gitrob-signature-adaptor

node v8.12.0
version: 1.0.0
endpointsharetweet
Convert gitrob signatures.json into Gitlab files_blacklist.yml strings.
const signatures = [ { "caption": "host names on non-http ports", "description": null, "part": "contents", "pattern": "(.*\\.(net|com):(?!(80|443)\b))(.*)", "type": "regex" }, { "caption": "non RFC-1918 IP address", "description": null, "part": "contents", "pattern": "(url|host|host_?name|host_?addr|ip|ip_?addr|ip_?address)['\"]? ?[=:] ?['\"]((http|http)s?://)(1(?!(27|0|92)\\.)|[2-9]+)", "type": "regex" }, { "caption": "static passwords", "description": null, "part": "contents", "pattern": "(password|passwd|pass|pwd)['\"]? ?[=:] ?['\"]?(?!(['\"]))", "type": "regex" }, { "caption": "1Password password manager database file", "description": null, "part": "extension", "pattern": "agilekeychain", "type": "match" }, { "caption": "Apple Keychain database file", "description": null, "part": "extension", "pattern": "keychain", "type": "match" }, { "caption": "Day One journal file", "description": null, "part": "extension", "pattern": "dayone", "type": "match" }, { "caption": "GnuCash database file", "description": null, "part": "extension", "pattern": "gnucash", "type": "match" }, { "caption": "KDE Wallet Manager database file", "description": null, "part": "extension", "pattern": "kwallet", "type": "match" }, { "caption": "KeePass password manager database file", "description": null, "part": "extension", "pattern": "kdb", "type": "match" }, { "caption": "Log file", "description": "Log files might contain information such as references to secret HTTP endpoints, session IDs, user information, passwords and API keys.", "part": "extension", "pattern": "log", "type": "match" }, { "caption": "Network traffic capture file", "description": null, "part": "extension", "pattern": "pcap", "type": "match" }, { "caption": "OpenVPN client configuration file", "description": null, "part": "extension", "pattern": "ovpn", "type": "match" }, { "caption": "Potential cryptographic key bundle", "description": null, "part": "extension", "pattern": "pkcs12", "type": "match" }, { "caption": "Potential cryptographic key bundle", "description": null, "part": "extension", "pattern": "pfx", "type": "match" }, { "caption": "Potential cryptographic key bundle", "description": null, "part": "extension", "pattern": "p12", "type": "match" }, { "caption": "Potential cryptographic key bundle", "description": null, "part": "extension", "pattern": "asc", "type": "match" }, { "caption": "Potential cryptographic private key", "description": null, "part": "extension", "pattern": "pem", "type": "match" }, { "caption": "Tunnelblick VPN configuration file", "description": null, "part": "extension", "pattern": "tblk", "type": "match" }, { "caption": "GNOME Keyring database file", "description": null, "part": "extension", "pattern": "^key(store|ring)quot;, "type": "regex" }, { "caption": "Potential cryptographic private key", "description": null, "part": "extension", "pattern": "^key(pair)?quot;, "type": "regex" }, { "caption": "SQL dump file", "description": null, "part": "extension", "pattern": "^sql(dump)?quot;, "type": "regex" }, { "caption": "Carrierwave configuration file", "description": "Can contain credentials for online storage systems such as Amazon S3 and Google Storage.", "part": "filename", "pattern": "carrierwave.rb", "type": "match" }, { "caption": "Chef Knife configuration file", "description": "Might contain references to Chef servers", "part": "filename", "pattern": "knife.rb", "type": "match" }, { "caption": "Django configuration file", "description": "Might contain database credentials, online storage system credentials, secret keys, etc.", "part": "filename", "pattern": "settings.py", "type": "match" }, { "caption": "FileZilla FTP configuration file", "description": "Might contain credentials for FTP servers", "part": "filename", "pattern": "filezilla.xml", "type": "match" }, { "caption": "FileZilla FTP recent servers file", "description": "Might contain credentials for FTP servers", "part": "filename", "pattern": "recentservers.xml", "type": "match" }, { "caption": "Jenkins publish over SSH plugin file", "description": null, "part": "filename", "pattern": "jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml", "type": "match" }, { "caption": "Little Snitch firewall configuration file", "description": "Contains traffic rules for applications", "part": "filename", "pattern": "configuration.user.xpl", "type": "match" }, { "caption": "OmniAuth configuration file", "description": "The OmniAuth configuration file might contain client application secrets.", "part": "filename", "pattern": "omniauth.rb", "type": "match" }, { "caption": "Pidgin OTR private key", "description": null, "part": "filename", "pattern": "otr.private_key", "type": "match" }, { "caption": "Potential Jenkins credentials