PKCZ __init__.pynuȯPKCZ>`$w## __main__.pynu[import dodgy.run dodgy.run.main() PKCZgXX__pkginfo__.pynu[VERSION = (0, 2, 1) def get_version(): return ".".join([str(v) for v in VERSION]) PKCZ$__pycache__/__init__.cpython-311.pycnu[ bgdS)Nr_/builddir/build/BUILD/cloudlinux-venv-1.0.7/venv/lib/python3.11/site-packages/dodgy/__init__.pyrsrPKCZ(\??$__pycache__/__main__.cpython-311.pycnu[ bg#@ddlZejdS)N) dodgy.rundodgyrunmain_/builddir/build/BUILD/cloudlinux-venv-1.0.7/venv/lib/python3.11/site-packages/dodgy/__main__.pyr s) rPKCZw'__pycache__/__pkginfo__.cpython-311.pycnu[ bgXdZdZdS))cJddtDS)N.c,g|]}t|S)str).0vs b/builddir/build/BUILD/cloudlinux-venv-1.0.7/venv/lib/python3.11/site-packages/dodgy/__pkginfo__.py zget_version..s---SVV---)joinVERSIONrrr get_versionrs# 88--W--- . ..rN)rrrrr rs# /////rPKCZ.U  "__pycache__/checks.cpython-311.pycnu[ bg nddlZddlZddlZddlmZddejdejdejfeffZddejd ejd ffd d ejd fddejdffZ ddejdfddejdffZ dZ dZ dZ dS)N)partialaws_secret_keyzAmazon Web Services secret keyz(\'|")[A-Za-z0-9\\\+]{40}(\'|")z(\b|_)AWS(\b|_)diffzPossible SCM diff in codez ^<<<<<<< .*$z ^>>>>>>> .*$ssh_rsa_private_keyzPossible SSH private keyz+^-{5}(BEGIN|END)\s+RSA\s+PRIVATE\s+KEY-{5}$ssh_rsa_public_keyzPossible SSH public keyz7^ssh-rsa\s+AAAA[0-9A-Za-z+/]+[=]{0,3}\s*([^@]+@[^@]+)?$passwordzPossible hardcoded passwordzA(\b|[A-Z0-9_]*_)PASSWORD(_[A-Z0-9_]*|\b)\s*=\s(\'|")[^\'"]+(\'|")secretzPossible hardcoded secret keyz?(\b|[A-Z0-9_]*_)SECRET(_[A-Z0-9_]*|\b)\s*=\s(\'|")[^\'"]+(\'|")cg}|D]w}t|dkr|\}}}t}n|\}}}}t|ttfs|g}|fd|Dr|||fx|S)Nc:g|]}|S)search).0regexplines ]/builddir/build/BUILD/cloudlinux-venv-1.0.7/venv/lib/python3.11/site-packages/dodgy/checks.py zcheck_line..@s%;;;t$$;;;)lenany isinstancelisttupleappend)r check_listmessagestupkeymsgregexpsconds` r check_liner"4sH ( ( s88q== # CgDD&) #Cgt'D%=11 iG 4;;;;7;;; < < ( OOS#J ' ' ' Orc*|drttjd}nttjd}||d5}t |cdddS#1swxYwYdS)Nz.gzrt)moderzutf-8)encoding)endswithrgzipopencodecscheck_file_contentsread)filepathfopento_checks r check_filer1Fs/ --- #... x' * * *4h"8==??33444444444444444444s!BB B cg}t|dD];\}tttfD]!}|fdt ||Dz }"<|S)N c&g|] \}}dz||fS)r )rrr line_number0s rrz'check_file_contents..Vs9C!3,r) enumeratesplit STRING_VALS LINE_VALS VAR_NAMESr") file_contentsrrrr6s @rr,r,QsH' (;(;D(A(ABB d& 9=  J  *4 < < HH  Or)r+r)re functoolsrcompile IGNORECASEallr9r:r;r"r1r,r rrrBs^  ( BJ9 : : BJ)2= 9 9     # O $ $jbj&A&AB " ABB ! MNN  ( % P   ' UVV  $444     rPKCZ88__pycache__/run.cpython-311.pycnu[ bgS ddlZddlZddlZddlZddlZddlmZddlmZddDZ dZ d dZ d d Z d d Z ed kr e dSdS)N)ArgumentParser) check_filec g|]<}tj|dtjtjjiz=S)sep)recompileescapeospathr.0patts Z/builddir/build/BUILD/cloudlinux-venv-1.0.7/venv/lib/python3.11/site-packages/dodgy/run.py r sJ    Jtubi 445566   )z(^|%(sep)s)\.[^\.]z^tests?%(sep)s?z%(sep)stests?(%(sep)s|$)z_tests?(%(sep)s|$)cg}tj|D]>\}}}|D]5}|tj||6?|SN)r walkappendr join) start_path filepathsroot_files file_names r list_filesrsgI'*--<<a < t j|}|d|ddsv t|D].