From f4fc3955541e558d286fc57cca2f9a0a50da7cd1 Mon Sep 17 00:00:00 2001 From: Mick Grove Date: Tue, 13 Jan 2026 17:08:21 -0800 Subject: [PATCH] preparing v1.74.0 --- .github/workflows/ci.yml | 8 +++--- data/rules/github.yml | 54 ++++++++++++++++++++++++++++++++++++++++ src/access_map/github.rs | 2 +- 3 files changed, 59 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5fcf36c..e2d499c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,12 +23,12 @@ jobs: toolchain: ${{ env.RUST_TOOLCHAIN }} profile: minimal override: true - - name: Build (Makefile linux-arm64) - run: make ubuntu-arm64 - name: Run tests run: make tests env: CARGO_BUILD_JOBS: 1 + - name: Build (Makefile linux-arm64) + run: make ubuntu-arm64 macos-arm64: name: macOS arm64 @@ -41,10 +41,10 @@ jobs: profile: minimal override: true - uses: swatinem/rust-cache@v2 - - name: Build (Makefile darwin-arm64) - run: make darwin-arm64 - name: Run tests run: make tests + - name: Build (Makefile darwin-arm64) + run: make darwin-arm64 windows: name: Windows x64 diff --git a/data/rules/github.yml b/data/rules/github.yml index 72ec078..fb6ce23 100644 --- a/data/rules/github.yml +++ b/data/rules/github.yml @@ -199,3 +199,57 @@ rules: - '"login"' - '"id"' + - name: GitHub Client ID + id: kingfisher.github.7 + pattern: | + (?xi) + (?:github) + .? + (?: api | app | application | client | consumer | customer )? + .? + (?: id | identifier | key ) + .{0,2} \s{0,20} .{0,2} \s{0,20} .{0,2} + \b ([a-z0-9]{20}) \b + visible: false + examples: + - | + GITHUB_CLIENT_ID=ac58d6da7d7a84c039b7 + GITHUB_SECRET=37d02377a3e9d849e18704c3ec883f9c5787d857 + - name: GitHub Legacy Secret Key + id: kingfisher.github.8 + pattern: | + (?xi) + \b + (?:github|gh) + (?:.|[\n\r]){0,4}? + (?:oauth|pat|token|key|secret|api[_-]?key|access[_-]?token)\b + (?:.|[\n\r]){0,32}? + \b + ( + [a-z0-9]{40} + ) + \b + depends_on_rule: + - rule_id: "kingfisher.github.5" + variable: GITHUB_CLIENT_ID + validation: + type: Http + content: + request: + method: POST + url: "https://github.com/login/oauth/access_token" + headers: + Accept: "application/json" + Content-Type: "application/json" + body: '{"client_id":"{{GITHUB_CLIENT_ID}}","client_secret":"{{TOKEN}}","code":"invalid_code"}' + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"error":"bad_verification_code"' + examples: + - | + GITHUB_CLIENT_ID=ac58d6da7d7a84c039b7 + GITHUB_SECRET=37d02377a3e9d849e18704c3ec883f9c5787d857 diff --git a/src/access_map/github.rs b/src/access_map/github.rs index 19e2fd9..9465e84 100644 --- a/src/access_map/github.rs +++ b/src/access_map/github.rs @@ -15,7 +15,7 @@ const DEFAULT_GITHUB_API: &str = "https://api.github.com"; #[derive(Deserialize)] struct GitHubUser { login: String, - id: u64, + _id: u64, #[serde(default)] name: Option, #[serde(default)]