Cleaning up regexes and adding git command to view files

nielsing · Sep 9, 2019 · 9777770 · 9777770
1 parent d394332
commit 9777770
Show file tree

Hide file tree

Showing 4 changed files with 164 additions and 76 deletions.
diff --git a/config/yarconfig.json b/config/yarconfig.json
@@ -1,20 +1,10 @@
 {
     "Rules": [
-        {
-            "Reason": "AWS API Key",
-            "Rule": "AKIA[0-9A-Z]{16}",
-            "Noise": 3
-        },
         {
             "Reason": "AWS Access Key ID Value",
             "Rule": "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}",
             "Noise": 3
         },
-        {
-            "Reason": "AWS Access Key ID",
-            "Rule": "((\\\"|'|`)?((?i)aws)?_?((?i)access)_?((?i)key)?_?((?i)id)?(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}(\\\"|'|`)?)",
-            "Noise": 3
-        },
         {
             "Reason": "AWS Account ID",
             "Rule": "((\\\"|'|`)?((?i)aws)?_?((?i)account)_?((?i)id)?(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?[0-9]{4}-?[0-9]{4}-?[0-9]{4}(\\\"|'|`)?)",
@@ -30,11 +20,6 @@
             "Rule": "((\\\"|'|`)?((?i)aws)?_?((?i)session)?_?((?i)token)?(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?[A-Za-z0-9/+=]{16,}(\\\"|'|`)?)",
             "Noise": 3
         },
-        {
-            "Reason": "Amazon AWS Access Key ID",
-            "Rule": "AKIA[0-9A-Z]{16}",
-            "Noise": 3
-        },
         {
             "Reason": "Amazon MWS Auth Token",
             "Rule": "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}",
@@ -57,7 +42,7 @@
         },
         {
             "Reason": "Facebook Oauth",
-            "Rule": "(?i)facebook.{0,50}(\\\"|'|`)?[0-9a-f]{32}(\\\"|'|`)?",
+            "Rule": "(?i)facebook[^/]{0,50}(\\\"|'|`)?[0-9a-f]{32}(\\\"|'|`)?",
             "Noise": 3
         },
         {
@@ -71,32 +56,7 @@
             "Noise": 3
         },
         {
-            "Reason": "Google Cloud Platform API Key",
-            "Rule": "AIza[0-9A-Za-z\\-_]{35}",
-            "Noise": 3
-        },
-        {
-            "Reason": "Google Cloud Platform OAuth",
-            "Rule": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
-            "Noise": 3
-        },
-        {
-            "Reason": "Google Drive API Key",
-            "Rule": "AIza[0-9A-Za-z\\-_]{35}",
-            "Noise": 3
-        },
-        {
-            "Reason": "Google Drive OAuth",
-            "Rule": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
-            "Noise": 3
-        },
-        {
-            "Reason": "Google Gmail API Key",
-            "Rule": "AIza[0-9A-Za-z\\-_]{35}",
-            "Noise": 3
-        },
-        {
-            "Reason": "Google Gmail OAuth",
+            "Reason": "Google OAuth",
             "Rule": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
             "Noise": 3
         },
@@ -110,16 +70,6 @@
             "Rule": "((\\\"|'|`)?client_secret(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?[a-zA-Z0-9-_]{24}(\\\"|'|`)?)",
             "Noise": 3
         },
-        {
-            "Reason": "Google YouTube API Key",
-            "Rule": "AIza[0-9A-Za-z\\-_]{35}",
-            "Noise": 3
-        },
-        {
-            "Reason": "Google YouTube OAuth",
-            "Rule": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
-            "Noise": 3
-        },
         {
             "Reason": "Heroku API Key",
             "Rule": "(?i)heroku.{0,50}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
@@ -140,24 +90,9 @@
             "Rule": "key-[0-9a-zA-Z]{32}",
             "Noise": 3
         },
-        {
-            "Reason": "NPM",
-            "Rule": "(?i)npm.{0,50}(\\\"|'|`)?[0-9a-f-]{36}(\\\"|'|`)?",
-            "Noise": 3
-        },
         {
             "Reason": "Outlook team",
-            "Rule": "(https\\://outlook\\.office.com/webhook/[0-9a-f-]{36}\\@)",
-            "Noise": 3
-        },
-        {
-            "Reason": "PGP private key block",
-            "Rule": "-----BEGIN PGP PRIVATE KEY BLOCK-----",
-            "Noise": 3
-        },
-        {
-            "Reason": "Password in URL",
-            "Rule": "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
+            "Rule": "https\\://outlook\\.office.com/webhook/[0-9a-f-]{36}\\@",
             "Noise": 3
         },
         {
@@ -170,6 +105,11 @@
             "Rule": "sk_live_[0-9a-z]{32}",
             "Noise": 3
         },
+        {
+            "Reason": "PGP private key block",
+            "Rule": "-----BEGIN PGP PRIVATE KEY BLOCK-----",
+            "Noise": 3
+        },
         {
             "Reason": "RSA private key",
             "Rule": "-----BEGIN RSA PRIVATE KEY-----",
@@ -241,22 +181,69 @@
             "Noise": 3
         },
         {
-            "Reason": "Twitter Access Token",
-            "Rule": "(?i)twitter.{0,50}[1-9][0-9]+-[0-9a-zA-Z]{40}",
+            "Reason": "Twitter Oauth",
+            "Rule": "(?i)twitter[^/]{0,50}[0-9a-zA-Z]{35,44}",
             "Noise": 3
         },
         {
-            "Reason": "Twitter Oauth",
-            "Rule": "(?i)twitter.{0,50}(\\\"|'|`)?[0-9a-zA-Z]{35,44}(\\\"|'|`)?",
+            "Reason": "Password in URL",
