diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml new file mode 100644 index 0000000..9e0feb2 --- /dev/null +++ b/.github/workflows/code.yml @@ -0,0 +1,96 @@ +name: "Code Scanning" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '37 15 * * 3' + +jobs: + codeql: + name: CodeQL Scan + runs-on: ubuntu-latest + timeout-minutes: 360 + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ruby + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:ruby" + + rubocop: + runs-on: ubuntu-latest + strategy: + fail-fast: false + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.0 + + - name: Install dependencies + run: bundle install + + - name: Rubocop run + run: | + bash -c " + bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif + [[ $? -ne 2 ]] + " + + - name: Upload Sarif output + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: rubocop.sarif + +# brakeman-scan: +# name: Brakeman Scan +# runs-on: ubuntu-latest +# permissions: +# contents: read +# security-events: write +# actions: read + +# steps: +# - name: Checkout +# uses: actions/checkout@v3 + +# - name: Setup Ruby +# uses: ruby/setup-ruby@v1 +# with: +# ruby-version: '3.0' + +# - name: Setup Brakeman +# run: | +# gem install brakeman + +# - name: Scan +# continue-on-error: true +# run: | +# brakeman -f sarif -o brakeman.sarif.json . + +# - name: Upload SARIF +# uses: github/codeql-action/upload-sarif@v2 +# with: +# sarif_file: brakeman.sarif.json diff --git a/.gitignore b/.gitignore index 8bb79f5..d8a9c4c 100644 --- a/.gitignore +++ b/.gitignore @@ -62,3 +62,6 @@ gemfiles/*.lock /spec/fixtures/rails_app/log/* /spec/fixtures/rails_app/tmp/* *.sqlite3 + +rubocop.sarif +brakeman.sarif.json diff --git a/.rubocop.yml b/.rubocop.yml index 0779c03..3d329fe 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,4 +1,5 @@ require: + - code_scanning - rubocop-performance - rubocop-rake - rubocop-rails diff --git a/Gemfile.lock b/Gemfile.lock index 90e0866..94387e5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -87,7 +87,7 @@ GIT PATH remote: . specs: - devise-auth0 (1.0.0.rc10) + devise-auth0 (1.0.0) auth0 (~> 5.6) devise (~> 4.8) dry-configurable (~> 0.13) @@ -109,42 +109,44 @@ GEM rake thor (>= 0.14.0) ast (2.4.2) - auth0 (5.8.0) + auth0 (5.14.1) addressable (~> 2.8) - jwt (~> 2.2) + jwt (~> 2.7) rest-client (~> 2.1) retryable (~> 3.0) zache (~> 0.12) base64 (0.1.1) - bcrypt (3.1.18) + bcrypt (3.1.19) builder (3.2.4) byebug (11.1.3) + code-scanning-rubocop (0.6.1) + rubocop (~> 1.0) coderay (1.1.3) concurrent-ruby (1.2.2) crack (0.4.5) rexml crass (1.0.6) - devise (4.8.1) + devise (4.9.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) responders warden (~> 1.2.3) diff-lcs (1.5.0) - digest (3.1.0) docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) dotenv (2.7.6) - dry-configurable (0.15.0) - concurrent-ruby (~> 1.0) + dry-configurable (0.16.1) dry-core (~> 0.6) - dry-core (0.7.1) + zeitwerk (~> 2.6) + dry-core (0.9.1) concurrent-ruby (~> 1.0) + zeitwerk (~> 2.6) erubi (1.12.0) faker (2.21.0) i18n (>= 1.8.11, < 2) - faraday (1.10.0) + faraday (1.10.3) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) @@ -159,11 +161,11 @@ GEM faraday-em_http (1.0.0) faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) - faraday-http-cache (2.3.0) + faraday-http-cache (2.5.0) faraday (>= 0.8) faraday-httpclient (1.0.1) - faraday-multipart (1.0.3) - multipart-post (>= 1.2, < 3) + faraday-multipart (1.0.4) + multipart-post (~> 2) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) @@ -179,7 +181,7 @@ GEM i18n (1.14.1) concurrent-ruby (~> 1.0) json (2.6.3) - jwt (2.3.0) + jwt (2.7.1) language_server-protocol (3.17.0.3) loofah (2.21.3) crass (~> 1.0.2) @@ -188,23 +190,25 @@ GEM mini_mime (>= 0.1.1) marcel (1.0.2) method_source (1.0.0) - mime-types (3.4.1) + mime-types (3.5.1) mime-types-data (~> 3.2015) - mime-types-data (3.2022.0105) + mime-types-data (3.2023.0808) mini_mime (1.1.2) + mini_portile2 (2.8.4) minitest (5.20.