From 49a29f681f94c5ed0c963cff09677b824a8acb90 Mon Sep 17 00:00:00 2001 From: Guilherme Souza Date: Mon, 14 Oct 2024 08:49:18 -0300 Subject: [PATCH 1/4] add errSecMissingEntitlement error --- SimpleKeychain/SimpleKeychainError.swift | 9 ++++++++ .../SimpleKeychainErrorSpec.swift | 21 ++++++++++++++++--- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/SimpleKeychain/SimpleKeychainError.swift b/SimpleKeychain/SimpleKeychainError.swift index fce2d05..438ed24 100644 --- a/SimpleKeychain/SimpleKeychainError.swift +++ b/SimpleKeychain/SimpleKeychainError.swift @@ -12,6 +12,7 @@ public struct SimpleKeychainError: LocalizedError, CustomDebugStringConvertible case itemNotFound case interactionNotAllowed case decodeFailed + case missingEntitlement case other(status: OSStatus) case unknown(message: String) @@ -26,6 +27,7 @@ public struct SimpleKeychainError: LocalizedError, CustomDebugStringConvertible case errSecItemNotFound: self = .itemNotFound case errSecInteractionNotAllowed: self = .interactionNotAllowed case errSecDecode: self = .decodeFailed + case errSecMissingEntitlement: self = .missingEntitlement default: self = .other(status: rawValue) } } @@ -41,6 +43,7 @@ public struct SimpleKeychainError: LocalizedError, CustomDebugStringConvertible case .itemNotFound: return errSecItemNotFound case .interactionNotAllowed: return errSecInteractionNotAllowed case .decodeFailed: return errSecDecode + case .missingEntitlement: return errSecMissingEntitlement case let .other(status): return status case .unknown: return errSecSuccess // This is not a Keychain error } @@ -91,6 +94,8 @@ public struct SimpleKeychainError: LocalizedError, CustomDebugStringConvertible return "errSecInteractionNotAllowed: Interaction with the Security Server is not allowed." case .decodeFailed: return "errSecDecode: Unable to decode the provided data." + case .missingEntitlement: + return "errSecMissingEntitlement: A required entitlement is missing." case .other: return "Unspecified Keychain error: \(self.status)." case let .unknown(message): @@ -136,6 +141,10 @@ public struct SimpleKeychainError: LocalizedError, CustomDebugStringConvertible /// See [errSecDecode](https://developer.apple.com/documentation/security/errsecdecode). public static let decodeFailed: SimpleKeychainError = .init(code: .decodeFailed) + /// A required entitlement is missing. + /// See [errSecMissingEntitlement](https://developer.apple.com/documentation/security/errsecmissingentitlement). + public static let missingEntitlement: SimpleKeychainError = .init(code: .missingEntitlement) + /// Other Keychain error. /// The `OSStatus` of the Keychain operation can be accessed via the ``status`` property. public static let other: SimpleKeychainError = .init(code: .other(status: 0)) diff --git a/SimpleKeychainTests/SimpleKeychainErrorSpec.swift b/SimpleKeychainTests/SimpleKeychainErrorSpec.swift index c9ecf67..2b37a2c 100644 --- a/SimpleKeychainTests/SimpleKeychainErrorSpec.swift +++ b/SimpleKeychainTests/SimpleKeychainErrorSpec.swift @@ -108,7 +108,13 @@ class SimpleKeychainErrorSpec: XCTestCase { let sut = SimpleKeychainError(code: .decodeFailed) XCTAssertEqual(sut.localizedDescription, message) } - + + func