7.1 KiB
7.1 KiB
phase, plan, type, wave, depends_on, files_modified, autonomous, requirements, must_haves
| phase | plan | type | wave | depends_on | files_modified | autonomous | requirements | must_haves | ||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 10-osint-code-hosting | 04 | execute | 2 |
|
|
true |
|
|
Purpose: RECON-CODE-03, RECON-CODE-04. Output: Two new ReconSource implementations + tests.
<execution_context> @$HOME/.claude/get-shit-done/workflows/execute-plan.md @$HOME/.claude/get-shit-done/templates/summary.md </execution_context>
@.planning/phases/10-osint-code-hosting/10-CONTEXT.md @.planning/phases/10-osint-code-hosting/10-01-SUMMARY.md @pkg/recon/source.go @pkg/recon/sources/httpclient.go @pkg/recon/sources/queries.go Bitbucket 2.0 search (docs: https://developer.atlassian.com/cloud/bitbucket/rest/api-group-search/): GET /2.0/workspaces/{workspace}/search/code?search_query= Auth: Bearer (app password or OAuth) Response: { "values": [{ "content_match_count": N, "file": {"path":"","commit":{...}}, "page_url": "..." }] } Note: Requires a workspace param — make it configurable via SourcesConfig.BitbucketWorkspace; if unset, source is disabled. Rate: 1000/hour → rate.Every(3.6 * time.Second), burst 1.GitHub Gist search: GitHub does not expose a dedicated /search/gists endpoint that searches gist contents. Use the /gists/public endpoint + client-side filtering as fallback: GET /gists/public?per_page=100 returns public gists; for each gist, fetch /gists/{id} and scan file contents for keyword matches. Keep implementation minimal: just enumerate the first page, match against keyword list, emit Findings with Source = gist.html_url. Auth: Bearer . Rate: 30/min → rate.Every(2s).
Task 1: BitbucketSource + tests pkg/recon/sources/bitbucket.go, pkg/recon/sources/bitbucket_test.go - Test A: Enabled false when token OR workspace empty - Test B: Enabled true when both set - Test C: Sweep queries /2.0/workspaces/{ws}/search/code with Bearer header - Test D: Decodes `{values:[{file:{path,commit:{...}},page_url:"..."}]}` and emits Finding with Source=page_url, SourceType="recon:bitbucket" - Test E: 401 → ErrUnauthorized - Test F: Ctx cancellation Create `pkg/recon/sources/bitbucket.go`: - Struct `BitbucketSource { Token, Workspace, BaseURL string; Registry *providers.Registry; Limiters *recon.LimiterRegistry; client *Client }` - Default BaseURL: `https://api.bitbucket.org` - Name "bitbucket", RateLimit rate.Every(3600*time.Millisecond), Burst 1, RespectsRobots false - Enabled = s.Token != "" && s.Workspace != "" - Sweep: for each query in BuildQueries(reg, "bitbucket"), limiters.Wait, issue GET request, decode into struct with `Values []struct{ PageURL string "json:page_url"; File struct{ Path string } "json:file" }`, emit Findings - Compile-time assert `var _ recon.ReconSource = (*BitbucketSource)(nil)`Create `pkg/recon/sources/bitbucket_test.go` with httptest server, synthetic
registry, assertions on URL path `/2.0/workspaces/testws/search/code`, Bearer
header, and emitted Findings.
Create `pkg/recon/sources/gist_test.go`:
- httptest server with two routes: `/gists/public` returns 2 gists each with 1 file, raw_url pointing to same server `/raw/<id>`; `/raw/<id>` returns content containing "sk-proj-" for one and an unrelated string for the other
- Assert exactly 1 Finding emitted, Source matches the gist's html_url
- 401 test, ctx cancellation test, empty-token test
<success_criteria> RECON-CODE-03 and RECON-CODE-04 satisfied. </success_criteria>
After completion, create `.planning/phases/10-osint-code-hosting/10-04-SUMMARY.md`.