flake8
passed.
JSHint
passed.
Add Review Board's new API tokens format to secret scanning.
Review Request #12651 — Created Sept. 28, 2022 and submitted
This allows Review Bot's secret scanner to identify Review Board's API tokens,
which were recently updated to follow a newrbp_[A-Za-z0-9]{251}format.This change also updates the secret scanner unit tests to ensure that any
additional validation methods for validating the secrets are called when
they're supposed to be called. Further, the unit tests were updated to
ensure that checksums are taken into account for secrets that use checksums.
- Manually tested making review requests that contained new API tokens
and saw that secret scanning picked them up. - Ran and added unit tests to
./reviewbot/tools/tests/test_rbsecretscanner.py
| Summary | ID |
|---|---|
| 315bc8c4130e1fed34844f761d7d05beef3af1db |
| Description | From | Last Updated |
|---|---|---|
|
Since our tokens can be validated, we should add a validator (like the GitHub one) to avoid false-positives. |
 chipx86
|
|
|
djblets isn't a dependency for the bot, only for the extension. We should probably just duplicate the validation logic, since … |
 david
|
|
|
Just a note to update this timestamp when you're ready to land. |
chipx86
|
|
|
We can just call checksum.swapcase() in the conditional, so we only do it if needed. |
chipx86
|
|
|
Maybe we should say "Review Board 5+ API Tokens" |
chipx86
|
- Change Summary:
-
Added Review Board API Tokens to the list of supported secrets in the docs.
- Commits:
-
Summary ID 5e5657aac04f4d1d6ceb10cfdba7b51acf5e246c 3991fe6744c9fcfeb6717a6790c2f885b7dd624c
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Change Summary:
-
- Added a validation method for Review Board API Tokens.
- Updated unit tests for checking for validation method calls and for properly checking checksums.
- Description:
-
This allows Review Bot's secret scanner to identify Review Board's API tokens,
which were recently updated to follow a new rbp_[A-Za-z0-9]{251}format.+ + This change also updates the secret scanner unit tests to ensure that any
+ additional validation methods for validating the secrets are called when + they're supposed to be called. Further, the unit tests were updated to + ensure that checksums are taken into account for secrets that use checksums. - Commits:
-
Summary ID 3991fe6744c9fcfeb6717a6790c2f885b7dd624c 9988e9fcf08005df3db21ebf41efa54315bfc460 - Depends On:
-
- Diff:
Revision 3 (+302 -2)
Checks run (2 succeeded)
flake8 passed.JSHint passed.
- Change Summary:
-
- Removed djblets dependency and copied over the token validation logic instead.
- Catches valid tokens that use our faulty base62-encoding from Review Board 5.0.
- Commits:
-
Summary ID 9988e9fcf08005df3db21ebf41efa54315bfc460 4c8232f708d3f564b42dc46ff538e84ab6389d32
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Change Summary:
-
- Compares against
checksum.swapcase()directly in the conditional so that the swapcase operation only happens if it needs to. - Specified that API tokens are for Review Board 5+.
Note: will update the "Rule updated" timestamp for the tokens whenever I land.
- Compares against
- Commits:
-
Summary ID 4c8232f708d3f564b42dc46ff538e84ab6389d32 e2f278caf293d7cb6155811246e77f85e856bbb1
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.