From 160ac63b76a5d62d8b6dd8d14036f9010759e969 Mon Sep 17 00:00:00 2001 From: autobolt Date: Fri, 15 May 2026 00:00:31 -0600 Subject: [PATCH 01/10] Update bundle and compatibility fixes --- .rubocop_gradual.lock | 75 ------ CHANGELOG.md | 4 + Gemfile | 4 +- Gemfile.lock | 242 +++++++++--------- lib/oauth/tty.rb | 1 + lib/oauth/tty/cli.rb | 6 +- lib/oauth/tty/command.rb | 22 ++ oauth-tty.gemspec | 10 +- sig/oauth/tty/command.rbs | 15 ++ spec/config/debug.rb | 1 - spec/config/vcr.rb | 2 + spec/oauth/backwards_compatibility_spec.rb | 8 - spec/oauth/cli_spec.rb | 9 + spec/oauth/tty/cli_spec.rb | 43 ++-- spec/oauth/tty/command_spec.rb | 33 +-- .../tty/commands/authorize_command_spec.rb | 47 ++-- spec/oauth/tty/commands/query_command_spec.rb | 8 +- spec/oauth/tty/commands/sign_command_spec.rb | 21 ++ spec/oauth/tty_spec.rb | 4 - 19 files changed, 265 insertions(+), 290 deletions(-) delete mode 100644 .rubocop_gradual.lock create mode 100644 sig/oauth/tty/command.rbs delete mode 100644 spec/oauth/backwards_compatibility_spec.rb create mode 100644 spec/oauth/cli_spec.rb delete mode 100644 spec/oauth/tty_spec.rb diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock deleted file mode 100644 index 123cf76..0000000 --- a/.rubocop_gradual.lock +++ /dev/null @@ -1,75 +0,0 @@ -{ - "lib/oauth/tty/cli.rb:904168046": [ - [6, 7, 77, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2883780555] - ], - "oauth-tty.gemspec:3045486337": [ - [128, 3, 40, "Gemspec/DependencyVersion: Dependency version specification is required.", 2300588954], - [130, 3, 44, "Gemspec/DependencyVersion: Dependency version specification is required.", 1905290578], - [131, 3, 46, "Gemspec/DependencyVersion: Dependency version specification is required.", 4289565910] - ], - "spec/oauth/backwards_compatibility_spec.rb:4041711732": [ - [3, 16, 25, "RSpec/DescribeClass: The first argument to describe should be the class or module being tested.", 3956042931] - ], - "spec/oauth/tty/cli_spec.rb:361981118": [ - [109, 34, 17, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 285748316], - [110, 38, 20, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 1228090493], - [111, 34, 10, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 4294324198], - [113, 7, 73, "RSpec/ReceiveMessages: Use `receive_messages` instead of multiple stubs on lines [114].", 39742504], - [114, 7, 85, "RSpec/ReceiveMessages: Use `receive_messages` instead of multiple stubs on lines [113].", 4144335528], - [130, 7, 20, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 4235470523], - [154, 38, 20, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 1228090493], - [155, 34, 17, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 285748316], - [156, 39, 21, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 3390344648], - [158, 7, 73, "RSpec/ReceiveMessages: Use `receive_messages` instead of multiple stubs on lines [159].", 39742504], - [159, 7, 85, "RSpec/ReceiveMessages: Use `receive_messages` instead of multiple stubs on lines [158].", 4144335528], - [169, 7, 16, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 3492346277], - [170, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [171, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [172, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [195, 38, 20, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 1228090493], - [196, 34, 17, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 285748316], - [197, 39, 21, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 3390344648], - [199, 7, 73, "RSpec/ReceiveMessages: Use `receive_messages` instead of multiple stubs on lines [200].", 39742504], - [200, 7, 85, "RSpec/ReceiveMessages: Use `receive_messages` instead of multiple stubs on lines [199].", 4144335528], - [210, 7, 16, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 3492346277], - [211, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [212, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [213, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262] - ], - "spec/oauth/tty/command_spec.rb:2516268945": [ - [9, 3, 275, "RSpec/LeakyConstantDeclaration: Stub class constant instead of declaring explicitly.", 2810654211] - ], - "spec/oauth/tty/commands/authorize_command_spec.rb:3270431476": [ - [14, 34, 17, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 285748316], - [15, 39, 21, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 3390344648], - [16, 38, 20, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 1228090493], - [19, 7, 64, "RSpec/ReceiveMessages: Use `receive_messages` instead of multiple stubs on lines [20].", 1559313276], - [20, 7, 69, "RSpec/ReceiveMessages: Use `receive_messages` instead of multiple stubs on lines [19].", 3030878101], - [22, 7, 23, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 4174421602], - [23, 7, 16, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 3492346277], - [25, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [26, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [32, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [52, 34, 17, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 285748316], - [54, 7, 23, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 4174421602], - [55, 7, 44, "RSpec/LeakyConstantDeclaration: Stub constant instead of declaring explicitly.", 2395720961], - [57, 7, 16, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 3492346277], - [68, 34, 17, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 285748316], - [69, 39, 21, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 3390344648], - [70, 7, 23, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 4174421602], - [71, 7, 16, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 3492346277], - [73, 7, 45, "RSpec/LeakyConstantDeclaration: Stub constant instead of declaring explicitly.", 1997245299], - [75, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [76, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262], - [77, 7, 21, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2407753262] - ], - "spec/oauth/tty/commands/query_command_spec.rb:1247725853": [ - [20, 32, 17, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 285748316], - [23, 36, 20, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 1228090493], - [26, 37, 19, "RSpec/VerifiedDoubleReference: Use a constant class reference for verified doubles. String references are not verifying