Add files via upload

xPloits3c · web-flow · commit 7e5606cfacd7 · 2026-04-11T01:07:22.000+02:00
diff --git a/.github/workflows/dorkeye-agent.yml b/.github/workflows/dorkeye-agent.yml
@@ -0,0 +1,256 @@
+# ─────────────────────────────────────────────────────────────────────────────
+# 🦅 DorkEye — Claude Code Agent Workflow
+# Powered by Anthropic Claude Code Action v1 | DorkEye Project
+#
+# TRIGGERS:
+#   • Every opened/updated PR → automatic review with bug + security analysis
+#   • @claude in comments/issues → interactive assistant
+#   • Every Monday at 09:00 UTC → full weekly repo audit
+#   • workflow_dispatch → manual audit execution
+# ─────────────────────────────────────────────────────────────────────────────
+
+name: 🦅 DorkEye AI Agent
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+  issue_comment:
+    types: [created]
+
+  pull_request_review_comment:
+    types: [created]
+
+  issues:
+    types: [assigned]
+
+  schedule:
+    - cron: "0 9 * * 1" # Every Monday at 09:00 UTC
+
+  workflow_dispatch: # Manual trigger from the GitHub interface
+
+concurrency:
+  group: dorkeye-ai-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+# ─────────────────────────────────────────────────────────────────────────────
+# JOB 1 — Automatic PR Review
+# Full analysis of every PR: bugs, vulns, security, code quality
+# ─────────────────────────────────────────────────────────────────────────────
+jobs:
+  pr-review:
+    name: 🔍 PR Review & Security Analysis
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          track_progress: true
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+            AUTHOR: ${{ github.event.pull_request.user.login }}
+
+            You are a senior security engineer and Python expert reviewing a PR for DorkEye,
+            an advanced OSINT and Google Dorking tool written in Python by xPloits3c.
+
+            PROJECT ARCHITECTURE:
+            - dorkeye.py: main script (Google/DuckDuckGo dorking, WAF detection, SQLi)
+            - Tools/dorkeye_analyze.py: SQLi analyzer with confidence scoring
+            - Tools/dorkeye_report.py: HTML report generator (watch for XSS)
+            - config/: YAML templates and dork configurations
+            - requirements.txt: requests, urllib3, PyYAML, rich, ddgs>=4.0.0,<5.0.0
+              NOTE: ddgs is deliberately pinned to v4.x — v5 introduces breaking changes
+              to the API (from standalone functions to DDGS class). DO NOT suggest upgrading to v5.
+
+            ANALYZE THIS PR WITH THE FOLLOWING PRIORITIES:
+
+            🔴 CRITICAL (blocks merge):
+            - XSS in HTML report: unsanitized content inserted into the DOM
+            - SQL injection in payload or query construction
+            - Command injection via subprocess/os.system with user input
+            - Hardcoded secrets, API keys or credentials
+            - Path traversal vulnerabilities
+            - Python 3.8 incompatibilities (walrus :=, match/case, typing union |, etc.)
+            - Security functions defined but never called (e.g. test_path_based_sqli)
+
+            🟡 SECURITY (report as warning):
+            - yaml.load() without Loader=yaml.SafeLoader
+            - pickle or unsafe deserializations
+            - SSL/TLS verification disabled (verify=False)
+            - Sensitive data leakage in logs or error messages
+            - External input used without validation
+
+            🔵 CODE QUALITY:
+            - Gap in SQLiConfidence.CRITICAL assignment
+            - baseline_status == None bug in SQLi analyzer
+            - Incomplete cross-database payloads for time-based SQLi
+            - Stub or placeholder implementations never completed
+            - Missing error handling in network calls
+            - Inconsistencies in rich console output
+
+            🟢 IMPROVEMENTS:
+            - PEP 8 and Python best practices
+            - Performance optimizations
+            - Missing documentation for new functions
+            - Test coverage suggestions
+
+            RESPONSE FORMAT:
+            Use inline comments for code-specific issues.
+            Post a summary comment with an evaluation table using emojis and
+            severity levels (🔴 CRITICAL / 🟡 HIGH / 🔵 MEDIUM / 🟢 LOW).
+            Be precise, technical and constructive.
+          claude_args: |
+            --max-turns 15
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Read,GlobTool,GrepTool"
+            --append-system-prompt "You are integrated into DorkEye, a Python OSINT/security tool. Be rigorous about vulnerabilities but constructive in tone. Absolute priority on security and stability."
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # JOB 2 — Interactive Assistant
+  # Responds to @claude mentions in PR comments and issues
+  # ─────────────────────────────────────────────────────────────────────────────
+  interactive:
+    name: 💬 Claude Interactive Assistant
+    if: |
+      github.event_name == 'issue_comment' ||
+      github.event_name == 'pull_request_review_comment' ||
+      github.event_name == 'issues'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_args: |
+            --max-turns 10
+            --append-system-prompt "You are Claude, an AI assistant integrated into the GitHub repository of DorkEye — an advanced Python OSINT and Google Dorking tool created by xPloits3c (handle: xPloits3c). You know the full architecture: dorkeye.py (main), Tools/dorkeye_analyze.py (SQLi analyzer with confidence scoring), Tools/dorkeye_report.py (HTML report), config/ (YAML templates). Stack: Python 3.8+, rich, requests, urllib3, ddgs>=4.0.0<5.0.0 (pinned to v4 — v5 breaks the API), PyYAML. Optional plugins: llama-cpp-python (local LLM), playwright (screenshots). Help with bug reports, feature requests, code questions and security analysis. Be technical, precise and concise."
