Add password structure in table

Author: csavelief

app/Listeners/EndVulnsScanListener.php

@@ -43,32 +43,34 @@ public static function sendEmailReport(YnhTrial $trial): void
             return;
         }
 
-        $query = "SELECT DISTINCT concat(login, '@', login_email_domain) AS email, concat(url_scheme, '://', url_subdomain, '.', url_domain) AS website FROM dumps_login_email_domain WHERE login_email_domain = '{$assets->first()->tld}' ORDER BY email ASC";
+        $query = "SELECT DISTINCT concat(login, '@', login_email_domain) AS email, concat(url_scheme, '://', url_subdomain, '.', url_domain) AS website, password FROM dumps_login_email_domain WHERE login_email_domain = '{$assets->first()->tld}' ORDER BY email, website ASC";
 
         Log::info($query);
 
         $output = JosianneClient::executeQuery($query);
         $leaks = collect(explode("\n", $output))
             ->filter(fn(string $line) => !empty($line) && $line !== 'ok')
             ->map(function (string $line) {
-                $line = trim($line);
                 return [
-                    'email' => Str::before($line, "\t"),
-                    'website' => Str::after($line, "\t"),
+                    'email' => Str::trim(Str::before($line, "\t")),
+                    'website' => Str::trim(Str::between($line, "\t", "\t")),
+                    'password' => $this->maskPassword(Str::trim(Str::afterLast($line, "\t"))),
                 ];
             })
             ->map(function (array $credentials) {
-                if (preg_match("/(?i)\b((?:https?:\/\/|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|(([^\s()<>]+|(([^\s()<>]+)))*))+(?:(([^\s()<>]+|(([^\s()<>]+)))*)|[^\s`!()[]{};:'\".,<>?«»“”‘’]))/", $credentials['website'])) {
+                // if (preg_match("/(?i)\b((?:https?:\/\/|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|(([^\s()<>]+|(([^\s()<>]+)))*))+(?:(([^\s()<>]+|(([^\s()<>]+)))*)|[^\s`!()[]{};:'\".,<>?«»“”‘’]))/", $credentials['website'])) {
+                if (filter_var($credentials['website'], FILTER_VALIDATE_URL)) {
                     return $credentials;
                 }
                 return [
                     'email' => $credentials['email'],
                     'website' => '',
+                    'password' => $credentials['password'],
                 ];
             })
-            ->unique(fn(array $credentials) => $credentials['email'] . $credentials['website'])
+            ->unique(fn(array $credentials) => $credentials['email'] . $credentials['website'] . $credentials['password'])
             ->values();
-        $msgLeaks = $leaks->isNotEmpty() ? "<li>J'ai trouvé <b>{$leaks->count()}</b> identifiants compromis appartenant au domaine {$assets->first()->tld}.</li>" : "";
+        $msgLeaks = $leaks->isNotEmpty() ? "<li>J'ai trouvé <b>{$leaks->count()}</b> identifiants fuités ou compromis appartenant au domaine {$assets->first()->tld}.</li>" : "";
 
         unset($output);
 
@@ -120,10 +122,10 @@ public static function sendEmailReport(YnhTrial $trial): void
             })->join("");
 
         if ($leaks->isNotEmpty()) {
-            $website = $leaks->map(fn(array $leak) => "<li>L'identifiant <b>{$leak['email']}</b> donnant accès à <b>{$leak['website']}</b> a été compromis.</li>")->join("\n");
+            $website = $leaks->map(fn(array $leak) => "<li>L'identifiant <b>{$leak['email']}</b> donnant accès à <b>{$leak['website']}</b> a été fuité ou compromis.</li>")->join("\n");
             $answer .= "
-            <h3>Identifiants compromis</h3>
-            <p>Cywise surveille également les fuites de données !<p>
+            <h3>Identifiants fuités ou compromis</h3>
+            <p>Cywise surveille également les fuites de données et compromissions !<p>
             <ul>
               {$website}
             </ul>
@@ -217,6 +219,14 @@ public static function sendEmail(string $from, string $to, string $subject, stri
         return [];
     }
 
+    private static function maskPassword(string $password): string
+    {
+        if (Str::length($password) <= 2) {
+            return Str::repeat('*', Str::length($password));
+        }
+        return Str::substr($password, 0, 1) . Str::repeat('*', Str::length($password) - 2) . Str::substr($password, -1, 1);
+    }
+
     public function viaQueue(): string
     {
         return self::MEDIUM;

app/View/Components/Timeline.php

@@ -330,18 +330,18 @@ private function leaks(User $user): array
                     ->unique()
                     ->join("','") . "'";
 
