n0s1 1.0.1__tar.gz

n0s1-1.0.1/MANIFEST.in

@@ -0,0 +1 @@
+include src/n0s1/config/*

n0s1-1.0.1/PKG-INFO

@@ -0,0 +1,69 @@
+Metadata-Version: 2.1
+Name: n0s1
+Version: 1.0.1
+Summary: n0s1 is a secret scanner for Project Management and Issue Tracker tools such as Jira and Linear.
+Home-page: https://spark1.us/n0s1
+Author: Spark 1
+Author-email: contact@spark1.us
+License: UNKNOWN
+Project-URL: Bug Reports, https://github.com/spark1security/n0s1/issues
+Project-URL: Funding, https://www.spark1.us
+Project-URL: Source, https://github.com/spark1security/n0s1
+Description: # n0s1 - Secret Scanner
+        n0s1 (pronounced as nosy, /ˈnōzē/) is an open source secret scanner for Project Management and Issue Tracker tools.
+        
+        The scanner will traverse all items within the target platform (e.g. Jira or Linear) and find leaked secrets in the ticket's title, body and comments.
+        
+        The secrets are matched based on an extensible configuration file (regex.toml). The scanner looks for sensitive data such as:
+        * Github Personal Access Tokens
+        * GitLab Personal Access Tokens
+        * AWS Access Tokens
+        * PKCS8 private keys
+        * RSA private keys
+        * SSH private keys
+        * npm access tokens
+        
+        ### Currently supported target platforms:
+        * [Jira](https://www.atlassian.com/software/jira)
+        * [Linear](https://linear.app/)
+        
+        ### Usage
+        ```bash
+        cd src/n0s1
+        python3 -m pip install n0s1
+        n0s1 jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"
+        ```
+        From source:
+        ```bash
+        cd src/n0s1
+        python3 -m venv n0s1_python
+        source n0s1_python/bin/activate
+        python3 -m pip install -r ../../requirements.txt
+        python3 n0s1.py jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"
+        deactivate
+        ```
+        
+        ## Community
+        
+        n0s1 is a [Spark 1](https://spark1.us) open source project.  
+        Learn about our open source work and portfolio [here](https://spark1.us/n0s1).  
+        Contact us about any matter by opening a GitHub Discussion [here](https://github.com/spark1security/n0s1/issues)
+        
+Keywords: security,cybersecurity,scanner,secret scanner,secret leak,data leak,Jira,Linear,security scanner
+Platform: UNKNOWN
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development
+Classifier: Topic :: System :: Monitoring
+Classifier: Topic :: Utilities
+Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Requires-Python: >=3.7, <4
+Description-Content-Type: text/markdown
+Provides-Extra: dev
+Provides-Extra: test

n0s1-1.0.1/README.md

@@ -0,0 +1,39 @@
+# n0s1 - Secret Scanner
+n0s1 (pronounced as nosy, /ˈnōzē/) is an open source secret scanner for Project Management and Issue Tracker tools.
+
+The scanner will traverse all items within the target platform (e.g. Jira or Linear) and find leaked secrets in the ticket's title, body and comments.
+
+The secrets are matched based on an extensible configuration file (regex.toml). The scanner looks for sensitive data such as:
+* Github Personal Access Tokens
+* GitLab Personal Access Tokens
+* AWS Access Tokens
+* PKCS8 private keys
+* RSA private keys
+* SSH private keys
+* npm access tokens
+
+### Currently supported target platforms:
+* [Jira](https://www.atlassian.com/software/jira)
+* [Linear](https://linear.app/)
+
+### Usage
+```bash
+cd src/n0s1
+python3 -m pip install n0s1
+n0s1 jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"
+```
+From source:
+```bash
+cd src/n0s1
+python3 -m venv n0s1_python
+source n0s1_python/bin/activate
+python3 -m pip install -r ../../requirements.txt
+python3 n0s1.py jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"
+deactivate
+```
+
+## Community
+
+n0s1 is a [Spark 1](https://spark1.us) open source project.  
+Learn about our open source work and portfolio [here](https://spark1.us/n0s1).  
+Contact us about any matter by opening a GitHub Discussion [here](https://github.com/spark1security/n0s1/issues)

