-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy pathcontent_script.js
398 lines (337 loc) · 12.4 KB
/
content_script.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
if (typeof window.dotGitInjected === 'undefined') {
window.dotGitInjected = true;
let debug = false;
function debugLog(...args) {
if (debug) {
console.log('[DotGit]', ...args);
}
}
// Content script for checking exposed Git repositories and sensitive files
const GIT_PATH = "/.git/";
const GIT_HEAD_PATH = GIT_PATH + "HEAD";
const GIT_CONFIG_PATH = GIT_PATH + "config";
const GIT_HEAD_HEADER = "ref: refs/heads/";
const GIT_CONFIG_SEARCH = "url = (.*(github\\.com|gitlab\\.com).*)";
const GIT_OBJECTS_SEARCH = "[a-f0-9]{40}";
const SVN_PATH = "/.svn/";
const SVN_DB_PATH = SVN_PATH + "wc.db";
const SVN_DB_HEADER = "SQLite";
const HG_PATH = "/.hg/";
const HG_MANIFEST_PATH = HG_PATH + "store/00manifest.i";
const HG_MANIFEST_HEADERS = [
"\u0000\u0000\u0000\u0001",
"\u0000\u0001\u0000\u0001",
"\u0000\u0002\u0000\u0001",
"\u0000\u0003\u0000\u0001",
];
const ENV_PATH = "/.env";
const ENV_SEARCH = "^[A-Z_]+=|^[#\\n\\r ][\\s\\S]*^[A-Z_]+=";
const DS_STORE = "/.DS_Store";
const DS_STORE_HEADER = "\x00\x00\x00\x01Bud1";
const SECURITYTXT_PATHS = [
"/.well-known/security.txt",
"/security.txt",
];
const SECURITYTXT_SEARCH = "Contact: ";
// Helper function to make fetch requests with timeout
async function fetchWithTimeout(resource, options = {}) {
const { timeout = 10000 } = options;
const controller = new AbortController();
const id = setTimeout(() => controller.abort(), timeout);
const response = await fetch(resource, {
...options,
signal: controller.signal
});
clearTimeout(id);
return response;
}
// Check for exposed Git repository
async function checkGit(url) {
const to_check = url + GIT_HEAD_PATH;
const search = new RegExp(GIT_OBJECTS_SEARCH, "y");
try {
debugLog('Checking Git HEAD:', to_check);
const response = await fetchWithTimeout(to_check, {
redirect: "manual",
timeout: 10000
});
debugLog('Response status:', response.status);
debugLog('Response headers:', response.headers && response.headers.get ?
'Headers available' : 'Headers not available');
if (response.status === 200) {
const text = await response.text();
debugLog('Git HEAD content:', text);
debugLog('Content length:', text.length);
debugLog('Starts with header?', text.startsWith(GIT_HEAD_HEADER));
debugLog('Matches hash?', search.test(text));
if (text.startsWith(GIT_HEAD_HEADER) || search.test(text)) {
debugLog('Git repository found!');
chrome.runtime.sendMessage({
type: "GIT_FOUND",
url: url
});
return true;
}
debugLog('Content does not match Git patterns');
} else {
debugLog('Response not OK:', response.status, response.statusText);
}
} catch (error) {
debugLog('Error checking Git:', error);
}
debugLog('No Git repository found at:', to_check);
return false;
}
// Check for exposed SVN repository
async function checkSvn(url) {
const to_check = url + SVN_DB_PATH;
try {
const response = await fetchWithTimeout(to_check, {
redirect: "manual",
timeout: 10000
});
if (response.status === 200) {
const text = await response.text();
if (text.startsWith(SVN_DB_HEADER)) {
return true;
}
}
} catch (error) {
// Ignore error
}
return false;
}
// Check for exposed Mercurial repository
async function checkHg(url) {
const to_check = url + HG_MANIFEST_PATH;
try {
const response = await fetchWithTimeout(to_check, {
redirect: "manual",
timeout: 10000
});
if (response.status === 200) {
const text = await response.text();
if (HG_MANIFEST_HEADERS.some(header => text.startsWith(header))) {
return true;
}
}
} catch (error) {
// Ignore error
}
return false;
}
// Check for exposed .env file
async function checkEnv(url) {
const to_check = url + ENV_PATH;
const search = new RegExp(ENV_SEARCH, "g");
try {
const response = await fetchWithTimeout(to_check, {
redirect: "manual",
timeout: 10000
});
if (response.status === 200) {
const text = await response.text();
if (search.test(text)) {
return true;
}
}
} catch (error) {
// Ignore error
}
return false;
}
// Check for exposed .DS_Store file
async function checkDSStore(url) {
const to_check = url + DS_STORE;
try {
const response = await fetchWithTimeout(to_check, {
redirect: "manual",
timeout: 10000
});
if (response.status === 200) {
const text = await response.text();
