robber

package
v0.0.0-...-acc370e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 19, 2020 License: GPL-3.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// B64chars is used for entropy finding of base64 strings.
	B64chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
	// Hexchars is used for entropy finding of hex based strings.
	Hexchars = "1234567890abcdefABCDEF"
)

Variables

This section is empty.

Functions

func AnalyzeEntropyDiff 

func AnalyzeEntropyDiff(m *Middleware, diffObject *DiffObject)

AnalyzeEntropyDiff breaks a given diff into words and finds valid base64 and hex strings within a word and finally runs an entropy check on the valid string. Code taken from https://github.com/dxa4481/truffleHog.

func AnalyzeOrg 

func AnalyzeOrg(m *Middleware, orgname string, repoch chan<- string)

AnalyzeOrg simply sends two GET requests to githubs API, one for a given organizations repositories and one for its' members.

func AnalyzeRegexDiff 

func AnalyzeRegexDiff(m *Middleware, diffObject *DiffObject)

AnalyzeRegexDiff runs line by line on a given diff and runs each given regex rule on the line.

func AnalyzeRepo 

func AnalyzeRepo(m *Middleware, id int, repoch <-chan string, quit chan<- bool, done <-chan bool, wg *sync.WaitGroup)

AnalyzeRepo opens a given repository and extracts all diffs from it for later analysis.

func AnalyzeUser 

func AnalyzeUser(m *Middleware, username string, repoch chan<- string)

AnalyzeUser simply sends a GET request on githubs API for a given username and starts and analysis of each of the user's repositories.

func CleanUp 

func CleanUp(m *Middleware)

CleanUp deletes all temp directories which were created for cloning of repositories.

func EntropyCheck 

func EntropyCheck(data string, values string) float64

EntropyCheck runs Shannon's Entropy on a given word H(X) = - \sigma{i=1}{n} P(x_i) log_bP(x_i) P(X = x) = P({s \in S: X(s) = x})

func FindContext 

func FindContext(m *Middleware, diff string, secret string) (string, []int)

FindContext finds context lines of an entropy finding.

func FindValidStrings 

func FindValidStrings(word string, charSet string) []string

FindValidStrings finds parts of a word which are valid in respect to a given charset

func GetAccessToken 

func GetAccessToken(m *Middleware) (string, *http.Client)

GetAccessToken retreives access token from env variables and returns an oauth2 client.

func GetCommitChanges 

func GetCommitChanges(commit *object.Commit) (object.Changes, error)

GetCommitChanges gets the changes of a commit by comparing it to its' parent commit tree.

func GetCommits 

func GetCommits(m *Middleware, repo *git.Repository, reponame string) ([]*object.Commit, error)

GetCommits simply traverses a given repository, gathering all commits and then returns a list of them.

func GetDiffs 

func GetDiffs(m *Middleware, change *object.Change, reponame string) ([]string, string, error)

GetDiffs gets all diffs which are either of type addage or removal for a change in a commit.

func GetDir 

func GetDir(cloneurl string) (string, bool)

GetDir returns the respective directory of a given cloneurl and whether it exists.

func GetEnvColors 

func GetEnvColors() map[int]string

GetEnvColors retreives color settings from env variables and returns them.

func GetGoPath 

func GetGoPath() string

GetGoPath returns user's GOPATH env variable.

func GetOrgMembers 

func GetOrgMembers(m *Middleware, orgname string) []*string

GetOrgMembers returns all members of a given organization.

func GetOrgRepos 

func GetOrgRepos(m *Middleware, orgname string) []*string

GetOrgRepos returns all repositories of a given organization.

func GetUserRepos 

func GetUserRepos(m *Middleware, username string) []*string

GetUserRepos returns all non forked public repositories for a given user.

func HandleSigInt 

func HandleSigInt(m *Middleware, sigc chan os.Signal, kill chan<- bool, finished <-chan bool, cleanup chan<- bool)

HandleSigInt captures the SIGINT signal and removes the cache folder. This is done to avoid nil pointers for future runs of yar.

func Max 

func Max(a, b int) int

Max returns the larger of two given ints

func Min 

func Min(a, b int) int

Min returns the smaller of two given ints

func OpenRepo 

func OpenRepo(m *Middleware, path string) (*git.Repository, error)

OpenRepo opens a repository found at the given path. If the path points to a nonexistant repository it assumes that an URL was given and tries to clone it instead.

func ParseConfig 

func ParseConfig(m *Middleware)

ParseConfig parses a given config file, if there was none given it will parse the default config file.

