Added option to save all findings to a JSON file

AriESQ · Sep 7, 2019 · 29aa2ad · 29aa2ad
1 parent d21bc46
commit 29aa2ad
Show file tree

Hide file tree

Showing 7 changed files with 63 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,8 @@
 yar
+findings.json
+
 .vscode/
+
 config/rules.json
 config/noisyrules.json
 config/truffleRules.json
diff --git a/main.go b/main.go
@@ -19,4 +19,7 @@ func main() {
 	go robber.HandleSigInt(m, sigc, kill, finished, cleanup)
 
 	m.Start(kill, finished, cleanup)
+	if *m.Flags.Save {
+		robber.SaveFindings(m.Findings)
+	}
 }
diff --git a/robber/analysis.go b/robber/analysis.go
@@ -9,13 +9,15 @@ import (
 )
 
 const (
+	// B64chars is used for entropy finding of base64 strings.
 	B64chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
+	// Hexchars is used for entropy finding of hex based strings.
 	Hexchars = "1234567890abcdefABCDEF"
 )
 
 // AnalyzeEntropyDiff breaks a given diff into words and finds valid base64 and hex
 // strings within a word and finally runs an entropy check on the valid string.
-// Code taken from https://github.com/dxa4481/truffleHog
+// Code taken from https://github.com/dxa4481/truffleHog.
 func AnalyzeEntropyDiff(m *Middleware, diffObject *DiffObject) {
 	words := strings.Fields(*diffObject.Diff)
 	for _, word := range words {
@@ -47,8 +49,10 @@ func AnalyzeRegexDiff(m *Middleware, diffObject *DiffObject) {
 					newSecret = true
 				}
 				if newSecret {
+					diffObject.Diff = &newDiff
 					finding := NewFinding(rule.Reason, secret, diffObject)
-					m.Logger.LogFinding(finding, m, newDiff)
+					m.Findings = append(m.Findings, finding)
+					m.Logger.LogFinding(finding, m)
 					break
 				}
 			}

diff --git a/robber/flags.go b/robber/flags.go
@@ -19,12 +19,13 @@ type Flags struct {
 	User        *string
 	Repo        *string
 	Config      *os.File
-	Context     *int
 	Entropy     *bool
 	Both        *bool
+	Save        *bool
 	NoContext   *bool
 	Forks       *bool
 	CleanUp     *bool
+	Context     *int
 	CommitDepth *int
 	Noise       *int
 }
@@ -104,6 +105,12 @@ func ParseFlags() *Flags {
 			},
 		}),
 
+		Save: parser.Flag("s", "save", &argparse.Options{
+			Required: false,
+			Help:     "Yar will save all findings to a file named findings.json if this flag is set",
+			Default:  false,
+		}),
+
 		CommitDepth: parser.Int("", "depth", &argparse.Options{
 			Required: false,
 			Help:     "Specify the depth limit of commits fetched when cloning",

diff --git a/robber/log.go b/robber/log.go
@@ -109,6 +109,7 @@ func NewFinding(reason string, secret []int, diffObject *DiffObject) *Finding {
 		Secret:        secret,
 		RepoName:      *diffObject.Reponame,
 		Filepath:      *diffObject.Filepath,
+		Diff:          *diffObject.Diff,
 	}
 	return finding
 }
@@ -141,7 +142,7 @@ func (l *Logger) logSecret(diff string, booty []int, contextNum int) {
 }
 
 // LogFinding is used to output Findings
-func (l *Logger) LogFinding(f *Finding, m *Middleware, diff string) {
+func (l *Logger) LogFinding(f *Finding, m *Middleware) {
 	l.Lock()
 	defer l.Unlock()
 	info, _ := logColors[info]
@@ -166,9 +167,9 @@ func (l *Logger) LogFinding(f *Finding, m *Middleware, diff string) {
 	info.Printf("Commit message: ")
 	data.Printf("%s\n\n", strings.Trim(f.CommitMessage, "\n"))
 	if *m.Flags.NoContext {
-		secret.Printf("%s\n\n", diff[f.Secret[0]:f.Secret[1]])
+		secret.Printf("%s\n\n", f.Diff[f.Secret[0]:f.Secret[1]])
 	} else {
-		l.logSecret(diff, f.Secret, *m.Flags.Context)
+		l.logSecret(f.Diff, f.Secret, *m.Flags.Context)
 	}
 }
 

diff --git a/robber/middleware.go b/robber/middleware.go
@@ -22,6 +22,7 @@ type Middleware struct {
 	Client      *github.Client
 	AccessToken string
 	RepoCount   *int32
+	Findings    []*Finding
 }
 
 // NewMiddleware creates a new Middleware and returns it.

diff --git a/robber/util.go b/robber/util.go
@@ -2,6 +2,8 @@ package robber
 
 import (
 	"context"
+	"encoding/json"
+	"io/ioutil"
 	"math"
 	"net/http"
 	"os"
@@ -16,6 +18,18 @@ const (
 	envTokenVariable = "YAR_GITHUB_TOKEN"
 )
 
+type jsonFinding []struct {
+	Reason        string `json:"Reason"`
+	Filepath      string `json:"Filepath"`
+	RepoName      string `json:"RepoName"`
+	Commiter      string `json:"Commiter"`
+	CommitHash    string `json:"CommitHash"`
+	DateOfCommit  string `json:"DateOfCommit"`
+	CommitMessage string `json:"CommitMessage"`
+	Link          string `json:"Link"`
+	Secret        string `json:"Secret"`
+}
+
 // CleanUp deletes all temp directories which were created for cloning of repositories.
 func CleanUp(m *Middleware) {
 	err := os.RemoveAll(path.Join(os.TempDir(), "yar"))
@@ -114,15 +128,38 @@ func PrintEntropyFinding(validStrings []string, m *Middleware, diffObject *DiffO
 		entropy := EntropyCheck(validString, B64chars)
 		if entropy > threshold {
 			context, indexes := FindContext(m, *diffObject.Diff, validString)
+			diffObject.Diff = &context
 			secretString := context[indexes[0]:indexes[1]]
 			if !m.SecretExists(*diffObject.Reponame, secretString) {
 				m.AddSecret(*diffObject.Reponame, secretString)
-				m.Logger.LogFinding(NewFinding("Entropy Check", indexes, diffObject), m, context)
+				finding := NewFinding("Entropy Check", indexes, diffObject)
+				m.Findings = append(m.Findings, finding)
+				m.Logger.LogFinding(finding, m)
 			}
 		}
 	}
 }
 
+// SaveFindings saves all findings to a JSON file named findings.json
+func SaveFindings(findings []*Finding) {
+	var savedFindings jsonFinding
+	for _, finding := range findings {
+		savedFindings = append(savedFindings, jsonFinding{{
+			Reason:        finding.Reason,
+			Filepath:      finding.Filepath,
+			RepoName:      finding.RepoName,
+			Commiter:      finding.Committer,
+			CommitHash:    finding.CommitHash,
+			DateOfCommit:  finding.DateOfCommit,
+			CommitMessage: finding.CommitMessage,
+			Link:          strings.Join([]string{finding.RepoName, "commit", finding.CommitHash}, "/"),
+			Secret:        finding.Diff[finding.Secret[0]:finding.Secret[1]],
+		}}...)
+	}
+	content, _ := json.MarshalIndent(savedFindings, "", "  ")
+	_ = ioutil.WriteFile("findings.json", content, 0644)
+}
+
 // GetAccessToken retreives access token from env variables and returns an oauth2 client.
 func GetAccessToken(m *Middleware) (string, *http.Client) {
 	accessToken := os.Getenv(envTokenVariable)