Skip to content
This repository has been archived by the owner on Jan 13, 2023. It is now read-only.

Fixed bug where gitrob does not look at files in the very initial com… #153

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Fixed bug where gitrob does not look at files in the very initial com… #153

wants to merge 11 commits into from

Conversation

micksmix
Copy link

@micksmix micksmix commented Aug 14, 2018
edited

…mit.

IMPORTANT: Please do not create a Pull Request without creating an issue first.

Any change needs to be discussed before proceeding. Failure to do so may result in the rejection of the pull request.

Please provide enough information so that others can review your pull request:

Explain the details for making this change. What existing problem does the pull request solve?

gitrob doesn't read files in initial commit
Further detail explained in this GitHub Issue: https://github.com/michenriksen/gitrob/issues/152

Modifications are only within the GetChanges function.

Closing issues

closes #152

betobrandao and others added 8 commits August 9, 2018 11:14
@betobrandao
Fetching Organization Private Repos
1b982ce 
Added function GetRepositoriesFromOrganization for downloading of
private repo when target is an Organization using SSH URL
@micksmix
Fixed bug where gitrob does not look at files in the very initial com…
0f67d48 
…mit.
Add -no-server option
885ed72 
Added option to stop *gitrob* from starting its own web server so it is possible to just get findings.

Closes #142
update README.md
0f6710a 
Add option to README.md
@muffix
✨ Add support for Github Enterprise
23ce0e9 
This adds support for GitHub Enterprise which can be configured using
the three new command line arguments with the enterprise prefix (see
documentation).

Closes #145
Closes #148
@muffix
🐛 Fix preview of files on Github Enterprise
85ad655 
Fixes download of files when using Github Enterprise. It now uses the
existing Github client to download the files instead of making a manual
HTTP request.
@muffix
📝 Fix a typo in the README
24ad583
@muffix
🎨 Fix (some of) the indentation
7385f86
@Techbrunch
Copy link

@micksmix I ran into the same issue. I clonned you repo but the issue is still there it seems:

$:~/Documents/github/gitrob2/build ✖ git remote -v
origin	https://github.com/micksmix/gitrob (fetch)
origin	https://github.com/micksmix/gitrob (push)
$:~/Documents/github/gitrob2/build ✖ git log
commit 0f67d48942ddd6c4f9d2c34e01c34d00d18f012c (HEAD -> master, origin/master, origin/HEAD)
Author: Mick Grove <[email protected]>
Date:   Tue Aug 14 15:11:38 2018 -0700

    Fixed bug where gitrob does not look at files in the very initial commit.

commit 7be4c5306a61383a3ba16777b520b3c2a8956a1e
Merge: d2f4901 edea020
Author: Michael Henriksen <[email protected]>
Date:   Thu Jul 5 13:50:09 2018 +0200

    Merge pull request #137 from marco-lancini/master

    Fix edge case where sess.Repositories=0

commit edea020e37cc9a1de536d0ed0c611750056fe4d1
Author: Lancini, Marco <[email protected]>
Date:   Fri Jun 29 09:34:16 2018 +0100

    Fix edge case where sess.Repositories=0

commit d2f49019edb6fc992e8b28235c3bd8609ce5c39c
Author: Michael Henriksen <[email protected]>
Date:   Tue Jun 12 19:34:09 2018 +0200

    Add dependency management with dep

commit 8445c67e4972b6570ce0199401da9e66629942b4
Author: Michael Henriksen <[email protected]>
Date:   Sun Jun 10 12:28:36 2018 +0200

    Skip expensive signature checking for image extensions and files in node_modules and other package directories

commit b53311a6262fe5654a8f764c50ada856647a29b2
Author: Michael Henriksen <[email protected]>
Date:   Sat Jun 9 22:55:26 2018 +0200

    Change ID fields to *int64 to be compatible with latest version of go-github

commit 01deb8ed83da7d211fbb2527a512ae81aac0a92e
Author: Michael Henriksen <[email protected]>
Date:   Sat Jun 9 16:20:18 2018 +0200

    Add Gitrob Gopher to README

commit d2c43395e5edf5df46d1cfe9b45bd9c09b7d02a4 (tag: v2.0.0-beta)
Author: Michael Henriksen <[email protected]>
Date:   Sat Jun 9 10:29:56 2018 +0200

