RubyGems - sealights-rspec-agent - Versions diffs - 2.0.4 → 2.0.5 - Mend

sealights-rspec-agent 2.0.4 → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

data/agent/dependencies/jwt-2.2.1/lib/jwt/error.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+module SL_JWT
+  EncodeError             = Class.new(StandardError)
+  DecodeError             = Class.new(StandardError)
+  RequiredDependencyError = Class.new(StandardError)
+  VerificationError  = Class.new(DecodeError)
+  ExpiredSignature   = Class.new(DecodeError)
+  IncorrectAlgorithm = Class.new(DecodeError)
+  ImmatureSignature  = Class.new(DecodeError)
+  InvalidIssuerError = Class.new(DecodeError)
+  InvalidIatError    = Class.new(DecodeError)
+  InvalidAudError    = Class.new(DecodeError)
+  InvalidSubError    = Class.new(DecodeError)
+  InvalidJtiError    = Class.new(DecodeError)
+  InvalidPayload     = Class.new(DecodeError)
+  JWKError           = Class.new(DecodeError)
+end

data/agent/dependencies/jwt-2.2.1/lib/jwt/json.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+require 'json'
+module SL_JWT
+  # JSON wrapper
+  class JSON
+    class << self
+      def generate(data)
+        ::JSON.generate(data)
+      end
+      def parse(data)
+        ::JSON.parse(data)
+      end
+    end
+  end
+end

data/agent/dependencies/jwt-2.2.1/lib/jwt/jwk.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+require_relative 'jwk/rsa'
+require_relative 'jwk/key_finder'
+module SL_JWT
+  module JWK
+    MAPPINGS = {
+      'RSA' => ::SL_JWT::JWK::RSA,
+      OpenSSL::PKey::RSA => ::SL_JWT::JWK::RSA
+    }.freeze
+    class << self
+      def import(jwk_data)
+        raise SL_JWT::JWKError, 'Key type (kty) not provided' unless jwk_data[:kty]
+        MAPPINGS.fetch(jwk_data[:kty].to_s) do |kty|
+          raise SL_JWT::JWKError, "Key type #{kty} not supported"
+        end.import(jwk_data)
+      end
+      def create_from(keypair)
+        MAPPINGS.fetch(keypair.class) do |klass|
+          raise SL_JWT::JWKError, "Cannot create JWK from a #{klass.name}"
+        end.new(keypair)
+      end
+      alias new create_from
+    end
+  end
+end

data/agent/dependencies/jwt-2.2.1/lib/jwt/jwk/key_finder.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+module SL_JWT
+  module JWK
+    class KeyFinder
+      def initialize(options)
+        jwks_or_loader = options[:jwks]
+        @jwks          = jwks_or_loader if jwks_or_loader.is_a?(Hash)
+        @jwk_loader    = jwks_or_loader if jwks_or_loader.respond_to?(:call)
+      end
+      def key_for(kid)
+        raise ::SL_JWT::DecodeError, 'No key id (kid) found from token headers' unless kid
+        jwk = resolve_key(kid)
+        raise ::SL_JWT::DecodeError, "Could not find public key for kid #{kid}" unless jwk
+        ::SL_JWT::JWK.import(jwk).keypair
+      end
+      private
+      def resolve_key(kid)
+        jwk = find_key(kid)
+        return jwk if jwk
+        if reloadable?
+          load_keys(invalidate: true)
+          return find_key(kid)
+        end
+        nil
+      end
+      def jwks
+        return @jwks if @jwks
+        load_keys
+        @jwks
+      end
+      def load_keys(opts = {})
+        @jwks = @jwk_loader.call(opts)
+      end
+      def find_key(kid)
+        Array(jwks[:keys]).find { |key| key[:kid] == kid }
+      end
+      def reloadable?
+        @jwk_loader
+      end
+    end
+  end
+end

data/agent/dependencies/jwt-2.2.1/lib/jwt/jwk/rsa.rb ADDED Viewed

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+require 'forwardable'
+module SL_JWT
+  module JWK
+    class RSA
+      extend Forwardable
+      attr_reader :keypair
+      def_delegators :keypair, :private?, :public_key
+      BINARY = 2
+      KTY    = 'RSA'.freeze
+      def initialize(keypair)
+        raise ArgumentError, 'keypair must be of type OpenSSL::PKey::RSA' unless keypair.is_a?(OpenSSL::PKey::RSA)
+        @keypair = keypair
+      end
+      def kid
+        sequence = OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer.new(public_key.n),
+                                            OpenSSL::ASN1::Integer.new(public_key.e)])
+        OpenSSL::Digest::SHA256.hexdigest(sequence.to_der)
+      end
+      def export
+        {
+          kty: KTY,
+          n: ::Base64.urlsafe_encode64(public_key.n.to_s(BINARY), padding: false),
+          e: ::Base64.urlsafe_encode64(public_key.e.to_s(BINARY), padding: false),
+          kid: kid
+        }
+      end
+      def self.import(jwk_data)
+        imported_key = OpenSSL::PKey::RSA.new
+        imported_key.set_key(OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:n]), BINARY),
+          OpenSSL::BN.new(::Base64.urlsafe_decode64(jwk_data[:e]), BINARY),
+          nil)
+        self.new(imported_key)
+      end
+    end
+  end
+end

