diff --git a/.github/workflows/gitleaks-action.yml b/.github/workflows/gitleaks-action.yml new file mode 100644 index 0000000..22413a1 --- /dev/null +++ b/.github/workflows/gitleaks-action.yml @@ -0,0 +1,25 @@ +# Software Name: floss-toolbox +# SPDX-FileCopyrightText: Copyright (c) Orange SA +# SPDX-License-Identifier: Apache-2.0 +# +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. +# +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents + +name: gitleaks +on: [pull_request, push, workflow_dispatch] +jobs: + scan: + name: gitleaks + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 841f63b..a98f34e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,102 +5,121 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## Unreleased +## [Unreleased](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.16.0..dev) -## [2.15.0] - 2024-03-12 +## [2.16.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.16.0..2.15.0) - 2024-03-16 ### Added -- Project - Generate THIRD-PARTY.md based on user inputs ([#119](https://github.com/Orange-OpenSource/floss-toolbox/issues/119)) +- [Utils] Add metrics and improve outputs for third-party generator scripts -## [2.14.0] - 2024-03-01 +### Changed + +- [Licenses Inventory] Update dependency pytests to v7.4.4 +- [Licenses Inventory] Update dependency beautifulsoup4 to v4.12.3 +- [Licenses Inventory] Improve requirements for Python modules in use ([#108](https://github.com/Orange-OpenSource/floss-toolbox/issues/108)) +- [Project] Plug Renovate, Gitleaks ([#112](https://github.com/Orange-OpenSource/floss-toolbox/issues/112)) +- [Project] Apply REUSE standards ([#114](https://github.com/Orange-OpenSource/floss-toolbox/issues/114)) +- [Project] Improve a bit CHANGELOG by leading scope keyword for each line + +### Security + +- [Licenses Inventory] Bump requests from v2.28.1 to v2.31.0 ([#3](https://github.com/Orange-OpenSource/floss-toolbox/security/dependabot/3)) + +## [2.15.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.15.0..2.14.0) - 2024-03-12 + +### Added + +- [Project] Generate THIRD-PARTY.md based on user inputs ([#119](https://github.com/Orange-OpenSource/floss-toolbox/issues/119)) + +## [2.14.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.14.0..2.13.0) - 2024-03-01 ### Added -- Generate template-based text using variables ([#84](https://github.com/Orange-OpenSource/floss-toolbox/issues/84)) +- [Utils] Generate template-based text using variables ([#84](https://github.com/Orange-OpenSource/floss-toolbox/issues/84)) ### Changed -- Make CHANGELOG more compliant ([#103](https://github.com/Orange-OpenSource/floss-toolbox/issues/103)) +- [Project] Make CHANGELOG more compliant ([#103](https://github.com/Orange-OpenSource/floss-toolbox/issues/103)) -## [2.13.0] - 2023-07-19 +## [2.13.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.13.0..2.12.0) - 2023-07-19 ### Added -- Diver - Compute metrics with in parameter URL to clone repo ([#98](https://github.com/Orange-OpenSource/floss-toolbox/issues/98)) +- [Diver] Compute metrics with in parameter URL to clone repo ([#98](https://github.com/Orange-OpenSource/floss-toolbox/issues/98)) ### Fixed -- Project - Broken links in README ([#96](https://github.com/Orange-OpenSource/floss-toolbox/issues/96)) +- [Project] Broken links in README ([#96](https://github.com/Orange-OpenSource/floss-toolbox/issues/96)) -## [2.12.0] - 2023-07-18 +## [2.12.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.12.0..2.11.0) - 2023-07-18 ### Added -- Diver - Lines of codes and useful metrics ([#28](https://github.com/Orange-OpenSource/floss-toolbox/issues/28)) +- [Diver] Lines of codes and useful metrics ([#28](https://github.com/Orange-OpenSource/floss-toolbox/issues/28)) ### Changed -- Project - Add DCO ([#87](https://github.com/Orange-OpenSource/floss-toolbox/issues/87)) -- Project - Add security policy file ([#90](https://github.com/Orange-OpenSource/floss-toolbox/issues/90)) -- Project - Split README files ([#85](https://github.com/Orange-OpenSource/floss-toolbox/issues/85)) -- Licenses Inventory - Move HTML test files to archives of release ([#86](https://github.com/Orange-OpenSource/floss-toolbox/issues/86)) -- GitHub - Add in dry-run Gemfiles ([#93](https://github.com/Orange-OpenSource/floss-toolbox/issues/93)) +- [Project] Add DCO ([#87](https://github.com/Orange-OpenSource/floss-toolbox/issues/87)) +- [Project] Add security policy file ([#90](https://github.com/Orange-OpenSource/floss-toolbox/issues/90)) +- [Project] Split README files ([#85](https://github.com/Orange-OpenSource/floss-toolbox/issues/85)) +- [Licenses Inventory] Move HTML test files to archives of release ([#86](https://github.com/Orange-OpenSource/floss-toolbox/issues/86)) +- [GitHub] Add in dry-run Gemfiles ([#93](https://github.com/Orange-OpenSource/floss-toolbox/issues/93)) -## [2.11.0] - 2023-06-28 +## [2.11.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.11.0..2.10.1) - 2023-06-28 ### Added -- GitHub - Set teams permissions to read ([#82](https://github.com/Orange-OpenSource/floss-toolbox/issues/82)) +- [GitHub] Set teams permissions to read ([#82](https://github.com/Orange-OpenSource/floss-toolbox/issues/82)) -## [2.10.1] - 2023-05-31 +## [2.10.1](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.10.1..2.10.0) - 2023-05-31 ### Fixed -- Diver - Path variables not protected ([#80](https://github.com/Orange-OpenSource/floss-toolbox/issues/80)) +- [Diver] Path variables not protected ([#80](https://github.com/Orange-OpenSource/floss-toolbox/issues/80)) -## [2.10.0] - 2023-05-30 +## [2.10.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.10.0..2.9.0) - 2023-05-30 ### Added -- Licenses Inventory - New release ([#77](https://github.com/Orange-OpenSource/floss-toolbox/issues/77)) +- [Licenses Inventory] New release ([#77](https://github.com/Orange-OpenSource/floss-toolbox/issues/77)) -## [2.9.0] - 2023-03-31 +## [2.9.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.9.0..2.8.0) - 2023-03-31 ### Added -- Licenses Inventory - New release ([#64](https://github.com/Orange-OpenSource/floss-toolbox/issues/64)) +- [Licenses Inventory] New release ([#64](https://github.com/Orange-OpenSource/floss-toolbox/issues/64)) -## [2.8.0] - 2023-03-10 +## [2.8.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.8.0..2.7.1) - 2023-03-10 ### Added -- Project - Split dry run ([#68](https://github.com/Orange-OpenSource/floss-toolbox/issues/68)) +- [Project] Split dry run ([#68](https://github.com/Orange-OpenSource/floss-toolbox/issues/68)) ### Changed -- Project - Update copyright ([#70](https://github.com/Orange-OpenSource/floss-toolbox/issues/70)) -- Project - Improve README ([#69](https://github.com/Orange-OpenSource/floss-toolbox/issues/69)) +- [Project] Update copyright ([#70](https://github.com/Orange-OpenSource/floss-toolbox/issues/70)) +- [Project] Improve README ([#69](https://github.com/Orange-OpenSource/floss-toolbox/issues/69)) -## [2.7.1] +## [2.7.1](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.7.1..2.7.0) ### Changed - Add missing files ([#63](https://github.com/Orange-OpenSource/floss-toolbox/issues/63)) -## [2.7.0] - 2023-01-18 +## [2.7.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.7.0..2.6.0) - 2023-01-18 ### Added - Package manager - Extract from files downloaded dependencies ([#2](https://github.com/Orange-OpenSource/floss-toolbox/issues/2)) -## [2.6.0] - 2022-05-05 +## [2.6.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.6.0..2.5.0) - 2022-05-05 ### Added - Look for leaks and vulnerabilities with exclusion of projects ([#57](https://github.com/Orange-OpenSource/floss-toolbox/issues/57)) -## [2.5.0] - 2022-03-09 +## [2.5.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.5.0..2.4.0) - 2022-03-09 ### Added @@ -111,11 +130,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Failure of git log if no commits ([#52](https://github.com/Orange-OpenSource/floss-toolbox/issues/52)) -## [2.4.0] - 2022-03-08 +## [2.4.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.4.0..2.3.0) - 2022-03-08 ### Added -- Look for leaks (GitHub) ([#44](https://github.com/Orange-OpenSource/floss-toolbox/issues/44)) +- [GitHub] Look for leaks ([#44](https://github.com/Orange-OpenSource/floss-toolbox/issues/44)) - Dry run ([#29](https://github.com/Orange-OpenSource/floss-toolbox/issues/29)) ### Changed @@ -123,26 +142,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Check of vulnerabilities ([#37](https://github.com/Orange-OpenSource/floss-toolbox/issues/37)) - Fix typo in doc and files ([#40](https://github.com/Orange-OpenSource/floss-toolbox/issues/40)) -## [2.3.0] - 2022-02-25 +## [2.3.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.3.0..2.2.0) - 2022-02-25 ### Added - Find repositories with vulnerabilities (Dependabot) ([#20](https://github.com/Orange-OpenSource/floss-toolbox/issues/20)) -## [2.2.0] 2022-02-24 +## [2.2.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.2.0..2.1.0) 2022-02-24 ### Added - Backup of repositories ([#19](https://github.com/Orange-OpenSource/floss-toolbox/issues/19)) - Extract email addresses ([#27](https://github.com/Orange-OpenSource/floss-toolbox/issues/27)) -## [2.1.0] - 2021-10-06 +## [2.1.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.1.0..2.0.0) - 2021-10-06 ### Added - List all contributors of a Git repository using Git history ([#13](https://github.com/Orange-OpenSource/floss-toolbox/issues/13)) -## [2.0.0] - 2021-06-05 +## [2.0.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.0.0..1.0.0) - 2021-06-05 ## Added diff --git a/CITATION.cff b/CITATION.cff index 30137da..78c6a1c 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -39,5 +39,5 @@ keywords: - audits - history license: Apache-2.0 -version: v2.15.0 -date-released: '2024-03-12' +version: v2.16.0 +date-released: '2024-03-19' diff --git a/toolbox/LicensesInventory/licenses/LICENSE-requests.txt b/LICENSES/Apache-2.0.txt similarity index 89% rename from toolbox/LicensesInventory/licenses/LICENSE-requests.txt rename to LICENSES/Apache-2.0.txt index 67db858..d645695 100644 --- a/toolbox/LicensesInventory/licenses/LICENSE-requests.txt +++ b/LICENSES/Apache-2.0.txt @@ -173,3 +173,30 @@ defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/toolbox/github/licenses/LICENSE-Ruby-Git.txt b/LICENSES/MIT.txt similarity index 87% rename from toolbox/github/licenses/LICENSE-Ruby-Git.txt rename to LICENSES/MIT.txt index 118ee3a..8aa2645 100644 --- a/toolbox/github/licenses/LICENSE-Ruby-Git.txt +++ b/LICENSES/MIT.txt @@ -1,6 +1,6 @@ -The MIT License +MIT License -Copyright (c) 2008 Scott Chacon +Copyright (c) [year] [fullname] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -9,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 5ddb8ee..d4feed9 100644 --- a/README.md +++ b/README.md @@ -19,14 +19,14 @@ _Python_ is also used. And a bit of _PHP_ because it is nice to use several languages we are not used to (stop the routine!). For these needs scripting is enough. -# Environment +## Environment You should have mainly the following environments bellow, but have a look on each folder README: - _Bash_ version **3.2.5** - _Ruby_ version **2.7.1** - _Python_ version **3.7** -# Project tree +## Project tree There are 5 folders containing scripts and programs to make your life a bit easier: @@ -38,10 +38,31 @@ There are 5 folders containing scripts and programs to make your life a bit easi Feel free to read each README available in all of the subdirectories listed above. -# Dry run +## Dry run To be sure you have a ready-to-run project, you can run the following dry-run command which will check if runtimes, third party tools and files are available. ```shell bash dry-run.sh -``` \ No newline at end of file +``` + +## About the repository + +### Renovate + +[Renovate](https://docs.renovatebot.com/) is used to as to try to keep updated dependencies of the project. +A _renovate.json_ must be added at the project root with cofiguration details ; but **the organization admins must enable it** (through the [admin console](https://developer.mend.io/)). +By default [Dependabot](https://docs.github.com/fr/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security#what-is-dependabot) was enabled for this project but has been replaced by _Renovate_. + +### Gitleaks + +[Gitleaks](https://github.com/gitleaks/gitleaks) is used so as to look for secrets and leak of sensitive data. +A _gitleaks.toml_ file has been placed at the project root, picked from the _Gitleaks_ repository, to define rules. +A *gitleaks-action.yml* is also defined to define the GitHub Action to call and some secrets to use to do so. +The *GITLEAKS_LICENSE* is defined in the organization level, **only the organization admins can make it visible to projects**. +This key (dedicated to organization) has been asked to the *Gitleaks* team and received gratefully from them. + +### DCO + +The *Developer Certificate of Origin* is applied here thanks to a [Probot bot](https://probot.github.io/apps/dco/). +On pull requests all commits must be signed off. This control is processed in an action. diff --git a/THIRD-PARTY.md b/THIRD-PARTY.md new file mode 100644 index 0000000..55dbdee --- /dev/null +++ b/THIRD-PARTY.md @@ -0,0 +1,75 @@ + +# Third Party Softwares + +This document contains the list of Third Party Softwares along with the license information. + +Third Party Software may impose additional restrictions and it is the user's responsibility to ensure that they have met the licensing +requirements of the relevant license of the Third Party Software they are using. + +## For project + +### gitleaks.toml + +Copyright (c) 2019 Zachary Rice + +The *gitleaks.toml* file was generated and distributed under the terms and conditions of the [MIT License](https://opensource.org/license/MIT). +You may download the source code on the [following website](https://github.com/gitleaks/gitleaks). +The local version has been modified by us since. + +## For "github" bucket + +### Octokit + +Version 6.1.1 + +Copyright (c) 2009-2017 Wynn Netherland, Adam Stacoviak, Erik Michaels-Ober + +*octokit.rb* is distributed under the terms and conditions of the [MIT License](https://opensource.org/license/MIT). +You