shuttlerock_shared_config 0.2.27 → 0.2.32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b475019ac82d643a630e9fdd5f8c6a2f44cc3d88a05fd6f7965b3d1375f5a18
-  data.tar.gz: aff3c0239aa3b626e41f23901399c2d979541ba81fc8ab8922590f1fac617414
+  metadata.gz: f860efc08c45b143efe1269e873978274e9f2cc0b7bfa1d153503dedc8324767
+  data.tar.gz: 51a8f8d7c980b3e27604bee962eb67546e109e180270cfbfe0c12ac37dad200f
 SHA512:
-  metadata.gz: ea4945eaac94bf0c1c6163a2dcdb6584d9a01cb3e9cb78e6b7f4ec3110736a8b536828b2b41b4887b1d84e7e4f841b0e6dd4b026508eff6b27607505374532be
-  data.tar.gz: 8fa718c0d13a36390aec49882edcb2c8fb1ea9dab56a8a1e0b3ef0e7cebbb313158ab78dbaf5868f21a9c97b4244025bfa1e317f5b480dea2ac21fa763533b56
+  metadata.gz: 3b142dfb076a5f67db27dbc62faa1d5155f42915e8767c89dd6a75a019bd3bcc405459dbfdd81d94319545f8cc344cf68feac5a600a64914075d8d0b0eacc9f3
+  data.tar.gz: 1500ae49faf0bdcbca9344cb52a532d2a8e13f7660f68bd9831276d72f463a83d5c42576470bdfd08b985a05f45b4fd794d0e4c0b68159fc2a88b535139ecc6f

data/lib/shuttlerock_shared_config/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShuttlerockSharedConfig
-  VERSION = '0.2.27'
+  VERSION = '0.2.32'
 end

data/lib/tasks/tasks.rb

@@ -4,7 +4,7 @@ require 'rake'
 require 'fileutils'
 
 namespace :shuttlerock_shared_config do
-  task update: %i[update_codeclimate update_eslint update_rubocop update_stylelintrc update_dangerfile update_pull_request_template] do
+  task update: %i[update_codeclimate update_eslint update_rubocop update_stylelintrc update_dangerfile update_pull_request_template update_codecov update_gitleaks] do
   end
 
   desc 'Update .codeclimate.yml'
@@ -62,4 +62,24 @@ namespace :shuttlerock_shared_config do
     FileUtils.copy(input_path, result_dir)
     warn('Updated pull_request_template.md')
   end
+
+  desc 'Update codecov.yml'
+  task :update_codecov do
+    input_path = File.expand_path('../../lib/templates/codecov.yml', __dir__)
+    FileUtils.copy(input_path, Dir.pwd)
+    warn('Updated codecov.yml')
+  end
+
+  desc 'Update gitleaks'
+  task :update_gitleaks do
+    input_path = File.expand_path('../../lib/templates/gitleaks.yml', __dir__)
+    result_dir = Dir.pwd + '/.github/workflows'
+    FileUtils.mkdir_p(result_dir) unless File.directory?(result_dir)
+    FileUtils.copy(input_path, result_dir)
+    warn('Updated /.github/workflows/gitleaks.yml')
+
+    input_path = File.expand_path('../../lib/templates/.gitleaks.toml', __dir__)
+    FileUtils.copy(input_path, Dir.pwd)
+    warn('Updated .gitleaks.toml')
+  end
 end

