fix: resolve Phase 14 merge conflicts across CI/CD, archive, and frontend sources
This commit is contained in:
salvacybersec
@@ -4,13 +4,8 @@ import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
<<<<<<< HEAD
|
||||
"net/http"
|
||||
"strings"
|
||||
=======
|
||||
"io"
|
||||
"net/http"
|
||||
>>>>>>> worktree-agent-adad8c10
|
||||
"time"
|
||||
|
||||
"golang.org/x/time/rate"
|
||||
@@ -19,16 +14,10 @@ import (
|
||||
"github.com/salvacybersec/keyhunter/pkg/recon"
|
||||
)
|
||||
|
||||
<<<<<<< HEAD
|
||||
// CircleCISource searches public CircleCI build logs for leaked API keys.
|
||||
// It queries the CircleCI v2 API for recent pipeline workflows. Requires a
|
||||
// CircleCI API token for authenticated access.
|
||||
=======
|
||||
// CircleCISource scrapes CircleCI build logs for leaked API keys.
|
||||
// CircleCI exposes build logs via its API; a personal API token is required
|
||||
// to access build artifacts and logs. Misconfigured pipelines often leak
|
||||
// secrets in build output.
|
||||
>>>>>>> worktree-agent-adad8c10
|
||||
type CircleCISource struct {
|
||||
Token string
|
||||
BaseURL string
|
||||
@@ -39,32 +28,6 @@ type CircleCISource struct {
|
||||
|
||||
var _ recon.ReconSource = (*CircleCISource)(nil)
|
||||
|
||||
<<<<<<< HEAD
|
||||
func (s *CircleCISource) Name() string { return "circleci" }
|
||||
func (s *CircleCISource) RateLimit() rate.Limit { return rate.Every(2 * time.Second) }
|
||||
func (s *CircleCISource) Burst() int { return 2 }
|
||||
func (s *CircleCISource) RespectsRobots() bool { return false }
|
||||
func (s *CircleCISource) Enabled(_ recon.Config) bool { return s.Token != "" }
|
||||
|
||||
type circlePipelineResponse struct {
|
||||
Items []circlePipeline `json:"items"`
|
||||
}
|
||||
|
||||
type circlePipeline struct {
|
||||
ID string `json:"id"`
|
||||
VCS circleVCSInfo `json:"vcs"`
|
||||
}
|
||||
|
||||
type circleVCSInfo struct {
|
||||
ProviderName string `json:"provider_name"`
|
||||
RepoName string `json:"target_repository_url"`
|
||||
}
|
||||
|
||||
func (s *CircleCISource) Sweep(ctx context.Context, _ string, out chan<- recon.Finding) error {
|
||||
if s.Token == "" {
|
||||
return nil
|
||||
}
|
||||
=======
|
||||
func (s *CircleCISource) Name() string { return "circleci" }
|
||||
func (s *CircleCISource) RateLimit() rate.Limit { return rate.Every(3 * time.Second) }
|
||||
func (s *CircleCISource) Burst() int { return 2 }
|
||||
@@ -84,7 +47,6 @@ type circleciPipeline struct {
|
||||
}
|
||||
|
||||
func (s *CircleCISource) Sweep(ctx context.Context, _ string, out chan<- recon.Finding) error {
|
||||
>>>>>>> worktree-agent-adad8c10
|
||||
base := s.BaseURL
|
||||
if base == "" {
|
||||
base = "https://circleci.com/api/v2"
|
||||
@@ -95,78 +57,32 @@ func (s *CircleCISource) Sweep(ctx context.Context, _ string, out chan<- recon.F
|
||||
}
|
||||
|
||||
queries := BuildQueries(s.Registry, "circleci")
|
||||
<<<<<<< HEAD
|
||||
kwIndex := circleKeywordIndex(s.Registry)
|
||||
=======
|
||||
if len(queries) == 0 {
|
||||
return nil
|
||||
}
|
||||
>>>>>>> worktree-agent-adad8c10
|
||||
|
||||
for _, q := range queries {
|
||||
if err := ctx.Err(); err != nil {
|
||||
return err
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
=======
|
||||
|
||||
>>>>>>> worktree-agent-adad8c10
|
||||
if s.Limiters != nil {
|
||||
if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
<<<<<<< HEAD
|
||||
endpoint := fmt.Sprintf("%s/pipeline?mine=false", base)
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("circleci: build request: %w", err)
|
||||
=======
|
||||
// Search for pipelines by project slug (query is used as slug hint).
|
||||
searchURL := fmt.Sprintf("%s/project/gh/%s/pipeline?limit=5", base, q)
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, searchURL, nil)
|
||||
if err != nil {
|
||||
continue
|
||||
>>>>>>> worktree-agent-adad8c10
|
||||
}
|
||||
req.Header.Set("Circle-Token", s.Token)
|
||||
req.Header.Set("Accept", "application/json")
|
||||
|
||||
resp, err := client.Do(ctx, req)
|
||||
if err != nil {
|
||||
<<<<<<< HEAD
|
||||
if strings.Contains(err.Error(), "unauthorized") {
|
||||
return err
|
||||
}
|
||||
continue
|
||||
}
|
||||
|
||||
var result circlePipelineResponse
|
||||
decErr := json.NewDecoder(resp.Body).Decode(&result)
|
||||
_ = resp.Body.Close()
|
||||
if decErr != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
provName := kwIndex[strings.ToLower(q)]
|
||||
for _, p := range result.Items {
|
||||
source := fmt.Sprintf("https://app.circleci.com/pipelines/%s", p.ID)
|
||||
if p.VCS.RepoName != "" {
|
||||
source = p.VCS.RepoName
|
||||
}
|
||||
f := recon.Finding{
|
||||
ProviderName: provName,
|
||||
Confidence: "low",
|
||||
Source: source,
|
||||
SourceType: "recon:circleci",
|
||||
DetectedAt: time.Now(),
|
||||
}
|
||||
select {
|
||||
case out <- f:
|
||||
case <-ctx.Done():
|
||||
return ctx.Err()
|
||||
=======
|
||||
continue
|
||||
}
|
||||
|
||||
@@ -216,30 +132,8 @@ func (s *CircleCISource) Sweep(ctx context.Context, _ string, out chan<- recon.F
|
||||
Confidence: "medium",
|
||||
DetectedAt: time.Now(),
|
||||
}
|
||||
>>>>>>> worktree-agent-adad8c10
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
|
||||
func circleKeywordIndex(reg *providers.Registry) map[string]string {
|
||||
m := make(map[string]string)
|
||||
if reg == nil {
|
||||
return m
|
||||
}
|
||||
for _, p := range reg.List() {
|
||||
for _, k := range p.Keywords {
|
||||
kl := strings.ToLower(strings.TrimSpace(k))
|
||||
if kl != "" {
|
||||
if _, exists := m[kl]; !exists {
|
||||
m[kl] = p.Name
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return m
|
||||
}
|
||||
=======
|
||||
>>>>>>> worktree-agent-adad8c10
|
||||
|
||||
Reference in New Issue
Block a user