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # JOB 3 — Automatic Weekly Audit
+  # Every Monday: security scan, bug hunt, dep review, repo health
+  # Creates a GitHub issue with the full report
+  # ─────────────────────────────────────────────────────────────────────────────
+  weekly-audit:
+    name: 🔐 Weekly Security Audit & Repo Maintenance
+    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Full history for in-depth analysis
+
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install DorkEye dependencies + audit tools
+        run: |
+          pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install bandit pip-audit 2>/dev/null || true
+
+      - name: Run Bandit static security scan
+        run: |
+          bandit -r . -f json -o bandit-report.json \
+            --exclude ./.git,./venv,./.venv,./node_modules \
+            -ll 2>/dev/null || true
+          echo "✅ Bandit scan completed"
+
+      - name: Run pip-audit dependency check
+        run: |
+          pip-audit --format=json --output=pip-audit-report.json || true
+          echo "✅ pip-audit check completed"
+
+      - uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            AUDIT DATE: ${{ github.run_started_at }}
+
+            You are running the weekly automated audit of DorkEye —
+            an advanced Python OSINT and Google Dorking tool created by xPloits3c.
+
+            ARCHITECTURE:
+            - dorkeye.py: main script
+            - Tools/dorkeye_analyze.py: SQLi analyzer (check CRITICAL gap and baseline_status)
+            - Tools/dorkeye_report.py: HTML report (XSS-sensitive, uses escaping)
+            - config/: YAML templates and dork configurations
+            - requirements.txt: requests, urllib3, PyYAML, rich, ddgs>=4.0.0,<5.0.0
+            - .github/: workflows, SECURITY.md, CONTRIBUTING.md, issue templates
+
+            EXECUTE THESE TASKS IN ORDER:
+
+            ━━━ 1. SECURITY AUDIT ━━━
+            - Read all .py files and identify security vulnerabilities
+            - Read bandit-report.json (if it exists) for automated results
+            - Read pip-audit-report.json (if it exists) for vulnerable dependencies
+            - Look for: XSS in HTML output, injection flaws, unsafe yaml.load(),
+              hardcoded secrets, security-critical functions never called
+            - Verify that ddgs is still pinned to >=4.0.0,<5.0.0
+              ⚠️ DO NOT suggest upgrading to v5 — breaking API changes are intentional
+
+            ━━━ 2. BUG HUNT ━━━
+            - Identify logic errors, None dereferences, unhandled exceptions
+            - Check for SQLiConfidence.CRITICAL gap in the analyzer
+            - Verify handling of baseline_status == None
+            - Look for incomplete cross-database time-based SQLi payloads
+            - Functions defined but never called (e.g. test_path_based_sqli)
+
+            ━━━ 3. DEPENDENCY REVIEW ━━━
+            - Check requirements.txt for outdated or vulnerable packages
+            - Check for dependencies imported directly but only transitive in the file
+            - Report version ranges that could be widened or tightened
+
+            ━━━ 4. REPOSITORY HEALTH ━━━
+            - Is README.md up to date with current features?
+            - Does SECURITY.md have correct disclosure information?
+            - Look for TODO/FIXME/HACK in the code
+            - Are .github/ workflows using deprecated action versions?
+            - Are issue templates and PR templates up to date?
+
+            ━━━ 5. IMPROVEMENTS ━━━
+            - High-impact architectural suggestions
+            - Features missing relative to open issues
+            - Documentation gaps
+
+            AFTER THE ANALYSIS:
+            Create a GitHub issue with the title:
+            "🦅 DorkEye Weekly Audit — $(date +"%Y-W%V")"
+
+            Structure the report with:
+            - Summary table with counts per severity
+            - Separate sections for each analysis area
+            - Severity: 🔴 CRITICAL / 🟡 HIGH / 🔵 MEDIUM / 🟢 LOW / ℹ️ INFO
+            - Each finding with: description, file:line, recommendation
+            - "Quick Wins" section with the easiest and most impactful fixes
+            - Add the "maintenance" label if it exists in the repo
+          claude_args: |
+            --max-turns 20
+            --allowedTools "Read,GlobTool,GrepTool,Bash(cat:*),Bash(find:*),Bash(grep:*),Bash(date:*),Bash(gh issue create:*),Bash(gh issue list:*),Bash(gh label list:*)"
+            --append-system-prompt "Be rigorous and methodical. Prioritize real security findings over style suggestions. The issue report must be in clean, readable and actionable Markdown. Do not create duplicate issues — first check whether an audit for the current week already exists."