n0s1-1.0.1/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

n0s1-1.0.1/setup.py

@@ -0,0 +1,77 @@
+"""A setuptools based setup module.
+
+See:
+https://packaging.python.org/guides/distributing-packages-using-setuptools/
+https://github.com/pypa/sampleproject
+"""
+
+import pathlib
+import re
+
+# Always prefer setuptools over distutils
+from setuptools import setup, find_packages
+
+here = pathlib.Path(__file__).parent.resolve()  # current path
+long_description = (here / "README.md").read_text(encoding="utf-8")
+with open(here / "requirements.txt") as fp:
+    install_reqs = [r.rstrip() for r in fp.readlines() if not r.startswith("#")]
+
+
+def get_version():
+    file = here / "src/n0s1/__init__.py"
+    return re.search(r'^__version__ = [\'"]([^\'"]*)[\'"]', file.read_text(), re.M).group(1)
+
+
+setup(
+    name="n0s1",
+    version=get_version(),
+    description="n0s1 is a secret scanner for Project Management and Issue Tracker tools such as Jira and Linear.",
+    long_description=long_description,
+    long_description_content_type="text/markdown",
+    url="https://spark1.us/n0s1",
+    author="Spark 1",
+    author_email="contact@spark1.us",
+    classifiers=["Development Status :: 3 - Alpha",
+                 "Intended Audience :: Developers",
+                 "Intended Audience :: Information Technology",
+                 "Operating System :: OS Independent",
+                 "Topic :: Security",
+                 "Topic :: Software Development",
+                 "Topic :: System :: Monitoring",
+                 "Topic :: Utilities",
+                 "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
+                 "Programming Language :: Python :: 3.7",
+                 "Programming Language :: Python :: 3.8",
+                 "Programming Language :: Python :: 3.9",
+                 ],  # Classifiers help users find your project by categorizing it https://pypi.org/classifiers/
+    keywords="security, cybersecurity, scanner, secret scanner, secret leak, data leak, Jira, Linear, security scanner",
+    package_dir={"": "src"},
+    packages=find_packages(where="src"),
+    python_requires=">=3.7, <4",
+
+    # For an analysis of "install_requires" vs pip's requirements files see:
+    # https://packaging.python.org/en/latest/requirements.html
+    install_requires=install_reqs,
+
+    # List additional groups of dependencies here (e.g. development
+    # dependencies). Users will be able to install these using the "extras"
+    # syntax, for example: $ pip install sampleproject[dev]
+    # Similar to `install_requires` above, these must be valid existing projects
+    extras_require={"dev": ["check-manifest"],
+                    "test": ["coverage"],
+                    },
+
+    include_package_data=True,
+    package_data={"n0s1": ["src/n0s1/config/*"],
+                  },
+
+    # The following would provide a command called `n0s1` which
+    # executes the function `main` from this package when invoked:
+    entry_points={"console_scripts": ["n0s1=n0s1.n0s1:main", ],
+                  },
+
+    project_urls={"Bug Reports": "https://github.com/spark1security/n0s1/issues",
+                  "Funding": "https://www.spark1.us",
+                  "Source": "https://github.com/spark1security/n0s1",
+                  },
+)

n0s1-1.0.1/src/n0s1/__init__.py

@@ -0,0 +1 @@
+__version__ = "1.0.1"

n0s1-1.0.1/src/n0s1/clients/http_client.py

@@ -0,0 +1,102 @@
+import requests
+from requests.models import Response
+from types import ModuleType
+
+
+class HttpClient:
+    def __init__(
+        self,
+        headers: dict,
+        logging: ModuleType,
+        uri: str = None,
+    ) -> None:
+        if uri is None:
+            raise Exception("Must specify URI")
+        self.uri = uri
+        self.headers = headers
+        self.logging = logging
+
+    def _delete_request(self, url: str, params: dict = None, headers: dict = None, data=None) -> Response:
+        if headers:
+            response = requests.delete(
+                url,
+                params=params,
+                headers={**headers, **self.headers},
+                data=data,
+            )
+        else:
+            response = requests.delete(
+                url,
+                params=params,
+                headers=self.headers,
+                data=data,
+            )
+        self.logging.debug(
+            f"HTTP DELETE request status: [{response.status_code}]. URL: {url}"
+        )
+        self.logging.debug(response.text)
+        return response
+
+    def _get_request(self, url: str, params: dict = None, headers: dict = None, data=None, timeout=None) -> Response:
+        if headers:
+            response = requests.get(
+                url,
+                params=params,
+                headers={**headers, **self.headers},
+                data=data,
+                timeout=timeout,
+            )
+        else:
+            response = requests.get(
+                url,
+                params=params,
+                headers=self.headers,
+                data=data,
+                timeout=timeout,
+            )
+        self.logging.debug(
+            f"HTTP GET request status: [{response.status_code}]. URL: {url}"
+        )
+        self.logging.debug(response.text)
+        return response
+
+    def _post_request(
+        self, url: str, params: dict = None, headers: dict = None, data=None, json: dict = None
+    ) -> Response:
+        if headers:
+            response = requests.post(
+                url,
+                params=params,
+                headers={**headers, **self.headers},
+                data=data,
+                json=json,
+            )
+        else:
+            response = requests.post(
+                url,
+                params=params,
+                headers=self.headers,
+                data=data,
+                json=json,
+            )
+        self.logging.debug(response.text)
+        return response
+
+    def _put_request(self, url: str, params: dict = None, headers: dict = None, data=None) -> Response:
+        if headers:
+            response = requests.put(
+                url,
+                params=params,
+                headers={**headers, **self.headers},
+                data=data,
+            )
+        else:
+            response = requests.put(
+                url,
+                params=params,
+                headers=self.headers,
+                data=data,
+            )
+        self.logging.debug(response.text)
+        return response
+

