Documentation ¶
Index ¶
- Constants
- func AnalyzeEntropyDiff(m *Middleware, diffObject *DiffObject)
- func AnalyzeOrg(m *Middleware, orgname string, repoch chan<- string)
- func AnalyzeRegexDiff(m *Middleware, diffObject *DiffObject)
- func AnalyzeRepo(m *Middleware, id int, repoch <-chan string, quit chan<- bool, ...)
- func AnalyzeUser(m *Middleware, username string, repoch chan<- string)
- func CleanUp(m *Middleware)
- func EntropyCheck(data string, values string) float64
- func FindContext(m *Middleware, diff string, secret string) (string, []int)
- func FindValidStrings(word string, charSet string) []string
- func GetAccessToken(m *Middleware) (string, *http.Client)
- func GetCommitChanges(commit *object.Commit) (object.Changes, error)
- func GetCommits(m *Middleware, repo *git.Repository, reponame string) ([]*object.Commit, error)
- func GetDiffs(m *Middleware, change *object.Change, reponame string) ([]string, string, error)
- func GetDir(cloneurl string) (string, bool)
- func GetEnvColors() map[int]string
- func GetGoPath() string
- func GetOrgMembers(m *Middleware, orgname string) []*string
- func GetOrgRepos(m *Middleware, orgname string) []*string
- func GetUserRepos(m *Middleware, username string) []*string
- func HandleSigInt(m *Middleware, sigc chan os.Signal, kill chan<- bool, finished <-chan bool, ...)
- func Max(a, b int) int
- func Min(a, b int) int
- func OpenRepo(m *Middleware, path string) (*git.Repository, error)
- func ParseConfig(m *Middleware)
- func PrintEntropyFinding(validStrings []string, m *Middleware, diffObject *DiffObject, ...)
- func SaveFindings(m *Middleware)
- func WriteToFile(filename string, values []*string) error
- type Bound
- type Config
- type DiffObject
- type Finding
- type Flags
- type Logger
- func (l *Logger) LogFail(format string, a ...interface{})
- func (l *Logger) LogFinding(f *Finding, m *Middleware, contextDiff string)
- func (l *Logger) LogInfo(format string, a ...interface{})
- func (l *Logger) LogSecret(format string, a ...interface{})
- func (l *Logger) LogSucc(format string, a ...interface{})
- func (l *Logger) LogVerbose(format string, a ...interface{})
- func (l *Logger) LogWarn(format string, a ...interface{})
- type Middleware
- type Rule
Constants ¶
const ( // B64chars is used for entropy finding of base64 strings. B64chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" // Hexchars is used for entropy finding of hex based strings. Hexchars = "1234567890abcdefABCDEF" )
Variables ¶
This section is empty.
Functions ¶
func AnalyzeEntropyDiff ¶
func AnalyzeEntropyDiff(m *Middleware, diffObject *DiffObject)
AnalyzeEntropyDiff breaks a given diff into words and finds valid base64 and hex strings within a word and finally runs an entropy check on the valid string. Code taken from https://github.com/dxa4481/truffleHog.
func AnalyzeOrg ¶
func AnalyzeOrg(m *Middleware, orgname string, repoch chan<- string)
AnalyzeOrg simply sends two GET requests to githubs API, one for a given organizations repositories and one for its' members.
func AnalyzeRegexDiff ¶
func AnalyzeRegexDiff(m *Middleware, diffObject *DiffObject)
AnalyzeRegexDiff runs line by line on a given diff and runs each given regex rule on the line.
func AnalyzeRepo ¶
func AnalyzeRepo(m *Middleware, id int, repoch <-chan string, quit chan<- bool, done <-chan bool, wg *sync.WaitGroup)
AnalyzeRepo opens a given repository and extracts all diffs from it for later analysis.
func AnalyzeUser ¶
func AnalyzeUser(m *Middleware, username string, repoch chan<- string)
AnalyzeUser simply sends a GET request on githubs API for a given username and starts and analysis of each of the user's repositories.
func CleanUp ¶
func CleanUp(m *Middleware)
CleanUp deletes all temp directories which were created for cloning of repositories.
func EntropyCheck ¶
EntropyCheck runs Shannon's Entropy on a given word H(X) = - \sigma{i=1}{n} P(x_i) log_bP(x_i) P(X = x) = P({s \in S: X(s) = x})
func FindContext ¶
func FindContext(m *Middleware, diff string, secret string) (string, []int)
FindContext finds context lines of an entropy finding.
func FindValidStrings ¶
FindValidStrings finds parts of a word which are valid in respect to a given charset
func GetAccessToken ¶
func GetAccessToken(m *Middleware) (string, *http.Client)
GetAccessToken retreives access token from env variables and returns an oauth2 client.
func GetCommitChanges ¶
GetCommitChanges gets the changes of a commit by comparing it to its' parent commit tree.