}| |d|d|dd/#t$r-}td ||Yd}~d}~wwxYw|S) Nc6g|]}tj|S)rrr s rrzrun_checks.."s">>>BJt$$>>>rc:g|]}|Sr )search)r ignorerelpaths rrzrun_checks..(s%BBB6 g&&BBBrrztext/)r linecodemessagezUnable to read {!r}: {}) IGNORE_PATHSrr r r$any mimetypes guess_type startswithrrUnicodeDecodeErrorprintformat) directory ignore_pathswarningsrfilepathmimetype msg_partserrr$s @r run_checksr9syH%2L>>>>>LL L9%%ICC'//(I66 BBBB\BBB C C  '11 A; hqk&<&C%% D/#DDFcttj|}tjd|id}t j|dz|rt jdt j|rdnddS)N)r3r4r&)indent rr%) r9r getcwdjsondumpssysstdoutwriteexit)r3 zero_exitr4outputs rrunrFAs")++LAAAH ZX.q 9 9 9FJVd]###  H( !QQ"""""rc &|p tj}d}td|}|dddtdddd |d d d dd||\}}t |j|jdS)NzA very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions designed to detect things such as accidental SCM diff checkins, or passwords/secret keys hardcoded into files.dodgy) descriptionz--ignore-pathsz-i+r# IGNORE_PATHzPaths to ignore)nargstypedestdefaultmetavarhelpz --zero-exitz-0rDzDodgy will exit with a code of 1 if problems are found. This flag ensures that it always returns with 0 unless an exception is raised. store_true)rNrQaction)r3rD) r@argvr add_argumentstrparse_known_argsrFr#rD)rTdescparserargsrs rmainr[Ks  38D W G 6 6 6F          V %%d++GD!T[DN;;;;;;r__main__r)NF)r>r,r rr@argparser dodgy.checksrr*rr9rFr[__name__r rrr`s  ############          F####<<<<< zDFFFFFrPKCZ*  checks.pynu[import codecs import gzip import re from functools import partial STRING_VALS = ( ( "aws_secret_key", "Amazon Web Services secret key", ( re.compile(r'(\'|")[A-Za-z0-9\\\+]{40}(\'|")'), re.compile(r"(\b|_)AWS(\b|_)", re.IGNORECASE), ), all, ), ) LINE_VALS = ( ( "diff", "Possible SCM diff in code", (re.compile(r"^<<<<<<< .*$"), re.compile(r"^>>>>>>> .*$")), ), ( "ssh_rsa_private_key", "Possible SSH private key", re.compile(r"^-{5}(BEGIN|END)\s+RSA\s+PRIVATE\s+KEY-{5}$"), ), ( "ssh_rsa_public_key", "Possible SSH public key", re.compile(r"^ssh-rsa\s+AAAA[0-9A-Za-z+/]+[=]{0,3}\s*([^@]+@[^@]+)?$"), ), ) VAR_NAMES = ( ( "password", "Possible hardcoded password", re.compile( r'(\b|[A-Z0-9_]*_)PASSWORD(_[A-Z0-9_]*|\b)\s*=\s(\'|")[^\'"]+(\'|")' ), ), ( "secret", "Possible hardcoded secret key", re.compile(r'(\b|[A-Z0-9_]*_)SECRET(_[A-Z0-9_]*|\b)\s*=\s(\'|")[^\'"]+(\'|")'), ), ) def check_line(line, check_list): messages = [] for tup in check_list: if len(tup) == 3: key, msg, regexps = tup cond = any else: key, msg, regexps, cond = tup if not isinstance(regexps, (list, tuple)): regexps = [regexps] if cond([regexp.search(line) for regexp in regexps]): messages.append((key, msg)) return messages def check_file(filepath): if filepath.endswith(".gz"): # this file looks like it is using gzip compression fopen = partial(gzip.open, mode="rt") else: # otherwise treat as standard text file fopen = partial(codecs.open, mode="r") with fopen(filepath, encoding="utf-8") as to_check: return check_file_contents(to_check.read()) def check_file_contents(file_contents): messages = [] for line_number0, line in enumerate(file_contents.split("\n")): for check_list in (STRING_VALS, LINE_VALS, VAR_NAMES): messages += [ (line_number0 + 1, key, msg) for key, msg in check_line(line, check_list) ] return messages PKCZ}S S run.pynu[import json import mimetypes import os import re import sys from argparse import ArgumentParser from dodgy.checks import check_file IGNORE_PATHS = [ re.compile(patt % {"sep": re.escape(os.path.sep)}) for patt in ( r"(^|%(sep)s)\.