slosilo 2.2.1 → 2.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8723a6eff81a1e81b1e8f8a3b4998c202b4a36b042d2c3b33d830232f800e45e
-  data.tar.gz: 22abadf8b5edca4b2ad971be894e54a906e9b84f166098a95fbfa8cf8401a046
+  metadata.gz: eee5855bf8948e460edebcc7e04399ad32ea9085f101860ddddb4687139a0bf8
+  data.tar.gz: 415fa1a618fbffda2ebf1dcb59abc42285d11d01afbc4697299708bbe3bd01fb
 SHA512:
-  metadata.gz: 937190eaf606924682f14850313aeedf6b852f7cc0e88669451d6b0d147fcd61a485d4089ccdce35bb188fc057a750c82f01bd43118da104735efc264386caa7
-  data.tar.gz: 6e3b22a70e85c036932bb15b309e45d28d4b9f2eeaa59cdd2aa9f3db5b580b9d23e3844eaf71a59667acc99706b55e2100d1e4a1f6f0b70bafae117459babff3
+  metadata.gz: '098214ef9bbb3ac810a28425e943fe81528573d54e7cdf85261c45cd1ab95fdc57a2387c629adc246339bc04488ff01a04d5655163bf8f423c2edacbb60f7a80'
+  data.tar.gz: 163a3a8097d4bafc592718d1bb37f1f2f8e25cbb5b637ba68c6478d787f131e08cc5d2a017f9d80bb5127c757d8f817b0a39c0e7c77557b45fc9e01206139305

data/.github/CODEOWNERS

@@ -0,0 +1,10 @@
+* @cyberark/conjur-core-team @conjurinc/conjur-core-team @conjurdemos/conjur-core-team
+
+# Changes to .trivyignore require Security Architect approval
+.trivyignore @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects
+
+# Changes to .codeclimate.yml require Quality Architect approval
+.codeclimate.yml @cyberark/quality-architects @conjurinc/quality-architects @conjurdemos/quality-architects
+
+# Changes to SECURITY.md require Security Architect approval
+SECURITY.md @cyberark/security-architects @conjurinc/security-architects @conjurdemos/security-architects

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,21 @@
+### What does this PR do?
+- _What's changed? Why were these changes made?_
+- _How should the reviewer approach this PR, especially if manual tests are required?_
+- _Are there relevant screenshots you can add to the PR description?_
+
+### What ticket does this PR close?
+Connected to #[relevant GitHub issues, eg 76]
+
+### Checklists
+
+#### Change log
+- [ ] The CHANGELOG has been updated, or
+- [ ] This PR does not include user-facing changes and doesn't require a CHANGELOG update
+
+#### Test coverage
+- [ ] This PR includes new unit and integration tests to go with the code changes, or
+- [ ] The changes in this PR do not require tests
+
+#### Documentation
+- [ ] Docs (e.g. `README`s) were updated in this PR, and/or there is a follow-on issue to update docs, or
+- [ ] This PR does not require updating any documentation

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+# v2.2.2
+
+* Add rake task `slosilo:recalculate_fingerprints` which rehashes the fingerprints in the keystore.
+**Note**: After migrating the slosilo keystore, run the above rake task to ensure the fingerprints are correctly hashed.
+
 # v2.2.1
 
 * Use SHA256 algorithm instead of MD5 for public key fingerprints.

data/Jenkinsfile

@@ -14,11 +14,14 @@ pipeline {
         sh './test.sh'
 
         junit 'spec/reports/*.xml'
+        cobertura coberturaReportFile: 'spec/coverage/coverage.xml'
+        sh 'cp spec/coverage/coverage.xml cobertura.xml'
+        ccCoverage("cobertura", "github.com/cyberark/slosilo")
       }
     }
 
     stage('Publish to RubyGems') {
-      agent { label 'releaser-v2' }
+      agent { label 'executor-v2' }
       when {
         allOf {
           branch 'master'

data/SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the CyberArk Conjur
+suite of tools and products.
+
+  * [Reporting a Bug](#reporting-a-bug)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+
+## Reporting a Bug
+
+The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously.
+Thank you for improving the security of the Conjur suite. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the lead maintainers at security@conjur.org.
+
+The maintainers will acknowledge your email within 2 business days. Subsequently, we will 
+send a more detailed response within 2 business days of our acknowledgement indicating
+the next steps in handling your report. After the initial reply to your report, the security
+team will endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a
+primary handler. This person will coordinate the fix and release process,
+involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance. These fixes will be
+    released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.

