From d013c1afe7a85cf626bcbf8f3459ad37052c8b0d Mon Sep 17 00:00:00 2001 From: Savvas Kyriacou Date: Mon, 3 Jun 2024 15:55:53 +0100 Subject: [PATCH 1/3] added test files to detect-secrets and audited the secrets Signed-off-by: Savvas Kyriacou --- .secrets.baseline | 85 +++++++++++++++++++ build-locally.sh | 40 ++++++++- .../cicsts/ICeciResponseOutputValue.java | 12 +-- .../internal/TestDockerRegistryImpl.java | 2 +- .../src/main/resources/testSecret.yaml | 2 +- .../main/resources/k8s/config-grafana.yaml | 12 +-- .../src/main/res/jmeter.properties | 4 +- .../internal/shared/LinuxSharedImage.java | 2 +- .../zos3270/orders/GraphicsEscapeTest.java | 2 +- .../src/test/java/t/TestColour.java | 2 +- .../src/test/java/t/TestInbound.java | 2 +- .../RseapiZosDatasetAttributesListdsi.java | 12 +-- .../ZosmfZosDatasetAttributesListdsi.java | 12 +-- .../internal/properties/TestServerCreds.java | 12 +-- .../internal/properties/TestServerCreds.java | 12 +-- 15 files changed, 167 insertions(+), 46 deletions(-) create mode 100644 .secrets.baseline diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 000000000..6734c89e3 --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,85 @@ +{ + "exclude": { + "files": "^.secrets.baseline$", + "lines": null + }, + "generated_at": "2024-06-03T14:55:28Z", + "plugins_used": [ + { + "name": "AWSKeyDetector" + }, + { + "name": "ArtifactoryDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "base64_limit": 4.5, + "name": "Base64HighEntropyString" + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "BoxDetector" + }, + { + "name": "CloudantDetector" + }, + { + "ghe_instance": "github.ibm.com", + "name": "GheDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "hex_limit": 3, + "name": "HexHighEntropyString" + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "keyword_exclude": null, + "name": "KeywordDetector" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "results": {}, + "version": "0.13.1+ibm.62.dss", + "word_list": { + "file": null, + "hash": null + } +} diff --git a/build-locally.sh b/build-locally.sh index 2d3452950..4f60457e6 100755 --- a/build-locally.sh +++ b/build-locally.sh @@ -78,6 +78,15 @@ Options are: EOF } +function check_exit_code () { + # This function takes 3 parameters in the form: + # $1 an integer value of the returned exit code + # $2 an error message to display if $1 is not equal to 0 + if [[ "$1" != "0" ]]; then + error "$2" + exit 1 + fi +} #----------------------------------------------------------------------------------------- # Process parameters #----------------------------------------------------------------------------------------- @@ -185,9 +194,36 @@ function build_code { info "Using command: ${cmd}" $cmd 2>&1 > ${log_file} - rc=$? ; if [[ "${rc}" != "0" ]]; then error "Failed to build ${project} see logs at ${log_file}" ; exit 1 ; fi + rc=$? + check_exit_code $rc "Failed to build ${project} see logs at ${log_file}" success "Project ${project} built - OK - log is at ${log_file}" } -build_code \ No newline at end of file +function check_secrets { + h2 "updating secrets baseline" + cd ${BASEDIR} + detect-secrets scan --update .secrets.baseline + rc=$? + check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly" + success "updated secrets file" + + h2 "running audit for secrets" + detect-secrets audit .secrets.baseline + rc=$? + check_exit_code $rc "Failed to audit detect-secrets." + + #Check all secrets have been audited + secrets=$(grep -c hashed_secret .secrets.baseline) + audits=$(grep -c is_secret .secrets.baseline) + if [[ "$secrets" != "$audits" ]]; then + error "Not all secrets found have been audited" + exit 1 + fi + success "secrets audit complete" +} + + +build_code + +check_secrets \ No newline at end of file diff --git a/galasa-managers-parent/galasa-managers-cicsts-parent/dev.galasa.cicsts.manager/src/main/java/dev/galasa/cicsts/ICeciResponseOutputValue.java b/galasa-managers-parent/galasa-managers-cicsts-parent/dev.galasa.cicsts.manager/src/main/java/dev/galasa/cicsts/ICeciResponseOutputValue.java index 589811c9b..f08704bb1 100644 --- a/galasa-managers-parent/galasa-managers-cicsts-parent/dev.galasa.cicsts.manager/src/main/java/dev/galasa/cicsts/ICeciResponseOutputValue.java +++ b/galasa-managers-parent/galasa-managers-cicsts-parent/dev.galasa.cicsts.manager/src/main/java/dev/galasa/cicsts/ICeciResponseOutputValue.java @@ -1,8 +1,8 @@ -/* - * Copyright contributors to the Galasa project - * - * SPDX-License-Identifier: EPL-2.0 - */ +/* + * Copyright contributors to the Galasa project + * + * SPDX-License-Identifier: EPL-2.0 + */ package dev.galasa.cicsts; @@ -14,7 +14,7 @@ * show:
* INTO('A.....')