may download the source code on the [following website](https://github.com/octokit/octokit.rb). + +### Ruby Git + +Version 1.18.0 + +Copyright (c) 2008 Scott Chacon + +*Ruby Git* is distributed under the terms and conditions of the [MIT License](https://opensource.org/license/MIT). +You may download the source code on the [following website](https://github.com/ruby-git/ruby-git). + +## For "LicensesInventory" bucket + +### Beautiful Soup + +Version 4.12.3 + +Copyright (c) Leonard Richardson + +*Beautiful Soup* is distributed under the terms and conditions of the [MIT License](https://opensource.org/license/MIT). +You may download the source code on the [following website](https://git.launchpad.net/beautifulsoup/). + +### pytest + +Version 7.4.4 + +Copyright (c) 2004 Holger Krekel and others + +*pytest* is distributed under the terms and conditions of the [MIT License](https://opensource.org/license/MIT). +You may download the source code on the [following website](https://github.com/pytest-dev/pytest). + +### requests + +Version 2.31.0 + +Copyright (c) 2019 Kenneth Reitz + +*requests* is distributed under the terms and conditions of the [Apache 2.0 License](https://opensource.org/license/apache-2-0). +You may download the source code on the [following website](https://github.com/psf/requests). + +### xmltodict + +Version 0.13.0 + +Copyright (c) 2012 Martin Blech and individual contributors. + +*xmltodict* is distributed under the terms and conditions of the [MIT License](https://opensource.org/license/MIT). +You may download the source code on the [following website](https://github.com/martinblech/xmltodict). diff --git a/gitleaks.toml b/gitleaks.toml new file mode 100644 index 0000000..bd8de35 --- /dev/null +++ b/gitleaks.toml @@ -0,0 +1,2856 @@ +# Software Name: floss-toolbox +# SPDX-FileCopyrightText: Copyright (c) Orange SA +# SPDX-License-Identifier: Apache-2.0 +# +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. +# +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents + +# Picked from https://raw.githubusercontent.com/gitleaks/gitleaks/master/config/gitleaks.toml + +title = "gitleaks config" + +[allowlist] +description = "global allow lists" +paths = [ + '''gitleaks.toml''', + '''(.*?)(jpg|gif|doc|docx|zip|xls|pdf|bin|svg|socket|vsidx|v2|suo|wsuo|.dll|pdb|exe)$''', + '''(go.mod|go.sum)$''', + '''gradle.lockfile''', + '''node_modules''', + '''package-lock.json''', + '''yarn.lock''', + '''pnpm-lock.yaml''', + '''Database.refactorlog''', + '''vendor''', +] + +[[rules]] +id = "adafruit-api-key" +description = "Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure." +regex = '''(?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "adafruit", +] + +[[rules]] +id = "adobe-client-id" +description = "Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches." +regex = '''(?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "adobe", +] + +[[rules]] +id = "adobe-client-secret" +description = "Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation." +regex = '''(?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "p8e-", +] + +[[rules]] +id = "age secret key" +description = "Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information." +regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}''' +keywords = [ + "age-secret-key-1", +] + +[[rules]] +id = "airtable-api-key" +description = "Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration." +regex = '''(?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "airtable", +] + +[[rules]] +id = "algolia-api-key" +description = "Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms." +regex = '''(?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "algolia", +] + +[[rules]] +id = "alibaba-access-key-id" +description = "Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise." +regex = '''(?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "ltai", +] + +[[rules]] +id = "alibaba-secret-key" +description = "Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud." +regex = '''(?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "alibaba", +] + +[[rules]] +id = "asana-client-id" +description = "Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information." +regex = '''(?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "asana", +] + +[[rules]] +id = "asana-client-secret" +description = "Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access." +regex = '''(?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "asana", +] + +[[rules]] +id = "atlassian-api-token" +description = "Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality." +regex = '''(?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "atlassian","confluence","jira", +] + +[[rules]] +id = "authress-service-client-access-key" +description = "Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data." +regex = '''(?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "sc_","ext_","scauth_","authress_", +] + +[[rules]] +id = "aws-access-token" +description = "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms." +regex = '''(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' +keywords = [ + "akia","agpa","aida","aroa","aipa","anpa","anva","asia", +] + +[[rules]] +id = "beamer-api-token" +description = "Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates." +regex = '''(?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "beamer", +] + +[[rules]] +id = "bitbucket-client-id" +description = "Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure." +regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "bitbucket", +] + +[[rules]] +id = "bitbucket-client-secret" +description = "Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access." +regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "bitbucket", +] + +[[rules]] +id = "bittrex-access-key" +description = "Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss." +regex = '''(?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "bittrex", +] + +[[rules]] +id = "bittrex-secret-key" +description = "Detected a Bittrex Secret Key, potentially compromising cryptocurrency transactions and financial security." +regex = '''(?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "bittrex", +] + +[[rules]] +id = "clojars-api-token" +description = "Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation." +regex = '''(?i)(CLOJARS_)[a-z0-9]{60}''' +keywords = [ + "clojars", +] + +[[rules]] +id = "codecov-access-token" +description = "Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data." +regex = '''(?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "codecov", +] + +[[rules]] +id = "coinbase-access-token" +description = "Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions." +regex = '''(?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "coinbase", +] + +[[rules]] +id = "confluent-access-token" +description = "Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow." +regex = '''(?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "confluent", +] + +[[rules]] +id = "confluent-secret-key" +description = "Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services." +regex = '''(?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "confluent", +] + +[[rules]] +id = "contentful-delivery-api-token" +description = "Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity." +regex = '''(?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "contentful", +] + +[[rules]] +id = "databricks-api-token" +description = "Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing." +regex = '''(?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "dapi", +] + +[[rules]] +id = "datadog-access-token" +description = "Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation." +regex = '''(?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "datadog", +] + +[[rules]] +id = "defined-networking-api-token" +description = "Identified a Defined Networking API token, which could lead to unauthorized network operations and data breaches." +regex = '''(?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "dnkey", +] + +[[rules]] +id = "digitalocean-access-token" +description = "Found a DigitalOcean OAuth Access Token, risking unauthorized cloud resource access and data compromise." +regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "doo_v1_", +] + +[[rules]] +id = "digitalocean-pat" +description = "Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy." +regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "dop_v1_", +] + +[[rules]] +id = "digitalocean-refresh-token" +description = "Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation." +regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "dor_v1_", +] + +[[rules]] +id = "discord-api-token" +description = "Detected a Discord API key, potentially compromising communication channels and user data privacy on Discord." +regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "discord", +] + +[[rules]] +id = "discord-client-id" +description = "Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications." +regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "discord", +] + +[[rules]] +id = "discord-client-secret" +description = "Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks." +regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "discord", +] + +[[rules]] +id = "doppler-api-token" +description = "Discovered a Doppler API token, posing a risk to environment and secrets management security." +regex = '''(dp\.pt\.)(?i)[a-z0-9]{43}''' +keywords = [ + "doppler", +] + +[[rules]] +id = "droneci-access-token" +description = "Detected a Droneci Access Token, potentially compromising continuous integration and deployment workflows." +regex = '''(?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "droneci", +] + +[[rules]] +id = "dropbox-api-token" +description = "Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage." +regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "dropbox", +] + +[[rules]] +id = "dropbox-long-lived-api-token" +description = "Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data." +regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "dropbox", +] + +[[rules]] +id = "dropbox-short-lived-api-token" +description = "Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation." +regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "dropbox", +] + +[[rules]] +id = "duffel-api-token" +description = "Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data." +regex = '''duffel_(test|live)_(?i)[a-z0-9_\-=]{43}''' +keywords = [ + "duffel", +] + +[[rules]] +id = "dynatrace-api-token" +description = "Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure." +regex = '''dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}''' +keywords = [ + "dynatrace", +] + +[[rules]] +id = "easypost-api-token" +description = "Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure." +regex = '''\bEZAK(?i)[a-z0-9]{54}''' +keywords = [ + "ezak", +] + +[[rules]] +id = "easypost-test-api-token" +description = "Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data." +regex = '''\bEZTK(?i)[a-z0-9]{54}''' +keywords = [ + "eztk", +] + +[[rules]] +id = "etsy-access-token" +description = "Found an Etsy Access Token, potentially compromising Etsy shop management and customer data." +regex = '''(?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "etsy", +] + +[[rules]] +id = "facebook" +description = "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure." +regex = '''(?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "facebook", +] + +[[rules]] +id = "fastly-api-token" +description = "Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues." +regex = '''(?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "fastly", +] + +[[rules]] +id = "finicity-api-token" +description = "Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations." +regex = '''(?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "finicity", +] + +[[rules]] +id = "finicity-client-secret" +description = "Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches." +regex = '''(?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "finicity", +] + +[[rules]] +id = "finnhub-access-token" +description = "Found a Finnhub Access Token, risking unauthorized access to financial market data and analytics." +regex = '''(?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "finnhub", +] + +[[rules]] +id = "flickr-access-token" +description = "Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage." +regex = '''(?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "flickr", +] + +[[rules]] +id = "flutterwave-encryption-key" +description = "Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information." +regex = '''FLWSECK_TEST-(?i)[a-h0-9]{12}''' +keywords = [ + "flwseck_test", +] + +[[rules]] +id = "flutterwave-public-key" +description = "Detected a Finicity Public Key, potentially exposing public cryptographic operations and integrations." +regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X''' +keywords = [ + "flwpubk_test", +] + +[[rules]] +id = "flutterwave-secret-key" +description = "Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches." +regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X''' +keywords = [ + "flwseck_test", +] + +[[rules]] +id = "frameio-api-token" +description = "Found a Frame.io API token, potentially compromising video collaboration and project management." +regex = '''fio-u-(?i)[a-z0-9\-_=]{64}''' +keywords = [ + "fio-u-", +] + +[[rules]] +id = "freshbooks-access-token" +description = "Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure." +regex = '''(?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "freshbooks", +] + +[[rules]] +id = "gcp-api-key" +description = "Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches." +regex = '''(?