unless the class is loaded.", 511534081], - [55, 5, 20, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 4235470523] - ], - "spec/oauth/tty_spec.rb:1891755344": [ - [3, 1, 25, "RSpec/EmptyExampleGroup: Empty example group detected.", 208109039] - ] -} diff --git a/CHANGELOG.md b/CHANGELOG.md index 897cdd2..605f16e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,8 +20,12 @@ Please file a bug if you notice a violation of semantic versioning. ### Added +- Add inspect-time secret redaction for command option state through `auth-sanitizer` integration. + ### Changed +- Redact the command options hash from `OAuth::TTY::Command#inspect` because it may contain credential-bearing CLI arguments. + ### Deprecated ### Removed diff --git a/Gemfile b/Gemfile index 88995d7..b01d44f 100644 --- a/Gemfile +++ b/Gemfile @@ -12,8 +12,8 @@ git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } # Include dependencies from .gemspec gemspec -# gem "oauth", ">= 1.1.0" -gem "oauth", github: "ruby-oauth/oauth", branch: "main" +gem "oauth", path: "../oauth" +gem "auth-sanitizer", path: "../auth-sanitizer" # Debugging eval_gemfile "gemfiles/modular/debug.gemfile" diff --git a/Gemfile.lock b/Gemfile.lock index fc0175a..31b6fbe 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,13 +10,20 @@ GIT rainbow yard -GIT - remote: https://github.com/ruby-oauth/oauth - revision: 0430b449f51e3006fdfeea62c080bdfc85307d5f - branch: main +PATH + remote: ../auth-sanitizer + specs: + auth-sanitizer (0.1.0) + version_gem (~> 1.1, >= 1.1.9) + +PATH + remote: ../oauth specs: - oauth (1.1.1) - oauth-tty (~> 1.0, >= 1.0.1) + oauth (1.1.3) + auth-sanitizer (~> 0.1) + base64 (~> 0.1) + cgi + oauth-tty (~> 1.0, >= 1.0.6) snaky_hash (~> 2.0) version_gem (~> 1.1, >= 1.1.9) @@ -24,97 +31,96 @@ PATH remote: . specs: oauth-tty (1.0.6) + auth-sanitizer (~> 0.1) + cgi version_gem (~> 1.1, >= 1.1.9) GEM remote: https://rubygems.org/ specs: - addressable (2.8.7) - public_suffix (>= 2.0.2, < 7.0) - ansi (1.5.0) - appraisal2 (3.0.0) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) + ansi (1.6.0) + appraisal2 (3.0.6) bundler (>= 1.17.3) rake (>= 10) thor (>= 0.14) ast (2.4.3) - backports (3.25.1) + backports (3.25.3) base64 (0.3.0) - benchmark (0.4.1) - bigdecimal (3.2.3) - bundler-audit (0.9.2) - bundler (>= 1.2.0, < 3) + benchmark (0.5.0) + bigdecimal (4.1.2) + bundler-audit (0.9.3) + bundler (>= 1.2.0) thor (~> 1.0) - concurrent-ruby (1.3.5) - crack (1.0.0) + cgi (0.5.1) + concurrent-ruby (1.3.6) + crack (1.0.1) bigdecimal rexml - date (3.4.1) - debug (1.11.0) + date (3.5.1) + debug (1.11.1) irb (~> 1.10) reline (>= 0.3.8) - delegate (0.4.0) + delegate (0.6.1) diff-lcs (1.6.2) diffy (3.4.4) docile (1.4.1) domain_name (0.6.20240107) - dry-configurable (1.3.0) - dry-core (~> 1.1) + dry-configurable (1.4.0) + dry-core (~> 1.0) zeitwerk (~> 2.6) - dry-core (1.1.0) + dry-core (1.2.0) concurrent-ruby (~> 1.0) logger zeitwerk (~> 2.6) - dry-inflector (1.2.0) + dry-inflector (1.3.1) dry-initializer (3.2.0) dry-logic (1.6.0) bigdecimal concurrent-ruby (~> 1.0) dry-core (~> 1.1) zeitwerk (~> 2.6) - dry-schema (1.14.1) + dry-schema (1.16.0) concurrent-ruby (~> 1.0) dry-configurable (~> 1.0, >= 1.0.1) dry-core (~> 1.1) dry-initializer (~> 3.2) - dry-logic (~> 1.5) - dry-types (~> 1.8) + dry-logic (~> 1.6) + dry-types (~> 1.9, >= 1.9.1) zeitwerk (~> 2.6) - dry-types (1.8.3) - bigdecimal (~> 3.0) + dry-types (1.9.1) + bigdecimal (>= 3.0) concurrent-ruby (~> 1.0) dry-core (~> 1.0) dry-inflector (~> 1.0) dry-logic (~> 1.4) zeitwerk (~> 2.6) - erb (5.0.2) - ethon (0.15.0) + erb (5.1.3) + ethon (0.18.0) ffi (>= 1.15.0) - ffi (1.17.2-aarch64-linux-gnu) - ffi (1.17.2-aarch64-linux-musl) - ffi (1.17.2-arm-linux-gnu) - ffi (1.17.2-arm-linux-musl) - ffi (1.17.2-arm64-darwin) - ffi (1.17.2-x86_64-darwin) - ffi (1.17.2-x86_64-linux-gnu) - ffi (1.17.2-x86_64-linux-musl) + logger + ffi (1.17.4-x86_64-linux-gnu) gem_bench (2.0.5) bundler (>= 1.14) version_gem (~> 1.1, >= 1.1.4) gitmoji-regex (1.0.3) version_gem (~> 1.1, >= 1.1.8) hashdiff (1.2.1) - hashie (5.0.0) + hashie (5.1.0) + logger http-accept (1.7.0) - http-cookie (1.0.8) + http-cookie (1.1.6) domain_name (~> 0.5) - io-console (0.8.1) - irb (1.15.2) + io-console (0.8.2) + irb (1.18.0) pp (>= 0.6.0) + prism (>= 1.3.0) rdoc (>= 4.0.0) reline (>= 0.4.2) - json (2.14.1) - kettle-dev (1.1.29) - kettle-soup-cover (1.0.10) + json (2.19.5) + kettle-dev (1.2.4) + kettle-soup-cover (1.1.1) simplecov (~> 0.22) simplecov-cobertura (~> 3.0) simplecov-console (~> 0.9, >= 0.9.3) @@ -122,18 +128,20 @@ GEM simplecov-lcov (~> 0.8) simplecov-rcov (~> 0.3, >= 0.3.7) simplecov_json_formatter (~> 0.1, >= 0.1.4) - version_gem (~> 1.1, >= 1.1.8) - kettle-test (1.0.3) - appraisal2 (~> 3.0) + version_gem (~> 1.1, >= 1.1.9) + kettle-test (1.0.10) + appraisal2 (~> 3.0, >= 3.0.2) + backports (~> 3.0) rspec (~> 3.0) rspec-block_is_expected (~> 1.0, >= 1.0.6) + rspec-pending_for (~> 0.1, >= 0.1.19) rspec-stubbed_env (~> 1.0, >= 1.0.4) rspec_junit_formatter (~> 0.6) silent_stream (~> 1.0, >= 1.0.12) timecop-rspec (~> 1.0, >= 1.0.3) - version_gem (~> 1.1, >= 1.1.8) - kramdown (2.5.1) - rexml (>= 3.3.9) + version_gem (~> 1.1, >= 1.1.9) + kramdown (2.5.2) + rexml (>= 3.4.4) kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) language_server-protocol (3.17.0.5) @@ -142,59 +150,47 @@ GEM mime-types (3.7.0) logger mime-types-data (~> 3.2025, >= 3.2025.0507) - mime-types-data (3.2025.0916) - mocha (2.7.1) + mime-types-data (3.2026.0414) + mocha (3.1.0) ruby2_keywords (>= 0.0.5) mutex_m (0.3.0) netrc (0.11.0) - nokogiri (1.18.10-aarch64-linux-gnu) - racc (~> 1.4) - nokogiri (1.18.10-aarch64-linux-musl) - racc (~> 1.4) - nokogiri (1.18.10-arm-linux-gnu) - racc (~> 1.4) - nokogiri (1.18.10-arm-linux-musl) - racc (~> 1.4) - nokogiri (1.18.10-arm64-darwin) - racc (~> 1.4) - nokogiri (1.18.10-x86_64-darwin) - racc (~> 1.4) - nokogiri (1.18.10-x86_64-linux-gnu) - racc (~> 1.4) - nokogiri (1.18.10-x86_64-linux-musl) + nokogiri (1.19.3-x86_64-linux-gnu) racc (~> 1.4) ostruct (0.6.3) - parallel (1.27.0) - parser (3.3.9.0) + parallel (1.28.0) + parser (3.3.11.1) ast (~> 2.4.1) racc - pp (0.6.2) + pp (0.6.3) prettyprint prettyprint (0.2.0) - prism (1.5.1) - psych (5.2.6) + prism (1.9.0) + psych (5.3.1) date stringio - public_suffix (6.0.2) + public_suffix (7.0.5) racc (1.8.1) - rack (2.2.17) + rack (2.2.23) rack-test (2.2.0) rack (>= 1.3) rainbow (3.1.1) - rake (13.3.0) - rbs (3.9.5) + rake (13.4.2) + rbs (3.10.4) logger - rdoc (6.14.2) + tsort + rdoc (6.17.0) erb psych (>= 4.0.0) + tsort reek (6.5.0) dry-schema (~> 1.13) logger (~> 1.6) parser (~> 3.3.0) rainbow (>= 2.0, < 4.0) rexml (~> 3.1) - regexp_parser (2.11.3) - reline (0.6.2) + regexp_parser (2.12.0) + reline (0.6.3) io-console (~> 0.5) require_bench (1.0.4) version_gem (>= 1.1.3, < 4) @@ -204,29 +200,29 @@ GEM mime-types (>= 1.16, < 4.0) netrc (~> 0.8) rexml (3.4.4) - rspec (3.13.1) + rspec (3.13.2) rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) rspec-mocks (~> 3.13.0) rspec-block_is_expected (1.0.6) - rspec-core (3.13.5) + rspec-core (3.13.6) rspec-support (~> 3.13.0) rspec-expectations (3.13.5) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-mocks (3.13.5) + rspec-mocks (3.13.8) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-pending_for (0.1.19) + rspec-pending_for (0.1.20) rspec-core (~> 3.0) ruby_engine (~> 2.0) ruby_version (~> 1.0) version_gem (~> 1.1, >= 1.1.8) rspec-stubbed_env (1.0.4) - rspec-support (3.13.6) + rspec-support (3.13.7) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.80.2) + rubocop (1.84.2) json (~> 2.3) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.1.0) @@ -234,12 +230,12 @@ GEM parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 2.9.3, < 3.0) - rubocop-ast (>= 1.46.0, < 2.0) + rubocop-ast (>= 1.49.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 4.0) - rubocop-ast (1.47.0) + rubocop-ast (1.49.1) parser (>= 3.3.7.2) - prism (~> 1.4) + prism (~> 1.7) rubocop-gradual (0.3.6) diff-lcs (>= 1.2.0, < 2.0) diffy (~> 3.0) @@ -252,7 +248,7 @@ GEM version_gem (>= 1.1.2, < 3) rubocop-md (1.2.4) rubocop (>= 1.45) - rubocop-on-rbs (1.8.0) + rubocop-on-rbs (1.9.1) lint_roller (~> 1.1) rbs (~> 3.5) rubocop (>= 1.72.1, < 2.0) @@ -260,16 +256,16 @@ GEM rubocop-packaging (0.6.0) lint_roller (~> 1.1.0) rubocop (>= 1.72.1, < 2.0) - rubocop-performance (1.25.0) + rubocop-performance (1.26.1) lint_roller (~> 1.1) rubocop (>= 1.75.0, < 2.0) - rubocop-ast (>= 1.38.0, < 2.0) + rubocop-ast (>= 1.47.1, < 2.0) rubocop-rake (0.7.1) lint_roller (~> 1.1) rubocop (>= 1.72.1) - rubocop-rspec (3.7.0) + rubocop-rspec (3.9.0) lint_roller (~> 1.1) - rubocop (~> 1.72, >= 1.72.1) + rubocop (~> 1.81) rubocop-ruby2_3 (2.0.5) rubocop-gradual (~> 0.3, >= 0.3.1) rubocop-md (~> 1.2) @@ -278,7 +274,7 @@ GEM rubocop-thread_safety (~> 0.5, >= 0.5.1) standard-rubocop-lts (~> 1.0, >= 1.0.7) version_gem (>= 1.1.3, < 3) - rubocop-shopify (2.17.1) + rubocop-shopify (2.18.0) rubocop (~> 1.62) rubocop-thread_safety (0.7.3) lint_roller (~> 1.1) @@ -298,7 +294,7 @@ GEM simplecov-cobertura (3.1.0) rexml simplecov (~> 0.19) - simplecov-console (0.9.4) + simplecov-console (0.9.5) ansi simplecov terminal-table @@ -310,65 +306,59 @@ GEM snaky_hash (2.0.3) hashie (>= 0.1.0, < 6) version_gem (>= 1.1.8, < 3) - standard (1.51.1) + standard (1.54.0) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) - rubocop (~> 1.80.2) + rubocop (~> 1.84.0) standard-custom (~> 1.0.0) standard-performance (~> 1.8) standard-custom (1.0.2) lint_roller (~> 1.0) rubocop (~> 1.50) - standard-performance (1.8.0) + standard-performance (1.9.0) lint_roller (~> 1.1) - rubocop-performance (~> 1.25.0) + rubocop-performance (~> 1.26.0) standard-rubocop-lts (1.0.10) rspec-block_is_expected (~> 1.0, >= 1.0.5) standard (>= 1.35.1, < 2) standard-custom (>= 1.0.2, < 2) standard-performance (>= 1.3.1, < 2) version_gem (>= 1.1.4, < 3) - stone_checksums (1.0.2) - version_gem (~> 1.1, >= 1.1.8) - stringio (3.1.7) + stone_checksums (1.0.3) + version_gem (~> 1.1, >= 1.1.9) + stringio (3.2.0) terminal-table (4.0.0) unicode-display_width (>= 1.1.1, < 4) - thor (1.4.0) - timecop (0.9.10) + thor (1.5.0) + timecop (0.9.11) timecop-rspec (1.0.3) delegate (~> 0.1) rspec (~> 3.0) timecop (>= 0.7, < 1) - typhoeus (1.5.0) - ethon (>= 0.9.0, < 0.16.0) + tsort (0.2.0) + typhoeus (1.6.0) + ethon (>= 0.18.0) unicode-display_width (3.2.0) unicode-emoji (~> 4.1) - unicode-emoji (4.1.0) - vcr (6.3.1) - base64 + unicode-emoji (4.2.0) + vcr (6.4.0) version_gem (1.1.9) - webmock (3.25.1) + webmock (3.26.2) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - yard (0.9.37) + yard (0.9.43) yard-relative_markdown_links (0.5.0) nokogiri (>= 1.14.3, < 2) - zeitwerk (2.7.3) - zlib (3.2.1) + zeitwerk (2.7.5) + zlib (3.2.3) PLATFORMS - aarch64-linux-gnu - aarch64-linux-musl - arm-linux-gnu - arm-linux-musl - arm64-darwin - x86_64-darwin - x86_64-linux-gnu - x86_64-linux-musl + x86_64-linux DEPENDENCIES appraisal2 (~> 3.0) + auth-sanitizer! backports (~> 3.25, >= 3.25.1) benchmark (~> 0.4, >= 0.4.1) bundler-audit (~> 0.9.2) @@ -382,17 +372,17 @@ DEPENDENCIES kettle-test (~> 1.0) kramdown (~> 2.5, >= 2.5.1) kramdown-parser-gfm (~> 1.1) - mocha + mocha (~> 3.0) mutex_m (~> 0.2) oauth! oauth-tty! rack (~> 2.0) - rack-test + rack-test (~> 2.0) rake (~> 13.0) rdoc (~> 6.11) reek (~> 6.5) require_bench (~> 1.0, >= 1.0.4) - rest-client + rest-client (~> 2.1) rspec-pending_for (~> 0.0, >= 0.0.17) rubocop-lts (~> 10.0) rubocop-on-rbs (~> 1.8) diff --git a/lib/oauth/tty.rb b/lib/oauth/tty.rb index 4195145..16ce7e7 100644 --- a/lib/oauth/tty.rb +++ b/lib/oauth/tty.rb @@ -4,6 +4,7 @@ require "optparse" # external gems +require "auth/sanitizer" require "version_gem" # For initial release as a standalone gem, this gem must not declare oauth as a dependency, diff --git a/lib/oauth/tty/cli.rb b/lib/oauth/tty/cli.rb index d6b1d79..64ab5bf 100644 --- a/lib/oauth/tty/cli.rb +++ b/lib/oauth/tty/cli.rb @@ -3,8 +3,10 @@ module OAuth module TTY class CLI - def self.puts_red(string) - puts "\033[0;91m#{string}\033[0m" + class << self + def puts_red(string) + puts "\033[0;91m#{string}\033[0m" + end end ALIASES = { diff --git a/lib/oauth/tty/command.rb b/lib/oauth/tty/command.rb index a810758..f5e3b00 100644 --- a/lib/oauth/tty/command.rb +++ b/lib/oauth/tty/command.rb @@ -2,7 +2,18 @@ module OAuth module TTY + # Base class for oauth-tty commands. + # + # Includes {Auth::Sanitizer::FilteredAttributes} so inspect output redacts + # the accumulated command options hash, which may contain consumer or token + # secrets read from CLI flags or option files. class Command + include Auth::Sanitizer::FilteredAttributes + + # Redact parser-related state from inspect output because it can include + # credential-bearing CLI arguments and parser internals that retain them. + filtered_attributes :options, :option_parser + def initialize(stdout, stdin, stderr, arguments) @stdout = stdout @stdin = stdin @@ -12,6 +23,17 @@ def initialize(stdout, stdin, stderr, arguments) option_parser.parse!