gitlab-secret_detection 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,76 @@
1
+ syntax = "proto3";
2
+
3
+ package gitlab.secret_detection;
4
+
5
+ /* We keep generated files within grpc namespace i.e GitLab::SecretDetection::GRPC
6
+ * so that these files are exported too in the Ruby Gem along with Core and GRPC logic.
7
+ */
8
+ option ruby_package="GitLab::SecretDetection::GRPC";
9
+
10
+ /* Request arg for triggering Scan/ScanStream method */
11
+ message ScanRequest {
12
+ message Payload {
13
+ string id = 1;
14
+ string data = 2;
15
+ }
16
+
17
+ // Either provide rule type or a particular value to allow during the scan
18
+ message AllowEntry {
19
+ AllowType allow_type = 1;
20
+ string value = 2;
21
+ }
22
+
23
+ enum AllowType {
24
+ ALLOW_UNSPECIFIED = 0;
25
+ ALLOW_RULE_TYPE = 1; // Rule ID to exclude
26
+ ALLOW_RAW_VALUE = 2; // Raw value to exclude
27
+ }
28
+
29
+ repeated Payload payloads = 1; // Array of payloads to scan
30
+ // Scan timeout on the entire request. Value is represented in seconds, accepts float values to represent
31
+ // smaller unit values. Default is 180 seconds.
32
+ optional float timeout_secs = 2;
33
+ // Scan timeout on each payload . Value is represented in seconds, accepts float values to represent smaller
34
+ // unit values. Default is 30 seconds.
35
+ optional float payload_timeout_secs = 3;
36
+ repeated AllowEntry allowlist = 4; // Optional. Array of rule-types/raw-values to exclude from being considered during scan.
37
+ repeated string tags = 5; // Optional. Array of rule tags to consider for scan. Ex: ["gitlab_blocking"]
38
+ }
39
+
40
+ /* Response from Scan/ScanStream method */
41
+ message ScanResponse {
42
+ // Represents a secret finding identified within a payload
43
+ message Finding {
44
+ string payload_id = 1;
45
+ Status status = 2;
46
+ optional string type = 3;
47
+ optional string description = 4;
48
+ optional int32 line_number = 5;
49
+ optional string error = 6;
50
+ }
51
+
52
+ // Return status code in sync with ::SecretDetection::Status
53
+ enum Status {
54
+ STATUS_UNSPECIFIED = 0;
55
+ STATUS_FOUND = 1; // one or more findings
56
+ STATUS_FOUND_WITH_ERRORS = 2; // one or more findings along with some errors
57
+ STATUS_SCAN_TIMEOUT = 3; // whole scan timeout
58
+ STATUS_PAYLOAD_TIMEOUT = 4; // single payload timeout
59
+ STATUS_SCAN_ERROR = 5; // internal scan failure
60
+ STATUS_INPUT_ERROR = 6; // invalid input failure
61
+ STATUS_NOT_FOUND = 7; // zero findings
62
+ }
63
+
64
+ optional string error = 1;
65
+ repeated Finding results = 2;
66
+ Status status = 3;
67
+ }
68
+
69
+ /* Scanner service that scans given payloads and returns findings */
70
+ service Scanner {
71
+ // Runs secret detection scan for the given request
72
+ rpc Scan(ScanRequest) returns (ScanResponse) { }
73
+
74
+ // Runs bi-directional streaming of scans for the given stream of requests with a stream of responses
75
+ rpc ScanStream(stream ScanRequest) returns (stream ScanResponse) { }
76
+ }
metadata CHANGED
@@ -1,76 +1,118 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-secret_detection
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
- - group::static analysis
7
+ - group::secret detection
8
+ - Stan Hu
9
+ - gitlab_rubygems
8
10
  autorequire:
9
- bindir: exe
11
+ bindir: bin
10
12
  cert_chain: []
11
- date: 2023-10-10 00:00:00.000000000 Z
13
+ date: 2024-09-19 00:00:00.000000000 Z
12
14
  dependencies:
13
15
  - !ruby/object:Gem::Dependency
14
- name: rspec
16
+ name: grpc
15
17
  requirement: !ruby/object:Gem::Requirement
16
18
  requirements:
17
19
  - - "~>"
18
20
  - !ruby/object:Gem::Version
19
- version: '3.0'
20
- type: :development
21
+ version: '1.65'
22
+ type: :runtime
21
23
  prerelease: false
22
24
  version_requirements: !ruby/object:Gem::Requirement
23
25
  requirements:
24
26
  - - "~>"
25
27
  - !ruby/object:Gem::Version
26
- version: '3.0'
28
+ version: '1.65'
29
+ - !ruby/object:Gem::Dependency
30
+ name: grpc-tools
31
+ requirement: !ruby/object:Gem::Requirement
32
+ requirements:
33
+ - - "~>"
34
+ - !ruby/object:Gem::Version
35
+ version: '1.65'
36
+ type: :runtime
37
+ prerelease: false
38
+ version_requirements: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - "~>"
41
+ - !ruby/object:Gem::Version
42
+ version: '1.65'
27
43
  - !ruby/object:Gem::Dependency
28
