gitlab-secret_detection 0.19.1 → 0.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/gitlab/secret_detection/core/ruleset.rb +17 -9
- data/lib/gitlab/secret_detection/core/scanner.rb +3 -12
- data/lib/gitlab/secret_detection/core/status.rb +34 -0
- data/lib/gitlab/secret_detection/grpc/client/grpc_client.rb +3 -17
- data/lib/gitlab/secret_detection/grpc/generated/secret_detection_pb.rb +1 -1
- data/lib/gitlab/secret_detection/grpc/integrated_error_tracking.rb +64 -0
- data/lib/gitlab/secret_detection/grpc/scanner_service.rb +3 -2
- data/lib/gitlab/secret_detection/grpc.rb +1 -0
- data/lib/gitlab/secret_detection/version.rb +1 -1
- data/proto/secret_detection.proto +2 -0
- metadata +31 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 64291ae0fc59c36ec4e951eba1887416f8febbe2d89ff87b4690d3fcde46c14c
|
|
4
|
+
data.tar.gz: 230c2d0623f5879edfba4cbe57a1ce6cb421e4cefa7223f9214ed40d241e616c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 80a65bff589d277515df5ca04670180224a1996b0ed65f8dba79170c2dce312870f5e56122d1d7ae100b649a0d7818d51c87eae9d0c35ad5e3ce50844af191d3
|
|
7
|
+
data.tar.gz: 1a311f585f0231650e1041dae2c280a62927cde9e8e22ac18fcd81216f25dcaaff64c24defe970adc9ec63b533c3834b0221286c58f8967c0422fb75b64fd45d
|
|
@@ -7,6 +7,14 @@ module Gitlab
|
|
|
7
7
|
module SecretDetection
|
|
8
8
|
module Core
|
|
9
9
|
class Ruleset
|
|
10
|
+
# RulesetParseError is thrown when the code fails to parse the
|
|
11
|
+
# ruleset file from the given path
|
|
12
|
+
RulesetParseError = Class.new(StandardError)
|
|
13
|
+
|
|
14
|
+
# RulesetCompilationError is thrown when the code fails to compile
|
|
15
|
+
# the predefined rulesets
|
|
16
|
+
RulesetCompilationError = Class.new(StandardError)
|
|
17
|
+
|
|
10
18
|
# file path where the secrets ruleset file is located
|
|
11
19
|
RULESET_FILE_PATH = File.expand_path('secret_push_protection_rules.toml', __dir__)
|
|
12
20
|
|
|
@@ -21,6 +29,15 @@ module Gitlab
|
|
|
21
29
|
@rule_data = parse_ruleset
|
|
22
30
|
end
|
|
23
31
|
|
|
32
|
+
def extract_ruleset_version
|
|
33
|
+
@ruleset_version ||= if File.readable?(RULESET_FILE_PATH)
|
|
34
|
+
first_line = File.open(RULESET_FILE_PATH, &:gets)
|
|
35
|
+
first_line&.split(":")&.[](1)&.strip
|
|
36
|
+
end
|
|
37
|
+
rescue StandardError => e
|
|
38
|
+
logger.error(message: "Failed to extract Secret Detection Ruleset version from ruleset file: #{e.message}")
|
|
39
|
+
end
|
|
40
|
+
|
|
24
41
|
private
|
|
25
42
|
|
|
26
43
|
attr_reader :path, :logger
|
|
@@ -44,15 +61,6 @@ module Gitlab
|
|
|
44
61
|
logger.error(message: "Failed to parse local secret detection ruleset: #{e.message}")
|
|
45
62
|
raise Core::Scanner::RulesetParseError, e
|
|
46
63
|
end
|
|
47
|
-
|
|
48
|
-
def extract_ruleset_version
|
|
49
|
-
@ruleset_version ||= if File.readable?(RULESET_FILE_PATH)
|
|
50
|
-
first_line = File.open(RULESET_FILE_PATH, &:gets)
|
|
51
|
-
first_line&.split(":")&.[](1)&.strip
|
|
52
|
-
end
|
|
53
|
-
rescue StandardError => e
|
|
54
|
-
logger.error(message: "Failed to extract Secret Detection Ruleset version from ruleset file: #{e.message}")
|
|
55
|
-
end
|
|
56
64
|
end
|
|
57
65
|
end
|
|
58
66
|
end
|
|
@@ -11,14 +11,6 @@ module Gitlab
|
|
|
11
11
|
module Core
|
|
12
12
|
# Scan is responsible for running Secret Detection scan operation
|
|
13
13
|
