├── .github └── workflows │ ├── anchore-syft.yml │ ├── dependency-review.yml │ ├── lint.yml │ ├── release.yml │ ├── semgrep.yml │ └── test.yml ├── .gitignore ├── .goreleaser.yaml ├── .pre-commit-config.yaml ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── MAINTAINERS ├── Makefile ├── README.md ├── SECURITY.md ├── cmd └── github-analyzer │ └── main.go ├── docker-compose.yml ├── go.mod ├── go.sum └── pkg ├── config └── config.go ├── futils └── futils.go ├── github ├── auditor │ ├── auditor.go │ └── auditor_test.go ├── org │ └── org.go ├── repo │ └── repo.go ├── types │ └── types.go └── utils │ └── utils.go ├── issue ├── category │ └── category.go ├── issue.go ├── resource │ └── resource.go ├── severity │ └── severity.go └── tags │ └── tags.go ├── log └── logger.go ├── output └── html │ ├── html.go │ ├── static │ ├── css │ │ ├── bootstrap.css │ │ ├── font-awesome.min.css │ │ └── plain.css │ └── img │ │ └── favicon.webp │ └── templates │ └── index.html.tmpl └── scraping └── scraping.go /.github/workflows/anchore-syft.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # This workflow checks out code, builds an image, performs a container image 7 | # scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency 8 | # submission API. 9 | 10 | # For more information on the Anchore sbom-action usage 11 | # and parameters, see https://github.com/anchore/sbom-action. For more 12 | # information about the Anchore SBOM tool, Syft, see 13 | # https://github.com/anchore/syft 14 | name: Anchore Syft SBOM scan 15 | 16 | on: 17 | push: 18 | branches: [ "main" ] 19 | 20 | permissions: 21 | contents: write 22 | 23 | jobs: 24 | Anchore-Build-Scan: 25 | permissions: 26 | contents: write # required to upload to the Dependency submission API 27 | runs-on: ubuntu-latest 28 | steps: 29 | - name: Checkout the code 30 | uses: actions/checkout@v3 31 | - name: Build the Docker image 32 | run: docker build . --file Dockerfile --tag localbuild/testimage:latest 33 | - name: Scan the image and upload dependency results 34 | uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a 35 | with: 36 | image: "localbuild/testimage:latest" 37 | artifact-name: image.spdx.json 38 | dependency-snapshot: true 39 | -------------------------------------------------------------------------------- /.github/workflows/dependency-review.yml: -------------------------------------------------------------------------------- 1 | # Dependency Review Action 2 | # 3 | # This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. 4 | # 5 | # Source repository: https://github.com/actions/dependency-review-action 6 | # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement 7 | name: "Dependency Review" 8 | on: [pull_request] 9 | 10 | permissions: 11 | contents: read 12 | 13 | jobs: 14 | dependency-review: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - name: "Checkout Repository" 18 | uses: actions/checkout@v3 19 | - name: "Dependency Review" 20 | uses: actions/dependency-review-action@v2 21 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: lint 2 | 3 | on: pull_request 4 | 5 | jobs: 6 | pre-commit: 7 | runs-on: ubuntu-latest 8 | 9 | steps: 10 | - name: Checkout Code 11 | uses: actions/checkout@v3 12 | 13 | - name: Setup Python 14 | uses: actions/setup-python@v3 15 | 16 | - name: Setup Go 17 | uses: actions/setup-go@v3 18 | with: 19 | go-version: ">=1.18.0" 20 | 21 | - name: Run pre-commit 22 | uses: pre-commit/action@v3.0.0 23 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: release 2 | 3 | permissions: 4 | contents: write 5 | 6 | on: 7 | push: 8 | tags: 9 | - "*" 10 | 11 | jobs: 12 | goreleaser: 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - name: Checkout Code 17 | uses: actions/checkout@v3 18 | 19 | - name: Fetch git tags 20 | run: git fetch --force --tags 21 | 22 | - name: Setup go 23 | uses: actions/setup-go@v3 24 | with: 25 | go-version: ">=1.19.2" 26 | cache: true 27 | 28 | - uses: goreleaser/goreleaser-action@v2 29 | with: 30 | distribution: goreleaser 31 | version: latest 32 | args: release --rm-dist 33 | env: 34 | GITHUB_TOKEN: ${{ github.token }} 35 | -------------------------------------------------------------------------------- /.github/workflows/semgrep.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # This workflow file requires a free account on Semgrep.dev to 7 | # manage rules, file ignores, notifications, and more. 8 | # 9 | # See https://semgrep.dev/docs 10 | 11 | name: Semgrep 12 | 13 | on: 14 | push: 15 | branches: [ "main" ] 16 | pull_request: 17 | # The branches below must be a subset of the branches above 18 | branches: [ "main" ] 19 | schedule: 20 | - cron: '27 0 * * 4' 21 | workflow_dispatch: 22 | inputs: 23 | 24 | permissions: 25 | contents: read 26 | 27 | jobs: 28 | semgrep: 29 | permissions: 30 | contents: read # for actions/checkout to fetch code 31 | security-events: write # for github/codeql-action/upload-sarif to upload SARIF results 32 | actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status 33 | name: Scan 34 | runs-on: ubuntu-latest 35 | steps: 36 | # Checkout project source 37 | - uses: actions/checkout@v3 38 | 39 | # Scan code using project's configuration on https://semgrep.dev/manage 40 | - uses: returntocorp/semgrep-action@fcd5ab7459e8d91cb1777481980d1b18b4fc6735 41 | with: 42 | publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} 43 | # publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }} 44 | generateSarif: "1" 45 | 46 | # - run: semgrep ci --sarif --output=semgrep.sarif 47 | # env: 48 | # # Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN. 49 | # # Generate a token from Semgrep Cloud Platform > Settings 50 | # # and add it to your GitHub secrets. 51 | # SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} 52 | 53 | # Upload SARIF file generated in previous step 54 | - name: Upload SARIF file 55 | uses: github/codeql-action/upload-sarif@v2 56 | with: 57 | sarif_file: semgrep.sarif 58 | if: always() 59 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: test 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | pull_request: 8 | 9 | jobs: 10 | analyzer: 11 | runs-on: ubuntu-latest 12 | 13 | steps: 14 | - name: Checkout Code 15 | uses: actions/checkout@v3 16 | 17 | - name: Generate org-level access token for test-org 18 | id: org-token 19 | uses: getsentry/action-github-app-token@v1 20 | with: 21 | app_id: ${{ secrets.TEST_GITHUB_APP_ID }} 22 | private_key: ${{ secrets.TEST_GITHUB_APP_PRIVATE_KEY }} 23 | 24 | - name: Scan test-org 25 | env: 26 | GH_SECURITY_AUDITOR_TOKEN: ${{ steps.org-token.outputs.token }} 27 | run: | 28 | docker-compose run --rm github-analyzer \ 29 | --organization ${{ secrets.TEST_GITHUB_ORG }} \ 30 | --userPermissionStats \ 31 | --disableServer 32 | 33 | - name: "Upload Artifact" 34 | uses: actions/upload-artifact@v3 35 | with: 36 | name: output 37 | path: output 38 | retention-days: 7 39 | 40 | asserts: 41 | runs-on: ubuntu-latest 42 | 43 | steps: 44 | - name: Checkout Code 45 | uses: actions/checkout@v3 46 | 47 | - name: Generate org-level access token for test-org 48 | id: org-token 49 | uses: getsentry/action-github-app-token@v1 50 | with: 51 | app_id: ${{ secrets.TEST_GITHUB_APP_ID }} 52 | private_key: ${{ secrets.TEST_GITHUB_APP_PRIVATE_KEY }} 53 | 54 | - name: Run tests on output data 55 | env: 56 | GH_SECURITY_AUDITOR_TOKEN: ${{ steps.org-token.outputs.token }} 57 | GH_SECURITY_AUDITOR_ORGANIZATION: ${{ secrets.TEST_GITHUB_ORG }} 58 | run: | 59 | docker-compose run --rm tests 60 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | coverage.txt 2 | *.pem 3 | github-security-auditor.log 4 | github-analyzer 5 | index.html 6 | output 7 | github-analyzer.log 8 | .DS_Store 9 | *.[56789ao] 10 | *.a[56789o] 11 | *.so 12 | *.pyc 13 | ._* 14 | .nfs.* 15 | [56789a].out 16 | *~ 17 | *.orig 18 | *.rej 19 | *.exe 20 | .*.swp 21 | core 22 | *.cgo*.go 23 | *.cgo*.c 24 | _cgo_* 25 | _obj 26 | _test 27 | _testmain.go 28 | tags 29 | wiki 30 | *.envrc* 31 | version.txt 32 | 33 | /VERSION.cache 34 | bin/ 35 | /build.out 36 | /doc/articles/wiki/*.bin 37 | /goinstall.log 38 | /last-change 39 | /misc/cgo/life/run.out 40 | /misc/cgo/stdio/run.out 41 | /misc/cgo/testso/main 42 | /test.out 43 | /test/garbage/*.out 44 | /test/pass.out 45 | /test/run.out 46 | /test/times.out 47 | 48 | # This file includes artifacts of Go build that should not be checked in. 49 | # For files created by specific development environment (e.g. editor), 50 | # use alternative ways to exclude files from git. 51 | # For example, set up .git/info/exclude or use a global .gitignore. 52 | 53 | githubsecurity.json 54 | 55 | dist/ 56 | -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- 1 | # https://goreleaser.com/customization/build/ 2 | 3 | before: 4 | hooks: 5 | - go mod tidy 6 | - go generate ./... 7 | 8 | builds: 9 | - main: cmd/github-analyzer/main.go 10 | binary: github-analyzer 11 | env: 12 | - CGO_ENABLED=0 13 | goos: 14 | - linux 15 | - windows 16 | - darwin 17 | goarch: 18 | - amd64 19 | - arm 20 | - arm64 21 | 22 | archives: 23 | - replacements: 24 | darwin: Darwin 25 | linux: Linux 26 | windows: Windows 27 | 386: i386 28 | amd64: x86_64 29 | 30 | checksum: 31 | name_template: "checksums.txt" 32 | 33 | snapshot: 34 | name_template: "{{ incpatch .Version }}-next" 35 | 36 | changelog: 37 | sort: asc 38 | filters: 39 | exclude: 40 | - "^docs:" 41 | - "^test:" 42 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | repos: 3 | - repo: https://github.com/pre-commit/pre-commit-hooks 4 | rev: v4.3.0 5 | hooks: 6 | - id: fix-byte-order-marker 7 | - id: check-builtin-literals 8 | - id: check-case-conflict 9 | - id: check-docstring-first 10 | - id: check-executables-have-shebangs 11 | - id: check-json 12 | - id: check-yaml 13 | - id: pretty-format-json 14 | args: [--autofix, --indent=2] 15 | - id: check-merge-conflict 16 | - id: debug-statements 17 | - id: end-of-file-fixer 18 | - id: fix-encoding-pragma 19 | - id: mixed-line-ending 20 | - id: trailing-whitespace 21 | 22 | - repo: https://github.com/segmentio/golines 23 | rev: v0.11.0 24 | hooks: 25 | - id: golines 26 | args: [--max-len=80] 27 | 28 | - repo: https://github.com/syntaqx/git-hooks 29 | rev: v0.0.17 30 | hooks: 31 | - id: go-fmt 32 | - id: go-mod-tidy 33 | 34 | - repo: https://github.com/thlorenz/doctoc 35 | rev: "v2.2.0" 36 | hooks: 37 | - id: doctoc 38 | args: [--no-title] 39 | 40 | - repo: https://github.com/pre-commit/mirrors-prettier 41 | rev: v3.0.0-alpha.2 42 | hooks: 43 | - id: prettier 44 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | - [Contributing to GitHub Analyzer](#contributing-to-github-analyzer) 5 | - [Code of Conduct](#code-of-conduct) 6 | - [Questions](#questions) 7 | - [Filing a bug or feature](#filing-a-bug-or-feature) 8 | - [Submitting changes](#submitting-changes) 9 | - [Sample Workflow](#sample-workflow) 10 | 11 | 12 | 13 | # Contributing to GitHub Analyzer 14 | 15 | Thank you for contributing to GitHub Analyzer! Below you can find some core 16 | guidelines for contributing to the project. 17 | 18 | ## Code of Conduct 19 | 20 | Be kind and respectful to the members of the community. Take time to educate 21 | others who are seeking help. Harassment of any kind will not be tolerated. 22 | 23 | ## Questions 24 | 25 | If you have questions or ideas that are not a good fit for an issue 26 | (i.e., not a feature request or bug) feel free to use the repository's [discussions](https://github.com/crashappsec/github-analyzer/discussions) to get feedback from the community and maintainers. 27 | 28 | ## Filing a bug or feature 29 | 30 | 1. When filing a bug or request, please check existing issues to see if there 31 | exist some issue capturing the same topic already. 32 | 33 | 1. When filing bugs, please provide as detailed steps of reproduction as possible. 34 | 35 | ## Submitting changes 36 | 37 | 1. You can submit changes via pull requests (PRs). PRs will only be getting reviewed 38 | once all lint and unit test steps are passing. We will do our best to reply 39 | to requests for reviews in a timely manner, however we cannot provide an SLA 40 | for reviews. 41 | 42 | 1. The current license will remain, and we might introduce a requirement for 43 | contributors to sign a CLA once the project matures. 44 | 45 | ### Sample Workflow 46 | 47 | 1. Ensure you have [pre-commit](https://pre-commit.com/) installed as it will be used for formatting and linting during PRs 48 | 1. Fork the project in your account 49 | 1. Create your feature branch (`git checkout -b your_handle/your-feature`) 50 | 1. Make changes and add them to staging (`git add .`) 51 | 1. Commit your changes (`git commit -m 'a short description of your feature'`) 52 | 1. Push to your branch (`git push origin your_handle/your-feature`) 53 | 1. Create new pull request 54 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.19-alpine as build 2 | 3 | RUN apk add --no-cache git make 4 | 5 | WORKDIR /ghanalyzer 6 | 7 | ADD go.* /ghanalyzer/ 8 | 9 | RUN go mod download 10 | RUN go env -w GO111MODULE=on 11 | 12 | ADD . /ghanalyzer/ 13 | 14 | RUN make all 15 | 16 | # ---------------------------------------------------------------------------- 17 | 18 | FROM alpine 19 | 20 | COPY --from=build /ghanalyzer/bin/github-analyzer /bin/github-analyzer 21 | 22 | ENTRYPOINT [ "/bin/github-analyzer" ] 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [2022] [Mike De Libero] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /MAINTAINERS: -------------------------------------------------------------------------------- 1 | maintainers: 2 | - nettrino 3 | inactive: 4 | - medelibero 5 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | BIN=$(notdir $(wildcard cmd/*)) 2 | VERSION=$(shell git describe --tags --long) 3 | 4 | .PHONY: all 5 | all: $(addprefix bin/,$(BIN)) ## compile auditor 6 | 7 | bin/%: bin generate 8 | go build \ 9 | -v \ 10 | -ldflags "-X main.version=$(VERSION)" \ 11 | -o $@ \ 12 | cmd/$*/main.go 13 | 14 | bin: 15 | mkdir -p bin 16 | 17 | .PHONY: generate 18 | generate: ## process go:generate files 19 | go generate ./... 20 | 21 | .PHONY: lint 22 | lint: ## lint everything with pre-commit 23 | pre-commit run --all-files --show-diff-on-failure 24 | 25 | .PHONY: clean 26 | clean: ## clean go cache and compile artifacts 27 | go clean -modcache 28 | rm -f bin/github-analyzer 29 | 30 | .PHONY: tidy 31 | tidy: ## tidy go deps 32 | go mod tidy 33 | 34 | .PHONY: fmt 35 | fmt: ## go format 36 | gofmt -w ./$* 37 | 38 | .PHONY: vet 39 | vet: generate ## go vet 40 | go vet ./... 41 | 42 | .PHONY: test 43 | test: generate ## run go tests (requires GitHub to be reachable via the network) 44 | go test -v -race -coverprofile coverage.txt ./... 45 | 46 | .PHONY: help 47 | help: ## show help 48 | @grep -E '^[a-zA-Z_\-]+:.*?## .*$$' $(MAKEFILE_LIST) | \ 49 | cut -d':' -f1- | \ 50 | sort | \ 51 | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}' 52 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/crashappsec/github-analyzer/blob/main/LICENSE) 2 | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard/badge)](https://api.securityscorecards.dev/projects/github.com/crashappsec/github-analyzer) 3 | [![Go Report Card](https://goreportcard.com/badge/github.com/ossf/scorecard/v4)](https://goreportcard.com/report/github.com/crashappsec/github-analyzer) 4 | 5 | # Github Analyzer 6 | 7 | Audits a GitHub organization for potential security issues. The tool is 8 | currently in pre-alpha stage and only supports limited functionality, however 9 | we will be actively adding checks in the upcoming months, and welcome 10 | feature requests or contributions! Once the analysis is complete, a static HTML 11 | with the summary of the results is rendered in localhost:3000 as shown below: 12 | 13 | ![gh-analyzer](https://user-images.githubusercontent.com/4614044/196647323-8138c053-644c-42a7-86f2-d94a7ce5e295.gif) 14 | 15 | 16 | 17 | 18 | - [Available Checks](#available-checks) 19 | - [Sample Output](#sample-output) 20 | - [How to run](#how-to-run) 21 | - [Running locally](#running-locally) 22 | - [Running using Docker](#running-using-docker) 23 | - [Permissions](#permissions) 24 | - [Credits](#credits) 25 | 26 | 27 | 28 | ## Available Checks 29 | 30 | | Name | Category | Severity | Resource Affected | 31 | | :---------------------------------------------: | :----------------------------------: | :-----------: | :---------------: | 32 | | Application restrictions disabled | Least Privilege | High | Organization | 33 | | Insecure Webhook payload URL | Information Disclosure | High | Webhook | 34 | | Advanced security disabled for new repositories | Tooling and Automation Configuration | Medium | Organization | 35 | | Secret scanning disabled for new repositories | Tooling and Automation Configuration | Medium | Organization | 36 | | Organization 2FA disabled | Authentication | Medium | Organization | 37 | | Users without 2FA configured | Authentication | Low | User Account | 38 | | Permissions overview for users | Least Privilege | Informational | User Account | 39 | | OAuth application summary | Least Privilege | Informational | Organization | 40 | 41 | ## Sample Output 42 | 43 | For each issue identified, a JSON with associated information will be 44 | generated. A sample output snippet is as follows: 45 | 46 | ``` 47 | ... 48 | { 49 | "id": "CONFIG_AS_1", 50 | "name": "Secret scanning disabled for new repositories", 51 | "severity": 3, 52 | "category": "Information disclosure to untrusted parties", 53 | "tags": [ 54 | "GitHub Advanced Security feature" 55 | ], 56 | "description": "Secret scanning disabled for org testorg", 57 | "resource": [ 58 | { 59 | "id": "testorg", 60 | "kind": "Organization" 61 | } 62 | ], 63 | "cwes": [ 64 | 319 65 | ], 66 | "remediation": "Pleasee see https://docs.github.com/en/github-ae@latest/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories for how to enable secret scanning in your repositories" 67 | }, 68 | { 69 | "id": "AUTH_2FA_2", 70 | "name": "Users without 2FA configured", 71 | "severity": 2, 72 | "category": "Authentication", 73 | "description": "The following collaborators have not enabled 2FA: testuser1, testuser2", 74 | "resource": [ 75 | { 76 | "id": "testuser1", 77 | "kind": "UserAccount" 78 | }, 79 | { 80 | "id": "testuser2", 81 | "kind": "UserAccount" 82 | } 83 | ], 84 | "cwes": [ 85 | 308 86 | ], 87 | "remediation": "Please see https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication for steps on how to configure 2FA for individual accounts" 88 | } 89 | ... 90 | ``` 91 | 92 | ## How to run 93 | 94 | You can see available options via the `--help` flag. 95 | 96 | ### Running locally 97 | 98 | - Install with: 99 | ```sh 100 | go install -v github.com/crashappsec/github-analyzer/cmd/github-analyzer@latest 101 | ``` 102 | - Run with: 103 | ```sh 104 | $GOPATH/bin/github-analyzer \ 105 | --organization \ 106 | --token "$GH_SECURITY_AUDITOR_TOKEN" 107 | ``` 108 | 109 | ### Running using Docker 110 | 111 | - After cloning the repo, build the container using: 112 | ```sh 113 | docker compose build --no-cache 114 | ``` 115 | - Run 116 | 117 | ```sh 118 | docker compose run \ 119 | --rm --service-ports \ 120 | github-analyzer \ 121 | --organization \ 122 | --output output \ 123 | --token "$GH_SECURITY_AUDITOR_TOKEN" 124 | ``` 125 | 126 | ## Permissions 127 | 128 | For **API-based based checks**, you need to pass in GitHub Token 129 | (either personal access token (PAT) or token derived from GitHub app installation) 130 | with the appropriate permissions. Example usage: 131 | 132 | ```sh 133 | github-analyzer \ 134 | --organization \ 135 | --token "$GH_SECURITY_AUDITOR_TOKEN" 136 | ``` 137 | 138 | See [our wiki](https://github.com/crashappsec/github-analyzer/wiki/Setting-up-GitHub#creating-a-token) 139 | for instructions on setting up a token to be used with the github-analyzer. 140 | 141 | For **experimental scraping-based checks**, you need to pass in your username 142 | and password, as well your two factor authentication one-time-password, as 143 | needed. Example usage: 144 | 145 | ```shell 146 | github-analyzer \ 147 | --organization crashappsec \ 148 | --token "$GH_SECURITY_AUDITOR_TOKEN" \ 149 | --userPermissionStats \ 150 | --enableScraping \ 151 | --username "$GH_SECURITY_AUDITOR_USERNAME" \ 152 | --password "$GH_SECURITY_AUDITOR_PASSWORD" \ 153 | --otpSeed "$GH_SECURITY_AUDITOR_OTP_SEED" 154 | ``` 155 | 156 | See [our wiki](https://github.com/crashappsec/github-analyzer/wiki/Setting-up-GitHub#setting-up-2fa-experimental) 157 | for instructions on setting up a token to be used with the analyzer. 158 | 159 | ## Credits 160 | 161 | Project was originally ported from Mike de Libero's 162 | [auditor](https://github.com/CodeReconCo/githubsecurityauditor) 163 | with the author's permission. 164 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | 4 | 5 | 6 | - [Supported Versions](#supported-versions) 7 | - [Reporting a Vulnerability](#reporting-a-vulnerability) 8 | 9 | 10 | 11 | ## Supported Versions 12 | 13 | This repository is still in a pre-alpha stage, therefore we expect to be 14 | porting patches as soon as possible for any latest version, but no 15 | long-term support for older versions is expected until we move to a major 16 | release. 17 | 18 | | Version | Supported | 19 | | -------- | ------------------ | 20 | | \*-alpha | :white_check_mark: | 21 | 22 | ## Reporting a Vulnerability 23 | 24 | Please file an issue for any vulnerability you would like to report. 