slosilo 0.0.0 → 0.1.2

data/.gitleaks.toml

@@ -1,221 +0,0 @@
-title = "Secretless Broker gitleaks config"
-
-# This is the config file for gitleaks. You can configure gitleaks what to search for and what to whitelist.
-# If GITLEAKS_CONFIG environment variable
-# is set, gitleaks will load configurations from that path. If option --config-path is set, gitleaks will load
-# configurations from that path. Gitleaks does not whitelist anything by default.
-# - https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
-# - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
-[[rules]]
-description = "AWS Client ID"
-regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
-tags = ["key", "AWS"]
-
-[[rules]]
-description = "AWS Secret Key"
-regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
-tags = ["key", "AWS"]
-
-[[rules]]
-description = "AWS MWS key"
-regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
-tags = ["key", "AWS", "MWS"]
-
-[[rules]]
-description = "PKCS8"
-regex = '''-----BEGIN PRIVATE KEY-----'''
-tags = ["key", "PKCS8"]
-
-[[rules]]
-description = "RSA"
-regex = '''-----BEGIN RSA PRIVATE KEY-----'''
-tags = ["key", "RSA"]
-
-[[rules]]
-description = "SSH"
-regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
-tags = ["key", "SSH"]
-
-[[rules]]
-description = "PGP"
-regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
-tags = ["key", "PGP"]
-
-[[rules]]
-description = "Facebook Secret Key"
-regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
-tags = ["key", "Facebook"]
-
-[[rules]]
-description = "Facebook Client ID"
-regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
-tags = ["key", "Facebook"]
-
-[[rules]]
-description = "Facebook access token"
-regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
-tags = ["key", "Facebook"]
-
-[[rules]]
-description = "Twitter Secret Key"
-regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
-tags = ["key", "Twitter"]
-
-[[rules]]
-description = "Twitter Client ID"
-regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
-tags = ["client", "Twitter"]
-
-[[rules]]
-description = "Github"
-regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
-tags = ["key", "Github"]
-
-[[rules]]
-description = "LinkedIn Client ID"
-regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
-tags = ["client", "Twitter"]
-
-[[rules]]
-description = "LinkedIn Secret Key"
-regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
-tags = ["secret", "Twitter"]
-
-[[rules]]
-description = "Slack"
-regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
-tags = ["key", "Slack"]
-
-[[rules]]
-description = "EC"
-regex = '''-----BEGIN EC PRIVATE KEY-----'''
-tags = ["key", "EC"]
-
-[[rules]]
-description = "Generic API key"
-regex = '''(?i)(api_key|apikey)(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
-tags = ["key", "API", "generic"]
-
-[[rules]]
-description = "Generic Secret"
-regex = '''(?i)secret(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
-tags = ["key", "Secret", "generic"]
-
-[[rules]]
-description = "Google API key"
-regex = '''AIza[0-9A-Za-z\\-_]{35}'''
-tags = ["key", "Google"]
-
-[[rules]]
-description = "Google Cloud Platform API key"
-regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
-tags = ["key", "Google", "GCP"]
-
-[[rules]]
-description = "Google OAuth"
-regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
-tags = ["key", "Google", "OAuth"]
-
-[[rules]]
-description = "Google OAuth access token"
-regex = '''ya29\.[0-9A-Za-z\-_]+'''
-tags = ["key", "Google", "OAuth"]
-
-[[rules]]
-description = "Heroku API key"
-regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
-tags = ["key", "Heroku"]
-
-[[rules]]
-description = "MailChimp API key"
-regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
-tags = ["key", "Mailchimp"]
-
-[[rules]]
-description = "Mailgun API key"
-regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
-tags = ["key", "Mailgun"]
-
-[[rules]]
-description = "Password in URL"
-regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
-tags = ["key", "URL", "generic"]
-
-[[rules]]
-description = "PayPal Braintree access token"
-regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
-tags = ["key", "Paypal"]
-
-[[rules]]
-description = "Picatic API key"
-regex = '''sk_live_[0-9a-z]{32}'''
-tags = ["key", "Picatic"]
-
-[[rules]]
-description = "Slack Webhook"
-regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
-tags = ["key", "slack"]
-
-[[rules]]
-description = "Stripe API key"
-regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
-tags = ["key", "Stripe"]
-
-[[rules]]
-description = "Square access token"
-regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
-tags = ["key", "square"]
-
-[[rules]]
-description = "Square OAuth secret"
-regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
-tags = ["key", "square"]
-
-[[rules]]
-description = "Twilio API key"
-regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
-tags = ["key", "twilio"]
-
-[whitelist]
-files = [
-  "(.*?)(jpg|gif|doc|pdf|bin)$",
-  ".gitleaks.toml"
-]
-regexes = [
-]
-commits = [
-  "3a496cef2d737f69038630f3c884a159f783bd06", # old commit to add test data
-  "047e58e40c87f9d19d68c21a533b706616ab1ef2", # old commit to add test data
-  "5345e49e7d63589fc637c2b0c7156bf97e9c72b8", # old commit to add test data
-  "9c31229cedceedd75e06c381fe7218571a03c26d" # old commit to add test data
-]
-
-# Additional Examples
-
-# [[rules]]
-# description = "Generic Key"
-# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
-# entropies = [
-#     "4.1-4.3",
-#     "5.5-6.3",
-# ]
-# entropyROI = "line"
-# filetypes = [".go", ".py", ".c"]
-# tags = ["key"]
-# severity = "8"
-#
-#
-# [[rules]]
-# description = "Generic Key"
-# regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
-# entropies = ["4.1-4.3"]
-# filetypes = [".gee"]
-# entropyROI = "line"
-# tags = ["key"]
-# severity = "medium"
-
-# [[rules]]
-# description = "Any pem file"
-# filetypes = [".key"]
-# tags = ["pem"]
-# severity = "high"

