credsweeper 1.11.4__tar.gz → 1.11.6__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of credsweeper might be problematic. Click here for more details.
- {credsweeper-1.11.4 → credsweeper-1.11.6}/PKG-INFO +3 -6
- {credsweeper-1.11.4 → credsweeper-1.11.6}/README.md +1 -5
- credsweeper-1.11.6/credsweeper/__init__.py +27 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/__main__.py +141 -35
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/app.py +11 -11
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/config/config.py +1 -1
- credsweeper-1.11.6/credsweeper/credentials/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/credentials/augment_candidates.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/credentials/candidate.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/credentials/credential_manager.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/credentials/line_data.py +2 -2
- credsweeper-1.11.6/credsweeper/deep_scanner/__init__.py +0 -0
- credsweeper-1.11.4/credsweeper/deep_scanner/deep_scanner.py → credsweeper-1.11.6/credsweeper/deep_scanner/abstract_scanner.py +181 -261
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/byte_scanner.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/bzip2_scanner.py +2 -2
- credsweeper-1.11.6/credsweeper/deep_scanner/deb_scanner.py +55 -0
- credsweeper-1.11.6/credsweeper/deep_scanner/deep_scanner.py +173 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/docx_scanner.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/eml_scanner.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/encoder_scanner.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/gzip_scanner.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/html_scanner.py +1 -1
- credsweeper-1.11.6/credsweeper/deep_scanner/jclass_scanner.py +74 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/jks_scanner.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/lang_scanner.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/lzma_scanner.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/mxfile_scanner.py +1 -1
- credsweeper-1.11.6/credsweeper/deep_scanner/patch_scanner.py +48 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/pdf_scanner.py +1 -1
- credsweeper-1.11.6/credsweeper/deep_scanner/pkcs_scanner.py +41 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/pptx_scanner.py +1 -1
- credsweeper-1.11.6/credsweeper/deep_scanner/rpm_scanner.py +49 -0
- credsweeper-1.11.6/credsweeper/deep_scanner/sqlite3_scanner.py +79 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/tar_scanner.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/tmx_scanner.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/xlsx_scanner.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/xml_scanner.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/deep_scanner/zip_scanner.py +2 -2
- credsweeper-1.11.6/credsweeper/file_handler/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/abstract_provider.py +3 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/byte_content_provider.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/content_provider.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/data_content_provider.py +2 -3
- credsweeper-1.11.6/credsweeper/file_handler/diff_content_provider.py +221 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/file_path_extractor.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/files_provider.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/patches_provider.py +10 -8
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/text_content_provider.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/__init__.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/filter.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/__init__.py +0 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/general_keyword.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/general_pattern.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/group.py +16 -5
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/password_keyword.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/token_pattern.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/url_credentials_group.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/weird_base36_token.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/group/weird_base64_token.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/line_git_binary_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/line_specific_key_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/line_uue_part_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_allowlist_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_array_dictionary_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_atlassian_token_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_azure_token_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_base32_data_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_base64_data_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_base64_encoded_pem_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_base64_key_check.py +13 -18
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_base64_part_check.py +4 -4
- credsweeper-1.11.6/credsweeper/filters/value_basic_auth_check.py +36 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_blocklist_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_camel_case_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_couple_keyword_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_dictionary_keyword_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_dictionary_value_length_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_discord_bot_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_entropy_base_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_file_path_check.py +5 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_github_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_grafana_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_grafana_service_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_hex_number_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_jfrog_token_check.py +4 -4
- credsweeper-1.11.6/credsweeper/filters/value_json_web_key_check.py +37 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_json_web_token_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_last_word_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_method_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_not_allowed_pattern_check.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_not_part_encoded_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_number_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_pattern_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_similarity_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_split_keyword_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_string_type_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_token_base_check.py +3 -3
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_token_check.py +3 -3
- credsweeper-1.11.6/credsweeper/logger/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/logger/logger.py +1 -1
- credsweeper-1.11.6/credsweeper/ml_model/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/entropy_evaluation.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/feature.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/file_extension.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/has_html_tag.py +2 -2
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/is_secret_numeric.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/length_of_attribute.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/morpheme_dense.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/rule_name.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/search_in_attribute.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/word_in.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/word_in_path.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/word_in_postamble.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/word_in_preamble.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/word_in_transition.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/word_in_value.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/word_in_variable.py +1 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/ml_validator.py +3 -2
- credsweeper-1.11.6/credsweeper/py.typed +0 -0
- credsweeper-1.11.6/credsweeper/rules/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/rules/config.yaml +114 -25
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/rules/rule.py +4 -3
- credsweeper-1.11.6/credsweeper/scanner/__init__.py +0 -0
- credsweeper-1.11.6/credsweeper/scanner/scan_type/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/scanner/scan_type/multi_pattern.py +5 -6
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/scanner/scan_type/pem_key_pattern.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/scanner/scan_type/scan_type.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/scanner/scan_type/single_pattern.py +4 -4
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/scanner/scanner.py +8 -5
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/secret/config.json +6 -6
- credsweeper-1.11.6/credsweeper/utils/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/utils/pem_key_detector.py +5 -5
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/utils/util.py +143 -206
- {credsweeper-1.11.4 → credsweeper-1.11.6}/pyproject.toml +1 -0
- credsweeper-1.11.4/credsweeper/__init__.py +0 -21
- credsweeper-1.11.4/credsweeper/config/__init__.py +0 -1
- credsweeper-1.11.4/credsweeper/credentials/__init__.py +0 -5
- credsweeper-1.11.4/credsweeper/deep_scanner/__init__.py +0 -1
- credsweeper-1.11.4/credsweeper/deep_scanner/abstract_scanner.py +0 -51
- credsweeper-1.11.4/credsweeper/deep_scanner/deb_scanner.py +0 -48
- credsweeper-1.11.4/credsweeper/deep_scanner/pkcs12_scanner.py +0 -45
- credsweeper-1.11.4/credsweeper/file_handler/__init__.py +0 -15
- credsweeper-1.11.4/credsweeper/file_handler/diff_content_provider.py +0 -91
- credsweeper-1.11.4/credsweeper/logger/__init__.py +0 -1
- credsweeper-1.11.4/credsweeper/ml_model/__init__.py +0 -1
- credsweeper-1.11.4/credsweeper/rules/__init__.py +0 -1
- credsweeper-1.11.4/credsweeper/scanner/__init__.py +0 -1
- credsweeper-1.11.4/credsweeper/scanner/scan_type/__init__.py +0 -5
- credsweeper-1.11.4/credsweeper/utils/__init__.py +0 -1
- {credsweeper-1.11.4 → credsweeper-1.11.6}/.gitignore +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/LICENSE +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/common/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/common/constants.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/common/keyword_checklist.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/common/keyword_checklist.txt +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/common/keyword_pattern.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/common/morpheme_checklist.txt +0 -0
- /credsweeper-1.11.4/credsweeper/py.typed → /credsweeper-1.11.6/credsweeper/config/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/credentials/candidate_group_generator.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/credentials/candidate_key.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/analysis_target.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/descriptor.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/string_content_provider.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/file_handler/struct_content_provider.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_entropy_base32_check.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_entropy_base36_check.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_entropy_base64_check.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_token_base32_check.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_token_base36_check.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/filters/value_token_base64_check.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/features/__init__.py +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/ml_config.json +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/ml_model/ml_model.onnx +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/secret/log.yaml +0 -0
- {credsweeper-1.11.4 → credsweeper-1.11.6}/credsweeper/utils/hop_stat.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: credsweeper
|
|
3
|
-
Version: 1.11.