(arguments) end + def inspect + format( + "#<%s:0x%x @stdout=%s, @stdin=%s, @stderr=%s, @options=[FILTERED], @option_parser=[FILTERED]>", + klass: self.class, + object_id: object_id, + stdout: @stdout.inspect, + stdin: @stdin.inspect, + stderr: @stderr.inspect, + ) + end + def run missing = required_options - options.keys if missing.empty? diff --git a/oauth-tty.gemspec b/oauth-tty.gemspec index 00326a8..7949300 100644 --- a/oauth-tty.gemspec +++ b/oauth-tty.gemspec @@ -94,7 +94,11 @@ Gem::Specification.new do |spec| # Listed files are the relative paths from bindir above. spec.executables = ["oauth"] + # Standard Library Extracted Gems + spec.add_dependency("cgi", ">= 0") + # Utilities + spec.add_dependency("auth-sanitizer", "~> 0.1") spec.add_dependency("version_gem", "~> 1.1", ">= 1.1.9") # ruby >= 2.2.0 # NOTE: It is preferable to list development dependencies in the gemspec due to increased @@ -125,10 +129,10 @@ Gem::Specification.new do |spec| # Testing spec.add_development_dependency("appraisal2", "~> 3.0") # ruby >= 1.8.7, for testing against multiple versions of dependencies spec.add_development_dependency("kettle-test", "~> 1.0") # ruby >= 2.3 - spec.add_development_dependency("mocha") + spec.add_development_dependency("mocha", "~> 3.0") spec.add_development_dependency("rack", "~> 2.0") - spec.add_development_dependency("rack-test") - spec.add_development_dependency("rest-client") + spec.add_development_dependency("rack-test", "~> 2.0") + spec.add_development_dependency("rest-client", "~> 2.1") spec.add_development_dependency("rspec-pending_for", "~> 0.0", ">= 0.0.17") # ruby >= 2.3, used to skip specs on incompatible Rubies spec.add_development_dependency("typhoeus", ">= 0.1.13") diff --git a/sig/oauth/tty/command.rbs b/sig/oauth/tty/command.rbs new file mode 100644 index 0000000..0891ece --- /dev/null +++ b/sig/oauth/tty/command.rbs @@ -0,0 +1,15 @@ +module OAuth + module TTY + class Command + include Auth::Sanitizer::FilteredAttributes + + def initialize: (untyped stdout, untyped stdin, untyped stderr, untyped arguments) -> void + def run: () -> untyped + def required_options: () -> Array[untyped] + + private + + attr_reader options: untyped + end + end +end diff --git a/spec/config/debug.rb b/spec/config/debug.rb index 310c26c..cf34019 100644 --- a/spec/config/debug.rb +++ b/spec/config/debug.rb @@ -1,4 +1,3 @@ load_debugger = ENV.fetch("DEBUG", "false").casecmp("true").zero? -puts "LOADING DEBUGGER: #{load_debugger}" if load_debugger require "debug" if load_debugger diff --git a/spec/config/vcr.rb b/spec/config/vcr.rb index 0c7362a..6d802ee 100644 --- a/spec/config/vcr.rb +++ b/spec/config/vcr.rb @@ -1,4 +1,6 @@ # VCR/WebMock: record and replay HTTP to external services (RubyGems, GitHub, etc.) +require "cgi" +require "cgi/core" unless CGI.respond_to?(:parse) require "webmock/rspec" require "vcr" VCR.configure do |c| diff --git a/spec/oauth/backwards_compatibility_spec.rb b/spec/oauth/backwards_compatibility_spec.rb deleted file mode 100644 index f691d24..0000000 --- a/spec/oauth/backwards_compatibility_spec.rb +++ /dev/null @@ -1,8 +0,0 @@ -# frozen_string_literal: true - -RSpec.describe "Backwards compatibility" do - it "aliases OAuth::CLI to OAuth::TTY::CLI" do - require "oauth/cli" - expect(OAuth::CLI).to be(OAuth::TTY::CLI) - end -end diff --git a/spec/oauth/cli_spec.rb b/spec/oauth/cli_spec.rb new file mode 100644 index 0000000..66ad241 --- /dev/null +++ b/spec/oauth/cli_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require "oauth/cli" + +RSpec.describe OAuth::CLI do + it "aliases OAuth::CLI to OAuth::TTY::CLI" do + expect(described_class).to be(OAuth::TTY::CLI) + end +end diff --git a/spec/oauth/tty/cli_spec.rb b/spec/oauth/tty/cli_spec.rb index 9514dfc..b77769d 100644 --- a/spec/oauth/tty/cli_spec.rb +++ b/spec/oauth/tty/cli_spec.rb @@ -106,12 +106,11 @@ def parse(command) end it "performs query and prints request/response" do - consumer = instance_double("OAuth::Consumer") - access_token = instance_double("OAuth::AccessToken") - response = instance_double("Response", code: "!code!", message: "!message!", body: "!body!") + consumer = instance_double(OAuth::Consumer) + access_token = instance_double(OAuth::AccessToken) + response = instance_double(Net::HTTPResponse, code: "!code!", message: "!message!", body: "!body!") - allow(OAuth::Helper).to receive(:generate_key).and_return("GENERATE_KEY") - allow(OAuth::Helper).to receive(:generate_timestamp).and_return("GENERATE_TIMESTAMP") + allow(OAuth::Helper).to receive_messages(generate_key: "GENERATE_KEY", generate_timestamp: "GENERATE_TIMESTAMP") expect(OAuth::Consumer).to receive(:new) do |key, secret, options| expect(key).to eq("oauth_consumer_key") @@ -127,7 +126,7 @@ def parse(command) access_token end - expect(access_token).to receive(:request).with(:post, "http://example.com/oauth/url?oauth_consumer_key=oauth_consumer_key&oauth_nonce=GENERATE_KEY&oauth_timestamp=GENERATE_TIMESTAMP&oauth_token=TOKEN&oauth_signature_method=HMAC-SHA1&oauth_version=1.0").and_return(response) + allow(access_token).to receive(:request).with(:post, "http://example.com/oauth/url?oauth_consumer_key=oauth_consumer_key&oauth_nonce=GENERATE_KEY&oauth_timestamp=GENERATE_TIMESTAMP&oauth_token=TOKEN&oauth_signature_method=HMAC-SHA1&oauth_version=1.0").and_return(response) out = run_command %w[ query @@ -151,12 +150,11 @@ def parse(command) end it "performs authorize and prompts/prints response" do - access_token = instance_double("OAuth::AccessToken", params: {}) - consumer = instance_double("OAuth::Consumer") - request_token = instance_double("OAuth::RequestToken") + access_token = instance_double(OAuth::AccessToken, params: {}) + consumer = instance_double(OAuth::Consumer) + request_token = instance_double(OAuth::RequestToken) - allow(OAuth::Helper).to receive(:generate_key).and_return("GENERATE_KEY") - allow(OAuth::Helper).to receive(:generate_timestamp).and_return("GENERATE_TIMESTAMP") + allow(OAuth::Helper).to receive_messages(generate_key: "GENERATE_KEY", generate_timestamp: "GENERATE_TIMESTAMP") expect(OAuth::Consumer).to receive(:new) do |key, secret, options| expected = {access_token_url: nil, authorize_url: nil, request_token_url: nil, scheme: :header, http_method: :get} @@ -166,10 +164,9 @@ def parse(command) consumer end - expect(consumer).to receive(:get_request_token).with({oauth_callback: nil}, {}).and_return(request_token) - expect(request_token).to receive(:callback_confirmed?).and_return(false) - expect(request_token).to receive(:authorize_url).and_return("!url1!") - expect(request_token).to receive(:get_access_token).with({oauth_verifier: nil}).and_return(access_token) + allow(consumer).to receive(:get_request_token).with({oauth_callback: nil}, {}).and_return(request_token) + allow(request_token).to receive_messages(callback_confirmed?: false, authorize_url: "!url1!") + allow(request_token).to receive(:get_access_token).with({oauth_verifier: nil}).and_return(access_token) out = run_command %w[ authorize @@ -192,12 +189,11 @@ def parse(command) end it "signs a request and prints signature details and value" do - access_token = instance_double("OAuth::AccessToken", params: {}) - consumer = instance_double("OAuth::Consumer") - request_token = instance_double("OAuth::RequestToken") + access_token = instance_double(OAuth::AccessToken, params: {}) + consumer = instance_double(OAuth::Consumer) + request_token = instance_double(OAuth::RequestToken) - allow(OAuth::Helper).to receive(:generate_key).and_return("GENERATE_KEY") - allow(OAuth::Helper).to receive(:generate_timestamp).and_return("GENERATE_TIMESTAMP") + allow(OAuth::Helper).to receive_messages(generate_key: "GENERATE_KEY", generate_timestamp: "GENERATE_TIMESTAMP") expect(OAuth::Consumer).to receive(:new) do |key, secret, options| expected = {access_token_url: nil, authorize_url: nil, request_token_url: nil, scheme: :header, http_method: :get} @@ -207,10 +203,9 @@ def parse(command) consumer end - expect(consumer).to receive(:get_request_token).with({oauth_callback: nil}, {}).and_return(request_token) - expect(request_token).to receive(:callback_confirmed?).and_return(false) - expect(request_token).to receive(:authorize_url).and_return("!url1!") - expect(request_token).to receive(:get_access_token).with({oauth_verifier: nil}).and_return(access_token) + allow(consumer).to receive(:get_request_token).with({oauth_callback: nil}, {}).and_return(request_token) + allow(request_token).to receive_messages(callback_confirmed?: false, authorize_url: "!url1!") + allow(request_token).to receive(:get_access_token).with({oauth_verifier: nil}).and_return(access_token) out = [] diff --git a/spec/oauth/tty/command_spec.rb b/spec/oauth/tty/command_spec.rb index c2a1e7e..169adc6 100644 --- a/spec/oauth/tty/command_spec.rb +++ b/spec/oauth/tty/command_spec.rb @@ -5,26 +5,27 @@ let(:stdin) { StringIO.new } let(:stderr) { StringIO.new } - # Minimal concrete subclass to enable exercising #run paths - class TestCommand < described_class - attr_writer :required - - def initialize(stdout, stdin, stderr, arguments) - super - @required ||= [] - end - - def required_options - @required - end - - def _run - puts "ran" # use provided stdout + let(:test_command_class) do + Class.new(described_class) do + attr_writer :required + + def initialize(stdout, stdin, stderr, arguments) + super + @required ||= [] + end + + def required_options + @required + end + + def _run + @stdout.puts "ran" + end end end def build_cmd(args = []) - TestCommand.new(stdout, stdin, stderr, args) + test_command_class.new(stdout, stdin, stderr, args) end describe "#run", :check_output do diff --git a/spec/oauth/tty/commands/authorize_command_spec.rb b/spec/oauth/tty/commands/authorize_command_spec.rb index b35528c..8645219 100644 --- a/spec/oauth/tty/commands/authorize_command_spec.rb +++ b/spec/oauth/tty/commands/authorize_command_spec.rb @@ -11,25 +11,23 @@ def build_cmd(args = []) describe "#_run happy path with callback confirmed", :check_output do it "sets version to 1.0a and prompts for verifier, then prints response params" do - consumer = instance_double("OAuth::Consumer") - request_token = instance_double("OAuth::RequestToken") - access_token = instance_double("OAuth::AccessToken", params: {"oauth_token" => "OTK", :symbol_key => "ignored"}) + consumer = instance_double(OAuth::Consumer) + request_token = instance_double(OAuth::RequestToken) + access_token = instance_double(OAuth::AccessToken, params: {"oauth_token" => "OTK", :symbol_key => "ignored"}) # Provide deterministic nonce/timestamp used by defaults through Command - allow(OAuth::Helper).to receive(:generate_key).and_return("KEY") - allow(OAuth::Helper).to receive(:generate_timestamp).and_return("TS") + allow(OAuth::Helper).to receive_messages(generate_key: "KEY", generate_timestamp: "TS") - expect(OAuth::Consumer).to receive(:new).and_return(consumer) - expect(consumer).to receive(:get_request_token).with({oauth_callback: nil}, {}).and_return(request_token) + allow(OAuth::Consumer).to receive(:new).and_return(consumer) + allow(consumer).to receive(:get_request_token).with({oauth_callback: nil}, {}).and_return(request_token) - expect(request_token).to receive(:callback_confirmed?).and_return(true) - expect(request_token).to receive(:authorize_url).and_return("https://example.com/authorize") + allow(request_token).to receive_messages(callback_confirmed?: true, authorize_url: "https://example.com/authorize") # stdin provides a verifier when version is 1.0a stdin.write("VERIFIER\n") stdin.rewind - expect(request_token).to receive(:get_access_token).with({oauth_verifier: "VERIFIER"}).and_return(access_token) + allow(request_token).to receive(:get_access_token).with({oauth_verifier: "VERIFIER"}).and_return(access_token) stdout.string.dup build_cmd(%w[--consumer-key CK --consumer-secret CS --method GET --uri https://example.com]).run @@ -49,12 +47,12 @@ def build_cmd(args = []) describe "error handling", :check_output do it "alerts when get_request_token raises OAuth::Unauthorized" do - consumer = instance_double("OAuth::Consumer") + consumer = instance_double(OAuth::Consumer) - expect(OAuth::Consumer).to receive(:new).and_return(consumer) - Request = Struct.new(:body, :code, :message) - error = OAuth::Unauthorized.new(Request.new("denied", 401, "401 Unauthorized")) - expect(consumer).to receive(:get_request_token).and_raise(error) + allow(OAuth::Consumer).to receive(:new).and_return(consumer) + request_class = Struct.new(:body, :code, :message) + error = OAuth::Unauthorized.new(request_class.new("denied", 401, "401 Unauthorized")) + allow(consumer).to receive(:get_request_token).and_raise(error) build_cmd(%w[--consumer-key