file", "description": null, "part": "filename", "pattern": "credentials.xml", "type": "match" }, { "caption": "Potential MediaWiki configuration file", "description": null, "part": "filename", "pattern": "LocalSettings.php", "type": "match" }, { "caption": "Potential Ruby On Rails database configuration file", "description": "Might contain database credentials.", "part": "filename", "pattern": "database.yml", "type": "match" }, { "caption": "Potential jrnl journal file", "description": null, "part": "filename", "pattern": "journal.txt", "type": "match" }, { "caption": "Robomongo MongoDB manager configuration file", "description": "Might contain credentials for MongoDB databases", "part": "filename", "pattern": "robomongo.json", "type": "match" }, { "caption": "Ruby On Rails database schema file", "description": "Contains information on the database schema of a Ruby On Rails application.", "part": "filename", "pattern": "schema.rb", "type": "match" }, { "caption": "Ruby On Rails secret token configuration file", "description": "If the Rails secret token is known, it can allow for remote code execution. (http://www.exploit-db.com/exploits/27527/)", "part": "filename", "pattern": "secret_token.rb", "type": "match" }, { "caption": "Sequel Pro MySQL database manager bookmark file", "description": null, "part": "filename", "pattern": "Favorites.plist", "type": "match" }, { "caption": "Terraform variable config file", "description": "Might contain credentials for terraform providers", "part": "filename", "pattern": "terraform.tfvars", "type": "match" }, { "caption": "Ventrilo server configuration file", "description": "Might contain passwords", "part": "filename", "pattern": "ventrilo_srv.ini", "type": "match" }, { "caption": "cPanel backup ProFTPd credentials file", "description": "Contains usernames and password hashes for FTP accounts", "part": "filename", "pattern": "proftpdpasswd", "type": "match" }, { "caption": "Apache htpasswd file", "description": null, "part": "filename", "pattern": "^\\.?htpasswdquot;, "type": "regex" }, { "caption": "Configuration file for auto-login process", "description": "Might contain username and password.", "part": "filename", "pattern": "^(\\.|_)?netrcquot;, "type": "regex" }, { "caption": "Contains word: backup", "description": null, "part": "filename", "pattern": "backup", "type": "regex" }, { "caption": "Contains word: credential", "description": null, "part": "filename", "pattern": "credential", "type": "regex" }, { "caption": "Contains word: dump", "description": null, "part": "filename", "pattern": "dump", "type": "regex" }, { "caption": "Contains word: password", "description": null, "part": "filename", "pattern": "password", "type": "regex" }, { "caption": "Contains word: secret", "description": null, "part": "filename", "pattern": "secret", "type": "regex" }, { "caption": "Contains words: private, key", "description": null, "part": "filename", "pattern": "private.*key", "type": "regex" }, { "caption": "DBeaver SQL database manager configuration file", "description": null, "part": "filename", "pattern": "^\\.?dbeaver-data-sources.xmlquot;, "type": "regex" }, { "caption": "Docker configuration file", "description": "Might contain credentials for public or private Docker registries", "part": "filename", "pattern": "^\\.?dockercfgquot;, "type": "regex" }, { "caption": "Environment configuration file", "description": null, "part": "filename", "pattern": "^\\.?envquot;, "type": "regex" }, { "caption": "Git configuration file", "description": null, "part": "filename", "pattern": "^\\.?gitconfigquot;, "type": "regex" }, { "caption": "Mutt e-mail client configuration file", "description": null, "part": "filename", "pattern": "^\\.?muttrcquot;, "type": "regex" }, { "caption": "MySQL client command history file", "description": null, "part": "filename", "pattern": "^\\.?mysql_historyquot;, "type": "regex" }, { "caption": "NPM configuration file", "description": "Might contain credentials for NPM registries", "part": "filename", "pattern": "^\\.?npmrcquot;, "type": "regex" }, { "caption": "PHP configuration file", "description": "Might contain credentials and keys.", "part": "filename", "pattern": "^(.*)?config(\\.inc)?\\.phpquot;, "type": "regex" }, { "caption": "PostgreSQL client command history file", "description": null, "part": "filename", "pattern": "^\\.?psql_historyquot;, "type": "regex" }, { "caption": "PostgreSQL password file", "description": null, "part": "filename", "pattern": "^\\.?pgpassquot;, "type": "regex" }, { "caption": "Private SSH key", "description": null, "part": "filename", "pattern": "^.*_rsaquot;, "type": "regex" }, { "caption": "Private SSH key", "description": null, "part": "filename", "pattern": "^.*_dsaquot;, "type": "regex" }, { "caption": "Private SSH key", "description": null, "part": "filename", "pattern": "^.*_ed25519quot;, "type": "regex" }, { "caption": "Private SSH key", "description": null, "part": "filename", "pattern": "^.