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "aiza", +] + +[[rules]] +id = "generic-api-key" +description = "Detected a Generic API Key, potentially exposing access to various services and sensitive operations." +regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +entropy = 3.5 +keywords = [ + "key","api","token","secret","client","passwd","password","auth","access", +] + +[rules.allowlist] +stopwords = [ + "000000", + "aaaaaa", + "about", + "abstract", + "academy", + "acces", + "account", + "act-", + "act.", + "act_", + "action", + "active", + "actively", + "activity", + "adapter", + "add-", + "add.", + "add_", + "add-on", + "addon", + "addres", + "admin", + "adobe", + "advanced", + "adventure", + "agent", + "agile", + "air-", + "air.", + "air_", + "ajax", + "akka", + "alert", + "alfred", + "algorithm", + "all-", + "all.", + "all_", + "alloy", + "alpha", + "amazon", + "amqp", + "analysi", + "analytic", + "analyzer", + "android", + "angular", + "angularj", + "animate", + "animation", + "another", + "ansible", + "answer", + "ant-", + "ant.", + "ant_", + "any-", + "any.", + "any_", + "apache", + "app-", + "app-", + "app.", + "app.", + "app_", + "app_", + "apple", + "arch", + "archive", + "archived", + "arduino", + "array", + "art-", + "art.", + "art_", + "article", + "asp-", + "asp.", + "asp_", + "asset", + "async", + "atom", + "attention", + "audio", + "audit", + "aura", + "auth", + "author", + "author", + "authorize", + "auto", + "automated", + "automatic", + "awesome", + "aws_", + "azure", + "back", + "backbone", + "backend", + "backup", + "bar-", + "bar.", + "bar_", + "base", + "based", + "bash", + "basic", + "batch", + "been", + "beer", + "behavior", + "being", + "benchmark", + "best", + "beta", + "better", + "big-", + "big.", + "big_", + "binary", + "binding", + "bit-", + "bit.", + "bit_", + "bitcoin", + "block", + "blog", + "board", + "book", + "bookmark", + "boost", + "boot", + "bootstrap", + "bosh", + "bot-", + "bot.", + "bot_", + "bower", + "box-", + "box.", + "box_", + "boxen", + "bracket", + "branch", + "bridge", + "browser", + "brunch", + "buffer", + "bug-", + "bug.", + "bug_", + "build", + "builder", + "building", + "buildout", + "buildpack", + "built", + "bundle", + "busines", + "but-", + "but.", + "but_", + "button", + "cache", + "caching", + "cakephp", + "calendar", + "call", + "camera", + "campfire", + "can-", + "can.", + "can_", + "canva", + "captcha", + "capture", + "card", + "carousel", + "case", + "cassandra", + "cat-", + "cat.", + "cat_", + "category", + "center", + "cento", + "challenge", + "change", + "changelog", + "channel", + "chart", + "chat", + "cheat", + "check", + "checker", + "chef", + "ches", + "chinese", + "chosen", + "chrome", + "ckeditor", + "clas", + "classe", + "classic", + "clean", + "cli-", + "cli.", + "cli_", + "client", + "client", + "clojure", + "clone", + "closure", + "cloud", + "club", + "cluster", + "cms-", + "cms_", + "coco", + "code", + "coding", + "coffee", + "color", + "combination", + "combo", + "command", + "commander", + "comment", + "commit", + "common", + "community", + "compas", + "compiler", + "complete", + "component", + "composer", + "computer", + "computing", + "con-", + "con.", + "con_", + "concept", + "conf", + "config", + "config", + "connect", + "connector", + "console", + "contact", + "container", + "contao", + "content", + "contest", + "context", + "control", + "convert", + "converter", + "conway'", + "cookbook", + "cookie", + "cool", + "copy", + "cordova", + "core", + "couchbase", + "couchdb", + "countdown", + "counter", + "course", + "craft", + "crawler", + "create", + "creating", + "creator", + "credential", + "crm-", + "crm.", + "crm_", + "cros", + "crud", + "csv-", + "csv.", + "csv_", + "cube", + "cucumber", + "cuda", + "current", + "currently", + "custom", + "daemon", + "dark", + "dart", + "dash", + "dashboard", + "data", + "database", + "date", + "day-", + "day.", + "day_", + "dead", + "debian", + "debug", + "debug", + "debugger", + "deck", + "define", + "del-", + "del.", + "del_", + "delete", + "demo", + "deploy", + "design", + "designer", + "desktop", + "detection", + "detector", + "dev-", + "dev.", + "dev_", + "develop", + "developer", + "device", + "devise", + "diff", + "digital", + "directive", + "directory", + "discovery", + "display", + "django", + "dns-", + "dns_", + "doc-", + "doc-", + "doc.", + "doc.", + "doc_", + "doc_", + "docker", + "docpad", + "doctrine", + "document", + "doe-", + "doe.", + "doe_", + "dojo", + "dom-", + "dom.", + "dom_", + "domain", + "done", + "don't", + "dot-", + "dot.", + "dot_", + "dotfile", + "download", + "draft", + "drag", + "drill", + "drive", + "driven", + "driver", + "drop", + "dropbox", + "drupal", + "dsl-", + "dsl.", + "dsl_", + "dynamic", + "easy", + "_ec2_", + "ecdsa", + "eclipse", + "edit", + "editing", + "edition", + "editor", + "element", + "emac", + "email", + "embed", + "embedded", + "ember", + "emitter", + "emulator", + "encoding", + "endpoint", + "engine", + "english", + "enhanced", + "entity", + "entry", + "env_", + "episode", + "erlang", + "error", + "espresso", + "event", + "evented", + "example", + "example", + "exchange", + "exercise", + "experiment", + "expire", + "exploit", + "explorer", + "export", + "exporter", + "expres", + "ext-", + "ext.", + "ext_", + "extended", + "extension", + "external", + "extra", + "extractor", + "fabric", + "facebook", + "factory", + "fake", + "fast", + "feature", + "feed", + "fewfwef", + "ffmpeg", + "field", + "file", + "filter", + "find", + "finder", + "firefox", + "firmware", + "first", + "fish", + "fix-", + "fix_", + "flash", + "flask", + "flat", + "flex", + "flexible", + "flickr", + "flow", + "fluent", + "fluentd", + "fluid", + "folder", + "font", + "force", + "foreman", + "fork", + "form", + "format", + "formatter", + "forum", + "foundry", + "framework", + "free", + "friend", + "friendly", + "front-end", + "frontend", + "ftp-", + "ftp.", + "ftp_", + "fuel", + "full", + "fun-", + "fun.", + "fun_", + "func", + "future", + "gaia", + "gallery", + "game", + "gateway", + "gem-", + "gem.", + "gem_", + "gen-", + "gen.", + "gen_", + "general", + "generator", + "generic", + "genetic", + "get-", + "get.", + "get_", + "getenv", + "getting", + "ghost", + "gist", + "git-", + "git.", + "git_", + "github", + "gitignore", + "gitlab", + "glas", + "gmail", + "gnome", + "gnu-", + "gnu.", + "gnu_", + "goal", + "golang", + "gollum", + "good", + "google", + "gpu-", + "gpu.", + "gpu_", + "gradle", + "grail", + "graph", + "graphic", + "great", + "grid", + "groovy", + "group", + "grunt", + "guard", + "gui-", + "gui.", + "gui_", + "guide", + "guideline", + "gulp", + "gwt-", + "gwt.", + "gwt_", + "hack", + "hackathon", + "hacker", + "hacking", + "hadoop", + "haml", + "handler", + "hardware", + "has-", + "has_", + "hash", + "haskell", + "have", + "haxe", + "hello", + "help", + "helper", + "here", + "hero", + "heroku", + "high", + "hipchat", + "history", + "home", + "homebrew", + "homepage", + "hook", + "host", + "hosting", + "hot-", + "hot.", + "hot_", + "house", + "how-", + "how.", + "how_", + "html", + "http", + "hub-", + "hub.", + "hub_", + "hubot", + "human", + "icon", + "ide-", + "ide.", + "ide_", + "idea", + "identity", + "idiomatic", + "image", + "impact", + "import", + "important", + "importer", + "impres", + "index", + "infinite", + "info", + "injection", + "inline", + "input", + "inside", + "inspector", + "instagram", + "install", + "installer", + "instant", + "intellij", + "interface", + "internet", + "interview", + "into", + "intro", + "ionic", + "iphone", + "ipython", + "irc-", + "irc_", + "iso-", + "iso.", + "iso_", + "issue", + "jade", + "jasmine", + "java", + "jbos", + "jekyll", + "jenkin", + "job-", + "job.", + "job_", + "joomla", + "jpa-", + "jpa.", + "jpa_", + "jquery", + "json", + "just", + "kafka", + "karma", + "kata", + "kernel", + "keyboard", + "kindle", + "kit-", + "kit.", + "kit_", + "kitchen", + "knife", + "koan", + "kohana", + "lab-", + "lab-", + "lab.", + "lab.", + "lab_", + "lab_", + "lambda", + "lamp", + "language", + "laravel", + "last", + "latest", + "latex", + "launcher", + "layer", + "layout", + "lazy", + "ldap", + "leaflet", + "league", + "learn", + "learning", + "led-", + "led.", + "led_", + "leetcode", + "les-", + "les.", + "les_", + "level", + "leveldb", + "lib-", + "lib.", + "lib_", + "librarie", + "library", + "license", + "life", + "liferay", + "light", + "lightbox", + "like", + "line", + "link", + "linked", + "linkedin", + "linux", + "lisp", + "list", + "lite", + "little", + "load", + "loader", + "local", + "location", + "lock", + "log-", + "log.", + "log_", + "logger", + "logging", + "logic", + "login", + "logstash", + "longer", + "look", + "love", + "lua-", + "lua.", + "lua_", + "mac-", + "mac.", + "mac_", + "machine", + "made", + "magento", + "magic", + "mail", + "make", + "maker", + "making", + "man-", + "man.", + "man_", + "manage", + "manager", + "manifest", + "manual", + "map-", + "map-", + "map.", + "map.", + "map_", + "map_", + "mapper", + "mapping", + "markdown", + "markup", + "master", + "math", + "matrix", + "maven", + "md5", + "mean", + "media", + "mediawiki", + "meetup", + "memcached", + "memory", + "menu", + "merchant", + "message", + "messaging", + "meta", + "metadata", + "meteor", + "method", + "metric", + "micro", + "middleman", + "migration", + "minecraft", + "miner", + "mini", + "minimal", + "mirror", + "mit-", + "mit.", + "mit_", + "mobile", + "mocha", + "mock", + "mod-", + "mod.", + "mod_", + "mode", + "model", + "modern", + "modular", + "module", + "modx", + "money", + "mongo", + "mongodb", + "mongoid", + "mongoose", + "monitor", + "monkey", + "more", + "motion", + "moved", + "movie", + "mozilla", + "mqtt", + "mule", + "multi", + "multiple", + "music", + "mustache", + "mvc-", + "mvc.", + "mvc_", + "mysql", + "nagio", + "name", + "native", + "need", + "neo-", + "neo.", + "neo_", + "nest", + "nested", + "net-", + "net.", + "net_", + "nette", + "network", + "new-", + "new-", + "new.", + "new.", + "new_", + "new_", + "next", + "nginx", + "ninja", + "nlp-", + "nlp.", + "nlp_", + "node", + "nodej", + "nosql", + "not-", + "not.", + "not_", + "note", + "notebook", + "notepad", + "notice", + "notifier", + "now-", + "now.", + "now_", + "number", + "oauth", + "object", + "objective", + "obsolete", + "ocaml", + "octopres", + "official", + "old-", + "old.", + "old_", + "onboard", + "online", + "only", + "open", + "opencv", + "opengl", + "openshift", + "openwrt", + "option", + "oracle", + "org-", + "org.", + "org_", + "origin", + "original", + "orm-", + "orm.", + "orm_", + "osx-", + "osx_", + "our-", + "our.", + "our_", + "out-", + "out.", + "out_", + "output", + "over", + "overview", + "own-", + "own.", + "own_", + "pack", + "package", + "packet", + "page", + "page", + "panel", + "paper", + "paperclip", + "para", + "parallax", + "parallel", + "parse", + "parser", + "parsing", + "particle", + "party", + "password", + "patch", + "path", + "pattern", + "payment", + "paypal", + "pdf-", + "pdf.", + "pdf_", + "pebble", + "people", + "perl", + "personal", + "phalcon", + "phoenix", + "phone", + "phonegap", + "photo", + "php-", + "php.", + "php_", + "physic", + "picker", + "pipeline", + "platform", + "play", + "player", + "please", + "plu-", + "plu.", + "plu_", + "plug-in", + "plugin", + "plupload", + "png-", + "png.", + "png_", + "poker", + "polyfill", + "polymer", + "pool", + "pop-", + "pop.", + "pop_", + "popcorn", + "popup", + "port", + "portable", + "portal", + "portfolio", + "post", + "power", + "powered", + "powerful", + "prelude", + "pretty", + "preview", + "principle", + "print", + "pro-", + "pro.", + "pro_", + "problem", + "proc", + "product", + "profile", + "profiler", + "program", + "progres", + "project", + "protocol", + "prototype", + "provider", + "proxy", + "public", + "pull", + "puppet", + "pure", + "purpose", + "push", + "pusher", + "pyramid", + "python", + "quality", + "query", + "queue", + "quick", + "rabbitmq", + "rack", + "radio", + "rail", + "railscast", + "random", + "range", + "raspberry", + "rdf-", + "rdf.", + "rdf_", + "react", + "reactive", + "read", + "reader", + "readme", + "ready", + "real", + "reality", + "real-time", + "realtime", + "recipe", + "recorder", + "red-", + "red.", + "red_", + "reddit", + "redi", + "redmine", + "reference", + "refinery", + "refresh", + "registry", + "related", + "release", + "remote", + "rendering", + "repo", + "report", + "request", + "require", + "required", + "requirej", + "research", + "resource", + "response", + "resque", + "rest", + "restful", + "resume", + "reveal", + "reverse", + "review", + "riak", + "rich", + "right", + "ring", + "robot", + "role", + "room", + "router", + "routing", + "rpc-", + "rpc.", + "rpc_", + "rpg-", + "rpg.", + "rpg_", + "rspec", + "ruby-", + "ruby.", + "ruby_", + "rule", + "run-", + "run.", + "run_", + "runner", + "running", + "runtime", + "rust", + "rvm-", + "rvm.", + "rvm_", + "salt", + "sample", + "sample", + "sandbox", + "sas-", + "sas.", + "sas_", + "sbt-", + "sbt.", + "sbt_", + "scala", + "scalable", + "scanner", + "schema", + "scheme", + "school", + "science", + "scraper", + "scratch", + "screen", + "script", + "scroll", + "scs-", + "scs.", + "scs_", + "sdk-", + "sdk.", + "sdk_", + "sdl-", + "sdl.", + "sdl_", + "search", + "secure", + "security", + "see-", + "see.", + "see_", + "seed", + "select", + "selector", + "selenium", + "semantic", + "sencha", + "send", + "sentiment", + "serie", + "server", + "service", + "session", + "set-", + "set.", + "set_", + "setting", + "setting", + "setup", + "sha1", + "sha2", + "sha256", + "share", + "shared", + "sharing", + "sheet", + "shell", + "shield", + "shipping", + "shop", + "shopify", + "shortener", + "should", + "show", + "showcase", + "side", + "silex", + "simple", + "simulator", + "single", + "site", + "skeleton", + "sketch", + "skin", + "slack", + "slide", + "slider", + "slim", + "small", + "smart", + "smtp", + "snake", + "snippet", + "soap", + "social", + "socket", + "software", + "solarized", + "solr", + "solution", + "solver", + "some", + "soon", + "source", + "space", + "spark", + "spatial", + "spec", + "sphinx", + "spine", + "spotify", + "spree", + "spring", + "sprite", + "sql-", + "sql.", + "sql_", + "sqlite", + "ssh-", + "ssh.", + "ssh_", + "stack", + "staging", + "standard", + "stanford", + "start", + "started", + "starter", + "startup", + "stat", + "statamic", + "state", + "static", + "statistic", + "statsd", + "statu", + "steam", + "step", + "still", + "stm-", + "stm.", + "stm_", + "storage", + "store", + "storm", + "story", + "strategy", + "stream", + "streaming", + "string", + "stripe", + "structure", + "studio", + "study", + "stuff", + "style", + "sublime", + "sugar", + "suite", + "summary", + "super", + "support", + "supported", + "svg-", + "svg.", + "svg_", + "svn-", + "svn.", + "svn_", + "swagger", + "swift", + "switch", + "switcher", + "symfony", + "symphony", + "sync", + "synopsi", + "syntax", + "system", + "system", + "tab-", + "tab-", + "tab.", + "tab.", + "tab_", + "tab_", + "table", + "tag-", + "tag-", + "tag.", + "tag.", + "tag_", + "tag_", + "talk", + "target", + "task", + "tcp-", + "tcp.", + "tcp_", + "tdd-", + "tdd.", + "tdd_", + "team", + "tech", + "template", + "term", + "terminal", + "testing", + "tetri", + "text", + "textmate", + "theme", + "theory", + "three", + "thrift", + "time", + "timeline", + "timer", + "tiny", + "tinymce", + "tip-", + "tip.", + "tip_", + "title", + "todo", + "todomvc", + "token", + "tool", + "toolbox", + "toolkit", + "top-", + "top.", + "top_", + "tornado", + "touch", + "tower", + "tracker", + "tracking", + "traffic", + "training", + "transfer", + "translate", + "transport", + "tree", + "trello", + "try-", + "try.", + "try_", + "tumblr", + "tut-", + "tut.", + "tut_", + "tutorial", + "tweet", + "twig", + "twitter", + "type", + "typo", + "ubuntu", + "uiview", + "ultimate", + "under", + "unit", + "unity", + "universal", + "unix", + "update", + "updated", + "upgrade", + "upload", + "uploader", + "uri-", + "uri.", + "uri_", + "url-", + "url.", + "url_", + "usage", + "usb-", + "usb.", + "usb_", + "use-", + "use.", + "use_", + "used", + "useful", + "user", + "using", + "util", + "utilitie", + "utility", + "vagrant", + "validator", + "value", + "variou", + "varnish", + "version", + "via-", + "via.", + "via_", + "video", + "view", + "viewer", + "vim-", + "vim.", + "vim_", + "vimrc", + "virtual", + "vision", + "visual", + "vpn", + "want", + "warning", + "watch", + "watcher", + "wave", + "way-", + "way.", + "way_", + "weather", + "web-", + "web_", + "webapp", + "webgl", + "webhook", + "webkit", + "webrtc", + "website", + "websocket", + "welcome", + "welcome", + "what", + "what'", + "when", + "where", + "which", + "why-", + "why.", + "why_", + "widget", + "wifi", + "wiki", + "win-", + "win.", + "win_", + "window", + "wip-", + "wip.", + "wip_", + "within", + "without", + "wizard", + "word", + "wordpres", + "work", + "worker", + "workflow", + "working", + "workshop", + "world", + "wrapper", + "write", + "writer", + "writing", + "written", + "www-", + "www.", + "www_", + "xamarin", + "xcode", + "xml-", + "xml.", + "xml_", + "xmpp", + "xxxxxx", + "yahoo", + "yaml", + "yandex", + "yeoman", + "yet-", + "yet.", + "yet_", + "yii-", + "yii.", + "yii_", + "youtube", + "yui-", + "yui.", + "yui_", + "zend", + "zero", + "zip-", + "zip.", + "zip_", + "zsh-", + "zsh.", + "zsh_", +] + +[[rules]] +id = "github-app-token" +description = "Identified a GitHub App Token, which may compromise GitHub application integrations and source code security." +regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}''' +keywords = [ + "ghu_","ghs_", +] + +[[rules]] +id = "github-fine-grained-pat" +description = "Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation." +regex = '''github_pat_[0-9a-zA-Z_]{82}''' +keywords = [ + "github_pat_", +] + +[[rules]] +id = "github-oauth" +description = "Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks." +regex = '''gho_[0-9a-zA-Z]{36}''' +keywords = [ + "gho_", +] + +[[rules]] +id = "github-pat" +description = "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure." +regex = '''ghp_[0-9a-zA-Z]{36}''' +keywords = [ + "ghp_", +] + +[[rules]] +id = "github-refresh-token" +description = "Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services." +regex = '''ghr_[0-9a-zA-Z]{36}''' +keywords = [ + "ghr_", +] + +[[rules]] +id = "gitlab-pat" +description = "Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure." +regex = '''glpat-[0-9a-zA-Z\-\_]{20}''' +keywords = [ + "glpat-", +] + +[[rules]] +id = "gitlab-ptt" +description = "Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security." +regex = '''glptt-[0-9a-f]{40}''' +keywords = [ + "glptt-", +] + +[[rules]] +id = "gitlab-rrt" +description = "Discovered a GitLab Runner Registration Token, posing a risk to CI/CD pipeline integrity and unauthorized access." +regex = '''GR1348941[0-9a-zA-Z\-\_]{20}''' +keywords = [ + "gr1348941", +] + +[[rules]] +id = "gitter-access-token" +description = "Uncovered a Gitter Access Token, which may lead to unauthorized access to chat and communication services." +regex = '''(?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "gitter", +] + +[[rules]] +id = "gocardless-api-token" +description = "Detected a GoCardless API token, potentially risking unauthorized direct debit payment operations and financial data exposure." +regex = '''(?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "live_","gocardless", +] + +[[rules]] +id = "grafana-api-key" +description = "Identified a Grafana API key, which could compromise monitoring dashboards and sensitive data analytics." +regex = '''(?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "eyjrijoi", +] + +[[rules]] +id = "grafana-cloud-api-token" +description = "Found a Grafana cloud API token, risking unauthorized access to cloud-based monitoring services and data exposure." +regex = '''(?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "glc_", +] + +[[rules]] +id = "grafana-service-account-token" +description = "Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity." +regex = '''(?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "glsa_", +] + +[[rules]] +id = "hashicorp-tf-api-token" +description = "Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches." +regex = '''(?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}''' +keywords = [ + "atlasv1", +] + +[[rules]] +id = "hashicorp-tf-password" +description = "Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches." +regex = '''(?i)(?:administrator_login_password|password)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "administrator_login_password","password", +] + +[[rules]] +id = "heroku-api-key" +description = "Detected a Heroku API Key, potentially compromising cloud application deployments and operational security." +regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "heroku", +] + +[[rules]] +id = "hubspot-api-key" +description = "Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations." +regex = '''(?i)(?:hubspot)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "hubspot", +] + +[[rules]] +id = "huggingface-access-token" +description = "Discovered a Hugging Face Access token, which could lead to unauthorized access to AI models and sensitive data." +regex = '''(?:^|[\\'"` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` <])''' +entropy = 1 +keywords = [ + "hf_", +] + +[[rules]] +id = "huggingface-organization-api-token" +description = "Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data." +regex = '''(?:^|[\\'"` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` <\),])''' +entropy = 2 +keywords = [ + "api_org_", +] + +[[rules]] +id = "infracost-api-token" +description = "Detected an Infracost API Token, risking unauthorized access to cloud cost estimation tools and financial data." +regex = '''(?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "ico-", +] + +[[rules]] +id = "intercom-api-key" +description = "Identified an Intercom API Token, which could compromise customer communication channels and data privacy." +regex = '''(?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "intercom", +] + +[[rules]] +id = "jfrog-api-key" +description = "Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines." +regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "jfrog","artifactory","bintray","xray", +] + +[[rules]] +id = "jfrog-identity-token" +description = "Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts." +regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "jfrog","artifactory","bintray","xray", +] + +[[rules]] +id = "jwt" +description = "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data." +regex = '''\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "ey", +] + +[[rules]] +id = "jwt-base64" +description = "Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information." +regex = '''\bZXlK(?:(?PaGJHY2lPaU)|(?PaGNIVWlPaU)|(?PaGNIWWlPaU)|(?PaGRXUWlPaU)|(?PaU5qUWlP)|(?PamNtbDBJanBi)|(?PamRIa2lPaU)|(?PbGNHc2lPbn)|(?PbGJtTWlPaU)|(?PcWEzVWlPaU)|(?PcWQyc2lPb)|(?PcGMzTWlPaU)|(?PcGRpSTZJ)|(?PcmFXUWlP)|(?PclpYbGZiM0J6SWpwY)|(?PcmRIa2lPaUp)|(?PdWIyNWpaU0k2)|(?Pd01tTWlP)|(?Pd01uTWlPaU)|(?Pd2NIUWlPaU)|(?PemRXSWlPaU)|(?PemRuUWlP)|(?PMFlXY2lPaU)|(?PMGVYQWlPaUp)|(?PMWNtd2l)|(?PMWMyVWlPaUp)|(?PMlpYSWlPaU)|(?PMlpYSnphVzl1SWpv)|(?PNElqb2)|(?PNE5XTWlP)|(?PNE5YUWlPaU)|(?PNE5YUWpVekkxTmlJNkl)|(?PNE5YVWlPaU)|(?PNmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2}''' +keywords = [ + "zxlk", +] + +[[rules]] +id = "kraken-access-token" +description = "Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security." +regex = '''(?i)(?:kraken)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "kraken", +] + +[[rules]] +id = "kucoin-access-token" +description = "Found a Kucoin Access Token, risking unauthorized access to cryptocurrency exchange services and transactions." +regex = '''(?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "kucoin", +] + +[[rules]] +id = "kucoin-secret-key" +description = "Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches." +regex = '''(?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "kucoin", +] + +[[rules]] +id = "launchdarkly-access-token" +description = "Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality." +regex = '''(?i)(?:launchdarkly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "launchdarkly", +] + +[[rules]] +id = "linear-api-key" +description = "Detected a Linear API Token, posing a risk to project management tools and sensitive task data." +regex = '''lin_api_(?i)[a-z0-9]{40}''' +keywords = [ + "lin_api_", +] + +[[rules]] +id = "linear-client-secret" +description = "Identified a Linear Client Secret, which may compromise secure integrations and sensitive project management data." +regex = '''(?i)(?:linear)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "linear", +] + +[[rules]] +id = "linkedin-client-id" +description = "Found a LinkedIn Client ID, risking unauthorized access to LinkedIn integrations and professional data exposure." +regex = '''(?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "linkedin","linked-in", +] + +[[rules]] +id = "linkedin-client-secret" +description = "Discovered a LinkedIn Client secret, potentially compromising LinkedIn application integrations and user data." +regex = '''(?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "linkedin","linked-in", +] + +[[rules]] +id = "lob-api-key" +description = "Uncovered a Lob API Key, which could lead to unauthorized access to mailing and address verification services." +regex = '''(?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "test_","live_", +] + +[[rules]] +id = "lob-pub-api-key" +description = "Detected a Lob Publishable API Key, posing a risk of exposing mail and print service integrations." +regex = '''(?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "test_pub","live_pub","_pub", +] + +[[rules]] +id = "mailchimp-api-key" +description = "Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data." +regex = '''(?i)(?:mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us20)(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "mailchimp", +] + +[[rules]] +id = "mailgun-private-api-token" +description = "Found a Mailgun private API token, risking unauthorized email service operations and data breaches." +regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "mailgun", +] + +[[rules]] +id = "mailgun-pub-key" +description = "Discovered a Mailgun public validation key, which could expose email verification processes and associated data." +regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "mailgun", +] + +[[rules]] +id = "mailgun-signing-key" +description = "Uncovered a Mailgun webhook signing key, potentially compromising email automation and data integrity." +regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "mailgun", +] + +[[rules]] +id = "mapbox-api-token" +description = "Detected a MapBox API token, posing a risk to geospatial services and sensitive location data exposure." +regex = '''(?i)(?:mapbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "mapbox", +] + +[[rules]] +id = "mattermost-access-token" +description = "Identified a Mattermost Access Token, which may compromise team communication channels and data privacy." +regex = '''(?i)(?:mattermost)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "mattermost", +] + +[[rules]] +id = "messagebird-api-token" +description = "Found a MessageBird API token, risking unauthorized access to communication platforms and message data." +regex = '''(?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "messagebird","message-bird","message_bird", +] + +[[rules]] +id = "messagebird-client-id" +description = "Discovered a MessageBird client ID, potentially compromising API integrations and sensitive communication data." +regex = '''(?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "messagebird","message-bird","message_bird", +] + +[[rules]] +id = "microsoft-teams-webhook" +description = "Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks." +regex = '''https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}''' +keywords = [ + "webhook.office.com","webhookb2","incomingwebhook", +] + +[[rules]] +id = "netlify-access-token" +description = "Detected a Netlify Access Token, potentially compromising web hosting services and site management." +regex = '''(?i)(?:netlify)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "netlify", +] + +[[rules]] +id = "new-relic-browser-api-token" +description = "Identified a New Relic ingest browser API token, risking unauthorized access to application performance data and analytics." +regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "nrjs-", +] + +[[rules]] +id = "new-relic-user-api-id" +description = "Found a New Relic user API ID, posing a risk to application monitoring services and data integrity." +regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "new-relic","newrelic","new_relic", +] + +[[rules]] +id = "new-relic-user-api-key" +description = "Discovered a New Relic user API Key, which could lead to compromised application insights and performance monitoring." +regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "nrak", +] + +[[rules]] +id = "npm-access-token" +description = "Uncovered an npm access token, potentially compromising package management and code repository access." +regex = '''(?