Releases: slalombuild/secureli
v0.42.1
v0.42.1 (2024-07-08)
Fix
- fix: created mock to override file open (#580)
This PR mocks the builtins.open for the
test_that_update_with_new_pattern_succeeds test so that the test doesn't
open and modify the actual secureli.yaml file in the repository
Tested that all tests still pass and that the secureli file is no longer
modified after running tests
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->
Co-authored-by: Ian Bowden <ian.bowden@slalom> (525a738
)
v0.42.0
v0.42.0 (2024-06-27)
Chore
- chore: updatehooks skips updated repos that aren't out of date by default (#575)
This PR adds a new argument to the updatehooks function named
force_update which is set to False by default. if force_update is false,
then we won't download/install the repo unless it is out of date. If
force_update is True, then we'd download and install the latest repo
version irrespective of the currently installed version.
There is currently no code (outside of unit tests) that's passing True
for the force_update argument.
Changes
<!-- A detailed list of changes -->
*
Testing
<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->
Co-authored-by: Ian Bowden <ian.bowden@slalom> (88b3d99
)
Feature
secureli-375
#375
<!-- Include general description here -->
Added Additional Exit Codes based on error types as discussed. Passing
exitCode to the ScanFailure class
Changes
<!-- A detailed list of changes -->
- Added Exit Codes
- Updated ScanFailure
- Updated Unit Tests
- Verified no additional errors
Testing
<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->
Co-authored-by: Ian Bowden <ian.bowden@slalom> (c1b55b3
)
v0.41.1
v0.41.1 (2024-06-20)
Chore
- chore: refactored to use common git file repository class (#568)
secureli-XXX
This PR refactors GitRepo and RepoFilesRepository classes into a common
GitRepo class which is an implementation of a new abstract class
VersionControlRepoAbstraction. VersionControlRepoAbstraction replaces
the RepoAbstraction class.
Changes
<!-- A detailed list of changes -->
*
Testing
<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->
Co-authored-by: Ian Bowden <ian.bowden@slalom> (7707615
)
Fix
- fix: Precommit config overwritten on init (#572)
secureli-570
An existing precommit config file will be overwritten when running
secureli init
.
I've added a flag to the init action to prevent overwriting the config--
`secureli init --preserve-precommit-config'
Changes
- Added
--preserve-precommit-config
parameter to init action
Testing
- Added copy of existing test with the flag added
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (f818123
)
v0.41.0
v0.41.0 (2024-06-14)
Documentation
- docs: added windows set up documentation (#566)
secureli-XXX
This change adds the setup steps for contributors using windows machines
Changes
Added windows developer configuration information to contributing.md
Testing
<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->
Co-authored-by: Ian Bowden <ian.bowden@slalom> (730fe09
)
- docs: Feature/secureli 488 update documentation with new features (#563)
Updating documentation for various features
Note this is branched off
feature/secureli-397-document-config-file-usage
, as that hasn't yet
been merged and adds table of contents to the markdown files which
needed to be updated as part of this.
Changes
- Updated docstrings to provide hints about function parameters which
hadn't been documented when they were added - Added info to
README.md
on some features - Moved language support information from
CONTRIBUTING.md
to
README.md
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (46855c9
)
- docs: Added info on repo-config.yaml and tables of contents (#562)
secureli-397
Issue was for adding documentation about config files. There wasn't much
more that needed to be added in that regard. I also added tables of
contents to README.md
and CONTRIBUTING.md
. The tables of contents
were generated with the VSCode plugin Markdown All in
One.
Changes
- Added section describing the nature of
repo-config.yaml
- Added tables of contents to
README.md
andCONTRIBUTING.md
Testing
- n/a
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (587deec
)
- docs: secureli 540 update documentation (#560)
secureli-540
This ticket was about a problem with configuring the pre-commit library.
I determined that the issue was due to misconfiguration by the user, and
the solution we settled on was to add documentation about how to specify
args in the pre-commit library's configuration file.
Additionally, I updated headings throughout the file. Previously there
were multiple H1s, and the License section was nested underneath the
Configuration section. I've updated it so that there is only a single H1
heading--the title of the document--and the License section is now a
sibling of configuration instead of a child.
