1
|
-
# Gitrob
|
1
|
+
# Gitrob: Putting the Open Source in OSINT
|
2
2
|
|
3
|
-
|
3
|
+
Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files, that typically contain sensitive or dangerous information.
|
8
|
-
|
9
|
-
Read the [blog post](http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/) for more information and screenshots.
|
5
|
+
Looking for sensitive information in GitHub repositories is not a new thing, it has been [known for a while](http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html) that things such as private keys and credentials can be found with GitHub's search functionality, however Gitrob makes it easier to focus the effort on a specific organization.
|
10
6
|
|
11
|
-
##
|
7
|
+
## Installation
|
12
8
|
|
13
|
-
|
9
|
+
### 1. Ruby
|
14
10
|
|
15
|
-
|
11
|
+
Gitrob is written in [Ruby](https://www.ruby-lang.org/) and requires at least version 1.9.3 or above. To check which version of Ruby you have installed, simply run `ruby --version` in a terminal.
|
16
12
|
|
17
|
-
|
13
|
+
Should you have an older version installed, it is very easy to upgrade and manage different versions with the Ruby Version Manager ([RVM](https://rvm.io/)). Please see the [RVM website](https://rvm.io/) for installation instructions.
|
18
14
|
|
19
|
-
|
15
|
+
### 2. RubyGems
|
20
16
|
|
21
|
-
|
17
|
+
Gitrob is packaged as a Ruby gem to make it easy to install and update. To install Ruby gems you'll need the RubyGems tool installed. To check if you have it already, type `gem` in a Terminal. If you got it already, it is recommended to do a quick `gem update --system` to make sure you have the latest and greatest version. In case you don't have it installed, download it from [here](https://rubygems.org/pages/download) and follow the simple installation instructions.
|
22
18
|
|
23
|
-
|
19
|
+
### 3. PostgreSQL
|
24
20
|
|
25
|
-
Gitrob
|
21
|
+
Gitrob uses a PostgreSQL database to store all the collected data. If you are setting up Gitrob in the [Kali](https://www.kali.org/) linux distribution you already have it installed, you just need to make sure it's running by executing `service postgresql start` and install a dependency with `apt-get install libpq-dev` in a terminal. Here's an excellent [guide](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-9-4-on-debian-8) on how to install PostgreSQL on a Debian based Linux system. If you are setting up Gitrob on a Mac, the easiest way to install PostgreSQL is with [Homebrew](http://brew.sh/). Here's a [guide](http://exponential.io/blog/2015/02/21/install-postgresql-on-mac-os-x-via-brew/) on how to install PostgreSQL with Homebrew.
|
26
22
|
|
27
|
-
|
23
|
+
#### 3.1 PostgreSQL user and database
|
28
24
|
|
29
|
-
|
25
|
+
You need to set up a user and a database in PostgreSQL for Gitrob. Execute the following commands in a terminal:
|
30
26
|
|
31
27
|
sudo su postgres # Not necessary on Mac OS X
|
32
28
|
createuser -s gitrob --pwprompt
|
33
29
|
createdb -O gitrob gitrob
|
34
30
|
|
35
|
-
|
31
|
+
You now have a new PostgreSQL user with the name `gitrob` and with the password you typed into the prompt. You also created a database with the name `gitrob` which is owned by the `gitrob` user.
|
36
32
|
|
37
|
-
|
33
|
+
### 4. GitHub access tokens
|
38
34
|
|
39
|
-
|
35
|
+
Gitrob works by querying the [GitHub API](https://developer.github.com/v3/) for interesting information, so you need at least one access token to get up and running. The easiest way is to create a [Personal Access Token](https://github.com/settings/tokens). Press the `Generate new token` button and give the token a description. If you intend on using Gitrob against organizations you're not a member of you don't need to give the token any scopes, as we will only be accessing public data. If you intend to run Gitrob against your own organization, you'll need to check the `read:org` scope to get full coverage.
|
40
36
|
|
41
|
-
|
37
|
+
If you plan on using Gitrob extensively or against a very large organization, it might be necessary to have multiple access tokens to avoid running into rate limiting. These access tokens will have to be from different user accounts.
|
38
|
+
|
39
|
+
### 5. Gitrob
|
40
|
+
|
41
|
+
With all the previous steps completed, you can now finally install Gitrob itself with the following command in a terminal:
|
42
|
+
|
43
|
+
gem install gitrob
|
44
|
+
|
45
|
+
This will install the Gitrob Ruby gem along with all its dependencies. Congratulations!
|
46
|
+
|
47
|
+
### 6. Configuring Gitrob
|
48
|
+
|
49
|
+
Gitrob needs to know how to talk to the PostgreSQL database as well as what access token to use to access the GitHub API. Gitrob comes with a convenient configuration wizard which can be invoked with the following command in a terminal:
|
50
|
+
|
51
|
+
gitrob configure
|
52
|
+
|
53
|
+
The configuration wizard will ask you for the information needed to set up Gitrob. All the information is saved to `~/.gitrobrc` and yes, Gitrob will be looking for this file too, so watch out!