data/.kateproject

@@ -1,4 +0,0 @@
-{
-  "name": "Slosilo"
-, "files": [ { "git": 1 } ]
-}

data/CHANGELOG.md

@@ -1,50 +0,0 @@
-# Changelog
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
-
-## [3.0.2] - 2023-11-14
-
-### Changed
-
-- Moved slosilo to Github Enterprise.
-- Updated to use Ruby 3+ and conjur-enterprise/release-tools' publish-rubygem.
-
-## [3.0.1] - 2023-02-10
-
-### Fixed
-
-- The symmetric cipher class now encrypts and decrypts in a thread-safe manner.
-   [cyberark/slosilo#31](https://github.com/cyberark/slosilo/pull/31)
-
-## [3.0.0] - 2022-02-01
-
-### Changed
-
-- Transition to Ruby 3. Consuming projects based on Ruby 2 shall use slosilo V2.X.X.
-
-## [2.2.2] - 2014-01-01
-
-## Added
-
-- Add rake task `slosilo:recalculate_fingerprints` which rehashes the fingerprints in the keystore.
-**Note**: After migrating the slosilo keystore, run the above rake task to ensure the fingerprints are correctly hashed.
-
-## [2.2.1] - 2014-01-01
-
-### Changed
-
-- Use SHA256 algorithm instead of MD5 for public key fingerprints.
-
-## [2.1.1] - 2014-01-01
-
-### Added
-
-- Add support for JWT-formatted tokens, with arbitrary expiration.
-
-## [2.0.1] - 2014-01-01
-
-### Fixed
-
-- Fixes a bug that occurs when signing tokens containing Unicode data

data/CONTRIBUTING.md

@@ -1,16 +0,0 @@
-# Contributing
-  
-For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
-
-## Contributing Workflow
-
-1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
-2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
-3. Make local changes to your fork by editing files
-3. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
-4. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
-5. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
-
-From here your pull request will be reviewed and once you've responded to all
-feedback it will be merged into the project. Congratulations, you're a
-contributor!