class Scanner
|
|
14
|
-
# RulesetParseError is thrown when the code fails to parse the
|
|
15
|
-
# ruleset file from the given path
|
|
16
|
-
RulesetParseError = Class.new(StandardError)
|
|
17
|
-
|
|
18
|
-
# RulesetCompilationError is thrown when the code fails to compile
|
|
19
|
-
# the predefined rulesets
|
|
20
|
-
RulesetCompilationError = Class.new(StandardError)
|
|
21
|
-
|
|
22
14
|
# default time limit(in seconds) for running the scan operation per invocation
|
|
23
15
|
DEFAULT_SCAN_TIMEOUT_SECS = 180 # 3 minutes
|
|
24
16
|
# default time limit(in seconds) for running the scan operation on a single payload
|
|
@@ -91,7 +83,6 @@ module Gitlab
|
|
|
91
83
|
tags: DEFAULT_PATTERN_MATCHER_TAGS,
|
|
92
84
|
subprocess: RUN_IN_SUBPROCESS
|
|
93
85
|
)
|
|
94
|
-
|
|
95
86
|
return Core::Response.new(status: Core::Status::INPUT_ERROR) unless validate_scan_input(payloads)
|
|
96
87
|
|
|
97
88
|
# assign defaults since grpc passing zero timeout value to `Timeout.timeout(..)` makes it effectively useless.
|
|
@@ -184,7 +175,7 @@ module Gitlab
|
|
|
184
175
|
unless matcher.compile
|
|
185
176
|
logger.error "Failed to compile secret detection ruleset in RE::Set"
|
|
186
177
|
|
|
187
|
-
raise RulesetCompilationError
|
|
178
|
+
raise Core::Ruleset::RulesetCompilationError
|
|
188
179
|
end
|
|
189
180
|
|
|
190
181
|
matcher
|
|
@@ -300,7 +291,7 @@ module Gitlab
|
|
|
300
291
|
findings
|
|
301
292
|
end
|
|
302
293
|
rescue Timeout::Error => e
|
|
303
|
-
logger.
|
|
294
|
+
logger.warn "Secret Detection scan timed out on the payload(id:#{payload.id}): #{e}"
|
|
304
295
|
|
|
305
296
|
Core::Finding.new(payload.id,
|
|
306
297
|
Core::Status::PAYLOAD_TIMEOUT)
|
|
@@ -342,7 +333,7 @@ module Gitlab
|
|
|
342
333
|
findings
|
|
343
334
|
end
|
|
344
335
|
rescue Timeout::Error => e
|
|
345
|
-
logger.
|
|
336
|
+
logger.warn "Secret Detection scan timed out on the payload(id:#{payload.id}): #{e}"
|
|
346
337
|
|
|
347
338
|
Core::Finding.new(payload.id, Core::Status::PAYLOAD_TIMEOUT)
|
|
348
339
|
end
|
|
@@ -5,6 +5,8 @@ module Gitlab
|
|
|
5
5
|
module Core
|
|
6
6
|
# All the possible statuses emitted by the scan operation
|
|
7
7
|
class Status
|
|
8
|
+
# These values must stay in-sync with the GRPC::ScanResponse::Status values
|
|
9
|
+
UNSPECIFIED = 0 # to match the GRPC::Status values
|
|
8
10
|
FOUND = 1 # When scan operation completes with one or more findings
|
|
9
11
|
FOUND_WITH_ERRORS = 2 # When scan operation completes with one or more findings along with some errors
|
|
10
12
|
SCAN_TIMEOUT = 3 # When the scan operation runs beyond given time out
|
|
@@ -13,6 +15,38 @@ module Gitlab
|
|
|
13
15
|
INPUT_ERROR = 6 # When the scan operation fails due to invalid input
|
|
14
16
|
NOT_FOUND = 7 # When scan operation completes with zero findings
|
|
15
17
|
AUTH_ERROR = 8 # When authentication fails
|
|
18
|
+
|
|
19
|
+
# Maps values to constants
|
|
20
|
+
@values_map = {}
|
|
21
|
+
|
|
22
|
+
# Using class instance variables and singleton methods
|
|
23
|
+
class << self
|
|
24
|
+
attr_reader :values_map
|
|
25
|
+
|
|
26
|
+
# Register constants and their values in the map
|
|
27
|
+
def const_set(name, value)
|
|
28
|
+
const = super
|
|
29
|
+
@values_map[value] = name
|
|
30
|
+
const
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# Look up a constant by its value
