gitlab-secret_detection 0.1.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE +19 -0
- data/README.md +334 -0
- data/config/log.rb +23 -0
- data/lib/gitlab/secret_detection/core/finding.rb +40 -0
- data/lib/gitlab/secret_detection/core/gitleaks.toml +1084 -0
- data/lib/gitlab/secret_detection/core/response.rb +37 -0
- data/lib/gitlab/secret_detection/core/ruleset.rb +39 -0
- data/lib/gitlab/secret_detection/core/scanner.rb +274 -0
- data/lib/gitlab/secret_detection/core/status.rb +18 -0
- data/lib/gitlab/secret_detection/core.rb +14 -0
- data/lib/gitlab/secret_detection/grpc/client/grpc_client.rb +21 -0
- data/lib/gitlab/secret_detection/grpc/generated/.gitkeep +0 -0
- data/lib/gitlab/secret_detection/grpc/generated/secret_detection_pb.rb +25 -0
- data/lib/gitlab/secret_detection/grpc/generated/secret_detection_services_pb.rb +30 -0
- data/lib/gitlab/secret_detection/grpc/scanner_service.rb +148 -0
- data/lib/gitlab/secret_detection/grpc.rb +11 -0
- data/lib/gitlab/secret_detection/version.rb +26 -2
- data/lib/gitlab/secret_detection.rb +4 -4
- data/lib/gitlab.rb +6 -0
- data/proto/secret_detection.proto +76 -0
- metadata +70 -28
@@ -0,0 +1,76 @@
|
|
1
|
+
syntax = "proto3";
|
2
|
+
|
3
|
+
package gitlab.secret_detection;
|
4
|
+
|
5
|
+
/* We keep generated files within grpc namespace i.e GitLab::SecretDetection::GRPC
|
6
|
+
* so that these files are exported too in the Ruby Gem along with Core and GRPC logic.
|
7
|
+
*/
|
8
|
+
option ruby_package="GitLab::SecretDetection::GRPC";
|
9
|
+
|
10
|
+
/* Request arg for triggering Scan/ScanStream method */
|
11
|
+
message ScanRequest {
|
12
|
+
message Payload {
|
13
|
+
string id = 1;
|
14
|
+
string data = 2;
|
15
|
+
}
|
16
|
+
|
17
|
+
// Either provide rule type or a particular value to allow during the scan
|
18
|
+
message AllowEntry {
|
19
|
+
AllowType allow_type = 1;
|
20
|
+
string value = 2;
|
21
|
+
}
|
22
|
+
|
23
|
+
enum AllowType {
|
24
|
+
ALLOW_UNSPECIFIED = 0;
|
25
|
+
ALLOW_RULE_TYPE = 1; // Rule ID to exclude
|
26
|
+
ALLOW_RAW_VALUE = 2; // Raw value to exclude
|
27
|
+
}
|
28
|
+
|
29
|
+
repeated Payload payloads = 1; // Array of payloads to scan
|
30
|
+
// Scan timeout on the entire request. Value is represented in seconds, accepts float values to represent
|
31
|
+
// smaller unit values. Default is 180 seconds.
|
32
|
+
optional float timeout_secs = 2;
|
33
|
+
// Scan timeout on each payload . Value is represented in seconds, accepts float values to represent smaller
|
34
|
+
// unit values. Default is 30 seconds.
|
35
|
+
optional float payload_timeout_secs = 3;
|
36
|
+
repeated AllowEntry allowlist = 4; // Optional. Array of rule-types/raw-values to exclude from being considered during scan.
