shuttlerock_shared_config 0.2.31 → 0.2.32

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8f344aa5b492eade85bde5c058ca82a0924a994a3f99428ce1ab4605a658e5c0
4
- data.tar.gz: c57afb357d64b55ca5dd05e036c2cc7b514100dd38e6cfc7ed1c3a62084ae1c5
3
+ metadata.gz: f860efc08c45b143efe1269e873978274e9f2cc0b7bfa1d153503dedc8324767
4
+ data.tar.gz: 51a8f8d7c980b3e27604bee962eb67546e109e180270cfbfe0c12ac37dad200f
5
5
  SHA512:
6
- metadata.gz: 8b3b405287866c57ed68ff932b4dcd46152d1b724ca719108a8c447a69a3e62c878286d362fc143aac6361090f92cb0e243d143377c6d22fe7ca75c73f476869
7
- data.tar.gz: a7791ea0fe0b3c755ad13a5edaaa62fa62e55f552fa992adeabfc75030f676c3c4a6a6676a4e770d6d162025742fcc2261d3a5baf4f8362a28c1297e04eec22e
6
+ metadata.gz: 3b142dfb076a5f67db27dbc62faa1d5155f42915e8767c89dd6a75a019bd3bcc405459dbfdd81d94319545f8cc344cf68feac5a600a64914075d8d0b0eacc9f3
7
+ data.tar.gz: 1500ae49faf0bdcbca9344cb52a532d2a8e13f7660f68bd9831276d72f463a83d5c42576470bdfd08b985a05f45b4fd794d0e4c0b68159fc2a88b535139ecc6f
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShuttlerockSharedConfig
4
- VERSION = '0.2.31'
4
+ VERSION = '0.2.32'
5
5
  end
@@ -4,7 +4,7 @@ require 'rake'
4
4
  require 'fileutils'
5
5
 
6
6
  namespace :shuttlerock_shared_config do
7
- task update: %i[update_codeclimate update_eslint update_rubocop update_stylelintrc update_dangerfile update_pull_request_template update_codecov] do
7
+ task update: %i[update_codeclimate update_eslint update_rubocop update_stylelintrc update_dangerfile update_pull_request_template update_codecov update_gitleaks] do
8
8
  end
9
9
 
10
10
  desc 'Update .codeclimate.yml'
@@ -69,4 +69,17 @@ namespace :shuttlerock_shared_config do
69
69
  FileUtils.copy(input_path, Dir.pwd)
70
70
  warn('Updated codecov.yml')
71
71
  end
72
+
73
+ desc 'Update gitleaks'
74
+ task :update_gitleaks do
75
+ input_path = File.expand_path('../../lib/templates/gitleaks.yml', __dir__)
76
+ result_dir = Dir.pwd + '/.github/workflows'
77
+ FileUtils.mkdir_p(result_dir) unless File.directory?(result_dir)
78
+ FileUtils.copy(input_path, result_dir)
79
+ warn('Updated /.github/workflows/gitleaks.yml')
80
+
81
+ input_path = File.expand_path('../../lib/templates/.gitleaks.toml', __dir__)
82
+ FileUtils.copy(input_path, Dir.pwd)
83
+ warn('Updated .gitleaks.toml')
84
+ end
72
85
  end
@@ -0,0 +1,194 @@
1
+ title = "gitleaks config"
2
+
3
+ [[rules]]
4
+ description = "AWS Manager ID"
5
+ regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
6
+ tags = ["key", "AWS"]
7
+
8
+ [[rules]]
9
+ description = "AWS cred file info"
10
+ regex = '''(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'''
11
+ tags = ["AWS"]
12
+
13
+ [[rules]]
14
+ description = "AWS Secret Key"
15
+ regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
16
+ tags = ["key", "AWS"]
17
+
18
+ [[rules]]
19
+ description = "AWS MWS key"
20
+ regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
21
+ tags = ["key", "AWS", "MWS"]
22
+
23
+ [[rules]]
24
+ description = "Facebook Secret Key"
25
+ regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
26
+ tags = ["key", "Facebook"]
27
+
28
+ [[rules]]
29
+ description = "Facebook Client ID"
30
+ regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
31
+ tags = ["key", "Facebook"]
32
+
33
+ [[rules]]
34
+ description = "Twitter Secret Key"
35
+ regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
36
+ tags = ["key", "Twitter"]
37
+
38
+ [[rules]]
39
+ description = "Twitter Client ID"
40
+ regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
41
+ tags = ["client", "Twitter"]
42
+
43
+ [[rules]]
44
+ description = "Github"
45
+ regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
46
+ tags = ["key", "Github"]
47
+
48
+ [[rules]]
49
+ description = "LinkedIn Client ID"
50
+ regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
51
+ tags = ["client", "LinkedIn"]
52
+
53
+ [[rules]]
54
+ description = "LinkedIn Secret Key"
55
+ regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
56
+ tags = ["secret", "LinkedIn"]
57
+
58
+ [[rules]]
59
+ description = "Slack"
60
+ regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
61
+ tags = ["key", "Slack"]
62
+
63
+ [[rules]]
64
+ description = "EC"
65
+ regex = '''-----BEGIN EC PRIVATE KEY-----'''
66
+ tags = ["key", "EC"]
67
+
68
+
69
+ [[rules]]
70
+ description = "Google API key"
71
+ regex = '''AIza[0-9A-Za-z\\-_]{35}'''
72
+ tags = ["key", "Google"]
73
+
74
+
75
+ [[rules]]
76
+ description = "Heroku API key"
77
+ regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
78
+ tags = ["key", "Heroku"]
79
+
80
+ [[rules]]
81
+ description = "MailChimp API key"
82
+ regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
83
+ tags = ["key", "Mailchimp"]
84
+
85
+ [[rules]]
86
+ description = "Mailgun API key"
87
+ regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
88
+ tags = ["key", "Mailgun"]
89
+
90
+ [[rules]]
91
+ description = "PayPal Braintree access token"
92
+ regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
93
+ tags = ["key", "Paypal"]
94
+
95
+ [[rules]]
96
+ description = "Picatic API key"
97
+ regex = '''sk_live_[0-9a-z]{32}'''
98
+ tags = ["key", "Picatic"]
99
+
100
+ [[rules]]
101
+ description = "Slack Webhook"
102
+ regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
103
+ tags = ["key", "slack"]
104
+
105
+ [[rules]]
106
+ description = "Stripe API key"
107
+ regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
108
+ tags = ["key", "Stripe"]
109
+
110
+ [[rules]]
111
+ description = "Square access token"
112
+ regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
113
+ tags = ["key", "square"]
114
+
115
+ [[rules]]
116
+ description = "Square OAuth secret"
117
+ regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
118
+ tags = ["key", "square"]
119
+
120
+ [[rules]]
121
+ description = "Twilio API key"
122
+ regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
123
+ tags = ["key", "twilio"]
124
+
125
+ [[rules]]
126
+ description = "Env Var"
127
+ regex = '''(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}'''
128
+
129
+ [[rules]]
130
+ description = "Port"
131
+ regex = '''(?i)port(.{0,4})?[0-9]{1,10}'''
132
+ [rules.allowlist]
133
+ regexes = ['''(?i)port ''']
134
+ description = "ignore export "
135
+
136
+
137
+
138
+ [[rules]]
139
+ description = "Email"
140
+ regex = '''[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'''
141
+ tags = ["email"]
142
+ [rules.allowlist]
143
+ files = ['''(?i)bashrc''']
144
+ description = "ignore bashrc emails"
145
+
146
+
147
+ [[rules]]
148
+ description = "Generic Credential"
149
+ regex = '''(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|"]([0-9a-zA-Z-_\/+!{}/=]{4,120})['|"]'''
150
+ tags = ["key", "API", "generic"]
151
+ # ignore leaks with specific identifiers like slack and aws
152
+ [rules.allowlist]
153
+ description = "ignore slack, mailchimp, aws"
154
+ regexes = [
155
+ '''xox[baprs]-([0-9a-zA-Z]{10,48})''',
156
+ '''(?i)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]''',
157
+ '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
158
+ ]
159
+
160
+ [[rules]]
161
+ description = "High Entropy"
162
+ regex = '''[0-9a-zA-Z-_!{}/=]{4,120}'''
163
+ file = '''(?i)(dump.sql|high-entropy-misc.txt)$'''
164
+ tags = ["entropy"]
165
+ [[rules.Entropies]]
166
+ Min = "4.3"
167
+ Max = "7.0"
168
+ [rules.allowlist]
169
+ description = "ignore ssh key and pems"
170
+ files = ['''(pem|ppk|env)$''']
171
+ paths = ['''(.*)?ssh''']
172
+
173
+ [[rules]]
174
+ description = "Potential bash var"
175
+ regex='''(?i)(=)([0-9a-zA-Z-_!{}=]{4,120})'''
176
+ tags = ["key", "bash", "API", "generic"]
177
+ [[rules.Entropies]]
178
+ Min = "3.5"
179
+ Max = "4.5"
180
+ Group = "1"
181
+
182
+ [[rules]]
183
+ description = "WP-Config"
184
+ regex='''define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|"].{10,120}['|"]'''
185
+ tags = ["key", "API", "generic"]
186
+
187
+ [[rules]]
188
+ description = "Files with keys and credentials"
189
+ file = '''(?i)(id_rsa|passwd|id_rsa.pub|pgpass|pem|key|shadow)'''
190
+
191
+ # Global allowlist
192
+ [allowlist]
193
+ description = "image allowlists"
194
+ files = ['''(.*?)(jpg|gif|doc|pdf|bin)$''']
@@ -45,6 +45,15 @@ Layout/HashAlignment:
45
45
  Rails/ApplicationController:
46
46
  Enabled: true
47
47
 
48
+ Rails/AfterCommitOverride:
49
+ Enabled: true
50
+
51
+ Rails/SquishedSQLHeredocs:
52
+ Enabled: true
53
+
54
+ Rails/WhereNot:
55
+ Enabled: true
56
+
48
57
  Style/Documentation:
49
58
  Enabled: false
50
59
 
@@ -77,9 +86,33 @@ Naming/MethodParameterName:
77
86
  Naming/BlockParameterName:
78
87
  MinNameLength: 2
79
88
 
89
+ Lint/ConstantDefinitionInBlock:
90
+ Enabled: true
91
+
80
92
  Lint/DeprecatedOpenSSLConstant:
81
93
  Enabled: true
82
94
 
95
+ Lint/DuplicateRequire:
96
+ Enabled: true
97
+
98
+ Lint/EmptyFile:
99
+ Enabled: true
100
+
101
+ Lint/IdentityComparison:
102
+ Enabled: true
103
+
104
+ Lint/TrailingCommaInAttributeDeclaration:
105
+ Enabled: true
106
+
107
+ Lint/UselessMethodDefinition:
108
+ Enabled: true
109
+
110
+ Lint/UselessTimes:
111
+ Enabled: true
112
+
113
+ Layout/BeginEndAlignment:
114
+ Enabled: true
115
+
83
116
  Layout/EmptyLinesAroundBlockBody:
84
117
  Enabled: false
85
118
 
@@ -115,6 +148,9 @@ Style/ClassAndModuleChildren:
115
148
  Enabled: true
116
149
  EnforcedStyle: compact
117
150
 
151
+ Style/CombinableLoops:
152
+ Enabled: true
153
+
118
154
  Style/ExponentialNotation:
119
155
  Enabled: false
120
156
 
@@ -130,6 +166,9 @@ Style/HashTransformKeys:
130
166
  Style/HashTransformValues:
131
167
  Enabled: true
132
168
 
169
+ Style/KeywordParametersOrder:
170
+ Enabled: true
171
+
133
172
  Style/RedundantReturn:
134
173
  Enabled: false
135
174
 
@@ -139,9 +178,15 @@ Style/RedundantRegexpCharacterClass:
139
178
  Style/RedundantRegexpEscape:
140
179
  Enabled: false
141
180
 
181
+ Style/RedundantSelfAssignment:
182
+ Enabled: true
183
+
142
184
  Style/SlicingWithRange:
143
185
  Enabled: true
144
186
 
187
+ Style/SoleNestedConditional:
188
+ Enabled: true
189
+
145
190
  Style/TrailingCommaInArguments:
146
191
  Enabled: true
147
192
  EnforcedStyleForMultiline: comma
@@ -0,0 +1,11 @@
1
+ name: gitleaks
2
+
3
+ on: [push,pull_request]
4
+
5
+ jobs:
6
+ gitleaks:
7
+ runs-on: ubuntu-latest
8
+ steps:
9
+ - uses: actions/checkout@v1
10
+ - name: gitleaks-action
11
+ uses: zricethezav/gitleaks-action@master
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shuttlerock_shared_config
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.31
4
+ version: 0.2.32
5
5
  platform: ruby
6
6
  authors:
7
7
  - ElseThen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-09-08 00:00:00.000000000 Z
11
+ date: 2020-10-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -80,12 +80,14 @@ files:
80
80
  - lib/templates/.codeclimate.yml
81
81
  - lib/templates/.env.example
82
82
  - lib/templates/.eslintrc
83
+ - lib/templates/.gitleaks.toml
83
84
  - lib/templates/.rubocop.yml
84
85
  - lib/templates/.stylelintrc
85
86
  - lib/templates/Dangerfile
86
87
  - lib/templates/PULL_REQUEST_TEMPLATE.md
87
88
  - lib/templates/codecov.yml
88
89
  - lib/templates/env_list.yml
90
+ - lib/templates/gitleaks.yml
89
91
  homepage: https://github.com/Shuttlerock/shuttlerock_shared_config
90
92
  licenses:
91
93
  - MIT