mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-09 05:39:03 -07:00
4a84790f02
modules/recon/netrc-exposure.yaml flags an exposed .netrc through the machine login password grammar, requiring the keywords in order so prose that names them out of order does not match, then extracts the machine host. modules/recon/pgpass-exposure.yaml flags an exposed .pgpass through a single line host:port:database:user:password record with a numeric or wildcard port, which a yaml config or a multi line body does not satisfy, then extracts the host. modules/recon/mysql-client-config-exposure.yaml flags an exposed .my.cnf through a client section paired with a cleartext password key, so a section without a credential is not reported, then extracts the client user. internal/modules/dotfile_credential_exposure_test.go drives the three modules end to end through ExecuteHTTPModule and asserts the leak alongside the near misses a strict review wants pinned: out of order prose, a yaml db config, a non numeric port, a multi line body, a section without a password, a password without a section, an html tutorial for each file, a plain 200 and a 404. verify: go test ./internal/modules, each matcher and extractor proven to bite (break -> red, restore -> green).