    Genesis.
$:~/Documents/github/gitrob2/build ✖ ls
total 106216
-rw-r--r--  1 vaadata  staff   3.0K Jan 29 12:40 README.md
-rw-r--r--  1 vaadata  staff   302B Jan 29 12:47 checksums.txt
-rwxr-xr-x  1 vaadata  staff    22M Jan 29 12:47 gitrob
-rw-r--r--  1 vaadata  staff   9.8M Jan 29 12:47 gitrob_linux_amd64_2.0.0-beta.zip
-rw-r--r--  1 vaadata  staff   9.8M Jan 29 12:47 gitrob_macos_amd64_2.0.0-beta.zip
-rw-r--r--  1 vaadata  staff   9.8M Jan 29 12:47 gitrob_windows_amd64_2.0.0-beta.zip
$:~/Documents/github/gitrob2/build ✖ ./gitrob micksmix
        _ __           __
  ___ _(_) /________  / /
 / _ `/ / __/ __/ _ \/ _ \
 \_, /_/\__/_/  \___/_.__/
/___/ by @michenriksen

gitrob v2.0.0-beta started at 2019-01-29T13:32:54+01:00
Loaded 91 signatures
Web interface available at http://127.0.0.1:9393
Gathering targets...
 Retrieved 20 repositories from micksmix
Analyzing 20 repositories...
 INSERT: Contains word: password
  Path.......: password_03
  Repo.......: micksmix/test-secrets
  Message....: renamed file
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/e619af10ef8677ac43a17e4afe209209f499d95a/password_03
  Commit URL.: https://github.com/micksmix/test-secrets/commit/e619af10ef8677ac43a17e4afe209209f499d95a
 ------------------------------------------------

 INSERT: Shell configuration file
  Path.......: .bashrc
  Repo.......: micksmix/tmux
  Message....: initial commit
  Author.....: Mick Grove <[email protected]>
  Comment....: Shell configuration files can contain passwords, API keys, hostnames and other goodies
  File URL...: https://github.com/micksmix/tmux/blob/df652d637be9a05f0abf1d2986cdd22a4892a997/.bashrc
  Commit URL.: https://github.com/micksmix/tmux/commit/df652d637be9a05f0abf1d2986cdd22a4892a997
 ------------------------------------------------


Findings....: 2
Files.......: 343
Commits.....: 133
Repositories: 20
Targets.....: 1

Press Ctrl+C to stop web server and exit.

@plasticuproject
Copy link

@Techbrunch
I cloned the original and manually added micksmix's fix, ran his test and it still only logged the one password commit.

@micksmix can you demonstrate how your fix is working with proof?

also: Try to say "micksmix's fix" ten times in a row...

@micksmix
Copy link
Author

micksmix commented Feb 22, 2019
edited

@plasticuproject @Techbrunch - Strange, but I was able to reproduce it without issue, just now. Here's what I did, step by step...

cd $GOPATH/src/github.com
mkdir michenriksen
cd michenriksen
git clone https://github.com/micksmix/gitrob.git
cd gitrob
go get ...
./build.sh
cd build
unzip gitrob_macos_amd64_2.0.0-beta.zip

and then finally (replace XXXXX with your github pat)

./gitrob -github-access-token XXXXXXXXXXXXXXXX micksmix

And here's my output:

$ ./gitrob -github-access-token  XXXXXXXXXXXXXXXXXXXX micksmix
        _ __           __
  ___ _(_) /________  / /
 / _ `/ / __/ __/ _ \/ _ \
 \_, /_/\__/_/  \___/_.__/
/___/ by @michenriksen

gitrob v2.0.0-beta started at 2019-02-22T15:04:53-08:00
Loaded 91 signatures
Web interface available at http://127.0.0.1:9393
Gathering targets...
 Retrieved 20 repositories from micksmix
Analyzing 20 repositories...
 INSERT: Contains word: password
  Path.......: password_03
  Repo.......: micksmix/test-secrets
  Message....: renamed file
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/e619af10ef8677ac43a17e4afe209209f499d95a/password_03
  Commit URL.: https://github.com/micksmix/test-secrets/commit/e619af10ef8677ac43a17e4afe209209f499d95a
 ------------------------------------------------

 INSERT: AWS CLI credentials file
  Path.......: .aws/credentials
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/.aws/credentials
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Contains word: credential
  Path.......: credential_01
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/credential_01
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Contains word: credential
  Path.......: credential_02
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/credential_02
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Contains word: password
  Path.......: password_01
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/password_01
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Contains word: password
  Path.......: password_02
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/password_02
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Shell configuration file
  Path.......: .bashrc
  Repo.......: micksmix/tmux
  Message....: initial commit
  Author.....: Mick Grove <[email protected]>
  Comment....: Shell configuration files can contain passwords, API keys, hostnames and other goodies
  File URL...: https://github.com/micksmix/tmux/blob/df652d637be9a05f0abf1d2986cdd22a4892a997/.bashrc
  Commit URL.: https://github.com/micksmix/tmux/commit/df652d637be9a05f0abf1d2986cdd22a4892a997
 ------------------------------------------------


Findings....: 7
Files.......: 428
Commits.....: 133
Repositories: 20
Targets.....: 1

Press Ctrl+C to stop web server and exit.

@plasticuproject
Copy link

plasticuproject commented Feb 22, 2019
edited

@micksmix
I see you are using a mac. I am on 64 bit linux. I repeated what you posted step by step and it is still only showing password_03 and .bashrc. I tried adding the token as an argument, and from my bashrc. I tried just running main.go and building out the application. My results are always the same.