ParseConfig first parses all rules in the config file below a given noiselevel the default max noiselevel being 3. Then it parses all regex rules for the file blacklist.

func PrintEntropyFinding 

func PrintEntropyFinding(validStrings []string, m *Middleware, diffObject *DiffObject, threshold float64)

PrintEntropyFinding checks for a given validString set whether the threshold is broken and if it is finds the context around the secret of the diff and prints it along with the secret.

func SaveFindings 

func SaveFindings(m *Middleware)

SaveFindings saves all findings to a JSON file named findings.json

func WriteToFile 

func WriteToFile(filename string, values []*string) error

WriteToFile writes given string array to the given filename with each instance in the array being line seperated

Types

type Bound 

type Bound struct {
	Lower int
	Upper int
}

Bound struct boxes a user defined integer

type Config 

type Config struct {
	Rules []struct {
		Reason string `json:"Reason"`
		Rule   string `json:"Rule"`
		Noise  int    `json:"Noise"`
	} `json:"Rules"`
	FileBlacklist []string `json:"FileBlacklist"`
}

Config struct holds all config from the given JSON file.

type DiffObject 

type DiffObject struct {
	Commit   *object.Commit
	Diff     *string
	Reponame *string
	Filepath *string
}

DiffObject holds everything that is needed to analyze a diff.

func NewDiffObject 

func NewDiffObject(commit *object.Commit, diff, reponame, filepath *string) *DiffObject

NewDiffObject returns a new DiffObject.

type Finding 

type Finding struct {
	CommitHash    string
	CommitMessage string
	Committer     string
	DateOfCommit  string
	Email         string
	Reason        string
	Secret        []int
	Diff          string
	RepoName      string
	Filepath      string
}

Finding struct contains data of a given secret finding, used for later output of a finding.

func NewFinding 

func NewFinding(reason string, secret []int, diffObject *DiffObject) *Finding

NewFinding simply returns a new finding struct.

type Flags 

type Flags struct {
	Org            *string
	User           *string
	Repo           *string
	Save           *string
	CleanUp        *string
	Noise          *string
	Config         *os.File
	Entropy        *bool
	Both           *bool
	NoContext      *bool
	Forks          *bool
	NoBare         *bool
	NoCache        *bool
	IncludeMembers *bool
	SkipDuplicates *bool
	Context        *int
	CommitDepth    *int

	SavePresent    bool
	CleanUpPresent bool
	NoiseLevel     Bound
}

Flags struct keeps a hold of all of the CLI arguments that were given.

func ParseFlags 

func ParseFlags() *Flags

ParseFlags parses CLI arguments and returns them.

type Logger 

type Logger struct {
	sync.Mutex
	Verbose bool
}

Logger handles all logging to the output.

func NewLogger 

func NewLogger(verbose bool) *Logger

NewLogger sets all colors as specified and returns a new logger.

func (*Logger) LogFail 

func (l *Logger) LogFail(format string, a ...interface{})

LogFail prints to output using 'fail' colors

func (*Logger) LogFinding 

func (l *Logger) LogFinding(f *Finding, m *Middleware, contextDiff string)

LogFinding is used to output Findings

func (*Logger) LogInfo 

func (l *Logger) LogInfo(format string, a ...interface{})

LogInfo prints to output using 'info' colors

func (*Logger) LogSecret 

func (l *Logger) LogSecret(format string, a ...interface{})

LogSecret prints to output using 'secret' colors

func (*Logger) LogSucc 

func (l *Logger) LogSucc(format string, a ...interface{})

LogSucc prints to output using 'succ' colors

func (*Logger) LogVerbose 

func (l *Logger) LogVerbose(format string, a ...interface{})

LogVerbose prints to output using 'verbose' colors

func (*Logger) LogWarn 

func (l *Logger) LogWarn(format string, a ...interface{})

LogWarn prints to output using 'warn' colors

type Middleware 

type Middleware struct {
	sync.Mutex
	Logger      *Logger
	Flags       *Flags
	Rules       []*Rule
	Blacklist   []*regexp.Regexp
	Secrets     map[string]map[string]bool
	Client      *github.Client
	AccessToken string
	RepoCount   *int32
	Findings    []*Finding
}

Middleware handles all flags, rules, secrets and logging. It essentially holds all values which will be accessed by multiple go routines.

func NewMiddleware 

func NewMiddleware() *Middleware

NewMiddleware creates a new Middleware and returns it.

func (*Middleware) AddSecret 

func (m *Middleware) AddSecret(reponame string, secret string)

AddSecret adds a new secret for a given repo.

func (*Middleware) Append 

func (m *Middleware) Append(finding *Finding)

Append appends finding to Middlewares Findings array if save mode is enabled.

func (*Middleware) SecretExists 

func (m *Middleware) SecretExists(reponame string, secret string) bool

SecretExists checks to see whether a given secret string has been noticed before or not.

func (*Middleware) Start 

func (m *Middleware) Start(kill chan bool, finished chan<- bool, cleanup <-chan bool)

Start handles the CLI args and starts yar accordingly.

type Rule 

type Rule struct {
	Reason string
	Regex  *regexp.Regexp
}

Rule struct holds a given regex rule with its' reason for matching.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.