Changes
- Updated headings throughout the file
- Added information and links for the pre-commit library
- Added information about a quirk of how pre-commit handles parameters
that take arguments
Testing
- All changes are in documentation; no testing required or possible
Clean Code Checklist
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included (
b48109c
)
Feature
- feat: Added functionality to specify a custom scan when using the scan command (#565)
secureli-XXX
<!-- Include general description here -->
Changes
This PR improves the scan
action by adding new functionality allowing
users to specify a custom scan id instead of only being able to specify
pre-commit hook ids. For example, you can now do secureli scan -t check-pii
to run the pii scan.
A new service was introduced, CustomScannersService to help orchestrate
which custom scans should be run. Either a specific scan if an Id is
specified, all custom scans if no id is specified, or a None result is
returned if the specified id doesn't match a value in the new
CustomScanId enum.
There was also some refactoring done.
modules/core/core_services/scanner.py is now
modules/core/core_services/hook_scanner.py to more accurately
describe its function. The pii scanner and custom_regex_scanner
directories have been moved into a new directory;
secureli/modules/custom_scanners/
Testing
Added unit tests and performed manual testing to confirm that pre-commit
hooks can be specified, custom scans can be specified, and when no id is
specified, then all scans are done
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->
Co-authored-by: Ian Bowden <ian.bowden@slalom> (385803d
)
Unknown
- Feature/secureli 460 custom regex (#564)
secureli-460
Adds new new-pattern
parameter to secureli update
and updates
secureli scan
to check for custom regex
Changes
Testing
<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
- run
secureli update --new-pattern <custom-regex-pattern>
- verify that your custom regex pattern was added to
.secureli.yaml
- modify any file (other than .secureli.yaml) to include text that
matches your custom regex - stage the changes
- run
secureli scan
and verify the scan fails - revert the changes and run
secureli scan
and verify the scan passes
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- [ x Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->
Co-authored-by: Rachel Teal <rachel.teal@slalom.com> (1917cca
)
v0.40.0
v0.40.0 (2024-06-04)
Feature
- feat: Ignored file extensions can now be configured in the PII scanner (#559)
secureli-558
I'm on a Go project, and need the ability to add additional file
extensions, as the default set doesn't include them. Within the project,
go.mod and go.sum were including entries that appeared to be phone
numbers. There was no way to configure PII Scanner to ignore these
files, as any practical contents of these files would not be PII.
Rather than simply add them to the growing set of excluded extensions, I
thought I would make the set configurable.
As the set contains language-agnostic files, I also elected NOT to
include the go-specific files in that set.
A good follow-up work would be to also lay out, and selectively
activate, additional extensions to ignore based on the languages
configured in the repo.
Changes
<!-- A detailed list of changes -->
pii_scanner
is added to the .secureli-config.yaml file structure- within that,
ignored_extensions
is a list of extensions that can be
added to the default set - PII scanner will now ignore all files in its default set of excluded
files, as well as anything provided in the PII-scanner's specific
config.
Testing
I tested with a repo containing only some go-based package files
(specifically go.mod and go.sum), which were appearing to the PII
scanner to contain phone numbers.
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue (n/a)
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (482cd57
)
v0.39.0
v0.39.0 (2024-06-03)
Feature
- feat: Feature/secureli 494 refactor action.py (#556)
secureli-494
Changes
<!-- A detailed list of changes -->
- creates
_update_config
helper function to be used in
verify_install
- creates
_pre_install_checks
helper function to be used in
_install_secureli
Testing
- no additional tests, existing tests pass
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (9620692
)
v0.38.0
v0.38.0 (2024-05-10)
Feature
- feat: Prompted to ReInstall When Running on Branch (#545)
secureli-537
<!-- Include general description here -->
Fixed bug that says "seCureLI is installed and up-to-date for the
following language(s)", even though seCureLI is not initialized
completely in that branch. This is an edge case where seCureLI has been
installed on one branch, but not on the other branch in the same
directory due to seCureLI artifacts that are git ignored.