func GetCommits ¶
func GetCommits(m *Middleware, repo *git.Repository, reponame string) ([]*object.Commit, error)
GetCommits simply traverses a given repository, gathering all commits and then returns a list of them.
func GetDiffs ¶
GetDiffs gets all diffs which are either of type addage or removal for a change in a commit.
func GetEnvColors ¶
GetEnvColors retreives color settings from env variables and returns them.
func GetOrgMembers ¶
func GetOrgMembers(m *Middleware, orgname string) []*string
GetOrgMembers returns all members of a given organization.
func GetOrgRepos ¶
func GetOrgRepos(m *Middleware, orgname string) []*string
GetOrgRepos returns all repositories of a given organization.
func GetUserRepos ¶
func GetUserRepos(m *Middleware, username string) []*string
GetUserRepos returns all non forked public repositories for a given user.
func HandleSigInt ¶
func HandleSigInt(m *Middleware, sigc chan os.Signal, kill chan<- bool, finished <-chan bool, cleanup chan<- bool)
HandleSigInt captures the SIGINT signal and removes the cache folder. This is done to avoid nil pointers for future runs of yar.
func OpenRepo ¶
func OpenRepo(m *Middleware, path string) (*git.Repository, error)
OpenRepo opens a repository found at the given path. If the path points to a nonexistant repository it assumes that an URL was given and tries to clone it instead.
func ParseConfig ¶
func ParseConfig(m *Middleware)
ParseConfig parses a given config file, if there was none given it will parse the default config file.
ParseConfig first parses all rules in the config file below a given noiselevel the default max noiselevel being 3. Then it parses all regex rules for the file blacklist.
func PrintEntropyFinding ¶
func PrintEntropyFinding(validStrings []string, m *Middleware, diffObject *DiffObject, threshold float64)
PrintEntropyFinding checks for a given validString set whether the threshold is broken and if it is finds the context around the secret of the diff and prints it along with the secret.
func SaveFindings ¶
func SaveFindings(m *Middleware)
SaveFindings saves all findings to a JSON file named findings.json
func WriteToFile ¶
WriteToFile writes given string array to the given filename with each instance in the array being line seperated
Types ¶
type Config ¶
type Config struct { Rules []struct { Reason string `json:"Reason"` Rule string `json:"Rule"` Noise int `json:"Noise"` } `json:"Rules"` FileBlacklist []string `json:"FileBlacklist"` }
Config struct holds all config from the given JSON file.
type DiffObject ¶
DiffObject holds everything that is needed to analyze a diff.
func NewDiffObject ¶
func NewDiffObject(commit *object.Commit, diff, reponame, filepath *string) *DiffObject
NewDiffObject returns a new DiffObject.
type Finding ¶
type Finding struct { CommitHash string CommitMessage string Committer string DateOfCommit string Email string Reason string Secret []int Diff string RepoName string Filepath string }
Finding struct contains data of a given secret finding, used for later output of a finding.
func NewFinding ¶
func NewFinding(reason string, secret []int, diffObject *DiffObject) *Finding
NewFinding simply returns a new finding struct.
type Flags ¶
type Flags struct { Org *string User *string Repo *string Save *string CleanUp *string Noise *string Config *os.File Entropy *bool Both *bool NoContext *bool Forks *bool NoBare *bool NoCache *bool IncludeMembers *bool SkipDuplicates *bool Context *int CommitDepth *int SavePresent bool CleanUpPresent bool NoiseLevel Bound }
Flags struct keeps a hold of all of the CLI arguments that were given.
type Logger ¶
Logger handles all logging to the output.
func (*Logger) LogFinding ¶
func (l *Logger) LogFinding(f *Finding, m *Middleware, contextDiff string)
LogFinding is used to output Findings
func (*Logger) LogVerbose ¶
LogVerbose prints to output using 'verbose' colors
type Middleware ¶
type Middleware struct { sync.Mutex Logger *Logger Flags *Flags Rules []*Rule Blacklist []*regexp.Regexp Secrets map[string]map[string]bool Client *github.Client AccessToken string RepoCount *int32 Findings []*Finding }
Middleware handles all flags, rules, secrets and logging. It essentially holds all values which will be accessed by multiple go routines.
func NewMiddleware ¶
func NewMiddleware() *Middleware
NewMiddleware creates a new Middleware and returns it.
func (*Middleware) AddSecret ¶
func (m *Middleware) AddSecret(reponame string, secret string)
AddSecret adds a new secret for a given repo.
func (*Middleware) Append ¶
func (m *Middleware) Append(finding *Finding)
Append appends finding to Middlewares Findings array if save mode is enabled.
func (*Middleware) SecretExists ¶
func (m *Middleware) SecretExists(reponame string, secret string) bool
SecretExists checks to see whether a given secret string has been noticed before or not.