Initial commit

.editorconfig

@@ -0,0 +1,12 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 4
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.go]
+max_line_length = 100

.gitattributes

@@ -0,0 +1,3 @@
+go.sum linguist-generated
+*       text=auto eol=lf
+*.ps1   text eol=crlf

.gitignore

@@ -0,0 +1 @@
+bin/

.golangci.yml

@@ -0,0 +1,24 @@
+linters:
+  enable-all: true
+  disable:
+    - ifshort
+    - nosnakecase
+    - scopelint
+    - structcheck
+    - varcheck
+    - golint
+    - maligned
+    - exhaustivestruct
+    - interfacer
+    - deadcode
+
+linters-settings:
+  depguard:
+    rules:
+      main:
+        allow:
+          - $gostd
+          - github.com/gruz0/web3safe
+
+run:
+  timeout: 5m

Makefile

@@ -0,0 +1,40 @@
+GOCMD=go
+GOBUILD=$(GOCMD) build
+GOCLEAN=$(GOCMD) clean
+
+CMD_DIR=./cmd
+BIN_DIR=./bin
+
+WEB3SAFE_BINARY_NAME=web3safe
+WEB3SAFE_CMD_DIR=$(CMD_DIR)/$(WEB3SAFE_BINARY_NAME)
+
+DOTENVANALYZER_BINARY_NAME=dotenvanalyzer
+DOTENVANALYZER_CMD_DIR=$(CMD_DIR)/$(DOTENVANALYZER_BINARY_NAME)
+
+ENVANALYZER_BINARY_NAME=envanalyzer
+ENVANALYZER_CMD_DIR=$(CMD_DIR)/$(ENVANALYZER_BINARY_NAME)
+
+ifeq ($(OS),Windows_NT)
+	WEB3SAFE_BINARY_NAME:= $(WEB3SAFE_BINARY_NAME).exe
+	DOTENVANALYZER_BINARY_NAME:= $(DOTENVANALYZER_BINARY_NAME).exe
+	ENVANALYZER_BINARY_NAME:= $(ENVANALYZER_BINARY_NAME).exe
+endif
+
+build: clean
+	$(GOBUILD) -o $(BIN_DIR)/$(WEB3SAFE_BINARY_NAME) $(WEB3SAFE_CMD_DIR)/...
+	$(GOBUILD) -o $(BIN_DIR)/$(DOTENVANALYZER_BINARY_NAME) $(DOTENVANALYZER_CMD_DIR)/...
+	$(GOBUILD) -o $(BIN_DIR)/$(ENVANALYZER_BINARY_NAME) $(ENVANALYZER_CMD_DIR)/...
+
+clean:
+	$(GOCLEAN)
+	rm -f $(WEB3SAFE_BINARY_NAME)
+	rm -f $(DOTENVANALYZER_BINARY_NAME)
+	rm -f $(ENVANALYZER_BINARY_NAME)
+
+deps:
+	$(GOCMD) mod tidy
+
+test:
+	$(GOCMD) test ./...
+
+.PHONY: build clean deps test

README.md

@@ -0,0 +1,94 @@
+# Web3Safe
+
+Web3Safe is a set of command-line tools designed to protect your development
+environment by analyzing shell environment variables and .env (dotenv) files
+for any sensitive information, such as `PRIVATE_KEY`, `MNEMONIC`, and many
+other variables that can be stolen by malware or degens.
+
+## Personal Story
+
+Web3Safe was created from a personal experience that showed how important it
+is to keep our data safe while working on projects.
+
+Long story short: one day, I got a message on LinkedIn asking for help with a
+web3 app. I was excited to help and started working on it right away.
+
+But then something unexpected happened. The project had hidden obfuscated code
+that secretly looked through all my files, including sensitive ones like .env
+files. Before I knew it, I lost access to my wallet and tokens.
+
+That's why I made Web3Safe. It's a tool that helps developers like us keep our
+work safe. With Web3Safe, you can check your computer for any problems with
+your environment variables and make sure your projects stay secure.
+
+## Features
+
+- Analyzes shell environment variables for sensitive information.
+- Scans .env files for sensitive data such as passwords, API keys, and other confidential information.
+- Provides customizable and extendable rules.
+- Supports exclusion of certain .env files from the analysis.
+
+## Getting Started
+
+### Installation
+
+Web3Safe is a command-line tool written in Go. To install it, follow these steps:
+
+1. Clone the repository:
+   ```
+   git clone https://github.com/gruz0/web3safe.git
+   ```
+2. Build the apps:
+   ```
+   cd web3safe
+   make build
+   ```
+
+3. All apps will be placed inside `bin` directory:
+   ```
+   dotenvanalyzer
+   envanalyzer
+   web3safe
+   ```
+
+Web3Safe includes three tools: Web3Safe itself, Shell ENV Analyzer and Dotenv
+Analyzer.
+
+### Web3Safe
+
+This tool is designed for creating a configuration file for the other apps.
+
+- `-help`: Show all the available commands.
+- `-generateConfig`: Generate a new configuration file.
+
+### EnvAnalyzer
+
+This tool scans the current user's environment variables and display any
+sensitive information found.
+
+You can also customize the analysis by providing additional flags:
+
+- `-help`: Show all the available commands.
+- `-config`: Specify a custom configuration file for rule customization.
+
+### DotEnvAnalyzer
+
+By default, this tool scans .env files starting from a given directory
+recursively and display any sensitive information found inside `.env` files.
+
+You can also customize the analysis by providing additional flags:
+
+- `-help`: Show all the available commands.
+- `-config`: Specify a custom configuration file for rule customization.
+- `-path`: Path to start scan from (default: current dir).
+
+## Contributing
+
+Contributions to Web3Safe are welcome! If you encounter any bugs, issues, or
+have suggestions for improvement, please open an issue on GitHub or submit a
+pull request with your changes.
+
+## License
+
+Web3Safe is licensed under the MIT License. Feel free to use, modify,
+and distribute the code for both commercial and non-commercial purposes.