data/lib/templates/.gitleaks.toml

@@ -0,0 +1,194 @@
+title = "gitleaks config"
+
+[[rules]]
+	description = "AWS Manager ID"
+	regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+	tags = ["key", "AWS"]
+
+[[rules]]
+	description = "AWS cred file info"
+	regex = '''(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'''
+	tags = ["AWS"]
+
+[[rules]]
+	description = "AWS Secret Key"
+	regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+	tags = ["key", "AWS"]
+
+[[rules]]
+	description = "AWS MWS key"
+	regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+	tags = ["key", "AWS", "MWS"]
+
+[[rules]]
+	description = "Facebook Secret Key"
+	regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
+	tags = ["key", "Facebook"]
+
+[[rules]]
+	description = "Facebook Client ID"
+	regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
+	tags = ["key", "Facebook"]
+
+[[rules]]
+	description = "Twitter Secret Key"
+	regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
+	tags = ["key", "Twitter"]
+
+[[rules]]
+	description = "Twitter Client ID"
+	regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
+	tags = ["client", "Twitter"]
+
+[[rules]]
+	description = "Github"
+	regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
+	tags = ["key", "Github"]
+
+[[rules]]
+	description = "LinkedIn Client ID"
+	regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
+	tags = ["client", "LinkedIn"]
+
+[[rules]]
+	description = "LinkedIn Secret Key"
+	regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
+	tags = ["secret", "LinkedIn"]
+
+[[rules]]
+	description = "Slack"
+	regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
+	tags = ["key", "Slack"]
+
+[[rules]]
+	description = "EC"
+	regex = '''-----BEGIN EC PRIVATE KEY-----'''
+	tags = ["key", "EC"]
+
+
+[[rules]]
+	description = "Google API key"
+	regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+	tags = ["key", "Google"]
+
+
+[[rules]]
+	description = "Heroku API key"
+	regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
+	tags = ["key", "Heroku"]
+
+[[rules]]
+	description = "MailChimp API key"
+	regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
+	tags = ["key", "Mailchimp"]
+
+[[rules]]
+	description = "Mailgun API key"
+	regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
+	tags = ["key", "Mailgun"]
+
+[[rules]]
+	description = "PayPal Braintree access token"
+	regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
+	tags = ["key", "Paypal"]
+
+[[rules]]
+	description = "Picatic API key"
+	regex = '''sk_live_[0-9a-z]{32}'''
+	tags = ["key", "Picatic"]
+
+[[rules]]
+	description = "Slack Webhook"
+	regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
+	tags = ["key", "slack"]
+
+[[rules]]
+	description = "Stripe API key"
+	regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
+	tags = ["key", "Stripe"]
+
+[[rules]]
+	description = "Square access token"
+	regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
+	tags = ["key", "square"]
+
+[[rules]]
+	description = "Square OAuth secret"
+	regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
+	tags = ["key", "square"]
+
+[[rules]]
+	description = "Twilio API key"
+	regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
+	tags = ["key", "twilio"]
+
+[[rules]]
+	description = "Env Var"
+	regex = '''(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}'''
+
+[[rules]]
+	description = "Port"
+	regex = '''(?i)port(.{0,4})?[0-9]{1,10}'''
+	[rules.allowlist]
+		regexes = ['''(?i)port ''']
+		description = "ignore export "
+
+
+
+[[rules]]
+	description = "Email"
+	regex = '''[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'''
+	tags = ["email"]
+	[rules.allowlist]
+		files = ['''(?i)bashrc''']
+		description = "ignore bashrc emails"
+
+
+[[rules]]
+	description = "Generic Credential"
+	regex = '''(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|"]([0-9a-zA-Z-_\/+!{}/=]{4,120})['|"]'''
+	tags = ["key", "API", "generic"]
+	# ignore leaks with specific identifiers like slack and aws
+	[rules.allowlist]
+		description = "ignore slack, mailchimp, aws"
+		regexes = [
+		    '''xox[baprs]-([0-9a-zA-Z]{10,48})''',
+		    '''(?i)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]''',
+		    '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+		]
+
+[[rules]]
+	description = "High Entropy"
+	regex = '''[0-9a-zA-Z-_!{}/=]{4,120}'''
+  	file = '''(?i)(dump.sql|high-entropy-misc.txt)$'''
+	tags = ["entropy"]
+    [[rules.Entropies]]
+        Min = "4.3"
+        Max = "7.0"
+    [rules.allowlist]
+        description = "ignore ssh key and pems"
+        files = ['''(pem|ppk|env)$''']
+        paths = ['''(.*)?ssh''']
+
+[[rules]]
+	description = "Potential bash var"
+	regex='''(?i)(=)([0-9a-zA-Z-_!{}=]{4,120})'''
+	tags = ["key", "bash", "API", "generic"]
+        [[rules.Entropies]]
+            Min = "3.5"
+            Max = "4.5"
+            Group = "1"
+
+[[rules]]
+	description = "WP-Config"
+	regex='''define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|"].{10,120}['|"]'''
+	tags = ["key", "API", "generic"]
+
+[[rules]]
+	description = "Files with keys and credentials"
+    file = '''(?i)(id_rsa|passwd|id_rsa.pub|pgpass|pem|key|shadow)'''
+
+# Global allowlist
+[allowlist]
+	description = "image allowlists"
+	files = ['''(.*?)(jpg|gif|doc|pdf|bin)$''']

data/lib/templates/.rubocop.yml

@@ -42,6 +42,18 @@ Layout/HashAlignment:
   #   bb: 1
   EnforcedColonStyle: table
 