25 | -------------------------------------------------------------------------------- /cmd/github-analyzer/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "errors" 5 | "fmt" 6 | "os" 7 | "runtime/debug" 8 | "strings" 9 | 10 | _ "embed" 11 | "path/filepath" 12 | 13 | "github.com/crashappsec/github-analyzer/pkg/config" 14 | "github.com/crashappsec/github-analyzer/pkg/futils" 15 | "github.com/crashappsec/github-analyzer/pkg/github/auditor" 16 | "github.com/crashappsec/github-analyzer/pkg/issue" 17 | "github.com/crashappsec/github-analyzer/pkg/log" 18 | "github.com/crashappsec/github-analyzer/pkg/output/html" 19 | "github.com/crashappsec/github-analyzer/pkg/scraping" 20 | "github.com/spf13/cobra" 21 | "github.com/spf13/pflag" 22 | "github.com/spf13/viper" 23 | ) 24 | 25 | var version = "(devel)" 26 | 27 | func getVersion() (response string) { 28 | // inspired from 29 | // https://github.com/mvdan/sh/blob/6ba49e2c622e3f56330f4de6238a390f395db2d8/cmd/shfmt/main.go#L181-L192 30 | if info, ok := debug.ReadBuildInfo(); ok && version == "(devel)" { 31 | mod := &info.Main 32 | if mod.Replace != nil { 33 | mod = mod.Replace 34 | } 35 | if mod.Version != "" { 36 | version = mod.Version 37 | } 38 | } 39 | return version 40 | } 41 | 42 | func main() { 43 | if err := NewRootCommand().Execute(); err != nil { 44 | log.Logger.Errorf("Scan completed with errors", err) 45 | os.Exit(1) 46 | } 47 | } 48 | 49 | func runCmd() { 50 | var issues []issue.Issue 51 | var stats []issue.Issue 52 | var checkStatuses map[issue.IssueID]error 53 | 54 | futils.Init() 55 | 56 | if config.ViperEnv.EnableScraping { 57 | if config.ViperEnv.Username == "" || 58 | config.ViperEnv.Password == "" || 59 | config.ViperEnv.OtpSeed == "" { 60 | log.Logger.Fatalf( 61 | "The following flags are required for scraping --username, --password, --otp", 62 | ) 63 | } 64 | sissues, execStatus, err := scraping.AuditScraping( 65 | config.ViperEnv.Username, 66 | config.ViperEnv.Password, 67 | config.ViperEnv.OtpSeed, 68 | config.ViperEnv.Organization) 69 | if err != nil { 70 | log.Logger.Error(err) 71 | } 72 | issues = append(issues, sissues...) 73 | checkStatuses = execStatus 74 | } 75 | 76 | if config.ViperEnv.Token == "" { 77 | log.Logger.Errorf("Github token not set") 78 | } else { 79 | auditor, err := auditor.NewGithubAuditor(config.ViperEnv.Token) 80 | if err != nil { 81 | log.Logger.Error(err) 82 | return 83 | } 84 | results, execStatus, err := auditor.AuditOrg(config.ViperEnv.Organization, config.ViperEnv.UserPermissionStats) 85 | if err != nil { 86 | log.Logger.Error(err) 87 | } 88 | for _, r := range results { 89 | if strings.HasPrefix(string(r.ID), "STATS") { 90 | stats = append(stats, r) 91 | } else { 92 | issues = append(issues, r) 93 | } 94 | } 95 | 96 | // update the map of what has executed if we have info from scraping 97 | if len(checkStatuses) > 0 { 98 | for id, err := range execStatus { 99 | prevError, ok := checkStatuses[id] 100 | if !ok { 101 | // this is the first time we see this check 102 | checkStatuses[id] = err 103 | continue 104 | } 105 | // if we have additional errors just merge them for now 106 | if err != nil { 107 | if prevError != nil { 108 | checkStatuses[id] = errors.New(err.Error() + prevError.Error()) 109 | } 110 | } 111 | } 112 | } else { 113 | checkStatuses = execStatus 114 | } 115 | } 116 | 117 | errors := map[issue.IssueID]string{} 118 | for k, v := range checkStatuses { 119 | if v == nil { 120 | errors[k] = "" 121 | continue 122 | } 123 | errors[k] = fmt.Sprintf("%v", v) 124 | } 125 | issuesPath := filepath.Join(futils.IssuesDir, "issues.json") 126 | auditStatsPath := filepath.Join(futils.StatsDir, "auditStats.json") 127 | execStatusPath := filepath.Join(futils.MetadataDir, "execStatus.json") 128 | oauthPath := filepath.Join(futils.MetadataDir, "oauthApps.json") 129 | permissionsPath := filepath.Join(futils.MetadataDir, "permissions.json") 130 | orgStatsPath := filepath.Join(futils.StatsDir, "orgCoreStats.json") 131 | 132 | futils.SerializeFile(issues, issuesPath) 133 | futils.SerializeFile(stats, auditStatsPath) 134 | futils.SerializeFile(errors, execStatusPath) 135 | 136 | if !config.ViperEnv.DisableServer { 137 | html.Serve( 138 | config.ViperEnv.Organization, 139 | orgStatsPath, 140 | permissionsPath, 141 | oauthPath, 142 | execStatusPath, 143 | issuesPath, 144 | futils.HtmlDir, 145 | config.ViperEnv.Port, 146 | ) 147 | } 148 | } 149 | 150 | func NewRootCommand() *cobra.Command { 151 | rootCmd := &cobra.Command{ 152 | Use: fmt.Sprintf( 153 | "github-analyzer (%s)", 154 | strings.TrimSuffix(getVersion(), "\n"), 155 | ), 156 | Short: "A tool to collect statistics and highlight potential security issues within a GitHub org", 157 | Long: "A tool to collect statistics and highlight potential security issues within a GitHub org", 158 | PersistentPreRunE: func(cmd *cobra.Command, args []string) error { 159 | // You can bind cobra and viper in a few locations, but PersistencePreRunE on the root command works well 160 | return initializeConfig(cmd) 161 | }, 162 | PreRun: func(cmd *cobra.Command, args []string) { 163 | onlyPrintVersion, _ := cmd.Flags().GetBool("version") 164 | if onlyPrintVersion { 165 | fmt.Println(getVersion()) 166 | os.Exit(0) 167 | } 168 | cmd.MarkFlagRequired("organization") 169 | }, 170 | Run: func(cmd *cobra.Command, args []string) { 171 | runCmd() 172 | }, 173 | } 174 | // TODO allow auditing a repo/user account only 175 | rootCmd.Flags(). 176 | StringVarP(&config.ViperEnv.Organization, "organization", "", "", "the GitHub organization to be analyzed") 177 | 178 | rootCmd.Flags(). 179 | StringVarP(&config.ViperEnv.CfgFile, "config", "c", "", "config file (default is $HOME/.github-analyzer.yaml)") 180 | rootCmd.Flags(). 181 | StringVarP(&config.ViperEnv.OutputDir, "output", "o", "output", "the directory containing the artifacts of the analysis") 182 | rootCmd.Flags(). 183 | StringVarP(&config.ViperEnv.ScmURL, "scmUrl", "", "", "the API URL for the source control management software you want to check") 184 | rootCmd.Flags(). 185 | StringVarP(&config.ViperEnv.Token, "token", "", "", fmt.Sprintf("the github token for API authentication (default is $%s_TOKEN)", config.ViperEnvPrefix)) 186 | 187 | rootCmd.Flags(). 188 | BoolVarP(&config.ViperEnv.Version, "version", "", false, "print version and exit") 189 | rootCmd.Flags(). 190 | BoolVarP(&config.ViperEnv.UserPermissionStats, "userPermissionStats", "", false, "enable user permission statistics (might be slow in large orgs due to throttling limits)") 191 | 192 | rootCmd.Flags(). 193 | BoolVarP(&config.ViperEnv.EnableScraping, "enableScraping", "", false, "enable experimental checks that rely on screen scraping") 194 | rootCmd.Flags(). 195 | StringVarP(&config.ViperEnv.Username, "username", "u", "", fmt.Sprintf("username (required if enableScraping is set) (default is $%s_USERNAME)", config.ViperEnvPrefix)) 196 | rootCmd.Flags(). 197 | StringVarP(&config.ViperEnv.Password, "password", "p", "", fmt.Sprintf("password (required if enableScraping is set) (default is $%s_PASSWORD)", config.ViperEnvPrefix)) 198 | rootCmd.Flags(). 199 | StringVarP(&config.ViperEnv.OtpSeed, "otpSeed", "", "", fmt.Sprintf("one Time Password (required if enableScraping is set) (default is $%s_OTP_SEED)", config.ViperEnvPrefix)) 200 | 201 | rootCmd.Flags(). 202 | IntVarP(&config.ViperEnv.Port, "port", "", 3000, "port for local http server used to display HTML with summary of findings (if you are using docker you will need to override the default port appropriately)") 203 | rootCmd.Flags(). 204 | BoolVarP(&config.ViperEnv.DisableServer, "disableServer", "", false, "do not spin up an HTTP server, and only emit data in the designated output folder") 205 | return rootCmd 206 | } 207 | 208 | func initializeConfig(cmd *cobra.Command) error { 209 | v := viper.New() 210 | v.SetDefault("Verbose", true) 211 | // TODO add a file-based config 212 | v.SetConfigName(config.ConfigFileBasename) 213 | v.AddConfigPath(".") 214 | if err := v.ReadInConfig(); err != nil { 215 | if _, ok := err.(viper.ConfigFileNotFoundError); !ok { 216 | return err 217 | } 218 | } 219 | 220 | v.SetEnvPrefix(config.ViperEnvPrefix) 221 | v.AutomaticEnv() 222 | bindFlags(cmd, v) 223 | 224 | return nil 225 | } 226 | 227 | // bindFlags binds cobra flags to viper environment variables 228 | func bindFlags(cmd *cobra.Command, v *viper.Viper) { 229 | cmd.Flags().VisitAll(func(f *pflag.Flag) { 230 | // env variables have no dashes 231 | if strings.Contains(f.Name, "-") { 232 | envVarSuffix := strings.ToUpper( 233 | strings.ReplaceAll(f.Name, "-", "_"), 234 | ) 235 | v.BindEnv( 236 | f.Name, 237 | fmt.Sprintf("%s_%s", config.ViperEnvPrefix, envVarSuffix), 238 | ) 239 | } 240 | 241 | if !f.Changed && v.IsSet(f.Name) { 242 | val := v.Get(f.Name) 243 | cmd.Flags().Set(f.Name, fmt.Sprintf("%v", val)) 244 | } 245 | }) 246 | } 247 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | 3 | services: 4 | github-analyzer: 5 | build: . 6 | ports: 7 | - 3000:3000 8 | working_dir: $PWD 9 | volumes: 10 | - $PWD:$PWD # this allows to share ./output/ 11 | environment: 12 | GH_SECURITY_AUDITOR_TOKEN: ${GH_SECURITY_AUDITOR_TOKEN:-} 13 | GH_SECURITY_AUDITOR_USERNAME: ${GH_SECURITY_AUDITOR_USERNAME:-} 14 | GH_SECURITY_AUDITOR_PASSWORD: ${GH_SECURITY_AUDITOR_PASSWORD:-} 15 | GH_SECURITY_AUDITOR_OTP_SEED: ${GH_SECURITY_AUDITOR_OTP_SEED:-} 16 | 17 | tests: 18 | image: golang:1.19 19 | command: make test 20 | init: true 21 | working_dir: $PWD 22 | volumes: 23 | - $PWD:$PWD # this allows to share ./output/ 24 | environment: 25 | GH_SECURITY_AUDITOR_TOKEN: ${GH_SECURITY_AUDITOR_TOKEN:-} 26 | GH_SECURITY_AUDITOR_USERNAME: ${GH_SECURITY_AUDITOR_USERNAME:-} 27 | GH_SECURITY_AUDITOR_PASSWORD: ${GH_SECURITY_AUDITOR_PASSWORD:-} 28 | GH_SECURITY_AUDITOR_OTP_SEED: ${GH_SECURITY_AUDITOR_OTP_SEED:-} 29 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/crashappsec/github-analyzer 2 | 3 | go 1.19 4 | 5 | require ( 6 | github.com/google/go-github/scrape v0.0.0-20221012165508-33444123bc7e 7 | github.com/google/go-github/v47 v47.1.0 8 | github.com/jpillora/backoff v1.0.0 9 | github.com/spf13/cobra v1.5.0 10 | github.com/spf13/pflag v1.0.5 11 | github.com/spf13/viper v1.13.0 12 | github.com/stretchr/testify v1.8.1 13 | go.uber.org/zap v1.23.0 14 | golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 15 | ) 16 | 17 | require ( 18 | github.com/PuerkitoBio/goquery v1.8.0 // indirect 19 | github.com/andybalholm/cascadia v1.3.1 // indirect 20 | github.com/davecgh/go-spew v1.1.1 // indirect 21 | github.com/fsnotify/fsnotify v1.5.4 // indirect 22 | github.com/golang/protobuf v1.5.2 // indirect 23 | github.com/google/go-querystring v1.1.0 // indirect 24 | github.com/hashicorp/hcl v1.0.0 // indirect 25 | github.com/inconshreveable/mousetrap v1.0.0 // indirect 26 | github.com/magiconair/properties v1.8.6 // indirect 27 | github.com/mitchellh/mapstructure v1.5.0 // indirect 28 | github.com/pelletier/go-toml v1.9.5 // indirect 29 | github.com/pelletier/go-toml/v2 v2.0.5 // indirect 30 | github.com/pmezard/go-difflib v1.0.0 // indirect 31 | github.com/spf13/afero v1.8.2 // indirect 32 | github.com/spf13/cast v1.5.0 // indirect 33 | github.com/spf13/jwalterweatherman v1.1.0 // indirect 34 | github.com/subosito/gotenv v1.4.1 // indirect 35 | github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119 // indirect 36 | go.uber.org/atomic v1.10.0 // indirect 37 | go.uber.org/multierr v1.8.0 // indirect 38 | golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect 39 | golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 // indirect 40 | golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect 41 | golang.org/x/text v0.3.7 // indirect 42 | google.golang.org/appengine v1.6.7 // indirect 43 | google.golang.org/protobuf v1.28.0 // indirect 44 | gopkg.in/ini.v1 v1.67.0 // indirect 45 | gopkg.in/yaml.v2 v2.4.0 // indirect 46 | gopkg.in/yaml.v3 v3.0.1 // indirect 47 | ) 48 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 2 | cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 3 | cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= 4 | cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= 5 | cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= 6 | cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= 7 | cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= 8 | cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= 9 | cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= 10 | cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= 11 | cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= 12 | cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= 13 | cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= 14 | cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= 15 | cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= 16 | cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= 17 | cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= 18 | cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= 19 | cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= 20 | cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= 21 | cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= 22 | cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= 23 | cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= 24 | cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= 25 | cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= 26 | cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= 27 | cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= 28 | cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= 29 | cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= 30 | cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= 31 | cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= 32 | cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= 33 | cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= 34 | cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= 35 | cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= 36 | cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= 37 | cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= 38 | dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= 39 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 40 | github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= 41 | github.com/PuerkitoBio/goquery v1.8.0 h1:PJTF7AmFCFKk1N6V6jmKfrNH9tV5pNE6lZMkG0gta/U= 42 | github.com/PuerkitoBio/goquery v1.8.0/go.mod h1:ypIiRMtY7COPGk+I/YbZLbxsxn9g5ejnI2HSMtkjZvI= 43 | github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c= 44 | github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA= 45 | github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= 46 | github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= 47 | github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= 48 | github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= 49 | github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= 50 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= 51 | github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= 52 | github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= 53 | github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= 54 | github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= 55 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 56 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 57 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 58 | github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= 59 | github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= 60 | github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= 61 | github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= 62 | github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= 63 | github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= 64 | github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= 65 | github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= 66 | github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= 67 | github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= 68 | github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= 69 | github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= 70 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= 71 | github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 72 | github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 73 | github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 74 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 75 | github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 76 | github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= 77 | github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 78 | github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 79 | github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 80 | github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= 81 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 82 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 83 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 84 | github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 85 | github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 86 | github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= 87 | github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= 88 | github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= 89 | github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= 90 | github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= 91 | github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= 92 | github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= 93 | github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 94 | github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 95 | github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= 96 | github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= 97 | github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= 98 | github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 99 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 100 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= 101 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 102 | github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 103 | github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 104 | github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 105 | github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 106 | github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 107 | github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 108 | github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 109 | github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 110 | github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= 111 | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 112 | github.com/google/go-github/scrape v0.0.0-20221012165508-33444123bc7e h1:QtShfCOaEXUH4K+2vqhD4hX8Q2E2+i0HYTRoWzbaaG4= 113 | github.com/google/go-github/scrape v0.0.0-20221012165508-33444123bc7e/go.mod h1:Liwt6jJJ9cdiN2n+/P7pkoBWPUHJEHxHiFsO0SaGEvU= 114 | github.com/google/go-github/v47 v47.1.0 h1:Cacm/WxQBOa9lF0FT0EMjZ2BWMetQ1TQfyurn4yF1z8= 115 | github.com/google/go-github/v47 v47.1.0/go.mod h1:VPZBXNbFSJGjyjFRUKo9vZGawTajnWzC/YjGw/oFKi0= 116 | github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= 117 | github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= 118 | github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= 119 | github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= 120 | github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= 121 | github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 122 | github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 123 | github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 124 | github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 125 | github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 126 | github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 127 | github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 128 | github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= 129 | github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= 130 | github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= 131 | github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= 132 | github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 133 | github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= 134 | github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= 135 | github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= 136 | github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 137 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 138 | github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= 139 | github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= 140 | github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= 141 | github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= 142 | github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= 143 | github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= 144 | github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA= 145 | github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= 146 | github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= 147 | github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= 148 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 149 | github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= 150 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 151 | github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= 152 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 153 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 154 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 155 | github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= 156 | github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= 157 | github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= 158 | github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= 159 | github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= 160 | github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= 161 | github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg= 162 | github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas= 163 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 164 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 165 | github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= 166 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 167 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 168 | github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 169 | github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= 170 | github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= 171 | github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 172 | github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo= 173 | github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= 174 | github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= 175 | github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= 176 | github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= 177 | github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= 178 | github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= 179 | github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= 180 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= 181 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 182 | github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU= 183 | github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw= 184 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 185 | github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= 186 | github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= 187 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 188 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 189 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 190 | github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= 191 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 192 | github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 193 | github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= 194 | github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= 195 | github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= 196 | github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= 197 | github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= 198 | github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119 h1:YyPWX3jLOtYKulBR6AScGIs74lLrJcgeKRwcbAuQOG4= 199 | github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119/go.mod h1:/nuTSlK+okRfR/vnIPqR89fFKonnWPiZymN5ydRJkX8= 200 | github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 201 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 202 | github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 203 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 204 | go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= 205 | go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= 206 | go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 207 | go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 208 | go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 209 | go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= 210 | go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= 211 | go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= 212 | go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= 213 | go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= 214 | go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= 215 | go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= 216 | go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY= 217 | go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY= 218 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 219 | golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 220 | golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 221 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 222 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 223 | golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= 224 | golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= 225 | golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= 226 | golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA= 227 | golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= 228 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 229 | golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 230 | golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= 231 | golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= 232 | golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= 233 | golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 234 | golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 235 | golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 236 | golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= 237 | golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= 238 | golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= 239 | golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= 240 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 241 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= 242 | golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 243 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 244 | golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 245 | golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 246 | golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 247 | golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= 248 | golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 249 | golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 250 | golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 251 | golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= 252 | golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= 253 | golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= 254 | golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= 255 | golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= 256 | golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= 257 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 258 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 259 | golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 260 | golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 261 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 262 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 263 | golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 264 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 265 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 266 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 267 | golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 268 | golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 269 | golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= 270 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 271 | golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 272 | golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 273 | golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 274 | golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 275 | golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 276 | golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 277 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 278 | golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 279 | golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 280 | golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 281 | golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 282 | golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 283 | golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 284 | golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 285 | golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 286 | golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 287 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 288 | golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 289 | golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 290 | golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 291 | golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 292 | golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= 293 | golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= 294 | golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 h1:NWy5+hlRbC7HK+PmcXVUmW1IMyFce7to56IUvhUFm7Y= 295 | golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= 296 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= 297 | golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 298 | golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 299 | golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 300 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 301 | golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 302 | golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 303 | golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 304 | golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 305 | golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 h1:OSnWWcOd/CtWQC2cYSBgbTSJv3ciqd8r54ySIW2y3RE= 306 | golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= 307 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 308 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 309 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 310 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 311 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 312 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 313 | golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 314 | golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 315 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 316 | golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 317 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 318 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 319 | golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 320 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 321 | golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 322 | golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 323 | golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 324 | golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 325 | golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 326 | golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 327 | golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 328 | golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 329 | golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 330 | golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 331 | golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 332 | golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 333 | golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 334 | golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 335 | golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 336 | golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 337 | golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 338 | golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 339 | golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 340 | golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 341 | golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 342 | golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 343 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 344 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 345 | golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 346 | golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 347 | golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 348 | golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 349 | golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 350 | golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 351 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 352 | golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 353 | golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 354 | golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= 355 | golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 356 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 357 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 358 | golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 359 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 360 | golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 361 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 362 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 363 | golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 364 | golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 365 | golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= 366 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 367 | golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 368 | golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 369 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 370 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 371 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 372 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= 373 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 374 | golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 375 | golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 376 | golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 377 | golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 378 | golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 379 | golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 380 | golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 381 | golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 382 | golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 383 | golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 384 | golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 385 | golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 386 | golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 387 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 388 | golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 389 | golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 390 | golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 391 | golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 392 | golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 393 | golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 394 | golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 395 | golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 396 | golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 397 | golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 398 | golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 399 | golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 400 | golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= 401 | golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= 402 | golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= 403 | golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 404 | golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 405 | golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 406 | golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 407 | golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 408 | golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 409 | golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 410 | golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= 411 | golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 412 | golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 413 | golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 414 | golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 415 | golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 416 | golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= 417 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 418 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 419 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 420 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 421 | google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= 422 | google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= 423 | google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= 424 | google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= 425 | google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 426 | google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 427 | google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 428 | google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 429 | google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 430 | google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 431 | google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 432 | google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 433 | google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= 434 | google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= 435 | google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= 436 | google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= 437 | google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= 438 | google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= 439 | google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= 440 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= 441 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 442 | google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 443 | google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= 444 | google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 445 | google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 446 | google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= 447 | google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 448 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= 449 | google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 450 | google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 451 | google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 452 | google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 453 | google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 454 | google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 455 | google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= 456 | google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 457 | google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 458 | google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 459 | google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 460 | google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 461 | google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 462 | google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= 463 | google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 464 | google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 465 | google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 466 | google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 467 | google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 468 | google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 469 | google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 470 | google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 471 | google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= 472 | google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= 473 | google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= 474 | google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 475 | google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 476 | google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 477 | google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 478 | google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 479 | google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 480 | google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 481 | google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 482 | google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 483 | google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 484 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= 485 | google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= 486 | google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= 487 | google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= 488 | google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= 489 | google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 490 | google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 491 | google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 492 | google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= 493 | google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= 494 | google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= 495 | google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= 496 | google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= 497 | google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= 498 | google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= 499 | google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= 500 | google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= 501 | google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= 502 | google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= 503 | google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= 504 | google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= 505 | google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 506 | google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 507 | google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 508 | google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= 509 | google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= 510 | google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= 511 | google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= 512 | google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= 513 | google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= 514 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 515 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= 