CK --consumer-secret CS --uri https://example.com]).send(:get_request_token) @@ -65,16 +63,15 @@ def build_cmd(args = []) end it "alerts when get_access_token raises OAuth::Unauthorized" do - consumer = instance_double("OAuth::Consumer") - request_token = instance_double("OAuth::RequestToken") - expect(OAuth::Consumer).to receive(:new).and_return(consumer) - expect(consumer).to receive(:get_request_token).and_return(request_token) - - Request2 = Struct.new(:body, :code, :message) - error = OAuth::Unauthorized.new(Request2.new("bad_access", 401, "401 Unauthorized")) - expect(request_token).to receive(:callback_confirmed?).and_return(false) - expect(request_token).to receive(:authorize_url).and_return("https://example.com/authorize") - expect(request_token).to receive(:get_access_token).and_raise(error) + consumer = instance_double(OAuth::Consumer) + request_token = instance_double(OAuth::RequestToken) + allow(OAuth::Consumer).to receive(:new).and_return(consumer) + allow(consumer).to receive(:get_request_token).and_return(request_token) + + request_class = Struct.new(:body, :code, :message) + error = OAuth::Unauthorized.new(request_class.new("bad_access", 401, "401 Unauthorized")) + allow(request_token).to receive_messages(callback_confirmed?: false, authorize_url: "https://example.com/authorize") + allow(request_token).to receive(:get_access_token).and_raise(error) build_cmd(%w[--consumer-key CK --consumer-secret CS --uri https://example.com]).run diff --git a/spec/oauth/tty/commands/query_command_spec.rb b/spec/oauth/tty/commands/query_command_spec.rb index b316b4d..49f3c12 100644 --- a/spec/oauth/tty/commands/query_command_spec.rb +++ b/spec/oauth/tty/commands/query_command_spec.rb @@ -17,13 +17,13 @@ def run_cli(command, argv) it "appends parameters to the URI, performs the request, and prints status and body" do # Stub network objects so we don't make real HTTP calls - consumer = instance_double("OAuth::Consumer") + consumer = instance_double(OAuth::Consumer) allow(OAuth::Consumer).to receive(:new).and_return(consumer) - access_token = instance_double("OAuth::AccessToken") + access_token = instance_double(OAuth::AccessToken) allow(OAuth::AccessToken).to receive(:new).with(consumer, "at_789", "ats_abc").and_return(access_token) - fake_response = instance_double("Net::HTTPResponse", code: "200", message: "OK", body: "Hello world") + fake_response = instance_double(Net::HTTPResponse, code: "200", message: "OK", body: "Hello world") # Build args uri = "https://api.example.com/v1/profile" @@ -52,7 +52,7 @@ def run_cli(command, argv) expected_url = "#{uri}?oauth_consumer_key=ck_123&oauth_nonce=abc123&oauth_timestamp=1699999999&oauth_token=at_789&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&foo=bar&status=active" - expect(access_token).to receive(:request).with(:get, expected_url).and_return(fake_response) + allow(access_token).to receive(:request).with(:get, expected_url).and_return(fake_response) out = run_cli("query", argv) diff --git a/spec/oauth/tty/commands/sign_command_spec.rb b/spec/oauth/tty/commands/sign_command_spec.rb index d625146..1ec08ef 100644 --- a/spec/oauth/tty/commands/sign_command_spec.rb +++ b/spec/oauth/tty/commands/sign_command_spec.rb @@ -18,6 +18,27 @@ def run_cli(command, argv) out end + it "redacts options from inspect" do + command = described_class.new(stdout, stdin, stderr, [ + "--consumer-key", + "ck_123", + "--consumer-secret", + "cs_456", + "--token", + "at_789", + "--secret", + "ats_abc", + ]) + + inspected = command.inspect + + expect(inspected).to include("[FILTERED]") + expect(inspected).not_to include("ck_123") + expect(inspected).not_to include("cs_456") + expect(inspected).not_to include("at_789") + expect(inspected).not_to include("ats_abc") + end + it "loads options from a file with -O and produces same signature as inline args (quoted values supported)" do require "shellwords" # Signature via -O file diff --git a/spec/oauth/tty_spec.rb b/spec/oauth/tty_spec.rb deleted file mode 100644 index 38ebf03..0000000 --- a/spec/oauth/tty_spec.rb +++ /dev/null @@ -1,4 +0,0 @@ -# frozen_string_literal: true - -RSpec.describe OAuth::TTY do -end From f1602cbfe1824b017ed799acc50e4ca50be30cf3 Mon Sep 17 00:00:00 2001 From: autobolt Date: Fri, 15 May 2026 00:41:09 -0600 Subject: [PATCH 02/10] =?UTF-8?q?=F0=9F=94=A5=20Remove=20CodeTriage=20badg?= =?UTF-8?q?es?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 1acd556..9b29ce4 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ # ๐Ÿ–ฅ๏ธ OAuth::TTY -[![Version][๐Ÿ‘ฝversioni]][๐Ÿ‘ฝversion] [![GitHub tag (latest SemVer)][โ›ณ๏ธtag-img]][โ›ณ๏ธtag] [![License: MIT][๐Ÿ“„license-img]][๐Ÿ“„license-ref] [![Downloads Rank][๐Ÿ‘ฝdl-ranki]][๐Ÿ‘ฝdl-rank] [![Open Source Helpers][๐Ÿ‘ฝoss-helpi]][๐Ÿ‘ฝoss-help] [![CodeCov Test Coverage][๐Ÿ€codecovi]][๐Ÿ€codecov] [![Coveralls Test Coverage][๐Ÿ€coveralls-img]][๐Ÿ€coveralls] [![QLTY Test Coverage][๐Ÿ€qlty-covi]][๐Ÿ€qlty-cov] [![QLTY Maintainability][๐Ÿ€qlty-mnti]][๐Ÿ€qlty-mnt] [![CI Heads][๐ŸšŽ3-hd-wfi]][๐ŸšŽ3-hd-wf] [![CI Runtime Dependencies @ HEAD][๐ŸšŽ12-crh-wfi]][๐ŸšŽ12-crh-wf] [![CI Current][๐ŸšŽ11-c-wfi]][๐ŸšŽ11-c-wf] [![CI Truffle Ruby][๐ŸšŽ9-t-wfi]][๐ŸšŽ9-t-wf] [![CI JRuby][๐ŸšŽ10-j-wfi]][๐ŸšŽ10-j-wf] [![Deps Locked][๐ŸšŽ13-๐Ÿ”’๏ธ-wfi]][๐ŸšŽ13-๐Ÿ”’๏ธ-wf] [![Deps Unlocked][๐ŸšŽ14-๐Ÿ”“๏ธ-wfi]][๐ŸšŽ14-๐Ÿ”“๏ธ-wf] [![CI Supported][๐ŸšŽ6-s-wfi]][๐ŸšŽ6-s-wf] [![CI Legacy][๐ŸšŽ4-lg-wfi]][๐ŸšŽ4-lg-wf] [![CI Unsupported][๐ŸšŽ7-us-wfi]][๐ŸšŽ7-us-wf] [![CI Ancient][๐ŸšŽ1-an-wfi]][๐ŸšŽ1-an-wf] [![CI Test Coverage][๐ŸšŽ2-cov-wfi]][๐ŸšŽ2-cov-wf] [![CI Style][๐ŸšŽ5-st-wfi]][๐ŸšŽ5-st-wf] [![CodeQL][๐Ÿ–codeQL-img]][๐Ÿ–codeQL] [![Apache SkyWalking Eyes License Compatibility Check][๐ŸšŽ15-๐Ÿชช-wfi]][๐ŸšŽ15-๐Ÿชช-wf] +[![Version][๐Ÿ‘ฝversioni]][๐Ÿ‘ฝversion] [![GitHub tag (latest SemVer)][โ›ณ๏ธtag-img]][โ›ณ๏ธtag] [![License: MIT][๐Ÿ“„license-img]][๐Ÿ“„license-ref] [![Downloads Rank][๐Ÿ‘ฝdl-ranki]][๐Ÿ‘ฝdl-rank] [![CodeCov Test Coverage][๐Ÿ€codecovi]][๐Ÿ€codecov] [![Coveralls Test Coverage][๐Ÿ€coveralls-img]][๐Ÿ€coveralls] [![QLTY Test Coverage][๐Ÿ€qlty-covi]][๐Ÿ€qlty-cov] [![QLTY Maintainability][๐Ÿ€qlty-mnti]][๐Ÿ€qlty-mnt] [![CI Heads][๐ŸšŽ3-hd-wfi]][๐ŸšŽ3-hd-wf] [![CI Runtime Dependencies @ HEAD][๐ŸšŽ12-crh-wfi]][๐ŸšŽ12-crh-wf] [![CI Current][๐ŸšŽ11-c-wfi]][๐ŸšŽ11-c-wf] [![CI Truffle Ruby][๐ŸšŽ9-t-wfi]][๐ŸšŽ9-t-wf] [![CI JRuby][๐ŸšŽ10-j-wfi]][๐ŸšŽ10-j-wf] [![Deps