data/Jenkinsfile

@@ -1,132 +0,0 @@
-#!/usr/bin/env groovy
-@Library("product-pipelines-shared-library") _
-
-// Automated release, promotion and dependencies
-properties([
-  // Include the automated release parameters for the build
-  release.addParams(),
-  // Dependencies of the project that should trigger builds
-  dependencies([])
-])
-
-// Performs release promotion.  No other stages will be run
-if (params.MODE == "PROMOTE") {
-  release.promote(params.VERSION_TO_PROMOTE) { infrapool, sourceVersion, targetVersion, assetDirectory ->
-    // Any assets from sourceVersion Github release are available in assetDirectory
-    // Any version number updates from sourceVersion to targetVersion occur here
-    // Any publishing of targetVersion artifacts occur here
-    // Anything added to assetDirectory will be attached to the Github Release
-
-    //Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
-
-    // Publish container images to internal registry
-    //INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "summon --yaml 'RUBYGEMS_API_KEY: !var rubygems/api-key' ${toolsDirectory}/bin/publish-rubygem slosilo"
-
-    INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "./publish.sh"
-    
-    INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp slosilo*.gem ${assetDirectory}"
-  }
-  release.copyEnterpriseRelease(params.VERSION_TO_PROMOTE)
-  return
-}
-
-pipeline {
-  agent { label 'conjur-enterprise-common-agent' }
-
-  triggers {
-    cron(getDailyCronString())
-  }
-
-  environment {
-    // Sets the MODE to the specified or autocalculated value as appropriate
-    MODE = release.canonicalizeMode()
-  }
-
-  options {
-    timestamps()
-    buildDiscarder(logRotator(daysToKeepStr: '30'))
-  }
-
-  stages {
-    stage('Get InfraPool Agent') {
-      steps {
-        script {
-          INFRAPOOL_EXECUTORV2_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2", quantity: 1, duration: 1)[0]
-          INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0 = getInfraPoolAgent.connected(type: "ExecutorV2RHELEE", quantity: 1, duration: 1)[0]
-        }
-      }
-    }
-
-    // Generates a VERSION file based on the current build number and latest version in CHANGELOG.md
-    stage('Validate Changelog and set version') {
-      steps {
-        script {
-          updateVersion(INFRAPOOL_EXECUTORV2_AGENT_0, "CHANGELOG.md", "${BUILD_NUMBER}")
-        }
-      }
-    }
-
-    stage('Test') {
-      parallel {
-        
-        stage('Run tests on EE') {
-          steps {
-            script {
-              INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0.agentSh './test.sh'
-            }
-          }
-          post { always {
-            script {
-              INFRAPOOL_EXECUTORV2_RHEL_EE_AGENT_0.agentStash name: 'eeTestResults', includes: 'spec/reports/*.xml', allowEmpty:true
-            }
-          }}
-        }
-
-        stage('Run tests') {
-          steps {
-            script {
-              INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
-              INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'TestResults', includes: 'spec/coverage/*.xml', allowEmpty:true
-            }
-          }
-        }
-
-      }
-    }
-
-    stage('Release') {
-      when {
-        expression {
-          MODE == "RELEASE"
-        }
-      }
-
-      steps {
-        script {
-          release(INFRAPOOL_EXECUTORV2_AGENT_0) { billOfMaterialsDirectory, assetDirectory, toolsDirectory ->
-            // Publish release artifacts to all the appropriate locations
-            // Copy any artifacts to assetDirectory to attach them to the Github release
-
-            // Publish container images to internal registry
-            INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "summon ${toolsDirectory}/bin/publish-rubygem slosilo"
-
-            INFRAPOOL_EXECUTORV2_AGENT_0.agentSh "cp slosilo*.gem ${assetDirectory}"
-          }
-        }
-      }
-    }
-  }
-
-  post {
-    always {
-      dir('ee-results'){
-        unstash 'eeTestResults'
-      }
-      unstash 'TestResults'
-      junit 'spec/reports/*.xml, ee-results/spec/reports/*.xml'
-      cobertura coberturaReportFile: 'spec/coverage/coverage.xml'
-      codacy action: 'reportCoverage', filePath: "spec/coverage/coverage.xml"
-      releaseInfraPoolAgent(".infrapool/release_agents")
-    }
-  }
-}