|
37
|
+
repeated string tags = 5; // Optional. Array of rule tags to consider for scan. Ex: ["gitlab_blocking"]
|
38
|
+
}
|
39
|
+
|
40
|
+
/* Response from Scan/ScanStream method */
|
41
|
+
message ScanResponse {
|
42
|
+
// Represents a secret finding identified within a payload
|
43
|
+
message Finding {
|
44
|
+
string payload_id = 1;
|
45
|
+
Status status = 2;
|
46
|
+
optional string type = 3;
|
47
|
+
optional string description = 4;
|
48
|
+
optional int32 line_number = 5;
|
49
|
+
optional string error = 6;
|
50
|
+
}
|
51
|
+
|
52
|
+
// Return status code in sync with ::SecretDetection::Status
|
53
|
+
enum Status {
|
54
|
+
STATUS_UNSPECIFIED = 0;
|
55
|
+
STATUS_FOUND = 1; // one or more findings
|
56
|
+
STATUS_FOUND_WITH_ERRORS = 2; // one or more findings along with some errors
|
57
|
+
STATUS_SCAN_TIMEOUT = 3; // whole scan timeout
|
58
|
+
STATUS_PAYLOAD_TIMEOUT = 4; // single payload timeout
|
59
|
+
STATUS_SCAN_ERROR = 5; // internal scan failure
|
60
|
+
STATUS_INPUT_ERROR = 6; // invalid input failure
|
61
|
+
STATUS_NOT_FOUND = 7; // zero findings
|
62
|
+
}
|
63
|
+
|
64
|
+
optional string error = 1;
|
65
|
+
repeated Finding results = 2;
|
66
|
+
Status status = 3;
|
67
|
+
}
|
68
|
+
|
69
|
+
/* Scanner service that scans given payloads and returns findings */
|
70
|
+
service Scanner {
|
71
|
+
// Runs secret detection scan for the given request
|
72
|
+
rpc Scan(ScanRequest) returns (ScanResponse) { }
|
73
|
+
|
74
|
+
// Runs bi-directional streaming of scans for the given stream of requests with a stream of responses
|
75
|
+
rpc ScanStream(stream ScanRequest) returns (stream ScanResponse) { }
|
76
|
+
}
|
metadata
CHANGED
@@ -1,76 +1,118 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gitlab-secret_detection
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
- group::
|
7
|
+
- group::secret detection
|
8
|
+
- Stan Hu
|
9
|
+
- gitlab_rubygems
|
8
10
|
autorequire:
|
9
|
-
bindir:
|
11
|
+
bindir: bin
|
10
12
|
cert_chain: []
|
11
|
-
date:
|
13
|
+
date: 2024-09-19 00:00:00.000000000 Z
|
12
14
|
dependencies:
|
13
15
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
16
|
+
name: grpc
|
15
17
|
requirement: !ruby/object:Gem::Requirement
|
16
18
|
requirements:
|
17
19
|
- - "~>"
|
18
20
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
20
|
-
type: :
|
21
|
+
version: '1.65'
|
22
|
+
type: :runtime
|
21
23
|
prerelease: false
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
23
25
|
requirements:
|
24
26
|
- - "~>"
|
25
27
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
28
|
+
version: '1.65'
|
29
|
+
- !ruby/object:Gem::Dependency
|
30
|
+
name: grpc-tools
|
31
|
+
requirement: !ruby/object:Gem::Requirement
|
32
|
+
requirements:
|
33
|
+
- - "~>"
|
34
|
+
- !ruby/object:Gem::Version
|
35
|
+
version: '1.65'
|
36
|
+
type: :runtime
|
37
|
+
prerelease: false
|
38
|
+
version_requirements: !ruby/object:Gem::Requirement
|
39
|
+
requirements:
|
40
|
+
- - "~>"
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: '1.65'
|
27
43
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
44
|
+
name: re2
|
29
45
|
requirement: !ruby/object:Gem::Requirement
|
30
46
|
requirements:
|
31
47
|
- - "~>"
|
32
48
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
34
|
-
type: :
|
49
|
+
version: '2.13'
|
50
|
+
type: :runtime
|
35
51
|
prerelease: false
|
36
52
|
version_requirements: !ruby/object:Gem::Requirement
|
37
53
|
requirements:
|
38
54
|
- - "~>"
|
39
55
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
56
|
+
version: '2.13'
|
41
57
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
58
|
+
name: toml-rb
|
43
59
|
requirement: !ruby/object:Gem::Requirement
|
44
60
|
requirements:
|
45
61
|
- - "~>"
|
46
62
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
48
|
-
|
63
|
+
version: '3.0'
|
64
|
+
- - ">="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: 3.0.1
|
67
|
+
type: :runtime
|
49
68
|
prerelease: false
|
50
69
|
version_requirements: !ruby/object:Gem::Requirement
|
51
70
|
requirements:
|
52
71
|
- - "~>"
|
53
72
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
55
|
-
|
56
|
-
|
57
|
-
|
73
|
+
version: '3.0'
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: 3.0.1
|
77
|
+
description: |-
|
78
|
+
GitLab Secret Detection gem accepts text-based payloads, matches them against predefined secret
|
79
|
+
detection rules (based on the ruleset used by GitLab Secrets analyzer), and returns the scan results. The gem also
|
80
|
+
supports customization of the scan behaviour.