* and in Hex:
- * INTO(X'C13456789ABC')
+ * INTO(X'C13456789ABC')
example hex in javadoc comment //pragma: allowlist secret * Both representations are available using the {@link #getTextValue()} and {@link #getHexValue()} methods respectively */ public interface ICeciResponseOutputValue { diff --git a/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.docker.manager/src/test/java/dev/galasa/docker/internal/TestDockerRegistryImpl.java b/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.docker.manager/src/test/java/dev/galasa/docker/internal/TestDockerRegistryImpl.java index 74196d93a..fe2e06a9e 100644 --- a/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.docker.manager/src/test/java/dev/galasa/docker/internal/TestDockerRegistryImpl.java +++ b/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.docker.manager/src/test/java/dev/galasa/docker/internal/TestDockerRegistryImpl.java @@ -115,7 +115,7 @@ public void retrieveBearerTokenUnauthorised() throws DockerManagerException, Mal when(credentialsMock.getUsername()).thenReturn("testUsername"); when(credentialsMock.getPassword()).thenReturn("testPassword"); String user = "testUsername"; - String password = "testPassword"; + String password = "testPassword"; //unit test mock password //pragma: allowlist secret when(clientMock.setAuthorisation(user, password)).thenReturn(clientMock); when(clientMock.build()).thenReturn(clientMock); // Base64 encoding credentials to replicate private encoding method (generateDockerRegistryAuthStructure) diff --git a/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.kubernetes.manager.ivt/src/main/resources/testSecret.yaml b/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.kubernetes.manager.ivt/src/main/resources/testSecret.yaml index fb0caea30..b4fcb1faa 100644 --- a/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.kubernetes.manager.ivt/src/main/resources/testSecret.yaml +++ b/galasa-managers-parent/galasa-managers-cloud-parent/dev.galasa.kubernetes.manager.ivt/src/main/resources/testSecret.yaml @@ -9,4 +9,4 @@ kind: Secret metadata: name: testsecret data: - test_password: dGVzdHBhc3N3b3Jk \ No newline at end of file + test_password: dGVzdHBhc3N3b3Jk #This is used in in the IVT test only #pragma: allowlist secret \ No newline at end of file diff --git a/galasa-managers-parent/galasa-managers-other-parent/dev.galasa.galasaecosystem.manager/src/main/resources/k8s/config-grafana.yaml b/galasa-managers-parent/galasa-managers-other-parent/dev.galasa.galasaecosystem.manager/src/main/resources/k8s/config-grafana.yaml index 92c440f9e..4c24153d9 100644 --- a/galasa-managers-parent/galasa-managers-other-parent/dev.galasa.galasaecosystem.manager/src/main/resources/k8s/config-grafana.yaml +++ b/galasa-managers-parent/galasa-managers-other-parent/dev.galasa.galasaecosystem.manager/src/main/resources/k8s/config-grafana.yaml @@ -90,7 +90,7 @@ data: ;password = # Use either URL or the previous fields to configure the database - # Example: mysql://user:secret@host:port/database + # Example: mysql://user:secret@host:port/database #pragma: allowlist secret ;url = # For "postgres" only, either "disable", "require" or "verify-full" @@ -164,7 +164,7 @@ data: ;admin_user = admin # default admin password, can be changed before first start of grafana, or in profile settings - ;admin_password = admin + ;admin_password = admin #property is not used as it is commented out #pragma: allowlist secret # used for signing ;secret_key = SW2YcwTIb9zpOOhoPsMm @@ -276,7 +276,7 @@ data: ;enabled = false ;allow_sign_up = true ;client_id = some_id - ;client_secret = some_secret + ;client_secret = some_secret #property is not used as it is commented out #pragma: allowlist secret ;scopes = user:email,read:org ;auth_url = https://github.com/login/oauth/authorize ;token_url = https://github.com/login/oauth/access_token @@ -289,7 +289,7 @@ data: ;enabled = false ;allow_sign_up = true ;client_id = some_client_id - ;client_secret = some_client_secret + ;client_secret = some_client_secret #property is not used as it is commented