-            $query = "SELECT DISTINCT concat(login, '@', login_email_domain) AS email, concat(url_scheme, '://', url_subdomain, '.', url_domain) AS website FROM dumps_login_email_domain WHERE login_email_domain IN ({$tlds}) ORDER BY email ASC";
+            $query = "SELECT DISTINCT concat(login, '@', login_email_domain) AS email, concat(url_scheme, '://', url_subdomain, '.', url_domain) AS website, password FROM dumps_login_email_domain WHERE login_email_domain IN ({$tlds}) ORDER BY email, website ASC";
 
             Log::info($query);
 
             $output = JosianneClient::executeQuery($query);
             $leaks = collect(explode("\n", $output))
                 ->filter(fn(string $line) => !empty($line) && $line !== 'ok')
                 ->map(function (string $line) {
-                    $line = trim($line);
                     return [
-                        'email' => Str::before($line, "\t"),
-                        'website' => Str::after($line, "\t"),
+                        'email' => Str::trim(Str::before($line, "\t")),
+                        'website' => Str::trim(Str::between($line, "\t", "\t")),
+                        'password' => $this->maskPassword(Str::trim(Str::afterLast($line, "\t"))),
                     ];
                 })
                 ->map(function (array $credentials) {
@@ -352,9 +352,10 @@ private function leaks(User $user): array
                     return [
                         'email' => $credentials['email'],
                         'website' => '',
+                        'password' => $credentials['password'],
                     ];
                 })
-                ->unique(fn(array $credentials) => $credentials['email'] . $credentials['website']);
+                ->unique(fn(array $credentials) => $credentials['email'] . $credentials['website'] . $credentials['password']);
 
             if (count($leaks) > 0) {
 
@@ -365,7 +366,8 @@ private function leaks(User $user): array
                 $leaks = $leaks->filter(function (array $leak) use ($leaksPrev) {
                     return !$leaksPrev->contains(function (object $leakPrev) use ($leak) {
                         return $leakPrev->email === $leak['email'] &&
-                            $leakPrev->website === $leak['website'];
+                            $leakPrev->website === $leak['website'] &&
+                            $leakPrev->password === $leak['password'];
                     });
                 });
 
@@ -537,4 +539,12 @@ private function events(User $user): array
             })
             ->toArray();
     }
+
+    private function maskPassword(string $password): string
+    {
+        if (Str::length($password) <= 2) {
+            return Str::repeat('*', Str::length($password));
+        }
+        return Str::substr($password, 0, 1) . Str::repeat('*', Str::length($password) - 2) . Str::substr($password, -1, 1);
+    }
 }

resources/views/cywise/_timeline-item-leak.blade.php

@@ -66,20 +66,28 @@ class="icon icon-tabler icons-tabler-outline icon-tabler-password-user">
   </span>
   <div class="timeline-item-wrapper">
     <div class="timeline-item-description">
-      <span>Nous avons trouvé <b>{{ count(json_decode($leak->attributes()['credentials'])) }} identifiants compromis</b>. Si aucune action n'a encore été entreprise, demandez aux utilisateurs concernés de modifier leur mot de passe.</span>
+      <span>Nous avons trouvé <b>{{ count(json_decode($leak->attributes()['credentials'])) }} identifiants fuités ou compromis</b>. Si aucune action n'a encore été entreprise, demandez aux utilisateurs concernés de modifier leur mot de passe.</span>
     </div>
     <table>
       <thead>
       <tr>
         <th>{{ __('Email') }}</th>
         <th>{{ __('Website') }}</th>
+        <th>{{ __('Password') }}</th>
+        <th></th>
       </tr>
       </thead>
       <tbody>
       @foreach(json_decode($leak->attributes()['credentials']) as $l)
       <tr>
         <td>{{ $l->email }}</td>
         <td>{{ empty($l->website) ? '-' : $l->website }}</td>
+        <td>{{ empty($l->password) ? '-' : $l->password }}</td>
+        <td>
+          <span class="lozenge new">
+            {{ empty($l->website) ? __('fuite de données') : __('possible compromission') }}
+          </span>
+        </td>
       </tr>
       @endforeach
       </tbody>