[^\.]", # ignores any files or directories starting with '.' r"^tests?%(sep)s?", r"%(sep)stests?(%(sep)s|$)", # Ignore foo_test(s)/. r"_tests?(%(sep)s|$)", ) ] def list_files(start_path): filepaths = [] for root, _, files in os.walk(start_path): for file_name in files: filepaths.append(os.path.join(root, file_name)) return filepaths def run_checks(directory, ignore_paths=None): warnings = [] ignore_paths = ignore_paths or [] ignore_paths = [re.compile(patt) for patt in ignore_paths] ignore_paths += IGNORE_PATHS filepaths = list_files(directory) for filepath in filepaths: relpath = os.path.relpath(filepath, directory) if any([ignore.search(relpath) for ignore in ignore_paths]): continue # this is a naive check to skip binary files, it's probably okay for now mimetype = mimetypes.guess_type(filepath) if mimetype[0] is None or not mimetype[0].startswith("text/"): continue try: for msg_parts in check_file(filepath): warnings.append( { "path": relpath, "line": msg_parts[0], "code": msg_parts[1], "message": msg_parts[2], } ) except UnicodeDecodeError as err: # This is a file which cannot be opened using codecs with UTF-8 print("Unable to read {!r}: {}".format(filepath, err)) return warnings def run(ignore_paths=None, zero_exit=False): warnings = run_checks(os.getcwd(), ignore_paths=ignore_paths) output = json.dumps({"warnings": warnings}, indent=2) sys.stdout.write(output + "\n") if zero_exit: sys.exit(0) sys.exit(1 if warnings else 0) def main(argv=None): argv = argv or sys.argv desc = ( 'A very basic tool to run against your codebase to search for "dodgy" looking values. ' "It is a series of simple regular expressions designed to detect things such as " "accidental SCM diff checkins, or passwords/secret keys hardcoded into files." ) parser = ArgumentParser("dodgy", description=desc) parser.add_argument( "--ignore-paths", "-i", nargs="+", type=str, dest="ignore", default=None, metavar="IGNORE_PATH", help="Paths to ignore", ) parser.add_argument( "--zero-exit", "-0", dest="zero_exit", help="Dodgy will exit with a code of 1 if problems are found. This flag ensures that it always returns with 0 unless an exception is raised.", action="store_true", ) args, _ = parser.parse_known_args(argv) run(ignore_paths=args.ignore, zero_exit=args.zero_exit) if __name__ == "__main__": main() PKCZ __init__.pynuȯPKCZ>`$w## ;__main__.pynu[PKCZgXX__pkginfo__.pynu[PKCZ$/__pycache__/__init__.cpython-311.pycnu[PKCZ(\??$O__pycache__/__main__.cpython-311.pycnu[PKCZw'__pycache__/__pkginfo__.cpython-311.pycnu[PKCZ.U  "__pycache__/checks.cpython-311.pycnu[PKCZ88=__pycache__/run.cpython-311.pycnu[PKCZ*  *checks.pynu[PKCZ}S S 3run.pynu[PK c@