out #pragma: allowlist secret ;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email ;auth_url = https://accounts.google.com/o/oauth2/auth ;token_url = https://accounts.google.com/o/oauth2/token @@ -302,7 +302,7 @@ data: ;name = OAuth ;allow_sign_up = true ;client_id = some_id - ;client_secret = some_secret + ;client_secret = some_secret #property is not used as it is commented out #pragma: allowlist secret ;scopes = user:email,read:org ;auth_url = https://foo.bar/login/oauth/authorize ;token_url = https://foo.bar/login/oauth/access_token @@ -323,7 +323,7 @@ data: ;enabled = false ;allow_sign_up = true ;client_id = some_id - ;client_secret = some_secret + ;client_secret = some_secret #property is not used as it is commented out #pragma: allowlist secret ;scopes = user:email ;allowed_organizations = diff --git a/galasa-managers-parent/galasa-managers-testingtools-parent/dev.galasa.jmeter.manager.ivt/src/main/res/jmeter.properties b/galasa-managers-parent/galasa-managers-testingtools-parent/dev.galasa.jmeter.manager.ivt/src/main/res/jmeter.properties index 02bd43e0f..72cde0228 100644 --- a/galasa-managers-parent/galasa-managers-testingtools-parent/dev.galasa.jmeter.manager.ivt/src/main/res/jmeter.properties +++ b/galasa-managers-parent/galasa-managers-testingtools-parent/dev.galasa.jmeter.manager.ivt/src/main/res/jmeter.properties @@ -316,7 +316,7 @@ remote_hosts=127.0.0.1 #server.rmi.ssl.keystore.file=rmi_keystore.jks # # Password of Keystore -#server.rmi.ssl.keystore.password=changeit +#server.rmi.ssl.keystore.password=changeit #property is not used as it is commented out #pragma: allowlist secret # # Key alias #server.rmi.ssl.keystore.alias=rmi @@ -328,7 +328,7 @@ remote_hosts=127.0.0.1 #server.rmi.ssl.truststore.file=rmi_keystore.jks # # Password of Trust store -#server.rmi.ssl.truststore.password=changeit +#server.rmi.ssl.truststore.password=changeit #property is not used as it is commented out #pragma: allowlist secret # # Set this if you don't want to use SSL for RMI #server.rmi.ssl.disable= false diff --git a/galasa-managers-parent/galasa-managers-unix-parent/dev.galasa.linux.manager/src/main/java/dev/galasa/linux/internal/shared/LinuxSharedImage.java b/galasa-managers-parent/galasa-managers-unix-parent/dev.galasa.linux.manager/src/main/java/dev/galasa/linux/internal/shared/LinuxSharedImage.java index 8c6400fc8..f56ba7215 100644 --- a/galasa-managers-parent/galasa-managers-unix-parent/dev.galasa.linux.manager/src/main/java/dev/galasa/linux/internal/shared/LinuxSharedImage.java +++ b/galasa-managers-parent/galasa-managers-unix-parent/dev.galasa.linux.manager/src/main/java/dev/galasa/linux/internal/shared/LinuxSharedImage.java @@ -78,7 +78,7 @@ public LinuxSharedImage(LinuxManagerImpl manager, String tag, String hostid, Str throw new LinuxManagerException("useradd of username " + this.username + " failed:-\n" + response); } - String tempPassword = "ThisIsTheFutureOfTesting"; + String tempPassword = "ThisIsTheFutureOfTesting"; //Not a secret but this raises a vulnerability on server side runs. Issue has been raised to correct this //pragma: allowlist secret for(int i = 0; i < 4; i++) { tempPassword = tempPassword + Integer.toString(this.random.nextInt(10)); } diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/dev/galasa/zos3270/orders/GraphicsEscapeTest.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/dev/galasa/zos3270/orders/GraphicsEscapeTest.java index 128d936b7..f72653f4a 100644 --- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/dev/galasa/zos3270/orders/GraphicsEscapeTest.java +++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/dev/galasa/zos3270/orders/GraphicsEscapeTest.java @@ -90,7 +90,7 @@ public void testGeConvertToDatastream() throws Exception { System.out.println(hexDatastream); - assertThat(hexDatastream).as("Expected outbound datastream").isEqualTo("7D40401140C1F1F20850F3F4"); + assertThat(hexDatastream).as("Expected outbound datastream").isEqualTo("7D40401140C1F1F20850F3F4"); // expected output as a hex code, not a secret //pragma: allowlist secret } diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestColour.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestColour.java index 51f710671..76282f600 100644 --- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestColour.java +++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestColour.java @@ -22,7 +22,7 @@ public class TestColour extends Zos3270TestBase { public static void main(String[] args) throws DecoderException, Zos3270Exception { - String inbound = "f5c2115b611311c2601df8d59699948193408689859384a211c5401df0d596999481931df8c995a38595a28511c6501d40e385a2a340c99597a4a3404040401df011c8f0290341f442f7c0f8c889878893898788a3899587114b50290341f242f2c0f0d9858440d985a58599a285290341f242f2c0f0d98584408187818995114c6f290341f242f1c0f0c293a48540d985a58599a285290341f242f3c0f0d789959240d985a58599a285290341f242f4c0f0c79985859540d985a58599a285290341f242f5c0f0e3a49998a49689a28540d985a58599a285114df0290341f242f7c0f0e68889a38540d985a58599a28511505e290341f442f6c0f0e885939396a640e4958485999389958511d27a290341f142f6c0f0e885939396a640c29389959211d55c290242f6c0f0e885939396a640d6a4a393899585114c60290341f242f6c0f0e885939396a640d985a58599a285114040290242f7c0f0e385a2a340c5a7a3859584858440c481a381a2a39985819440d4819711d550290242f2c0f0d9858440d6a4a39389958511d940290242f2c0f0d98584290242f1c0f0c293a485290242f3c0f0d7899592290242f4c0f0c799858595290242f5c0f0e3a49998a49689a285290242f6c0f0e885939396a6290242f7c0f0e68889a3851df0c4858681a493a3115a50290242f2c0f8d98584290242f1c0f8c293a485290242f3c0f8d7899592290242f4c0f8c799858595290242f5c0f8e3a49998a49689a285290242f6c0f8e885939396a6290242f7c0f8e68889a3851df8c4858681a493a311d2f0290341f142f2c0f0d9858440c293899592115050290341f442f2c0f0d9858440e49584859993899585115b60290341f442f4c0c1115c6f1df0"; + String inbound = "f5c2115b611311c2601df8d59699948193408689859384a211c5401df0d596999481931df8c995a38595a28511c6501d40e385a2a340c99597a4a3404040401df011c8f0290341f442f7c0f8c889878893898788a3899587114b50290341f242f2c0f0d9858440d985a58599a285290341f242f2c0f0d98584408187818995114c6f290341f242f1c0f0c293a48540d985a58599a285290341f242f3c0f0d789959240d985a58599a285290341f242f4c0f0c79985859540d985a58599a285290341f242f5c0f0e3a49998a49689a28540d985a58599a285114df0290341f242f7c0f0e68889a38540d985a58599a28511505e290341f442f6c0f0e885939396a640e4958485999389958511d27a290341f142f6c0f0e885939396a640c29389959211d55c290242f6c0f0e885939396a640d6a4a393899585114c60290341f242f6c0f0e885939396a640d985a58599a285114040290242f7c0f0e385a2a340c5a7a3859584858440c481a381a2a39985819440d4819711d550290242f2c0f0d9858440d6a4a39389958511d940290242f2c0f0d98584290242f1c0f0c293a485290242f3c0f0d7899592290242f4c0f0c799858595290242f5c0f0e3a49998a49689a285290242f6c0f0e885939396a6290242f7c0f0e68889a3851df0c4858681a493a3115a50290242f2c0f8d98584290242f1c0f8c293a485290242f3c0f8d7899592290242f4c0f8c799858595290242f5c0f8e3a49998a49689a285290242f6c0f8e885939396a6290242f7c0f8e68889a3851df8c4858681a493a311d2f0290341f142f2c0f0d9858440c293899592115050290341f442f2c0f0d9858440e49584859993899585115b60290341f442f4c0c1115c6f1df0"; // expected input as a hex code, not a secret //pragma: allowlist secret byte[] inboundBytes = Hex.decodeHex(inbound); Network network = new Network("here", 1, "a"); diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestInbound.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestInbound.java index c76c03dde..9f8216bfa 100644 --- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestInbound.java +++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zos3270.manager/src/test/java/t/TestInbound.java @@ -26,7 +26,7 @@ public static void main(String[] args) throws TerminalInterruptedException, Netw // String inbound = "f5c01140c1131140401d004a54444a53303120776173207375636365737366756c2e204a534f4e20636f6e76657274656420746f20446174612e2020205472616e73666f726d20636f6d6d616e64207375636365737366756c2e1d00200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d0020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; - String inbound1 = "f5c311c5e41311405d290242f1c0f8c3e5c6d4e2f0f140e3c5e2e340d4c1d7e2c5e311c5d21d60c3e4e2e3d6d4c5d940d5e4d4c2c5d97a1dd1f1f1f1f1f1f11df011c7f6290242f1c060d7c1d9e340d5e4d4c2c5d97a1dd1f2f2f2f2f2f2f2f2f2f21df0114ad9290242f1c060d8e4c1d5e3c9e3e87a1dd1f3f3f3f340401df0115a50290242f2c061c3d6d5e3d9d6d340e3c5e2e34040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040"; + String inbound1 = "f5c311c5e41311405d290242f1c0f8c3e5c6d4e2f0f140e3c5e2e340d4c1d7e2c5e311c5d21d60c3e4e2e3d6d4c5d940d5e4d4c2c5d97a1dd1f1f1f1f1f1f11df011c7f6290242f1c060d7c1d9e340d5e4d4c2c5d97a1dd1f2f2f2f2f2f2f2f2f2f21df0114ad9290242f1c060d8e4c1d5e3c9e3e87a1dd1f3f3f3f340401df0115a50290242f2c061c3d6d5e3d9d6d340e3c5e2e34040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040"; // expected input as a hex code, not a secret //pragma: allowlist secret String inbound2 = "f140114040124040"; String inbound3 = "f1c611c26013"; byte[] inbound1Bytes = Hex.decodeHex(inbound1); diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.rseapi.manager/src/main/java/dev/galasa/zosfile/rseapi/manager/internal/RseapiZosDatasetAttributesListdsi.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.rseapi.manager/src/main/java/dev/galasa/zosfile/rseapi/manager/internal/RseapiZosDatasetAttributesListdsi.java index 9c9a88a04..93725a7e8 100644 --- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.rseapi.manager/src/main/java/dev/galasa/zosfile/rseapi/manager/internal/RseapiZosDatasetAttributesListdsi.java +++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.rseapi.manager/src/main/java/dev/galasa/zosfile/rseapi/manager/internal/RseapiZosDatasetAttributesListdsi.java @@ -1,8 +1,8 @@ -/* - * Copyright contributors to the Galasa project - * - * SPDX-License-Identifier: EPL-2.0 - */ +/* + * Copyright contributors to the Galasa project + * + * SPDX-License-Identifier: EPL-2.0 + */ package dev.galasa.zosfile.rseapi.manager.internal; import java.io.BufferedReader; @@ -58,7 +58,7 @@ public class RseapiZosDatasetAttributesListdsi { private static final String PROP_SYSCREATE = "syscreate"; private static final String PROP_SYSREFDATE = "sysrefdate"; private static final String PROP_SYSEXDATE = "sysexdate"; - private static final String PROP_SYSPASSWORD = "syspassword"; + private static final String PROP_SYSPASSWORD = "syspassword"; //Not a password but a pointer to a password //pragma: allowlist secret private static final String PROP_SYSRACFA = "sysracfa"; private static final String PROP_SYSUPDATED = "sysupdated"; private static final String PROP_SYSTRKSCYL = "systrkscyl"; diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.zosmf.manager/src/main/java/dev/galasa/zosfile/zosmf/manager/internal/ZosmfZosDatasetAttributesListdsi.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.zosmf.manager/src/main/java/dev/galasa/zosfile/zosmf/manager/internal/ZosmfZosDatasetAttributesListdsi.java index bfd53084c..5dbee28ce 100644 --- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.zosmf.manager/src/main/java/dev/galasa/zosfile/zosmf/manager/internal/ZosmfZosDatasetAttributesListdsi.java +++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosfile.zosmf.manager/src/main/java/dev/galasa/zosfile/zosmf/manager/internal/ZosmfZosDatasetAttributesListdsi.java @@ -1,8 +1,8 @@ -/* - * Copyright contributors to the Galasa project - * - * SPDX-License-Identifier: EPL-2.0 - */ +/* + * Copyright contributors to the Galasa project + * + * SPDX-License-Identifier: EPL-2.0 + */ package dev.galasa.zosfile.zosmf.manager.internal; import java.io.BufferedReader; @@ -61,7 +61,7 @@ public class ZosmfZosDatasetAttributesListdsi { private static final String PROP_SYSCREATE = "syscreate"; private static final String PROP_SYSREFDATE = "sysrefdate"; private static final String PROP_SYSEXDATE = "sysexdate"; - private static final String PROP_SYSPASSWORD = "syspassword"; + private static final String PROP_SYSPASSWORD = "syspassword"; //Not a password but a pointer to a password //pragma: allowlist secret private static final String PROP_SYSRACFA = "sysracfa"; private static final String PROP_SYSUPDATED = "sysupdated"; private static final String PROP_SYSTRKSCYL = "systrkscyl"; diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosmf.manager/src/test/java/dev/galasa/zosmf/internal/properties/TestServerCreds.