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-parser (0.1.1) - multipart-post (2.1.1) - net-protocol (0.1.3) + multipart-post (2.3.0) + net-protocol (0.2.1) timeout - net-smtp (0.3.1) - digest + net-smtp (0.3.3) net-protocol - timeout netrc (0.11.0) nio4r (2.5.8) + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) nokogiri (1.15.4-aarch64-linux) racc (~> 1.4) nokogiri (1.15.4-arm64-darwin) @@ -213,22 +217,23 @@ GEM racc (~> 1.4) nokogiri (1.15.4-x86_64-linux) racc (~> 1.4) - oauth2 (1.4.9) + oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (2.1.0) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (~> 1.1) + omniauth (2.1.1) hashie (>= 3.4.6) rack (>= 2.2.3) rack-protection - omniauth-auth0 (3.0.0) + omniauth-auth0 (3.1.1) + omniauth (~> 2) + omniauth-oauth2 (~> 1) + omniauth-oauth2 (1.8.0) + oauth2 (>= 1.4, < 3) omniauth (~> 2.0) - omniauth-oauth2 (~> 1.7) - omniauth-oauth2 (1.7.2) - oauth2 (~> 1.4) - omniauth (>= 1.9, < 3) omniauth-rails_csrf_protection (1.0.1) actionpack (>= 4.2) omniauth (~> 2.0) @@ -247,8 +252,8 @@ GEM public_suffix (4.0.7) racc (1.7.1) rack (2.2.8) - rack-protection (2.2.0) - rack + rack-protection (3.1.0) + rack (~> 2.2, >= 2.2.4) rack-test (2.1.0) rack (>= 1.3) rack_session_access (0.2.0) @@ -264,9 +269,9 @@ GEM rainbow (3.1.1) rake (13.0.6) regexp_parser (2.8.1) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) + responders (3.1.0) + actionpack (>= 5.2) + railties (>= 5.2) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) @@ -337,6 +342,9 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) sorbet-runtime (0.5.11010) sprockets (4.0.3) concurrent-ruby (~> 1.0) @@ -350,7 +358,7 @@ GEM prettier_print (>= 1.2.0) thor (1.2.2) timecop (0.9.5) - timeout (0.3.0) + timeout (0.4.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unf (0.1.4) @@ -358,6 +366,7 @@ GEM unf_ext (0.0.8.2) unicode-display_width (2.4.2) vcr (6.1.0) + version_gem (1.1.3) warden (1.2.9) rack (>= 2.0.9) webmock (3.14.0) @@ -368,12 +377,13 @@ GEM websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) yarp (0.10.0) - zache (0.12.0) + zache (0.13.1) zeitwerk (2.6.11) PLATFORMS aarch64-linux arm64-darwin-21 + ruby x86_64-darwin-20 x86_64-darwin-21 x86_64-linux @@ -381,6 +391,7 @@ PLATFORMS DEPENDENCIES appraisal (~> 2.4) bundler (~> 2.0) + code-scanning-rubocop devise-auth0! dotenv faker (~> 2.0) diff --git a/devise-auth0.gemspec b/devise-auth0.gemspec index aada05e..d7299ba 100644 --- a/devise-auth0.gemspec +++ b/devise-auth0.gemspec @@ -37,6 +37,7 @@ Gem::Specification.new do |s| s.add_development_dependency("appraisal", "~> 2.4") s.add_development_dependency("bundler", "~> 2.0") + s.add_development_dependency("code-scanning-rubocop") s.add_development_dependency("dotenv") s.add_development_dependency("faker", "~> 2.0") s.add_development_dependency("multi_json") diff --git a/lib/devise/auth0/version.rb b/lib/devise/auth0/version.rb index 5a2860c..514cf6c 100644 --- a/lib/devise/auth0/version.rb +++ b/lib/devise/auth0/version.rb @@ -2,7 +2,7 @@ module Devise module Auth0 - VERSION = "1.0.0".freeze + VERSION = "1.0.0" class << self def gem_version