ptrepo 0.0.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. ptrepo-0.0.2/CHANGELOG.md +38 -0
  2. ptrepo-0.0.2/LICENSE +674 -0
  3. ptrepo-0.0.2/MANIFEST.in +5 -0
  4. ptrepo-0.0.2/PKG-INFO +251 -0
  5. ptrepo-0.0.2/README.md +216 -0
  6. ptrepo-0.0.2/ptrepo/__init__.py +1 -0
  7. ptrepo-0.0.2/ptrepo/_version.py +1 -0
  8. ptrepo-0.0.2/ptrepo/data/repository_paths.txt +6 -0
  9. ptrepo-0.0.2/ptrepo/modules/__init__.py +1 -0
  10. ptrepo-0.0.2/ptrepo/modules/cli_contract.py +32 -0
  11. ptrepo-0.0.2/ptrepo/modules/config.py +54 -0
  12. ptrepo-0.0.2/ptrepo/modules/discovery.py +502 -0
  13. ptrepo-0.0.2/ptrepo/modules/git_runner.py +141 -0
  14. ptrepo-0.0.2/ptrepo/modules/http_client.py +251 -0
  15. ptrepo-0.0.2/ptrepo/modules/recovery.py +1632 -0
  16. ptrepo-0.0.2/ptrepo/modules/repository_types.py +69 -0
  17. ptrepo-0.0.2/ptrepo/modules/secrets/__init__.py +15 -0
  18. ptrepo-0.0.2/ptrepo/modules/secrets/allowlist.py +77 -0
  19. ptrepo-0.0.2/ptrepo/modules/secrets/baseline.py +95 -0
  20. ptrepo-0.0.2/ptrepo/modules/secrets/entropy.py +11 -0
  21. ptrepo-0.0.2/ptrepo/modules/secrets/fingerprint.py +27 -0
  22. ptrepo-0.0.2/ptrepo/modules/secrets/models.py +89 -0
  23. ptrepo-0.0.2/ptrepo/modules/secrets/redaction.py +17 -0
  24. ptrepo-0.0.2/ptrepo/modules/secrets/rules.py +326 -0
  25. ptrepo-0.0.2/ptrepo/modules/secrets/scanner.py +911 -0
  26. ptrepo-0.0.2/ptrepo/modules/soft404.py +66 -0
  27. ptrepo-0.0.2/ptrepo/modules/urls.py +227 -0
  28. ptrepo-0.0.2/ptrepo/ptrepo.py +949 -0
  29. ptrepo-0.0.2/ptrepo.egg-info/PKG-INFO +251 -0
  30. ptrepo-0.0.2/ptrepo.egg-info/SOURCES.txt +43 -0
  31. ptrepo-0.0.2/ptrepo.egg-info/dependency_links.txt +1 -0
  32. ptrepo-0.0.2/ptrepo.egg-info/entry_points.txt +2 -0
  33. ptrepo-0.0.2/ptrepo.egg-info/requires.txt +2 -0
  34. ptrepo-0.0.2/ptrepo.egg-info/top_level.txt +1 -0
  35. ptrepo-0.0.2/setup.cfg +4 -0
  36. ptrepo-0.0.2/setup.py +37 -0
  37. ptrepo-0.0.2/tests/test_cli_contract.py +133 -0
  38. ptrepo-0.0.2/tests/test_cli_future_flags.py +110 -0
  39. ptrepo-0.0.2/tests/test_discovery.py +289 -0
  40. ptrepo-0.0.2/tests/test_git_runner.py +73 -0
  41. ptrepo-0.0.2/tests/test_http_client.py +149 -0
  42. ptrepo-0.0.2/tests/test_ptrepo_reporting.py +374 -0
  43. ptrepo-0.0.2/tests/test_recovery.py +677 -0
  44. ptrepo-0.0.2/tests/test_secrets.py +1260 -0
  45. ptrepo-0.0.2/tests/test_soft404.py +51 -0
ptrepo-0.0.2/CHANGELOG.md ADDED
@@ -0,0 +1,38 @@
1
+ # Changelog
2
+
3
+ ## 0.0.2
4
+
5
+ - Added default history summaries during `--download`: Git commit counts and SVN observed revision counts are reported even without detailed `--commits` output.
6
+ - Added standalone `--commits` mode using temporary metadata recovery without keeping recovered files in the output directory.
7
+ - Added `--commit-limit` to keep detailed commit/revision terminal output bounded while still reporting the total count.