516 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 517 | gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= 518 | gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= 519 | gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= 520 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 521 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= 522 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 523 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 524 | gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 525 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 526 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 527 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 528 | honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 529 | honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 530 | honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 531 | honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= 532 | honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= 533 | honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= 534 | rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= 535 | rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= 536 | rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= 537 | -------------------------------------------------------------------------------- /pkg/config/config.go: -------------------------------------------------------------------------------- 1 | package config 2 | 3 | const ( 4 | ConfigFileBasename = "github-analyzer" 5 | 6 | ViperEnvPrefix = "GH_SECURITY_AUDITOR" 7 | ) 8 | 9 | type ViperEnvVars struct { 10 | CfgFile string `mapstructure:"CFG_FILE"` 11 | EnableScraping bool `mapstructure:"ENABLE_SCRAPING"` 12 | UserPermissionStats bool `mapstructure:"USER_PERMISSION_STATS"` 13 | Version bool `mapstructure:"VERSION"` 14 | Organization string `mapstructure:"ORGANIZATION"` 15 | OtpSeed string `mapstructure:"OTP_SEED"` 16 | OutputDir string `mapstructure:"OUTPUT_DIR"` 17 | Password string `mapstructure:"PASSWORD"` 18 | Port int `mapstructure:"PORT"` 19 | DisableServer bool `mapstructure:"DISABLE_SERVER"` 20 | ScmURL string `mapstructure:"SCM_URL"` 21 | Token string `mapstructure:"TOKEN"` 22 | Username string `mapstructure:"USERNAME"` 23 | } 24 | 25 | var ViperEnv ViperEnvVars 26 | -------------------------------------------------------------------------------- /pkg/futils/futils.go: -------------------------------------------------------------------------------- 1 | package futils 2 | 3 | import ( 4 | "encoding/json" 5 | "errors" 6 | "io/ioutil" 7 | "os" 8 | "path/filepath" 9 | 10 | "github.com/crashappsec/github-analyzer/pkg/config" 11 | "github.com/crashappsec/github-analyzer/pkg/log" 12 | ) 13 | 14 | var IssuesDir, StatsDir, MetadataDir, HtmlDir string 15 | 16 | func Init() { 17 | 18 | log.Logger.Debugf("Output dir is %s", config.ViperEnv.OutputDir) 19 | IssuesDir = filepath.Join(config.ViperEnv.OutputDir, "issues") 20 | StatsDir = filepath.Join(config.ViperEnv.OutputDir, "stats") 21 | MetadataDir = filepath.Join(config.ViperEnv.OutputDir, "metadata") 22 | 23 | CreateDir(config.ViperEnv.OutputDir) 24 | CreateDir(IssuesDir) 25 | CreateDir(StatsDir) 26 | CreateDir(MetadataDir) 27 | } 28 | 29 | func CreateDir(path string) { 30 | if _, err := os.Stat(path); errors.Is(err, os.ErrNotExist) { 31 | err = os.Mkdir(path, os.ModePerm) 32 | if err != nil { 33 | log.Logger.Fatal( 34 | "Could not create directories in %s. Please ensure you have write permissions for this directory", 35 | path, 36 | ) 37 | } 38 | } 39 | } 40 | 41 | func SerializeFile(raw interface{}, writeLoc string) error { 42 | output, err := json.MarshalIndent(raw, "", " ") 43 | if err != nil { 44 | log.Logger.Error(err) 45 | return err 46 | } 47 | return ioutil.WriteFile(writeLoc, output, 0644) 48 | } 49 | -------------------------------------------------------------------------------- /pkg/github/auditor/auditor.go: -------------------------------------------------------------------------------- 1 | package auditor 2 | 3 | import ( 4 | "context" 5 | "time" 6 | 7 | "github.com/crashappsec/github-analyzer/pkg/config" 8 | "github.com/crashappsec/github-analyzer/pkg/github/org" 9 | "github.com/crashappsec/github-analyzer/pkg/issue" 10 | "github.com/crashappsec/github-analyzer/pkg/log" 11 | "github.com/google/go-github/v47/github" 12 | "github.com/jpillora/backoff" 13 | "golang.org/x/oauth2" 14 | ) 15 | 16 | type GithubAuditor struct { 17 | client *github.Client 18 | } 19 | 20 | func NewGithubAuditor(token string) (*GithubAuditor, error) { 21 | ctx := context.Background() 22 | ts := oauth2.StaticTokenSource( 23 | &oauth2.Token{AccessToken: token}, 24 | ) 25 | tc := oauth2.NewClient(ctx, ts) 26 | 27 | var client *github.Client 28 | var scmURL = config.ViperEnv.ScmURL 29 | if scmURL != "" { 30 | log.Logger.Infof( 31 | "Setting up an enteprise client for the source control management URL %s", 32 | scmURL, 33 | ) 34 | 35 | var err error 36 | client, err = github.NewEnterpriseClient(scmURL, scmURL, tc) 37 | if err != nil { 38 | log.Logger.Error(err) 39 | return nil, err 40 | } 41 | return &GithubAuditor{client: client}, nil 42 | } 43 | 44 | return &GithubAuditor{client: github.NewClient(tc)}, nil 45 | } 46 | 47 | // AuditOrg runs a series of checks on a given organization and returns the 48 | // issues found, execution state for each check run (whether it was successful 49 | // or yielded in an error), and a generic overall error if audit fails overall 50 | func (gs GithubAuditor) AuditOrg( 51 | name string, 52 | enableUserPermissionStats bool, 53 | ) ([]issue.Issue, map[issue.IssueID]error, error) { 54 | ctx := context.Background() 55 | back := &backoff.Backoff{ 56 | Min: 30 * time.Second, 57 | Max: 30 * time.Minute, 58 | Jitter: true, 59 | } 60 | org, err := org.NewOrganization(ctx, gs.client, back, name) 61 | if err != nil { 62 | log.Logger.Error(err) 63 | return nil, nil, err 64 | } 65 | 66 | return org.Audit(ctx, enableUserPermissionStats) 67 | } 68 | -------------------------------------------------------------------------------- /pkg/github/auditor/auditor_test.go: -------------------------------------------------------------------------------- 1 | package auditor 2 | 3 | import ( 4 | "context" 5 | "os" 6 | "testing" 7 | "time" 8 | 9 | "github.com/crashappsec/github-analyzer/pkg/github/org" 10 | "github.com/google/go-github/v47/github" 11 | "github.com/jpillora/backoff" 12 | "github.com/stretchr/testify/assert" 13 | "golang.org/x/oauth2" 14 | ) 15 | 16 | var ( 17 | client *github.Client 18 | 19 | // auth indicates whether tests are being run with an OAuth token. 20 | // Tests can use this flag to skip certain tests when run without auth. 21 | auth bool 22 | ) 23 | 24 | func init() { 25 | token := os.Getenv("GH_SECURITY_AUDITOR_TOKEN") 26 | if token == "" { 27 | client = github.NewClient(nil) 28 | } else { 29 | tc := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource( 30 | &oauth2.Token{AccessToken: token}, 31 | )) 32 | client = github.NewClient(tc) 33 | auth = true 34 | } 35 | } 36 | 37 | func TestSampleOrg(t *testing.T) { 38 | auditor := &GithubAuditor{client: client} 39 | ctx := context.Background() 40 | back := &backoff.Backoff{ 41 | Min: 30 * time.Second, 42 | Max: 3 * time.Minute, 43 | Jitter: true, 44 | } 45 | 46 | name := os.Getenv("GH_SECURITY_AUDITOR_ORGANIZATION") 47 | if name == "" { 48 | name = "github-security-auditor-test-org" 49 | } 50 | 51 | org, err := org.NewOrganization(ctx, auditor.client, back, name) 52 | 53 | assert.Nil(t, err, "Could not create organization") 54 | assert.NotNil(t, org.CoreStats, "Could not fetch core stats") 55 | assert.Equal(t, name, *org.CoreStats.Login) 56 | assert.GreaterOrEqual(t, 1, *org.CoreStats.TotalPrivateRepos) 57 | assert.NotNil( 58 | t, 59 | org.CoreStats.TwoFactorRequirementEnabled, 60 | "nil two factor auth", 61 | ) 62 | } 63 | -------------------------------------------------------------------------------- /pkg/github/org/org.go: -------------------------------------------------------------------------------- 1 | package org 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | "errors" 7 | "fmt" 8 | "strings" 9 | "sync" 10 | 11 | "path/filepath" 12 | 13 | "github.com/crashappsec/github-analyzer/pkg/futils" 14 | "github.com/crashappsec/github-analyzer/pkg/github/repo" 15 | "github.com/crashappsec/github-analyzer/pkg/github/types" 16 | "github.com/crashappsec/github-analyzer/pkg/github/utils" 17 | "github.com/crashappsec/github-analyzer/pkg/issue" 18 | "github.com/crashappsec/github-analyzer/pkg/issue/resource" 19 | "github.com/crashappsec/github-analyzer/pkg/log" 20 | "github.com/google/go-github/v47/github" 21 | "github.com/jpillora/backoff" 22 | ) 23 | 24 | type OrgStats struct { 25 | CoreStats *types.OrgCoreStats 26 | Collaborators []types.UserLogin 27 | Webhooks map[types.WebhookID]types.Webhook 28 | Installations map[types.InstallID]types.Install 29 | Runners map[types.RunnerID]types.Runner 30 | } 31 | 32 | type Organization struct { 33 | info *github.Organization 34 | client *github.Client 35 | backoff *backoff.Backoff 36 | paginationSize int 37 | 38 | CoreStats *types.OrgCoreStats 39 | Users map[types.UserLogin]types.User 40 | Collaborators map[types.UserLogin]types.User 41 | Repositories map[types.RepoName]repo.Repository 42 | Webhooks map[types.WebhookID]types.Webhook 43 | Installations map[types.InstallID]types.Install 44 | Runners map[types.RunnerID]types.Runner 45 | } 46 | 47 | func NewOrganization( 48 | ctx context.Context, 49 | client *github.Client, 50 | backoff *backoff.Backoff, 51 | name string) (*Organization, error) { 52 | orgInfo, resp, err := client.Organizations.Get(ctx, name) 53 | 54 | if err != nil { 55 | if resp.StatusCode == 403 { 56 | log.Logger.Errorf( 57 | "Unable to retrieve organization information. It appears the token being used doesn't have access to this information.", 58 | ) 59 | } else if resp.StatusCode == 404 { 60 | log.Logger.Errorf( 61 | "Organization not found. Perhaps there's a typo in the org name?", 62 | ) 63 | } else { 64 | log.Logger.Error(err) 65 | } 66 | return nil, err 67 | } 68 | 69 | // FIXME change to not use unmarshal w/ reflection or plain initializer 70 | var stats types.OrgCoreStats 71 | orgJson, _ := json.Marshal(orgInfo) 72 | _ = json.Unmarshal(orgJson, &stats) 73 | 74 | org := Organization{ 75 | info: orgInfo, 76 | client: client, 77 | backoff: backoff, 78 | paginationSize: 100, 79 | CoreStats: &stats, 80 | } 81 | return &org, nil 82 | } 83 | 84 | // GetWebhook returns the webhooks for a given org. Upon first call, 85 | // it lazily updates the Organization with the webhook information 86 | func (org *Organization) GetWebhooks( 87 | ctx context.Context) (map[types.WebhookID]types.Webhook, error) { 88 | if len(org.Webhooks) > 0 { 89 | return org.Webhooks, nil 90 | } 91 | 92 | log.Logger.Debugf( 93 | "Fetching webhooks for %s", 94 | *org.info.Login, 95 | ) 96 | 97 | opt := &github.ListOptions{PerPage: org.paginationSize} 98 | hooks, err := utils.GetPaginatedResult( 99 | ctx, 100 | org.backoff, 101 | opt, 102 | func(opts *github.ListOptions) ([]*github.Hook, *github.Response, error) { 103 | return org.client.Organizations.ListHooks(ctx, 104 | *org.info.Login, 105 | opt, 106 | ) 107 | }, 108 | utils.WebhooksAggregator, 109 | ) 110 | 111 | hookMap := make(map[types.WebhookID]types.Webhook, len(hooks)) 112 | for _, h := range hooks { 113 | hookMap[types.WebhookID(*h.ID)] = h 114 | } 115 | org.Webhooks = hookMap 116 | return hookMap, err 117 | } 118 | 119 | func (org *Organization) GetInstalls( 120 | ctx context.Context) (map[types.InstallID]types.Install, error) { 121 | if len(org.Installations) > 0 { 122 | return org.Installations, nil 123 | } 124 | 125 | log.Logger.Debugf( 126 | "Fetching app installs for %s", 127 | *org.info.Login, 128 | ) 129 | 130 | opt := &github.ListOptions{PerPage: org.paginationSize} 131 | installs, err := utils.GetPaginatedResult( 132 | ctx, 133 | org.backoff, 134 | opt, 135 | func(opts *github.ListOptions) (*github.OrganizationInstallations, *github.Response, error) { 136 | return org.client.Organizations.ListInstallations( 137 | ctx, 138 | *org.info.Login, 139 | opt, 140 | ) 141 | }, 142 | utils.InstallsAggregator, 143 | ) 144 | if err != nil { 145 | log.Logger.Error(err) 146 | } 147 | 148 | installMap := make(map[types.InstallID]types.Install, len(installs)) 149 | for _, i := range installs { 150 | installMap[types.InstallID(*i.ID)] = i 151 | } 152 | org.Installations = installMap 153 | return installMap, err 154 | } 155 | 156 | func (org *Organization) GetActionRunners( 157 | ctx context.Context) (map[types.RunnerID]types.Runner, error) { 158 | if len(org.Runners) > 0 { 159 | return org.Runners, nil 160 | } 161 | 162 | log.Logger.Debugf( 163 | "Fetching action runners for %s", 164 | *org.info.Login, 165 | ) 166 | 167 | opt := &github.ListOptions{PerPage: org.paginationSize} 168 | runners, err := utils.GetPaginatedResult( 169 | ctx, 170 | org.backoff, 171 | opt, 172 | func(opts *github.ListOptions) (*github.Runners, *github.Response, error) { 173 | return org.client.Actions.ListOrganizationRunners( 174 | ctx, 175 | *org.info.Login, 176 | opt, 177 | ) 178 | }, 179 | utils.RunnersAggregator, 180 | ) 181 | 182 | runnerMap := make(map[types.RunnerID]types.Runner, len(runners)) 183 | for _, r := range runners { 184 | runnerMap[types.RunnerID(*r.ID)] = r 185 | } 186 | org.Runners = runnerMap 187 | return runnerMap, err 188 | } 189 | 190 | // GetUsers returns the users for a given org. Upon first call, 191 | // it lazily updates the Organization with the user information 192 | func (org *Organization) GetUsers(ctx context.Context) ( 193 | map[types.UserLogin]types.User, error) { 194 | 195 | if len(org.Users) > 0 { 196 | return org.Users, nil 197 | } 198 | 199 | log.Logger.Debugf("Fetching users for %s", *org.info.Login) 200 | opt := &github.ListMembersOptions{ 201 | ListOptions: github.ListOptions{PerPage: org.paginationSize}, 202 | } 203 | users, err := utils.GetPaginatedResult( 204 | ctx, 205 | org.backoff, 206 | &opt.ListOptions, 207 | func(opts *github.ListOptions) ([]*github.User, *github.Response, error) { 208 | return org.client.Organizations.ListMembers( 209 | ctx, 210 | *org.info.Login, 211 | opt, 212 | ) 213 | }, 214 | func(ghUsers []*github.User) []types.User { 215 | var users []types.User 216 | for _, m := range ghUsers { 217 | existingUser, ok := org.Users[*m.Login] 218 | if ok { 219 | users = append(users, existingUser) 220 | continue 221 | } 222 | 223 | // XXX information from listing collborators is incomplete 224 | // we need to explicitly fetch user info 225 | u, _, err := org.client.Users.Get(ctx, *m.Login) 226 | if err != nil { 227 | log.Logger.Error(err) 228 | continue 229 | } 230 | user := types.User{} 231 | // FIXME use reflection 232 | userJson, _ := json.Marshal(u) 233 | _ = json.Unmarshal(userJson, &user) 234 | users = append(users, user) 235 | } 236 | return users 237 | }, 238 | ) 239 | if err != nil { 240 | log.Logger.Error(err) 241 | } 242 | 243 | members := make(map[types.UserLogin]types.User, len(users)) 244 | for _, u := range users { 245 | members[types.UserLogin(*u.Login)] = u 246 | } 247 | org.Users = members 248 | return members, nil 249 | } 250 | 251 | // GetCollaborators returns the outside collaborators for a given org. Upon first call, 252 | // it lazily updates the Organization with the user information 253 | func (org *Organization) GetCollaborators(ctx context.Context) ( 254 | map[types.UserLogin]types.User, error) { 255 | 256 | if len(org.Collaborators) > 0 { 257 | return org.Collaborators, nil 258 | } 259 | 260 | log.Logger.Debugf( 261 | "Fetching external collaborators for %s", 262 | *org.info.Login, 263 | ) 264 | opt := &github.ListOutsideCollaboratorsOptions{ 265 | ListOptions: github.ListOptions{PerPage: org.paginationSize}, 266 | } 267 | users, err := utils.GetPaginatedResult( 268 | ctx, 269 | org.backoff, 270 | &opt.ListOptions, 271 | func(opts *github.ListOptions) ([]*github.User, *github.Response, error) { 272 | return org.client.Organizations.ListOutsideCollaborators( 273 | ctx, 274 | *org.info.Login, 275 | opt, 276 | ) 277 | }, 278 | func(ghUsers []*github.User) []types.User { 279 | var users []types.User 280 | for _, m := range ghUsers { 281 | existingUser, ok := org.Collaborators[*m.Login] 282 | if ok { 283 | users = append(users, existingUser) 284 | continue 285 | } 286 | // XXX information from listing collborators is incomplete 287 | // we meed tp explicitly fetch user info 288 | u, _, err := org.client.Users.Get(ctx, *m.Login) 289 | if err != nil { 290 | log.Logger.Error(err) 291 | continue 292 | } 293 | user := types.User{} 294 | // FIXME use reflection 295 | userJson, _ := json.Marshal(u) 296 | _ = json.Unmarshal(userJson, &user) 297 | users = append(users, user) 298 | } 299 | return users 300 | }, 301 | ) 302 | if err != nil { 303 | log.Logger.Error(err) 304 | } 305 | 306 | collaborators := make(map[types.UserLogin]types.User, len(users)) 307 | for _, u := range users { 308 | collaborators[types.UserLogin(*u.Login)] = u 309 | } 310 | org.Collaborators = collaborators 311 | return collaborators, nil 312 | } 313 | 314 | // GetRepositories returns the repositories for a given org. Upon first call, 315 | // it lazily updates the Organization with the repository information 316 | func (org *Organization) GetRepositories(ctx context.Context) ( 317 | map[types.RepoName]repo.Repository, error) { 318 | 319 | if len(org.Repositories) > 0 { 320 | return org.Repositories, nil 321 | } 322 | 323 | log.Logger.Debugf("Fetching repositories for %s", *org.info.Login) 324 | opt := &github.RepositoryListByOrgOptions{ 325 | ListOptions: github.ListOptions{PerPage: org.paginationSize}, 326 | } 327 | ghRepos, err := utils.GetPaginatedResult( 328 | ctx, 329 | org.backoff, 330 | &opt.ListOptions, 331 | func(opts *github.ListOptions) ([]*github.Repository, *github.Response, error) { 332 | return org.client.Repositories.ListByOrg( 333 | ctx, 334 | *org.info.Login, 335 | opt, 336 | ) 337 | }, 338 | func(ghRepositories []*github.Repository) []repo.Repository { 339 | var repos []repo.Repository 340 | for _, ghRepository := range ghRepositories { 341 | // ghRepository has incomplete information at this stage wrt to Org 342 | ghRepo, _, err := org.client.Repositories.GetByID( 343 | ctx, 344 | *ghRepository.ID, 345 | ) 346 | if err != nil { 347 | log.Logger.Error(err) 348 | continue 349 | } 350 | r, err := repo.NewRepository( 351 | ctx, 352 | org.client, 353 | org.backoff, 354 | ghRepo, 355 | ) 356 | if err != nil { 357 | log.Logger.Error(err) 358 | continue 359 | } 360 | repos = append(repos, *r) 361 | } 362 | return repos 363 | }, 364 | ) 365 | if err != nil { 366 | log.Logger.Error(err) 367 | } 368 | 369 | repositories := make(map[types.RepoName]repo.Repository, len(ghRepos)) 370 | for _, r := range ghRepos { 371 | repositories[types.RepoName(*r.CoreStats.Name)] = r 372 | } 373 | org.Repositories = repositories 374 | return repositories, nil 375 | } 376 | 377 | func (org *Organization) Audit2FA( 378 | ctx context.Context) ([]issue.Issue, map[issue.IssueID]error, error) { 379 | 380 | var issues []issue.Issue 381 | execStatus := map[issue.IssueID]error{} 382 | 383 | log.Logger.Debug("Checking if 2FA is required at org-level") 384 | if org.CoreStats.TwoFactorRequirementEnabled == nil { 385 | execStatus[issue.AUTH_2FA_ORG_DISABLED] = utils.PermissionsError 386 | execStatus[issue.AUTH_2FA_USER_DISABLED] = utils.PermissionsError 387 | return issues, execStatus, utils.PermissionsError 388 | } 389 | execStatus[issue.AUTH_2FA_ORG_DISABLED] = nil 390 | execStatus[issue.AUTH_2FA_USER_DISABLED] = nil 391 | if !*org.CoreStats.TwoFactorRequirementEnabled { 392 | issues = append(issues, issue.Org2FADisabled(*org.info.Login)) 393 | usersLacking2FA := []string{} 394 | resources := []resource.Resource{} 395 | 396 | users, err := org.GetUsers(ctx) 397 | if err != nil { 398 | log.Logger.Error(err) 399 | } 400 | 401 | // we only need to check for 2FA on users if the requirement for the org 402 | // is not enabled 403 | execStatus[issue.AUTH_2FA_USER_DISABLED] = err 404 | for _, user := range users { 405 | if user.TwoFactorAuthentication == nil || 406 | !*user.TwoFactorAuthentication { 407 | usersLacking2FA = append(usersLacking2FA, *user.Login) 408 | resources = append( 409 | resources, 410 | resource.Resource{ 411 | ID: *user.Login, 412 | Kind: resource.UserAccount, 413 | }, 414 | ) 415 | } 416 | } 417 | 418 | if len(usersLacking2FA) > 0 { 419 | issues = append( 420 | issues, 421 | issue.UsersWithout2FA(usersLacking2FA, resources), 422 | ) 423 | } 424 | } 425 | 426 | collaboratorsLacking2FA := []string{} 427 | collaborators, err := org.GetCollaborators(ctx) 428 | if err != nil { 429 | log.Logger.Error(err) 430 | } 431 | 432 | execStatus[issue.AUTH_2FA_COLLABORATOR_DISABLED] = err 433 | resources := []resource.Resource{} 434 | for _, user := range collaborators { 435 | if user.TwoFactorAuthentication == nil || 436 | !*user.TwoFactorAuthentication { 437 | collaboratorsLacking2FA = append( 438 | collaboratorsLacking2FA, 439 | *user.Login, 440 | ) 441 | resources = append( 442 | resources, 443 | resource.Resource{ID: *user.Login, Kind: resource.UserAccount}, 444 | ) 445 | } 446 | } 447 | 448 | if len(collaboratorsLacking2FA) > 0 { 449 | issues = append( 450 | issues, 451 | issue.CollaboratorsWithout2FA(collaboratorsLacking2FA, resources), 452 | ) 453 | } 454 | return issues, execStatus, nil 455 | } 456 | 457 | func (org *Organization) AuditWebhooks( 458 | ctx context.Context) ([]issue.Issue, map[issue.IssueID]error, error) { 459 | 460 | execStatus := make(map[issue.IssueID]error, 1) 461 | var issues []issue.Issue 462 | 463 | hooks, err := org.GetWebhooks(ctx) 464 | if err != nil { 465 | log.Logger.Error(err) 466 | } 467 | 468 | execStatus[issue.INF_DISC_HTTP_WEBHOOK] = err 469 | for _, hook := range hooks { 470 | if !*hook.Active { 471 | continue 472 | } 473 | url, ok := hook.Config["url"] 474 | if !ok { 475 | continue 476 | } 477 | if !strings.HasPrefix(url.(string), "https") { 478 | issues = append( 479 | issues, 480 | issue.InsecureWebhookPayloadURL(url.