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "npm_", +] + +[[rules]] +id = "nytimes-access-token" +description = "Detected a Nytimes Access Token, risking unauthorized access to New York Times APIs and content services." +regex = '''(?i)(?:nytimes|new-york-times,|newyorktimes)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "nytimes","new-york-times","newyorktimes", +] + +[[rules]] +id = "okta-access-token" +description = "Identified an Okta Access Token, which may compromise identity management services and user authentication data." +regex = '''(?i)(?:okta)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{42})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "okta", +] + +[[rules]] +id = "openai-api-key" +description = "Found an OpenAI API Key, posing a risk of unauthorized access to AI services and data manipulation." +regex = '''(?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "t3blbkfj", +] + +[[rules]] +id = "plaid-api-token" +description = "Discovered a Plaid API Token, potentially compromising financial data aggregation and banking services." +regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "plaid", +] + +[[rules]] +id = "plaid-client-id" +description = "Uncovered a Plaid Client ID, which could lead to unauthorized financial service integrations and data breaches." +regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +entropy = 3.5 +keywords = [ + "plaid", +] + +[[rules]] +id = "plaid-secret-key" +description = "Detected a Plaid Secret key, risking unauthorized access to financial accounts and sensitive transaction data." +regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +entropy = 3.5 +keywords = [ + "plaid", +] + +[[rules]] +id = "planetscale-api-token" +description = "Identified a PlanetScale API token, potentially compromising database management and operations." +regex = '''(?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "pscale_tkn_", +] + +[[rules]] +id = "planetscale-oauth-token" +description = "Found a PlanetScale OAuth token, posing a risk to database access control and sensitive data integrity." +regex = '''(?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "pscale_oauth_", +] + +[[rules]] +id = "planetscale-password" +description = "Discovered a PlanetScale password, which could lead to unauthorized database operations and data breaches." +regex = '''(?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "pscale_pw_", +] + +[[rules]] +id = "postman-api-token" +description = "Uncovered a Postman API token, potentially compromising API testing and development workflows." +regex = '''(?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "pmak-", +] + +[[rules]] +id = "prefect-api-token" +description = "Detected a Prefect API token, risking unauthorized access to workflow management and automation services." +regex = '''(?i)\b(pnu_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "pnu_", +] + +[[rules]] +id = "private-key" +description = "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption." +regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----''' +keywords = [ + "-----begin", +] + +[[rules]] +id = "pulumi-api-token" +description = "Found a Pulumi API token, posing a risk to infrastructure as code services and cloud resource management." +regex = '''(?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "pul-", +] + +[[rules]] +id = "pypi-upload-token" +description = "Discovered a PyPI upload token, potentially compromising Python package distribution and repository integrity." +regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}''' +keywords = [ + "pypi-ageichlwas5vcmc", +] + +[[rules]] +id = "rapidapi-access-token" +description = "Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services." +regex = '''(?i)(?:rapidapi)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "rapidapi", +] + +[[rules]] +id = "readme-api-token" +description = "Detected a Readme API token, risking unauthorized documentation management and content exposure." +regex = '''(?i)\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "rdme_", +] + +[[rules]] +id = "rubygems-api-token" +description = "Identified a Rubygem API token, potentially compromising Ruby library distribution and package management." +regex = '''(?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "rubygems_", +] + +[[rules]] +id = "scalingo-api-token" +description = "Found a Scalingo API token, posing a risk to cloud platform services and application deployment security." +regex = '''\btk-us-[a-zA-Z0-9-_]{48}\b''' +keywords = [ + "tk-us-", +] + +[[rules]] +id = "sendbird-access-id" +description = "Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations." +regex = '''(?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "sendbird", +] + +[[rules]] +id = "sendbird-access-token" +description = "Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data." +regex = '''(?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "sendbird", +] + +[[rules]] +id = "sendgrid-api-token" +description = "Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure." +regex = '''(?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "sg.", +] + +[[rules]] +id = "sendinblue-api-token" +description = "Identified a Sendinblue API token, which may compromise email marketing services and subscriber data privacy." +regex = '''(?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "xkeysib-", +] + +[[rules]] +id = "sentry-access-token" +description = "Found a Sentry Access Token, risking unauthorized access to error tracking services and sensitive application data." +regex = '''(?i)(?:sentry)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "sentry", +] + +[[rules]] +id = "shippo-api-token" +description = "Discovered a Shippo API token, potentially compromising shipping services and customer order data." +regex = '''(?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "shippo_", +] + +[[rules]] +id = "shopify-access-token" +description = "Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches." +regex = '''shpat_[a-fA-F0-9]{32}''' +keywords = [ + "shpat_", +] + +[[rules]] +id = "shopify-custom-access-token" +description = "Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security." +regex = '''shpca_[a-fA-F0-9]{32}''' +keywords = [ + "shpca_", +] + +[[rules]] +id = "shopify-private-app-access-token" +description = "Identified a Shopify private app access token, risking unauthorized access to private app data and store operations." +regex = '''shppa_[a-fA-F0-9]{32}''' +keywords = [ + "shppa_", +] + +[[rules]] +id = "shopify-shared-secret" +description = "Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security." +regex = '''shpss_[a-fA-F0-9]{32}''' +keywords = [ + "shpss_", +] + +[[rules]] +id = "sidekiq-secret" +description = "Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches." +regex = '''(?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "bundle_enterprise__contribsys__com","bundle_gems__contribsys__com", +] + +[[rules]] +id = "sidekiq-sensitive-url" +description = "Uncovered a Sidekiq Sensitive URL, potentially exposing internal job queues and sensitive operation details." +regex = '''(?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)''' +secretGroup = 2 +keywords = [ + "gems.contribsys.com","enterprise.contribsys.com", +] + +[[rules]] +id = "slack-app-token" +description = "Detected a Slack App-level token, risking unauthorized access to Slack applications and workspace data." +regex = '''(?i)(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+)''' +keywords = [ + "xapp", +] + +[[rules]] +id = "slack-bot-token" +description = "Identified a Slack Bot token, which may compromise bot integrations and communication channel security." +regex = '''(xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*)''' +keywords = [ + "xoxb", +] + +[[rules]] +id = "slack-config-access-token" +description = "Found a Slack Configuration access token, posing a risk to workspace configuration and sensitive data access." +regex = '''(?i)(xoxe.xox[bp]-\d-[A-Z0-9]{163,166})''' +keywords = [ + "xoxe.xoxb-","xoxe.xoxp-", +] + +[[rules]] +id = "slack-config-refresh-token" +description = "Discovered a Slack Configuration refresh token, potentially allowing prolonged unauthorized access to configuration settings." +regex = '''(?i)(xoxe-\d-[A-Z0-9]{146})''' +keywords = [ + "xoxe-", +] + +[[rules]] +id = "slack-legacy-bot-token" +description = "Uncovered a Slack Legacy bot token, which could lead to compromised legacy bot operations and data exposure." +regex = '''(xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26})''' +keywords = [ + "xoxb", +] + +[[rules]] +id = "slack-legacy-token" +description = "Detected a Slack Legacy token, risking unauthorized access to older Slack integrations and user data." +regex = '''(xox[os]-\d+-\d+-\d+-[a-fA-F\d]+)''' +keywords = [ + "xoxo","xoxs", +] + +[[rules]] +id = "slack-legacy-workspace-token" +description = "Identified a Slack Legacy Workspace token, potentially compromising access to workspace data and legacy features." +regex = '''(xox[ar]-(?:\d-)?[0-9a-zA-Z]{8,48})''' +keywords = [ + "xoxa","xoxr", +] + +[[rules]] +id = "slack-user-token" +description = "Found a Slack User token, posing a risk of unauthorized user impersonation and data access within Slack workspaces." +regex = '''(xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34})''' +keywords = [ + "xoxp-","xoxe-", +] + +[[rules]] +id = "slack-webhook-url" +description = "Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels." +regex = '''(https?:\/\/)?hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{43,46}''' +keywords = [ + "hooks.slack.com", +] + +[[rules]] +id = "snyk-api-token" +description = "Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security." +regex = '''(?i)(?:snyk_token|snyk_key|snyk_api_token|snyk_api_key|snyk_oauth_token)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "snyk_token","snyk_key","snyk_api_token","snyk_api_key","snyk_oauth_token", +] + +[[rules]] +id = "square-access-token" +description = "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure." +regex = '''(?i)\b(sq0atp-[0-9A-Za-z\-_]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "sq0atp-", +] + +[[rules]] +id = "squarespace-access-token" +description = "Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace." +regex = '''(?i)(?:squarespace)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "squarespace", +] + +[[rules]] +id = "stripe-access-token" +description = "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data." +regex = '''(?i)\b((sk|pk)_(test|live)_[0-9a-z]{10,32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "sk_test","pk_test","sk_live","pk_live", +] + +[[rules]] +id = "sumologic-access-id" +description = "Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity." +regex = '''(?i:(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +entropy = 3 +keywords = [ + "sumo", +] + +[rules.allowlist] + +regexTarget = "line" +regexes = [ + "sumOf", +] + +[[rules]] +id = "sumologic-access-token" +description = "Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights." +regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +entropy = 3 +keywords = [ + "sumo", +] + +[[rules]] +id = "telegram-bot-api-token" +description = "Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram." +regex = '''(?i)(?:^|[^0-9])([0-9]{5,16}:A[a-zA-Z0-9_\-]{34})(?:$|[^a-zA-Z0-9_\-])''' +keywords = [ + "telegram","api","bot","token","url", +] + +[[rules]] +id = "travisci-access-token" +description = "Identified a Travis CI Access Token, potentially compromising continuous integration services and codebase security." +regex = '''(?i)(?:travis)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "travis", +] + +[[rules]] +id = "twilio-api-key" +description = "Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data." +regex = '''SK[0-9a-fA-F]{32}''' +keywords = [ + "twilio", +] + +[[rules]] +id = "twitch-api-token" +description = "Discovered a Twitch API token, which could compromise streaming services and account integrations." +regex = '''(?i)(?:twitch)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "twitch", +] + +[[rules]] +id = "twitter-access-secret" +description = "Uncovered a Twitter Access Secret, potentially risking unauthorized Twitter integrations and data breaches." +regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "twitter", +] + +[[rules]] +id = "twitter-access-token" +description = "Detected a Twitter Access Token, posing a risk of unauthorized account operations and social media data exposure." +regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "twitter", +] + +[[rules]] +id = "twitter-api-key" +description = "Identified a Twitter API Key, which may compromise Twitter application integrations and user data security." +regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "twitter", +] + +[[rules]] +id = "twitter-api-secret" +description = "Found a Twitter API Secret, risking the security of Twitter app integrations and sensitive data access." +regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "twitter", +] + +[[rules]] +id = "twitter-bearer-token" +description = "Discovered a Twitter Bearer Token, potentially compromising API access and data retrieval from Twitter." +regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "twitter", +] + +[[rules]] +id = "typeform-api-token" +description = "Uncovered a Typeform API token, which could lead to unauthorized survey management and data collection." +regex = '''(?