RubyGems - redacting-logger - Versions diffs - 1.3.0 → 1.3.1 - Mend

redacting-logger 1.3.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3c76a62b3a392ffed1d7acaa5a7424da0e102c3cc1ac896eeb7dadddce190d85
-  data.tar.gz: 3cc59892d6f578d19cd692b8519d5cf02b87c2b0ed4a90eb3ceda531336f0cdf
+  metadata.gz: 103a53e496f8efc3d6d21fa37c07a773f9f36c2f879a6a07fd0cb8daa3e0db90
+  data.tar.gz: 5494118743b74310aae14aab0d3c3b8ba6a2b963f88eff7a60171d4a663af436
 SHA512:
-  metadata.gz: 61c3de5c07fb32d422adef7271a229bd7f8407a214813cd78b4565e36461b13d55c508f627f8e525ec38b88c6c1f4140549275a711773795443c3f472a7aba1d
-  data.tar.gz: 8bf4068d8dd282df64058d1d5cb4578005a5d56a2aad0dcddc0796dc198de304388e18e046fa8b6a9b6f1ca73586e37090ea1a2e949e9e56f92a3be5b8a0a62d
+  metadata.gz: 44f56e1658d46788b23124064d30d7efba075c000757494a1e6f4710fe1b278be22c51a99f1bbb14c3cbad87c9a919fabcac289dd558df1d2b4c9c6a5a51ed85
+  data.tar.gz: 4f414b31538ae5e6863f096eaf298b43dae339d87b1ac7b2ea4029e8d58c50205e5d9b0e300b15732cda03c2e179d4058a96d4f65f64567fc629a9092c444e2a

data/lib/patterns/default.rb CHANGED Viewed

@@ -1,18 +1,52 @@
 # frozen_string_literal: true
 # This module contains the default patterns to redact.
+# These patterns are sourced from different places on the internet, some came from https://github.com/l4yton/RegHex
 module Patterns
   DEFAULT = [
-    /ghp_[A-Za-z0-9]{36,}|[0-9A-Fa-f]{40,}/, # GitHub Personal Access Token
-    /github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/, # GitHub Personal Access Token (fine-grained)
-    /ghs_[a-zA-Z0-9]{36}/, # Temporary GitHub Actions Tokens
-    %r{\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/\\_-]{17,}\.(?:[a-zA-Z0-9/\\_-]{10,}={0,2})?)(?:['|"|\n|\r|\s|\x60|;]|$)}, # JWT tokens
-    /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/, # private keys
-    %r{https://hooks\.slack\.com/services/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{24}}, # Slack webhook
-    %r{https://hooks\.slack\.com/workflows/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[0-9]+?/[a-zA-Z0-9]{24}}, # Slack workflow
-    /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})|xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/, # Slack tokens
-    /[sbr]\.[a-zA-Z0-9]{24,}/, # vault token for 1.9.x or earlier
-    /hv[sbr]\.[a-zA-Z0-9]{24,}/, # vault token for 1.10 and later
-    /rubygems_[0-9a-f]{48}/ # RubyGems token
+    # GitHub Personal Access Token
+    # https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
+    /ghp_[A-Za-z0-9]{36,}|[0-9A-Fa-f]{40,}/,
+    /github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/, # Fine Grained
+    /ghs_[a-zA-Z0-9]{36}/, # Temporary Actions Tokens
+    # JWT Token
+    # https://en.wikipedia.org/wiki/JSON_Web_Token
+    %r{\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/\\_-]{17,}\.(?:[a-zA-Z0-9/\\_-]{10,}={0,2})?)(?:['|"|\n|\r|\s|\x60|;]|$)},
+    # PEM Private Keys
+    # https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail
+    /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/,
+    # Slack Webhook
+    # https://api.slack.com/messaging/webhooks
+    %r{https://hooks\.slack\.com/services/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{24}},
+    # Slack Workflows
+    %r{https://hooks\.slack\.com/workflows/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[0-9]+?/[a-zA-Z0-9]{24}},
+    # Slack Trigger
+    # https://slack.com/help/articles/360041352714-Build-a-workflow--Create-a-workflow-that-starts-outside-of-Slack
+    %r{https://hooks\.slack\.com/triggers/.+},
+    # Slack Tokens
+    # https://api.slack.com/authentication/token-types
+    /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})/,
+    /xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/,
+    /xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})/,
+    /xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})/,
+    /xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/,
+    /xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})/,
+    /xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})/,
+    /xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/,
+    # Vault Tokens
+    # https://github.com/hashicorp/vault/issues/27151
+    /[sbr]\.[a-zA-Z0-9]{24,}/,   # <= 1.9.x
+    /hv[sbr]\.[a-zA-Z0-9]{24,}/, # >= 1.10
+    # RubyGems Token
+    # https://guides.rubygems.org/api-key-scopes/
+    /rubygems_[0-9a-f]{48}/
   ].freeze
 end

data/lib/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module RedactingLogger
   module Version
-    VERSION = "1.3.0"
+    VERSION = "1.3.1"
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: redacting-logger
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - GitHub
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-20 00:00:00.000000000 Z
+date: 2024-05-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logger