data/agent/dependencies/jwt-2.2.1/lib/jwt/security_utils.rb ADDED Viewed

@@ -0,0 +1,57 @@
+module SL_JWT
+  # Collection of security methods
+  #
+  # @see: https://github.com/rails/rails/blob/master/activesupport/lib/active_support/security_utils.rb
+  module SecurityUtils
+    module_function
+    def secure_compare(left, right)
+      left_bytesize = left.bytesize
+      return false unless left_bytesize == right.bytesize
+      unpacked_left = left.unpack "C#{left_bytesize}"
+      result = 0
+      right.each_byte { |byte| result |= byte ^ unpacked_left.shift }
+      result.zero?
+    end
+    def verify_rsa(algorithm, public_key, signing_input, signature)
+      public_key.verify(OpenSSL::Digest.new(algorithm.sub('RS', 'sha')), signature, signing_input)
+    end
+    def verify_ps(algorithm, public_key, signing_input, signature)
+      formatted_algorithm = algorithm.sub('PS', 'sha')
+      public_key.verify_pss(formatted_algorithm, signature, signing_input, salt_length: :auto, mgf1_hash: formatted_algorithm)
+    end
+    def asn1_to_raw(signature, public_key)
+      byte_size = (public_key.group.degree + 7) / 8
+      OpenSSL::ASN1.decode(signature).value.map { |value| value.value.to_s(2).rjust(byte_size, "\x00") }.join
+    end
+    def raw_to_asn1(signature, private_key)
+      byte_size = (private_key.group.degree + 7) / 8
+      sig_bytes = signature[0..(byte_size - 1)]
+      sig_char = signature[byte_size..-1] || ''
+      OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+    end
+    def rbnacl_fixup(algorithm, key)
+      algorithm = algorithm.sub('HS', 'SHA').to_sym
+      return [] unless defined?(RbNaCl) && RbNaCl::HMAC.constants(false).include?(algorithm)
+      authenticator = RbNaCl::HMAC.const_get(algorithm)
+      # Fall back to OpenSSL for keys larger than 32 bytes.
+      return [] if key.bytesize > authenticator.key_bytes
+      [
+        authenticator,
+        key.bytes.fill(0, key.bytesize...authenticator.key_bytes).pack('C*')
+      ]
+    end
+  end
+end

data/agent/dependencies/jwt-2.2.1/lib/jwt/signature.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+require_relative './security_utils'
+require 'openssl'
+require_relative './algos/hmac'
+require_relative './algos/eddsa'
+require_relative './algos/ecdsa'
+require_relative './algos/rsa'
+require_relative './algos/ps'
+require_relative './algos/unsupported'
+begin
+  require 'rbnacl'
+rescue LoadError
+  raise if defined?(RbNaCl)
+end
+# JWT::Signature module
+module SL_JWT
+  # Signature logic for JWT
+  module Signature
+    extend self
+    ALGOS = [
+      Algos::Hmac,
+      Algos::Ecdsa,
+      Algos::Rsa,
+      Algos::Eddsa,
+      Algos::Ps,
+      Algos::Unsupported
+    ].freeze
+    ToSign = Struct.new(:algorithm, :msg, :key)
+    ToVerify = Struct.new(:algorithm, :public_key, :signing_input, :signature)
+    def sign(algorithm, msg, key)
+      algo = ALGOS.find do |alg|
+        alg.const_get(:SUPPORTED).include? algorithm
+      end
+      algo.sign ToSign.new(algorithm, msg, key)
+    end
+    def verify(algorithm, key, signing_input, signature)
+      algo = ALGOS.find do |alg|
+        alg.const_get(:SUPPORTED).include? algorithm
+      end
+      verified = algo.verify(ToVerify.new(algorithm, key, signing_input, signature))
+      raise(SL_JWT::VerificationError, 'Signature verification raised') unless verified
+    rescue OpenSSL::PKey::PKeyError
+      raise SL_JWT::VerificationError, 'Signature verification raised'
+    ensure
+      OpenSSL.errors.clear
+    end
+  end
+end