n0s1-1.0.1/src/n0s1/clients/linear_graphql_client.py

@@ -0,0 +1,222 @@
+import logging
+import time
+from datetime import datetime, timezone
+from types import ModuleType
+
+try:
+    import clients.http_client as http_client
+except:
+    import n0s1.clients.http_client as http_client
+
+
+def _generate_query_issues_with_pagination(pagination_arguments):
+    query_issues_pagination = f"""
+    {{
+        issues{pagination_arguments} {{
+            edges {{
+                node {{
+                    id
+                    identifier
+                    url
+                    title
+                    description
+                    comments {{
+                        nodes {{
+                            id
+                            body
+                        }}
+                    }}
+                }}
+                cursor
+            }}
+            pageInfo {{
+                hasNextPage
+                endCursor
+            }}
+        }}
+    }}
+    """
+    query = {"query": query_issues_pagination, "variables": {}}
+    return query
+
+
+class LinearGraphQLClient(http_client.HttpClient):
+    def __init__(
+        self,
+        headers: dict,
+        logging: ModuleType,
+        uri: str = None,
+    ) -> None:
+        if not uri:
+            uri = "https://api.linear.app/graphql"
+        super().__init__(headers, logging, uri)
+        self._user = None
+
+    def graphql_query(self, query):
+        url = f"{self.uri}/graphql/"
+        r = self._post_request(url, json=query)
+
+        # Check for rate limiting
+        # https://developers.linear.app/docs/graphql/working-with-the-graphql-api/rate-limiting
+        if r.status_code == 200 or 400 <= r.status_code < 500:
+            rate_limit = r.headers.get("X-RateLimit-Requests-Limit", -1)
+            rate_limit_remaining = r.headers.get("X-RateLimit-Requests-Remaining", -1)
+            rate_limit_reset = r.headers.get("X-RateLimit-Requests-Reset", -1)
+            if int(rate_limit_remaining) < 20:
+                try:
+                    timestamp_reset = float(rate_limit_reset) / 1000
+                    datetime_now_obj = datetime.now(timezone.utc)
+                    timestamp_now = datetime_now_obj.timestamp()
+                    retry_after = int(timestamp_reset - timestamp_now) + 5
+
+                    reset_datatime = datetime.utcfromtimestamp(timestamp_reset)
+                    self.logging.warning(
+                        f"Approaching rate limit! There are [{rate_limit_remaining}] requests remaining out of [{rate_limit}]. Current date: [{datetime_now_obj}] Rate Limit reset time: [{reset_datatime} UTC]. Retrying after [{retry_after}] seconds..."
+                    )
+                    if retry_after < 7200:
+                        time.sleep(retry_after)
+                    else:
+                        logging.warning(f"Retry after period is too long: [{retry_after}]. Skipping retry period. Header X-RateLimit-Requests-Reset set to {rate_limit_reset} and UTC epoch seconds now is {timestamp_now}.")
+                except Exception as e:
+                    logging.warning(e)
+                    pass
+        return r
+
+    def get_curret_user(self):
+        query_me = f"""
+        query Me {{
+          viewer {{
+            id
+            name
+            email
+          }}
+        }}
+        """
+        query = {"query": query_me}
+        response = self.graphql_query(query)
+        r = None
+        if response.status_code == 200:
+            r = response.json()
+        return r
+
+    def get_issue(self, id):
+        query_issue = f"""
+        query Issue {{
+          issue(id: "{id}") {{
+            id
+            identifier
+            url
+            title
+            description
+            comments {{
+              nodes {{
+                id
+                body
+              }}
+            }}
+          }}
+        }}
+        """
+        query = {"query": query_issue}
+        response = self.graphql_query(query)
+        r = None
+        if response.status_code == 200:
+            r = response.json()
+        return r
+
+    def set_issue_title(self, issue_id, title):
+        query_issue = f"""
+        mutation IssueUpdate {{
+          issueUpdate(
+            id: "{issue_id}",
+            input: {{
+              title: "{title}"
+            }}
+          ) {{
+            success
+            issue {{
+              id
+              title
+              state {{
+                id
+                name
+              }}
+            }}
+          }}
+        }}
+        """
+        query = {"query": query_issue}
+        response = self.graphql_query(query)
+        r = None
+        if response.status_code == 200:
+            r = response.json()
+        return r
+
+    def add_comment(self, issue_id, comment):
+        comment = comment.replace("\n", "\\n")
+        query_issue = f"""
+        mutation commentCreate {{
+          commentCreate(
+            input: {{
+              issueId: "{issue_id}",
+              body: "{comment}"
+            }}
+          )
+          {{
+            success
+            comment {{
+              id
+            }}
+          }}
+        }}
+        """
+        query = {"query": query_issue}
+        response = self.graphql_query(query)
+        r = None
+        if response.status_code == 200:
+            r = response.json()
+        return r
+
+    def get_issues_and_comments(self, issues_per_page=100):
+        pagination_arguments = f"(first: {issues_per_page})"
+        query = _generate_query_issues_with_pagination(pagination_arguments)
+        response = self.graphql_query(query)
+
+        page_num = 0
+        has_next_page = False
+        cursor = None
+
+        if response.status_code == 200:
+            r = response.json()
+            yield r
+            has_next_page = r.get("data", {}).get("issues", {}).get("pageInfo", {}).get("hasNextPage", False)
+            cursor = r.get("data", {}).get("issues", {}).get("pageInfo", {}).get("endCursor", None)
+
+        while has_next_page and cursor:
+            pagination_arguments = f"(first: {issues_per_page}, after: \"{cursor}\")"
+            query = _generate_query_issues_with_pagination(pagination_arguments)
+            response = self.graphql_query(query)
+
+            page_num += 1
+            scanned_issues = page_num * issues_per_page
+            self.logging.info(f"Total Linear issues scanned: [{scanned_issues}]. Page number: [{page_num}]. Paginating with cursor: [{cursor}]")
+
+            has_next_page = False
+            cursor = None
+
+            if response.status_code == 200:
+                r = response.json()
+                yield r
+                has_next_page = r.get("data", {}).get("issues", {}).get("pageInfo", {}).get("hasNextPage", False)
+                cursor = r.get("data", {}).get("issues", {}).get("pageInfo", {}).get("endCursor", None)
+
+        return {}
+
+    def get_all_issues_and_comments(self):
+        result = {"data": {"issues": {"edges": [], "pageInfo": {}}}}
+        issues_per_page = 100
+        for r in self.get_issues_and_comments(issues_per_page):
+            if r:
+                result["data"]["issues"]["edges"] += r.get("data", {}).get("issues", {}).get("edges", [])
+        return result
+