|
|
3
|
+
Version: 1.11.6
|
|
4
4
|
Summary: Credential Sweeper
|
|
5
5
|
Project-URL: Homepage, https://github.com/Samsung/CredSweeper
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/Samsung/CredSweeper/issues
|
|
@@ -37,6 +37,7 @@ Requires-Dist: python-dateutil
|
|
|
37
37
|
Requires-Dist: python-docx
|
|
38
38
|
Requires-Dist: python-pptx
|
|
39
39
|
Requires-Dist: pyyaml
|
|
40
|
+
Requires-Dist: rpmfile
|
|
40
41
|
Requires-Dist: whatthepatch
|
|
41
42
|
Requires-Dist: xlrd
|
|
42
43
|
Description-Content-Type: text/markdown
|
|
@@ -140,11 +141,7 @@ cat output.json
|
|
|
140
141
|
"value_start": 12,
|
|
141
142
|
"value_end": 19,
|
|
142
143
|
"variable": "password",
|
|
143
|
-
"
|
|
144
|
-
"iterator": "BASE64_CHARS",
|
|
145
|
-
"entropy": 2.120589933192232,
|
|
146
|
-
"valid": false
|
|
147
|
-
}
|
|
144
|
+
"entropy": 2.12059
|
|
148
145
|
}
|
|
149
146
|
]
|
|
150
147
|
}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
from credsweeper.app import CredSweeper
|
|
2
|
+
from credsweeper.common.constants import ThresholdPreset, Severity, Confidence
|
|
3
|
+
from credsweeper.file_handler.byte_content_provider import ByteContentProvider
|
|
4
|
+
from credsweeper.file_handler.content_provider import ContentProvider
|
|
5
|
+
from credsweeper.file_handler.data_content_provider import DataContentProvider
|
|
6
|
+
from credsweeper.file_handler.diff_content_provider import DiffContentProvider
|
|
7
|
+
from credsweeper.file_handler.string_content_provider import StringContentProvider
|
|
8
|
+
from credsweeper.file_handler.text_content_provider import TextContentProvider
|
|
9
|
+
|
|
10
|
+
from credsweeper.ml_model.ml_validator import MlValidator
|
|
11
|
+
|
|
12
|
+
__all__ = [
|
|
13
|
+
"ByteContentProvider", #
|
|
14
|
+
"Confidence", #
|
|
15
|
+
"ContentProvider", #
|
|
16
|
+
"CredSweeper", #
|
|
17
|
+
"DataContentProvider", #
|
|
18
|
+
"DiffContentProvider", #
|
|
19
|
+
"MlValidator", #
|
|
20
|
+
"Severity", #
|
|
21
|
+
"StringContentProvider", #
|
|
22
|
+
"TextContentProvider", #
|
|
23
|
+
"ThresholdPreset", #
|
|
24
|
+
"__version__"
|
|
25
|
+
]
|
|
26
|
+
|
|
27
|
+
__version__ = "1.11.6"
|
|
@@ -5,16 +5,19 @@ import sys
|
|
|
5
5
|
import time
|
|
6
6
|
from argparse import ArgumentParser, ArgumentTypeError, Namespace, BooleanOptionalAction
|
|
7
7
|
from pathlib import Path
|
|
8
|
-
from typing import Any, Union, Dict
|
|
8
|
+
from typing import Any, Union, Dict, Tuple, Sequence
|
|
9
|
+
|
|
10
|
+
from git import Repo, Commit
|
|
9
11
|
|
|
10
12
|
from credsweeper import __version__
|
|
11
13
|
from credsweeper.app import APP_PATH, CredSweeper
|
|
12
14
|
from credsweeper.common.constants import ThresholdPreset, Severity, RuleType, DiffRowType, ML_HUNK
|
|
13
15
|
from credsweeper.file_handler.abstract_provider import AbstractProvider
|
|
16
|
+
from credsweeper.file_handler.byte_content_provider import ByteContentProvider
|
|
14
17
|
from credsweeper.file_handler.files_provider import FilesProvider
|
|
15
18
|
from credsweeper.file_handler.patches_provider import PatchesProvider
