diff --git a/CHANGELOG.md b/CHANGELOG.md index 03834e6..e7b9cda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,16 +1,19 @@ -# v0.1.3 +# 0.1.4 +### Improvements +* Update libs and gradle +# 0.1.3 ### Fixes * Fix build on Mac with M1 chip ### Improvements * Update Gradle, Detekt, and Kotest -# v0.1.2 +# 0.1.2 ### Fixes * Fix call to `customDecode()` in C++ code ### Improvements * jcenter dependency removed * Moving up to gradle 6.8.3 * Various libraries update -# v0.1.1 +# 0.1.1 ### Fixes * Fix sha256 generation : long keys are now decoded correctly. Reported in https://github.com/klaxit/hidden-secrets-gradle-plugin/issues/16 * Random string generation was not including lower case characters @@ -27,5 +30,5 @@ * To take advantage of the sha256 generation fix you need to : 1) Remove files : `secrets.cpp`, `sha256.cpp` and `Secrets.kt` from your project (that will delete all your keys previously added) 2) You need to re-add all your keys with `hideSecret` command (will copy new cpp files and encode your key) -# v0.1.0 +# 0.1.0 * First release diff --git a/README.md b/README.md index 1e30403..e2f6ce5 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,10 @@ This plugin allows any Android developer to deeply hide secrets in its project. It is an OSS equivalent of what [DexGuard](https://www.guardsquare.com/en/products/dexguard) can offer to prevent **credentials harvesting**. It uses a combination of obfuscation techniques to do so : -- secret is obfuscated using the reversible XOR operator so it never appears in plain sight, +- secret is obfuscated using the reversible XOR operator, so it never appears in plain sight, - obfuscated secret is stored in a NDK binary as an hexadecimal array, so it is really hard to spot / put together from a disassembly, - the obfuscating string is not persisted in the binary to force runtime evaluation (ie : prevent the compiler from disclosing the secret by optimizing the de-obfuscation logic), -- optionally, anyone can provide its own encoding / decoding algorithm when using the plugin to add an additional security layer. +- optionally, anyone can provide its own encoding / decoding algorithm when using the plugin to add a security layer. This plugin is **used in production** at [Klaxit - Covoiturage quotidien](https://play.google.com/store/apps/details?id=com.wayzup.wayzupapp). Our engineering team at Klaxit will provide its best effort to maintain this project. diff --git a/build.gradle.kts b/build.gradle.kts index 8b8311f..e90be13 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,6 +1,6 @@ plugins { - id("com.gradle.plugin-publish") version "0.16.0" - id("io.gitlab.arturbosch.detekt") version "1.18.1" + id("com.gradle.plugin-publish") version "0.18.0" + id("io.gitlab.arturbosch.detekt") version "1.19.0" `kotlin-dsl` `maven-publish` } @@ -12,10 +12,10 @@ repositories { } dependencies { - implementation("com.android.tools.build:gradle:4.1.3") + implementation("com.android.tools.build:gradle:4.2.2") - testImplementation("io.kotest:kotest-runner-junit5-jvm:4.6.3") - testImplementation("io.kotest:kotest-assertions-core-jvm:4.6.3") + testImplementation("io.kotest:kotest-runner-junit5-jvm:4.6.4") + testImplementation("io.kotest:kotest-assertions-core-jvm:4.6.4") testImplementation("junit:junit:4.13.2") } @@ -28,7 +28,7 @@ java { pluginBundle { website = "https://github.com/klaxit/hidden-secrets-gradle-plugin" vcsUrl = "https://github.com/klaxit/hidden-secrets-gradle-plugin.git" - tags = listOf("gradle", "plugin", "android", "hide", "secret", "key", "string", "obfuscate") + tags = listOf("plugin", "android", "hide", "secret", "key", "string", "obfuscate") } gradlePlugin { diff --git a/config/detekt/detekt.yml b/config/detekt/detekt.yml index d70a9c4..2c85cf1 100644 --- a/config/detekt/detekt.yml +++ b/config/detekt/detekt.yml @@ -482,7 +482,7 @@ potential-bugs: LateinitUsage: active: false excludes: ['**/test/**', '**/androidTest/**', '**/commonTest/**', '**/jvmTest/**', '**/jsTest/**', '**/iosTest/**'] - excludeAnnotatedProperties: [] + ignoreAnnotated: [] ignoreOnClassesPattern: '' MapGetWithNotNullAssertionOperator: active: false @@ -553,7 +553,7 @@ style: active: true ignoreOverridableFunction: true excludedFunctions: 'describeContents' - excludeAnnotatedFunction: ['dagger.Provides'] + ignoreAnnotated: ['dagger.Provides'] LibraryCodeMustSpecifyReturnType: active: true LibraryEntitiesShouldNotBePublic: @@ -629,10 +629,10 @@ style: active: false UnderscoresInNumericLiterals: active: false - acceptableDecimalLength: 5 + acceptableLength: 5 UnnecessaryAbstractClass: active: true - excludeAnnotatedClasses: ['dagger.Module'] + ignoreAnnotated: ['dagger.Module'] UnnecessaryAnnotationUseSiteTarget: active: false UnnecessaryApply: @@ -660,7 +660,7 @@ style: active: false UseDataClass: active: false - excludeAnnotatedClasses: [] + ignoreAnnotated: [] allowVars: false UseEmptyCounterpart: active: false diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index f3d88b1..7454180 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 0f80bbf..d2880ba 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.0.2-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 2fe81a7..744e882 100755 --- a/gradlew +++ b/gradlew @@ -72,7 +72,7 @@ case "`uname`" in Darwin* ) darwin=true ;; - MINGW* ) + MSYS* | MINGW* ) msys=true ;; NONSTOP* ) @@ -82,6 +82,7 @@ esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then @@ -129,6 +130,7 @@ fi if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then APP_HOME=`cygpath --path --mixed "$APP_HOME"` CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` # We build the pattern for arguments to be converted via cygpath diff --git a/gradlew.bat b/gradlew.bat index 24467a1..ac1b06f 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -29,6 +29,9 @@ if "%DIRNAME%" == "" set DIRNAME=. set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" @@ -37,7 +40,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto init +if "%ERRORLEVEL%" == "0" goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -51,7 +54,7 @@ goto fail set JAVA_HOME=%JAVA_HOME:"=% set JAVA_EXE=%JAVA_HOME%/bin/java.exe -if exist "%JAVA_EXE%" goto init +if exist "%JAVA_EXE%" goto execute echo. echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% @@ -61,28 +64,14 @@ echo location of your Java installation. goto fail -:init -@rem Get command-line arguments, handling Windows variants - -if not "%OS%" == "Windows_NT" goto win9xME_args - -:win9xME_args -@rem Slurp the command line arguments. -set CMD_LINE_ARGS= -set _SKIP=2 - -:win9xME_args_slurp -if "x%~1" == "x" goto execute - -set CMD_LINE_ARGS=%* - :execute @rem Setup the command line set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + @rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* :end @rem End local scope for the variables with windows NT shell diff --git a/settings.gradle.kts b/settings.gradle.kts index ef1176c..0108cbb 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -2,5 +2,5 @@ rootProject.name = "HiddenSecretsPlugin" gradle.allprojects { group = "com.klaxit.hiddensecrets" - version = "0.1.3" + version = "0.1.4" }