A tool that scan GitHub Code updates using Search API and find exposed API keys(AWS, Facebook, Twitter, LinkedIn) which might be collected and used later.
CodeUpdateController is Spring WebFlux controller that contains HTTP GET mapping with service path variable to select API keys to search. You also need to include a GitHub token in x-github-api-token header. Controller method retrieves keywords and RegEx patterns from properties file using PropertiesService, creates CodeUpdateGenerator and returns result of streamCodeUpdates method of CodeUpdateService. Response is streamed using Newline delimited JSON.
CodeUpdateGenerator constructs search query and makes request to GitHub Search API using Spring Web Client. Response status code 403 Forbidden means that API limit is exceeded so generator waits for one minute and retries request. Successful responses are transformed to Mono<CodeUpdates>.
CodeUpdateService contains methods that create Flux from CodeUpdateGenerator and transform it to Flux with Response messages:
getCodeUpdateFluxmethod generates Flux using CodeUpdateGenerator and flatmapsFlux<CodeUpdates>toFlux<CodeUpdate>by streaming CodeUpdates items list.parseCodeUpdatesmethod flattens CodeUpdate textMatches list, filters CodeUpdates that don't match RegEx pattern and returns Tuple with found key, filename and repository name.collectLanguageStatsmethod gets file extension from filename, resolves language from extension by call toLanguageServiceand adds that language to Map usingStatisticsService.isNewProjectmethod returns whether repository name was already saved toStatisticsServiceSet and saves it otherwise.
Finally Tuple is mapped to Message class that contains:
key- exposed keylanguage_stats- top 3 languages in which keys was exposed most frequentlyproject_name- repository nameis_new_project- boolean value that highlights new projects which have key exposure.
