preparing v1.74.0

2026-01-13 17:08:21 -08:00 · 2026-01-13 17:08:21 -08:00 · f4fc395554
commit f4fc395554
parent a93419bd33
3 changed files with 59 additions and 5 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -23,12 +23,12 @@ jobs:
          toolchain: ${{ env.RUST_TOOLCHAIN }}
          profile: minimal
          override: true
-      - name: Build (Makefile linux-arm64)
-        run: make ubuntu-arm64
      - name: Run tests
        run: make tests
        env:
          CARGO_BUILD_JOBS: 1
+      - name: Build (Makefile linux-arm64)
+        run: make ubuntu-arm64

  macos-arm64:
    name: macOS arm64
@ -41,10 +41,10 @@ jobs:
          profile: minimal
          override: true
      - uses: swatinem/rust-cache@v2
-      - name: Build (Makefile darwin-arm64)
-        run: make darwin-arm64
      - name: Run tests
        run: make tests
+      - name: Build (Makefile darwin-arm64)
+        run: make darwin-arm64

  windows:
    name: Windows x64
--- a/data/rules/github.yml
+++ b/data/rules/github.yml
@ -199,3 +199,57 @@ rules:
                - '"login"'
                - '"id"'

+  - name: GitHub Client ID
+    id: kingfisher.github.7
+    pattern: |
+      (?xi)
+      (?:github)
+      .?
+      (?: api | app | application | client | consumer | customer )?
+      .?
+      (?: id | identifier | key )
+      .{0,2} \s{0,20} .{0,2} \s{0,20} .{0,2}
+      \b ([a-z0-9]{20}) \b
+    visible: false
+    examples:
+      - |
+        GITHUB_CLIENT_ID=ac58d6da7d7a84c039b7
+        GITHUB_SECRET=37d02377a3e9d849e18704c3ec883f9c5787d857
+  - name: GitHub Legacy Secret Key
+    id: kingfisher.github.8
+    pattern: |
+      (?xi)
+      \b
+      (?:github|gh)
+      (?:.|[\n\r]){0,4}?
+      (?:oauth|pat|token|key|secret|api[_-]?key|access[_-]?token)\b
+      (?:.|[\n\r]){0,32}?
+      \b
+      (
+          [a-z0-9]{40}
+      )
+      \b
+    depends_on_rule:
+      - rule_id: "kingfisher.github.5"
+        variable: GITHUB_CLIENT_ID
+    validation:
+      type: Http
+      content:
+        request:
+          method: POST
+          url: "https://github.com/login/oauth/access_token"
+          headers:
+            Accept: "application/json"
+            Content-Type: "application/json"
+          body: '{"client_id":"{{GITHUB_CLIENT_ID}}","client_secret":"{{TOKEN}}","code":"invalid_code"}'
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: WordMatch
+              words:
+                - '"error":"bad_verification_code"'
+    examples:
+      - |
+        GITHUB_CLIENT_ID=ac58d6da7d7a84c039b7
+        GITHUB_SECRET=37d02377a3e9d849e18704c3ec883f9c5787d857
--- a/src/access_map/github.rs
+++ b/src/access_map/github.rs
@ -15,7 +15,7 @@ const DEFAULT_GITHUB_API: &str = "https://api.github.com";
 #[derive(Deserialize)]
 struct GitHubUser {
    login: String,
-    id: u64,
+    _id: u64,
    #[serde(default)]
    name: Option<String>,
    #[serde(default)]