|
|
16
19
|
from credsweeper.logger.logger import Logger
|
|
17
|
-
from credsweeper.utils import Util
|
|
20
|
+
from credsweeper.utils.util import Util
|
|
18
21
|
|
|
19
22
|
EXIT_SUCCESS = 0
|
|
20
23
|
EXIT_FAILURE = 1
|
|
@@ -118,6 +121,11 @@ def get_arguments() -> Namespace:
|
|
|
118
121
|
const="log.yaml",
|
|
119
122
|
dest="export_log_config",
|
|
120
123
|
metavar="PATH")
|
|
124
|
+
group.add_argument("--git", help="git repo to scan", dest="git", metavar="PATH")
|
|
125
|
+
parser.add_argument("--ref",
|
|
126
|
+
help="scan git repo from the ref, otherwise - all branches were scanned (slow)",
|
|
127
|
+
dest="ref",
|
|
128
|
+
type=str)
|
|
121
129
|
parser.add_argument("--rules",
|
|
122
130
|
help="path of rule config file (default: credsweeper/rules/config.yaml). "
|
|
123
131
|
f"severity:{[i.value for i in Severity]} "
|
|
@@ -246,8 +254,8 @@ def get_arguments() -> Namespace:
|
|
|
246
254
|
default=False)
|
|
247
255
|
parser.add_argument("--log",
|
|
248
256
|
"-l",
|
|
249
|
-
help=f"provide logging level of {list(Logger.LEVELS.keys())}"
|
|
250
|
-
|
|
257
|
+
help=(f"provide logging level of {list(Logger.LEVELS.keys())}"
|
|
258
|
+
f" (default: 'warning', case insensitive)"),
|
|
251
259
|
default="warning",
|
|
252
260
|
dest="log",
|
|
253
261
|
metavar="LOG_LEVEL",
|
|
@@ -268,6 +276,39 @@ def get_arguments() -> Namespace:
|
|
|
268
276
|
return parser.parse_args()
|
|
269
277
|
|
|
270
278
|
|
|
279
|
+
def get_credsweeper(args: Namespace) -> CredSweeper:
|
|
280
|
+
"""Common function to create the instance"""
|
|
281
|
+
if args.denylist_path is not None:
|
|
282
|
+
denylist = [line for line in Util.read_file(args.denylist_path) if line]
|
|
283
|
+
else:
|
|
284
|
+
denylist = []
|
|
285
|
+
return CredSweeper(rule_path=args.rule_path,
|
|
286
|
+
config_path=args.config_path,
|
|
287
|
+
json_filename=args.json_filename,
|
|
288
|
+
xlsx_filename=args.xlsx_filename,
|
|
289
|
+
stdout=args.stdout,
|
|
290
|
+
color=args.color,
|
|
291
|
+
hashed=args.hashed,
|
|
292
|
+
subtext=args.subtext,
|
|
293
|
+
sort_output=args.sort_output,
|
|
294
|
+
use_filters=args.no_filters,
|
|
295
|
+
pool_count=args.jobs,
|
|
296
|
+
ml_batch_size=args.ml_batch_size,
|
|
297
|
+
ml_threshold=args.ml_threshold,
|
|
298
|
+
ml_config=args.ml_config,
|
|
299
|
+
ml_model=args.ml_model,
|
|
300
|
+
ml_providers=args.ml_providers,
|
|
301
|
+
find_by_ext=args.find_by_ext,
|
|
302
|
+
depth=args.depth,
|
|
303
|
+
doc=args.doc,
|
|
304
|
+
severity=args.severity,
|
|
305
|
+
size_limit=args.size_limit,
|
|
306
|
+
exclude_lines=denylist,
|
|
307
|
+
exclude_values=denylist,
|
|
308
|
+
thrifty=args.thrifty,
|
|
309
|
+
log_level=args.log)
|
|
310
|
+
|
|
311
|
+
|
|
271
312
|
def scan(args: Namespace, content_provider: AbstractProvider) -> int:
|
|
272
313
|
"""Scan content_provider data, print results or save them to json_filename is not None
|
|
273
314
|
|
|
@@ -283,42 +324,101 @@ def scan(args: Namespace, content_provider: AbstractProvider) -> int:
|
|
|
283
324
|
|
|
284
325
|
