feat(15-03): add Grafana and Sentry ReconSource implementations
- GrafanaSource: search dashboards via /api/search, fetch detail via /api/dashboards/uid - SentrySource: search issues via /api/0/issues, fetch events for key detection - Register all 5 log aggregator sources in RegisterAll (67 sources total) - Tests use httptest mocks for each API endpoint
This commit is contained in:
salvacybersec
152
pkg/recon/sources/sentry.go
Normal file
152
pkg/recon/sources/sentry.go
Normal file
@@ -0,0 +1,152 @@
|
||||
package sources
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"golang.org/x/time/rate"
|
||||
|
||||
"github.com/salvacybersec/keyhunter/pkg/providers"
|
||||
"github.com/salvacybersec/keyhunter/pkg/recon"
|
||||
)
|
||||
|
||||
// SentrySource searches exposed Sentry instances for API keys in error reports.
|
||||
// Self-hosted Sentry installations may have the API accessible without
|
||||
// authentication, exposing error events that commonly contain API keys in
|
||||
// request headers, environment variables, and stack traces.
|
||||
type SentrySource struct {
|
||||
BaseURL string
|
||||
Registry *providers.Registry
|
||||
Limiters *recon.LimiterRegistry
|
||||
Client *Client
|
||||
}
|
||||
|
||||
var _ recon.ReconSource = (*SentrySource)(nil)
|
||||
|
||||
func (s *SentrySource) Name() string { return "sentry" }
|
||||
func (s *SentrySource) RateLimit() rate.Limit { return rate.Every(2 * time.Second) }
|
||||
func (s *SentrySource) Burst() int { return 3 }
|
||||
func (s *SentrySource) RespectsRobots() bool { return false }
|
||||
func (s *SentrySource) Enabled(_ recon.Config) bool { return true }
|
||||
|
||||
// sentryIssue represents a Sentry issue from the issues list API.
|
||||
type sentryIssue struct {
|
||||
ID string `json:"id"`
|
||||
Title string `json:"title"`
|
||||
}
|
||||
|
||||
// sentryEvent represents a Sentry event from the events API.
|
||||
type sentryEvent struct {
|
||||
EventID string `json:"eventID"`
|
||||
Tags json.RawMessage `json:"tags"`
|
||||
Context json.RawMessage `json:"context"`
|
||||
Entries json.RawMessage `json:"entries"`
|
||||
}
|
||||
|
||||
func (s *SentrySource) Sweep(ctx context.Context, query string, out chan<- recon.Finding) error {
|
||||
base := s.BaseURL
|
||||
if base == "" {
|
||||
base = "https://sentry.example.com"
|
||||
}
|
||||
client := s.Client
|
||||
if client == nil {
|
||||
client = NewClient()
|
||||
}
|
||||
|
||||
queries := BuildQueries(s.Registry, "sentry")
|
||||
if len(queries) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
for _, q := range queries {
|
||||
if err := ctx.Err(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if s.Limiters != nil {
|
||||
if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// Search issues matching keyword.
|
||||
issuesURL := fmt.Sprintf(
|
||||
"%s/api/0/issues/?query=%s&limit=10",
|
||||
base, url.QueryEscape(q),
|
||||
)
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, issuesURL, nil)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
resp, err := client.Do(ctx, req)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
data, err := io.ReadAll(io.LimitReader(resp.Body, 512*1024))
|
||||
_ = resp.Body.Close()
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
var issues []sentryIssue
|
||||
if err := json.Unmarshal(data, &issues); err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
// Fetch events for each issue.
|
||||
for _, issue := range issues {
|
||||
if err := ctx.Err(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if s.Limiters != nil {
|
||||
if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
eventsURL := fmt.Sprintf("%s/api/0/issues/%s/events/?limit=5", base, issue.ID)
|
||||
evReq, err := http.NewRequestWithContext(ctx, http.MethodGet, eventsURL, nil)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
evResp, err := client.Do(ctx, evReq)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
evData, err := io.ReadAll(io.LimitReader(evResp.Body, 512*1024))
|
||||
_ = evResp.Body.Close()
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
var events []sentryEvent
|
||||
if err := json.Unmarshal(evData, &events); err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
for _, ev := range events {
|
||||
content := string(ev.Tags) + string(ev.Context) + string(ev.Entries)
|
||||
if ciLogKeyPattern.MatchString(content) {
|
||||
out <- recon.Finding{
|
||||
ProviderName: q,
|
||||
Source: fmt.Sprintf("%s/issues/%s/events/%s", base, issue.ID, ev.EventID),
|
||||
SourceType: "recon:sentry",
|
||||
Confidence: "medium",
|
||||
DetectedAt: time.Now(),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user