Changes
<!-- A detailed list of changes -->
- Added messaging and stop of secureli process when this edge case
occurs. - Updated detect-secret hook version
Testing
<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
- Added required tests
- All existing tests are passing
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (22bbc35
)
v0.37.0
v0.37.0 (2024-04-26)
Feature
- feat: Update template file hook before running initial scan (#521)
secureli-433
<!-- Include general description here -->
Update template file hook before running initial scan, not after
Changes
<!-- A detailed list of changes -->
- Update template file hook before running initial scan
- Added logging to action dependencies
- Cleaned up update progress output (
pre-commit gc
not accepting
--config
flag) - Cleaned up container dependency injection
- Updated test to get rid of warnings in terminal
- Updated hooks versions
Testing
<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
- Added required unit test
- Updated existing unit tests and all passing
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (40651fa
)
v0.36.0
v0.36.0 (2024-04-26)
Feature
- feat: tests for language detection (#532)
secureli-XXX
<!-- Include general description here -->
Changes
<!-- A detailed list of changes -->
*
Testing
<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->
Co-authored-by: isaac-heist-slalom <isaac.heist@slalom.com> (454ec28
)
v0.35.1
v0.35.1 (2024-04-24)
Chore
- chore: pip: Bump identify from 2.5.35 to 2.5.36 (#527)
Bumps identify from 2.5.35 to
2.5.36.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="pre-commit/identify@838a48983fdf6c630ad54404abeed2ca3df0f8c8"><code>838a489</code></a>
v2.5.36</li>
<li><a
href="pre-commit/identify@dab738cced03c3f30d249deea1ac61ec43552a8f"><code>dab738c</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/455">#455</a>
from jalaziz/rust-cargo-tags</li>
<li><a
href="pre-commit/identify@c0083af7ab5b973f2adf75d9798efda859ed4223"><code>c0083af</code></a>
Identify Cargo.toml and Cargo.lock as cargo and cargo-lock</li>
<li><a
href="pre-commit/identify@80f21075936bd3d063d720ae032a39eb6ec9456f"><code>80f2107</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/452">#452</a>
from pre-commit/pre-commit-ci-update-config</li>
<li><a
href="pre-commit/identify@73dcf7d0000a02ae985418cd25ae6296c8c2d4ac"><code>73dcf7d</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="pre-commit/identify@f6fb929da62ceaa94dbe1a1cd98236eaa5af1b23"><code>f6fb929</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/449">#449</a>
from pre-commit/pre-commit-ci-update-config</li>
<li><a
href="pre-commit/identify@49e2b0939cd463f5fb5555452040950d1f6c9b3f"><code>49e2b09</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="pre-commit/identify@21189f2f8262db7e521230c2d693d7c08f516c3f"><code>21189f2</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/448">#448</a>
from pre-commit/pre-commit-ci-update-config</li>
<li><a
href="pre-commit/identify@f58318102290824225055fd436ce17b69df39643"><code>f583181</code></a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="pre-commit/identify@1397916cbb6926c63422b07f2750a3da4d4a4154"><code>1397916</code></a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/447">#447</a>
from pre-commit/pre-commit-ci-update-config</li>
<li>Additional commits viewable in <a
href="pre-commit/identify@v2.5.35...v2.5.36">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits
that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after
your CI passes on it@dependabot cancel merge
will cancel a previously requested merge
and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all
of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5863744
)
- chore: change workflow name (#525)
secureli-437
Changes the name of the integration test workflow to smoke test.
According to the issue raised on stack overflow
here,
and the github documentation
here,
the old integration test workflow history should remain. Workflow runs
must be deleted manually, and renaming the files should create a new
workflow.
If the Integration Test workflow is still active after this PR is
merged, it should be disabled. How to disable a
workflow
Changes
- Rename .github/workflows/integration_testing.yml to
.github/workflows/smoke_testing.yml - Updated workflow name to Smoke Testing
- Updated job name and file reference to Smoke Testing in
.github/workflows/publish.yml
Testing
- Not sure how to test, since this workflow will only run on main and be
created when this PR is merged.
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included
<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (be4a1af
)
Fix
- fix: add GitPython to dependencies list (#530)
secureli-526
Add the GitPython package to our list of dependencies so that Poetry
adds it on install.
Changes
- add gitpython to pyproject.toml
- regenerated lock file with updated gitpython version
- poetry install also made some updates to the extra optional
dependencies in the lock file
Testing
Ran Secureli init after a clean install, it passed
<img width="1101" alt="Screenshot 2024-04-23 at 3 44 54 PM"
src="https://github.com/slalombuild/secureli/assets/85907688/66d99d89-679e-4427-8d26-f6392b188484">
Ran Poe Tests
<img width="781" alt="Screenshot 2024-04-23 at 3 45 29 PM"
src="https://github.com/slalombuild/secureli/assets/85907688/cb7b7f0d-919f-4291-be2f-2fb9cc2f1da9">
Clean Code Checklist
<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->
- Meets acceptance criteria for issue
- New logic is covered with automated tests
- Appropriate exception handling added
- Thoughtful logging included
- Documentation is updated
- Follow-up work is documented in TODOs
- TODOs have a ticket associated with them
- No commented-out code included (
ac354ba
)