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "tfp_", +] + +[[rules]] +id = "vault-batch-token" +description = "Detected a Vault Batch Token, risking unauthorized access to secret management services and sensitive data." +regex = '''(?i)\b(hvb\.[a-z0-9_-]{138,212})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "hvb", +] + +[[rules]] +id = "vault-service-token" +description = "Identified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials." +regex = '''(?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "hvs", +] + +[[rules]] +id = "yandex-access-token" +description = "Found a Yandex Access Token, posing a risk to Yandex service integrations and user data privacy." +regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "yandex", +] + +[[rules]] +id = "yandex-api-key" +description = "Discovered a Yandex API Key, which could lead to unauthorized access to Yandex services and data manipulation." +regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "yandex", +] + +[[rules]] +id = "yandex-aws-access-token" +description = "Uncovered a Yandex AWS Access Token, potentially compromising cloud resource access and data security on Yandex Cloud." +regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "yandex", +] + +[[rules]] +id = "zendesk-secret-key" +description = "Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data." +regex = '''(?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +keywords = [ + "zendesk", +] + +# Customization for internal rules + +[[rules]] + description = "Detect Apps Plus key in URL" + regex = '''(?i)apikey=([a-zA-Z0-9_-]{10})''' diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..5db72dd --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ] +} diff --git a/toolbox/LicensesInventory/README.md b/toolbox/LicensesInventory/README.md index bcf82b9..a39ede6 100644 --- a/toolbox/LicensesInventory/README.md +++ b/toolbox/LicensesInventory/README.md @@ -33,13 +33,10 @@ _Keywords: #licenses #SPM #Gradle #Maven #NPMJS #package #Cocoapods #pubspec #go ## Prerequisites - _Python_ version **3.7** -- _Python_ modules like _requests_, _xmltodict_ and _pytest-6.2.5_ +- _Python_ modules like _requests_, _xmltodict_, _pytests_ and _beautiful soup_ ```shell -pip install requests -pip install xmltodict -pip install pytest -pip install beautifulsoup4 +pip install -r requirements.txt ``` This project expects to have the third-party elements above available and already added in your system. diff --git a/toolbox/LicensesInventory/THIRD-PARTY.txt b/toolbox/LicensesInventory/THIRD-PARTY.txt deleted file mode 100644 index 869a25f..0000000 --- a/toolbox/LicensesInventory/THIRD-PARTY.txt +++ /dev/null @@ -1,27 +0,0 @@ -================================================================================ -Apache 2.0 License -================================================================================ - -Component: requests -Copyright: 2019 Kenneth Reitz -License Text URL: licenses/LICENSE-requests.txt -Source Code: https://github.com/psf/requests - -================================================================================ -MIT License -================================================================================ - -Component: Beautiful Soup -Copyright: Copyright (c) Leonard Richardson -License Text URL: licenses/LICENSE-beautifulsoup -Source Code: https://git.launchpad.net/beautifulsoup/ - -Component: pytest -Copyright: 2004 Holger Krekel and others -License Text URL: licenses/LICENSE-pytest.txt -Source Code: https://github.com/pytest-dev/pytest - -Component: xmltodict -Copyright: 2012 Martin Blech and individual contributors. -License Text URL: licenses/LICENSE-xmltodict.txt -Source Code: https://github.com/martinblech/xmltodict diff --git a/toolbox/LicensesInventory/dry-run.sh b/toolbox/LicensesInventory/dry-run.sh index 7da4320..11e3744 100755 --- a/toolbox/LicensesInventory/dry-run.sh +++ b/toolbox/LicensesInventory/dry-run.sh @@ -1,15 +1,18 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 10/03/2023 # Description.........: Make a dry-run of the LicensesInventory module to check if everything is ready to use -# Version.............: 2.2.0 +# Version.............: 2.3.0 set -eu @@ -130,6 +133,7 @@ CheckIfFileExists "./sources/search/search.py" CheckIfFileExists "./sources/__init__.py" CheckIfFileExists "./sources/main.py" CheckIfFileExists "./config.ini" +CheckIfFileExists "./requirements.txt" echo -e "\nCheck integration test files..." @@ -181,12 +185,6 @@ CheckIfFileExists "./tests/integrationtests/test_licenses.py" echo -e "\nCheck other files" CheckIfFileExists "./README.md" -CheckIfFileExists "./THIRD-PARTY.txt" -CheckIfDirectoryExists "./licenses" -CheckIfFileExists "./licenses/LICENSE-beautifulsoup.txt" -CheckIfFileExists "./licenses/LICENSE-pytest.txt" -CheckIfFileExists "./licenses/LICENSE-requests.txt" -CheckIfFileExists "./licenses/LICENSE-xmltodict.txt" # Runtimes and tools # ------------------ diff --git a/toolbox/LicensesInventory/licenses/LICENSE-beautifulsoup.txt b/toolbox/LicensesInventory/licenses/LICENSE-beautifulsoup.txt deleted file mode 100644 index 08e3a9c..0000000 --- a/toolbox/LicensesInventory/licenses/LICENSE-beautifulsoup.txt +++ /dev/null @@ -1,31 +0,0 @@ -Beautiful Soup is made available under the MIT license: - - Copyright (c) Leonard Richardson - - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to - permit persons to whom the Software is furnished to do so, subject to - the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - -Beautiful Soup incorporates code from the html5lib library, which is -also made available under the MIT license. Copyright (c) James Graham -and other contributors - -Beautiful Soup has an optional dependency on the soupsieve library, -which is also made available under the MIT license. Copyright (c) -Isaac Muse diff --git a/toolbox/LicensesInventory/licenses/LICENSE-pytest.txt b/toolbox/LicensesInventory/licenses/LICENSE-pytest.txt deleted file mode 100644 index c3f1657..0000000 --- a/toolbox/LicensesInventory/licenses/LICENSE-pytest.txt +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2004 Holger Krekel and others - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/toolbox/LicensesInventory/licenses/LICENSE-xmltodict.txt b/toolbox/LicensesInventory/licenses/LICENSE-xmltodict.txt deleted file mode 100644 index a462778..0000000 --- a/toolbox/LicensesInventory/licenses/LICENSE-xmltodict.txt +++ /dev/null @@ -1,7 +0,0 @@ -Copyright (C) 2012 Martin Blech and individual contributors. - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/toolbox/LicensesInventory/requirements.txt b/toolbox/LicensesInventory/requirements.txt new file mode 100644 index 0000000..f1b3431 --- /dev/null +++ b/toolbox/LicensesInventory/requirements.txt @@ -0,0 +1,4 @@ +beautifulsoup4==4.12.3 +pytest==7.4.4 +requests==2.31.0 +xmltodict==0.13.0 \ No newline at end of file diff --git a/toolbox/LicensesInventory/sources/__init__.py b/toolbox/LicensesInventory/sources/__init__.py index cb0571d..2c1bae9 100644 --- a/toolbox/LicensesInventory/sources/__init__.py +++ b/toolbox/LicensesInventory/sources/__init__.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents from sources.common import * from sources.configuration import * diff --git a/toolbox/LicensesInventory/sources/common/__init__.py b/toolbox/LicensesInventory/sources/common/__init__.py index 0d12a1b..3455ee2 100644 --- a/toolbox/LicensesInventory/sources/common/__init__.py +++ b/toolbox/LicensesInventory/sources/common/__init__.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents from .names import * from .datas import * diff --git a/toolbox/LicensesInventory/sources/common/datas.py b/toolbox/LicensesInventory/sources/common/datas.py index 480e6e7..c48dda6 100644 --- a/toolbox/LicensesInventory/sources/common/datas.py +++ b/toolbox/LicensesInventory/sources/common/datas.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents #!/usr/bin/env python3 # -*- coding: utf-8 -*- diff --git a/toolbox/LicensesInventory/sources/common/files.py b/toolbox/LicensesInventory/sources/common/files.py index f948425..0e78f26 100644 --- a/toolbox/LicensesInventory/sources/common/files.py +++ b/toolbox/LicensesInventory/sources/common/files.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import os diff --git a/toolbox/LicensesInventory/sources/common/filters.py b/toolbox/LicensesInventory/sources/common/filters.py index e118094..b4c5bcb 100644 --- a/toolbox/LicensesInventory/sources/common/filters.py +++ b/toolbox/LicensesInventory/sources/common/filters.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import os diff --git a/toolbox/LicensesInventory/sources/common/names.py b/toolbox/LicensesInventory/sources/common/names.py index b271cb3..4d53921 100644 --- a/toolbox/LicensesInventory/sources/common/names.py +++ b/toolbox/LicensesInventory/sources/common/names.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents class CName: diff --git a/toolbox/LicensesInventory/sources/configuration/__init__.py b/toolbox/LicensesInventory/sources/configuration/__init__.py index 81d7523..4a0c176 100644 --- a/toolbox/LicensesInventory/sources/configuration/__init__.py +++ b/toolbox/LicensesInventory/sources/configuration/__init__.py @@ -1,11 +1,14 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents from .config import * diff --git a/toolbox/LicensesInventory/sources/configuration/config.py b/toolbox/LicensesInventory/sources/configuration/config.py index 5931fe3..043e70d 100644 --- a/toolbox/LicensesInventory/sources/configuration/config.py +++ b/toolbox/LicensesInventory/sources/configuration/config.py @@ -1,15 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. - -#!/usr/bin/env python3 -# -*- coding: utf-8 -*- +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import os diff --git a/toolbox/LicensesInventory/sources/dependencies/__init__.py b/toolbox/LicensesInventory/sources/dependencies/__init__.py index e34106f..667b296 100644 --- a/toolbox/LicensesInventory/sources/dependencies/__init__.py +++ b/toolbox/LicensesInventory/sources/dependencies/__init__.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents from .parsings import * from .dependencies import * diff --git a/toolbox/LicensesInventory/sources/dependencies/dependencies.py b/toolbox/LicensesInventory/sources/dependencies/dependencies.py index 855c52d..e5b7c30 100644 --- a/toolbox/LicensesInventory/sources/dependencies/dependencies.py +++ b/toolbox/LicensesInventory/sources/dependencies/dependencies.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents from ..common import CName from sources.dependencies import CParsing diff --git a/toolbox/LicensesInventory/sources/dependencies/parsings.py b/toolbox/LicensesInventory/sources/dependencies/parsings.py index 3f8de6f..0f7aa52 100644 --- a/toolbox/LicensesInventory/sources/dependencies/parsings.py +++ b/toolbox/LicensesInventory/sources/dependencies/parsings.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents from ..common import CData from ..common import CName diff --git a/toolbox/LicensesInventory/sources/main.py b/toolbox/LicensesInventory/sources/main.py index 99f2f27..8a247d6 100644 --- a/toolbox/LicensesInventory/sources/main.py +++ b/toolbox/LicensesInventory/sources/main.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import sys import os diff --git a/toolbox/LicensesInventory/sources/search/__init__.py b/toolbox/LicensesInventory/sources/search/__init__.py index e21a725..7c2c4ca 100644 --- a/toolbox/LicensesInventory/sources/search/__init__.py +++ b/toolbox/LicensesInventory/sources/search/__init__.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents from .downloads import * from .parsings import * diff --git a/toolbox/LicensesInventory/sources/search/downloads.py b/toolbox/LicensesInventory/sources/search/downloads.py index 45515e6..af7cb03 100644 --- a/toolbox/LicensesInventory/sources/search/downloads.py +++ b/toolbox/LicensesInventory/sources/search/downloads.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import time import os diff --git a/toolbox/LicensesInventory/sources/search/parsings.py b/toolbox/LicensesInventory/sources/search/parsings.py index bc07e4d..10c9a92 100644 --- a/toolbox/LicensesInventory/sources/search/parsings.py +++ b/toolbox/LicensesInventory/sources/search/parsings.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import json import xmltodict diff --git a/toolbox/LicensesInventory/sources/search/search.py b/toolbox/LicensesInventory/sources/search/search.py index 85fe878..9b1ea45 100644 --- a/toolbox/LicensesInventory/sources/search/search.py +++ b/toolbox/LicensesInventory/sources/search/search.py @@ -1,15 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. - -#!/usr/bin/env python3 -# -*- coding: utf-8 -*- +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import os diff --git a/toolbox/LicensesInventory/tests/integrationtests/test_configuration.py b/toolbox/LicensesInventory/tests/integrationtests/test_configuration.py index eee9ebf..085b37d 100644 --- a/toolbox/LicensesInventory/tests/integrationtests/test_configuration.py +++ b/toolbox/LicensesInventory/tests/integrationtests/test_configuration.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import unittest from unittest.mock import patch diff --git a/toolbox/LicensesInventory/tests/integrationtests/test_dependencies.py b/toolbox/LicensesInventory/tests/integrationtests/test_dependencies.py index 133f10d..8e7d5f0 100644 --- a/toolbox/LicensesInventory/tests/integrationtests/test_dependencies.py +++ b/toolbox/LicensesInventory/tests/integrationtests/test_dependencies.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import unittest from unittest.mock import patch diff --git a/toolbox/LicensesInventory/tests/integrationtests/test_downloads.py b/toolbox/LicensesInventory/tests/integrationtests/test_downloads.py index 0604bc1..e938621 100644 --- a/toolbox/LicensesInventory/tests/integrationtests/test_downloads.py +++ b/toolbox/LicensesInventory/tests/integrationtests/test_downloads.