|
|
34
|
+
def find_by_value(value)
|
|
35
|
+
const_name = @values_map[value]
|
|
36
|
+
const_name ? const_get(const_name) : nil
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
# Get the name of a constant by its value
|
|
40
|
+
def name_by_value(value)
|
|
41
|
+
@values_map[value]
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
# Initialize the values map with existing constants
|
|
46
|
+
constants.each do |const_name|
|
|
47
|
+
const_value = const_get(const_name)
|
|
48
|
+
@values_map[const_value] = const_name
|
|
49
|
+
end
|
|
16
50
|
end
|
|
17
51
|
end
|
|
18
52
|
end
|
|
@@ -36,7 +36,7 @@ module Gitlab
|
|
|
36
36
|
deadline: request_deadline
|
|
37
37
|
)
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
grpc_response
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
@@ -57,11 +57,10 @@ module Gitlab
|
|
|
57
57
|
metadata: build_metadata(auth_token, extra_headers),
|
|
58
58
|
deadline: request_deadline
|
|
59
59
|
).each do |grpc_response|
|
|
60
|
-
response = convert_to_core_response(grpc_response)
|
|
61
60
|
if block_given?
|
|
62
|
-
yield
|
|
61
|
+
yield grpc_response
|
|
63
62
|
else
|
|
64
|
-
results <<
|
|
63
|
+
results << grpc_response
|
|
65
64
|
end
|
|
66
65
|
end
|
|
67
66
|
results
|
|
@@ -131,19 +130,6 @@ module Gitlab
|
|
|
131
130
|
metadata: { message: e.details }
|
|
132
131
|
)
|
|
133
132
|
end
|
|
134
|
-
|
|
135
|
-
def convert_to_core_response(grpc_response)
|
|
136
|
-
response = grpc_response.to_h
|
|
137
|
-
|
|
138
|
-
SecretDetection::Core::Response.new(
|
|
139
|
-
status: response[:status],
|
|
140
|
-
results: response[:results],
|
|
141
|
-
metadata: response[:metadata]
|
|
142
|
-
)
|
|
143
|
-
rescue StandardError => e
|
|
144
|
-
@logger.error("Failed to convert to core response: #{e}")
|
|
145
|
-
SecretDetection::Core::Response.new(status: SecretDetection::Core::Status::SCAN_ERROR)
|
|
146
|
-
end
|
|
147
133
|
end
|
|
148
134
|
end
|
|
149
135
|
end
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
require 'google/protobuf'
|
|
6
6
|
|
|
7
7
|
|
|
8
|
-
descriptor_data = "\n\x16secret_detection.proto\x12\x17gitlab.secret_detection\"Z\n\tExclusion\x12>\n\x0e\x65xclusion_type\x18\x01 \x01(\x0e\x32&.gitlab.secret_detection.ExclusionType\x12\r\n\x05value\x18\x02 \x01(\t\"\xc0\x02\n\x0bScanRequest\x12>\n\x08payloads\x18\x01 \x03(\x0b\x32,.gitlab.secret_detection.ScanRequest.Payload\x12\x19\n\x0ctimeout_secs\x18\x02 \x01(\x02H\x00\x88\x01\x01\x12!\n\x14payload_timeout_secs\x18\x03 \x01(\x02H\x01\x88\x01\x01\x12\x36\n\nexclusions\x18\x04 \x03(\x0b\x32\".gitlab.secret_detection.Exclusion\x12\x0c\n\x04tags\x18\x05 \x03(\t\x1a\x43\n\x07Payload\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x02 \x01(\t\x12\x13\n\x06offset\x18\x03 \x01(\x05H\x00\x88\x01\x01\x42\t\n\x07_offsetB\x0f\n\r_timeout_secsB\x17\n\x15_payload_timeout_secs\"\xa2\x04\n\x0cScanResponse\x12>\n\x07results\x18\x01 \x03(\x0b\x32-.gitlab.secret_detection.ScanResponse.Finding\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12>\n\x12\x61pplied_exclusions\x18\x03 \x03(\x0b\x32\".gitlab.secret_detection.Exclusion\x1a\x9d\x01\n\x07\x46inding\x12\x12\n\npayload_id\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12\x11\n\x04type\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x12\x18\n\x0bline_number\x18\x05 \x01(\x05H\x02\x88\x01\x01\x42\x07\n\x05_typeB\x0e\n\x0c_descriptionB\x0e\n\x0c_line_number\"\xe1\x01\n\x06Status\x12\x16\n\x12STATUS_UNSPECIFIED\x10\x00\x12\x10\n\x0cSTATUS_FOUND\x10\x01\x12\x1c\n\x18STATUS_FOUND_WITH_ERRORS\x10\x02\x12\x17\n\x13STATUS_SCAN_TIMEOUT\x10\x03\x12\x1a\n\x16STATUS_PAYLOAD_TIMEOUT\x10\x04\x12\x15\n\x11STATUS_SCAN_ERROR\x10\x05\x12\x16\n\x12STATUS_INPUT_ERROR\x10\x06\x12\x14\n\x10STATUS_NOT_FOUND\x10\x07\x12\x15\n\x11STATUS_AUTH_ERROR\x10\x08*\
|
|
8
|
+
descriptor_data = "\n\x16secret_detection.proto\x12\x17gitlab.secret_detection\"Z\n\tExclusion\x12>\n\x0e\x65xclusion_type\x18\x01 \x01(\x0e\x32&.gitlab.secret_detection.ExclusionType\x12\r\n\x05value\x18\x02 \x01(\t\"\xc0\x02\n\x0bScanRequest\x12>\n\x08payloads\x18\x01 \x03(\x0b\x32,.gitlab.secret_detection.ScanRequest.Payload\x12\x19\n\x0ctimeout_secs\x18\x02 \x01(\x02H\x00\x88\x01\x01\x12!\n\x14payload_timeout_secs\x18\x03 \x01(\x02H\x01\x88\x01\x01\x12\x36\n\nexclusions\x18\x04 \x03(\x0b\x32\".gitlab.secret_detection.Exclusion\x12\x0c\n\x04tags\x18\x05 \x03(\t\x1a\x43\n\x07Payload\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x02 \x01(\t\x12\x13\n\x06offset\x18\x03 \x01(\x05H\x00\x88\x01\x01\x42\t\n\x07_offsetB\x0f\n\r_timeout_secsB\x17\n\x15_payload_timeout_secs\"\xa2\x04\n\x0cScanResponse\x12>\n\x07results\x18\x01 \x03(\x0b\x32-.gitlab.secret_detection.ScanResponse.Finding\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12>\n\x12\x61pplied_exclusions\x18\x03 \x03(\x0b\x32\".gitlab.secret_detection.Exclusion\x1a\x9d\x01\n\x07\x46inding\x12\x12\n\npayload_id\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12\x11\n\x04type\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x12\x18\n\x0bline_number\x18\x05 \x01(\x05H\x02\x88\x01\x01\x42\x07\n\x05_typeB\x0e\n\x0c_descriptionB\x0e\n\x0c_line_number\"\xe1\x01\n\x06Status\x12\x16\n\x12STATUS_UNSPECIFIED\x10\x00\x12\x10\n\x0cSTATUS_FOUND\x10\x01\x12\x1c\n\x18STATUS_FOUND_WITH_ERRORS\x10\x02\x12\x17\n\x13STATUS_SCAN_TIMEOUT\x10\x03\x12\x1a\n\x16STATUS_PAYLOAD_TIMEOUT\x10\x04\x12\x15\n\x11STATUS_SCAN_ERROR\x10\x05\x12\x16\n\x12STATUS_INPUT_ERROR\x10\x06\x12\x14\n\x10STATUS_NOT_FOUND\x10\x07\x12\x15\n\x11STATUS_AUTH_ERROR\x10\x08*\xa1\x01\n\rExclusionType\x12\x1e\n\x1a\x45XCLUSION_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x45XCLUSION_TYPE_RULE\x10\x01\x12\x1c\n\x18\x45XCLUSION_TYPE_RAW_VALUE\x10\x02\x12\x17\n\x13\x45XCLUSION_TYPE_PATH\x10\x03\x12 \n\x1c\x45XCLUSION_TYPE_REGEX_PATTERN\x10\x04\x32\xc1\x01\n\x07Scanner\x12U\n\x04Scan\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00\x12_\n\nScanStream\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00(\x01\x30\x01\x42 \xea\x02\x1dGitlab::SecretDetection::GRPCb\x06proto3"
|
|
9
9
|
|
|
10
10
|
pool = Google::Protobuf::DescriptorPool.generated_pool
|
|
11
11
|
pool.add_serialized_file(descriptor_data)
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'sentry-ruby'
|
|
4
|
+
|
|
5
|
+
require_relative '../../../../lib/gitlab/secret_detection/core/ruleset'
|
|
6
|
+
|
|
7
|
+
module Gitlab
|
|
8
|
+
module SecretDetection
|
|
9
|
+
module GRPC
|
|
10
|
+
module IntegratedErrorTracking
|
|
11
|
+
extend self
|
|
12
|
+
|
|
13
|
+
def track_exception(exception, args = {})
|
|
14
|
+
unless Sentry.initialized?
