gitlab-secret_detection 0.1.0 → 0.4.1

data/lib/gitlab.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+require_relative 'gitlab/secret_detection'
+
+module GitLab
+end

data/proto/secret_detection.proto

@@ -0,0 +1,76 @@
+syntax = "proto3";
+
+package gitlab.secret_detection;
+
+/* We keep generated files within grpc namespace i.e GitLab::SecretDetection::GRPC
+ * so that these files are exported too in the Ruby Gem along with Core and GRPC logic.
+ */
+option ruby_package="GitLab::SecretDetection::GRPC";
+
+/* Request arg for triggering Scan/ScanStream method */
+message ScanRequest {
+  message Payload {
+    string id = 1;
+    string data = 2;
+  }
+
+  // Either provide rule type or a particular value to allow during the scan
+  message Exclusion {
+    ExclusionType exclusion_type = 1;
+    string value = 2;
+  }
+
+  enum ExclusionType {
+    EXCLUSION_TYPE_UNSPECIFIED = 0;
+    EXCLUSION_TYPE_RULE = 1; // Rule ID to exclude
+    EXCLUSION_TYPE_RAW_VALUE = 2; // Raw value to exclude
+  }
+
+  repeated Payload payloads = 1; // Array of payloads to scan
+  // Scan timeout on the entire request. Value is represented in seconds, accepts float values to represent
+  // smaller unit values. Default is 180 seconds.
+  optional float timeout_secs = 2;
+  // Scan timeout on each payload . Value is represented in seconds, accepts float values to represent smaller
+  // unit values. Default is 30 seconds.
+  optional float payload_timeout_secs = 3;
+  repeated Exclusion exclusions = 4; // Optional. Array of rule-types/raw-values to exclude from being considered during scan.
+  repeated string tags = 5; // Optional. Array of rule tags to consider for scan. Ex: ["gitlab_blocking"]
+}
+
+/* Response from Scan/ScanStream method */
+message ScanResponse {
+  // Represents a secret finding identified within a payload
+  message Finding {
+    string payload_id = 1;
+    Status status = 2;
+    optional string type = 3;
+    optional string description = 4;
+    optional int32 line_number = 5;
+    optional string error = 6;
+  }
+
+  // Return status code in sync with ::SecretDetection::Status
+  enum Status {
+    STATUS_UNSPECIFIED = 0;
+    STATUS_FOUND = 1;              // one or more findings
+    STATUS_FOUND_WITH_ERRORS = 2;  // one or more findings along with some errors
+    STATUS_SCAN_TIMEOUT = 3;       // whole scan timeout
+    STATUS_PAYLOAD_TIMEOUT = 4;       // single payload timeout
+    STATUS_SCAN_ERROR = 5;         // internal scan failure
+    STATUS_INPUT_ERROR = 6;        // invalid input failure
+    STATUS_NOT_FOUND = 7;          // zero findings
+  }
+
+  optional string error = 1;
+  repeated Finding results = 2;
+  Status status = 3;
+}
+
+/* Scanner service that scans given payloads and returns findings */
+service Scanner {
+  // Runs secret detection scan for the given request
+  rpc Scan(ScanRequest) returns (ScanResponse) { }
+
+  // Runs bi-directional streaming of scans for the given stream of requests with a stream of responses
+  rpc ScanStream(stream ScanRequest) returns (stream ScanResponse) { }
+}

metadata

@@ -1,76 +1,112 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-secret_detection
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.4.1
 platform: ruby
 authors:
-- group::static analysis
+- group::secret detection
+- Stan Hu
+- gitlab_rubygems
 autorequire:
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2023-10-10 00:00:00.000000000 Z
+date: 2024-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: grpc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '3.0'
-  type: :development
+        version: 1.63.0
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 1.63.0
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: grpc-tools
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.50'
-  type: :development
+        version: '1.66'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.50'
+        version: '1.66'
+- !ruby/object:Gem::Dependency
+  name: re2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.0
 - !ruby/object:Gem::Dependency
-  name: rubocop-rspec
+  name: toml-rb
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.22'
-  type: :development
+        version: 2.2.0
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.22'
-description: The gitlab-secret_detection gem accepts one or more git blobs, matches
-  them against a defined ruleset of regular expressions (based on gitleaks.toml used
-  by secrets analyzer), and returns scan results.
+        version: 2.2.0
+description: |-
+  GitLab Secret Detection gem accepts text-based payloads, matches them against predefined secret
+      detection rules (based on the ruleset used by GitLab Secrets analyzer), and returns the scan results. The gem also
+      supports customization of the scan behaviour.
 email:
-- eng-dev-secure-static-analysis@gitlab.com
+- eng-dev-secure-secret-detection@gitlab.com
+- stan@gitlab.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- LICENSE
+- README.md
+- config/log.rb
+- lib/gitlab.rb
 - lib/gitlab/secret_detection.rb
+- lib/gitlab/secret_detection/core.rb
+- lib/gitlab/secret_detection/core/finding.rb
+- lib/gitlab/secret_detection/core/gitleaks.toml
+- lib/gitlab/secret_detection/core/response.rb
+- lib/gitlab/secret_detection/core/ruleset.rb
+- lib/gitlab/secret_detection/core/scanner.rb
+- lib/gitlab/secret_detection/core/status.rb
+- lib/gitlab/secret_detection/grpc.rb
+- lib/gitlab/secret_detection/grpc/client/grpc_client.rb
+- lib/gitlab/secret_detection/grpc/generated/.gitkeep
+- lib/gitlab/secret_detection/grpc/generated/secret_detection_pb.rb
+- lib/gitlab/secret_detection/grpc/generated/secret_detection_services_pb.rb
+- lib/gitlab/secret_detection/grpc/scanner_service.rb
 - lib/gitlab/secret_detection/version.rb
-homepage: https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection
+- proto/secret_detection.proto
+homepage: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
 licenses:
 - MIT
 metadata:
   rubygems_mfa_required: 'true'
-  homepage_uri: https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection
-  source_code_uri: https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection
-  changelog_uri: https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection/CHANGELOG.md
+  homepage_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
+  source_code_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service
+  changelog_uri: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service/-/blob/main/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -79,16 +115,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.0'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.18
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
-summary: The gitlab-secret_detection gem performs regex matching on git blobs that
-  may include secrets.
+summary: GitLab Secret Detection gem scans for the secret leaks in the given text-based
+  payloads.
 test_files: []