.env support

.env support, can be activated in the options jszip and pako library updated
davtur19 · Feb 12, 2021 · 294a853 · 294a853
1 parent 1b2574a
commit 294a853
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -7,6 +7,7 @@ An extension for checking if .git is exposed in visited websites
 
 ## Features
 - Check if a .git/.svn/.hg folder exists for each site you visit
+- Check if a .env file exists for each site you visit
 - You will be notified when a folder is found
 - List of exposed sites found
 - Download the entire .git folder in zip format, even if the files are not listed on the site
@@ -21,7 +22,7 @@ More info [here](https://github.com/davtur19/DotGit/blob/b0f589dfd78396990b8d17e
 ### Note:
 - Downloading is an extra feature to DotGit, it is not meant to download large repositories (there are limits to the memory usable by extensions, and DotGit does everything in RAM)
 - Changing the download settings is recommended as by default the values are kept low to avoid problems for those who do not have a good connection or a good CPU, however too high values could freeze the browser even on powerful computers
-- By default svn and mercurial are disabled, to activate them just go to settings and turn them on
+- By default svn, mercurial and dotenv are disabled, to activate them just go to settings and turn them on
 
 ## Screenshot
 ![ScreenShot](https://user-images.githubusercontent.com/13476215/90319561-98ecb100-df39-11ea-876a-cc3c6d762932.png)

diff --git a/dotgit.js b/dotgit.js
@@ -2,7 +2,8 @@ const DEFAULT_OPTIONS = {
     "functions": {
         "git": true,
         "svn": false,
-        "hg": false
+        "hg": false,
+        "env": false
     },
     "color": "grey",
     "max_sites": 100,
@@ -38,6 +39,9 @@ const HG_MANIFEST_HEADERS = [
     "\u0000\u0003\u0000\u0001",
 ];
 
+const ENV_PATH = "/.env";
+const ENV_SEARCH = "^[A-Z_]*=";
+
 const GIT_TREE_HEADER = "tree ";
 const GIT_OBJECTS_PATH = "objects/";
 const GIT_OBJECTS_SEARCH = "[a-f0-9]{40}";
@@ -79,6 +83,7 @@ let notification_download;
 let check_git;
 let check_svn;
 let check_hg;
+let check_env;
 let failed_in_a_row;
 
 
@@ -201,6 +206,29 @@ function checkHg(url, visitedSite) {
     });
 }
 
+function checkEnv(url, visitedSite) {
+    let to_check = url + ENV_PATH;
+    const search = new RegExp(ENV_SEARCH, "gm");
+
+    fetch(to_check, {
+        redirect: "manual"
+    }).then(function (response) {
+        if (response.status === 200) {
+            return response.text();
+        }
+        return false;
+    }).then(function (text) {
+        if (text !== false && search.test(text) === true) {
+            // .env found
+            visitedSite.withExposedGit.push({type: "env", url: url});
+            chrome.storage.local.set(visitedSite);
+            setBadge();
+
+            notification("Found an exposed .env", to_check);
+        }
+    });
+}
+
 
 function startDownload(baseUrl, downloadFinished) {
     const downloadedFiles = [];
@@ -405,6 +433,7 @@ function set_options(options) {
     check_git = options.functions.git;
     check_svn = options.functions.svn;
     check_hg = options.functions.hg;
+    check_env = options.functions.env;
 }
 
 
@@ -459,6 +488,9 @@ chrome.runtime.onMessage.addListener(function (request, sender, sendResponse) {
     } else if (request.type === "hg") {
         check_hg = request.value;
         sendResponse({status: true});
+    } else if (request.type === "env") {
+        check_env = request.value;
+        sendResponse({status: true});
     } else if (request.type === "notification_new_git") {
         notification_new_git = request.value;
         sendResponse({status: true});
@@ -545,6 +577,10 @@ chrome.storage.local.get(["checked", "withExposedGit", "options"], function (res
                 checkHg(url, result);
                 save = true;
             }
+            if (check_env) {
+                checkEnv(url, result);
+                save = true;
+            }
             // save only if a check is done
             if (save) {
                 result.checked.push(url);

diff --git a/lib/jszip.min.js b/lib/jszip.min.js
diff --git a/lib/pako_inflate.min.js b/lib/pako_inflate.min.js
diff --git a/manifest.json b/manifest.json
@@ -1,7 +1,7 @@
 {
   "manifest_version": 2,
   "name": "DotGit",
-  "version": "4.1",
+  "version": "4.2",
   "description": "An extension for checking if .git is exposed in visited websites",
   "icons": {
     "16": "icons/dotgit-16.png",

diff --git a/options/options.html b/options/options.html
@@ -35,6 +35,14 @@
         <input type="radio" id="hgOff" name="hg" value="off" checked/>
         <label for="hgOff">Off</label>
     </div>
+    <div class="browser-style title-option">
+        .env
+        <input type="radio" id="envOn" name="env" value="on"/>
+        <label for="envOn">On</label>
+
+        <input type="radio" id="envOff" name="env" value="off" checked/>
+        <label for="envOff">Off</label>
+    </div>
 </section>
 <section class="option">
     <div class="browser-style title-option">

diff --git a/options/options.js b/options/options.js
@@ -11,6 +11,8 @@ function set_gui(options) {
     document.getElementById("svnOff").checked = !options.functions.svn;
     document.getElementById("hgOn").checked = options.functions.hg;
     document.getElementById("hgOff").checked = !options.functions.hg;
+    document.getElementById("envOn").checked = options.functions.env;
+    document.getElementById("envOff").checked = !options.functions.env;
     document.getElementById("max_sites").value = options.max_sites;
     document.getElementById("max_connections").value = options.download.max_connections;
     document.getElementById("failed_in_a_row").value = options.download.failed_in_a_row;
@@ -51,6 +53,14 @@ document.addEventListener("DOMContentLoaded", function () {
                     value: result.options.functions.hg
                 }, function (response) {
                 });
+            } else if (e.target.name === "env") {
+                result.options.functions.env = (e.target.value === "on");
+                chrome.storage.local.set(result);
+                chrome.runtime.sendMessage({
+                    type: e.target.name,
+                    value: result.options.functions.env
+                }, function (response) {
+                });
             } else if (e.target.id === "color") {
                 result.options.color = e.target.value;
                 chrome.storage.local.set(result);

diff --git a/popup/popup.js b/popup/popup.js
@@ -82,6 +82,9 @@ function addElements(element, array, callback, downloading, max_sites) {
         if (callback(array[i].type) === "hg") {
             link.setAttribute("href", callback(array[i].url) + "/.hg/");
         }
+        if (callback(array[i].type) === "env") {
+            link.setAttribute("href", callback(array[i].url) + "/.env");
+        }
         link.innerText = callback(array[i].url);
 
         spanLink.appendChild(link);