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import unittest from unittest.mock import patch diff --git a/toolbox/LicensesInventory/tests/integrationtests/test_licenses.py b/toolbox/LicensesInventory/tests/integrationtests/test_licenses.py index 5e48856..5867527 100644 --- a/toolbox/LicensesInventory/tests/integrationtests/test_licenses.py +++ b/toolbox/LicensesInventory/tests/integrationtests/test_licenses.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Laurent BODY et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents import unittest from unittest.mock import patch diff --git a/toolbox/diver/dry-run.sh b/toolbox/diver/dry-run.sh index f508878..c530368 100755 --- a/toolbox/diver/dry-run.sh +++ b/toolbox/diver/dry-run.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 10/03/2023 # Description.........: Make a dry-run of the diver module to check if everything is ready to use diff --git a/toolbox/diver/extract-emails-from-history.sh b/toolbox/diver/extract-emails-from-history.sh index 7b5ea4e..1209606 100644 --- a/toolbox/diver/extract-emails-from-history.sh +++ b/toolbox/diver/extract-emails-from-history.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.2 # Since...............: 06/10/2021 diff --git a/toolbox/diver/find-contributors-in-files.sh b/toolbox/diver/find-contributors-in-files.sh index fb6d8a7..8a2ddb1 100755 --- a/toolbox/diver/find-contributors-in-files.sh +++ b/toolbox/diver/find-contributors-in-files.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.1.0 # Since...............: 11/05/2020 diff --git a/toolbox/diver/find-contributors-in-git-logs.sh b/toolbox/diver/find-contributors-in-git-logs.sh index a65dd67..7d8f430 100755 --- a/toolbox/diver/find-contributors-in-git-logs.sh +++ b/toolbox/diver/find-contributors-in-git-logs.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.2.1 # Since...............: 11/05/2020 diff --git a/toolbox/diver/find-credentials-in-files.sh b/toolbox/diver/find-credentials-in-files.sh index 0c3d66e..abbe339 100755 --- a/toolbox/diver/find-credentials-in-files.sh +++ b/toolbox/diver/find-credentials-in-files.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.0 # Since...............: 11/05/2020 diff --git a/toolbox/diver/find-credits-in-files.sh b/toolbox/diver/find-credits-in-files.sh index 2c95af3..e3e330a 100755 --- a/toolbox/diver/find-credits-in-files.sh +++ b/toolbox/diver/find-credits-in-files.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.0 # Since...............: 12/05/2020 diff --git a/toolbox/diver/find-missing-developers-in-git-commits.sh b/toolbox/diver/find-missing-developers-in-git-commits.sh index 33c2b75..21d6087 100755 --- a/toolbox/diver/find-missing-developers-in-git-commits.sh +++ b/toolbox/diver/find-missing-developers-in-git-commits.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.1.1 # Since...............: 12/05/2020 diff --git a/toolbox/diver/lines-count.sh b/toolbox/diver/lines-count.sh index ac492ba..0d158b2 100755 --- a/toolbox/diver/lines-count.sh +++ b/toolbox/diver/lines-count.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 2.0.0 # Since...............: 18/07/2023 diff --git a/toolbox/diver/list-contributors-in-history.sh b/toolbox/diver/list-contributors-in-history.sh index 23d7ebc..e4ea347 100755 --- a/toolbox/diver/list-contributors-in-history.sh +++ b/toolbox/diver/list-contributors-in-history.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.2 # Since...............: 24/02/2022 diff --git a/toolbox/diver/utils/extract-contributors-lists.rb b/toolbox/diver/utils/extract-contributors-lists.rb index 554eaaf..cc0de54 100644 --- a/toolbox/diver/utils/extract-contributors-lists.rb +++ b/toolbox/diver/utils/extract-contributors-lists.rb @@ -1,11 +1,14 @@ #!/usr/bin/env ruby # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.0 # Since...............: 06/10/2021 diff --git a/toolbox/diver/utils/find-contributors-in-git-logs.rb b/toolbox/diver/utils/find-contributors-in-git-logs.rb index 6737ae4..b6e3f13 100644 --- a/toolbox/diver/utils/find-contributors-in-git-logs.rb +++ b/toolbox/diver/utils/find-contributors-in-git-logs.rb @@ -1,11 +1,14 @@ #!/usr/bin/env ruby # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.1 # Since...............: 11/05/2020 diff --git a/toolbox/diver/utils/find-hotwords-in-files.sh b/toolbox/diver/utils/find-hotwords-in-files.sh index 14e6909..721e681 100755 --- a/toolbox/diver/utils/find-hotwords-in-files.sh +++ b/toolbox/diver/utils/find-hotwords-in-files.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.2.0 # Since...............: 11/05/2020 diff --git a/toolbox/diver/utils/find-missing-developers-in-git-commits.rb b/toolbox/diver/utils/find-missing-developers-in-git-commits.rb index 1c51ec2..c97c4e9 100644 --- a/toolbox/diver/utils/find-missing-developers-in-git-commits.rb +++ b/toolbox/diver/utils/find-missing-developers-in-git-commits.rb @@ -1,11 +1,14 @@ #!/usr/bin/env ruby # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.1 # Since...............: 11/05/2020 diff --git a/toolbox/dry-run.sh b/toolbox/dry-run.sh index 3942402..ede0a3f 100755 --- a/toolbox/dry-run.sh +++ b/toolbox/dry-run.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 08/03/2021 # Description.........: Make a dry-run of the project to check if everything is ready to use diff --git a/toolbox/github/GitHubWizard.sh b/toolbox/github/GitHubWizard.sh index b3284cd..5f453fa 100755 --- a/toolbox/github/GitHubWizard.sh +++ b/toolbox/github/GitHubWizard.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 26/04/2021 # Description.........: Received from arguments a feature to launch and gives it to the Ruby wizard. diff --git a/toolbox/github/THIRD-PARTY.txt b/toolbox/github/THIRD-PARTY.txt deleted file mode 100644 index 53e7423..0000000 --- a/toolbox/github/THIRD-PARTY.txt +++ /dev/null @@ -1,13 +0,0 @@ -================================================================================ -MIT License -================================================================================ - -Component: Octokit -Copyright: 2009-2017 Wynn Netherland, Adam Stacoviak, Erik Michaels-Ober -License Text URL: licenses/LICENSE-Octokit.txt -Source Code: https://github.com/octokit/octokit.rb - -Component: Ruby Git -Copyright: Copyright (c) 2008 Scott Chacon -License Text URL: licenses/LICENSE-Ruby-Git.txt -Source Code: https://github.com/ruby-git/ruby-git \ No newline at end of file diff --git a/toolbox/github/configuration.rb b/toolbox/github/configuration.rb index 879a710..9811ecd 100644 --- a/toolbox/github/configuration.rb +++ b/toolbox/github/configuration.rb @@ -1,10 +1,13 @@ # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Allow debug message or not $LOG_DEBUG = false diff --git a/toolbox/github/dry-run.sh b/toolbox/github/dry-run.sh index 27a12fa..b2a19e0 100755 --- a/toolbox/github/dry-run.sh +++ b/toolbox/github/dry-run.sh @@ -1,15 +1,18 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 10/03/2023 # Description.........: Make a dry-run of the github module to check if everything is ready to use -# Version.............: 1.1.0 +# Version.............: 1.2.0 set -eu @@ -93,7 +96,6 @@ CheckIfFileExists "./Gemfile" CheckIfFileExists "./Gemfile.lock" CheckIfFileExists "./README.md" -CheckIfFileExists "./THIRD-PARTY.txt" CheckIfFileExists "./utils/check-leaks-from-github.sh" CheckIfFileExists "./utils/check-vulnerabilities-from-github.sh" @@ -106,9 +108,6 @@ CheckIfFileExists "./utils/GitHubWrapper.rb" CheckIfFileExists "./utils/GitWrapper.rb" CheckIfFileExists "./utils/IO.rb" -CheckIfFileExists "./licenses/LICENSE-Octokit.txt" -CheckIfFileExists "./licenses/LICENSE-Ruby-Git.txt" - # Runtimes and tools # ------------------ diff --git a/toolbox/github/licenses/LICENSE-Octokit.txt b/toolbox/github/licenses/LICENSE-Octokit.txt deleted file mode 100644 index f198331..0000000 --- a/toolbox/github/licenses/LICENSE-Octokit.txt +++ /dev/null @@ -1,20 +0,0 @@ -Copyright (c) 2009-2017 Wynn Netherland, Adam Stacoviak, Erik Michaels-Ober - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/toolbox/github/utils/GitHubFacade.rb b/toolbox/github/utils/GitHubFacade.rb index bf1f53f..1a1c55c 100644 --- a/toolbox/github/utils/GitHubFacade.rb +++ b/toolbox/github/utils/GitHubFacade.rb @@ -1,11 +1,14 @@ #!/usr/bin/env ruby # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.2.0 # Since...............: 26/04/2021 diff --git a/toolbox/github/utils/GitHubWrapper.rb b/toolbox/github/utils/GitHubWrapper.rb index 24f2a6f..8f20610 100644 --- a/toolbox/github/utils/GitHubWrapper.rb +++ b/toolbox/github/utils/GitHubWrapper.rb @@ -1,10 +1,13 @@ # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents require_relative '../configuration.rb' require 'fileutils' diff --git a/toolbox/github/utils/GitWrapper.rb b/toolbox/github/utils/GitWrapper.rb index 5728082..12ab99e 100644 --- a/toolbox/github/utils/GitWrapper.rb +++ b/toolbox/github/utils/GitWrapper.rb @@ -1,10 +1,13 @@ # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents require 'git' require_relative 'IO.rb' diff --git a/toolbox/github/utils/IO.rb b/toolbox/github/utils/IO.rb index a46e6e5..eed118f 100644 --- a/toolbox/github/utils/IO.rb +++ b/toolbox/github/utils/IO.rb @@ -1,10 +1,13 @@ # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents require_relative '../configuration.rb' require 'fileutils' diff --git a/toolbox/github/utils/check-leaks-from-github.sh b/toolbox/github/utils/check-leaks-from-github.sh index cf48ea1..a14200e 100755 --- a/toolbox/github/utils/check-leaks-from-github.sh +++ b/toolbox/github/utils/check-leaks-from-github.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 07/03/2022 # Description.........: Received from arguments a GitHub organisation name, a cloning key and a target folder to dump repositories and check if there are leaks thanks to gitleaks diff --git a/toolbox/github/utils/check-vulnerabilities-from-github.sh b/toolbox/github/utils/check-vulnerabilities-from-github.sh index 9b9cfbb..f346091 100755 --- a/toolbox/github/utils/check-vulnerabilities-from-github.sh +++ b/toolbox/github/utils/check-vulnerabilities-from-github.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 25/02/2022 # Description.........: Received from arguments a GitHub organisation name and a GitHub personal token path to dump check if vulnerabilities alert exists diff --git a/toolbox/github/utils/count-leaks-nodes.py b/toolbox/github/utils/count-leaks-nodes.py index c907fb3..6d259cf 100644 --- a/toolbox/github/utils/count-leaks-nodes.py +++ b/toolbox/github/utils/count-leaks-nodes.py @@ -1,11 +1,14 @@ #!/usr/bin/python3 # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.0 # Since...............: 07/03/2022 diff --git a/toolbox/github/utils/count-vulnerabilities-nodes.py b/toolbox/github/utils/count-vulnerabilities-nodes.py index 7485273..829f62c 100644 --- a/toolbox/github/utils/count-vulnerabilities-nodes.py +++ b/toolbox/github/utils/count-vulnerabilities-nodes.py @@ -1,11 +1,14 @@ #!/usr/bin/python3 # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.0 # Since...............: 25/02/2022 diff --git a/toolbox/github/utils/dump-git-repositories-from-github.sh b/toolbox/github/utils/dump-git-repositories-from-github.sh index 9b7790f..61413ac 100755 --- a/toolbox/github/utils/dump-git-repositories-from-github.sh +++ b/toolbox/github/utils/dump-git-repositories-from-github.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 24/01/2022 # Description.........: Received from arguments a GitHub organisation name and a location path to dump all repositories from this GitHub organisation to that path. diff --git a/toolbox/github/utils/extract-repos-field-from-json.py b/toolbox/github/utils/extract-repos-field-from-json.py index 5b23f81..fadcef9 100755 --- a/toolbox/github/utils/extract-repos-field-from-json.py +++ b/toolbox/github/utils/extract-repos-field-from-json.py @@ -1,11 +1,14 @@ #!/usr/bin/python3 # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.0 # Since...............: 21/01/2022 diff --git a/toolbox/gitlab/GitLabWizard.sh b/toolbox/gitlab/GitLabWizard.sh index 2c9766d..4d2723a 100755 --- a/toolbox/gitlab/GitLabWizard.sh +++ b/toolbox/gitlab/GitLabWizard.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 09/03/2022 # Description.........: Received from arguments a feature to launch. diff --git a/toolbox/gitlab/configuration.rb b/toolbox/gitlab/configuration.rb index 3d9002b..db3d215 100644 --- a/toolbox/gitlab/configuration.rb +++ b/toolbox/gitlab/configuration.rb @@ -1,10 +1,13 @@ # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # GitLab organization # ------------------- diff --git a/toolbox/gitlab/dry-run.sh b/toolbox/gitlab/dry-run.sh index 0e8e2d6..a2291ce 100755 --- a/toolbox/gitlab/dry-run.sh +++ b/toolbox/gitlab/dry-run.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 10/03/2023 # Description.........: Make a dry-run of the gitlab module to check if everything is ready to use diff --git a/toolbox/gitlab/utils/check-leaks-from-gitlab.sh b/toolbox/gitlab/utils/check-leaks-from-gitlab.sh index 7d019fd..aeb4639 100755 --- a/toolbox/gitlab/utils/check-leaks-from-gitlab.sh +++ b/toolbox/gitlab/utils/check-leaks-from-gitlab.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 09/03/2022 # Description.........: Check if there are leaks thanks to gitleaks in GitLab projects diff --git a/toolbox/gitlab/utils/dump-git-repositories-from-gitlab.sh b/toolbox/gitlab/utils/dump-git-repositories-from-gitlab.sh index b8ab15a..ddb96ff 100755 --- a/toolbox/gitlab/utils/dump-git-repositories-from-gitlab.sh +++ b/toolbox/gitlab/utils/dump-git-repositories-from-gitlab.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2023 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 09/03/2022 # Description.........: Received from arguments a GitLab organisation name ID a location path to dump all repositories from this GitLab organisation to that path. diff --git a/toolbox/utils/text-generator/dry-run.sh b/toolbox/utils/text-generator/dry-run.sh index dba8af8..74bdd5e 100755 --- a/toolbox/utils/text-generator/dry-run.sh +++ b/toolbox/utils/text-generator/dry-run.