|
|
15
|
+
logger.warn(message: "Cannot track exception in Error Tracking as Sentry is not initialized")
|
|
16
|
+
return
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
args[:ruleset_version] = ruleset_version
|
|
20
|
+
|
|
21
|
+
Sentry.capture_exception(exception, **args)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def setup(logger: Logger.new($stdout))
|
|
25
|
+
if Sentry.initialized?
|
|
26
|
+
logger.warn(message: "Sentry is already initialized, skipping re-setup")
|
|
27
|
+
return
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
logger.info(message: "Initializing Sentry SDK for Integrated Error Tracking..")
|
|
31
|
+
|
|
32
|
+
unless can_setup_sentry?
|
|
33
|
+
logger.warn(message: "Integrated Error Tracking not available, skipping Sentry SDK initialization")
|
|
34
|
+
return false
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
Sentry.init do |config|
|
|
38
|
+
config.dsn = ENV.fetch('SD_TRACKING_DSN')
|
|
39
|
+
config.environment = ENV.fetch('SD_ENV')
|
|
40
|
+
config.release = Gitlab::SecretDetection::Gem::VERSION
|
|
41
|
+
config.send_default_pii = true
|
|
42
|
+
config.send_modules = false
|
|
43
|
+
config.traces_sample_rate = 0.2 if ENV.fetch('ENABLE_SENTRY_PERFORMANCE_MONITORING', 'false') == 'true'
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
Sentry.set_context('ruleset', { version: ruleset_version })
|
|
47
|
+
|
|
48
|
+
true
|
|
49
|
+
rescue StandardError => e
|
|
50
|
+
logger.error(message: "Failed to initialize Sentry SDK for Integrated Error Tracking: #{e}")
|
|
51
|
+
raise e
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def ruleset_version
|
|
55
|
+
@ruleset_version ||= Gitlab::SecretDetection::Core::Ruleset.new.extract_ruleset_version || 'unknown'
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def can_setup_sentry?
|
|
59
|
+
ENV.fetch('SD_ENV', '') == 'production' && ENV.fetch('SD_TRACKING_DSN', '') != ''
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
@@ -32,6 +32,7 @@ module Gitlab
|
|
|
32
32
|
module GRPC
|
|
33
33
|
class ScannerService < Scanner::Service
|
|
34
34
|
include SDLogger
|
|
35
|
+
include IntegratedErrorTracking
|
|
35
36
|
|
|
36
37
|
# Maximum timeout value that can be given as the input. This guards
|
|
37
38
|
# against the misuse of timeouts.
|
|
@@ -100,8 +101,8 @@ module Gitlab
|
|
|
100
101
|
payload_timeout: request.payload_timeout_secs
|
|
101
102
|
)
|
|
102
103
|
rescue StandardError => e
|
|
103
|
-
logger.error(message: "Failed to run the secret detection scan", exception: e)
|
|
104
|
-
|
|
104
|
+
logger.error(message: "Failed to run the secret detection scan", exception: e.message)
|
|
105
|
+
track_exception(e)
|
|
105
106
|
raise ::GRPC::Unknown, e.message
|
|
106
107
|
end
|
|
107
108
|
|
|
@@ -8,7 +8,7 @@ module Gitlab
|
|
|
8
8
|
# https://gitlab.com/gitlab-org/gitlab/-/issues/514015
|
|
9
9
|
#
|
|
10
10
|
# Ensure to maintain the same version in CHANGELOG file.
|
|
11
|
-
VERSION = "0.