data/SECURITY.md

@@ -1,42 +0,0 @@
-# Security Policies and Procedures
-
-This document outlines security procedures and general policies for the CyberArk Conjur
-suite of tools and products.
-
-  * [Reporting a Bug](#reporting-a-bug)
-  * [Disclosure Policy](#disclosure-policy)
-  * [Comments on this Policy](#comments-on-this-policy)
-
-## Reporting a Bug
-
-The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
-Thank you for improving the security of the Conjur suite. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the lead maintainers at security@conjur.org.
-
-The maintainers will acknowledge your email within 2 business days. Subsequently, we will 
-send a more detailed response within 2 business days of our acknowledgement indicating
-the next steps in handling your report. After the initial reply to your report, the security
-team will endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.
-
-Report security bugs in third-party modules to the person or team maintaining
-the module.
-
-## Disclosure Policy
-
-When the security team receives a security bug report, they will assign it to a
-primary handler. This person will coordinate the fix and release process,
-involving the following steps:
-
-  * Confirm the problem and determine the affected versions.
-  * Audit code to find any potential similar problems.
-  * Prepare fixes for all releases still under maintenance. These fixes will be
-    released as fast as possible.
-
-## Comments on this Policy
-
-If you have suggestions on how this process could be improved please submit a
-pull request.

data/dev/Dockerfile.dev

@@ -1,7 +0,0 @@
-FROM ruby
-
-COPY ./ /src/
-
-WORKDIR /src
-
-RUN bundle

data/dev/docker-compose.yml

@@ -1,8 +0,0 @@
-version: '3'
-services:
-  dev:
-    build:
-      context: ..
-      dockerfile: dev/Dockerfile.dev
-    volumes:
-      - ../:/src

data/lib/slosilo/adapters/file_adapter.rb

@@ -1,42 +0,0 @@
-require 'slosilo/adapters/abstract_adapter'
-
-module Slosilo
-  module Adapters
-    class FileAdapter < AbstractAdapter
-      attr_reader :dir
-      
-      def initialize(dir)
-        @dir = dir
-        @keys = {}
-        @fingerprints = {}
-        Dir[File.join(@dir, "*.key")].each do |f|
-          key = Slosilo::EncryptedAttributes.decrypt File.read(f)
-          id = File.basename(f, '.key')
-          key = @keys[id] = Slosilo::Key.new(key)
-          @fingerprints[key.fingerprint] = id
-        end
-      end
-      
-      def put_key id, value
-        raise "id should not contain a period" if id.index('.')
-        fname = File.join(dir, "#{id}.key")
-        File.write(fname, Slosilo::EncryptedAttributes.encrypt(value.to_der))
-        File.chmod(0400, fname)
-        @keys[id] = value
-      end
-      
-      def get_key id
-        @keys[id]
-      end
-
-      def get_by_fingerprint fp
-        id = @fingerprints[fp]
-        [@keys[id], id]
-      end
-      
-      def each(&block)
-        @keys.each(&block)
-      end
-    end
-  end
-end

data/lib/slosilo/adapters/memory_adapter.rb

@@ -1,31 +0,0 @@
-require 'slosilo/adapters/abstract_adapter'
-
-module Slosilo
-  module Adapters
-    class MemoryAdapter < AbstractAdapter
-      def initialize
-        @keys = {}
-        @fingerprints = {}
-      end
-      
-      def put_key id, key
-        key = Slosilo::Key.new(key) if key.is_a?(String)
-        @keys[id] = key
-        @fingerprints[key.fingerprint] = id
-      end
-      
-      def get_key id
-        @keys[id]
-      end
-
-      def get_by_fingerprint fp
-        id = @fingerprints[fp]
-        [@keys[id], id]
-      end
-      
-      def each(&block)
-        @keys.each(&block)
-      end
-    end
-  end
-end

data/lib/slosilo/errors.rb

@@ -1,15 +0,0 @@
-module Slosilo
-  class Error < RuntimeError
-    # An error thrown when attempting to store a private key in an unecrypted
-    # storage. Set Slosilo.encryption_key to secure the storage or make sure
-    # to store just the public keys (using Key#public).
-    class InsecureKeyStorage < Error
-      def initialize msg = "can't store a private key in a plaintext storage"
-        super
-      end
-    end
-
-    class TokenValidationError < Error
-    end
-  end
-end