n0s1-1.0.1/src/n0s1/config/config.yaml

@@ -0,0 +1,18 @@
+maintainer: "Spark 1"
+
+general_params:
+  regex_file: "config/regex.toml"
+  report_file: "n0s1_report.json"
+  post_comment: true
+  skip_comment: false
+
+comment_params:
+  bot_name: "n0s1 bot"
+  secret_manager: "a secret manager tool"
+  contact_help: "contact@spark1.us"
+  message_template: "Hello! I'm {bot_name}, and I'm here to assist you in preventing data leaks.\nI apologize for being nosy, but it appears that there may have been potentially sensitive data posted here in the past.\n\n.\nHere are the details:\nPlatform:[{platform}] Field:[ticket {field}] ID:[{regex_config_id}] Description:[{regex_config_description}] Regex: {regex}\n############## Sanitized Secret Leak ##############\n {leak}\n############## Sanitized Secret Leak ##############\n.\n\nIf you can verify that this is indeed an actual data leak, please take the necessary steps to rotate the credentials and remove any previously shared sensitive information.\nFor future reference, consider using {secret_manager} whenever you need to share credentials or any other sensitive data securely.\nIf you require further assistance, please don't hesitate to reach out to us at {contact_help}\n\n{label}"
+  label: "n0s1bot_auto_comment_e869dd5fa15ca0749a350aac758c7f56f56ad9be1"
+
+jira_params:
+  server: "http://localhost:2990/jira"
+  email: ""