@secretlint/secretlint-rule-github
Advanced tools
Comparing version 5.2.4 to 5.3.0
@@ -16,8 +16,9 @@ "use strict"; | ||
// ghr for refresh tokens | ||
// github_pat for fine-grained personal access tokens | ||
const typeMap = new Map([ | ||
["ghp", "GitHub personal access tokens"], | ||
["gho", "OAuth access tokens"], | ||
["gho", "GitHub user-to-server tokens"], | ||
["ghs", "GitHub user-to-server tokens"], | ||
["ghr", "refresh tokens"], | ||
["github_pat", "fine-grained personal access tokens"], | ||
]); | ||
@@ -30,8 +31,5 @@ // FIXME: GitHub Token implement CRC-32 checksum | ||
}; | ||
function reportIfFoundKey({ source, options, context, t, }) { | ||
function reportIfFoundKey({ pattern, source, options, context, t, }) { | ||
var _a; | ||
// token length should be 40 | ||
// https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ | ||
const GITHUB_TOKEN_PATTERN = /(?<type>ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36}/g; | ||
const results = source.content.matchAll(GITHUB_TOKEN_PATTERN); | ||
const results = source.content.matchAll(pattern); | ||
for (const result of results) { | ||
@@ -74,2 +72,9 @@ const index = result.index || 0; | ||
create(context, options) { | ||
// token length should be 40 | ||
// https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ | ||
const CLASSIC_GITHUB_TOKEN_PATTERN = /(?<type>ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36}/g; | ||
// fine-grained personal access tokens. FIXME: Format of the token is unclear | ||
// https://github.com/community/community/discussions/36441#discussioncomment-4014190 | ||
const FINE_GRAINED_GITHUB_TOKEN_PATTERN = /(?<type>github_pat)_[A-Za-z0-9_]{82}/g; | ||
const patterns = [CLASSIC_GITHUB_TOKEN_PATTERN, FINE_GRAINED_GITHUB_TOKEN_PATTERN]; | ||
const t = context.createTranslator(exports.messages); | ||
@@ -81,3 +86,5 @@ const normalizedOptions = { | ||
file(source) { | ||
reportIfFoundKey({ source, options: normalizedOptions, context, t }); | ||
for (const pattern of patterns) { | ||
reportIfFoundKey({ pattern, source, options: normalizedOptions, context, t }); | ||
} | ||
}, | ||
@@ -84,0 +91,0 @@ }; |
{ | ||
"name": "@secretlint/secretlint-rule-github", | ||
"version": "5.2.4", | ||
"version": "5.3.0", | ||
"description": "A secretlint rule for sendgrid api keys.", | ||
@@ -46,10 +46,10 @@ "keywords": [ | ||
"dependencies": { | ||
"@secretlint/types": "^5.2.4", | ||
"@secretlint/types": "^5.3.0", | ||
"@textlint/regexp-string-matcher": "^2.0.2" | ||
}, | ||
"devDependencies": { | ||
"@secretlint/tester": "^5.2.4", | ||
"@secretlint/tester": "^5.3.0", | ||
"@types/mocha": "^9.1.1", | ||
"@types/node": "^18.0.0", | ||
"mocha": "^10.0.0", | ||
"@types/node": "^18.11.3", | ||
"mocha": "^10.1.0", | ||
"prettier": "^2.7.1", | ||
@@ -67,3 +67,3 @@ "rimraf": "^3.0.2", | ||
}, | ||
"gitHead": "5b67058d70acd3f10ccf5686222caa2bf4961517" | ||
"gitHead": "7df8da9e3b25593fe47a4f190fe073623a4b94c1" | ||
} |
@@ -37,2 +37,3 @@ # @secretlint/secretlint-rule-github | ||
- `ghr_` for GitHub App refresh tokens | ||
- `github_pat_` for fine-grained personal access tokens | ||
@@ -42,2 +43,3 @@ This rule can detect a new format of GitHub Token. | ||
- [Authentication token format updates are generally available | GitHub Changelog](https://github.blog/changelog/2021-03-31-authentication-token-format-updates-are-generally-available/) | ||
- [Introducing fine-grained personal access tokens for GitHub | The GitHub Blog](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/) | ||
@@ -44,0 +46,0 @@ ## Options |
@@ -25,3 +25,3 @@ import { | ||
type GITHUB_TOKEN_TYPE = "ghp" | "gho" | "ghu" | "ghs" | "ghr"; | ||
type GITHUB_TOKEN_TYPE = "ghp" | "gho" | "ghu" | "ghs" | "ghr" | "github_pat"; | ||
// ghp for GitHub personal access tokens | ||
@@ -32,8 +32,9 @@ // gho for OAuth access tokens | ||
// ghr for refresh tokens | ||
// github_pat for fine-grained personal access tokens | ||
const typeMap = new Map<GITHUB_TOKEN_TYPE, string>([ | ||
["ghp", "GitHub personal access tokens"], | ||
["gho", "OAuth access tokens"], | ||
["gho", "GitHub user-to-server tokens"], | ||
["ghs", "GitHub user-to-server tokens"], | ||
["ghr", "refresh tokens"], | ||
["github_pat", "fine-grained personal access tokens"], | ||
]); | ||
@@ -49,2 +50,3 @@ | ||
function reportIfFoundKey({ | ||
pattern, | ||
source, | ||
@@ -55,2 +57,3 @@ options, | ||
}: { | ||
pattern: RegExp; | ||
source: SecretLintSourceCode; | ||
@@ -61,6 +64,3 @@ options: Required<Options>; | ||
}) { | ||
// token length should be 40 | ||
// https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ | ||
const GITHUB_TOKEN_PATTERN = /(?<type>ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36}/g; | ||
const results = source.content.matchAll(GITHUB_TOKEN_PATTERN); | ||
const results = source.content.matchAll(pattern); | ||
for (const result of results) { | ||
@@ -104,2 +104,9 @@ const index = result.index || 0; | ||
create(context, options) { | ||
// token length should be 40 | ||
// https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ | ||
const CLASSIC_GITHUB_TOKEN_PATTERN = /(?<type>ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36}/g; | ||
// fine-grained personal access tokens. FIXME: Format of the token is unclear | ||
// https://github.com/community/community/discussions/36441#discussioncomment-4014190 | ||
const FINE_GRAINED_GITHUB_TOKEN_PATTERN = /(?<type>github_pat)_[A-Za-z0-9_]{82}/g; | ||
const patterns = [CLASSIC_GITHUB_TOKEN_PATTERN, FINE_GRAINED_GITHUB_TOKEN_PATTERN]; | ||
const t = context.createTranslator(messages); | ||
@@ -111,3 +118,5 @@ const normalizedOptions = { | ||
file(source: SecretLintSourceCode) { | ||
reportIfFoundKey({ source, options: normalizedOptions, context, t }); | ||
for (const pattern of patterns) { | ||
reportIfFoundKey({ pattern, source, options: normalizedOptions, context, t }); | ||
} | ||
}, | ||
@@ -114,0 +123,0 @@ }; |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
15391
222
79
Updated@secretlint/types@^5.3.0