(string)), 481 | ) 482 | } 483 | } 484 | 485 | return issues, execStatus, nil 486 | } 487 | 488 | func (org *Organization) AuditCoreStats( 489 | ctx context.Context) ([]issue.Issue, map[issue.IssueID]error, error) { 490 | var issues []issue.Issue 491 | execStatus := make(map[issue.IssueID]error, 2) 492 | 493 | if org.CoreStats == nil { 494 | log.Logger.Fatalf( 495 | "It appears you don't have permissions to query this org", 496 | ) 497 | } 498 | 499 | if org.CoreStats.AdvancedSecurityEnabledForNewRepos == nil { 500 | execStatus[issue.TOOLING_ADVANCED_SECURITY_DISABLED] = utils.PermissionsError 501 | } else if !*org.CoreStats.AdvancedSecurityEnabledForNewRepos { 502 | execStatus[issue.TOOLING_ADVANCED_SECURITY_DISABLED] = nil 503 | issues = append( 504 | issues, 505 | issue.OrgAdvancedSecurityDisabled(*org.info.Login), 506 | ) 507 | } 508 | 509 | if org.CoreStats.SecretScanningEnabledForNewRepos == nil { 510 | execStatus[issue.INF_DISC_SECRET_SCANNING_DISABLED] = utils.PermissionsError 511 | } else if !*org.CoreStats.SecretScanningEnabledForNewRepos { 512 | execStatus[issue.INF_DISC_SECRET_SCANNING_DISABLED] = nil 513 | issues = append( 514 | issues, 515 | issue.OrgSecretScanningDisabledForNewRepos(*org.info.Login), 516 | ) 517 | } 518 | return issues, execStatus, nil 519 | } 520 | 521 | // Summarize provides generic statistics for a given org and serializes them 522 | // to disc 523 | func (org *Organization) Summarize() *types.OrgCoreStats { 524 | var collaborators []string 525 | for u := range org.Collaborators { 526 | collaborators = append(collaborators, u) 527 | } 528 | futils.SerializeFile( 529 | OrgStats{ 530 | CoreStats: org.CoreStats, 531 | Collaborators: collaborators, 532 | Webhooks: org.Webhooks, 533 | Installations: org.Installations, 534 | Runners: org.Runners, 535 | }, 536 | filepath.Join(futils.StatsDir, "orgCoreStats.json"), 537 | ) 538 | return org.CoreStats 539 | } 540 | 541 | func (org *Organization) AuditMemberPermissions( 542 | ctx context.Context) ([]issue.Issue, map[issue.IssueID]error, error) { 543 | var issues []issue.Issue 544 | execStatus := make(map[issue.IssueID]error, 1) 545 | 546 | log.Logger.Infof("[slow] Fetching user permissions for %s", *org.info.Login) 547 | 548 | // userRepoPermissions holds a list of all repos with a given permission for a given user 549 | type userRepoPermissions map[string]([]types.RepoName) 550 | // permission summary is the list of different permissions for a user 551 | permissionSummary := map[types.UserLogin]userRepoPermissions{} 552 | 553 | repos, err := org.GetRepositories(ctx) 554 | execStatus[issue.STATS_USER_PERM] = err 555 | if err != nil { 556 | log.Logger.Error(err) 557 | return issues, execStatus, err 558 | } 559 | 560 | var wg sync.WaitGroup 561 | var mutex sync.Mutex 562 | for _, r := range repos { 563 | wg.Add(1) 564 | go func(r repo.Repository, permissionSummary map[types.UserLogin]userRepoPermissions) { 565 | defer wg.Done() 566 | collabs, _ := r.GetCollaborators(ctx) 567 | 568 | for _, u := range collabs { 569 | perms, _, err := org.client.Repositories.GetPermissionLevel( 570 | ctx, 571 | *org.info.Login, 572 | *r.CoreStats.Name, 573 | *u.Login, 574 | ) 575 | if err != nil { 576 | log.Logger.Error(err) 577 | continue 578 | } 579 | 580 | mutex.Lock() 581 | userPerms, ok := permissionSummary[types.UserLogin(*u.Login)] 582 | if ok { 583 | // we've seen permissions for this user before 584 | previous, found := userPerms[*perms.Permission] 585 | if found { 586 | previous = append( 587 | previous, 588 | types.RepoName(*r.CoreStats.Name), 589 | ) 590 | userPerms[*perms.Permission] = previous 591 | } else { 592 | userPerms[*perms.Permission] = []types.RepoName{types.RepoName(*r.CoreStats.Name)} 593 | } 594 | permissionSummary[types.UserLogin(*u.Login)] = userPerms 595 | } else { 596 | permissionSummary[types.UserLogin(*u.Login)] = userRepoPermissions{*perms.Permission: []types.RepoName{types.RepoName(*r.CoreStats.Name)}} 597 | } 598 | mutex.Unlock() 599 | } 600 | }( 601 | r, 602 | permissionSummary, 603 | ) 604 | } 605 | wg.Wait() 606 | 607 | futils.SerializeFile( 608 | permissionSummary, 609 | filepath.Join(futils.MetadataDir, "permissions.json"), 610 | ) 611 | for u, perms := range permissionSummary { 612 | allPerms := []string{} 613 | for perm, repos := range perms { 614 | allPerms = append(allPerms, 615 | fmt.Sprintf("has '%s' access to repositories: %s", 616 | perm, strings.Join(repos, ", "))) 617 | } 618 | issues = append(issues, issue.UserPermissionStats(u, allPerms)) 619 | } 620 | return issues, execStatus, nil 621 | } 622 | 623 | func (org *Organization) Audit( 624 | ctx context.Context, 625 | enableUserPermissionStats bool, 626 | ) ([]issue.Issue, map[issue.IssueID]error, error) { 627 | var allIssues []issue.Issue 628 | execStatus := map[issue.IssueID]error{} 629 | 630 | auditHooks := [](func(context.Context) ([]issue.Issue, map[issue.IssueID]error, error)){ 631 | org.AuditCoreStats, 632 | org.AuditWebhooks, 633 | org.Audit2FA, 634 | } 635 | 636 | org.GetInstalls(ctx) 637 | org.GetActionRunners(ctx) 638 | 639 | if enableUserPermissionStats { 640 | auditHooks = append(auditHooks, org.AuditMemberPermissions) 641 | } 642 | for _, hook := range auditHooks { 643 | hookIssues, execResults, err := hook(ctx) 644 | if err != nil { 645 | log.Logger.Error(err) 646 | } 647 | allIssues = append(allIssues, hookIssues...) 648 | for id, err := range execResults { 649 | prevError, ok := execStatus[id] 650 | if !ok { 651 | // this is the first time we see this check 652 | execStatus[id] = err 653 | continue 654 | } 655 | // if we have additional errors just merge them for now 656 | if err != nil { 657 | if prevError != nil { 658 | execStatus[id] = errors.New(err.Error() + prevError.Error()) 659 | } 660 | } 661 | } 662 | } 663 | 664 | org.Summarize() 665 | return allIssues, execStatus, nil 666 | } 667 | -------------------------------------------------------------------------------- /pkg/github/repo/repo.go: -------------------------------------------------------------------------------- 1 | package repo 2 | 3 | import ( 4 | "context" 5 | "encoding/json" 6 | 7 | "github.com/crashappsec/github-analyzer/pkg/github/types" 8 | "github.com/crashappsec/github-analyzer/pkg/github/utils" 9 | "github.com/crashappsec/github-analyzer/pkg/log" 10 | "github.com/google/go-github/v47/github" 11 | "github.com/jpillora/backoff" 12 | ) 13 | 14 | type Repository struct { 15 | info *github.Repository 16 | client *github.Client 17 | backoff *backoff.Backoff 18 | paginationSize int 19 | 20 | CoreStats *types.RepoCoreStats 21 | Webhooks map[types.WebhookID]types.Webhook 22 | Workflows map[types.WorkflowID]types.Workflow 23 | Collaborators map[types.UserLogin]types.User 24 | } 25 | 26 | func NewRepository( 27 | ctx context.Context, 28 | client *github.Client, 29 | backoff *backoff.Backoff, 30 | raw *github.Repository) (*Repository, error) { 31 | // FIXME change to not use unmarshal w/ reflection or plain initializer 32 | var stats types.RepoCoreStats 33 | orgJson, _ := json.Marshal(raw) 34 | _ = json.Unmarshal(orgJson, &stats) 35 | 36 | return &Repository{ 37 | info: raw, 38 | client: client, 39 | backoff: backoff, 40 | paginationSize: 100, 41 | CoreStats: &stats, 42 | }, nil 43 | } 44 | 45 | func (repo *Repository) GetWebhooks( 46 | ctx context.Context) (map[types.WebhookID]types.Webhook, error) { 47 | if len(repo.Webhooks) > 0 { 48 | return repo.Webhooks, nil 49 | } 50 | 51 | opt := &github.ListOptions{PerPage: repo.paginationSize} 52 | hooks, err := utils.GetPaginatedResult( 53 | ctx, 54 | repo.backoff, 55 | opt, 56 | func(opts *github.ListOptions) ([]*github.Hook, *github.Response, error) { 57 | return repo.client.Repositories.ListHooks(ctx, 58 | *repo.info.Organization.Login, 59 | *repo.info.Name, 60 | opt, 61 | ) 62 | }, 63 | utils.WebhooksAggregator, 64 | ) 65 | 66 | hookMap := make(map[types.WebhookID]types.Webhook, len(hooks)) 67 | for _, h := range hooks { 68 | hookMap[types.WebhookID(*h.ID)] = h 69 | } 70 | repo.Webhooks = hookMap 71 | return hookMap, err 72 | } 73 | 74 | func (repo *Repository) GetWorkflows( 75 | ctx context.Context) (map[types.WorkflowID]types.Workflow, error) { 76 | if len(repo.Workflows) > 0 { 77 | return repo.Workflows, nil 78 | } 79 | 80 | opt := &github.ListOptions{PerPage: repo.paginationSize} 81 | workflows, err := utils.GetPaginatedResult( 82 | ctx, 83 | repo.backoff, 84 | opt, 85 | func(opts *github.ListOptions) (*github.Workflows, *github.Response, error) { 86 | return repo.client.Actions.ListWorkflows( 87 | ctx, 88 | *repo.info.Organization.Login, 89 | *repo.info.Name, 90 | opt, 91 | ) 92 | }, 93 | utils.WorkflowsAggregator, 94 | ) 95 | 96 | wfMap := make(map[types.WorkflowID]types.Workflow, len(workflows)) 97 | for _, w := range workflows { 98 | wfMap[types.WorkflowID(*w.ID)] = w 99 | } 100 | repo.Workflows = wfMap 101 | return wfMap, err 102 | } 103 | 104 | // GetCollaborators returns the outside collaborators for a given org. Upon first call, 105 | // it lazily updates the Organization with the user information 106 | func (repo *Repository) GetCollaborators(ctx context.Context) ( 107 | map[types.UserLogin]types.User, error) { 108 | 109 | if len(repo.Collaborators) > 0 { 110 | return repo.Collaborators, nil 111 | } 112 | 113 | log.Logger.Debugf( 114 | "Fetching external collaborators for %s", 115 | *repo.info.Name, 116 | ) 117 | opt := &github.ListCollaboratorsOptions{ 118 | ListOptions: github.ListOptions{PerPage: repo.paginationSize}, 119 | } 120 | users, err := utils.GetPaginatedResult( 121 | ctx, 122 | repo.backoff, 123 | &opt.ListOptions, 124 | func(opts *github.ListOptions) ([]*github.User, *github.Response, error) { 125 | return repo.client.Repositories.ListCollaborators( 126 | ctx, 127 | *repo.info.Organization.Login, 128 | *repo.info.Name, 129 | opt, 130 | ) 131 | }, 132 | func(ghUsers []*github.User) []types.User { 133 | var users []types.User 134 | for _, m := range ghUsers { 135 | existingUser, ok := repo.Collaborators[types.UserLogin(*m.Login)] 136 | if ok { 137 | users = append(users, existingUser) 138 | continue 139 | } 140 | // XXX information from listing collborators is incomplete 141 | // we meed tp explicitly fetch user info 142 | u, _, err := repo.client.Users.Get(ctx, *m.Login) 143 | if err != nil { 144 | log.Logger.Error(err) 145 | continue 146 | } 147 | user := types.User{} 148 | // FIXME use reflection 149 | userJson, _ := json.Marshal(u) 150 | _ = json.Unmarshal(userJson, &user) 151 | users = append(users, user) 152 | } 153 | return users 154 | }, 155 | ) 156 | if err != nil { 157 | log.Logger.Error(err) 158 | } 159 | 160 | repo.backoff.Reset() 161 | collaborators := make(map[types.UserLogin]types.User, len(users)) 162 | for _, u := range users { 163 | collaborators[types.UserLogin(*u.Login)] = u 164 | } 165 | repo.Collaborators = collaborators 166 | return collaborators, nil 167 | } 168 | -------------------------------------------------------------------------------- /pkg/github/types/types.go: -------------------------------------------------------------------------------- 1 | // Package types exposes subsets of the core github types and attributes that we use for our analysis 2 | package types 3 | 4 | import ( 5 | "github.com/google/go-github/v47/github" 6 | ) 7 | 8 | type Runner struct { 9 | ID *int64 `json:"id,omitempty"` 10 | Name *string `json:"name,omitempty"` 11 | OS *string `json:"os,omitempty"` 12 | Status *string `json:"status,omitempty"` 13 | } 14 | 15 | type Install struct { 16 | ID *int64 `json:"id,omitempty"` 17 | AppID *int64 `json:"app_id,omitempty"` 18 | AppSlug *string `json:"app_slug,omitempty"` 19 | NodeID *string `json:"node_id,omitempty"` 20 | TargetID *int64 `json:"target_id,omitempty"` 21 | Account *github.User `json:"account,omitempty"` 22 | TargetType *string `json:"target_type,omitempty"` 23 | RepositorySelection *string `json:"repository_selection,omitempty"` 24 | Permissions *github.InstallationPermissions `json:"permissions,omitempty"` 25 | CreatedAt *github.Timestamp `json:"created_at,omitempty"` 26 | HasMultipleSingleFiles *bool `json:"has_multiple_single_files,omitempty"` 27 | SuspendedBy *github.User `json:"suspended_by,omitempty"` 28 | SuspendedAt *github.Timestamp `json:"suspended_at,omitempty"` 29 | } 30 | 31 | // OrgCoreStats is the subset of Org attributes / statistics we care about from 32 | // the github.Organization attributes 33 | type OrgCoreStats struct { 34 | Login *string `json:"login,omitempty"` 35 | ID *int64 `json:"id,omitempty"` 36 | Name *string `json:"name,omitempty"` 37 | PublicRepos *int `json:"public_repos,omitempty"` 38 | PublicGists *int `json:"public_gists,omitempty"` 39 | Followers *int `json:"followers,omitempty"` 40 | Following *int `json:"following,omitempty"` 41 | TotalPrivateRepos *int `json:"total_private_repos,omitempty"` 42 | OwnedPrivateRepos *int `json:"owned_private_repos,omitempty"` 43 | PrivateGists *int `json:"private_gists,omitempty"` 44 | DiskUsage *int `json:"disk_usage,omitempty"` // TODO code-smell disk usage from stale repos 45 | Collaborators *int `json:"collaborators,omitempty"` // TODO collaborator access 46 | TwoFactorRequirementEnabled *bool `json:"two_factor_requirement_enabled,omitempty"` 47 | IsVerified *bool `json:"is_verified,omitempty"` 48 | HasOrganizationProjects *bool `json:"has_organization_projects,omitempty"` 49 | HasRepositoryProjects *bool `json:"has_repository_projects,omitempty"` 50 | DefaultRepoPermission *string `json:"default_repository_permission,omitempty"` 51 | DefaultRepoSettings *string `json:"default_repository_settings,omitempty"` 52 | MembersCanCreateRepos *bool `json:"members_can_create_repositories,omitempty"` 53 | MembersCanCreatePublicRepos *bool `json:"members_can_create_public_repositories,omitempty"` 54 | MembersCanCreatePrivateRepos *bool `json:"members_can_create_private_repositories,omitempty"` 55 | MembersCanCreateInternalRepos *bool `json:"members_can_create_internal_repositories,omitempty"` 56 | MembersCanForkPrivateRepos *bool `json:"members_can_fork_private_repositories,omitempty"` 57 | MembersAllowedRepositoryCreationType *string `json:"members_allowed_repository_creation_type,omitempty"` 58 | MembersCanCreatePages *bool `json:"members_can_create_pages,omitempty"` 59 | MembersCanCreatePublicPages *bool `json:"members_can_create_public_pages,omitempty"` 60 | MembersCanCreatePrivatePages *bool `json:"members_can_create_private_pages,omitempty"` 61 | WebCommitSignoffRequired *bool `json:"web_commit_signoff_required,omitempty"` 62 | AdvancedSecurityEnabledForNewRepos *bool `json:"advanced_security_enabled_for_new_repositories,omitempty"` 63 | DependabotAlertsEnabledForNewRepos *bool `json:"dependabot_alerts_enabled_for_new_repositories,omitempty"` 64 | DependabotSecurityUpdatesEnabledForNewRepos *bool `json:"dependabot_security_updates_enabled_for_new_repositories,omitempty"` 65 | DependencyGraphEnabledForNewRepos *bool `json:"dependency_graph_enabled_for_new_repositories,omitempty"` 66 | SecretScanningEnabledForNewRepos *bool `json:"secret_scanning_enabled_for_new_repositories,omitempty"` 67 | SecretScanningPushProtectionEnabledForNewRepos *bool `json:"secret_scanning_push_protection_enabled_for_new_repositories,omitempty"` 68 | } 69 | 70 | type Webhook struct { 71 | URL *string `json:"url,omitempty"` 72 | ID *int64 `json:"id,omitempty"` 73 | Type *string `json:"type,omitempty"` 74 | Name *string `json:"name,omitempty"` 75 | TestURL *string `json:"test_url,omitempty"` 76 | PingURL *string `json:"ping_url,omitempty"` 77 | Config map[string]interface{} `json:"config,omitempty"` 78 | Active *bool `json:"active,omitempty"` 79 | } 80 | 81 | type Workflow struct { 82 | ID *int64 `json:"id,omitempty"` 83 | Name *string `json:"name,omitempty"` 84 | Path *string `json:"path,omitempty"` 85 | State *string `json:"state,omitempty"` 86 | URL *string `json:"url,omitempty"` 87 | } 88 | 89 | type RepoCoreStats struct { 90 | ID *int64 `json:"id,omitempty"` 91 | Owner *github.User `json:"owner,omitempty"` 92 | Name *string `json:"name,omitempty"` 93 | FullName *string `json:"full_name,omitempty"` 94 | CodeOfConduct *github.CodeOfConduct `json:"code_of_conduct,omitempty"` 95 | DefaultBranch *string `json:"default_branch,omitempty"` 96 | MasterBranch *string `json:"master_branch,omitempty"` 97 | CreatedAt *github.Timestamp `json:"created_at,omitempty"` 98 | PushedAt *github.Timestamp `json:"pushed_at,omitempty"` 99 | UpdatedAt *github.Timestamp `json:"updated_at,omitempty"` 100 | Language *string `json:"language,omitempty"` 101 | Fork *bool `json:"fork,omitempty"` 102 | ForksCount *int `json:"forks_count,omitempty"` 103 | NetworkCount *int `json:"network_count,omitempty"` 104 | OpenIssuesCount *int `json:"open_issues_count,omitempty"` 105 | StargazersCount *int `json:"stargazers_count,omitempty"` 106 | SubscribersCount *int `json:"subscribers_count,omitempty"` 107 | Size *int `json:"size,omitempty"` 108 | Permissions map[string]bool `json:"permissions,omitempty"` 109 | AllowRebaseMerge *bool `json:"allow_rebase_merge,omitempty"` 110 | AllowUpdateBranch *bool `json:"allow_update_branch,omitempty"` 111 | AllowSquashMerge *bool `json:"allow_squash_merge,omitempty"` 112 | AllowMergeCommit *bool `json:"allow_merge_commit,omitempty"` 113 | AllowAutoMerge *bool `json:"allow_auto_merge,omitempty"` 114 | AllowForking *bool `json:"allow_forking,omitempty"` 115 | DeleteBranchOnMerge *bool `json:"delete_branch_on_merge,omitempty"` 116 | UseSquashPRTitleAsDefault *bool `json:"use_squash_pr_title_as_default,omitempty"` 117 | Archived *bool `json:"archived,omitempty"` 118 | Disabled *bool `json:"disabled,omitempty"` 119 | License *github.License `json:"license,omitempty"` 120 | Private *bool `json:"private,omitempty"` 121 | HasIssues *bool `json:"has_issues,omitempty"` 122 | HasWiki *bool `json:"has_wiki,omitempty"` 123 | HasPages *bool `json:"has_pages,omitempty"` 124 | HasProjects *bool `json:"has_projects,omitempty"` 125 | HasDownloads *bool `json:"has_downloads,omitempty"` 126 | IsTemplate *bool `json:"is_template,omitempty"` 127 | LicenseTemplate *string `json:"license_template,omitempty"` 128 | GitignoreTemplate *string `json:"gitignore_template,omitempty"` 129 | SecurityAndAnalysis *github.SecurityAndAnalysis `json:"security_and_analysis,omitempty"` 130 | Visibility *string `json:"visibility,omitempty"` 131 | RoleName *string `json:"role_name,omitempty"` 132 | } 133 | 134 | type User struct { 135 | Login *string `json:"login,omitempty"` 136 | ID *int64 `json:"id,omitempty"` 137 | NodeID *string `json:"node_id,omitempty"` 138 | HTMLURL *string `json:"html_url,omitempty"` 139 | Name *string `json:"name,omitempty"` 140 | Company *string `json:"company,omitempty"` 141 | Blog *string `json:"blog,omitempty"` 142 | Location *string `json:"location,omitempty"` 143 | Email *string `json:"email,omitempty"` 144 | Hireable *bool `json:"hireable,omitempty"` 145 | PublicRepos *int `json:"public_repos,omitempty"` 146 | PublicGists *int `json:"public_gists,omitempty"` 147 | Followers *int `json:"followers,omitempty"` 148 | Following *int `json:"following,omitempty"` 149 | Type *string `json:"type,omitempty"` 150 | SiteAdmin *bool `json:"site_admin,omitempty"` 151 | TotalPrivateRepos *int `json:"total_private_repos,omitempty"` 152 | OwnedPrivateRepos *int `json:"owned_private_repos,omitempty"` 153 | PrivateGists *int `json:"private_gists,omitempty"` 154 | TwoFactorAuthentication *bool `json:"two_factor_authentication,omitempty"` 155 | GistsURL *string `json:"gists_url,omitempty"` 156 | OrganizationsURL *string `json:"organizations_url,omitempty"` 157 | ReposURL *string `json:"repos_url,omitempty"` 158 | Permissions map[string]bool `json:"permissions,omitempty"` 159 | RoleName *string `json:"role_name,omitempty"` 160 | } 161 | 162 | type InstallID = int64 163 | type RepoName = string 164 | type RunnerID = int64 165 | type UserLogin = string 166 | type WebhookID = int64 167 | type WorkflowID = int64 168 | -------------------------------------------------------------------------------- /pkg/github/utils/utils.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | "reflect" 7 | "runtime" 8 | "time" 9 | 10 | "github.com/crashappsec/github-analyzer/pkg/github/types" 11 | "github.com/crashappsec/github-analyzer/pkg/log" 12 | "github.com/google/go-github/v47/github" 13 | "github.com/jpillora/backoff" 14 | ) 15 | 16 | var PermissionsError = fmt.Errorf("Permissions error") 17 | 18 | func RunnersAggregator(runners *github.Runners) []types.Runner { 19 | var orgRunners []types.Runner 20 | for _, runner := range runners.Runners { 21 | r := types.Runner{ 22 | ID: runner.ID, 23 | Name: runner.Name, 24 | OS: runner.OS, 25 | Status: runner.Status, 26 | } 27 | orgRunners = append(orgRunners, r) 28 | } 29 | return orgRunners 30 | } 31 | 32 | func InstallsAggregator( 33 | installs *github.OrganizationInstallations, 34 | ) []types.Install { 35 | var orgInstalls []types.Install 36 | 37 | for _, install := range installs.Installations { 38 | in := types.Install{ 39 | ID: install.ID, 40 | AppID: install.AppID, 41 | AppSlug: install.AppSlug, 42 | NodeID: install.NodeID, 43 | TargetID: install.TargetID, 44 | Account: install.Account, 45 | TargetType: install.TargetType, 46 | RepositorySelection: install.RepositorySelection, 47 | Permissions: install.Permissions, 48 | CreatedAt: install.CreatedAt, 49 | HasMultipleSingleFiles: install.HasMultipleSingleFiles, 50 | SuspendedBy: install.SuspendedBy, 51 | SuspendedAt: install.SuspendedAt, 52 | } 53 | orgInstalls = append(orgInstalls, in) 54 | } 55 | return orgInstalls 56 | } 57 | 58 | func WebhooksAggregator(hooks []*github.Hook) []types.Webhook { 59 | var webhooks []types.Webhook 60 | for _, hook := range hooks { 61 | wh := types.Webhook{ 62 | URL: hook.URL, 63 | ID: hook.ID, 64 | Type: hook.Type, 65 | Name: hook.Name, 66 | TestURL: hook.TestURL, 67 | PingURL: hook.PingURL, 68 | Config: hook.Config, 69 | Active: hook.Active, 70 | } 71 | webhooks = append(webhooks, wh) 72 | } 73 | return webhooks 74 | } 75 | 76 | func WorkflowsAggregator(workflows *github.Workflows) []types.Workflow { 77 | var repoWorkflows []types.Workflow 78 | for _, workflow := range workflows.Workflows { 79 | w := types.Workflow{ 80 | ID: workflow.ID, 81 | Name: workflow.Name, 82 | Path: workflow.Path, 83 | State: workflow.State, 84 | URL: workflow.URL, 85 | } 86 | repoWorkflows = append(repoWorkflows, w) 87 | } 88 | return repoWorkflows 89 | } 90 | 91 | func GetPaginatedResult[T any, K any]( 92 | ctx context.Context, 93 | globalBackoff *backoff.Backoff, 94 | callOpts *github.ListOptions, 95 | githubCall func(opts *github.ListOptions) (K, *github.Response, error), 96 | aggregator func(K) []T, 97 | ) ([]T, error) { 98 | 99 | var results []T 100 | retries := 0 101 | 102 | var back *backoff.Backoff 103 | if globalBackoff != nil { 104 | back = &backoff.Backoff{ 105 | Min: globalBackoff.Min, 106 | Max: globalBackoff.Max, 107 | Jitter: globalBackoff.Jitter, 108 | } 109 | } else { 110 | back = &backoff.Backoff{ 111 | Min: 30 * time.Second, 112 | Max: 30 * time.Minute, 113 | Jitter: true, 114 | } 115 | } 116 | 117 | for { 118 | raw, resp, err := githubCall(callOpts) 119 | 120 | _, ok := err.