*_ecdsaquot;, "type": "regex" }, { "caption": "Ruby IRB console history file", "description": null, "part": "filename", "pattern": "^\\.?irb_historyquot;, "type": "regex" }, { "caption": "S3cmd configuration file", "description": null, "part": "filename", "pattern": "^\\.?s3cfgquot;, "type": "regex" }, { "caption": "Shell command alias configuration file", "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys.", "part": "filename", "pattern": "^\\.?(bash_|zsh_)?aliasesquot;, "type": "regex" }, { "caption": "Shell command history file", "description": null, "part": "filename", "pattern": "^\\.?(bash_|zsh_|z)?historyquot;, "type": "regex" }, { "caption": "Shell configuration file", "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys.", "part": "filename", "pattern": "^\\.?(bash|zsh)rcquot;, "type": "regex" }, { "caption": "Shell profile configuration file", "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys.", "part": "filename", "pattern": "^\\.?(bash_|zsh_)?profilequot;, "type": "regex" }, { "caption": "T command-line Twitter client configuration file", "description": null, "part": "filename", "pattern": "^\\.?trcquot;, "type": "regex" }, { "caption": "Tugboat DigitalOcean management tool configuration", "description": null, "part": "filename", "pattern": "^\\.?tugboatquot;, "type": "regex" }, { "caption": "Well, this is awkward... Gitrob configuration file", "description": null, "part": "filename", "pattern": "^\\.?gitrobrcquot;, "type": "regex" }, { "caption": "git-credential-store helper credentials file", "description": null, "part": "filename", "pattern": "^\\.?git-credentialsquot;, "type": "regex" }, { "caption": "AWS CLI credentials file", "description": null, "part": "path", "pattern": "\\.?aws/credentialsquot;, "type": "regex" }, { "caption": "Chef private key", "description": "Can be used to authenticate against Chef servers", "part": "path", "pattern": "\\.?chef/(.*)\\.pemquot;, "type": "regex" }, { "caption": "Hexchat/XChat IRC client server list configuration file", "description": null, "part": "path", "pattern": "\\.?xchat2?\\/servlist_?\\.confquot;, "type": "regex" }, { "caption": "Irssi IRC client configuration file", "description": null, "part": "path", "pattern": "\\.?irssi\\/configquot;, "type": "regex" }, { "caption": "Pidgin chat client account configuration file", "description": null, "part": "path", "pattern": "\\.?purple\\/accounts\\.xmlquot;, "type": "regex" }, { "caption": "Recon-ng web reconnaissance framework API key database", "description": null, "part": "path", "pattern": "\\.?recon-ng\\/keys\\.dbquot;, "type": "regex" }, { "caption": "Rubygems credentials file", "description": "Might contain API key for a rubygems.org account.", "part": "path", "pattern": "\\.?gem/credentialsquot;, "type": "regex" }, { "caption": "SSH configuration file", "description": null, "part": "path", "pattern": "\\.?ssh/configquot;, "type": "regex" } ]
Dependencies
const plur = require('plur') const {escapeRegExp, isNil, keyBy, set} = require('lodash')
nullGitlabPushRule
const defaultGitlabPushRuleOptions = { commentDelimiter: '#' }
#formatPattern
const isExtension = (signature) => signature.part === 'extension' const isMatch = (signature) => signature.type === 'match' const formatPattern = (signature) => { let ptn = signature.pattern if (isExtension(signature)) { ptn = `.${ptn}` } if (isMatch(signature)) { ptn = `${escapeRegExp(ptn)} RunKit } return ptn }
class GitlabPushRule { constructor(signature, options = defaultGitlabPushRuleOptions) { Object.assign(this, signature) this.pattern = formatPattern(signature) this.comments = GitlabPushRule.toComments(signature) this.options = options } static toComments(signature) { const {caption, description, part, type} = signature const MANY = 2 const comments = [ `Detect ${plur(caption, MANY)}`, `by ${part} ${type}.` ] if (!isNil(description)) { const section = ['', '@description', '', description] section.forEach((statement) => comments.push(statement)) } return comments } toString() { const separator = `${this.options.commentDelimiter}` const comments = this.comments .map((comment) => `${separator} ${comment}`) .join('\n') return `${comments}\n\n- ${this.pattern}\n` } }
GitlabPushRuleCollection
class GitlabPushRuleCollection { constructor(signatureList = signatures) { this.entries = GitlabPushRuleCollection.toArray(signatureList) } static toArray(signatureList = signatures) { return signatureList .filter((signature) => signature.part !== 'contents') .map((signature) => new GitlabPushRule(signature)) } toString() { return this.entries .map((pushRule) => pushRule.toString()) .join('\n') } }
gitlabAdapator#toPushRules
const gitlabAdaptor = { pushRules(signatureList = signatures) { return new GitlabPushRuleCollection(signatureList) } }
Run:
const filesBlacklistYaml = gitlabAdaptor.pushRules(signatures).toString() console.log(filesBlacklistYaml)
Loading…

no comments

    sign in to comment