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosmf.manager/src/test/java/dev/galasa/zosmf/internal/properties/TestServerCreds.java index 82fee88e1..04f944e70 100644 --- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosmf.manager/src/test/java/dev/galasa/zosmf/internal/properties/TestServerCreds.java +++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosmf.manager/src/test/java/dev/galasa/zosmf/internal/properties/TestServerCreds.java @@ -1,8 +1,8 @@ -/* - * Copyright contributors to the Galasa project - * - * SPDX-License-Identifier: EPL-2.0 - */ +/* + * Copyright contributors to the Galasa project + * + * SPDX-License-Identifier: EPL-2.0 + */ package dev.galasa.zosmf.internal.properties; import org.junit.Assert; @@ -28,7 +28,7 @@ public class TestServerCreds { // // private static final String SERVER_ID = "server"; // -// private static final String CREDS = "creds"; +// private static final String CREDS = "creds"; commented out unit test //pragma: allowlist secret // // @Test // public void testConstructor() { diff --git a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosrseapi.manager/src/test/java/dev/galasa/zosrseapi/internal/properties/TestServerCreds.java b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosrseapi.manager/src/test/java/dev/galasa/zosrseapi/internal/properties/TestServerCreds.java index f8f46558c..98e256798 100644 --- a/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosrseapi.manager/src/test/java/dev/galasa/zosrseapi/internal/properties/TestServerCreds.java +++ b/galasa-managers-parent/galasa-managers-zos-parent/dev.galasa.zosrseapi.manager/src/test/java/dev/galasa/zosrseapi/internal/properties/TestServerCreds.java @@ -1,8 +1,8 @@ -/* - * Copyright contributors to the Galasa project - * - * SPDX-License-Identifier: EPL-2.0 - */ +/* + * Copyright contributors to the Galasa project + * + * SPDX-License-Identifier: EPL-2.0 + */ package dev.galasa.zosrseapi.internal.properties; import org.junit.Assert; @@ -28,7 +28,7 @@ public class TestServerCreds { // // private static final String SERVER_ID = "server"; // -// private static final String CREDS = "creds"; +// private static final String CREDS = "creds"; commented out unit test //pragma: allowlist secret // // @Test // public void testConstructor() { From dd5f2945b3095bba894ad4a0cb15bc40368ca0cd Mon Sep 17 00:00:00 2001 From: Savvas Kyriacou Date: Tue, 4 Jun 2024 15:38:03 +0100 Subject: [PATCH 2/3] added .pre-commit-config.yaml file to trigger detect-secrets Signed-off-by: Savvas Kyriacou --- .pre-commit-config.yaml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 000000000..3e262ed5d --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,6 @@ +repos: + - repo: https://github.com/ibm/detect-secrets + rev: 0.13.1+ibm.62.dss + hooks: + - id: detect-secrets # pragma: whitelist secret + args: [--baseline, .secrets.baseline, --use-all-plugins, --fail-on-unaudited] \ No newline at end of file From 239a01bb68e3f572b6719ef650611000d5ab0ba3 Mon Sep 17 00:00:00 2001 From: Savvas Kyriacou Date: Wed, 5 Jun 2024 16:53:34 +0100 Subject: [PATCH 3/3] added sed command to remove the generated at to prevent merge conflicts Signed-off-by: Savvas Kyriacou --- .secrets.baseline | 1 - build-locally.sh | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.secrets.baseline b/.secrets.baseline index 6734c89e3..fafda2d67 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,6 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-06-03T14:55:28Z", "plugins_used": [ { "name": "AWSKeyDetector" diff --git a/build-locally.sh b/build-locally.sh index 4f60457e6..bca3a8628 100755 --- a/build-locally.sh +++ b/build-locally.sh @@ -220,6 +220,7 @@ function check_secrets { error "Not all secrets found have been audited" exit 1 fi + sed -i '' '/[ ]*"generated_at": ".*",/d' .secrets.baseline success "secrets audit complete" }