        _ __           __
  ___ _(_) /________  / /
 / _ `/ / __/ __/ _ \/ _ \
 \_, /_/\__/_/  \___/_.__/
/___/ by @michenriksen

gitrob v2.0.0-beta started at 2019-02-22T18:19:39-05:00
Loaded 91 signatures
Web interface available at http://127.0.0.1:9393
Gathering targets...
 Retrieved 20 repositories from micksmix
Analyzing 20 repositories...
 INSERT: Contains word: password
  Path.......: password_03
  Repo.......: micksmix/test-secrets
  Message....: renamed file
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/e619af10ef8677ac43a17e4afe209209f499d95a/password_03
  Commit URL.: https://github.com/micksmix/test-secrets/commit/e619af10ef8677ac43a17e4afe209209f499d95a
 ------------------------------------------------

 INSERT: Shell configuration file
  Path.......: .bashrc
  Repo.......: micksmix/tmux
  Message....: initial commit
  Author.....: Mick Grove <[email protected]>
  Comment....: Shell configuration files can contain passwords, API keys, hostnames and other goodies
  File URL...: https://github.com/micksmix/tmux/blob/df652d637be9a05f0abf1d2986cdd22a4892a997/.bashrc
  Commit URL.: https://github.com/micksmix/tmux/commit/df652d637be9a05f0abf1d2986cdd22a4892a997
 ------------------------------------------------


Findings....: 2
Files.......: 343
Commits.....: 133
Repositories: 20
Targets.....: 1

Press Ctrl+C to stop web server and exit.

@micksmix
Copy link
Author

@plasticuproject - I just did the same thing on my Ubuntu 18.04 box and it worked as expected. This is strange.

micksmix at mcintosh0101 in ~/.go/src/github.com/michenriksen/gitrob/build
$ uname -a
Linux mcintosh0101 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

micksmix at mcintosh0101 in ~/.go/src/github.com/michenriksen/gitrob/build
$ ./gitrob -github-access-token XXXXXXXXXXXXXXXXXXXX micksmix
        _ __           __
  ___ _(_) /________  / /
 / _ `/ / __/ __/ _ \/ _ \
 \_, /_/\__/_/  \___/_.__/
/___/ by @michenriksen

gitrob v2.0.0-beta started at 2019-02-22T16:05:25-08:00
Loaded 91 signatures
Web interface available at http://127.0.0.1:9393
Gathering targets...
 Retrieved 20 repositories from micksmix
Analyzing 20 repositories...
 INSERT: Contains word: password
  Path.......: password_03
  Repo.......: micksmix/test-secrets
  Message....: renamed file
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/e619af10ef8677ac43a17e4afe209209f499d95a/password_03
  Commit URL.: https://github.com/micksmix/test-secrets/commit/e619af10ef8677ac43a17e4afe209209f499d95a
 ------------------------------------------------

 INSERT: AWS CLI credentials file
  Path.......: .aws/credentials
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/.aws/credentials
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Contains word: credential
  Path.......: credential_01
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/credential_01
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Contains word: credential
  Path.......: credential_02
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/credential_02
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Contains word: password
  Path.......: password_01
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/password_01
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Contains word: password
  Path.......: password_02
  Repo.......: micksmix/test-secrets
  Message....: initial commit
  Author.....: micksmix <[email protected]>
  File URL...: https://github.com/micksmix/test-secrets/blob/2573ec69956f3a29ddaed3e066018f76df42243f/password_02
  Commit URL.: https://github.com/micksmix/test-secrets/commit/2573ec69956f3a29ddaed3e066018f76df42243f
 ------------------------------------------------

 INSERT: Shell configuration file
  Path.......: .bashrc
  Repo.......: micksmix/tmux
  Message....: initial commit
  Author.....: Mick Grove <[email protected]>
  Comment....: Shell configuration files can contain passwords, API keys, hostnames and other goodies
  File URL...: https://github.com/micksmix/tmux/blob/df652d637be9a05f0abf1d2986cdd22a4892a997/.bashrc
  Commit URL.: https://github.com/micksmix/tmux/commit/df652d637be9a05f0abf1d2986cdd22a4892a997
 ------------------------------------------------


Findings....: 7
Files.......: 428
Commits.....: 133
Repositories: 20
Targets.....: 1

@plasticuproject
Copy link

@micksmix

I'm terribly sorry. I had a previous install that was being executed. I'm new to using GoLang and screwed up with some paths. I removed the old original and now your fork is working as intended.

Thanks!

@plasticuproject plasticuproject mentioned this pull request Feb 28, 2019
Open
@plasticuproject
Copy link

@micksmix

I hope you don't mind, but I included your bug fix code in my pull request for a new feature #177. It just didn't make sense for me to add that feature with that bug unresolved.

It's the first GoLang I've ever written, so if you check it out, please don't be too harsh.

@mattyjones
Copy link

Thanks for submitting this. I thought I had seen a bug here but this was a ton of legwork on several people. This is merged in at my fork. Please feel free to open new issues or pull requests against that.

Here we go again @micksmix ;)

@Techbrunch @plasticuproject

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
6 participants
@micksmix @Techbrunch @plasticuproject @mattyjones @betobrandao @muffix