oleander/scanner.py at main · aRageQueen/oleander · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
import os
from regex_patterns import ENV_VAR_PATTERNS
from utils import shannon_entropy

def scan_file(filepath):
    #scans a single file line-by-line for secret patterns and high-entropy strings
    results = []
    try:
        with open(filepath, "r", errors="ignore") as f:
            for lineno, line in enumerate(f, start=1):
                for pattern in ENV_VAR_PATTERNS:
                    if pattern.search(line):
                        entropy = shannon_entropy(line)
                        if entropy > 3.5:
                            results.append({
                                "file": filepath,
                                "line": lineno,
                                "content": line.strip(),
                                "entropy": round(entropy, 2)
                            })
    except Exception as e:
        pass #skips unreadable files (i.e.,. binary, permission errors, etc.,.)
    return results

def scan_directory(path):
    #recursively scans a directory for files with potentially leaked secrets
    findings = []
    for root, dirs, files in os.walk(path):
        for file in files:
            if file.endswith(('.py', '.env', '.js', '.sh', '.yml', '.json', '.txt')):
                findings.extend(scan_file(os.path.join(root, file)))
    return findings