+Rails/ApplicationController:
+  Enabled: true
+
+Rails/AfterCommitOverride:
+  Enabled: true
+
+Rails/SquishedSQLHeredocs:
+  Enabled: true
+
+Rails/WhereNot:
+  Enabled: true
+
 Style/Documentation:
   Enabled: false
 
@@ -74,12 +86,58 @@ Naming/MethodParameterName:
 Naming/BlockParameterName:
   MinNameLength: 2
 
+Lint/ConstantDefinitionInBlock:
+  Enabled: true
+
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+
+Lint/DuplicateRequire:
+  Enabled: true
+
+Lint/EmptyFile:
+  Enabled: true
+
+Lint/IdentityComparison:
+  Enabled: true
+
+Lint/TrailingCommaInAttributeDeclaration:
+  Enabled: true
+
+Lint/UselessMethodDefinition:
+  Enabled: true
+
+Lint/UselessTimes:
+  Enabled: true
+
+Layout/BeginEndAlignment:
+  Enabled: true
+
+Layout/EmptyLinesAroundBlockBody:
+  Enabled: false
+
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+
+Lint/MixedRegexpCaptureTypes:
+  Enabled: false
+
+#Checks method call operators to not have spaces around them.
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+
 Layout/SpaceInsideParens:
   Enabled: false
 
 Layout/SpaceBeforeFirstArg:
   Enabled: false
 
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
 Style/AccessModifierDeclarations:
   Enabled: false
 
@@ -90,15 +148,45 @@ Style/ClassAndModuleChildren:
   Enabled:       true
   EnforcedStyle: compact
 
-Layout/EmptyLinesAroundBlockBody:
+Style/CombinableLoops:
+  Enabled: true
+
+Style/ExponentialNotation:
   Enabled: false
 
 Style/FrozenStringLiteralComment:
   Enabled: false
 
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
+
+Style/HashTransformValues:
+  Enabled: true
+
+Style/KeywordParametersOrder:
+  Enabled: true
+
 Style/RedundantReturn:
   Enabled: false
 
+Style/RedundantRegexpCharacterClass:
+  Enabled: true
+
+Style/RedundantRegexpEscape:
+  Enabled: false
+
+Style/RedundantSelfAssignment:
+  Enabled: true
+
+Style/SlicingWithRange:
+  Enabled: true
+
+Style/SoleNestedConditional:
+  Enabled: true
+
 Style/TrailingCommaInArguments:
   Enabled:                   true
   EnforcedStyleForMultiline: comma

data/lib/templates/codecov.yml

@@ -0,0 +1,17 @@
+coverage:
+  precision: 1
+  round: up
+  range: "70...100"
+
+parsers:
+  gcov:
+    branch_detection:
+      conditional: yes
+      loop: yes
+      method: no
+      macro: no
+
+comment:
+  layout: "reach,diff,flags,tree"
+  behavior: default
+  require_changes: no

data/lib/templates/gitleaks.yml

@@ -0,0 +1,11 @@
+name: gitleaks
+
+on: [push,pull_request]
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - name: gitleaks-action
+      uses: zricethezav/gitleaks-action@master

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shuttlerock_shared_config
 version: !ruby/object:Gem::Version
-  version: 0.2.27
+  version: 0.2.32
 platform: ruby
 authors:
 - ElseThen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-06 00:00:00.000000000 Z
+date: 2020-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -30,42 +30,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.78'
+        version: '0.88'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.78'
+        version: '0.88'
 - !ruby/object:Gem::Dependency
   name: danger
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.9
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.9
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.9'
 description: Update shared config for Shuttlerock's projects.
 email:
 - tbvokh@gmail.com
@@ -80,11 +80,14 @@ files:
 - lib/templates/.codeclimate.yml
 - lib/templates/.env.example
 - lib/templates/.eslintrc
+- lib/templates/.gitleaks.toml
 - lib/templates/.rubocop.yml
 - lib/templates/.stylelintrc
 - lib/templates/Dangerfile
 - lib/templates/PULL_REQUEST_TEMPLATE.md
+- lib/templates/codecov.yml
 - lib/templates/env_list.yml
+- lib/templates/gitleaks.yml
 homepage: https://github.com/Shuttlerock/shuttlerock_shared_config
 licenses:
 - MIT
@@ -97,7 +100,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.5
+      version: 2.6.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="