Documentation
¶
Overview ¶
Package core represents the core functionality of all commands
Package core generated by go-bindata.// sources: static/fonts/open-iconic.eot static/fonts/open-iconic.otf static/fonts/open-iconic.svg static/fonts/open-iconic.ttf static/fonts/open-iconic.woff static/images/gopher_full.png static/images/gopher_head.png static/images/spinner.gif static/index.html static/javascripts/application.js static/javascripts/backbone.js static/javascripts/bootstrap.js static/javascripts/clipboard.js static/javascripts/hexdump.js static/javascripts/highlight.js static/javascripts/highlight_worker.js static/javascripts/jquery-3.3.1.js static/javascripts/popper.js static/javascripts/underscore.js static/stylesheets/application.css static/stylesheets/bootstrap.css static/stylesheets/highlight.css static/stylesheets/openiconic.css
Package core represents the core functionality of all commands ¶
Package core represents the core functionality of all commands
Index ¶
- Constants
- Variables
- func AnalyzeRepositories(sess *Session)
- func Asset(name string) ([]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func BinaryFileSystem(root string) *binaryFileSystem
- func GatherLocalRepositories(sess *Session)
- func GatherRepositories(sess *Session)
- func GatherTargets(sess *Session)
- func MustAsset(name string) []byte
- func NewRouter(s *Session) *gin.Engine
- func PrintSessionStats(sess *Session)
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- func SetConfig() *viper.Viper
- type Session
- func (s *Session) AddFinding(finding *matching.Finding)
- func (s *Session) AddRepository(repository *common.Repository)
- func (s *Session) AddTarget(target *common.Owner)
- func (s *Session) Finish()
- func (s *Session) InitAPIClient()
- func (s *Session) InitLogger()
- func (s *Session) InitRouter()
- func (s *Session) InitSignatures()
- func (s *Session) InitStats()
- func (s *Session) InitThreads()
- func (s *Session) Initialize(v *viper.Viper, scanType string)
- func (s *Session) SaveToFile(location string) error
- type Stats
Constants ¶
const ( GithubBaseUri = "https://raw.githubusercontent.com" MaximumFileSize = 153600 GitLabBaseUri = "https://gitlab.com" CspPolicy = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'" ReferrerPolicy = "no-referrer" )
Set various internal values used by the web interface
const ( StatusInitializing = "initializing" StatusGathering = "gathering" StatusAnalyzing = "analyzing" StatusFinished = "finished" )
These are varios environment variables and tool statuses used in auth and displaying messages
Variables ¶
var DefaultValues = map[string]interface{}{ "bind-address": "127.0.0.1", "bind-port": 9393, "commit-depth": 0, "config-file": "$HOME/.gitrob/config.yaml", "debug": false, "github-targets": "", "github-api-token": "0123456789ABCDEFGHIJKLMNOPQRSTUVWXVZabcd", "gitlab-targets": "", "gitlab-api-token": "0123456789ABCDEFGHIJ", "ignore-extension": "", "ignore-path": "", "in-mem-clone": false, "max-file-size": 50, "repo-dirs": "", "scan-forks": true, "scan-tests": false, "scan-type": "", "silent": false, "mode": 1, }
var IsGithub bool
Is this a github repo/org
Functions ¶
func AnalyzeRepositories ¶
func AnalyzeRepositories(sess *Session)
AnalyzeRepositories will take a given repository, clone it, pull the commit history and use that as a basis for scanning for secrets within the repo and based on that output create a finding associated with that repo
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/
foo.txt
img/
a.png
b.png
then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func BinaryFileSystem ¶
func BinaryFileSystem(root string) *binaryFileSystem
BinaryFileSystem returns a binary file system object used by the web frontend
func GatherLocalRepositories ¶
func GatherLocalRepositories(sess *Session)
GatherLocalRepositories will grab all the local repos from the user input and generate a repository object, putting dummy or generated values in where necessary
func GatherRepositories ¶
func GatherRepositories(sess *Session)
Gather Repositories will gather all repositories associated with a given target during a scan session. This is done using threads, whose count is set via commandline flag. Care much be taken to avoid rate limiting associated with suspected DOS attacks.
