salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4246db8294635482a21a7f2181e853dfd181bb4a
keyhunter/pkg/recon/sources/travisci.go

141 lines
3.6 KiB
Go
Raw Blame History

package sources
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"regexp"
"time"
"golang.org/x/time/rate"
"github.com/salvacybersec/keyhunter/pkg/providers"
"github.com/salvacybersec/keyhunter/pkg/recon"
)
// TravisCISource scrapes public Travis CI build logs for leaked API keys.
// Travis CI exposes build logs publicly by default for open-source projects.
// Developers frequently print environment variables or use secrets insecurely
// in CI scripts, causing API keys to appear in build output.
type TravisCISource struct {
BaseURL string
Registry *providers.Registry
Limiters *recon.LimiterRegistry
Client *Client
}
var _ recon.ReconSource = (*TravisCISource)(nil)
func (s *TravisCISource) Name() string { return "travisci" }
func (s *TravisCISource) RateLimit() rate.Limit { return rate.Every(3 * time.Second) }
func (s *TravisCISource) Burst() int { return 2 }
func (s *TravisCISource) RespectsRobots() bool { return false }
func (s *TravisCISource) Enabled(_ recon.Config) bool { return true }
// travisBuildResponse represents the Travis CI API builds response.
type travisBuildResponse struct {
Builds []travisBuild `json:"builds"`
}
type travisBuild struct {
ID int `json:"id"`
State string `json:"state"`
}
// ciLogKeyPattern matches API key patterns commonly leaked in CI logs.
var ciLogKeyPattern = regexp.MustCompile(`(?i)(api[_-]?key|secret[_-]?key|token|password|credential|auth[_-]?token)['":\s]*[=:]\s*['"]?([a-zA-Z0-9_\-]{16,})['"]?`)
func (s *TravisCISource) Sweep(ctx context.Context, _ string, out chan<- recon.Finding) error {
base := s.BaseURL
if base == "" {
base = "https://api.travis-ci.org"
}
client := s.Client
if client == nil {
client = NewClient()
}
queries := BuildQueries(s.Registry, "travisci")
if len(queries) == 0 {
return nil
}
for _, q := range queries {
if err := ctx.Err(); err != nil {
return err
}
if s.Limiters != nil {
if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil {
return err
}
}
// Search for builds related to the query keyword.
searchURL := fmt.Sprintf("%s/builds?search=%s&limit=5", base, q)
req, err := http.NewRequestWithContext(ctx, http.MethodGet, searchURL, nil)
if err != nil {
continue
}
req.Header.Set("Travis-API-Version", "3")
req.Header.Set("Accept", "application/json")
resp, err := client.Do(ctx, req)
if err != nil {
continue
}
var builds travisBuildResponse
if err := json.NewDecoder(resp.Body).Decode(&builds); err != nil {
_ = resp.Body.Close()
continue
}
_ = resp.Body.Close()
for _, b := range builds.Builds {
if err := ctx.Err(); err != nil {
return err
}
if s.Limiters != nil {
if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil {
return err
}
}
// Fetch the build log.
logURL := fmt.Sprintf("%s/builds/%d/log", base, b.ID)
logReq, err := http.NewRequestWithContext(ctx, http.MethodGet, logURL, nil)
if err != nil {
continue
}
logReq.Header.Set("Travis-API-Version", "3")
logReq.Header.Set("Accept", "text/plain")
logResp, err := client.Do(ctx, logReq)
if err != nil {
continue
}
body, err := io.ReadAll(io.LimitReader(logResp.Body, 256*1024))
_ = logResp.Body.Close()
if err != nil {
continue
}
if ciLogKeyPattern.Match(body) {
out <- recon.Finding{
ProviderName: q,
Source: logURL,
SourceType: "recon:travisci",
Confidence: "medium",
DetectedAt: time.Now(),
}
}
}
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink