slosilo 0.0.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +0 -2
- data/LICENSE +2 -2
- data/README.md +8 -128
- data/lib/slosilo/adapters/abstract_adapter.rb +0 -4
- data/lib/slosilo/adapters/mock_adapter.rb +1 -14
- data/lib/slosilo/adapters/sequel_adapter/migration.rb +2 -5
- data/lib/slosilo/adapters/sequel_adapter.rb +5 -67
- data/lib/slosilo/attr_encrypted.rb +7 -33
- data/lib/slosilo/http_request.rb +59 -0
- data/lib/slosilo/key.rb +6 -129
- data/lib/slosilo/keystore.rb +12 -40
- data/lib/slosilo/rack/middleware.rb +123 -0
- data/lib/slosilo/symmetric.rb +17 -47
- data/lib/slosilo/version.rb +2 -21
- data/lib/slosilo.rb +2 -2
- data/lib/tasks/slosilo.rake +0 -10
- data/slosilo.gemspec +6 -19
- data/spec/http_request_spec.rb +107 -0
- data/spec/http_stack_spec.rb +44 -0
- data/spec/key_spec.rb +32 -175
- data/spec/keystore_spec.rb +2 -15
- data/spec/rack_middleware_spec.rb +109 -0
- data/spec/random_spec.rb +2 -12
- data/spec/sequel_adapter_spec.rb +22 -133
- data/spec/slosilo_spec.rb +12 -78
- data/spec/spec_helper.rb +15 -37
- data/spec/symmetric_spec.rb +26 -69
- metadata +51 -104
- checksums.yaml +0 -7
- data/.github/CODEOWNERS +0 -10
- data/.gitleaks.toml +0 -221
- data/.kateproject +0 -4
- data/CHANGELOG.md +0 -50
- data/CONTRIBUTING.md +0 -16
- data/Jenkinsfile +0 -132
- data/SECURITY.md +0 -42
- data/dev/Dockerfile.dev +0 -7
- data/dev/docker-compose.yml +0 -8
- data/lib/slosilo/adapters/file_adapter.rb +0 -42
- data/lib/slosilo/adapters/memory_adapter.rb +0 -31
- data/lib/slosilo/errors.rb +0 -15
- data/lib/slosilo/jwt.rb +0 -122
- data/publish.sh +0 -5
- data/secrets.yml +0 -1
- data/spec/encrypted_attributes_spec.rb +0 -114
- data/spec/file_adapter_spec.rb +0 -81
- data/spec/jwt_spec.rb +0 -102
- data/test.sh +0 -8
data/.gitleaks.toml
DELETED
@@ -1,221 +0,0 @@
|
|
1
|
-
title = "Secretless Broker gitleaks config"
|
2
|
-
|
3
|
-
# This is the config file for gitleaks. You can configure gitleaks what to search for and what to whitelist.
|
4
|
-
# If GITLEAKS_CONFIG environment variable
|
5
|
-
# is set, gitleaks will load configurations from that path. If option --config-path is set, gitleaks will load
|
6
|
-
# configurations from that path. Gitleaks does not whitelist anything by default.
|
7
|
-
# - https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
|
8
|
-
# - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
|
9
|
-
[[rules]]
|
10
|
-
description = "AWS Client ID"
|
11
|
-
regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
|
12
|
-
tags = ["key", "AWS"]
|
13
|
-
|
14
|
-
[[rules]]
|
15
|
-
description = "AWS Secret Key"
|
16
|
-
regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
|
17
|
-
tags = ["key", "AWS"]
|
18
|
-
|
19
|
-
[[rules]]
|
20
|
-
description = "AWS MWS key"
|
21
|
-
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
|
22
|
-
tags = ["key", "AWS", "MWS"]
|
23
|
-
|
24
|
-
[[rules]]
|
25
|
-
description = "PKCS8"
|
26
|
-
regex = '''-----BEGIN PRIVATE KEY-----'''
|
27
|
-
tags = ["key", "PKCS8"]
|
28
|
-
|
29
|
-
[[rules]]
|
30
|
-
description = "RSA"
|
31
|
-
regex = '''-----BEGIN RSA PRIVATE KEY-----'''
|
32
|
-
tags = ["key", "RSA"]
|
33
|
-
|
34
|
-
[[rules]]
|
35
|
-
description = "SSH"
|
36
|
-
regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
|
37
|
-
tags = ["key", "SSH"]
|
38
|
-
|
39
|
-
[[rules]]
|
40
|
-
description = "PGP"
|
41
|
-
regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
|
42
|
-
tags = ["key", "PGP"]
|
43
|
-
|
44
|
-
[[rules]]
|
45
|
-
description = "Facebook Secret Key"
|
46
|
-
regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
|
47
|
-
tags = ["key", "Facebook"]
|
48
|
-
|
49
|
-
[[rules]]
|
50
|
-
description = "Facebook Client ID"
|
51
|
-
regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
|
52
|
-
tags = ["key", "Facebook"]
|
53
|
-
|
54
|
-
[[rules]]
|
55
|
-
description = "Facebook access token"
|
56
|
-
regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
|
57
|
-
tags = ["key", "Facebook"]
|
58
|
-
|
59
|
-
[[rules]]
|
60
|
-
description = "Twitter Secret Key"
|
61
|
-
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
|
62
|
-
tags = ["key", "Twitter"]
|
63
|
-
|
64
|
-
[[rules]]
|
65
|
-
description = "Twitter Client ID"
|
66
|
-
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
|
67
|
-
tags = ["client", "Twitter"]
|
68
|
-
|
69
|
-
[[rules]]
|
70
|
-
description = "Github"
|
71
|
-
regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
|
72
|
-
tags = ["key", "Github"]
|
73
|
-
|
74
|
-
[[rules]]
|
75
|
-
description = "LinkedIn Client ID"
|
76
|
-
regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
|
77
|
-
tags = ["client", "Twitter"]
|
78
|
-
|
79
|
-
[[rules]]
|
80
|
-
description = "LinkedIn Secret Key"
|
81
|
-
regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
|
82
|
-
tags = ["secret", "Twitter"]
|
83
|
-
|
84
|
-
[[rules]]
|
85
|
-
description = "Slack"
|
86
|
-
regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
|
87
|
-
tags = ["key", "Slack"]
|
88
|
-
|
89
|
-
[[rules]]
|
90
|
-
description = "EC"
|
91
|
-
regex = '''-----BEGIN EC PRIVATE KEY-----'''
|
92
|
-
tags = ["key", "EC"]
|
93
|
-
|
94
|
-
[[rules]]
|
95
|
-
description = "Generic API key"
|
96
|
-
regex = '''(?i)(api_key|apikey)(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
|
97
|
-
tags = ["key", "API", "generic"]
|
98
|
-
|
99
|
-
[[rules]]
|
100
|
-
description = "Generic Secret"
|
101
|
-
regex = '''(?i)secret(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
|
102
|
-
tags = ["key", "Secret", "generic"]
|
103
|
-
|
104
|
-
[[rules]]
|
105
|
-
description = "Google API key"
|
106
|
-
regex = '''AIza[0-9A-Za-z\\-_]{35}'''
|
107
|
-
tags = ["key", "Google"]
|
108
|
-
|
109
|
-
[[rules]]
|
110
|
-
description = "Google Cloud Platform API key"
|
111
|
-
regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
|
112
|
-
tags = ["key", "Google", "GCP"]
|
113
|
-
|
114
|
-
[[rules]]
|
115
|
-
description = "Google OAuth"
|
116
|
-
regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
|
117
|
-
tags = ["key", "Google", "OAuth"]
|
118
|
-
|
119
|
-
[[rules]]
|
120
|
-
description = "Google OAuth access token"
|
121
|
-
regex = '''ya29\.[0-9A-Za-z\-_]+'''
|
122
|
-
tags = ["key", "Google", "OAuth"]
|
123
|
-
|
124
|
-
[[rules]]
|
125
|
-
description = "Heroku API key"
|
126
|
-
regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
|
127
|
-
tags = ["key", "Heroku"]
|
128
|
-
|
129
|
-
[[rules]]
|
130
|
-
description = "MailChimp API key"
|
131
|
-
regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
|
132
|
-
tags = ["key", "Mailchimp"]
|
133
|
-
|
134
|
-
[[rules]]
|
135
|
-
description = "Mailgun API key"
|
136
|
-
regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
|
137
|
-
tags = ["key", "Mailgun"]
|
138
|
-
|
139
|
-
[[rules]]
|
140
|
-
description = "Password in URL"
|
141
|
-
regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
|
142
|
-
tags = ["key", "URL", "generic"]
|
143
|
-
|
144
|
-
[[rules]]
|
145
|
-
description = "PayPal Braintree access token"
|
146
|
-
regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
|
147
|
-
tags = ["key", "Paypal"]
|
148
|
-
|
149
|
-
[[rules]]
|
150
|
-
description = "Picatic API key"
|
151
|
-
regex = '''sk_live_[0-9a-z]{32}'''
|
152
|
-
tags = ["key", "Picatic"]
|
153
|
-
|
154
|
-
[[rules]]
|
155
|
-
description = "Slack Webhook"
|
156
|
-
regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
|
157
|
-
tags = ["key", "slack"]
|
158
|
-
|
159
|
-
[[rules]]
|
160
|
-
description = "Stripe API key"
|
161
|
-
regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
|
162
|
-
tags = ["key", "Stripe"]
|
163
|
-
|
164
|
-
[[rules]]
|
165
|
-
description = "Square access token"
|
166
|
-
regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
|
167
|
-
tags = ["key", "square"]
|
168
|
-
|
169
|
-
[[rules]]
|
170
|
-
description = "Square OAuth secret"
|
171
|
-
regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
|
172
|
-
tags = ["key", "square"]
|
173
|
-
|
174
|
-
[[rules]]
|
175
|
-
description = "Twilio API key"
|
176
|
-
regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
|
177
|
-
tags = ["key", "twilio"]
|
178
|
-
|
179
|
-
[whitelist]
|
180
|
-
files = [
|
181
|
-
"(.*?)(jpg|gif|doc|pdf|bin)$",
|
182
|
-
".gitleaks.toml"
|
183
|
-
]
|
184
|
-
regexes = [
|
185
|
-
]
|
186
|
-
commits = [
|
187
|
-
"3a496cef2d737f69038630f3c884a159f783bd06", # old commit to add test data
|
188
|
-
"047e58e40c87f9d19d68c21a533b706616ab1ef2", # old commit to add test data
|
189
|
-
"5345e49e7d63589fc637c2b0c7156bf97e9c72b8", # old commit to add test data
|
190
|
-
"9c31229cedceedd75e06c381fe7218571a03c26d" # old commit to add test data
|
191
|
-
]
|
192
|
-
|
193
|
-
# Additional Examples
|
194
|
-
|
195
|
-
# [[rules]]
|
196
|
-
# description = "Generic Key"
|
197
|
-
# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
|
198
|
-
# entropies = [
|
199
|
-
# "4.1-4.3",
|
200
|
-
# "5.5-6.3",
|
201
|
-
# ]
|
202
|
-
# entropyROI = "line"
|
203
|
-
# filetypes = [".go", ".py", ".c"]
|
204
|
-
# tags = ["key"]
|
205
|
-
# severity = "8"
|
206
|
-
#
|
207
|
-
#
|
208
|
-
# [[rules]]
|
209
|
-
# description = "Generic Key"
|
210
|
-
# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
|
211
|
-
# entropies = ["4.1-4.3"]
|
212
|
-
# filetypes = [".gee"]
|
213
|
-
# entropyROI = "line"
|
214
|
-
# tags = ["key"]
|
215
|
-
# severity = "medium"
|
216
|
-
|
217
|
-
# [[rules]]
|
218
|
-
# description = "Any pem file"
|
219
|
-
# filetypes = [".key"]
|
220
|
-
# tags = ["pem"]
|
221
|
-
# severity = "high"
|
data/.kateproject
DELETED
data/CHANGELOG.md
DELETED
@@ -1,50 +0,0 @@
|
|
1
|
-
# Changelog
|
2
|
-
All notable changes to this project will be documented in this file.
|
3
|
-
|
4
|
-
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
5
|
-
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
6
|
-
|
7
|
-
## [3.0.2] - 2023-11-14
|
8
|
-
|
9
|
-
### Changed
|
10
|
-
|
11
|
-
- Moved slosilo to Github Enterprise.
|
12
|
-
- Updated to use Ruby 3+ and conjur-enterprise/release-tools' publish-rubygem.
|
13
|
-
|
14
|
-
## [3.0.1] - 2023-02-10
|
15
|
-
|
16
|
-
### Fixed
|
17
|
-
|
18
|
-
- The symmetric cipher class now encrypts and decrypts in a thread-safe manner.
|
19
|
-
[cyberark/slosilo#31](https://github.com/cyberark/slosilo/pull/31)
|
20
|
-
|
21
|
-
## [3.0.0] - 2022-02-01
|
22
|
-
|
23
|
-
### Changed
|
24
|
-
|
25
|
-
- Transition to Ruby 3. Consuming projects based on Ruby 2 shall use slosilo V2.X.X.
|
26
|
-
|
27
|
-
## [2.2.2] - 2014-01-01
|
28
|
-
|
29
|
-
## Added
|
30
|
-
|
31
|
-
- Add rake task `slosilo:recalculate_fingerprints` which rehashes the fingerprints in the keystore.
|
32
|
-
**Note**: After migrating the slosilo keystore, run the above rake task to ensure the fingerprints are correctly hashed.
|
33
|
-
|
34
|
-
## [2.2.1] - 2014-01-01
|
35
|
-
|
36
|
-
### Changed
|
37
|
-
|
38
|
-
- Use SHA256 algorithm instead of MD5 for public key fingerprints.
|
39
|
-
|
40
|
-
## [2.1.1] - 2014-01-01
|
41
|
-
|
42
|
-
### Added
|
43
|
-
|
44
|
-
- Add support for JWT-formatted tokens, with arbitrary expiration.
|
45
|
-
|
46
|
-
## [2.0.1] - 2014-01-01
|
47
|
-
|
48
|
-
### Fixed
|
49
|
-
|
50
|
-
- Fixes a bug that occurs when signing tokens containing Unicode data
|
data/CONTRIBUTING.md
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
# Contributing
|
2
|
-
|
3
|
-
For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
|
4
|
-
|
5
|
-
## Contributing Workflow
|
6
|
-
|
7
|
-
1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
|
8
|
-
2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
|
9
|
-
3. Make local changes to your fork by editing files
|
10
|
-
3. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
|
11
|
-
4. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
|
12
|
-
5. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
|
13
|
-
|
14
|
-
From here your pull request will be reviewed and once you've responded to all
|
15
|
-
feedback it will be merged into the project. Congratulations, you're a
|
16
|
-
contributor!
|
data/Jenkinsfile
DELETED
@@ -1,132 +0,0 @@
|
|
1
|
-
#!/usr/bin/env groovy
|
2
|
-
@Library("product-pipelines-shared-library") _
|
3
|
-
|
4
|
-
// Automated release, promotion and dependencies
|
5
|
-
properties([
|
6
|
-
// Include the automated release parameters for the build
|
7
|
-
release.addParams(),
|
8
|
-
// Dependencies of the project that should trigger builds
|
9
|
-
dependencies([])
|
10
|
-
])
|
11
|
-
|
12
|
-
// Performs release promotion. No other stages will be run
|
13
|
-
if (params.MODE == "PROMOTE") {
|
14
|
-
release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory ->
|
15
|
-
// Any assets from sourceVersion Github release are available in assetDirectory
|
16
|
-
// Any version number updates from sourceVersion to targetVersion occur here
|
17
|
-
// Any publishing of targetVersion artifacts occur here
|
18
|
-
// Anything added to assetDirectory will be attached to the Github Release
|
19
|
-
|
20
|
-
//Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
|
21
|
-
|
22
|
-
// Publish container images to internal registry
|
23
|
-
//INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "summon --yaml 'RUBYGEMS_API_KEY: !var rubygems/api-key' ${toolsDirectory}/bin/publish-rubygem slosilo"
|
24
|
-
|
25
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "./publish.sh"
|
26
|
-
|
27
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp slosilo*.gem ${assetDirectory}"
|
28
|
-
}
|
29
|
-
release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
|
30
|
-
return
|
31
|
-
}
|
32
|
-
|
33
|
-
pipeline {
|
34
|
-
agent { label 'conjur-enterprise-common-agent' }
|
35
|
-
|
36
|
-
triggers {
|
37
|
-
cron(getDailyCronString())
|
38
|
-
}
|
39
|
-
|
40
|
-
environment {
|
41
|
-
// Sets the MODE to the specified or autocalculated value as appropriate
|
42
|
-
MODE = release.canonicalizeMode()
|
43
|
-
}
|
44
|
-
|
45
|
-
options {
|
46
|
-
timestamps()
|
47
|
-
buildDiscarder(logRotator(daysToKeepStr: '30'))
|
48
|
-
}
|
49
|
-
|
50
|
-
stages {
|
51
|
-
stage('Get InfraPool Agent') {
|
52
|
-
steps {
|
53
|
-
script {
|
54
|
-
INFRAPOOL_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
|
55
|
-
INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2RHELEE", quantity: 1, duration: 1)[0]
|
56
|
-
}
|
57
|
-
}
|
58
|
-
}
|
59
|
-
|
60
|
-
// Generates a VERSION file based on the current build number and latest version in CHANGELOG.md
|
61
|
-
stage('Validate Changelog and set version') {
|
62
|
-
steps {
|
63
|
-
script {
|
64
|
-
updateVersion(INFRAPOOL_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
|
65
|
-
}
|
66
|
-
}
|
67
|
-
}
|
68
|
-
|
69
|
-
stage('Test') {
|
70
|
-
parallel {
|
71
|
-
|
72
|
-
stage('Run tests on EE') {
|
73
|
-
steps {
|
74
|
-
script {
|
75
|
-
INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0.agentSh './test.sh'
|
76
|
-
}
|
77
|
-
}
|
78
|
-
post { always {
|
79
|
-
script {
|
80
|
-
INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0.agentStash name: 'eeTestResults', includes: 'spec/reports/*.xml', allowEmpty:true
|
81
|
-
}
|
82
|
-
}}
|
83
|
-
}
|
84
|
-
|
85
|
-
stage('Run tests') {
|
86
|
-
steps {
|
87
|
-
script {
|
88
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
|
89
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'TestResults', includes: 'spec/coverage/*.xml', allowEmpty:true
|
90
|
-
}
|
91
|
-
}
|
92
|
-
}
|
93
|
-
|
94
|
-
}
|
95
|
-
}
|
96
|
-
|
97
|
-
stage('Release') {
|
98
|
-
when {
|
99
|
-
expression {
|
100
|
-
MODE == "RELEASE"
|
101
|
-
}
|
102
|
-
}
|
103
|
-
|
104
|
-
steps {
|
105
|
-
script {
|
106
|
-
release(INFRAPOOL_EXECUTORV2_AGENT_0) { billOfMaterialsDirectory, assetDirectory, toolsDirectory ->
|
107
|
-
// Publish release artifacts to all the appropriate locations
|
108
|
-
// Copy any artifacts to assetDirectory to attach them to the Github release
|
109
|
-
|
110
|
-
// Publish container images to internal registry
|
111
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "summon ${toolsDirectory}/bin/publish-rubygem slosilo"
|
112
|
-
|
113
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp slosilo*.gem ${assetDirectory}"
|
114
|
-
}
|
115
|
-
}
|
116
|
-
}
|
117
|
-
}
|
118
|
-
}
|
119
|
-
|
120
|
-
post {
|
121
|
-
always {
|
122
|
-
dir('ee-results'){
|
123
|
-
unstash 'eeTestResults'
|
124
|
-
}
|
125
|
-
unstash 'TestResults'
|
126
|
-
junit 'spec/reports/*.xml, ee-results/spec/reports/*.xml'
|
127
|
-
cobertura coberturaReportFile: 'spec/coverage/coverage.xml'
|
128
|
-
codacy action: 'reportCoverage', filePath: "spec/coverage/coverage.xml"
|
129
|
-
releaseInfraPoolAgent(".infrapool/release_agents")
|
130
|
-
}
|
131
|
-
}
|
132
|
-
}
|
data/SECURITY.md
DELETED
@@ -1,42 +0,0 @@
|
|
1
|
-
# Security Policies and Procedures
|
2
|
-
|
3
|
-
This document outlines security procedures and general policies for the CyberArk Conjur
|
4
|
-
suite of tools and products.
|
5
|
-
|
6
|
-
* [Reporting a Bug](#reporting-a-bug)
|
7
|
-
* [Disclosure Policy](#disclosure-policy)
|
8
|
-
* [Comments on this Policy](#comments-on-this-policy)
|
9
|
-
|
10
|
-
## Reporting a Bug
|
11
|
-
|
12
|
-
The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
|
13
|
-
Thank you for improving the security of the Conjur suite. We appreciate your efforts and
|
14
|
-
responsible disclosure and will make every effort to acknowledge your
|
15
|
-
contributions.
|
16
|
-
|
17
|
-
Report security bugs by emailing the lead maintainers at security@conjur.org.
|
18
|
-
|
19
|
-
The maintainers will acknowledge your email within 2 business days. Subsequently, we will
|
20
|
-
send a more detailed response within 2 business days of our acknowledgement indicating
|
21
|
-
the next steps in handling your report. After the initial reply to your report, the security
|
22
|
-
team will endeavor to keep you informed of the progress towards a fix and full
|
23
|
-
announcement, and may ask for additional information or guidance.
|
24
|
-
|
25
|
-
Report security bugs in third-party modules to the person or team maintaining
|
26
|
-
the module.
|
27
|
-
|
28
|
-
## Disclosure Policy
|
29
|
-
|
30
|
-
When the security team receives a security bug report, they will assign it to a
|
31
|
-
primary handler. This person will coordinate the fix and release process,
|
32
|
-
involving the following steps:
|
33
|
-
|
34
|
-
* Confirm the problem and determine the affected versions.
|
35
|
-
* Audit code to find any potential similar problems.
|
36
|
-
* Prepare fixes for all releases still under maintenance. These fixes will be
|
37
|
-
released as fast as possible.
|
38
|
-
|
39
|
-
## Comments on this Policy
|
40
|
-
|
41
|
-
If you have suggestions on how this process could be improved please submit a
|
42
|
-
pull request.
|
data/dev/Dockerfile.dev
DELETED
data/dev/docker-compose.yml
DELETED
@@ -1,42 +0,0 @@
|
|
1
|
-
require 'slosilo/adapters/abstract_adapter'
|
2
|
-
|
3
|
-
module Slosilo
|
4
|
-
module Adapters
|
5
|
-
class FileAdapter < AbstractAdapter
|
6
|
-
attr_reader :dir
|
7
|
-
|
8
|
-
def initialize(dir)
|
9
|
-
@dir = dir
|
10
|
-
@keys = {}
|
11
|
-
@fingerprints = {}
|
12
|
-
Dir[File.join(@dir, "*.key")].each do |f|
|
13
|
-
key = Slosilo::EncryptedAttributes.decrypt File.read(f)
|
14
|
-
id = File.basename(f, '.key')
|
15
|
-
key = @keys[id] = Slosilo::Key.new(key)
|
16
|
-
@fingerprints[key.fingerprint] = id
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
def put_key id, value
|
21
|
-
raise "id should not contain a period" if id.index('.')
|
22
|
-
fname = File.join(dir, "#{id}.key")
|
23
|
-
File.write(fname, Slosilo::EncryptedAttributes.encrypt(value.to_der))
|
24
|
-
File.chmod(0400, fname)
|
25
|
-
@keys[id] = value
|
26
|
-
end
|
27
|
-
|
28
|
-
def get_key id
|
29
|
-
@keys[id]
|
30
|
-
end
|
31
|
-
|
32
|
-
def get_by_fingerprint fp
|
33
|
-
id = @fingerprints[fp]
|
34
|
-
[@keys[id], id]
|
35
|
-
end
|
36
|
-
|
37
|
-
def each(&block)
|
38
|
-
@keys.each(&block)
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
@@ -1,31 +0,0 @@
|
|
1
|
-
require 'slosilo/adapters/abstract_adapter'
|
2
|
-
|
3
|
-
module Slosilo
|
4
|
-
module Adapters
|
5
|
-
class MemoryAdapter < AbstractAdapter
|
6
|
-
def initialize
|
7
|
-
@keys = {}
|
8
|
-
@fingerprints = {}
|
9
|
-
end
|
10
|
-
|
11
|
-
def put_key id, key
|
12
|
-
key = Slosilo::Key.new(key) if key.is_a?(String)
|
13
|
-
@keys[id] = key
|
14
|
-
@fingerprints[key.fingerprint] = id
|
15
|
-
end
|
16
|
-
|
17
|
-
def get_key id
|
18
|
-
@keys[id]
|
19
|
-
end
|
20
|
-
|
21
|
-
def get_by_fingerprint fp
|
22
|
-
id = @fingerprints[fp]
|
23
|
-
[@keys[id], id]
|
24
|
-
end
|
25
|
-
|
26
|
-
def each(&block)
|
27
|
-
@keys.each(&block)
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
data/lib/slosilo/errors.rb
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
module Slosilo
|
2
|
-
class Error < RuntimeError
|
3
|
-
# An error thrown when attempting to store a private key in an unecrypted
|
4
|
-
# storage. Set Slosilo.encryption_key to secure the storage or make sure
|
5
|
-
# to store just the public keys (using Key#public).
|
6
|
-
class InsecureKeyStorage < Error
|
7
|
-
def initialize msg = "can't store a private key in a plaintext storage"
|
8
|
-
super
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
class TokenValidationError < Error
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|