[FEATURE] [Diver] Look for hotwords in all commits of all branches of all Git repositories of organization #202
Description
Description
As a FaaS organization administrator,
I want to look in a repository for hot words
So that I can check if sensitive data have been added, versioned or badly removed
Definition of Done
- Parameter "--help"
- Parameter "--github ORG"
- Parameter "--gitlab ORG"
- Parameter "--path REPO"
- Parameter "--words FILE"
- Log in standard output traces (elasped time, clone repo, branch, commit)
- Log in standard output the hotword matchs
- Log in file the hotword matchs
- Log in standard output the summary (number of repos, number of matchs, etc.)
Details
- Python script
- Using existing scripts if relevant
- words parameter is mandatory
- only one in path or github or gitlab parameter must be used
- log file path defined in script
Algorithm:
- Clone the Git repository with all its branches
- Iterate on each branch
- Iterate on each commit of each branch
- Iterator on each file of each commit of each branch
- Check if sensitive words defined in a side files are available (one word by line)
- Log the repo, commit, branch, file and hotword if found
- Iterate for all repos of the organization
Notes
- Existing script can be used: https://github.com/Orange-OpenSource/floss-toolbox/blob/dev/toolbox/diver/utils/find-hotwords-in-files.sh
- This feature might be enhanced: https://github.com/Orange-OpenSource/floss-toolbox/wiki/2.-Dig,-dive-and-look-inside-files-and-Git-history#find-credentials-in-sources
- Hotwords can be: CUID, IP address, headers of file slike GPG or SSH private key, specific names of internal solutions