(*github.RateLimitError) 121 | if ok || resp == nil { 122 | d := back.Duration() 123 | log.Logger.Infof("Hit rate limit, sleeping for %v", d) 124 | time.Sleep(d) 125 | if resp == nil { 126 | retries += 1 127 | if retries > 10 { 128 | return results, fmt.Errorf( 129 | "Aborting after 5 failed retries", 130 | ) 131 | } 132 | } 133 | continue 134 | } 135 | 136 | retries = 0 137 | if err != nil && resp != nil { 138 | if resp.StatusCode == 403 { 139 | log.Logger.Debugf( 140 | "It appears the token being used doesn't have access to call %v", 141 | runtime.FuncForPC(reflect.ValueOf(githubCall).Pointer()). 142 | Name(), 143 | ) 144 | log.Logger.Errorf( 145 | "The token used does not have premissions to make this API call", 146 | ) 147 | } else { 148 | log.Logger.Error(err) 149 | } 150 | return results, err 151 | } 152 | 153 | back.Reset() 154 | for _, res := range aggregator(raw) { 155 | results = append(results, res) 156 | } 157 | 158 | if resp.NextPage == 0 { 159 | break 160 | } 161 | 162 | callOpts.Page = resp.NextPage 163 | } 164 | 165 | return results, nil 166 | } 167 | -------------------------------------------------------------------------------- /pkg/issue/category/category.go: -------------------------------------------------------------------------------- 1 | package category 2 | 3 | type Category string 4 | 5 | const ( 6 | Code Category = "Code" 7 | LeastPrivilege = "Least Privilege" 8 | Authentication = "Authentication" 9 | Authorization = "Authorization" 10 | InformationDisclosure = "Information disclosure to untrusted parties" 11 | ToolingAndAutomation = "Tooling and automatino configuration" 12 | ) 13 | -------------------------------------------------------------------------------- /pkg/issue/issue.go: -------------------------------------------------------------------------------- 1 | package issue 2 | 3 | import ( 4 | "fmt" 5 | "strings" 6 | 7 | "github.com/crashappsec/github-analyzer/pkg/issue/category" 8 | "github.com/crashappsec/github-analyzer/pkg/issue/resource" 9 | "github.com/crashappsec/github-analyzer/pkg/issue/severity" 10 | "github.com/crashappsec/github-analyzer/pkg/issue/tags" 11 | ) 12 | 13 | type IssueID string 14 | 15 | const ( 16 | AUTH_2FA_ORG_DISABLED IssueID = "AUTH_2FA_ORG_DISABLED" 17 | AUTH_2FA_USER_DISABLED = "AUTH_2FA_USER_DISABLED" 18 | AUTH_2FA_COLLABORATOR_DISABLED = "AUTH_2FA_COLLABORATOR_DISABLED" 19 | INF_DISC_HTTP_WEBHOOK = "INF_DISC_HTTP_WEBHOOK" 20 | INF_DISC_SECRET_SCANNING_DISABLED = "INF_DISC_SECRET_SCANNING_DISABLED" 21 | TOOLING_ADVANCED_SECURITY_DISABLED = "TOOLING_ADVANCED_SECURITY_DISABLED" 22 | LEAST_PRIV_OAUTH_PERMS_DISABLED = "LEAST_PRIV_OAUTH_PERMS_DISABLED" 23 | STATS_OAUTH_PERMS = "STATS_OAUTH_PERMS" 24 | STATS_USER_PERM = "STATS_USER_PERM" 25 | ) 26 | 27 | var AvailableChecks = map[IssueID]string{ 28 | AUTH_2FA_ORG_DISABLED: "Organization 2FA settings", 29 | AUTH_2FA_USER_DISABLED: "User 2FA settings", 30 | AUTH_2FA_COLLABORATOR_DISABLED: "Collaborator 2FA settings", 31 | INF_DISC_HTTP_WEBHOOK: "Webhook payload URL settings", 32 | INF_DISC_SECRET_SCANNING_DISABLED: "Secret scanning settings for new repositories", 33 | TOOLING_ADVANCED_SECURITY_DISABLED: "Advanced security settings for new repositories", 34 | LEAST_PRIV_OAUTH_PERMS_DISABLED: "Application restriction settings", 35 | STATS_USER_PERM: "Permissions overview for users", 36 | STATS_OAUTH_PERMS: "OAuth application summary", 37 | } 38 | 39 | type Issue struct { 40 | ID IssueID `json:"id"` 41 | Name string `json:"name"` 42 | Severity severity.Severity `json:"severity"` 43 | Category category.Category `json:"category"` 44 | Tags []tags.Tag `json:"tags,omitempty"` 45 | Description string `json:"description"` 46 | Resources []resource.Resource `json:"resource"` 47 | CWEs []int `json:"cwes,omitempty"` 48 | Remediation string `json:"remediation"` 49 | } 50 | 51 | func Org2FADisabled(org string) Issue { 52 | return Issue{ 53 | ID: AUTH_2FA_ORG_DISABLED, 54 | Name: AvailableChecks[AUTH_2FA_ORG_DISABLED], 55 | Severity: severity.Medium, 56 | Category: category.Authentication, 57 | Description: fmt.Sprintf( 58 | "Two-factor authentication requirement in organization '%s' is disabled", 59 | org, 60 | ), 61 | Resources: []resource.Resource{ 62 | { 63 | ID: org, 64 | Kind: resource.Organization, 65 | }, 66 | }, 67 | Remediation: "Please see https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization for steps on how to configure 2FA for your organization", 68 | } 69 | } 70 | 71 | func UsersWithout2FA( 72 | usersLacking2FA []string, 73 | resources []resource.Resource, 74 | ) Issue { 75 | return Issue{ 76 | ID: AUTH_2FA_USER_DISABLED, 77 | Name: AvailableChecks[AUTH_2FA_USER_DISABLED], 78 | Severity: severity.Low, 79 | Category: category.Authentication, 80 | CWEs: []int{308}, 81 | Description: fmt.Sprintf( 82 | "The following users have not enabled 2FA: %s", 83 | strings.Join(usersLacking2FA, ", "), 84 | ), 85 | Resources: resources, 86 | Remediation: "Please see https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication for steps on how to configure 2FA for individual accounts", 87 | } 88 | } 89 | 90 | func CollaboratorsWithout2FA( 91 | usersLacking2FA []string, 92 | resources []resource.Resource, 93 | ) Issue { 94 | return Issue{ 95 | ID: AUTH_2FA_COLLABORATOR_DISABLED, 96 | Name: AvailableChecks[AUTH_2FA_COLLABORATOR_DISABLED], 97 | Severity: severity.Low, 98 | Category: category.Authentication, 99 | CWEs: []int{308}, 100 | Description: fmt.Sprintf( 101 | "The following collaborators have not enabled 2FA: %s", 102 | strings.Join(usersLacking2FA, ", "), 103 | ), 104 | Resources: resources, 105 | Remediation: "Please see https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication for steps on how to configure 2FA for individual accounts", 106 | } 107 | } 108 | 109 | func InsecureWebhookPayloadURL(url string) Issue { 110 | return Issue{ 111 | ID: INF_DISC_HTTP_WEBHOOK, 112 | Name: AvailableChecks[INF_DISC_HTTP_WEBHOOK], 113 | Severity: severity.High, 114 | Category: category.InformationDisclosure, 115 | CWEs: []int{319}, 116 | Description: fmt.Sprintf( 117 | "Non-HTTPS webhook detected: %s", 118 | url, 119 | ), 120 | Resources: []resource.Resource{ 121 | {ID: url, Kind: resource.Webhook}, 122 | }, 123 | Remediation: "It is recommended to use HTTPS webhooks if data involved is sensitive and also enable SSL verification as outlined in https://docs.github.com/en/developers/webhooks-and-events/webhooks/creating-webhooks", 124 | } 125 | } 126 | 127 | func OrgAdvancedSecurityDisabled(org string) Issue { 128 | return Issue{ 129 | ID: TOOLING_ADVANCED_SECURITY_DISABLED, 130 | Name: AvailableChecks[TOOLING_ADVANCED_SECURITY_DISABLED], 131 | Severity: severity.Medium, 132 | Category: category.ToolingAndAutomation, 133 | CWEs: []int{319}, 134 | Description: fmt.Sprintf( 135 | "Advanced security disabled for new repositories in organization '%s'", 136 | org, 137 | ), 138 | Resources: []resource.Resource{ 139 | { 140 | ID: org, 141 | Kind: resource.Organization, 142 | }, 143 | }, 144 | Tags: []tags.Tag{tags.AdvancedSecurity}, 145 | Remediation: "Please see https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security for how to enable secret scanning in your repositories", 146 | } 147 | } 148 | 149 | func OrgSecretScanningDisabledForNewRepos(org string) Issue { 150 | return Issue{ 151 | ID: INF_DISC_SECRET_SCANNING_DISABLED, 152 | Name: AvailableChecks[INF_DISC_SECRET_SCANNING_DISABLED], 153 | Severity: severity.Medium, 154 | Category: category.InformationDisclosure, 155 | CWEs: []int{319}, 156 | Description: fmt.Sprintf( 157 | "Secret scanning disabled for organization '%s'", 158 | org, 159 | ), 160 | Resources: []resource.Resource{ 161 | { 162 | ID: org, 163 | Kind: resource.Organization, 164 | }, 165 | }, 166 | Tags: []tags.Tag{tags.AdvancedSecurity}, 167 | Remediation: "Please see https://docs.github.com/en/github-ae@latest/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories for how to enable secret scanning in your repositories", 168 | } 169 | } 170 | 171 | func UserPermissionStats(user string, permissions []string) Issue { 172 | return Issue{ 173 | ID: STATS_USER_PERM, 174 | Name: AvailableChecks[STATS_USER_PERM], 175 | Severity: severity.Informational, 176 | Category: category.LeastPrivilege, 177 | Description: fmt.Sprintf( 178 | "User '%s' %v", 179 | user, 180 | strings.Join(permissions, ", and "), 181 | ), 182 | Resources: []resource.Resource{ 183 | { 184 | ID: user, 185 | Kind: resource.UserAccount, 186 | }, 187 | }, 188 | Remediation: "Please examine if the permissions for the given user match your expectations", 189 | } 190 | } 191 | 192 | func ApplicationRestrictionsDisabled(org string) Issue { 193 | return Issue{ 194 | ID: LEAST_PRIV_OAUTH_PERMS_DISABLED, 195 | Name: AvailableChecks[LEAST_PRIV_OAUTH_PERMS_DISABLED], 196 | Severity: severity.High, 197 | Category: category.LeastPrivilege, 198 | Description: fmt.Sprintf( 199 | "Application restrictions for organization '%s' is disabled. Without OAuth App access restrictions any App is automatically granted access to the organization account when any organization member installs and authorizes the App, even if they do so for a personal account. This can lead to untrusted apps accessing organization resources", 200 | org, 201 | ), 202 | Resources: []resource.Resource{ 203 | { 204 | ID: org, 205 | Kind: resource.Organization, 206 | }, 207 | }, 208 | Remediation: "Please see https://docs.github.com/en/organizations/restricting-access-to-your-organizations-data/about-oauth-app-access-restrictions for steps on how to configure OAuth App access for your organization", 209 | } 210 | } 211 | 212 | func OAuthStats(org string, appinfo []string) Issue { 213 | return Issue{ 214 | ID: STATS_OAUTH_PERMS, 215 | Name: AvailableChecks[STATS_OAUTH_PERMS], 216 | Severity: severity.Informational, 217 | Category: category.LeastPrivilege, 218 | Description: fmt.Sprintf( 219 | "OAuth apps for '%s': %s", 220 | org, 221 | strings.Join(appinfo, ", "), 222 | ), 223 | Resources: []resource.Resource{ 224 | { 225 | ID: org, 226 | Kind: resource.Organization, 227 | }, 228 | }, 229 | Remediation: "Please ensure the OAuth Apps installed in your organization meet your expectations", 230 | } 231 | } 232 | -------------------------------------------------------------------------------- /pkg/issue/resource/resource.go: -------------------------------------------------------------------------------- 1 | package resource 2 | 3 | type Kind string 4 | 5 | const ( 6 | UserAccount Kind = "UserAccount" 7 | Organization = "Organization" 8 | Webhook = "Webhook" 9 | ) 10 | 11 | type Resource struct { 12 | ID string `json:"id"` 13 | Kind Kind `json:"kind"` 14 | } 15 | -------------------------------------------------------------------------------- /pkg/issue/severity/severity.go: -------------------------------------------------------------------------------- 1 | package severity 2 | 3 | type Severity int 4 | 5 | const ( 6 | Informational Severity = iota 7 | Hygiene 8 | Low 9 | Medium 10 | High 11 | Critical 12 | ) 13 | 14 | func (s Severity) String() string { 15 | switch s { 16 | case Informational: 17 | return "Informational" 18 | case Hygiene: 19 | return "Hygiene" 20 | case Low: 21 | return "Low" 22 | case Medium: 23 | return "Medium" 24 | case High: 25 | return "High" 26 | case Critical: 27 | return "Critical" 28 | } 29 | return "Unknown" 30 | } 31 | -------------------------------------------------------------------------------- /pkg/issue/tags/tags.go: -------------------------------------------------------------------------------- 1 | package tags 2 | 3 | type Tag string 4 | 5 | const ( 6 | ThirdPartyApp Tag = "Third-party applications" 7 | AdvancedSecurity = "GitHub Advanced Security feature" 8 | ) 9 | -------------------------------------------------------------------------------- /pkg/log/logger.go: -------------------------------------------------------------------------------- 1 | package log 2 | 3 | import ( 4 | "log" 5 | "os" 6 | 7 | "go.uber.org/zap" 8 | "go.uber.org/zap/zapcore" 9 | ) 10 | 11 | var Logger *zap.SugaredLogger = initLogger(false) 12 | 13 | func initLogger(enableStackTrace bool) *zap.SugaredLogger { 14 | config := zap.NewProductionEncoderConfig() 15 | config.EncodeTime = zapcore.ISO8601TimeEncoder 16 | 17 | fileEncoder := zapcore.NewJSONEncoder(config) 18 | stdoutEncoder := zapcore.NewConsoleEncoder(config) 19 | 20 | // FIXME read from env variable 21 | logFile, err := os.OpenFile( 22 | "github-analyzer.log", 23 | os.O_APPEND|os.O_CREATE|os.O_WRONLY, 24 | 0644, 25 | ) 26 | if err != nil { 27 | log.Fatal(err) 28 | } 29 | 30 | writer := zapcore.AddSync(logFile) 31 | defaultLogLevel := zapcore.DebugLevel 32 | 33 | core := zapcore.NewTee( 34 | zapcore.NewCore( 35 | stdoutEncoder, 36 | zapcore.AddSync(os.Stdout), 37 | defaultLogLevel, 38 | ), 39 | zapcore.NewCore(fileEncoder, writer, defaultLogLevel), 40 | ) 41 | 42 | if enableStackTrace { 43 | return zap.New(core, zap.AddCaller(), zap.AddStacktrace(zapcore.ErrorLevel)). 44 | Sugar() 45 | } 46 | return zap.New(core, zap.AddCaller()).Sugar() 47 | } 48 | -------------------------------------------------------------------------------- /pkg/output/html/html.go: -------------------------------------------------------------------------------- 1 | package html 2 | 3 | import ( 4 | "encoding/json" 5 | "sort" 6 | 7 | "embed" 8 | "fmt" 9 | "html/template" 10 | "io/ioutil" 11 | "net/http" 12 | "os" 13 | "strings" 14 | 15 | "github.com/crashappsec/github-analyzer/pkg/github/org" 16 | "github.com/crashappsec/github-analyzer/pkg/issue" 17 | "github.com/crashappsec/github-analyzer/pkg/log" 18 | "github.com/google/go-github/scrape" 19 | "github.com/google/go-github/v47/github" 20 | ) 21 | 22 | //go:embed templates 23 | var indexHTML embed.FS 24 | 25 | //go:embed static 26 | var staticFiles embed.FS 27 | 28 | type WrappedOAuthApp struct { 29 | App scrape.OAuthApp 30 | State string 31 | } 32 | 33 | type WrappedIssue struct { 34 | Issue issue.Issue 35 | SeverityStr template.HTML 36 | Description template.HTML 37 | Remediation template.HTML 38 | CWEs template.HTML 39 | } 40 | 41 | type InstallationInfo struct { 42 | Name string 43 | ID int64 44 | Permissions string 45 | } 46 | 47 | // normalizeLinks converts any raw http links to hrefs 48 | func normalizeLinks(input string) string { 49 | sep := strings.Split(input, " ") 50 | for i, s := range sep { 51 | if strings.HasPrefix(s, "https://") || strings.HasPrefix(s, "http://") { 52 | sep[i] = fmt.Sprintf( 53 | "here", 54 | s, 55 | ) 56 | } 57 | } 58 | return strings.Join(sep, " ") 59 | } 60 | 61 | func getSeverity(sev string) string { 62 | switch sev { 63 | case "Informational": 64 | return "[INFO]" 65 | case "Low": 66 | return "[LOW]" 67 | case "Medium": 68 | return "[MEDIUM]" 69 | case "High": 70 | return "[HIGH]" 71 | case "Critical": 72 | return "[CRITICAL]" 73 | } 74 | return sev 75 | } 76 | 77 | func getOauthAppState(s int) string { 78 | if s == 1 { 79 | return "Requested" 80 | } 81 | if s == 2 { 82 | return "Approved" 83 | } 84 | if s == 3 { 85 | return "Denied" 86 | } 87 | return "Unknown" 88 | } 89 | 90 | func parseStats(statsJson string) (org.OrgStats, []InstallationInfo, error) { 91 | var stats org.OrgStats 92 | 93 | jsonFile, err := os.Open(statsJson) 94 | defer jsonFile.Close() 95 | if err != nil { 96 | return stats, nil, err 97 | } 98 | jsonBytes, err := ioutil.ReadAll(jsonFile) 99 | if err != nil { 100 | return stats, nil, err 101 | } 102 | json.Unmarshal(jsonBytes, &stats) 103 | 104 | var wrappedInstallations []InstallationInfo 105 | for _, i := range stats.Installations { 106 | perm := strings.Split(github.Stringify(i.Permissions), "{") 107 | description := strings.Split(strings.Split(perm[1], "}")[0], ", ") 108 | sort.Strings(description) 109 | finalPerm := strings.Join(description, ", ") 110 | wrappedInstallations = append(wrappedInstallations, 111 | InstallationInfo{ 112 | ID: *i.ID, 113 | Name: *i.AppSlug, 114 | Permissions: finalPerm, 115 | }) 116 | } 117 | return stats, wrappedInstallations, nil 118 | } 119 | 120 | func parseOauthApps(appJson string) ([]WrappedOAuthApp, error) { 121 | var apps []scrape.OAuthApp 122 | 123 | jsonFile, err := os.Open(appJson) 124 | defer jsonFile.Close() 125 | if err != nil { 126 | return nil, err 127 | } 128 | jsonBytes, err := ioutil.ReadAll(jsonFile) 129 | if err != nil { 130 | return nil, err 131 | } 132 | json.Unmarshal(jsonBytes, &apps) 133 | 134 | var wrappedApps []WrappedOAuthApp 135 | for _, app := range apps { 136 | wrappedApps = append(wrappedApps, 137 | WrappedOAuthApp{App: app, State: getOauthAppState(int(app.State))}) 138 | } 139 | return wrappedApps, nil 140 | } 141 | 142 | func parsePermissions( 143 | permJson string, 144 | ) ([]string, []string, map[string]map[string]string, error) { 145 | type userRepoPermissions map[string]([]string) 146 | var permissionSummary map[string]userRepoPermissions 147 | 148 | jsonFile, err := os.Open(permJson) 149 | defer jsonFile.Close() 150 | if err != nil { 151 | return nil, nil, nil, err 152 | } 153 | jsonBytes, _ := ioutil.ReadAll(jsonFile) 154 | json.Unmarshal(jsonBytes, &permissionSummary) 155 | 156 | allPerms := map[string]bool{} 157 | allUsers := map[string]bool{} 158 | for u, perms := range permissionSummary { 159 | allUsers[u] = true 160 | for perm := range perms { 161 | allPerms[perm] = true 162 | } 163 | } 164 | var permissions []string 165 | for p := range allPerms { 166 | permissions = append(permissions, p) 167 | } 168 | var users []string 169 | for p := range allUsers { 170 | users = append(users, p) 171 | } 172 | sort.Strings(permissions) 173 | sort.Strings(users) 174 | 175 | finalSummary := map[string]map[string]string{} 176 | /// Make sure we fill everything up 177 | for _, u := range users { 178 | finalSummary[u] = map[string]string{} 179 | for _, perm := range permissions { 180 | _, ok := permissionSummary[u][perm] 181 | if !ok { 182 | finalSummary[u][perm] = "" 183 | } else { 184 | sort.Strings(permissionSummary[u][perm]) 185 | finalSummary[u][perm] = strings.Join(permissionSummary[u][perm], ", ") 186 | } 187 | } 188 | } 189 | 190 | return permissions, users, finalSummary, nil 191 | } 192 | 193 | func parseIssues( 194 | execStatusPath, issuesPath string, 195 | ) ([]WrappedIssue, []string, []string, error) { 196 | var checks map[issue.IssueID]string 197 | jsonFile, err := os.Open(execStatusPath) 198 | if err != nil { 199 | jsonFile.Close() 200 | return nil, nil, nil, err 201 | } 202 | jsonBytes, _ := ioutil.ReadAll(jsonFile) 203 | json.Unmarshal(jsonBytes, &checks) 204 | jsonFile.Close() 205 | 206 | var issues []issue.Issue 207 | 208 | jsonFile, err = os.Open(issuesPath) 209 | if err != nil { 210 | jsonFile.Close() 211 | return nil, nil, nil, err 212 | } 213 | jsonBytes, _ = ioutil.ReadAll(jsonFile) 214 | json.Unmarshal(jsonBytes, &issues) 215 | jsonFile.Close() 216 | 217 | var wrappedIssues []WrappedIssue 218 | 219 | // order by severity in descending order 220 | sort.Slice(issues, func(i, j int) bool { 221 | return issues[i].Severity > issues[j].Severity 222 | }) 223 | for _, i := range issues { 224 | delete(checks, i.ID) 225 | if strings.HasPrefix(string(i.ID), "STATS") { 226 | continue 227 | } 228 | var cweStrings []string 229 | for _, cwe := range i.CWEs { 230 | cweStrings = append( 231 | cweStrings, 232 | fmt.Sprintf( 233 | "%d", 234 | cwe, 235 | cwe, 236 | ), 237 | ) 238 | } 239 | wrappedIssues = append(wrappedIssues, 240 | WrappedIssue{ 241 | Issue: i, 242 | SeverityStr: template.HTML(getSeverity(i.Severity.String())), 243 | Description: template.HTML(normalizeLinks(i.Description)), 244 | Remediation: template.HTML(normalizeLinks(i.Remediation)), 245 | CWEs: template.HTML(strings.Join(cweStrings, ",")), 246 | }) 247 | } 248 | 249 | var passed []string 250 | var failed []string 251 | for ch, hadError := range checks { 252 | if strings.HasPrefix(string(ch), "STATS") { 253 | continue 254 | } 255 | if hadError != "" { 256 | failed = append(failed, issue.AvailableChecks[ch]) 257 | } else { 258 | passed = append(passed, issue.AvailableChecks[ch]) 259 | } 260 | } 261 | sort.Strings(passed) 262 | sort.Strings(failed) 263 | return wrappedIssues, passed, failed, nil 264 | } 265 | 266 | func Serve( 267 | orgName, orgStatsPath, permissionsPath, oauthAppPath, execStatusPath, issuesPath string, 268 | htmlDir string, 269 | port int, 270 | ) { 271 | perms, users, permissionSummary, err := parsePermissions(permissionsPath) 272 | if err != nil { 273 | log.Logger.Error(err) 274 | } 275 | 276 | wrappedIssues, checksPassed, checksFailed, err := parseIssues( 277 | execStatusPath, 278 | issuesPath, 279 | ) 280 | if err != nil { 281 | log.Logger.Error(err) 282 | } 283 | 284 | stats, wrappedInstallations, err := parseStats(orgStatsPath) 285 | if err != nil { 286 | log.Logger.Error(err) 287 | } 288 | 289 | apps, err := parseOauthApps(oauthAppPath) 290 | if err != nil { 291 | log.Logger.Error(err) 292 | } 293 | 294 | var staticFS = http.FS(staticFiles) 295 | fs := http.FileServer(staticFS) 296 | 297 | type PageData struct { 298 | Org string 299 | HasNonIssueStats bool 300 | Stats org.OrgStats 301 | TotalRunners int 302 | TotalInstallations int 303 | TotalWebhooks int 304 | Apps []WrappedOAuthApp 305 | Issues []WrappedIssue 306 | Installations []InstallationInfo 307 | ChecksPassed []string 308 | ChecksFailed []string 309 | Permissions []string 310 | Users []string 311 | PermissionSummary map[string]map[string]string 312 | } 313 | 314 | t, err := template.ParseFS(indexHTML, "templates/index.html.tmpl") 315 | if err != nil { 316 | log.Logger.Error(err) 317 | } 318 | http.Handle("/static/", fs) 319 | http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { 320 | w.Header().Add("Content-Type", "text/html") 321 | t.Execute(w, 322 | PageData{ 323 | Org: orgName, 324 | HasNonIssueStats: true, 325 | Apps: apps, 326 | Stats: stats, 327 | TotalRunners: len(stats.Runners), 328 | TotalInstallations: len(stats.Installations), 329 | TotalWebhooks: len(stats.Webhooks), 330 | Issues: wrappedIssues, 331 | Installations: wrappedInstallations, 332 | ChecksPassed: checksPassed, 333 | ChecksFailed: checksFailed, 334 | Permissions: perms, 335 | Users: users, 336 | PermissionSummary: permissionSummary, 337 | }) 338 | 339 | }) 340 | 341 | log.Logger.Infof( 342 | "Server with HTML summary starting at 0.0.0.0:%d\n", 343 | port, 344 | ) 345 | fmt.Println( 346 | "\n\n\t Analysis complete! Visit localhost:3000 using your browser to see results", 347 | ) 348 | err = http.ListenAndServe(fmt.Sprintf(":%d", port), nil) 349 | if err != nil { 350 | log.Logger.Error(err) 351 | } 352 | } 353 | -------------------------------------------------------------------------------- /pkg/output/html/static/css/font-awesome.min.css: -------------------------------------------------------------------------------- 1 | @font-face { 2 | font-family: "FontAwesome"; 3 | src: url("../font/fontawesome-webfont.eot?v=3.2.1"); 4 | src: url("../font/fontawesome-webfont.eot?