"""
|
|
285
326
|
try:
|
|
286
|
-
|
|
287
|
-
denylist = [line for line in Util.read_file(args.denylist_path) if line]
|
|
288
|
-
else:
|
|
289
|
-
denylist = []
|
|
290
|
-
|
|
291
|
-
credsweeper = CredSweeper(rule_path=args.rule_path,
|
|
292
|
-
config_path=args.config_path,
|
|
293
|
-
json_filename=args.json_filename,
|
|
294
|
-
xlsx_filename=args.xlsx_filename,
|
|
295
|
-
stdout=args.stdout,
|
|
296
|
-
color=args.color,
|
|
297
|
-
hashed=args.hashed,
|
|
298
|
-
subtext=args.subtext,
|
|
299
|
-
sort_output=args.sort_output,
|
|
300
|
-
use_filters=args.no_filters,
|
|
301
|
-
pool_count=args.jobs,
|
|
302
|
-
ml_batch_size=args.ml_batch_size,
|
|
303
|
-
ml_threshold=args.ml_threshold,
|
|
304
|
-
ml_config=args.ml_config,
|
|
305
|
-
ml_model=args.ml_model,
|
|
306
|
-
ml_providers=args.ml_providers,
|
|
307
|
-
find_by_ext=args.find_by_ext,
|
|
308
|
-
depth=args.depth,
|
|
309
|
-
doc=args.doc,
|
|
310
|
-
severity=args.severity,
|
|
311
|
-
size_limit=args.size_limit,
|
|
312
|
-
exclude_lines=denylist,
|
|
313
|
-
exclude_values=denylist,
|
|
314
|
-
thrifty=args.thrifty,
|
|
315
|
-
log_level=args.log)
|
|
327
|
+
credsweeper = get_credsweeper(args)
|
|
316
328
|
return credsweeper.run(content_provider=content_provider)
|
|
317
329
|
except Exception as exc:
|
|
318
330
|
logger.critical(exc, exc_info=True)
|
|
331
|
+
logger.exception(exc)
|
|
319
332
|
return -1
|
|
320
333
|
|
|
321
334
|
|
|
335
|
+
def get_commit_providers(commit: Commit, repo: Repo) -> Sequence[ByteContentProvider]:
|
|
336
|
+
"""Process a commit and for providers"""
|
|
337
|
+
result = {}
|
|
338
|
+
ancestors = commit.parents or [repo.tree()]
|
|
339
|
+
for parent in ancestors:
|
|
340
|
+
for diff in parent.diff(commit):
|
|
341
|
+
# only result files
|
|
342
|
+
blob_b = diff.b_blob
|
|
343
|
+
if blob_b and blob_b.path not in result:
|
|
344
|
+
try:
|
|
345
|
+
result[blob_b.path] = ByteContentProvider(content=blob_b.data_stream.read(),
|
|
346
|
+
file_path=str(blob_b.path),
|
|
347
|
+
info=DiffRowType.ADDED.value)
|
|
348
|
+
except Exception as exc:
|
|
349
|
+
logger.warning(f"A submodule was not properly initialized or commit was removed: {exc}")
|
|
350
|
+
return list(result.values())
|
|
351
|
+
|
|
352
|
+
|
|
353
|
+
def drill(args: Namespace) -> Tuple[int, int]:
|
|
354
|
+
"""Scan repository for branches and commits
|
|
355
|
+
Returns:
|
|
356
|
+
total credentials found
|
|
357
|
+
total scanned commits
|
|
358
|
+
"""
|
|
359
|
+
total_credentials = 0
|
|
360
|
+
total_commits = 0
|
|
361
|
+
try:
|
|
362
|
+
# repo init first
|
|
363
|
+
repo = Repo(args.git)
|
|
364
|
+
if args.ref:
|
|
365
|
+
commits_sha1 = set(x.commit.hexsha for x in repo.refs if x.name == args.ref)
|
|
366
|
+
if not commits_sha1:
|
|
367
|
+
commits_sha1 = {args.ref} # single commit sha1 reference
|
|
368
|
+
else:
|
|
369
|
+
commits_sha1 = set(x.commit.hexsha for x in repo.refs
|
|
370
|
+
if x.name.startswith('origin/') or x.name.startswith('refs/heads/'))
|
|
371
|
+
logger.info(f"Git repository {args.git} with commits: {commits_sha1}")