- name: rubocop
44
+ name: re2
29
45
  requirement: !ruby/object:Gem::Requirement
30
46
  requirements:
31
47
  - - "~>"
32
48
  - !ruby/object:Gem::Version
33
- version: '1.50'
34
- type: :development
49
+ version: '2.13'
50
+ type: :runtime
35
51
  prerelease: false
36
52
  version_requirements: !ruby/object:Gem::Requirement
37
53
  requirements:
38
54
  - - "~>"
39
55
  - !ruby/object:Gem::Version
40
- version: '1.50'
56
+ version: '2.13'
41
57
  - !ruby/object:Gem::Dependency
42
- name: rubocop-rspec
58
+ name: toml-rb
43
59
  requirement: !ruby/object:Gem::Requirement
44
60
  requirements:
45
61
  - - "~>"
46
62
  - !ruby/object:Gem::Version
47
- version: '2.22'
48
- type: :development
63
+ version: '3.0'
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ version: 3.0.1
67
+ type: :runtime
49
68
  prerelease: false
50
69
  version_requirements: !ruby/object:Gem::Requirement
51
70
  requirements:
52
71
  - - "~>"
53
72
  - !ruby/object:Gem::Version
54
- version: '2.22'
55
- description: The gitlab-secret_detection gem accepts one or more git blobs, matches
56
- them against a defined ruleset of regular expressions (based on gitleaks.toml used
57
- by secrets analyzer), and returns scan results.
73
+ version: '3.0'
74
+ - - ">="
75
+ - !ruby/object:Gem::Version
76
+ version: 3.0.1
77
+ description: |-
78
+ GitLab Secret Detection gem accepts text-based payloads, matches them against predefined secret
79
+ detection rules (based on the ruleset used by GitLab Secrets analyzer), and returns the scan results. The gem also
80
+ supports customization of the scan behaviour.
58
81
  email:
59
- - eng-dev-secure-static-analysis@gitlab.com
82
+ - eng-dev-secure-secret-detection@gitlab.com
83
+ - stan@gitlab.com
60
84
  executables: []
61
85
  extensions: []
62
86
  extra_rdoc_files: []
63
87
  files:
88
+ - LICENSE
89
+ - README.md
90
+ - config/log.rb
91
+ - lib/gitlab.rb
64
92
  - lib/gitlab/secret_detection.rb
93
+ - lib/gitlab/secret_detection/core.rb
94
+ - lib/gitlab/secret_detection/core/finding.rb
95
+ - lib/gitlab/secret_detection/core/gitleaks.toml
96
+ - lib/gitlab/secret_detection/core/response.rb
97
+ - lib/gitlab/secret_detection/core/ruleset.rb
98
+ - lib/gitlab/secret_detection/core/scanner.rb
99
+ - lib/gitlab/secret_detection/core/status.rb
100
+ - lib/gitlab/secret_detection/grpc.rb
101
+ - lib/gitlab/secret_detection/grpc/client/grpc_client.rb
102
+ - lib/gitlab/secret_detection/grpc/generated/.gitkeep
103
+ - lib/gitlab/secret_detection/grpc/generated/secret_detection_pb.rb
104
+ - lib/gitlab/secret_detection/grpc/generated/secret_detection_services_pb.rb
105
+ - lib/gitlab/secret_detection/grpc/scanner_service.rb
65
106
  - lib/gitlab/secret_detection/version.rb
66
- homepage: https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection
107
+ - proto/secret_detection.proto
108
+ homepage: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
67
109
  licenses:
68
110
  - MIT
69
111
  metadata:
70
112
  rubygems_mfa_required: 'true'
71
- homepage_uri: https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection
72
- source_code_uri: https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection
73
- changelog_uri: https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection/CHANGELOG.md
113
+ homepage_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
114
+ source_code_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
115
+ changelog_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service/-/blob/main/CHANGELOG.md
74
116
  post_install_message:
75
117
  rdoc_options: []
76
118
  require_paths:
@@ -79,16 +121,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
79
121
  requirements:
80
122
  - - ">="
81
123
  - !ruby/object:Gem::Version
82
- version: '3.0'
124
+ version: '3.3'
83
125
  required_rubygems_version: !ruby/object:Gem::Requirement
84
126
  requirements:
85
127
  - - ">="
86
128
  - !ruby/object:Gem::Version
87
129
  version: '0'
88
130
  requirements: []
89
- rubygems_version: 3.4.18
131
+ rubygems_version: 3.5.11
90
132
  signing_key:
91
133
  specification_version: 4
92
- summary: The gitlab-secret_detection gem performs regex matching on git blobs that
93
- may include secrets.
134
+ summary: GitLab Secret Detection gem scans for the secret leaks in the given text-based
135
+ payloads.
94
136
  test_files: []