#iefix&v=3.2.1") 5 | format("embedded-opentype"), 6 | url("../font/fontawesome-webfont.woff?v=3.2.1") format("woff"), 7 | url("../font/fontawesome-webfont.ttf?v=3.2.1") format("truetype"), 8 | url("../font/fontawesome-webfont.svg#fontawesomeregular?v=3.2.1") 9 | format("svg"); 10 | font-weight: normal; 11 | font-style: normal; 12 | } 13 | [class^="icon-"], 14 | [class*=" icon-"] { 15 | font-family: FontAwesome; 16 | font-weight: normal; 17 | font-style: normal; 18 | text-decoration: inherit; 19 | -webkit-font-smoothing: antialiased; 20 | *margin-right: 0.3em; 21 | } 22 | [class^="icon-"]:before, 23 | [class*=" icon-"]:before { 24 | text-decoration: inherit; 25 | display: inline-block; 26 | speak: none; 27 | } 28 | .icon-large:before { 29 | vertical-align: -10%; 30 | font-size: 1.3333333333333333em; 31 | } 32 | a [class^="icon-"], 33 | a [class*=" icon-"] { 34 | display: inline; 35 | } 36 | [class^="icon-"].icon-fixed-width, 37 | [class*=" icon-"].icon-fixed-width { 38 | display: inline-block; 39 | width: 1.1428571428571428em; 40 | text-align: right; 41 | padding-right: 0.2857142857142857em; 42 | } 43 | [class^="icon-"].icon-fixed-width.icon-large, 44 | [class*=" icon-"].icon-fixed-width.icon-large { 45 | width: 1.4285714285714286em; 46 | } 47 | .icons-ul { 48 | margin-left: 2.142857142857143em; 49 | list-style-type: none; 50 | } 51 | .icons-ul > li { 52 | position: relative; 53 | } 54 | .icons-ul .icon-li { 55 | position: absolute; 56 | left: -2.142857142857143em; 57 | width: 2.142857142857143em; 58 | text-align: center; 59 | line-height: inherit; 60 | } 61 | [class^="icon-"].hide, 62 | [class*=" icon-"].hide { 63 | display: none; 64 | } 65 | .icon-muted { 66 | color: #eeeeee; 67 | } 68 | .icon-light { 69 | color: #ffffff; 70 | } 71 | .icon-dark { 72 | color: #333333; 73 | } 74 | .icon-border { 75 | border: solid 1px #eeeeee; 76 | padding: 0.2em 0.25em 0.15em; 77 | -webkit-border-radius: 3px; 78 | -moz-border-radius: 3px; 79 | border-radius: 3px; 80 | } 81 | .icon-2x { 82 | font-size: 2em; 83 | } 84 | .icon-2x.icon-border { 85 | border-width: 2px; 86 | -webkit-border-radius: 4px; 87 | -moz-border-radius: 4px; 88 | border-radius: 4px; 89 | } 90 | .icon-3x { 91 | font-size: 3em; 92 | } 93 | .icon-3x.icon-border { 94 | border-width: 3px; 95 | -webkit-border-radius: 5px; 96 | -moz-border-radius: 5px; 97 | border-radius: 5px; 98 | } 99 | .icon-4x { 100 | font-size: 4em; 101 | } 102 | .icon-4x.icon-border { 103 | border-width: 4px; 104 | -webkit-border-radius: 6px; 105 | -moz-border-radius: 6px; 106 | border-radius: 6px; 107 | } 108 | .icon-5x { 109 | font-size: 5em; 110 | } 111 | .icon-5x.icon-border { 112 | border-width: 5px; 113 | -webkit-border-radius: 7px; 114 | -moz-border-radius: 7px; 115 | border-radius: 7px; 116 | } 117 | .pull-right { 118 | float: right; 119 | } 120 | .pull-left { 121 | float: left; 122 | } 123 | [class^="icon-"].pull-left, 124 | [class*=" icon-"].pull-left { 125 | margin-right: 0.3em; 126 | } 127 | [class^="icon-"].pull-right, 128 | [class*=" icon-"].pull-right { 129 | margin-left: 0.3em; 130 | } 131 | [class^="icon-"], 132 | [class*=" icon-"] { 133 | display: inline; 134 | width: auto; 135 | height: auto; 136 | line-height: normal; 137 | vertical-align: baseline; 138 | background-image: none; 139 | background-position: 0% 0%; 140 | background-repeat: repeat; 141 | margin-top: 0; 142 | } 143 | .icon-white, 144 | .nav-pills > .active > a > [class^="icon-"], 145 | .nav-pills > .active > a > [class*=" icon-"], 146 | .nav-list > .active > a > [class^="icon-"], 147 | .nav-list > .active > a > [class*=" icon-"], 148 | .navbar-inverse .nav > .active > a > [class^="icon-"], 149 | .navbar-inverse .nav > .active > a > [class*=" icon-"], 150 | .dropdown-menu > li > a:hover > [class^="icon-"], 151 | .dropdown-menu > li > a:hover > [class*=" icon-"], 152 | .dropdown-menu > .active > a > [class^="icon-"], 153 | .dropdown-menu > .active > a > [class*=" icon-"], 154 | .dropdown-submenu:hover > a > [class^="icon-"], 155 | .dropdown-submenu:hover > a > [class*=" icon-"] { 156 | background-image: none; 157 | } 158 | .btn [class^="icon-"].icon-large, 159 | .nav [class^="icon-"].icon-large, 160 | .btn [class*=" icon-"].icon-large, 161 | .nav [class*=" icon-"].icon-large { 162 | line-height: 0.9em; 163 | } 164 | .btn [class^="icon-"].icon-spin, 165 | .nav [class^="icon-"].icon-spin, 166 | .btn [class*=" icon-"].icon-spin, 167 | .nav [class*=" icon-"].icon-spin { 168 | display: inline-block; 169 | } 170 | .nav-tabs [class^="icon-"], 171 | .nav-pills [class^="icon-"], 172 | .nav-tabs [class*=" icon-"], 173 | .nav-pills [class*=" icon-"], 174 | .nav-tabs [class^="icon-"].icon-large, 175 | .nav-pills [class^="icon-"].icon-large, 176 | .nav-tabs [class*=" icon-"].icon-large, 177 | .nav-pills [class*=" icon-"].icon-large { 178 | line-height: 0.9em; 179 | } 180 | .btn [class^="icon-"].pull-left.icon-2x, 181 | .btn [class*=" icon-"].pull-left.icon-2x, 182 | .btn [class^="icon-"].pull-right.icon-2x, 183 | .btn [class*=" icon-"].pull-right.icon-2x { 184 | margin-top: 0.18em; 185 | } 186 | .btn [class^="icon-"].icon-spin.icon-large, 187 | .btn [class*=" icon-"].icon-spin.icon-large { 188 | line-height: 0.8em; 189 | } 190 | .btn.btn-small [class^="icon-"].pull-left.icon-2x, 191 | .btn.btn-small [class*=" icon-"].pull-left.icon-2x, 192 | .btn.btn-small [class^="icon-"].pull-right.icon-2x, 193 | .btn.btn-small [class*=" icon-"].pull-right.icon-2x { 194 | margin-top: 0.25em; 195 | } 196 | .btn.btn-large [class^="icon-"], 197 | .btn.btn-large [class*=" icon-"] { 198 | margin-top: 0; 199 | } 200 | .btn.btn-large [class^="icon-"].pull-left.icon-2x, 201 | .btn.btn-large [class*=" icon-"].pull-left.icon-2x, 202 | .btn.btn-large [class^="icon-"].pull-right.icon-2x, 203 | .btn.btn-large [class*=" icon-"].pull-right.icon-2x { 204 | margin-top: 0.05em; 205 | } 206 | .btn.btn-large [class^="icon-"].pull-left.icon-2x, 207 | .btn.btn-large [class*=" icon-"].pull-left.icon-2x { 208 | margin-right: 0.2em; 209 | } 210 | .btn.btn-large [class^="icon-"].pull-right.icon-2x, 211 | .btn.btn-large [class*=" icon-"].pull-right.icon-2x { 212 | margin-left: 0.2em; 213 | } 214 | .nav-list [class^="icon-"], 215 | .nav-list [class*=" icon-"] { 216 | line-height: inherit; 217 | } 218 | .icon-stack { 219 | position: relative; 220 | display: inline-block; 221 | width: 2em; 222 | height: 2em; 223 | line-height: 2em; 224 | vertical-align: -35%; 225 | } 226 | .icon-stack [class^="icon-"], 227 | .icon-stack [class*=" icon-"] { 228 | display: block; 229 | text-align: center; 230 | position: absolute; 231 | width: 100%; 232 | height: 100%; 233 | font-size: 1em; 234 | line-height: inherit; 235 | *line-height: 2em; 236 | } 237 | .icon-stack .icon-stack-base { 238 | font-size: 2em; 239 | *line-height: 1em; 240 | } 241 | .icon-spin { 242 | display: inline-block; 243 | -moz-animation: spin 2s infinite linear; 244 | -o-animation: spin 2s infinite linear; 245 | -webkit-animation: spin 2s infinite linear; 246 | animation: spin 2s infinite linear; 247 | } 248 | a .icon-stack, 249 | a .icon-spin { 250 | display: inline-block; 251 | text-decoration: none; 252 | } 253 | @-moz-keyframes spin { 254 | 0% { 255 | -moz-transform: rotate(0deg); 256 | } 257 | 100% { 258 | -moz-transform: rotate(359deg); 259 | } 260 | } 261 | @-webkit-keyframes spin { 262 | 0% { 263 | -webkit-transform: rotate(0deg); 264 | } 265 | 100% { 266 | -webkit-transform: rotate(359deg); 267 | } 268 | } 269 | @-o-keyframes spin { 270 | 0% { 271 | -o-transform: rotate(0deg); 272 | } 273 | 100% { 274 | -o-transform: rotate(359deg); 275 | } 276 | } 277 | @-ms-keyframes spin { 278 | 0% { 279 | -ms-transform: rotate(0deg); 280 | } 281 | 100% { 282 | -ms-transform: rotate(359deg); 283 | } 284 | } 285 | @keyframes spin { 286 | 0% { 287 | transform: rotate(0deg); 288 | } 289 | 100% { 290 | transform: rotate(359deg); 291 | } 292 | } 293 | .icon-rotate-90:before { 294 | -webkit-transform: rotate(90deg); 295 | -moz-transform: rotate(90deg); 296 | -ms-transform: rotate(90deg); 297 | -o-transform: rotate(90deg); 298 | transform: rotate(90deg); 299 | filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=1); 300 | } 301 | .icon-rotate-180:before { 302 | -webkit-transform: rotate(180deg); 303 | -moz-transform: rotate(180deg); 304 | -ms-transform: rotate(180deg); 305 | -o-transform: rotate(180deg); 306 | transform: rotate(180deg); 307 | filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=2); 308 | } 309 | .icon-rotate-270:before { 310 | -webkit-transform: rotate(270deg); 311 | -moz-transform: rotate(270deg); 312 | -ms-transform: rotate(270deg); 313 | -o-transform: rotate(270deg); 314 | transform: rotate(270deg); 315 | filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=3); 316 | } 317 | .icon-flip-horizontal:before { 318 | -webkit-transform: scale(-1, 1); 319 | -moz-transform: scale(-1, 1); 320 | -ms-transform: scale(-1, 1); 321 | -o-transform: scale(-1, 1); 322 | transform: scale(-1, 1); 323 | } 324 | .icon-flip-vertical:before { 325 | -webkit-transform: scale(1, -1); 326 | -moz-transform: scale(1, -1); 327 | -ms-transform: scale(1, -1); 328 | -o-transform: scale(1, -1); 329 | transform: scale(1, -1); 330 | } 331 | a .icon-rotate-90:before, 332 | a .icon-rotate-180:before, 333 | a .icon-rotate-270:before, 334 | a .icon-flip-horizontal:before, 335 | a .icon-flip-vertical:before { 336 | display: inline-block; 337 | } 338 | .icon-glass:before { 339 | content: "\f000"; 340 | } 341 | .icon-music:before { 342 | content: "\f001"; 343 | } 344 | .icon-search:before { 345 | content: "\f002"; 346 | } 347 | .icon-envelope-alt:before { 348 | content: "\f003"; 349 | } 350 | .icon-heart:before { 351 | content: "\f004"; 352 | } 353 | .icon-star:before { 354 | content: "\f005"; 355 | } 356 | .icon-star-empty:before { 357 | content: "\f006"; 358 | } 359 | .icon-user:before { 360 | content: "\f007"; 361 | } 362 | .icon-film:before { 363 | content: "\f008"; 364 | } 365 | .icon-th-large:before { 366 | content: "\f009"; 367 | } 368 | .icon-th:before { 369 | content: "\f00a"; 370 | } 371 | .icon-th-list:before { 372 | content: "\f00b"; 373 | } 374 | .icon-ok:before { 375 | content: "\f00c"; 376 | } 377 | .icon-remove:before { 378 | content: "\f00d"; 379 | } 380 | .icon-zoom-in:before { 381 | content: "\f00e"; 382 | } 383 | .icon-zoom-out:before { 384 | content: "\f010"; 385 | } 386 | .icon-power-off:before, 387 | .icon-off:before { 388 | content: "\f011"; 389 | } 390 | .icon-signal:before { 391 | content: "\f012"; 392 | } 393 | .icon-gear:before, 394 | .icon-cog:before { 395 | content: "\f013"; 396 | } 397 | .icon-trash:before { 398 | content: "\f014"; 399 | } 400 | .icon-home:before { 401 | content: "\f015"; 402 | } 403 | .icon-file-alt:before { 404 | content: "\f016"; 405 | } 406 | .icon-time:before { 407 | content: "\f017"; 408 | } 409 | .icon-road:before { 410 | content: "\f018"; 411 | } 412 | .icon-download-alt:before { 413 | content: "\f019"; 414 | } 415 | .icon-download:before { 416 | content: "\f01a"; 417 | } 418 | .icon-upload:before { 419 | content: "\f01b"; 420 | } 421 | .icon-inbox:before { 422 | content: "\f01c"; 423 | } 424 | .icon-play-circle:before { 425 | content: "\f01d"; 426 | } 427 | .icon-rotate-right:before, 428 | .icon-repeat:before { 429 | content: "\f01e"; 430 | } 431 | .icon-refresh:before { 432 | content: "\f021"; 433 | } 434 | .icon-list-alt:before { 435 | content: "\f022"; 436 | } 437 | .icon-lock:before { 438 | content: "\f023"; 439 | } 440 | .icon-flag:before { 441 | content: "\f024"; 442 | } 443 | .icon-headphones:before { 444 | content: "\f025"; 445 | } 446 | .icon-volume-off:before { 447 | content: "\f026"; 448 | } 449 | .icon-volume-down:before { 450 | content: "\f027"; 451 | } 452 | .icon-volume-up:before { 453 | content: "\f028"; 454 | } 455 | .icon-qrcode:before { 456 | content: "\f029"; 457 | } 458 | .icon-barcode:before { 459 | content: "\f02a"; 460 | } 461 | .icon-tag:before { 462 | content: "\f02b"; 463 | } 464 | .icon-tags:before { 465 | content: "\f02c"; 466 | } 467 | .icon-book:before { 468 | content: "\f02d"; 469 | } 470 | .icon-bookmark:before { 471 | content: "\f02e"; 472 | } 473 | .icon-print:before { 474 | content: "\f02f"; 475 | } 476 | .icon-camera:before { 477 | content: "\f030"; 478 | } 479 | .icon-font:before { 480 | content: "\f031"; 481 | } 482 | .icon-bold:before { 483 | content: "\f032"; 484 | } 485 | .icon-italic:before { 486 | content: "\f033"; 487 | } 488 | .icon-text-height:before { 489 | content: "\f034"; 490 | } 491 | .icon-text-width:before { 492 | content: "\f035"; 493 | } 494 | .icon-align-left:before { 495 | content: "\f036"; 496 | } 497 | .icon-align-center:before { 498 | content: "\f037"; 499 | } 500 | .icon-align-right:before { 501 | content: "\f038"; 502 | } 503 | .icon-align-justify:before { 504 | content: "\f039"; 505 | } 506 | .icon-list:before { 507 | content: "\f03a"; 508 | } 509 | .icon-indent-left:before { 510 | content: "\f03b"; 511 | } 512 | .icon-indent-right:before { 513 | content: "\f03c"; 514 | } 515 | .icon-facetime-video:before { 516 | content: "\f03d"; 517 | } 518 | .icon-picture:before { 519 | content: "\f03e"; 520 | } 521 | .icon-pencil:before { 522 | content: "\f040"; 523 | } 524 | .icon-map-marker:before { 525 | content: "\f041"; 526 | } 527 | .icon-adjust:before { 528 | content: "\f042"; 529 | } 530 | .icon-tint:before { 531 | content: "\f043"; 532 | } 533 | .icon-edit:before { 534 | content: "\f044"; 535 | } 536 | .icon-share:before { 537 | content: "\f045"; 538 | } 539 | .icon-check:before { 540 | content: "\f046"; 541 | } 542 | .icon-move:before { 543 | content: "\f047"; 544 | } 545 | .icon-step-backward:before { 546 | content: "\f048"; 547 | } 548 | .icon-fast-backward:before { 549 | content: "\f049"; 550 | } 551 | .icon-backward:before { 552 | content: "\f04a"; 553 | } 554 | .icon-play:before { 555 | content: "\f04b"; 556 | } 557 | .icon-pause:before { 558 | content: "\f04c"; 559 | } 560 | .icon-stop:before { 561 | content: "\f04d"; 562 | } 563 | .icon-forward:before { 564 | content: "\f04e"; 565 | } 566 | .icon-fast-forward:before { 567 | content: "\f050"; 568 | } 569 | .icon-step-forward:before { 570 | content: "\f051"; 571 | } 572 | .icon-eject:before { 573 | content: "\f052"; 574 | } 575 | .icon-chevron-left:before { 576 | content: "\f053"; 577 | } 578 | .icon-chevron-right:before { 579 | content: "\f054"; 580 | } 581 | .icon-plus-sign:before { 582 | content: "\f055"; 583 | } 584 | .icon-minus-sign:before { 585 | content: "\f056"; 586 | } 587 | .icon-remove-sign:before { 588 | content: "\f057"; 589 | } 590 | .icon-ok-sign:before { 591 | content: "\f058"; 592 | } 593 | .icon-question-sign:before { 594 | content: "\f059"; 595 | } 596 | .icon-info-sign:before { 597 | content: "\f05a"; 598 | } 599 | .icon-screenshot:before { 600 | content: "\f05b"; 601 | } 602 | .icon-remove-circle:before { 603 | content: "\f05c"; 604 | } 605 | .icon-ok-circle:before { 606 | content: "\f05d"; 607 | } 608 | .icon-ban-circle:before { 609 | content: "\f05e"; 610 | } 611 | .icon-arrow-left:before { 612 | content: "\f060"; 613 | } 614 | .icon-arrow-right:before { 615 | content: "\f061"; 616 | } 617 | .icon-arrow-up:before { 618 | content: "\f062"; 619 | } 620 | .icon-arrow-down:before { 621 | content: "\f063"; 622 | } 623 | .icon-mail-forward:before, 624 | .icon-share-alt:before { 625 | content: "\f064"; 626 | } 627 | .icon-resize-full:before { 628 | content: "\f065"; 629 | } 630 | .icon-resize-small:before { 631 | content: "\f066"; 632 | } 633 | .icon-plus:before { 634 | content: "\f067"; 635 | } 636 | .icon-minus:before { 637 | content: "\f068"; 638 | } 639 | .icon-asterisk:before { 640 | content: "\f069"; 641 | } 642 | .icon-exclamation-sign:before { 643 | content: "\f06a"; 644 | } 645 | .icon-gift:before { 646 | content: "\f06b"; 647 | } 648 | .icon-leaf:before { 649 | content: "\f06c"; 650 | } 651 | .icon-fire:before { 652 | content: "\f06d"; 653 | } 654 | .icon-eye-open:before { 655 | content: "\f06e"; 656 | } 657 | .icon-eye-close:before { 658 | content: "\f070"; 659 | } 660 | .icon-warning-sign:before { 661 | content: "\f071"; 662 | } 663 | .icon-plane:before { 664 | content: "\f072"; 665 | } 666 | .icon-calendar:before { 667 | content: "\f073"; 668 | } 669 | .icon-random:before { 670 | content: "\f074"; 671 | } 672 | .icon-comment:before { 673 | content: "\f075"; 674 | } 675 | .icon-magnet:before { 676 | content: "\f076"; 677 | } 678 | .icon-chevron-up:before { 679 | content: "\f077"; 680 | } 681 | .icon-chevron-down:before { 682 | content: "\f078"; 683 | } 684 | .icon-retweet:before { 685 | content: "\f079"; 686 | } 687 | .icon-shopping-cart:before { 688 | content: "\f07a"; 689 | } 690 | .icon-folder-close:before { 691 | content: "\f07b"; 692 | } 693 | .icon-folder-open:before { 694 | content: "\f07c"; 695 | } 696 | .icon-resize-vertical:before { 697 | content: "\f07d"; 698 | } 699 | .icon-resize-horizontal:before { 700 | content: "\f07e"; 701 | } 702 | .icon-bar-chart:before { 703 | content: "\f080"; 704 | } 705 | .icon-twitter-sign:before { 706 | content: "\f081"; 707 | } 708 | .icon-facebook-sign:before { 709 | content: "\f082"; 710 | } 711 | .icon-camera-retro:before { 712 | content: "\f083"; 713 | } 714 | .icon-key:before { 715 | content: "\f084"; 716 | } 717 | .icon-gears:before, 718 | .icon-cogs:before { 719 | content: "\f085"; 720 | } 721 | .icon-comments:before { 722 | content: "\f086"; 723 | } 724 | .icon-thumbs-up-alt:before { 725 | content: "\f087"; 726 | } 727 | .icon-thumbs-down-alt:before { 728 | content: "\f088"; 729 | } 730 | .icon-star-half:before { 731 | content: "\f089"; 732 | } 733 | .icon-heart-empty:before { 734 | content: "\f08a"; 735 | } 736 | .icon-signout:before { 737 | content: "\f08b"; 738 | } 739 | .icon-linkedin-sign:before { 740 | content: "\f08c"; 741 | } 742 | .icon-pushpin:before { 743 | content: "\f08d"; 744 | } 745 | .icon-external-link:before { 746 | content: "\f08e"; 747 | } 748 | .icon-signin:before { 749 | content: "\f090"; 750 | } 751 | .icon-trophy:before { 752 | content: "\f091"; 753 | } 754 | .icon-github-sign:before { 755 | content: "\f092"; 756 | } 757 | .icon-upload-alt:before { 758 | content: "\f093"; 759 | } 760 | .icon-lemon:before { 761 | content: "\f094"; 762 | } 763 | .icon-phone:before { 764 | content: "\f095"; 765 | } 766 | .icon-unchecked:before, 767 | .icon-check-empty:before { 768 | content: "\f096"; 769 | } 770 | .icon-bookmark-empty:before { 771 | content: "\f097"; 772 | } 773 | .icon-phone-sign:before { 774 | content: "\f098"; 775 | } 776 | .icon-twitter:before { 777 | content: "\f099"; 778 | } 779 | .icon-facebook:before { 780 | content: "\f09a"; 781 | } 782 | .icon-github:before { 783 | content: "\f09b"; 784 | } 785 | .icon-unlock:before { 786 | content: "\f09c"; 787 | } 788 | .icon-credit-card:before { 789 | content: "\f09d"; 790 | } 791 | .icon-rss:before { 792 | content: "\f09e"; 793 | } 794 | .icon-hdd:before { 795 | content: "\f0a0"; 796 | } 797 | .icon-bullhorn:before { 798 | content: "\f0a1"; 799 | } 800 | .icon-bell:before { 801 | content: "\f0a2"; 802 | } 803 | .icon-certificate:before { 804 | content: "\f0a3"; 805 | } 806 | .icon-hand-right:before { 807 | content: "\f0a4"; 808 | } 809 | .icon-hand-left:before { 810 | content: "\f0a5"; 811 | } 812 | .icon-hand-up:before { 813 | content: "\f0a6"; 814 | } 815 | .icon-hand-down:before { 816 | content: "\f0a7"; 817 | } 818 | .icon-circle-arrow-left:before { 819 | content: "\f0a8"; 820 | } 821 | .icon-circle-arrow-right:before { 822 | content: "\f0a9"; 823 | } 824 | .icon-circle-arrow-up:before { 825 | content: "\f0aa"; 826 | } 827 | .icon-circle-arrow-down:before { 828 | content: "\f0ab"; 829 | } 830 | .icon-globe:before { 831 | content: "\f0ac"; 832 | } 833 | .icon-wrench:before { 834 | content: "\f0ad"; 835 | } 836 | .icon-tasks:before { 837 | content: "\f0ae"; 838 | } 839 | .icon-filter:before { 840 | content: "\f0b0"; 841 | } 842 | .icon-briefcase:before { 843 | content: "\f0b1"; 844 | } 845 | .icon-fullscreen:before { 846 | content: "\f0b2"; 847 | } 848 | .icon-group:before { 849 | content: "\f0c0"; 850 | } 851 | .icon-link:before { 852 | content: "\f0c1"; 853 | } 854 | .icon-cloud:before { 855 | content: "\f0c2"; 856 | } 857 | .icon-beaker:before { 858 | content: "\f0c3"; 859 | } 860 | .icon-cut:before { 861 | content: "\f0c4"; 862 | } 863 | .icon-copy:before { 864 | content: "\f0c5"; 865 | } 866 | .icon-paperclip:before, 867 | .icon-paper-clip:before { 868 | content: "\f0c6"; 869 | } 870 | .icon-save:before { 871 | content: "\f0c7"; 872 | } 873 | .icon-sign-blank:before { 874 | content: "\f0c8"; 875 | } 876 | .icon-reorder:before { 877 | content: "\f0c9"; 878 | } 879 | .icon-list-ul:before { 880 | content: "\f0ca"; 881 | } 882 | .icon-list-ol:before { 883 | content: "\f0cb"; 884 | } 885 | .icon-strikethrough:before { 886 | content: "\f0cc"; 887 | } 888 | .icon-underline:before { 889 | content: "\f0cd"; 890 | } 891 | .icon-table:before { 892 | content: "\f0ce"; 893 | } 894 | .icon-magic:before { 895 | content: "\f0d0"; 896 | } 897 | .icon-truck:before { 898 | content: "\f0d1"; 899 | } 900 | .icon-pinterest:before { 901 | content: "\f0d2"; 902 | } 903 | .icon-pinterest-sign:before { 904 | content: "\f0d3"; 905 | } 906 | .icon-google-plus-sign:before { 907 | content: "\f0d4"; 908 | } 909 | .icon-google-plus:before { 910 | content: "\f0d5"; 911 | } 912 | .icon-money:before { 913 | content: "\f0d6"; 914 | } 915 | .icon-caret-down:before { 916 | content: "\f0d7"; 917 | } 918 | .icon-caret-up:before { 919 | content: "\f0d8"; 920 | } 921 | .icon-caret-left:before { 922 | content: "\f0d9"; 923 | } 924 | .icon-caret-right:before { 925 | content: "\f0da"; 926 | } 927 | .icon-columns:before { 928 | content: "\f0db"; 929 | } 930 | .icon-sort:before { 931 | content: "\f0dc"; 932 | } 933 | .icon-sort-down:before { 934 | content: "\f0dd"; 935 | } 936 | .icon-sort-up:before { 937 | content: "\f0de"; 938 | } 939 | .icon-envelope:before { 940 | content: "\f0e0"; 941 | } 942 | .icon-linkedin:before { 943 | content: "\f0e1"; 944 | } 945 | .icon-rotate-left:before, 946 | .icon-undo:before { 947 | content: "\f0e2"; 948 | } 949 | .icon-legal:before { 950 | content: "\f0e3"; 951 | } 952 | .icon-dashboard:before { 953 | content: "\f0e4"; 954 | } 955 | .icon-comment-alt:before { 956 | content: "\f0e5"; 957 | } 958 | .icon-comments-alt:before { 959 | content: "\f0e6"; 960 | } 961 | .icon-bolt:before { 962 | content: "\f0e7"; 963 | } 964 | .icon-sitemap:before { 965 | content: "\f0e8"; 966 | } 967 | .icon-umbrella:before { 968 | content: "\f0e9"; 969 | } 970 | .icon-paste:before { 971 | content: "\f0ea"; 972 | } 973 | .icon-lightbulb:before { 974 | content: "\f0eb"; 975 | } 976 | .icon-exchange:before { 977 | content: "\f0ec"; 978 | } 979 | .icon-cloud-download:before { 980 | content: "\f0ed"; 981 | } 982 | .icon-cloud-upload:before { 983 | content: "\f0ee"; 984 | } 985 | .icon-user-md:before { 986 | content: "\f0f0"; 987 | } 988 | .icon-stethoscope:before { 989 | content: "\f0f1"; 990 | } 991 | .icon-suitcase:before { 992 | content: "\f0f2"; 993 | } 994 | .icon-bell-alt:before { 995 | content: "\f0f3"; 996 | } 997 | .icon-coffee:before { 998 | content: "\f0f4"; 999 | } 1000 | .icon-food:before { 1001 | content: "\f0f5"; 1002 | } 1003 | .icon-file-text-alt:before { 1004 | content: "\f0f6"; 1005 | } 1006 | .icon-building:before { 1007 | content: "\f0f7"; 1008 | } 1009 | .icon-hospital:before { 1010 | content: "\f0f8"; 1011 | } 1012 | .icon-ambulance:before { 1013 | content: "\f0f9"; 1014 | } 1015 | .icon-medkit:before { 1016 | content: "\f0fa"; 1017 | } 1018 | .icon-fighter-jet:before { 1019 | content: "\f0fb"; 1020 | } 1021 | .icon-beer:before { 1022 | content: "\f0fc"; 1023 | } 1024 | .icon-h-sign:before { 1025 | content: "\f0fd"; 1026 | } 1027 | .icon-plus-sign-alt:before { 1028 | content: "\f0fe"; 1029 | } 1030 | .icon-double-angle-left:before { 1031 | content: "\f100"; 1032 | } 1033 | .icon-double-angle-right:before { 1034 | content: "\f101"; 1035 | } 1036 | .icon-double-angle-up:before { 1037 | content: "\f102"; 1038 | } 1039 | .icon-double-angle-down:before { 1040 | content: "\f103"; 1041 | } 1042 | .icon-angle-left:before { 1043 | content: "\f104"; 1044 | } 1045 | .icon-angle-right:before { 1046 | content: "\f105"; 1047 | } 1048 | .icon-angle-up:before { 1049 | content: "\f106"; 1050 | } 1051 | .icon-angle-down:before { 1052 | content: "\f107"; 1053 | } 1054 | .icon-desktop:before { 1055 | content: "\f108"; 1056 | } 1057 | .icon-laptop:before { 1058 | content: "\f109"; 1059 | } 1060 | .icon-tablet:before { 1061 | content: "\f10a"; 1062 | } 1063 | .icon-mobile-phone:before { 1064 | content: "\f10b"; 1065 | } 1066 | .icon-circle-blank:before { 1067 | content: "\f10c"; 1068 | } 1069 | .icon-quote-left:before { 1070 | content: "\f10d"; 1071 | } 1072 | .icon-quote-right:before { 1073 | content: "\f10e"; 1074 | } 1075 | .icon-spinner:before { 1076 | content: "\f110"; 1077 | } 1078 | .icon-circle:before { 1079 | content: "\f111"; 1080 | } 1081 | .icon-mail-reply:before, 1082 | .icon-reply:before { 1083 | content: "\f112"; 1084 | } 1085 | .icon-github-alt:before { 1086 | content: "\f113"; 1087 | } 1088 | .icon-folder-close-alt:before { 1089 | content: "\f114"; 1090 | } 1091 | .icon-folder-open-alt:before { 1092 | content: "\f115"; 1093 | } 1094 | .icon-expand-alt:before { 1095 | content: "\f116"; 1096 | } 1097 | .icon-collapse-alt:before { 1098 | content: "\f117"; 1099 | } 1100 | .icon-smile:before { 1101 | content: "\f118"; 1102 | } 1103 | .icon-frown:before { 1104 | content: "\f119"; 1105 | } 1106 | .icon-meh:before { 1107 | content: "\f11a"; 1108 | } 1109 | .icon-gamepad:before { 1110 | content: "\f11b"; 1111 | } 1112 | .icon-keyboard:before { 1113 | content: "\f11c"; 1114 | } 1115 | .icon-flag-alt:before { 1116 | content: "\f11d"; 1117 | } 1118 | .icon-flag-checkered:before { 1119 | content: "\f11e"; 1120 | } 1121 | .icon-terminal:before { 1122 | content: "\f120"; 1123 | } 1124 | .icon-code:before { 1125 | content: "\f121"; 1126 | } 1127 | .icon-reply-all:before { 1128 | content: "\f122"; 1129 | } 1130 | .icon-mail-reply-all:before { 1131 | content: "\f122"; 1132 | } 1133 | .icon-star-half-full:before, 1134 | .icon-star-half-empty:before { 1135 | content: "\f123"; 1136 | } 1137 | .icon-location-arrow:before { 1138 | content: "\f124"; 1139 | } 1140 | .icon-crop:before { 1141 | content: "\f125"; 1142 | } 1143 | .icon-code-fork:before { 1144 | content: "\f126"; 1145 | } 1146 | .icon-unlink:before { 1147 | content: "\f127"; 1148 | } 1149 | .icon-question:before { 1150 | content: "\f128"; 1151 | } 1152 | .icon-info:before { 1153 | content: "\f129"; 1154 | } 1155 | .icon-exclamation:before { 1156 | content: "\f12a"; 1157 | } 1158 | .icon-superscript:before { 1159 | content: "\f12b"; 1160 | } 1161 | .icon-subscript:before { 1162 | content: "\f12c"; 1163 | } 1164 | .icon-eraser:before { 1165 | content: "\f12d"; 1166 | } 1167 | .icon-puzzle-piece:before { 1168 | content: "\f12e"; 1169 | } 1170 | .icon-microphone:before { 1171 | content: "\f130"; 1172 | } 1173 | .icon-microphone-off:before { 1174 | content: "\f131"; 1175 | } 1176 | .icon-shield:before { 1177 | content: "\f132"; 1178 | } 1179 | .icon-calendar-empty:before { 1180 | content: "\f133"; 1181 | } 1182 | .icon-fire-extinguisher:before { 1183 | content: "\f134"; 1184 | } 1185 | .icon-rocket:before { 1186 | content: "\f135"; 1187 | } 1188 | .icon-maxcdn:before { 1189 | content: "\f136"; 1190 | } 1191 | .icon-chevron-sign-left:before { 1192 | content: "\f137"; 1193 | } 1194 | .icon-chevron-sign-right:before { 1195 | content: "\f138"; 1196 | } 1197 | .icon-chevron-sign-up:before { 1198 | content: "\f139"; 1199 | } 1200 | .icon-chevron-sign-down:before { 1201 | content: "\f13a"; 1202 | } 1203 | .icon-html5:before { 1204 | content: "\f13b"; 1205 | } 1206 | .icon-css3:before { 1207 | content: "\f13c"; 1208 | } 1209 | .icon-anchor:before { 1210 | content: "\f13d"; 1211 | } 1212 | .icon-unlock-alt:before { 1213 | content: "\f13e"; 1214 | } 1215 | .icon-bullseye:before { 1216 | content: "\f140"; 1217 | } 1218 | .icon-ellipsis-horizontal:before { 1219 | content: "\f141"; 1220 | } 1221 | .icon-ellipsis-vertical:before { 1222 | content: "\f142"; 1223 | } 1224 | .icon-rss-sign:before { 1225 | content: "\f143"; 1226 | } 1227 | .icon-play-sign:before { 1228 | content: "\f144"; 1229 | } 1230 | .icon-ticket:before { 1231 | content: "\f145"; 1232 | } 1233 | .icon-minus-sign-alt:before { 1234 | content: "\f146"; 1235 | } 1236 | .icon-check-minus:before { 1237 | content: "\f147"; 1238 | } 1239 | .icon-level-up:before { 1240 | content: "\f148"; 1241 | } 1242 | .icon-level-down:before { 1243 | content: "\f149"; 1244 | } 1245 | .icon-check-sign:before { 1246 | content: "\f14a"; 1247 | } 1248 | .icon-edit-sign:before { 1249 | content: "\f14b"; 1250 | } 1251 | .icon-external-link-sign:before { 1252 | content: "\f14c"; 1253 | } 1254 | .icon-share-sign:before { 1255 | content: "\f14d"; 1256 | } 1257 | .icon-compass:before { 1258 | content: "\f14e"; 1259 | } 1260 | .icon-collapse:before { 1261 | content: "\f150"; 1262 | } 1263 | .icon-collapse-top:before { 1264 | content: "\f151"; 1265 | } 1266 | .icon-expand:before { 1267 | content: "\f152"; 1268 | } 1269 | .icon-euro:before, 1270 | .icon-eur:before { 1271 | content: "\f153"; 1272 | } 1273 | .icon-gbp:before { 1274 | content: "\f154"; 1275 | } 1276 | .icon-dollar:before, 1277 | .icon-usd:before { 1278 | content: "\f155"; 1279 | } 1280 | .icon-rupee:before, 1281 | .icon-inr:before { 1282 | content: "\f156"; 1283 | } 1284 | .icon-yen:before, 1285 | .icon-jpy:before { 1286 | content: "\f157"; 1287 | } 1288 | .icon-renminbi:before, 1289 | .icon-cny:before { 1290 | content: "\f158"; 1291 | } 1292 | .icon-won:before, 1293 | .icon-krw:before { 1294 | content: "\f159"; 1295 | } 1296 | .icon-bitcoin:before, 1297 | .icon-btc:before { 1298 | content: "\f15a"; 1299 | } 1300 | .icon-file:before { 1301 | content: "\f15b"; 1302 | } 1303 | .icon-file-text:before { 1304 | content: "\f15c"; 1305 | } 1306 | .icon-sort-by-alphabet:before { 1307 | content: "\f15d"; 1308 | } 1309 | .icon-sort-by-alphabet-alt:before { 1310 | content: "\f15e"; 1311 | } 1312 | .icon-sort-by-attributes:before { 1313 | content: "\f160"; 1314 | } 1315 | .icon-sort-by-attributes-alt:before { 1316 | content: "\f161"; 1317 | } 1318 | .icon-sort-by-order:before { 1319 | content: "\f162"; 1320 | } 1321 | .icon-sort-by-order-alt:before { 1322 | content: "\f163"; 1323 | } 1324 | .icon-thumbs-up:before { 1325 | content: "\f164"; 1326 | } 1327 | .icon-thumbs-down:before { 1328 | content: "\f165"; 1329 | } 1330 | .icon-youtube-sign:before { 1331 | content: "\f166"; 1332 | } 1333 | .icon-youtube:before { 1334 | content: "\f167"; 1335 | } 1336 | .icon-xing:before { 1337 | content: "\f168"; 1338 | } 1339 | .icon-xing-sign:before { 1340 | content: "\f169"; 1341 | } 1342 | .icon-youtube-play:before { 1343 | content: "\f16a"; 1344 | } 1345 | .icon-dropbox:before { 1346 | content: "\f16b"; 1347 | } 1348 | .icon-stackexchange:before { 1349 | content: "\f16c"; 1350 | } 1351 | .icon-instagram:before { 1352 | content: "\f16d"; 1353 | } 1354 | .icon-flickr:before { 1355 | content: "\f16e"; 1356 | } 1357 | .icon-adn:before { 1358 | content: "\f170"; 1359 | } 1360 | .icon-bitbucket:before { 1361 | content: "\f171"; 1362 | } 1363 | .icon-bitbucket-sign:before { 1364 | content: "\f172"; 1365 | } 1366 | .icon-tumblr:before { 1367 | content: "\f173"; 1368 | } 1369 | .icon-tumblr-sign:before { 1370 | content: "\f174"; 1371 | } 1372 | .icon-long-arrow-down:before { 1373 | content: "\f175"; 1374 | } 1375 | .icon-long-arrow-up:before { 1376 | content: "\f176"; 1377 | } 1378 | .icon-long-arrow-left:before { 1379 | content: "\f177"; 1380 | } 1381 | .icon-long-arrow-right:before { 1382 | content: "\f178"; 1383 | } 1384 | .icon-apple:before { 1385 | content: "\f179"; 1386 | } 1387 | .icon-windows:before { 1388 | content: "\f17a"; 1389 | } 1390 | .icon-android:before { 1391 | content: "\f17b"; 1392 | } 1393 | .icon-linux:before { 1394 | content: "\f17c"; 1395 | } 1396 | .icon-dribbble:before { 1397 | content: "\f17d"; 1398 | } 1399 | .icon-skype:before { 1400 | content: "\f17e"; 1401 | } 1402 | .icon-foursquare:before { 1403 | content: "\f180"; 1404 | } 1405 | .icon-trello:before { 1406 | content: "\f181"; 1407 | } 1408 | .icon-female:before { 1409 | content: "\f182"; 1410 | } 1411 | .icon-male:before { 1412 | content: "\f183"; 1413 | } 1414 | .icon-gittip:before { 1415 | content: "\f184"; 1416 | } 1417 | .icon-sun:before { 1418 | content: "\f185"; 1419 | } 1420 | .icon-moon:before { 1421 | content: "\f186"; 1422 | } 1423 | .icon-archive:before { 1424 | content: "\f187"; 1425 | } 1426 | .icon-bug:before { 1427 | content: "\f188"; 1428 | } 1429 | .icon-vk:before { 1430 | content: "\f189"; 1431 | } 1432 | .icon-weibo:before { 1433 | content: "\f18a"; 1434 | } 1435 | .icon-renren:before { 1436 | content: "\f18b"; 1437 | } 1438 | -------------------------------------------------------------------------------- /pkg/output/html/static/css/plain.css: -------------------------------------------------------------------------------- 1 | .well { 2 | min-height: 20px; 3 | padding-bottom: 2px; 4 | background-color: #ffffff; 5 | border: 1px solid #dedede; 6 | border-radius: 4px; 7 | -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); 8 | box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); 9 | } 10 | 11 | .scantitle { 12 | color: #fff; 13 | font-size: 50px; 14 | font-style: normal; 15 | font-weight: 700; 16 | line-height: 1; 17 | margin: 1em; 18 | text-align: center; 19 | text-transform: uppercase; 20 | } 21 | 22 | .sectiontitle { 23 | color: #fff; 24 | font-size: 25px; 25 | font-style: normal; 26 | font-weight: 700; 27 | line-height: 1; 28 | margin: 2em; 29 | text-align: center; 30 | text-transform: uppercase; 31 | } 32 | 33 | .checkmark { 34 | width: 40px; 35 | height: 40px; 36 | border-radius: 50%; 37 | stroke-width: 5; 38 | stroke: #a2e504; 39 | stroke-miterlimit: 10; 40 | stroke-dashoffset: 0; 41 | margin: 0 0 0 -0.5em; 42 | } 43 | 44 | .container { 45 | max-width: 1050px; 46 | } 47 | 48 | .shortlist .issuelist { 49 | text-align: justify; 50 | text-justify: inter-word; 51 | list-style: none; 52 | padding: 2%; 53 | max-width: 1000px; 54 | } 55 | 56 | .issuelist li { 57 | padding-bottom: 20px; 58 | } 59 | 60 | .issuelist h2 { 61 | border-bottom: 1px solid #eeeeee; 62 | } 63 | 64 | .issue { 65 | text-align: justify; 66 | } 67 | 68 | .issuetitle { 69 | color: #a2e504; 70 | } 71 | .failedissuetitle { 72 | color: #990000; 73 | } 74 | .full_abstract { 75 | display: none; 76 | } 77 | 78 | .abstract { 79 | color: #a2a2a2; 80 | } 81 | 82 | .abstract:hover > .full_abstract { 83 | display: block; 84 | background-color: #ffffff; 85 | border: 1px solid #dedede; 86 | border-radius: 4px; 87 | -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); 88 | box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05); 89 | color: #333; 90 | margin: 5px 0; 91 | padding: 5px 10px; 92 | width: auto; 93 | } 94 | 95 | #footer { 96 | background-color: #efefef; 97 | } 98 | 99 | /* Lastly, apply responsive CSS fixes as necessary */ 100 | @media (max-width: 767px) { 101 | #footer { 102 | margin-left: -20px; 103 | margin-right: -20px; 104 | padding-left: 20px; 105 | padding-right: 20px; 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /pkg/output/html/static/img/favicon.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crashappsec/github-analyzer/04133d2c0f09772d7111a727bc018a635e8b9c1d/pkg/output/html/static/img/favicon.webp -------------------------------------------------------------------------------- /pkg/output/html/templates/index.html.tmpl: -------------------------------------------------------------------------------- 1 | {{ $stats := .Stats }} 2 | {{ $installations := .Installations }} 3 | {{ $issues := .Issues }} 4 | {{ $passed := .ChecksPassed }} 5 | {{ $failed := .ChecksFailed }} 6 | {{ $apps := .Apps }} 7 | {{ $users := .Users }} 8 | {{ $permissions := .Permissions }} 9 | {{ $summary := .PermissionSummary }} 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | Report for {{.Org}} 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 |
30 | Summary for {{.Org}} 31 |
32 | 33 | {{if $issues}} 34 |
35 |
36 |
37 | Issues detected 38 |
39 |
40 |
41 | 42 |
43 |
    44 | {{range $issue := $issues}} 45 |
  • 46 |
    47 |
    48 | {{$issue.SeverityStr}} {{$issue.Issue.Name}} 49 |
    50 |
    51 | Related CWEs: {{$issue.CWEs}} 52 |
    53 |
    54 | Description: {{$issue.Description}} 55 |
    56 |
    57 | Remediation: {{$issue.Remediation}} 58 |
    59 | 60 | [vulnerable resources] 61 |
    62 | {{$issue.Issue.Resources}} 63 |
    64 |     65 |
    66 |
    • 67 | {{end}} 68 |
69 |
70 | {{end}} 71 | 72 | {{if $passed}} 73 |
74 |
75 |
76 | Checks Passed 77 |
78 |
79 |
80 |
81 |
    82 | {{range $issue := $passed}} 83 |
  • 84 |
    85 |
    86 | {{$issue}} 87 | 88 | 89 |
    90 |
    • 91 | {{end}} 92 |
93 |
94 | {{end}} 95 | 96 | {{if $failed}} 97 |
98 |
99 |
100 | Checks that did not successfully complete 101 |
102 |
103 |
104 |
105 | The following checks had errors - does the token you used have the appropriate permissions? 106 |
    107 | {{range $issue := $failed}} 108 |
  • 109 |
    110 |
    111 | [X] {{$issue}} 112 |
    113 |
    • 114 | {{end}} 115 |
116 |
117 | {{end}} 118 | 119 |
120 | {{.Org}} Misc Stats 121 |
122 | 123 | 124 |
125 |
126 |
127 | Org Info 128 |
129 |
130 |
131 | 132 |
133 |
134 |
    135 |
  • Name: {{$stats.CoreStats.Name}}
    • 136 |
  • ID: {{$stats.CoreStats.ID}}
    • 137 |
  • Organization is verified: {{$stats.CoreStats.IsVerified}}
    • 138 |
  • Web commit Signoff Required: {{$stats.CoreStats.WebCommitSignoffRequired}}
    • 139 |
  • Number of public repos: {{$stats.CoreStats.PublicRepos}}
    • 140 |
  • Number of private repos: {{$stats.CoreStats.TotalPrivateRepos}}
    • 141 |
  • Number of public gists: {{$stats.CoreStats.PublicGists}}
    • 142 |
  • Number of private gists: {{$stats.CoreStats.PrivateGists}}
    • 143 | 144 |
  • Number of webhooks: {{$.TotalWebhooks}}
    • 145 |
  • Number of installations: {{$.TotalInstallations}}
    • 146 |
  • Number of runners: {{$.TotalRunners}}
    • 147 |
  • Members can create public repositories: {{$stats.CoreStats.MembersCanCreatePublicRepos}}
    • 148 |
  • Members can create private repositories: {{$stats.CoreStats.MembersCanCreatePrivateRepos}}
    • 149 |
  • Members can create internal repositories: {{$stats.CoreStats.MembersCanCreateInternalRepos}}
    • 150 |
151 |
152 |
153 | 154 |
155 |
156 |
157 | Dependency and Secret Scanning 158 |
159 |
160 |
161 |
162 |
163 |
    164 |
  • Advanced Security alerts enabled for new repos: {{$stats.CoreStats.AdvancedSecurityEnabledForNewRepos}}
    • 165 |
  • Dependabot alerts enabled for new repos: {{$stats.CoreStats.DependabotAlertsEnabledForNewRepos}}
    • 166 |
  • Dependabot security updates enabled for new repos: {{$stats.CoreStats.DependabotSecurityUpdatesEnabledForNewRepos}}
    • 167 |
  • Dependency graph enabled for new repos: {{$stats.CoreStats.DependencyGraphEnabledForNewRepos}}
    • 168 |
  • Secret scanning enabled for new repos: {{$stats.CoreStats.SecretScanningEnabledForNewRepos}}
    • 169 |
  • Secret scanning push protection enabled for new repos: {{$stats.CoreStats.SecretScanningPushProtectionEnabledForNewRepos}}
    • 170 |
171 |
172 |
173 | 174 | {{if $installations}} 175 |
176 |
177 |
178 | Installations 179 |
180 |
181 |
182 |
183 |
    184 | {{range $install := $installations}} 185 |
  • 186 |
    187 | {{$install.Name}} (ID: {{$install.ID}}) 188 |
    189 | Permissions : {{$install.Permissions}} 190 |
    • 191 | {{end}} 192 |
193 |
194 | {{end}} 195 | 196 | {{if $apps }} 197 |
198 |
199 |
200 | OAuth App Statistics 201 |
202 |
203 |
204 | 205 |
206 |
207 |
    208 | {{range $app := $apps}} 209 |
  • 210 |
    211 |
    212 | {{$app.App.Name}} (ID: {{$app.App.ID}}) 213 |
    214 | {{if $app.App.Description}} 215 |
    216 | Description: {{$app.App.Description}} 217 |
    218 | {{end}} 219 |
    220 | Status: {{$app.State}} 221 |
    222 |
    223 | {{if $app.App.RequestedBy}} 224 |
    225 | Requested By: {{$app.App.RequestedBy}} 226 |
    227 | {{end}} 228 |
    • 229 | {{end}} 230 |
231 |
232 |
233 | {{end}} 234 | 235 | {{if $permissions }} 236 |
237 |
238 |
239 | User Permission Statistics 240 |
241 |
242 |
243 | 244 | 245 | 246 | 247 | {{range $permissions}} 248 | 249 | {{end}} 250 | 251 | 252 | 253 | {{range $user := $users}} 254 | 255 | 256 | {{range $perm := $permissions}} 257 | 258 | {{end}} 259 | 260 | {{end}} 261 | 262 |
User{{.}}
{{$user}}{{index $summary $user $perm}}
263 | {{end}} 264 |
265 | 266 | 267 | 268 | -------------------------------------------------------------------------------- /pkg/scraping/scraping.go: -------------------------------------------------------------------------------- 1 | package scraping 2 | 3 | import ( 4 | "fmt" 5 | 6 | "path/filepath" 7 | 8 | "github.com/crashappsec/github-analyzer/pkg/futils" 9 | "github.com/crashappsec/github-analyzer/pkg/issue" 10 | "github.com/crashappsec/github-analyzer/pkg/log" 11 | "github.com/google/go-github/scrape" 12 | ) 13 | 14 | func AuditScraping( 15 | username, password, otpseed, org string, 16 | ) ([]issue.Issue, map[issue.IssueID]error, error) { 17 | var issues []issue.Issue 18 | execStatus := make(map[issue.IssueID]error, 1) 19 | 20 | client := scrape.NewClient(nil) 21 | if err := client.Authenticate(username, password, otpseed); err != nil { 22 | log.Logger.Error(err) 23 | execStatus[issue.LEAST_PRIV_OAUTH_PERMS_DISABLED] = err 24 | return issues, execStatus, nil 25 | } 26 | 27 | restrictedAccess, err := client.AppRestrictionsEnabled(org) 28 | execStatus[issue.LEAST_PRIV_OAUTH_PERMS_DISABLED] = err 29 | if err != nil { 30 | log.Logger.Error(err) 31 | } 32 | if !restrictedAccess && err == nil { 33 | issues = append(issues, issue.ApplicationRestrictionsDisabled(org)) 34 | } 35 | 36 | apps, err := client.ListOAuthApps(org) 37 | execStatus[issue.STATS_OAUTH_PERMS] = err 38 | if err != nil { 39 | log.Logger.Error(err) 40 | } 41 | 42 | futils.SerializeFile( 43 | apps, 44 | filepath.Join(futils.MetadataDir, "oauthApps.json"), 45 | ) 46 | var appinfo []string 47 | for _, app := range apps { 48 | appinfo = append(appinfo, fmt.Sprintf("%+v", app)) 49 | } 50 | issues = append(issues, issue.OAuthStats(org, appinfo)) 51 | return issues, execStatus, nil 52 | } 53 | --------------------------------------------------------------------------------