|
|
372
|
+
# then - credsweeper
|
|
373
|
+
credsweeper = get_credsweeper(args)
|
|
374
|
+
# use flat iterations to avoid recursive limits
|
|
375
|
+
to_scan = list(commits_sha1)
|
|
376
|
+
# local speedup for already scanned commits - avoid file system interactive
|
|
377
|
+
scanned = set()
|
|
378
|
+
while to_scan:
|
|
379
|
+
commit_sha1 = to_scan.pop()
|
|
380
|
+
if commit_sha1 in scanned:
|
|
381
|
+
# the commit was scanned in this launch
|
|
382
|
+
continue
|
|
383
|
+
commit = repo.commit(commit_sha1)
|
|
384
|
+
if commit.parents:
|
|
385
|
+
# add parents anyway
|
|
386
|
+
to_scan.extend(x.hexsha for x in commit.parents)
|
|
387
|
+
# check whether the commit has been checked and the report is present
|
|
388
|
+
skip_already_scanned = False
|
|
389
|
+
if args.json_filename:
|
|
390
|
+
json_path = Path(args.json_filename)
|
|
391
|
+
json_path = json_path.with_suffix(f".{commit_sha1}{json_path.suffix}")
|
|
392
|
+
if json_path.exists():
|
|
393
|
+
skip_already_scanned = True
|
|
394
|
+
else:
|
|
395
|
+
credsweeper.json_filename = json_path
|
|
396
|
+
if args.xlsx_filename:
|
|
397
|
+
xlsx_path = Path(args.xlsx_filename)
|
|
398
|
+
xlsx_path = xlsx_path.with_suffix(f".{commit_sha1}{xlsx_path.suffix}")
|
|
399
|
+
if xlsx_path.exists():
|
|
400
|
+
skip_already_scanned = True
|
|
401
|
+
else:
|
|
402
|
+
credsweeper.xlsx_filename = xlsx_path
|
|
403
|
+
if skip_already_scanned:
|
|
404
|
+
logger.info("Skip already scanned commit: %s", commit_sha1)
|
|
405
|
+
continue
|
|
406
|
+
logger.info("Scan commit: %s", commit_sha1)
|
|
407
|
+
# prepare all files to scan in the commit with bytes->IO transformation to avoid a multiprocess issue
|
|
408
|
+
if providers := get_commit_providers(commit, repo):
|
|
409
|
+
credsweeper.credential_manager.candidates.clear()
|
|
410
|
+
credsweeper.scan(providers)
|
|
411
|
+
credsweeper.post_processing()
|
|
412
|
+
credsweeper.export_results()
|
|
413
|
+
total_credentials += credsweeper.credential_manager.len_credentials()
|
|
414
|
+
total_commits += 1
|
|
415
|
+
scanned.add(commit_sha1)
|
|
416
|
+
except Exception as exc:
|
|
417
|
+
logger.critical(exc, exc_info=True)
|
|
418
|
+
return -1, total_commits
|
|
419
|
+
return total_credentials, total_commits
|
|
420
|
+
|
|
421
|
+
|
|
322
422
|
def main() -> int:
|
|
323
423
|
"""Main function"""
|
|
324
424
|
result = EXIT_FAILURE
|
|
@@ -328,7 +428,7 @@ def main() -> int:
|
|
|
328
428
|
if args.banner:
|
|
329
429
|
print(f"CredSweeper {__version__} crc32:{check_integrity():08x}")
|
|
330
430
|
Logger.init_logging(args.log, args.log_config_path)
|
|
331
|
-
logger.info(f"Init CredSweeper object with arguments: {args}")
|
|
431
|
+
logger.info(f"Init CredSweeper object with arguments: {args} CWD: {os.getcwd()}")
|
|
332
432
|
summary: Dict[str, int] = {}
|
|
333
433
|
if args.path:
|
|
334
434
|
logger.info(f"Run analyzer on path: {args.path}")
|
|
@@ -353,6 +453,12 @@ def main() -> int:
|
|
|
353
453
|
result = EXIT_SUCCESS
|
|
354
454
|