+            "Rule": "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
             "Noise": 3
         },
         {
-            "Reason": "URL Authorization",
-            "Rule": "([a-zA-Z]{3,10}://[^/$\\\\s:@]{3,20}:[^/$\\\\s:@]{3,20}@.{1,100}[\"'$\\\\s])",
-            "Noise": 3
+            "Reason": "S3 Buckets",
+            "Rule": "[a-z0-9.-]+\\.s3\\.amazonaws\\.com|[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com|[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)|//s3\\.amazonaws\\.com/[a-z0-9._-]+|//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+",
+            "Noise": 4
+        },
+        {
+            "Reason": "Generic certificate header",
+            "Rule": "-----BEGIN .{3,100}-----",
+            "Noise": 4
+        },
+        {
+            "Reason": "Generic Password",
+            "Rule": "(?i)pass(word)?[\\w-]*\\\\s*[=:>|]+\\s*['\"`][^'\"`]{3,100}['\"`]",
+            "Noise": 4
+        },
+        {
+            "Reason": "Generic Secret",
+            "Rule": "(?i)secret[\\w-]*\\s*[=:>|]+\\s*['\"`][^'\"`]{3,100}['\"`]",
+            "Noise": 4
+        },
+        {
+            "Reason": "Generic Token",
+            "Rule": "(?i)token[\\w-]*\\s*[=:>|]+\\s*['\"`][^'\"`]{3,100}['\"`]",
+            "Noise": 4
+        },
+        {
+            "Reason": "Base64",
+            "Rule": "([^A-Za-z0-9+/]|^)(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[%a-zA-Z0-9+/]+={0,2}",
+            "Noise": 4
+        },
+        {
+            "Reason": "IP Address",
+            "Rule": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])",
+            "Noise": 5
+        },
+        {
+            "Reason": "Common secret names",
+            "Rule": "(?i)aws_access|aws_secret|api[_-]?key|listbucketresult|s3_access_key|authorization:|ssh-rsa AA|pass(word)?|secret|token|",
+            "Noise": 5
+        },
+        {
+            "Reason": "Suspicious Comments",
+            "Rule": "(?i)\\b(hack|hax|fix|oo+ps|fuck|ugly|todo|shit)\\b",
+            "Noise": 5
         }
+
     ],
     "FileBlacklist": [
-        "^.*\\.lock$"
+        "\\.min\\.js$",
+        "\\.(less|s?css|html|lock|pbxproj)$",
+        "node_modules/",
+        "package-lock\\.json$",
+        "bower\\.json$",
+        "\\.pdf$",
+        "npm-debug\\.log"
     ]
 }
diff --git a/go.mod b/go.mod
@@ -0,0 +1,14 @@
+module github.com/Furduhlutur/yar
+
+go 1.13
+
+require (
+	github.com/akamensky/argparse v0.0.0-20190829110830-5293d9863374
+	github.com/fatih/color v1.7.0
+	github.com/google/go-github v17.0.0+incompatible
+	github.com/google/go-querystring v1.0.0 // indirect
+	github.com/mattn/go-colorable v0.1.2 // indirect
+	github.com/mattn/go-isatty v0.0.9 // indirect
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+	gopkg.in/src-d/go-git.v4 v4.13.1
+)
diff --git a/go.sum b/go.sum
@@ -0,0 +1,84 @@
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/akamensky/argparse v0.0.0-20190829110830-5293d9863374 h1:OXrDUfvEdzTnOp50avgJJvsMlwzISShBt3MAdjjELGM=
+github.com/akamensky/argparse v0.0.0-20190829110830-5293d9863374/go.mod h1:pdh+2piXurh466J9tqIqq39/9GO2Y8nZt6Cxzu18T9A=
+github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
+github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
+github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd h1:Coekwdh0v2wtGp9Gmz1Ze3eVRAWJMLokvN3QjdzCHLY=
+github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.9 h1:d5US/mDsogSGW37IV293h//ZFaeajb69h+EHFsv2xGg=
+github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4=
+github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70=
+github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
+golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 h1:Ao/3l156eZf2AW5wK8a7/smtodRU+gha3+BeqJ69lRk=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e h1:D5TXcfTk7xF7hvieo4QErS3qqCB4teTffacDWr7CI+0=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a h1:aYOabOQFp6Vj6W1F80affTUvO9UxmJRx8K0gsfABByQ=
+golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/src-d/go-billy.v4 v4.3.2 h1:0SQA1pRztfTFx2miS8sA97XvooFeNOmvUenF4o0EcVg=
+gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98=
+gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g=
+gopkg.in/src-d/go-git.v4 v4.13.1 h1:SRtFyV8Kxc0UP7aCHcijOMQGPxHSmMOPrzulQWolkYE=
+gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8=
+gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
+gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
diff --git a/robber/log.go b/robber/log.go
@@ -150,6 +150,7 @@ func (l *Logger) LogFinding(f *Finding, m *Middleware, contextDiff string) {
 	info, _ := logColors[info]
 	data, _ := logColors[data]
 	secret, _ := logColors[secret]
+	repoPath, _ := GetDir(f.RepoName)
 
 	info.Println(seperator)
 	info.Printf("Reason: ")
@@ -166,6 +167,8 @@ func (l *Logger) LogFinding(f *Finding, m *Middleware, contextDiff string) {
 	data.Println(f.CommitHash)
 	info.Printf("Date of commit: ")
 	data.Println(f.DateOfCommit)
+	info.Printf("View command: ")
+	data.Printf("git --git-dir=%s show %s:%s\n", repoPath, f.CommitHash[:6], f.Filepath)
 	info.Printf("Commit message: ")
 	data.Printf("%s\n\n", strings.Trim(f.CommitMessage, "\n"))
 	if *m.Flags.NoContext {