export report to json

checks.go

@@ -2,9 +2,7 @@ package main
 
 import (
 	_ "fmt"
-	//"github.com/nbutton23/zxcvbn-go"
-	"bytes"
-	"math"
+	"github.com/nbutton23/zxcvbn-go"
 	"strings"
 )
 
@@ -42,31 +40,18 @@ func checkEntropy(target string) bool {
 	}
 
 	// TODO check for stop words here
-
 	target = strings.Trim(target[index[1]:len(target)], " ")
-	entropy := shannonEntropy(target)
+
+	if len(target) > 70 {
+		return false
+	}
+
+	// entropy := shannonEntropy(target)
+	entropy := zxcvbn.PasswordStrength(target, nil).Entropy
 
 	// tune this/make option
-	if entropy > 3.5 {
+	if entropy > 70 {
 		return true
 	}
 	return false
 }
-
-func shannonEntropy(target string) float32 {
-	freqs := make(map[byte]float64)
-	targetBytes := []byte(target)
-	entropy := float64(0)
-	for i := 0; i < 256; i++ {
-		freqs[byte(i)] = 0
-	}
-	ln := len(target)
-	for k, _ := range freqs {
-		px := float64(bytes.Count(targetBytes, []byte{k})) / float64(ln)
-		freqs[k] = px
-		if px > 0 {
-			entropy += -float64(px) * math.Log2(px)
-		}
-	}
-	return float32(entropy)
-}

main.go

@@ -2,7 +2,9 @@ package main
 
 import (
 	"bytes"
+	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"os"
 	"os/exec"
@@ -13,6 +15,13 @@ import (
 // go get hunt is a github secret key hunter written in go. target organizations, users, and remote/local repos
 // gotta be fast
 
+type ReportElem struct {
+	Lines   []string `json:"lines"`
+	Branch  string   `json:"branch"`
+	CommitA string   `json:"commitA"`
+	CommitB string   `json:"commitB"`
+}
+
 type Repo struct {
 	url  string
 	name string
@@ -24,6 +33,7 @@ var cache map[string]bool
 var appRoot string
 var regexes map[string]*regexp.Regexp
 var assignRegex *regexp.Regexp
+var report []ReportElem
 
 func init() {
 	appRoot, _ = os.Getwd()
@@ -65,8 +75,11 @@ func repoStart(repo_url string) {
 	}
 
 	repo := Repo{repo_url, repo_name, ""}
-	repo.audit()
+	report := repo.audit()
 	repo.cleanup()
+
+	reportJson, _ := json.MarshalIndent(report, "", "\t")
+	err = ioutil.WriteFile(fmt.Sprintf("%s_leaks.json", repo.name), reportJson, 0644)
 }
 
 // cleanup changes to app root and recursive rms target repo
@@ -81,7 +94,7 @@ func (repo Repo) cleanup() {
 }
 
 // (Repo) audit parses git branch --all to audit remote branches
-func (repo Repo) audit() {
+func (repo Repo) audit() []ReportElem {
 	var out []byte
 	var err error
 	var branch string
@@ -102,7 +115,7 @@ func (repo Repo) audit() {
 		branch = string(bytes.Trim(branchB, " "))
 		out, err = exec.Command("git", "rev-list", branch).Output()
 		if err != nil {
-			log.Fatalf("error retrieving commits %v\n", err)
+			continue
 		}
 		// iterate through commits
 		commits = bytes.Split(out, []byte("\n"))
@@ -115,12 +128,15 @@ func (repo Repo) audit() {
 			// memoize the actual diff function
 			leaks = checkDiff(string(commitB), string(commits[j+1]))
 			if len(leaks) != 0 {
-				fmt.Println(leaks)
+				report = append(report, ReportElem{leaks, branch,
+					string(commitB), string(commits[j+1])})
 			}
 		}
 	}
+	return report
 }
 
+// checkDiff operates on a single diff between to chronological commits
 func checkDiff(commit1 string, commit2 string) []string {
 	var leakPrs bool
 	var leaks []string
@@ -131,7 +147,7 @@ func checkDiff(commit1 string, commit2 string) []string {
 
 	out, err := exec.Command("git", "diff", commit1, commit2).Output()
 	if err != nil {
-		log.Fatalf("error retrieving commits %v\n", err)
+		return []string{}
 	}
 
 	cache[commit1+commit2] = true