cmd/dotenvanalyzer/main.go

@@ -0,0 +1,55 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/gruz0/web3safe/internal/config"
+	"github.com/gruz0/web3safe/internal/dotenvanalyzer"
+)
+
+func main() {
+	flags := dotenvanalyzer.ParseFlags()
+
+	cfg := loadConfig(flags.ConfigFilePath)
+
+	dotenvAnalyzer := dotenvanalyzer.NewDotEnvAnalyzer(flags.PathToScan, cfg)
+
+	if err := dotenvAnalyzer.Run(); err != nil {
+		fmt.Fprintf(os.Stderr, "Unable to run dotenvAnalyzer: %v\n", err)
+
+		os.Exit(1)
+	}
+
+	dotenvAnalyzerReport := dotenvAnalyzer.Report()
+
+	if len(dotenvAnalyzerReport) == 0 {
+		fmt.Fprintf(os.Stdout, "Nothing found. Great!\n")
+
+		os.Exit(0)
+	}
+
+	for _, message := range dotenvAnalyzerReport {
+		fmt.Fprintln(os.Stderr, message)
+	}
+
+	os.Exit(1)
+}
+
+func loadConfig(configFilePath string) config.Config {
+	if configFilePath == "" {
+		fmt.Fprintf(os.Stdout, "No config file provided. We will use the default configuration.\n\n")
+
+		return config.GetDefaultConfig()
+	}
+
+	fmt.Fprintf(os.Stdout, "Loading configuration file: %s\n", configFilePath)
+
+	loadedConfig, loadConfigErr := config.LoadConfig(configFilePath)
+	if loadConfigErr != nil {
+		fmt.Fprintf(os.Stderr, "Unable to load config: %v\n", loadConfigErr)
+		os.Exit(1)
+	}
+
+	return loadedConfig
+}

cmd/envanalyzer/main.go

@@ -0,0 +1,55 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/gruz0/web3safe/internal/config"
+	"github.com/gruz0/web3safe/internal/envanalyzer"
+)
+
+func main() {
+	flags := envanalyzer.ParseFlags()
+
+	cfg := loadConfig(flags.ConfigFilePath)
+
+	envAnalyzer := envanalyzer.NewEnvAnalyzer(cfg)
+
+	if err := envAnalyzer.Run(); err != nil {
+		fmt.Fprintf(os.Stderr, "Unable to run envAnalyzer: %v\n", err)
+
+		os.Exit(1)
+	}
+
+	envAnalyzerReport := envAnalyzer.Report()
+
+	if len(envAnalyzerReport) == 0 {
+		fmt.Fprintf(os.Stdout, "Nothing found in ENV. Great!\n")
+
+		os.Exit(0)
+	}
+
+	for _, message := range envAnalyzerReport {
+		fmt.Fprintln(os.Stderr, message)
+	}
+
+	os.Exit(1)
+}
+
+func loadConfig(configFilePath string) config.Config {
+	if configFilePath == "" {
+		fmt.Fprintf(os.Stdout, "No config file provided. We will use the default configuration.\n\n")
+
+		return config.GetDefaultConfig()
+	}
+
+	fmt.Fprintf(os.Stdout, "Loading configuration file: %s\n", configFilePath)
+
+	loadedConfig, loadConfigErr := config.LoadConfig(configFilePath)
+	if loadConfigErr != nil {
+		fmt.Fprintf(os.Stderr, "Unable to load config: %v\n", loadConfigErr)
+		os.Exit(1)
+	}
+
+	return loadedConfig
+}

cmd/web3safe/main.go

@@ -0,0 +1,29 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/gruz0/web3safe/internal/config"
+	"github.com/gruz0/web3safe/internal/flags"
+)
+
+func main() {
+	flags := flags.ParseFlags()
+
+	if flags.GenerateConfig {
+		generateConfig()
+	}
+}
+
+func generateConfig() {
+	newConfigFilePath := config.GetDefaultConfigFilePath()
+
+	if err := config.GenerateConfig(newConfigFilePath); err != nil {
+		fmt.Fprintf(os.Stderr, "Error generating config: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Fprintf(os.Stdout, "New configuration file generated at %s\n", newConfigFilePath)
+	os.Exit(0)
+}

go.mod

@@ -0,0 +1,5 @@
+module github.com/gruz0/web3safe
+
+go 1.22.2
+
+require gopkg.in/yaml.v2 v2.4.0