From 4a9bda2ee8e25ba3d4e21f274c342a0296ede959 Mon Sep 17 00:00:00 2001 From: Terrtia Date: Wed, 19 May 2021 14:54:34 +0200 Subject: [PATCH] chg: [ApiKey] refactor module + tests --- bin/ApiKey.py | 129 +++++++++++++++++++++--------------------- bin/Onion.py | 15 ++--- tests/test_modules.py | 22 ++++++- 3 files changed, 89 insertions(+), 77 deletions(-) diff --git a/bin/ApiKey.py b/bin/ApiKey.py index 07325885..06e7d6f2 100755 --- a/bin/ApiKey.py +++ b/bin/ApiKey.py @@ -7,85 +7,84 @@ The ApiKey Module This module is consuming the Redis-list created by the Categ module. -It apply API_key regexes on paste content and warn if above a threshold. +Search for API keys on an item content. """ -import redis -import pprint -import time import re -from packages import Paste -from packages import lib_refine -from pubsublogger import publisher +# project packages +from module.abstract_module import AbstractModule +from packages.Item import Item +from lib import regex_helper -from Helper import Process +class ApiKey(AbstractModule): + """ApiKey module for AIL framework""" + def __init__(self): + super(ApiKey, self).__init__() -def search_api_key(message): - filename, score = message.split() - paste = Paste.Paste(filename) - content = paste.get_p_content() + self.redis_cache_key = regex_helper.generate_redis_cache_key(self.module_name) - aws_access_key = regex_aws_access_key.findall(content) - aws_secret_key = regex_aws_secret_key.findall(content) - google_api_key = regex_google_api_key.findall(content) + # # TODO: ENUM or dict - if(len(aws_access_key) > 0 or len(aws_secret_key) > 0 or len(google_api_key) > 0): + # TODO improve REGEX + #r'(? 0): - print('found google api key') - print(to_print) - publisher.warning('{}Checked {} found Google API Key;{}'.format( - to_print, len(google_api_key), paste.p_rel_path)) - msg = 'infoleak:automatic-detection="google-api-key";{}'.format(filename) - p.populate_set_out(msg, 'Tags') + # r'=AIza[0-9a-zA-Z-_]{35}' keep equal ???? + self.re_google_api_key = r'AIza[0-9a-zA-Z-_]{35}' + re.compile(self.re_google_api_key) - if(len(aws_access_key) > 0 or len(aws_secret_key) > 0): - print('found AWS key') - print(to_print) - total = len(aws_access_key) + len(aws_secret_key) - publisher.warning('{}Checked {} found AWS Key;{}'.format( - to_print, total, paste.p_rel_path)) - msg = 'infoleak:automatic-detection="aws-key";{}'.format(filename) - p.populate_set_out(msg, 'Tags') + # Send module state to logs + self.redis_logger.info(f"Module {self.module_name} initialized") + def compute(self, message, r_match=False): + id, score = message.split() + item = Item(id) + item_content = item.get_content() - msg = 'infoleak:automatic-detection="api-key";{}'.format(filename) - p.populate_set_out(msg, 'Tags') + google_api_key = regex_helper.regex_findall(self.module_name, self.redis_cache_key, self.re_google_api_key, item.get_id(), item_content) - #Send to duplicate - p.populate_set_out(filename, 'Duplicate') + aws_access_key = regex_helper.regex_findall(self.module_name, self.redis_cache_key, self.re_aws_access_key, item.get_id(), item_content) + if aws_access_key: + aws_secret_key = regex_helper.regex_findall(self.module_name, self.redis_cache_key, self.re_aws_secret_key, item.get_id(), item_content) + + if aws_access_key or google_api_key: + to_print = f'ApiKey;{item.get_source()};{item.get_date()};{item.get_basename()};' + + if google_api_key: + print(f'found google api key: {to_print}') + self.redis_logger.warning(f'{to_print}Checked {len(google_api_key)} found Google API Key;{item.get_id()}') + + msg = f'infoleak:automatic-detection="google-api-key";{item.get_id()}' + self.send_message_to_queue('Tags', msg) + + # # TODO: # FIXME: AWS regex/validate/sanityze KEY + SECRET KEY + if aws_access_key: + print(f'found AWS key: {to_print}') + self.redis_logger.warning(f'{to_print}Checked {len(aws_access_key)} found AWS Key;{item.get_id()}') + if aws_secret_key: + print(f'found AWS secret key') + self.redis_logger.warning(f'{to_print}Checked {len(aws_secret_key)} found AWS secret Key;{item.get_id()}') + + msg = 'infoleak:automatic-detection="aws-key";{}'.format(item.get_id()) + self.send_message_to_queue('Tags', msg) + + # Tags + msg = f'infoleak:automatic-detection="api-key";{item.get_id()}' + self.send_message_to_queue('Tags', msg) + + # Send to duplicate + self.send_message_to_queue('Duplicate', item.get_id()) + + if r_match: + return (google_api_key, aws_access_key, aws_secret_key) if __name__ == "__main__": - publisher.port = 6380 - publisher.channel = "Script" - - config_section = 'ApiKey' - - p = Process(config_section) - - publisher.info("ApiKey started") - - message = p.get_from_set() - - # TODO improve REGEX - regex_aws_access_key = re.compile(r'(?