data/lib/slosilo/adapters/sequel_adapter.rb

@@ -49,6 +49,17 @@ module Slosilo
         end
       end
 
+      def recalculate_fingerprints
+        # Use a transaction to ensure that all fingerprints are updated together. If any update fails,
+        # we want to rollback all updates.
+        model.db.transaction do
+          model.each do |m|
+            m.update fingerprint: Slosilo::Key.new(m.key).fingerprint
+          end
+        end
+      end
+
+
       def migrate!
         unless fingerprint_in_db?
           model.db.transaction do
@@ -59,9 +70,7 @@ module Slosilo
             # reload the schema
             model.set_dataset model.dataset
 
-            model.each do |m|
-              m.update fingerprint: Slosilo::Key.new(m.key).fingerprint
-            end
+            recalculate_fingerprints
 
             model.db.alter_table :slosilo_keystore do
               set_column_not_null :fingerprint

data/lib/slosilo/version.rb

@@ -1,3 +1,3 @@
 module Slosilo
-  VERSION = "2.2.1"
+  VERSION = "2.2.2"
 end

data/lib/tasks/slosilo.rake

@@ -24,4 +24,9 @@ namespace :slosilo do
   task :migrate => :environment do |t|
     Slosilo.adapter.migrate!
   end
+
+  desc "Recalculate fingerprints in keystore"
+  task :recalculate_fingerprints => :environment do |t|
+    Slosilo.adapter.recalculate_fingerprints
+  end
 end

data/slosilo.gemspec

@@ -23,11 +23,12 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Slosilo::VERSION
   gem.required_ruby_version = '>= 1.9.3'
-  
+
   gem.add_development_dependency 'rake'
   gem.add_development_dependency 'rspec', '~> 3.0'
   gem.add_development_dependency 'ci_reporter_rspec'
   gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'simplecov-cobertura'
   gem.add_development_dependency 'io-grab', '~> 0.0.1'
   gem.add_development_dependency 'sequel' # for sequel tests
   gem.add_development_dependency 'sqlite3' # for sequel tests

data/spec/spec_helper.rb

@@ -1,4 +1,7 @@
 require "simplecov"
+require "simplecov-cobertura"
+
+SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
 SimpleCov.start
 
 require 'slosilo'
@@ -74,7 +77,7 @@ ooQ2FuL0K6ukQfHPjuMswqi41lmVH8gIVqVC+QnImUCrGxH9WXWy
 -----END RSA PRIVATE KEY-----
     """
   end
-  
+
   def self.mock_own_key
     before { allow(Slosilo).to receive(:[]).with(:own).and_return key }
   end

data/test.sh

@@ -17,6 +17,8 @@ docker run --cidfile $cidfile -v /app/spec/reports $iid bundle exec rake jenkins
 cid=$(cat $cidfile)
 
 docker cp $cid:/app/spec/reports spec/
+docker cp $cid:/app/coverage spec
+
 docker rm $cid
 
 # untag, will use cache next time if available but no junk will be left

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: slosilo
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 2.2.2
 platform: ruby
 authors:
 - Rafał Rzepecki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-14 00:00:00.000000000 Z
+date: 2020-08-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -66,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-cobertura
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: io-grab
   requirement: !ruby/object:Gem::Requirement
@@ -131,6 +145,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
+- ".github/CODEOWNERS"
+- ".github/PULL_REQUEST_TEMPLATE.md"
 - ".gitignore"
 - ".gitleaks.toml"
 - ".kateproject"
@@ -141,6 +157,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - lib/slosilo.rb
 - lib/slosilo/adapters/abstract_adapter.rb
 - lib/slosilo/adapters/file_adapter.rb