|
58
81
|
email:
|
59
|
-
- eng-dev-secure-
|
82
|
+
- eng-dev-secure-secret-detection@gitlab.com
|
83
|
+
- stan@gitlab.com
|
60
84
|
executables: []
|
61
85
|
extensions: []
|
62
86
|
extra_rdoc_files: []
|
63
87
|
files:
|
88
|
+
- LICENSE
|
89
|
+
- README.md
|
90
|
+
- config/log.rb
|
91
|
+
- lib/gitlab.rb
|
64
92
|
- lib/gitlab/secret_detection.rb
|
93
|
+
- lib/gitlab/secret_detection/core.rb
|
94
|
+
- lib/gitlab/secret_detection/core/finding.rb
|
95
|
+
- lib/gitlab/secret_detection/core/gitleaks.toml
|
96
|
+
- lib/gitlab/secret_detection/core/response.rb
|
97
|
+
- lib/gitlab/secret_detection/core/ruleset.rb
|
98
|
+
- lib/gitlab/secret_detection/core/scanner.rb
|
99
|
+
- lib/gitlab/secret_detection/core/status.rb
|
100
|
+
- lib/gitlab/secret_detection/grpc.rb
|
101
|
+
- lib/gitlab/secret_detection/grpc/client/grpc_client.rb
|
102
|
+
- lib/gitlab/secret_detection/grpc/generated/.gitkeep
|
103
|
+
- lib/gitlab/secret_detection/grpc/generated/secret_detection_pb.rb
|
104
|
+
- lib/gitlab/secret_detection/grpc/generated/secret_detection_services_pb.rb
|
105
|
+
- lib/gitlab/secret_detection/grpc/scanner_service.rb
|
65
106
|
- lib/gitlab/secret_detection/version.rb
|
66
|
-
|
107
|
+
- proto/secret_detection.proto
|
108
|
+
homepage: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
|
67
109
|
licenses:
|
68
110
|
- MIT
|
69
111
|
metadata:
|
70
112
|
rubygems_mfa_required: 'true'
|
71
|
-
homepage_uri: https://gitlab.com/gitlab-org/
|
72
|
-
source_code_uri: https://gitlab.com/gitlab-org/
|
73
|
-
changelog_uri: https://gitlab.com/gitlab-org/
|
113
|
+
homepage_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
|
114
|
+
source_code_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
|
115
|
+
changelog_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service/-/blob/main/CHANGELOG.md
|
74
116
|
post_install_message:
|
75
117
|
rdoc_options: []
|
76
118
|
require_paths:
|
@@ -79,16 +121,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
79
121
|
requirements:
|
80
122
|
- - ">="
|
81
123
|
- !ruby/object:Gem::Version
|
82
|
-
version: '3.
|
124
|
+
version: '3.3'
|
83
125
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
84
126
|
requirements:
|
85
127
|
- - ">="
|
86
128
|
- !ruby/object:Gem::Version
|
87
129
|
version: '0'
|
88
130
|
requirements: []
|
89
|
-
rubygems_version: 3.
|
131
|
+
rubygems_version: 3.5.11
|
90
132
|
signing_key:
|
91
133
|
specification_version: 4
|
92
|
-
summary:
|
93
|
-
|
134
|
+
summary: GitLab Secret Detection gem scans for the secret leaks in the given text-based
|
135
|
+
payloads.
|
94
136
|
test_files: []
|