if (text.startsWith(DS_STORE_HEADER)) {
return true;
}
}
} catch (error) {
// Ignore error
}
return false;
}
// Check for security.txt file
async function checkSecuritytxt(url) {
for (const path of SECURITYTXT_PATHS) {
const to_check = url + path;
const search = new RegExp(SECURITYTXT_SEARCH);
try {
const response = await fetchWithTimeout(to_check, {
redirect: "manual",
timeout: 10000
});
if (response.status === 200) {
const text = await response.text();
if (search.test(text)) {
return to_check;
}
}
} catch (error) {
// Ignore error
}
}
return false;
}
async function checkGitConfig(url) {
const to_check = url + GIT_CONFIG_PATH;
const search = new RegExp(GIT_CONFIG_SEARCH);
let result = [];
try {
const response = await fetchWithTimeout(to_check, {
redirect: "manual",
timeout: 10000
});
if (response.status === 200) {
let text = await response.text();
if (text !== false && ((result = search.exec(text)) !== null)) {
return result[1];
}
}
} catch (error) {
// Ignore error
}
return false;
}
async function checkOpenSource(url) {
try {
const response = await fetchWithTimeout(url, {
redirect: "manual",
timeout: 10000
});
if (response.status === 200) {
return url;
}
} catch (error) {
// Ignore error
}
return false;
}
async function isOpenSource(url) {
let configUrl;
let str = "";
configUrl = await checkGitConfig(url);
if (configUrl !== false) {
str = configUrl.replace("github.com:", "github.com/");
str = str.replace("gitlab.com:", "gitlab.com/");
if (str.startsWith("ssh://")) {
str = str.substring(6);
}
if (str.startsWith("git@")) {
str = str.substring(4);
}
if (str.endsWith(".git")) {
str = str.substring(0, str.length - 4);
}
if (str.startsWith("http") === false) {
str = "https://" + str;
}
try {
new URL(str);
return await checkOpenSource(str);
} catch (_) {
return false;
}
}
return false;
}
async function checkSite(url, options) {
try {
debugLog('Starting site check for:', url);
// Run all checks in parallel
const [git, svn, hg, env, ds_store, securitytxt, opensource] = await Promise.all([
options.functions.git ? checkGit(url) : Promise.resolve(false),
options.functions.svn ? checkSvn(url) : Promise.resolve(false),
options.functions.hg ? checkHg(url) : Promise.resolve(false),
options.functions.env ? checkEnv(url) : Promise.resolve(false),
options.functions.ds_store ? checkDSStore(url) : Promise.resolve(false),
options.check_securitytxt ? checkSecuritytxt(url) : Promise.resolve(false),
options.functions.git && options.check_opensource ? isOpenSource(url) : Promise.resolve(false)
]);
debugLog('Check results:', { git, svn, hg, env, ds_store, securitytxt, opensource });
const types = [];
if (git) types.push('git');
if (svn) types.push('svn');
if (hg) types.push('hg');
if (env) types.push('env');
if (ds_store) types.push('ds_store');
debugLog('Found types:', types);
if (types.length > 0) {
// Send each finding individually to ensure proper processing
for (const type of types) {
debugLog('Sending finding for type:', type);
await new Promise((resolve) => {
chrome.runtime.sendMessage({
type: "FINDINGS_FOUND",
data: {
url: url,
types: [type], // Send only one type at a time
opensource: opensource,
securitytxt: securitytxt
}
}, response => {
debugLog('Background response for', type, ':', response);
resolve();
});
});
}
}
return {
git,
svn,
hg,
env,
ds_store,
securitytxt,
opensource
};
} catch (error) {
debugLog('Error during checks:', error);
return {
git: false,
svn: false,
hg: false,
env: false,
ds_store: false,
securitytxt: false,
opensource: false,
error: error.message
};
}
}
// Listen for messages from the background script
chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
debugLog('Received message:', request);
if (request.type === "CHECK_SITE") {
const { url, options } = request;
debug = options.debug;
debugLog('Checking site:', url, 'with options:', options);
// Run checks based on enabled options
checkSite(url, options).then((results) => {
sendResponse(results);
}).catch(error => {
debugLog('Error during checks:', error);
sendResponse({
git: false,
svn: false,
hg: false,
env: false,
ds_store: false,
securitytxt: false,
opensource: false,
error: error.message
});
});
return true; // Keep the message channel open for async response
}
});
debugLog('Content script setup complete');
}