|
54
|
+
|
55
|
+
## Usage
|
56
|
+
|
57
|
+
### Analyzing organizations and users
|
58
|
+
|
59
|
+
Analyzing organizations and users is the main feature of Gitrob. The `analyze` command accepts an arbitrary amount of organization and user logins, which will be bundled into an assessment:
|
60
|
+
|
61
|
+
gitrob analyze acme,johndoe,janedoe
|
42
62
|
|
43
|
-
|
63
|
+
Mixing organizations and users is convenient if you know that a certain user is part of an organization but they do not have their membership public.
|
64
|
+
|
65
|
+
When the assessment is finished, the `analyze` command will automatically start up the web server to present the results. This can be avoided by adding the `--no-server` option to the command.
|
66
|
+
|
67
|
+
See `gitrob help analyze` for more options.
|
68
|
+
|
69
|
+
### Running Gitrob against custom GitHub Enterprise installations
|
70
|
+
|
71
|
+
Gitrob can analyze organizations and users on custom GitHub Enterprise installations instead of the official GitHub site. The `analyze` command takes several options to control this:
|
72
|
+
|
73
|
+
gitrob analyze johndoe --site=https://github.acme.com --endpoint=https://github.acme.com/api --access-tokens=token1,token2
|
74
|
+
|
75
|
+
See `gitrob help analyze` for more options.
|
76
|
+
|
77
|
+
### Starting the Gitrob web server
|
78
|
+
|
79
|
+
The Gitrob web server can be started with the `server` command:
|
80
|
+
|
81
|
+
gitrob server
|
82
|
+
|
83
|
+
By default, the server will listen on [localhost:9393](http://localhost:9393). This can of course all be controlled:
|
84
|
+
|
85
|
+
gitrob server --bind-address=0.0.0.0 --port=8000
|
86
|
+
|
87
|
+
See `gitrob help server` for more options.
|
88
|
+
|
89
|
+
### Starting the web server
|
90
|
+
|
91
|
+
## Development
|
92
|
+
|
93
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. Run `bundle exec gitrob` to use the gem in this directory, ignoring other installed copies of this gem.
|
94
|
+
|
95
|
+
To install this gem onto your local machine, run `bundle exec rake install`.
|
96
|
+
|
97
|
+
## Contributing
|
44
98
|
|
45
|
-
|
99
|
+
Contributions are welcome! Read [CONTRIBUTING.md](CONTRIBUTING.md) to get started.
|
46
100
|
|
47
|
-
|
101
|
+
## License
|
48
102
|
|
49
|
-
|
50
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
51
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
52
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
53
|
-
5. Create a new Pull Request
|
103
|
+
Gitrob is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/Rakefile
CHANGED
data/bin/console
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "awesome_print"
|
5
|
+
require "gitrob"
|
6
|
+
|
7
|
+
class QueryLogger < Logger
|
8
|
+
def format_message(_severity, _timestamp, _progname, msg)
|
9
|
+
"#{msg}\n".cyan
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
DB_MIGRATIONS_PATH = File.expand_path("../../db/migrations", __FILE__)
|
14
|
+
GITROB_CONFIGURATION = Gitrob::CLI::Commands::Configure.load_configuration!
|
15
|
+
|
16
|
+
Sequel.extension :migration, :core_extensions
|
17
|
+
DB = Sequel.connect(GITROB_CONFIGURATION["sql_connection_uri"])
|
18
|
+
Sequel::Migrator.run(DB, DB_MIGRATIONS_PATH)
|
19
|
+
Sequel::Model.db = DB
|
20
|
+
Sequel::Model.plugin :validation_helpers, :timestamps
|
21
|
+
|
22
|
+
require "gitrob/models/assessment"
|
23
|
+
require "gitrob/models/github_access_token"
|
24
|
+
require "gitrob/models/owner"
|
25
|
+
require "gitrob/models/repository"
|
26
|
+
require "gitrob/models/blob"
|
27
|
+
require "gitrob/models/flag"
|
28
|
+
require "gitrob/models/comparison"
|
29
|
+
|
30
|
+
DB.logger = QueryLogger.new(STDOUT)
|
31
|
+
|
32
|
+
require "irb"
|
33
|
+
AwesomePrint.irb!
|
34
|
+
IRB.start
|
data/bin/setup
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
Sequel.migration do
|
2
|
+
change do
|
3
|
+
create_table(:assessments) do
|
4
|
+
primary_key :id
|
5
|
+
String :name
|
6
|
+
String :endpoint
|
7
|
+
String :site
|
8
|
+
Boolean :verify_ssl
|
9
|
+
Integer :owners_count, :default => 0
|
10
|
+
Integer :repositories_count, :default => 0
|
11
|
+
Integer :blobs_count, :default => 0
|
12
|
+
Integer :findings_count, :default => 0
|
13
|
+
Boolean :finished, :default => false, :index => true
|
14
|
+
Boolean :deleted, :default => false, :index => true
|
15
|
+
DateTime :updated_at
|
16
|
+
DateTime :created_at, :index => true
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|