testErrorMessage_shouldReturnMessageForMissingEntitlement() { + let message = "errSecMissingEntitlement: A required entitlement is missing." + let sut = SimpleKeychainError(code: .missingEntitlement) + XCTAssertEqual(sut.localizedDescription, message) + } + func testErrorMessage_shouldReturnMessageForOtherError() { let status: OSStatus = 123 let message = "Unspecified Keychain error: \(status)." @@ -167,7 +173,12 @@ class SimpleKeychainErrorSpec: XCTestCase { let sut = SimpleKeychainError.Code(rawValue: errSecDecode) XCTAssertEqual(sut, SimpleKeychainError.decodeFailed.code) } - + + func testMapErrSecMissingEntitlement() { + let sut = SimpleKeychainError.Code(rawValue: errSecMissingEntitlement) + XCTAssertEqual(sut, SimpleKeychainError.missingEntitlement.code) + } + func testMapOtherStatusValue() { let status: OSStatus = 1234 let sut = SimpleKeychainError.Code(rawValue: status) @@ -205,7 +216,11 @@ class SimpleKeychainErrorSpec: XCTestCase { func testMapDecodeFailed() { XCTAssertEqual(SimpleKeychainError.decodeFailed.code.rawValue, errSecDecode) } - + + func testMapMissingEntitlement() { + XCTAssertEqual(SimpleKeychainError.missingEntitlement.code.rawValue, errSecMissingEntitlement) + } + func testMapOther() { let status: OSStatus = 1234 XCTAssertEqual(SimpleKeychainError(code: .other(status: status)).status, status) From 635d3f94ae47445801d21baea00ad7ccdbd66fac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 15:00:33 +0000 Subject: [PATCH 2/4] Bump actions/checkout from 4.1.7 to 4.2.2 (#225) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/main.yml | 8 ++++---- .github/workflows/semgrep.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3e045d9..7493e7c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Set up environment uses: ./.github/actions/setup @@ -75,7 +75,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Set up environment uses: ./.github/actions/setup @@ -96,7 +96,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Set up environment uses: ./.github/actions/setup @@ -112,7 +112,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Run SwiftLint run: swiftlint lint --reporter github-actions-logging diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index cbcaad9..e902186 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -18,7 +18,7 @@ jobs: # Skip any PR created by dependabot to avoid permission issues if: (github.actor != 'dependabot[bot]') steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: semgrep ci env: From 0ebba3efdec25d4eda026aa83d01af353bddac6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Jan 2025 01:21:21 +0000 Subject: [PATCH 3/4] Bump codecov/codecov-action from 4.5.0 to 5.2.0 (#236) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7493e7c..801a7d9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -60,7 +60,7 @@ jobs: - name: Upload coverage report if: ${{ matrix.platform.os == 'iOS' }} - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # pin@4.5.0 + uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # pin@5.2.0 with: token: ${{ secrets.CODECOV_TOKEN }} From 3831a9bed5bedf16afd3683c988a409bb629022c Mon Sep 17 00:00:00 2001 From: Rita Zerrizuela Date: Thu, 23 Jan 2025 18:41:36 +0000 Subject: [PATCH 