8
+ - Added native `--secrets` scanning for recovered Git commit patches and recovered Git/SVN files with built-in provider/generic rules, redacted output, stable fingerprints, and coverage reporting.
9
+ - Added `--secrets-mode` (`auto`, `files`, `history`) and bounded recovered-file secret scanning with `--max-secret-file-size`; SVN history-aware scanning is reported as unsupported in this MVP slice.
10
+ - Added JSON custom secret rules through `--secrets-rules`, JSON allowlists through `--allowlist`, and entropy control through `--entropy`/`--no-entropy`.
11
+ - Added `--secrets-baseline` fingerprint suppression, rule-level custom allowlists, keyword-required custom rules, custom regex size limits, and binary-file detection based on control-byte ratio.
12
+ - Hardened native secret scanning after review by checking NUL bytes across the full recovered file, tightening short-secret redaction, validating custom entropy thresholds, limiting allowlist regex length, and no longer suppressing single-brace custom-rule matches.
13
+ - Hardened secret scanning output by redacting all detected secrets in shared evidence lines, disabling Git textconv during patch scans, and marking commit-limited scans as partial coverage.
14
+ - Hardened runtime structure after review: package-aware imports, immutable SVN entries metadata, deque-based Git object traversal, explicit unsupported Git index version warnings, JWT entropy filtering, full-file NUL binary detection, and deduplicated HTTP request exception handling.
15
+ - Expanded native secret coverage for AWS STS access keys, additional GitLab token prefixes, Slack webhooks, Stripe restricted/test/webhook keys, Google OAuth client secrets, database URL variants, URLs with embedded credentials, generic credentials with common special characters, template placeholder suppression, `.git/config` metadata scanning, and cross-source finding deduplication.
16
+ - Expanded Git history secret scanning to inspect deleted diff lines, commit message subject/body text, conservative base64/hex decoded credential assignments, and Google service-account JSON while preserving redaction for JSON-escaped private key material.
17
+ - Added `requests>=2.31,<3` as an explicit runtime dependency.
18
+ - Added unit tests for commit/revision counting, bounded history output, temporary history recovery, native secret rules, redaction, allowlists, baselines, custom rules, and coverage reporting.
19
+
20
+ ## 0.0.1
21
+
22
+ - Initial PTREPO discovery MVP.
23
+ - Added Penterep package scaffold, CLI contract, packaging metadata, release workflow, and GPLv3 license.
24
+ - Added URL normalization for HTTP/HTTPS targets while preserving path-scoped URLs.
25
+ - Added repository candidate generation for `.git`, `.svn`, `_svn`, `.bzr`, `.hg`, and `cgi-bin/cvsweb.cgi`.
26
+ - Added support for additional validated repository path candidates from `--wordlist`.
27
+ - Added bounded GET-based HTTP discovery client with streaming byte limits, response samples, elapsed timing, and auth/rate-limit/WAF/network hints.
28
+ - Added discovery classification for directory redirects, forbidden directories, accessible sentinels, blocked states, soft-404 responses, and network/TLS/timeout errors.
29
+ - Added Git confirmation through valid `.git/HEAD` and secondary Git evidence from `.git/config`, `.git/index`, and `.git/objects/info/packs`.
30
+ - Added SVN confirmation through `.svn/entries`, `.svn/wc.db`, and `_svn` variants.
31
+ - Added directory listing detection from `Index of` page titles.
32
+ - Added Penterep-style human output and JSON output with evidence and vulnerability entries for confirmed exposed repository metadata and accessible directory listings.
33
+ - Added safe `--download` recovery workflow with quarantine output, stream-to-file limits, path traversal protection, partial recovery reporting, and recovered file summaries.
34
+ - Added Git recovery for metadata seed files, branch/tag refs, reflogs, loose objects, pack files listed in `objects/info/packs`, locally reconstructed pack indexes, files recoverable from `.git/index`, and files exportable from recovered Git commit trees.
35
+ - Added defensive low-level Git command isolation for recovered repository validation, reachable commit listing, and dangling commit fallback.
36
+ - Added SVN recovery for `.svn` and `_svn` metadata, recursive old `entries`/`text-base` working copies, new `wc.db`/`pristine` working copies, observed revision reporting, and recovered file contents.
37
+ - Added explicit planned-option handling for future cache and redirect functionality.
38
+ - Added unit tests for URL handling, candidate generation, HTTP client behavior, discovery states, soft-404 detection, CLI contract, human output, JSON vulnerability reporting, Git command isolation, and Git/SVN recovery.