Locked][๐ŸšŽ13-๐Ÿ”’๏ธ-wfi]][๐ŸšŽ13-๐Ÿ”’๏ธ-wf] [![Deps Unlocked][๐ŸšŽ14-๐Ÿ”“๏ธ-wfi]][๐ŸšŽ14-๐Ÿ”“๏ธ-wf] [![CI Supported][๐ŸšŽ6-s-wfi]][๐ŸšŽ6-s-wf] [![CI Legacy][๐ŸšŽ4-lg-wfi]][๐ŸšŽ4-lg-wf] [![CI Unsupported][๐ŸšŽ7-us-wfi]][๐ŸšŽ7-us-wf] [![CI Ancient][๐ŸšŽ1-an-wfi]][๐ŸšŽ1-an-wf] [![CI Test Coverage][๐ŸšŽ2-cov-wfi]][๐ŸšŽ2-cov-wf] [![CI Style][๐ŸšŽ5-st-wfi]][๐ŸšŽ5-st-wf] [![CodeQL][๐Ÿ–codeQL-img]][๐Ÿ–codeQL] [![Apache SkyWalking Eyes License Compatibility Check][๐ŸšŽ15-๐Ÿชช-wfi]][๐ŸšŽ15-๐Ÿชช-wf] `if ci_badges.map(&:color).detect { it != "green"}` โ˜๏ธ [let me know][๐Ÿ–ผ๏ธgaltzo-discord], as I may have missed the [discord notification][๐Ÿ–ผ๏ธgaltzo-discord]. @@ -572,8 +572,6 @@ Thanks for RTFM. โ˜บ๏ธ [๐Ÿ“œgh-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=github&logoColor=white [๐Ÿ‘ฝdl-rank]: https://rubygems.org/gems/oauth-tty [๐Ÿ‘ฝdl-ranki]: https://img.shields.io/gem/rd/oauth-tty.svg -[๐Ÿ‘ฝoss-help]: https://www.codetriage.com/ruby-oauth/oauth-tty -[๐Ÿ‘ฝoss-helpi]: https://www.codetriage.com/ruby-oauth/oauth-tty/badges/users.svg [๐Ÿ‘ฝversion]: https://rubygems.org/gems/oauth-tty [๐Ÿ‘ฝversioni]: https://img.shields.io/gem/v/oauth-tty.svg [๐Ÿ€qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth-tty From d73c58b0ceba540f661ee0aa22c7c8f45e3e1518 Mon Sep 17 00:00:00 2001 From: autobolt Date: Fri, 15 May 2026 11:50:31 -0600 Subject: [PATCH 03/10] =?UTF-8?q?=F0=9F=93=9D=20Incident=20Response=20Plan?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- IRP.md | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++++ SECURITY.md | 3 ++ 2 files changed, 110 insertions(+) create mode 100644 IRP.md diff --git a/IRP.md b/IRP.md new file mode 100644 index 0000000..419dfa6 --- /dev/null +++ b/IRP.md @@ -0,0 +1,107 @@ +# Incident Response Plan (IRP) + +Status: Draft + +## Purpose + +This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the `oauth-tty` gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable. + +## Scope + +Applies to security incidents that affect the `oauth-tty` codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users. + +## Key assumptions +- This project is maintained primarily by a single maintainer. +- Public vulnerability disclosure is handled via Tidelift (see `SECURITY.md`). +- The maintainer will act as incident commander unless otherwise delegated. + +## Contact & Roles + +- Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications. +- Secondary Contact: (optional) A trusted collaborator or organization contact if available. + +### If you are an external reporter +- Do not publicly disclose details of an active vulnerability before coordination via Tidelift. +- See `SECURITY.md` for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in `SECURITY.md` (if available) or email the maintainer contact listed in the repository. + +## Incident Handling Workflow (high level) +1. Identification & Reporting + - Reports may arrive via Tidelift, issue tracker, direct email, or third-party advisories. + - Immediately acknowledge receipt (within 24-72 hours) via the reporting channel. + +2. Triage & Initial Assessment (first 72 hours) + - Confirm the report is not duplicative and gather: reproducer, affected versions, attack surface, exploitability, and CVSS-like severity estimate. + - Verify the issue against the codebase and reproduce locally if possible. + - Determine scope: which versions are affected, whether the issue is in code paths executed in common setups, and whether a workaround exists. + +3. Containment & Mitigation + - If a simple mitigation or workaround (configuration change, safe default, or recommended upgrade) exists, document it clearly in the issue/Tidelift advisory. + - If immediate removal of a release is required (rare), consult Tidelift for coordinated takedown and notify package hosts if applicable. + +4. Remediation & Patch + - Prepare a fix in a branch with tests and changelog entries. Prefer minimal, well-tested changes. + - Include tests that reproduce the faulty behavior and demonstrate the fix. + - Hardening: add fuzz tests, input validation, or additional checks as appropriate. + +5. Release & Disclosure + - Coordinate disclosure through Tidelift per `SECURITY.md` timelines. Aim for a coordinated disclosure and patch release to minimize risk to users. + - Publish a patch release (increment gem version) and an advisory via Tidelift. + - Update `CHANGELOG.md` and repository release notes with non-sensitive details. + +6. Post-Incident + - Produce a short postmortem: timeline, root cause, actions taken, and follow-ups. + - Add/adjust tests and CI checks to prevent regressions. + - If credentials or infrastructure were compromised, rotate secrets and audit access. + +## Severity classification (guidance) +- High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching. +- Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory. +- Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release. + +## Preservation of evidence +- Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation. +- Do not publish evidence that would enable exploitation before coordinated disclosure. + +## Communication templates +Acknowledgement (to reporter) + +"Thank you for reporting this issue. I've received your report and will triage it within 72 hours. If you can, please provide reproduction steps, affected versions, and any exploit PoC. I will coordinate disclosure through Tidelift per the project's security policy." + +Public advisory (after patch is ready) + +"A security advisory for oauth-tty (versions X.Y.Z) has been published via Tidelift. Please upgrade to version A.B.C which patches [brief description]. See the advisory for details and recommended mitigations." + +## Runbook: Quick steps for a maintainer to patch and release +1. Create a branch: `git checkout -b fix/security-brief-description` +2. Reproduce the issue locally and add a regression spec in `spec/`. +3. Implement the fix and run the test suite: `bundle exec rspec` (or the project's preferred test command). +4. Bump version in `lib/oauth-tty/version.rb` following semantic versioning. +5. Update `CHANGELOG.md` with an entry describing the fix (avoid exploit details). +6. Commit and push the branch, open a PR, and merge after approvals. +7. Build and push the gem: `gem build oauth-tty.gemspec && gem push pkg/...