4/4] Add Snyk workflow to GH actions (#237) --- .github/workflows/snyk.yml | 40 +++++++++++++++ Gemfile.lock | 102 ++++++++++++++++++++----------------- 2 files changed, 94 insertions(+), 48 deletions(-) create mode 100644 .github/workflows/snyk.yml diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml new file mode 100644 index 0000000..158a434 --- /dev/null +++ b/.github/workflows/snyk.yml @@ -0,0 +1,40 @@ +name: Snyk + +on: + merge_group: + workflow_dispatch: + pull_request: + types: + - opened + - synchronize + push: + branches: + - main + schedule: + - cron: '30 0 1,15 * *' + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + + check: + + name: Check for Vulnerabilities + runs-on: ubuntu-latest + + steps: + - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' + run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. + + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} + + - uses: snyk/actions/ruby@b98d498629f1c368650224d6d212bf7dfa89e4bf # pin@0.4.0 + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/Gemfile.lock b/Gemfile.lock index cb4ce3c..a6cfbef 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -5,8 +5,9 @@ GEM base64 nkf rexml - activesupport (7.2.1) + activesupport (7.2.2.1) base64 + benchmark (>= 0.3) bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) @@ -24,30 +25,31 @@ GEM artifactory (3.0.17) atomos (0.1.3) aws-eventstream (1.3.0) - aws-partitions (1.975.0) - aws-sdk-core (3.205.0) + aws-partitions (1.1042.0) + aws-sdk-core (3.216.1) aws-eventstream (~> 1, >= 1.3.0) - aws-partitions (~> 1, >= 1.651.0) + aws-partitions (~> 1, >= 1.992.0) aws-sigv4 (~> 1.9) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.91.0) - aws-sdk-core (~> 3, >= 3.205.0) + aws-sdk-kms (1.97.0) + aws-sdk-core (~> 3, >= 3.216.0) aws-sigv4 (~> 1.5) - aws-sdk-s3 (1.162.0) - aws-sdk-core (~> 3, >= 3.205.0) + aws-sdk-s3 (1.178.0) + aws-sdk-core (~> 3, >= 3.216.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.5) - aws-sigv4 (1.9.1) + aws-sigv4 (1.11.0) aws-eventstream (~> 1, >= 1.0.2) babosa (1.0.4) base64 (0.2.0) - bigdecimal (3.1.8) + benchmark (0.4.0) + bigdecimal (3.1.9) claide (1.1.0) clamp (1.3.2) - cocoapods (1.15.2) + cocoapods (1.16.2) addressable (~> 2.8) claide (>= 1.0.2, < 2.0) - cocoapods-core (= 1.15.2) + cocoapods-core (= 1.16.2) cocoapods-deintegrate (>= 1.0.3, < 2.0) cocoapods-downloader (>= 2.1, < 3.0) cocoapods-plugins (>= 1.0.0, < 2.0) @@ -61,8 +63,8 @@ GEM molinillo (~> 0.8.0) nap (~> 1.0) ruby-macho (>= 2.3.0, < 3.0) - xcodeproj (>= 1.23.0, < 2.0) - cocoapods-core (1.15.2) + xcodeproj (>= 1.27.0, < 2.0) + cocoapods-core (1.16.2) activesupport (>= 5.0, < 8) addressable (~> 2.8) algoliasearch (~> 1.0) @@ -85,8 +87,8 @@ GEM colored2 (3.1.2) commander (4.6.0) highline (~> 2.0.0) - concurrent-ruby (1.3.4) - connection_pool (2.4.1) + concurrent-ruby (1.3.5) + connection_pool (2.5.0) declarative (0.0.20) digest-crc (0.6.5) rake (>= 12.0.0, < 14.0.0) @@ -97,8 +99,8 @@ GEM escape (0.0.4) ethon (0.16.0) ffi (>= 1.15.0) - excon (0.111.0) - faraday (1.10.3) + excon (0.112.0) + faraday (1.10.4) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) @@ -117,17 +119,17 @@ GEM faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) faraday-httpclient (1.0.1) - faraday-multipart (1.0.4) - multipart-post (~> 2) + faraday-multipart (1.1.0) + multipart-post (~> 2.0) faraday-net_http (1.0.2) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) faraday-retry (1.0.3) - faraday_middleware (1.2.0) + faraday_middleware (1.2.1) faraday (~> 1.0) - fastimage (2.3.1) - fastlane (2.222.0) + fastimage (2.4.0) + fastlane (2.226.0) CFPropertyList (>= 2.3, < 4.0.0) addressable (>= 2.8, < 3.0.0) artifactory (~> 3.0) @@ -143,6 +145,7 @@ GEM faraday-cookie_jar (~> 0.0.6) faraday_middleware (~> 1.0) fastimage (>= 2.1.0, < 3.0.0) + fastlane-sirp (>= 1.0.0) gh_inspector (>= 1.1.2, < 2.0.0) google-apis-androidpublisher_v3 (~> 0.3) google-apis-playcustomapp_v1 (~> 0.1) @@ -166,12 +169,14 @@ GEM tty-spinner (>= 0.8.0, < 1.0.0) word_wrap (~> 1.0.0) xcodeproj (>= 1.13.0, < 2.0.0) - xcpretty (~> 0.3.0) + xcpretty (~> 0.4.0) xcpretty-travis-formatter (>= 0.0.3, < 2.0.0) fastlane-plugin-auth0_shipper (0.4.1) semantic (~> 1.5) - ffi (1.17.0-arm64-darwin) - ffi (1.17.0-x86_64-darwin) + fastlane-sirp (1.0.0) + sysrandom (~> 1.0) + ffi (1.17.1-arm64-darwin) + ffi (1.17.1-x86_64-darwin) fourflusher (2.3.1) fuzzy_match (2.0.4) gh_inspector (1.1.3) @@ -212,34 +217,34 @@ GEM os (>= 0.9, < 2.0) signet (>= 0.16, < 2.a) highline (2.0.3) - http-cookie (1.0.7) + http-cookie (1.0.8) domain_name (~> 0.5) httpclient (2.8.3) - i18n (1.14.6) + i18n (1.14.7) concurrent-ruby (~> 1.0) jmespath (1.6.2) - json (2.7.2) - jwt (2.9.0) + json (2.9.1) + jwt (2.10.1) base64 - logger (1.6.1) + logger (1.6.5) mini_magick (4.13.2) mini_mime (1.1.5) - minitest (5.25.1) + minitest (5.25.4) molinillo (0.8.0) multi_json (1.15.0) multipart-post (2.4.1) - nanaimo (0.3.0) + nanaimo (0.4.0) nap (1.1.0) naturally (2.2.1) netrc (0.11.0) nkf (0.2.0) - nokogiri (1.16.7-arm64-darwin) + nokogiri (1.18.2-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.7-x86_64-darwin) + nokogiri (1.18.2-x86_64-darwin) racc (~> 1.4) - optparse (0.5.0) + optparse (0.6.0) os (1.1.4) - plist (3.7.1) + plist (3.7.2) public_suffix (4.0.7) racc (1.8.1) rake (13.2.1) @@ -248,12 +253,12 @@ GEM trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) retriable (3.1.2) - rexml (3.3.7) - rouge (2.0.7) + rexml (3.4.0) + rouge (3.28.0) ruby-macho (2.5.1) ruby2_keywords (0.0.5) - rubyzip (2.3.2) - securerandom (0.3.1) + rubyzip (2.4.1) + securerandom (0.4.1) security (0.1.5) semantic (1.6.1) signet (0.19.0) @@ -264,12 +269,13 @@ GEM simctl (1.6.10) CFPropertyList naturally - slather (2.8.4) + slather (2.8.5) CFPropertyList (>= 2.2, < 4) activesupport clamp (~> 1.3) nokogiri (>= 1.14.3) - xcodeproj (~> 1.25) + xcodeproj (~> 1.27) + sysrandom (1.0.5) terminal-notifier (2.0.0) terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) @@ -285,15 +291,15 @@ GEM uber (0.1.0) unicode-display_width (2.6.0) word_wrap (1.0.0) - xcodeproj (1.25.0) + xcodeproj (1.27.0) CFPropertyList (>= 2.3.3, < 4.0) atomos (~> 0.1.3) claide (>= 1.0.2, < 2.0) colored2 (~> 3.1) - nanaimo (~> 0.3.0) - rexml (>= 3.3.2, < 4.0) - xcpretty (0.3.0) - rouge (~> 2.0.7) + nanaimo (~> 0.4.0) + rexml (>= 3.3.6, < 4.0) + xcpretty (0.4.0) + rouge (~> 3.28.0) xcpretty-travis-formatter (1.0.1) xcpretty (~> 0.2, >= 0.0.7)