From 95050282f1a33431b244b7c7d0c287805c7b33cc Mon Sep 17 00:00:00 2001 From: Dustin Ingram Date: Thu, 5 Dec 2024 17:37:12 +0000 Subject: [PATCH 1/2] Add deps.dev as secret scanning partner --- tests/unit/integration/secrets/test_views.py | 25 +++++++++++++++++--- warehouse/integrations/secrets/config.py | 8 ++++++- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/tests/unit/integration/secrets/test_views.py b/tests/unit/integration/secrets/test_views.py index f8c9fe4378b1..4d8cb39fe512 100644 --- a/tests/unit/integration/secrets/test_views.py +++ b/tests/unit/integration/secrets/test_views.py @@ -20,7 +20,7 @@ class TestDiscloseToken: @pytest.mark.parametrize( - ("origin", "headers", "settings", "api_url"), + ("origin", "headers", "settings", "api_url", "api_token"), [ ( config._github_origin, @@ -32,11 +32,30 @@ class TestDiscloseToken: "github.token": "token", }, "https://api.github.com/meta/public_keys/token_scanning", + "token", + ), + ( + config._depsdev_origin, + { + "GOSST-PUBLIC-KEY-IDENTIFIER": "foo", + "GOSST-PUBLIC-KEY-SIGNATURE": "bar", + }, + {}, + "https://storage.googleapis.com/depsdev-gcp-public-keys/secret_scanning", + None, ), ], ) def test_disclose_token( - self, pyramid_request, metrics, monkeypatch, origin, headers, settings, api_url + self, + pyramid_request, + metrics, + monkeypatch, + origin, + headers, + settings, + api_url, + api_token, ): pyramid_request.headers = headers pyramid_request.body = "[1, 2, 3]" @@ -62,7 +81,7 @@ def test_disclose_token( session=http, metrics=metrics, origin=origin, - api_token="token", + api_token=api_token, api_url=api_url, ) ] diff --git a/warehouse/integrations/secrets/config.py b/warehouse/integrations/secrets/config.py index 3918f5aa3973..2e83e86147c7 100644 --- a/warehouse/integrations/secrets/config.py +++ b/warehouse/integrations/secrets/config.py @@ -20,5 +20,11 @@ verification_url="https://api.github.com/meta/public_keys/token_scanning", api_token="github.token", ) +_depsdev_origin = utils.DisclosureOrigin( + name="Deps.dev", + key_id_header="GOSST-PUBLIC-KEY-IDENTIFIER", + signature_header="GOSST-PUBLIC-KEY-SIGNATURE", + verification_url="https://storage.googleapis.com/depsdev-gcp-public-keys/secret_scanning", +) -origins = [_github_origin] +origins = [_github_origin, _depsdev_origin] From c4c26d1cc5304946f8c19e7957ccdbaae0e0dcd0 Mon Sep 17 00:00:00 2001 From: Dustin Ingram Date: Thu, 5 Dec 2024 19:09:11 +0000 Subject: [PATCH 2/2] Linting --- tests/unit/integration/secrets/test_views.py | 2 +- warehouse/integrations/secrets/config.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/unit/integration/secrets/test_views.py b/tests/unit/integration/secrets/test_views.py index 4d8cb39fe512..e5c9eaca43fc 100644 --- a/tests/unit/integration/secrets/test_views.py +++ b/tests/unit/integration/secrets/test_views.py @@ -41,7 +41,7 @@ class TestDiscloseToken: "GOSST-PUBLIC-KEY-SIGNATURE": "bar", }, {}, - "https://storage.googleapis.com/depsdev-gcp-public-keys/secret_scanning", + "https://storage.googleapis.com/depsdev-gcp-public-keys/secret_scanning", # noqa None, ), ], diff --git a/warehouse/integrations/secrets/config.py b/warehouse/integrations/secrets/config.py index 2e83e86147c7..c6e0b54bb040 100644 --- a/warehouse/integrations/secrets/config.py +++ b/warehouse/integrations/secrets/config.py @@ -24,7 +24,9 @@ name="Deps.dev", key_id_header="GOSST-PUBLIC-KEY-IDENTIFIER", signature_header="GOSST-PUBLIC-KEY-SIGNATURE", - verification_url="https://storage.googleapis.com/depsdev-gcp-public-keys/secret_scanning", + verification_url=( + "https://storage.googleapis.com/depsdev-gcp-public-keys/secret_scanning" + ), ) origins = [_github_origin, _depsdev_origin]