func GatherTargets ¶
func GatherTargets(sess *Session)
GatherTargets will enumerate github orgs and members and add them to the running target list of a session
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func NewRouter ¶
NewRouter will create an instance of the web frontend, setting the necessary parameters.
func PrintSessionStats ¶
func PrintSessionStats(sess *Session)
PrintSessionStats will print the performance and sessions stats to stdout at the conclusion of a session scan
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively
Types ¶
type Session ¶
type Session struct {
sync.Mutex
BindAddress string
BindPort int
Client common.IClient `json:"-"`
CommitDepth int
Debug bool
Findings []*matching.Finding
GithubAccessToken string
GithubTargets []string
GitlabAccessToken string
GitlabTargets []string
InMemClone bool
Mode int // TODO make this go away when MJ sig functionality is applied
MaxFileSize int64
NoExpandOrgs bool
Out *common.Logger `json:"-"`
RepoDirs []string
Repositories []*common.Repository
Router *gin.Engine `json:"-"`
ScanFork bool
ScanTests bool
ScanType string
Signatures matching.Signatures `json:"-"`
Silent bool
SkippableExt []string
SkippablePath []string
Stats *Stats
Targets []*common.Owner
Threads int
Version string
}
Session contains all the necessary values and parameters used during a scan
func NewSession ¶
NewSession is the entry point for starting a new scan session
func (*Session) AddFinding ¶
TODO Need to update this to MJ methods AddFinding will add a finding that has been discovered during a session to the list of findings for that session
func (*Session) AddRepository ¶
func (s *Session) AddRepository(repository *common.Repository)
AddRepository will add a given repository to be scanned to a session
func (*Session) AddTarget ¶
AddTarget will add a new target to a session to be scanned during that session
func (*Session) Finish ¶
func (s *Session) Finish()
Finish is called at the end of a scan session and used to generate discrete data points for a given scan session including setting the status of a scan to finished.
func (*Session) InitAPIClient ¶
func (s *Session) InitAPIClient()
InitAPIClient will create a new gitlab or github api client based on the session identifier
func (*Session) InitLogger ¶
func (s *Session) InitLogger()
InitLogger will initialize the logger for the session
func (*Session) InitRouter ¶
func (s *Session) InitRouter()
InitRouter will configure and start the webserver for graphical output and status messages
func (*Session) InitSignatures ¶
func (s *Session) InitSignatures()
InitSignature will load any signatures files into the session runtime configuration
func (*Session) InitStats ¶
func (s *Session) InitStats()
InitStats will zero out the stats for a given session, setting them to known values
func (*Session) InitThreads ¶
func (s *Session) InitThreads()
InitThreads will set the correct number of threads based on the commandline flags
func (*Session) Initialize ¶
Initialize will set the initial values and options used during a scan session
func (*Session) SaveToFile ¶
SaveToFile will save a json representation of the session output to a file
type Stats ¶
type Stats struct {
sync.Mutex
StartedAt time.Time
FinishedAt time.Time
Status string
Progress float64
Targets int
Repositories int
Commits int
Files int
Findings int
}
Stats will store all performance and scan related data tallies
func (*Stats) IncrementCommits ¶
func (s *Stats) IncrementCommits()
IncrementCommits will add one to the running count of commits during the target discovery phase of a session
func (*Stats) IncrementFiles ¶
func (s *Stats) IncrementFiles()
IncrementFiles will add one to the running count of files during the target discovery phase of a session
func (*Stats) IncrementFindings ¶
func (s *Stats) IncrementFindings()
IncrementFindings will add one to the running count of findings during the target discovery phase of a session
func (*Stats) IncrementRepositories ¶
func (s *Stats) IncrementRepositories()
IncrementRepositories will add one to the running repository count during the target discovery phase of a session
func (*Stats) IncrementTargets ¶
func (s *Stats) IncrementTargets()
IncrementTargets will add one to the running target count during the target discovery phase of a session
func (*Stats) UpdateProgress ¶
UpdateProgress will update the progress percentage
Source Files