# collect number of all found credential to produce error code when necessary
|
|
355
455
|
credentials_number = add_credentials_number + del_credentials_number
|
|
456
|
+
elif args.git:
|
|
457
|
+
logger.info(f"Run analyzer on GIT: {args.git}")
|
|
458
|
+
credentials_number, commits_number = drill(args)
|
|
459
|
+
summary[f"Detected Credentials in {args.git} for {commits_number} commits "] = credentials_number
|
|
460
|
+
if 0 <= credentials_number:
|
|
461
|
+
result = EXIT_SUCCESS
|
|
356
462
|
elif args.export_config:
|
|
357
463
|
logging.info(f"Exporting default config to file: {args.export_config}")
|
|
358
464
|
config_dict = Util.json_load(APP_PATH / "secret" / "config.json")
|
|
@@ -11,18 +11,18 @@ from colorama import Style
|
|
|
11
11
|
# Directory of credsweeper sources MUST be placed before imports to avoid circular import error
|
|
12
12
|
APP_PATH = Path(__file__).resolve().parent
|
|
13
13
|
|
|
14
|
+
from credsweeper.scanner.scanner import Scanner
|
|
14
15
|
from credsweeper.common.constants import Severity, ThresholdPreset, DiffRowType, DEFAULT_ENCODING
|
|
15
|
-
from credsweeper.config import Config
|
|
16
|
-
from credsweeper.credentials import Candidate
|
|
16
|
+
from credsweeper.config.config import Config
|
|
17
|
+
from credsweeper.credentials.candidate import Candidate
|
|
18
|
+
from credsweeper.credentials.candidate_key import CandidateKey
|
|
19
|
+
from credsweeper.credentials.credential_manager import CredentialManager
|
|
17
20
|
from credsweeper.deep_scanner.deep_scanner import DeepScanner
|
|
18
21
|
from credsweeper.file_handler.content_provider import ContentProvider
|
|
19
|
-
from credsweeper.file_handler.diff_content_provider import DiffContentProvider
|
|
20
22
|
from credsweeper.file_handler.file_path_extractor import FilePathExtractor
|
|
21
23
|
from credsweeper.file_handler.abstract_provider import AbstractProvider
|
|
22
|
-
from credsweeper.file_handler.text_content_provider import TextContentProvider
|
|
23
|
-
from credsweeper.scanner import Scanner
|
|
24
24
|
from credsweeper.ml_model.ml_validator import MlValidator
|
|
25
|
-
from credsweeper.utils import Util
|
|
25
|
+
from credsweeper.utils.util import Util
|
|
26
26
|
|
|
27
27
|
logger = logging.getLogger(__name__)
|
|
28
28
|
|
|
@@ -215,7 +215,7 @@ class CredSweeper:
|
|
|
215
215
|
content_provider: path objects to scan
|
|
216
216
|
|
|
217
217
|
"""
|
|
218
|
-
_empty_list: Sequence[
|
|
218
|
+
_empty_list: Sequence[ContentProvider] = []
|
|
219
219
|
file_extractors = content_provider.get_scannable_files(self.config) if content_provider else _empty_list
|
|
220
220
|
if not file_extractors:
|
|
221
221
|
logger.info(f"No scannable targets for {len(content_provider.paths)} paths")
|
|
@@ -229,7 +229,7 @@ class CredSweeper:
|
|
|
229
229
|
|
|
230
230
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
231
231
|
|
|
232
|
-
def scan(self, content_providers: Sequence[
|
|
232
|
+
def scan(self, content_providers: Sequence[ContentProvider]) -> None:
|
|
233
233
|
"""Run scanning of files from an argument "content_providers".