|
|
11
|
+
VERSION = "0.20.1"
|
|
12
12
|
|
|
13
13
|
# SD_ENV env var is used to determine which environment the
|
|
14
14
|
# server is running. This var is defined in `.runway/env-<env>.yml` files.
|
|
@@ -18,6 +18,7 @@ enum ExclusionType {
|
|
|
18
18
|
EXCLUSION_TYPE_RULE = 1; // Rule ID to exclude
|
|
19
19
|
EXCLUSION_TYPE_RAW_VALUE = 2; // Raw value to exclude
|
|
20
20
|
EXCLUSION_TYPE_PATH = 3; // Specific file path to exclude
|
|
21
|
+
EXCLUSION_TYPE_REGEX_PATTERN = 4; // Regular expression to exclude
|
|
21
22
|
}
|
|
22
23
|
|
|
23
24
|
/* Request arg for triggering Scan/ScanStream method */
|
|
@@ -40,6 +41,7 @@ message ScanRequest {
|
|
|
40
41
|
}
|
|
41
42
|
|
|
42
43
|
/* Response from Scan/ScanStream method */
|
|
44
|
+
/* Any changes to these definitions must be matched by changes in the Core classes that correspond to them */
|
|
43
45
|
message ScanResponse {
|
|
44
46
|
// Represents a secret finding identified within a payload
|
|
45
47
|
message Finding {
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gitlab-secret_detection
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.20.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- group::secret detection
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2025-
|
|
13
|
+
date: 2025-03-06 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: grpc
|
|
@@ -82,6 +82,34 @@ dependencies:
|
|
|
82
82
|
- - "~>"
|
|
83
83
|
- !ruby/object:Gem::Version
|
|
84
84
|
version: '2.7'
|
|
85
|
+
- !ruby/object:Gem::Dependency
|
|
86
|
+
name: sentry-ruby
|
|
87
|
+
requirement: !ruby/object:Gem::Requirement
|
|
88
|
+
requirements:
|
|
89
|
+
- - "~>"
|
|
90
|
+
- !ruby/object:Gem::Version
|
|
91
|
+
version: '5.22'
|
|
92
|
+
type: :runtime
|
|
93
|
+
prerelease: false
|
|
94
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
95
|
+
requirements:
|
|
96
|
+
- - "~>"
|
|
97
|
+
- !ruby/object:Gem::Version
|
|
98
|
+
version: '5.22'
|
|
99
|
+
- !ruby/object:Gem::Dependency
|
|
100
|
+
name: stackprof
|
|
101
|
+
requirement: !ruby/object:Gem::Requirement
|
|
102
|
+
requirements:
|
|
103
|
+
- - "~>"
|
|
104
|
+
- !ruby/object:Gem::Version
|
|
105
|
+
version: 0.2.27
|
|
106
|
+
type: :runtime
|
|
107
|
+
prerelease: false
|
|
108
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
109
|
+
requirements:
|
|
110
|
+
- - "~>"
|
|
111
|
+
- !ruby/object:Gem::Version
|
|
112
|
+
version: 0.2.27
|
|
85
113
|
- !ruby/object:Gem::Dependency
|
|
86
114
|
name: toml-rb
|
|
87
115
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -124,6 +152,7 @@ files:
|
|
|
124
152
|
- lib/gitlab/secret_detection/grpc/generated/.gitkeep
|
|
125
153
|
- lib/gitlab/secret_detection/grpc/generated/secret_detection_pb.rb
|
|
126
154
|
- lib/gitlab/secret_detection/grpc/generated/secret_detection_services_pb.rb
|
|
155
|
+
- lib/gitlab/secret_detection/grpc/integrated_error_tracking.rb
|
|
127
156
|
- lib/gitlab/secret_detection/grpc/scanner_service.rb
|
|
128
157
|
- lib/gitlab/secret_detection/utils.rb
|
|
129
158
|
- lib/gitlab/secret_detection/utils/certificate.rb
|