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2024 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 01/03/2024 # Description.........: Make a dry-run of the utils features to check if everything is ready to use diff --git a/toolbox/utils/text-generator/text-generator.php b/toolbox/utils/text-generator/text-generator.php index 176e71f..890429a 100755 --- a/toolbox/utils/text-generator/text-generator.php +++ b/toolbox/utils/text-generator/text-generator.php @@ -1,13 +1,15 @@ #!/usr/bin/env php et al. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 29/02/2024 # Description.........: Generates a text based on a template and a list of variables to replace diff --git a/toolbox/utils/third-party-generator/README.md b/toolbox/utils/third-party-generator/README.md index 2cf5249..d1d0fca 100644 --- a/toolbox/utils/third-party-generator/README.md +++ b/toolbox/utils/third-party-generator/README.md @@ -1,6 +1,6 @@ # Utils -# Generate THIRD-PARTY.md fromuser inputs +# Generate THIRD-PARTY.md from user inputs ## Prerequisites @@ -9,8 +9,8 @@ ## Description Sometimes as open source referent or developer, we need to define file listing third-party components. -This type of file must contain, for eeach component, its name, cipyright, license (wih URL pointing to its text) and also the version and the copyright owners. -It can be a bit broing to fill each time the text or markdown file, that is the reason why this tool has been defined. +This type of file must contain, for each component, its name, copyright, license (with URL pointing to its text) and also the version and the copyright owners. +It can be a bit boring and time-burning to fill each time the text or markdown file, that is the reason why this tool has been defined. ### Ask inputs from user @@ -32,7 +32,8 @@ so as to iterate on each component and build the final Markdown file. ```shell # --file: the path to the CSV file containing the details # --delimiter: to define how to split each row fields. Do not forget to escape it if ';' -python3.8 third-party-generator.py --file components.csv.result --delimiter \; +# --avoid: if a version or copyright field has "?" as value, do not add it in generated file +python3.8 third-party-generator.py --file components.csv.result --delimiter \; --avoid \? ``` ### About the CSV file @@ -72,7 +73,7 @@ requirements of the relevant license of the Third Party Software they are using. Version 1.2.0 -Copyright Copyright (c) 2023 Laszlo Teveli +Copyright (c) 2023 Laszlo Teveli **SwiftUI-Flow** is distributed under the terms and conditions of the [MIT License](https://opensource.org/license/mit). You may download the source code on the [following website](https://github.com/tevelee/SwiftUI-Flow). @@ -82,7 +83,7 @@ You may download the source code on the [following website](https://github.com/t Version 3.1.1 -Copyright Copyright (c) 2021-2022 Lucas Zischka +Copyright (c) 2021-2022 Lucas Zischka **BottomSheet** is distributed under the terms and conditions of the [MIT License](https://opensource.org/license/mit). You may download the source code on the [following website](https://github.com/lucaszischka/BottomSheet). @@ -92,7 +93,7 @@ You may download the source code on the [following website](https://github.com/l Version 1.2.0 -Copyright Copyright (c) 2021-2023 Orange SA +Copyright (c) 2021-2023 Orange SA **DeclarationAccessibility** is distributed under the terms and conditions of the [Apache-2.0 License](https://opensource.org/license/apache-2-0). You may download the source code on the [following website](https://github.com/Orange-OpenSource/accessibility-statement-lib-ios). @@ -100,6 +101,6 @@ You may download the source code on the [following website](https://github.com/O ### About the licenses.py file -There is plenty of licenses and also a lot of standards. It can be a pain or time consuming to let the user write the license in use for a component, -then find there URL point to the license text and write it. In fact, such details are still known so we can let the user choose. -The *licenses.py* file lists main licenses we can meet during audits. Each entry in this dictionary has a license name in SPDX short-identifier format and the URL pointing to the license text. Thus these details will be added in the THIRD-PARTY file.$ \ No newline at end of file +There is plenty of licenses and also a lot of standards. It can be a pain or time-consuming to let the user write the license in use for a component, +then find the URL pointing to the license text and write it. In fact, such details are still known so we can let the user choose within list items. +The *licenses.py* file lists main licenses we can meet during audits. Each entry in this dictionary has a license name in SPDX short-identifier format and the URL pointing to the license text. Thus these details will be added in the THIRD-PARTY file. diff --git a/toolbox/utils/third-party-generator/dry-run.sh b/toolbox/utils/third-party-generator/dry-run.sh index a78715b..840461b 100755 --- a/toolbox/utils/third-party-generator/dry-run.sh +++ b/toolbox/utils/third-party-generator/dry-run.sh @@ -1,11 +1,14 @@ #!/bin/bash # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2024 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Since...............: 12/03/2024 # Description.........: Make a dry-run of the utils features to check if everything is ready to use diff --git a/toolbox/utils/third-party-generator/licenses.py b/toolbox/utils/third-party-generator/licenses.py index 1fac142..00a07a1 100644 --- a/toolbox/utils/third-party-generator/licenses.py +++ b/toolbox/utils/third-party-generator/licenses.py @@ -1,11 +1,14 @@ #!/usr/bin/python3 # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2024 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents # Version.............: 1.0.0 # Since...............: 12/03/2024 diff --git a/toolbox/utils/third-party-generator/third-party-generator.py b/toolbox/utils/third-party-generator/third-party-generator.py index e8e095c..e8df016 100755 --- a/toolbox/utils/third-party-generator/third-party-generator.py +++ b/toolbox/utils/third-party-generator/third-party-generator.py @@ -1,13 +1,16 @@ #!/usr/bin/python3 # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2024 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents -# Version.............: 1.0.0 +# Version.............: 2.0.0 # Since...............: 12/03/2024 # Description.........: Builds a third-party Markdown based on a CSV file and a delimiter @@ -21,9 +24,6 @@ # Configuration # ------------- -# Script version -VERSION = "1.0.0" - # Error codes EXIT_OK = 0 ERROR_BAD_ARGUMENTS = 1 @@ -38,10 +38,12 @@ required_args = parser.add_argument_group('Required arguments') required_args.add_argument('-f', '--file', help='The CSV file file to process', required=True) required_args.add_argument('-d', '--delimiter', help='The delimter symbol (e.g. ";" to split fields for each line of the CSV file', required=True) +required_args.add_argument('-a', '--avoid', help='The sequence to use to define wether or not a specific field (version or copyright) must be ignored (e.g. "?" in the CSV raw field', required=True) args = parser.parse_args() content_file_name = args.file content_file_delimiter = args.delimiter +content_file_avoid_field_symbol = args.avoid if not os.path.isfile(content_file_name): print("โŒ Error: the file parameter is not a file.") @@ -55,6 +57,7 @@ # Process file to build the results print(f'๐Ÿ†— Let\'s now build the {RESULT_FILE_NAME} file!') computed_components = 0 +unique_computed_components = set() components_with_missing_licences = 0 with open(content_file_name, 'r') as content_file: with open(RESULT_FILE_NAME, 'w') as result_file: @@ -65,24 +68,47 @@ Third Party Software may impose additional restrictions and it is the user's responsibility to ensure that they have met the licensing requirements of the relevant license of the Third Party Software they are using. - """) + +""") csv_reader = csv.reader(content_file, delimiter=content_file_delimiter) + csv_reader = sorted(csv_reader, key=lambda x: x[0]) # Sort entries by component name, i.e. first column of CSV for component_fields in csv_reader: # Iterator on each component returning one row (i.e. component) as array of fieds name = component_fields[0] + + # Do not add component already added + if name in unique_computed_components: + print(f"- The component '{name}' has several occurences in the content file, won't process it anymore") + computed_components += 1 + continue + + unique_computed_components.add(name) repository = component_fields[1] license_name = component_fields[2] copyright = component_fields[3] version = component_fields[4] license_url = LICENSES[license_name] - component_entry = """ -## {name} - + component_entry = """## {name} +""".format(name=name) + + # Add version only if defined + if version != content_file_avoid_field_symbol: + component_entry += """ Version {version} +""".format(version=version) + else: + print(f"- No version defined for component '{name}'") + # Add copyright only if defined + if copyright != content_file_avoid_field_symbol: + component_entry += """ Copyright {copyright} +""".format(copyright=copyright) + else: + print(f"- No copyright defined for component '{name}'") + component_entry += """ **{name}** is distributed under the terms and conditions of the [{license} License]({url}). -You may download the source code on the [following website]({repository}).""".format(name=name, version=version, copyright=copyright, license=license_name, url=license_url, repository=repository) +You may download the source code on the [following website]({repository}).""".format(name=name, license=license_name, url=license_url, repository=repository) result_file.write(component_entry) result_file.write("\n\n") computed_components += 1 @@ -93,10 +119,10 @@ content_file.close() result_file.close() print("\n") -print(f'๐ŸŽ‰ Operation completed! Find your result file at "{RESULT_FILE_NAME}" with {computed_components} components!') +print(f'๐ŸŽ‰ Operation completed! Find your result file at "{RESULT_FILE_NAME}" with {computed_components} components (and {len(unique_computed_components)} unique)!') if components_with_missing_licences > 0: print("\n") - print(f'โ— But beware you have {components_with_missing_licences} components without managed licenses, you shall fix they result file with suitable names and URL โ—') + print(f'โ— But beware you have {components_with_missing_licences} components without managed licenses, you shall fix the result file with suitable names and URL โ—') print("๐Ÿ‘‰ Please refer to either https://opensource.org/licenses or https://spdx.org/licenses/ ๐Ÿ‘ˆ") print("๐Ÿงก You can also submit an issue or a pull request to manage new licences: https://github.com/Orange-OpenSource/floss-toolbox/issues/new ๐Ÿงก") diff --git a/toolbox/utils/third-party-generator/third-party-prompt.py b/toolbox/utils/third-party-generator/third-party-prompt.py index 5a16126..2eb7456 100755 --- a/toolbox/utils/third-party-generator/third-party-prompt.py +++ b/toolbox/utils/third-party-generator/third-party-prompt.py @@ -1,13 +1,16 @@ #!/usr/bin/python3 # Software Name: floss-toolbox -# SPDX-FileCopyrightText: Copyright (c) 2020-2024 Orange +# SPDX-FileCopyrightText: Copyright (c) Orange SA # SPDX-License-Identifier: Apache-2.0 # -# This software is distributed under the Apache 2.0 license. +# This software is distributed under the Apache 2.0 license, +# the text of which is available at https://opensource.org/license/apache-2-0 +# or see the "LICENSE.txt" file for more details. # -# Author: Pierre-Yves LAPERSONNE et al. +# Authors: See CONTRIBUTORS.txt +# Software description: A toolbox of scripts to help work of forges admins and open source referents -# Version.............: 1.0.0 +# Version.............: 1.1.0 # Since...............: 12/03/2024 # Description.........: Builds a CSV file based on user inputs. @@ -15,14 +18,12 @@ import os import sys +from collections import defaultdict from licenses import * # Configuration # ------------- -# Script version -VERSION = "1.0.0" - # Error codes EXIT_OK = 0 ERROR_BAD_ARGUMENTS = 1 @@ -114,13 +115,13 @@ def check_value(value): continue # Copyright assigned to the component is optional - input_component_copyright = input("โœ๏ธ Copyright of the component ('bye' to exit): ") + input_component_copyright = input("โœ๏ธ Copyright of the component ('bye' to exit, '?' if unknown): ") if not check_value(input_component_copyright): continue check_exit(input_component_copyright) # Version of the component is optional - input_component_version = input("โœ๏ธ Version of the component ('bye' to exit): ") + input_component_version = input("โœ๏ธ Version of the component ('bye' to exit, '?' if unknown): ") if not check_value(input_component_version): continue check_exit(input_component_version) @@ -148,8 +149,26 @@ def check_value(value): print(f'๐ŸŽ‰ Operation completed! Find your result file at "{SAVE_FILE}" with {components_added} new component(s)! ๐ŸŽ‰') if components_with_missing_licences > 0: print("\n") - print(f'โ— But beware you have {components_with_missing_licences} components without managed licenses, you shall fix they result file with suitable names and URL โ—') + print(f'โ— But beware you have {components_with_missing_licences} components without managed licenses, you shall fix the result file with suitable names and URL โ—') print("๐Ÿ‘‰ Please refer to either https://opensource.org/licenses or https://spdx.org/licenses/ ๐Ÿ‘ˆ") print("๐Ÿงก You can also submit an issue or a pull request to manage new licences: https://github.com/Orange-OpenSource/floss-toolbox/issues/new ๐Ÿงก") +# Some figures +result_file = open(SAVE_FILE, "r") +reader = csv.reader(result_file, delimiter=SAVE_FILE_DELIMITER) +stats = defaultdict(int) + +for i, line in enumerate(reader): + license_name = line[2] + stats[license_name] += 1 + +result_file.close() +flat_stats = [(license, count) for license, count in stats.items()] +sorted_stats = sorted(flat_stats, key=lambda x: x[1], reverse=True) + +print("\n") +print("โ„น๏ธ Here are some metrics about the licences: ") +for license, count in sorted_stats: + print(f"\t {count} component(s) under license {license}") + sys.exit(EXIT_OK) \ No newline at end of file