Skip to content

Commit

Permalink
Merge pull request #1016 from microsoftgraph/fix/secrets-scanning
Browse files Browse the repository at this point in the history 
Update secrets scanning baseline and workflows
  • Loading branch information
@Ndiritu
Ndiritu authored Aug 13, 2024
2 parents 3b46951 + 6747942 commit 1b1546e
Show file tree
Hide file tree
Showing 6 changed files with 128 additions and 234 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/gradle-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,10 @@ jobs:
java-version: 21
distribution: 'temurin'
cache: gradle
- name: Detect Secrets
uses: RobertFischer/[email protected]
- name: Detect secrets
run: |
pip install detect-secrets
git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
- name: Grant Execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
Expand Down
12 changes: 8 additions & 4 deletions .github/workflows/preview-and-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Easy detect-secrets
uses: RobertFischer/[email protected]
- name: Detect secrets
run: |
pip install detect-secrets
git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
- name: Set up JDK
uses: actions/setup-java@v4
with:
Expand Down Expand Up @@ -66,8 +68,10 @@ jobs:
java-version: 21
distribution: 'temurin'
cache: gradle
- name: Easy detect-secrets
uses: RobertFischer/[email protected]
- name: Detect secrets
run: |
pip install detect-secrets
git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
- name: Download File
run: .\Scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
shell: pwsh
Expand Down
291 changes: 115 additions & 176 deletions .secrets.baseline
View file
Original file line number Diff line number Diff line change
@@ -1,176 +1,115 @@
{
"version": "1.0.3",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
},
{
"path": "detect_secrets.filters.regex.should_exclude_file",
"pattern": [
"gradle.properties"
]
}
],
"results": {
"src\\main\\java\\com\\microsoft\\graph\\info\\Constants.java": [
{
"type": "Secret Keyword",
"filename": "src\\main\\java\\com\\microsoft\\graph\\info\\Constants.java",
"hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
"is_verified": false,
"line_number": 15
},
{
"type": "Secret Keyword",
"filename": "src\\main\\java\\com\\microsoft\\graph\\info\\Constants.java",
"hashed_secret": "8b142a91cfb6e617618ad437cedf74a6745f8926",
"is_verified": false,
"line_number": 19
}
],
"src\\main\\java\\com\\microsoft\\graph\\models\\Windows10EndpointProtectionConfiguration.java": [
{
"type": "Base64 High Entropy String",
"filename": "src\\main\\java\\com\\microsoft\\graph\\models\\Windows10EndpointProtectionConfiguration.java",
"hashed_secret": "a36d9ed54fd9866b6310deaf93e8bd0a3aa7d93a",
"is_verified": false,
"line_number": 1584
},
{
"type": "Base64 High Entropy String",
"filename": "src\\main\\java\\com\\microsoft\\graph\\models\\Windows10EndpointProtectionConfiguration.java",
"hashed_secret": "fa21832796c6aa8d214926f962440605f96ebd9f",
"is_verified": false,
"line_number": 1584
},
{
"type": "Base64 High Entropy String",
"filename": "src\\main\\java\\com\\microsoft\\graph\\models\\Windows10EndpointProtectionConfiguration.java",
"hashed_secret": "c53ad759c5c193a5f1b85edde1315c1267ee0952",
"is_verified": false,
"line_number": 1593
}
],
"src\\main\\java\\com\\microsoft\\graph\\models\\Windows10GeneralConfiguration.java": [
{
"type": "Base64 High Entropy String",
"filename": "src\\main\\java\\com\\microsoft\\graph\\models\\Windows10GeneralConfiguration.java",
"hashed_secret": "91df51ff51a59099ee1fd1ff5601ed831d198a77",
"is_verified": false,
"line_number": 680
}
],
"src\\test\\java\\com\\microsoft\\graph\\functional\\OutlookTests.java": [
{
"type": "Base64 High Entropy String",
"filename": "src\\test\\java\\com\\microsoft\\graph\\functional\\OutlookTests.java",
"hashed_secret": "aa77b4dc79cbcfe055b89fe82a7798b6a67257f8",
"is_verified": false,
"line_number": 367
}
],
"src\\test\\java\\com\\microsoft\\graph\\functional\\PlannerTests.java": [
{
"type": "Base64 High Entropy String",
"filename": "src\\test\\java\\com\\microsoft\\graph\\functional\\PlannerTests.java",
"hashed_secret": "9606cd64700044d798023aef5dd6fef07852662f",
"is_verified": false,
"line_number": 410
}
],
"src\\test\\java\\com\\microsoft\\graph\\serialization\\DefaultSerializerTests.java": [
{
"type": "Hex High Entropy String",
"filename": "src\\test\\java\\com\\microsoft\\graph\\serialization\\DefaultSerializerTests.java",
"hashed_secret": "a354361806d535abc1f2298adc8b1d245a99d249",
"is_verified": false,
"line_number": 55
}
]
},
"generated_at": "2021-09-13T17:33:11Z"
}
{
"version": "1.5.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_baseline_file",
"filename": ".secrets.baseline"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
},
{
"path": "detect_secrets.filters.regex.should_exclude_file",
"pattern": [
"src/main/java/com/microsoft/graph/beta/generated/.*",
"release-please-config.json",
"kiota-lock.json"
]
}
],
"results": {},
"generated_at": "2024-08-13T13:13:56Z"
}
10 changes: 1 addition & 9 deletions android/gradle.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,7 @@ mavenArtifactId = microsoft-graph-beta
mavenMajorVersion = 6
mavenMinorVersion = 1
mavenPatchVersion = 0
mavenArtifactSuffix =

#These values are used to run functional tests
#If you wish to run the functional tests, edit the gradle.properties
#file in your user directory instead of adding them here.
#ex: C:\Users\username\.gradle\gradle.properties
ClientId="CLIENT_ID"
Username="USERNAME"
Password="PASSWORD"
mavenArtifactSuffix =

#enable mavenCentralPublishingEnabled to publish to maven central
mavenCentralSnapshotArtifactSuffix = -SNAPSHOT
Expand Down
8 changes: 0 additions & 8 deletions gradle.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,6 @@ mavenPatchVersion = 0
# x-release-please-end
mavenArtifactSuffix =

#These values are used to run functional tests
#If you wish to run the functional tests, edit the gradle.properties
#file in your user directory instead of adding them here.
#ex: C:\Users\username\.gradle\gradle.properties
ClientId="CLIENT_ID"
Username="USERNAME"
Password="PASSWORD"

#enable mavenCentralPublishingEnabled to publish to maven central
mavenCentralSnapshotArtifactSuffix = -SNAPSHOT
mavenCentralPublishingEnabled=true
Expand Down
35 changes: 0 additions & 35 deletions src/main/java/kiota-lock.json
View file

This file was deleted.

0 comments on commit 1b1546e

Please sign in to comment.