|
|
234
234
|
|
|
235
235
|
Args:
|
|
@@ -243,7 +243,7 @@ class CredSweeper:
|
|
|
243
243
|
|
|
244
244
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
245
245
|
|
|
246
|
-
def __single_job_scan(self, content_providers: Sequence[
|
|
246
|
+
def __single_job_scan(self, content_providers: Sequence[ContentProvider]) -> None:
|
|
247
247
|
"""Performs scan in main thread"""
|
|
248
248
|
logger.info(f"Scan for {len(content_providers)} providers")
|
|
249
249
|
all_cred = self.files_scan(content_providers)
|
|
@@ -251,7 +251,7 @@ class CredSweeper:
|
|
|
251
251
|
|
|
252
252
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
253
253
|
|
|
254
|
-
def __multi_jobs_scan(self, content_providers: Sequence[
|
|
254
|
+
def __multi_jobs_scan(self, content_providers: Sequence[ContentProvider]) -> None:
|
|
255
255
|
"""Performs scan with multiple jobs"""
|
|
256
256
|
# use this separation to satisfy YAPF formatter
|
|
257
257
|
yapfix = "%(asctime)s | %(levelname)s | %(processName)s:%(threadName)s | %(filename)s:%(lineno)s | %(message)s"
|
|
@@ -265,7 +265,7 @@ class CredSweeper:
|
|
|
265
265
|
logger.info(f"Scan in {pool_count} processes for {len(content_providers)} providers")
|
|
266
266
|
with multiprocessing.get_context("spawn").Pool(processes=pool_count,
|
|
267
267
|
initializer=CredSweeper.pool_initializer,
|
|
268
|
-
initargs=(log_kwargs,
|
|
268
|
+
initargs=(log_kwargs,)) as pool: # yapf: disable
|
|
269
269
|
try:
|
|
270
270
|
for scan_results in pool.imap_unordered(self.files_scan,
|
|
271
271
|
(content_providers[x::pool_count] for x in range(pool_count))):
|
|
File without changes
|
|
@@ -4,7 +4,7 @@ from json.encoder import py_encode_basestring_ascii
|
|
|
4
4
|
from typing import Any, Dict, List, Optional
|
|
5
5
|
|
|
6
6
|
from credsweeper.common.constants import Severity, Confidence
|
|
7
|
-
from credsweeper.config import Config
|
|
7
|
+
from credsweeper.config.config import Config
|
|
8
8
|
from credsweeper.credentials.line_data import LineData
|
|
9
9
|
|
|
10
10
|
|
|
@@ -2,7 +2,7 @@ import logging
|
|
|
2
2
|
from multiprocessing import Manager
|
|
3
3
|
from typing import List, Dict, Tuple
|
|
4
4
|
|
|
5
|
-
from credsweeper.credentials import Candidate
|
|
5
|
+
from credsweeper.credentials.candidate import Candidate
|
|
6
6
|
from credsweeper.credentials.candidate_group_generator import CandidateGroupGenerator, CandidateKey
|
|
7
7
|
|
|
8
8
|
logger = logging.getLogger(__name__)
|
|
@@ -8,8 +8,8 @@ from typing import Any, Dict, Optional, Tuple
|
|
|
8
8
|
from colorama import Fore, Style
|
|
9
9
|
|
|
10
10
|
from credsweeper.common.constants import MAX_LINE_LENGTH, UTF_8, StartEnd, ML_HUNK
|
|
11
|
-
from credsweeper.config import Config
|
|
12
|
-
from credsweeper.utils import Util
|
|
11
|
+
from credsweeper.config.config import Config
|
|
12
|
+
from credsweeper.utils.util import Util
|
|
13
13
|
|
|
14
14
|
|
|
15
15
|
class LineData:
|
|
File without changes
|