data/agent/dependencies/jwt-2.2.1/lib/jwt/verify.rb ADDED Viewed

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+require_relative './error'
+module SL_JWT
+  # JWT verify methods
+  class Verify
+    DEFAULTS = {
+      leeway: 0
+    }.freeze
+    class << self
+      %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub].each do |method_name|
+        define_method method_name do |payload, options|
+          new(payload, options).send(method_name)
+        end
+      end
+      def verify_claims(payload, options)
+        options.each do |key, val|
+          next unless key.to_s =~ /verify/
+          Verify.send(key, payload, options) if val
+        end
+      end
+    end
+    def initialize(payload, options)
+      @payload = payload
+      @options = DEFAULTS.merge(options)
+    end
+    def verify_aud
+      return unless (options_aud = @options[:aud])
+      aud = @payload['aud']
+      raise(SL_JWT::InvalidAudError, "Invalid audience. Expected #{options_aud}, received #{aud || '<none>'}") if ([*aud] & [*options_aud]).empty?
+    end
+    def verify_expiration
+      return unless @payload.include?('exp')
+      raise(SL_JWT::ExpiredSignature, 'Signature has expired') if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway)
+    end
+    def verify_iat
+      return unless @payload.include?('iat')
+      iat = @payload['iat']
+      raise(SL_JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f
+    end
+    def verify_iss
+      return unless (options_iss = @options[:iss])
+      iss = @payload['iss']
+      return if Array(options_iss).map(&:to_s).include?(iss.to_s)
+      raise(SL_JWT::InvalidIssuerError, "Invalid issuer. Expected #{options_iss}, received #{iss || '<none>'}")
+    end
+    def verify_jti
+      options_verify_jti = @options[:verify_jti]
+      jti = @payload['jti']
+      if options_verify_jti.respond_to?(:call)
+        verified = options_verify_jti.arity == 2 ? options_verify_jti.call(jti, @payload) : options_verify_jti.call(jti)
+        raise(SL_JWT::InvalidJtiError, 'Invalid jti') unless verified
+      elsif jti.to_s.strip.empty?
+        raise(SL_JWT::InvalidJtiError, 'Missing jti')
+      end
+    end
+    def verify_not_before
+      return unless @payload.include?('nbf')
+      raise(SL_JWT::ImmatureSignature, 'Signature nbf has not been reached') if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway)
+    end
+    def verify_sub
+      return unless (options_sub = @options[:sub])
+      sub = @payload['sub']
+      raise(SL_JWT::InvalidSubError, "Invalid subject. Expected #{options_sub}, received #{sub || '<none>'}") unless sub.to_s == options_sub.to_s
+    end
+    private
+    def global_leeway
+      @options[:leeway]
+    end
+    def exp_leeway
+      @options[:exp_leeway] || global_leeway
+    end
+    def nbf_leeway
+      @options[:nbf_leeway] || global_leeway
+    end
+  end
+end

data/agent/dependencies/jwt-2.2.1/lib/jwt/version.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# encoding: utf-8
+# frozen_string_literal: true
+# Moments version builder module
+module SL_JWT
+  def self.gem_version
+    Gem::Version.new VERSION::STRING
+  end
+  # Moments version builder module
+  module VERSION
+    # major version
+    MAJOR = 2
+    # minor version
+    MINOR = 2
+    # tiny version
+    TINY  = 1
+    # alpha, beta, etc. tag
+    PRE   = nil
+    # Build version string
+    STRING = [[MAJOR, MINOR, TINY].compact.join('.'), PRE].compact.join('-')
+  end
+end

data/agent/dependencies/jwt-2.2.1/ruby-jwt.gemspec ADDED Viewed

@@ -0,0 +1,34 @@
+lib = File.expand_path('../lib/', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'jwt/version'
+Gem::Specification.new do |spec|
+  spec.name = 'jwt'
+  spec.version = SL_JWT.gem_version
+  spec.authors = [
+    'Tim Rudat'
+  ]
+  spec.email = 'timrudat@gmail.com'
+  spec.summary = 'JSON Web Token implementation in Ruby'
+  spec.description = 'A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.'
+  spec.homepage = 'https://github.com/jwt/ruby-jwt'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 2.1'
+  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
+  spec.executables = []
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = %w[lib]
+  spec.add_development_dependency 'appraisal'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'simplecov-json'
+  spec.add_development_dependency 'codeclimate-test-reporter'
+  spec.add_development_dependency 'codacy-coverage'
+  spec.add_development_dependency 'rbnacl'
+  # RSASSA-PSS support provided by OpenSSL +2.1
+  spec.add_development_dependency 'openssl', '~> 2.1'
+end