@secretlint/secretlint-rule-gcp
Advanced tools
Comparing version 7.0.5 to 7.0.6
@@ -1,4 +0,3 @@ | ||
import fs from "node:fs"; | ||
import forge from "node-forge"; | ||
import path from "node:path"; | ||
import { reportIfFoundPrivateKeyP12Format } from "./reportIfFoundPrivateKeyP12Format.js"; | ||
export const messages = { | ||
@@ -36,28 +35,2 @@ PrivateKeyP12: { | ||
} | ||
function reportIfFoundPrivateKeyP12Format({ source, context, t, }) { | ||
if (!source.filePath) { | ||
return; | ||
} | ||
try { | ||
// Read file as Buffer to Base64 -> bytes -> asn1 | ||
const p12String = fs.readFileSync(source.filePath).toString("base64"); | ||
const p12Der = forge.util.decode64(p12String); | ||
const p12Asn1 = forge.asn1.fromDer(p12Der); | ||
// read p12 file with "notasecret" pass phase | ||
// The password for Service Account's the PKCS12 file is "notasecret". | ||
// If success read p12 file, report it as error | ||
// https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys#serviceaccountprivatekeytype | ||
forge.pkcs12.pkcs12FromAsn1(p12Asn1, "notasecret"); | ||
// because, this p12 file is credential for GCP Service Account | ||
context.report({ | ||
message: t("PrivateKeyP12", { | ||
FILE_NAME: source.filePath ? path.basename(source.filePath) : "", | ||
}), | ||
range: [0, source.content.length], | ||
}); | ||
} | ||
catch { | ||
// nope | ||
} | ||
} | ||
export const creator = { | ||
@@ -82,6 +55,6 @@ messages, | ||
if (source.ext === ".p12") { | ||
reportIfFoundPrivateKeyP12Format({ source, options: normalizedOptions, context, t }); | ||
return reportIfFoundPrivateKeyP12Format({ source, options: normalizedOptions, context, t }); | ||
} | ||
else if (source.ext === ".json") { | ||
reportIfFoundPrivateKeyJSONFormat({ source, options: normalizedOptions, context, t }); | ||
return reportIfFoundPrivateKeyJSONFormat({ source, options: normalizedOptions, context, t }); | ||
} | ||
@@ -88,0 +61,0 @@ }, |
{ | ||
"name": "@secretlint/secretlint-rule-gcp", | ||
"version": "7.0.5", | ||
"version": "7.0.6", | ||
"description": "A secretlint rule for GCP.", | ||
@@ -57,3 +57,3 @@ "keywords": [ | ||
"dependencies": { | ||
"@secretlint/types": "^7.0.5", | ||
"@secretlint/types": "^7.0.6", | ||
"@textlint/regexp-string-matcher": "^2.0.2", | ||
@@ -63,3 +63,3 @@ "node-forge": "^1.3.1" | ||
"devDependencies": { | ||
"@secretlint/tester": "^7.0.5", | ||
"@secretlint/tester": "^7.0.6", | ||
"@types/node": "^20.4.5", | ||
@@ -79,3 +79,3 @@ "@types/node-forge": "^1.3.4", | ||
}, | ||
"gitHead": "e2923cc15bfa29a4108bb77a5e593c30dea17751" | ||
"gitHead": "4b4f6919dccf59b4ff645cafacf2ee7e7a85ceb8" | ||
} |
@@ -1,2 +0,1 @@ | ||
import fs from "node:fs"; | ||
import { | ||
@@ -8,4 +7,4 @@ SecretLintRuleContext, | ||
} from "@secretlint/types"; | ||
import forge from "node-forge"; | ||
import path from "node:path"; | ||
import { reportIfFoundPrivateKeyP12Format } from "./reportIfFoundPrivateKeyP12Format.js"; | ||
@@ -64,37 +63,2 @@ export const messages = { | ||
function reportIfFoundPrivateKeyP12Format({ | ||
source, | ||
context, | ||
t, | ||
}: { | ||
source: SecretLintSourceCode; | ||
options: Required<Options>; | ||
context: SecretLintRuleContext; | ||
t: SecretLintRuleMessageTranslate<typeof messages>; | ||
}) { | ||
if (!source.filePath) { | ||
return; | ||
} | ||
try { | ||
// Read file as Buffer to Base64 -> bytes -> asn1 | ||
const p12String = fs.readFileSync(source.filePath).toString("base64"); | ||
const p12Der = forge.util.decode64(p12String); | ||
const p12Asn1 = forge.asn1.fromDer(p12Der); | ||
// read p12 file with "notasecret" pass phase | ||
// The password for Service Account's the PKCS12 file is "notasecret". | ||
// If success read p12 file, report it as error | ||
// https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys#serviceaccountprivatekeytype | ||
forge.pkcs12.pkcs12FromAsn1(p12Asn1, "notasecret"); | ||
// because, this p12 file is credential for GCP Service Account | ||
context.report({ | ||
message: t("PrivateKeyP12", { | ||
FILE_NAME: source.filePath ? path.basename(source.filePath) : "", | ||
}), | ||
range: [0, source.content.length], | ||
}); | ||
} catch { | ||
// nope | ||
} | ||
} | ||
export const creator: SecretLintRuleCreator<Options> = { | ||
@@ -119,5 +83,5 @@ messages, | ||
if (source.ext === ".p12") { | ||
reportIfFoundPrivateKeyP12Format({ source, options: normalizedOptions, context, t }); | ||
return reportIfFoundPrivateKeyP12Format({ source, options: normalizedOptions, context, t }); | ||
} else if (source.ext === ".json") { | ||
reportIfFoundPrivateKeyJSONFormat({ source, options: normalizedOptions, context, t }); | ||
return reportIfFoundPrivateKeyJSONFormat({ source, options: normalizedOptions, context, t }); | ||
} | ||
@@ -124,0 +88,0 @@ }, |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
18714
13
255
Updated@secretlint/types@^7.0.6