` (coordinate with Tidelift before public push if disclosure is coordinated). +8. Publish a release on GitHub and ensure the Tidelift advisory is posted. + +## Operational notes +- Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services. +- Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place. + +## Legal & regulatory +- If the incident involves user data or has legal implications, consult legal counsel or the maintainers' employer as appropriate. The maintainer should document the timeline and all communications. + +## Retrospective & continuous improvement +After an incident, perform a brief post-incident review covering: +- What happened and why +- What was done to contain and remediate +- What tests or process changes will prevent recurrence +- Assign owners and deadlines for follow-up tasks + +## References +- See `SECURITY.md` for the project's official disclosure channel (Tidelift). + +## Appendix: Example checklist for an incident +- [ ] Acknowledge report to reporter (24-72 hours) +- [ ] Reproduce and classify severity +- [ ] Prepare and test a fix in a branch +- [ ] Coordinate disclosure via Tidelift +- [ ] Publish patch release and advisory +- [ ] Postmortem and follow-up actions diff --git a/SECURITY.md b/SECURITY.md index a319529..677d47f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,6 +12,8 @@ To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure. +More detailed explanation of the process is in [IRP.md][IRP]. + ## Additional Support If you are interested in support for versions older than the latest release, @@ -19,3 +21,4 @@ please consider sponsoring the project / maintainer @ https://liberapay.com/pbol or find other sponsorship links in the [README]. [README]: README.md +[IRP]: IRP.md From e4f8adeeea9b444ad0982de53826ba908ee207df Mon Sep 17 00:00:00 2001 From: autobolt Date: Fri, 15 May 2026 13:42:15 -0600 Subject: [PATCH 04/10] Use nomono for auth-sanitizer local override --- Gemfile | 17 ++++++++++++++++- Gemfile.lock | 9 ++------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index b01d44f..93ff9b0 100644 --- a/Gemfile +++ b/Gemfile @@ -13,7 +13,22 @@ git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } gemspec gem "oauth", path: "../oauth" -gem "auth-sanitizer", path: "../auth-sanitizer" + +unless %w[false 0 no off].include?(ENV.fetch("RUBY_OAUTH_DEV", "false").downcase) + begin + require "nomono/bundler" unless defined?(Nomono) + rescue LoadError + require_relative "../nomono/lib/nomono/bundler" + end + + eval_nomono_gems( + gems: %w[auth-sanitizer], + prefix: "RUBY_OAUTH", + path_env: "RUBY_OAUTH_DEV", + root: %w[code src ruby-oauth], + debug_env: "RUBY_OAUTH_DEBUG", + ) +end # Debugging eval_gemfile "gemfiles/modular/debug.gemfile" diff --git a/Gemfile.lock b/Gemfile.lock index 31b6fbe..2f26aac 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,12 +10,6 @@ GIT rainbow yard -PATH - remote: ../auth-sanitizer - specs: - auth-sanitizer (0.1.0) - version_gem (~> 1.1, >= 1.1.9) - PATH remote: ../oauth specs: @@ -46,6 +40,8 @@ GEM rake (>= 10) thor (>= 0.14) ast (2.4.3) + auth-sanitizer (0.1.0) + version_gem (~> 1.1, >= 1.1.9) backports (3.25.3) base64 (0.3.0) benchmark (0.5.0) @@ -358,7 +354,6 @@ PLATFORMS DEPENDENCIES appraisal2 (~> 3.0) - auth-sanitizer! backports (~> 3.25, >= 3.25.1) benchmark (~> 0.4, >= 0.4.1) bundler-audit (~> 0.9.2) From bb11c16a80694f5c61404ec6719e20f2c767dfd8 Mon Sep 17 00:00:00 2001 From: autobolt Date: Fri, 15 May 2026 15:10:10 -0600 Subject: [PATCH 05/10] Use Ruby 4.0.4 --- .tool-versions | 2 +- Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.tool-versions b/.tool-versions index 5184db8..efdfc37 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1 @@ -ruby 3.4.5 \ No newline at end of file +ruby 4.0.4 diff --git a/Gemfile.lock b/Gemfile.lock index 2f26aac..96ad936 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -396,4 +396,4 @@ DEPENDENCIES yard-relative_markdown_links (~> 0.5.0) BUNDLED WITH - 2.7.2 + 4.0.11 From 77932be36e5cd0b7091672283a4f9e51466e6aae Mon Sep 17 00:00:00 2001 From: autobolt Date: Fri, 15 May 2026 20:47:15 -0600 Subject: [PATCH 06/10] =?UTF-8?q?=F0=9F=94=A7=20mise.toml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mise.toml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 mise.toml diff --git a/mise.toml b/mise.toml new file mode 100644 index 0000000..ffddc46 --- /dev/null +++ b/mise.toml @@ -0,0 +1,28 @@ +# Shared development environment for this gem. +# Local overrides belong in .env.local (loaded via dotenvy through mise). + +[env] +K_JEM_TEMPLATING = "false" +K_SOUP_COV_DO = "true" +K_SOUP_COV_COMMAND_NAME = "Test Coverage" +K_SOUP_COV_FORMATTERS = "html,xml,rcov,lcov,json,tty" +K_SOUP_COV_MIN_BRANCH = "76" +K_SOUP_COV_MIN_LINE = "92" +K_SOUP_COV_MIN_HARD = "true" +K_SOUP_COV_MULTI_FORMATTERS = "true" +K_SOUP_COV_OPEN_BIN = "" +MAX_ROWS = "1" +KETTLE_TEST_SILENT = "true" +KETTLE_DEV_DEBUG = "false" +DEBUG = "false" +FLOSS_CFG_FUND_DEBUG = "false" +FLOSS_CFG_FUND_LOGFILE = "tmp/log/debug.log" +RUBOCOP_LTS_LOCAL = "false" +OPENCOLLECTIVE_HANDLE = "ruby-oauth" +FUNDING_ORG = "ruby-oauth" +_.path = ["exe", "bin"] +_.file = { path = ".env.local", redact = true } +_.source = ".config/mise/env.sh" + +[tools] +ruby = "4.0.4" From 60d7c43e4e7d61b6a8e78d393094837049037c96 Mon Sep 17 00:00:00 2001 From: autobolt Date: Sat, 16 May 2026 15:09:15 -0600 Subject: [PATCH 07/10] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20yard-junk=20v0.1.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile.lock | 200 +++++++++++++++++++++++-- gemfiles/modular/documentation.gemfile | 2 +- 2 files changed, 186 insertions(+), 16 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 96ad936..8d66f38 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,15 +1,3 @@ -GIT - remote: https://github.com/pboling/yard-junk - revision: 54ccebabbfa9a9cd44d0b991687ebbfd22c32b55 - branch: next - specs: - yard-junk (0.0.10) - backports (>= 3.18) - benchmark - ostruct - rainbow - yard - PATH remote: ../oauth specs: @@ -40,7 +28,7 @@ GEM rake (>= 10) thor (>= 0.14) ast (2.4.3) - auth-sanitizer (0.1.0) + auth-sanitizer (0.1.2) version_gem (~> 1.1, >= 1.1.9) backports (3.25.3) base64 (0.3.0) @@ -96,7 +84,14 @@ GEM ethon (0.18.0) ffi (>= 1.15.0) logger + ffi (1.17.4-aarch64-linux-gnu) + ffi (1.17.4-aarch64-linux-musl) + ffi (1.17.4-arm-linux-gnu) + ffi (1.17.4-arm-linux-musl) + ffi (1.17.4-arm64-darwin) + ffi (1.17.4-x86_64-darwin) ffi (1.17.4-x86_64-linux-gnu) + ffi (1.17.4-x86_64-linux-musl) gem_bench (2.0.5) bundler (>= 1.14) version_gem (~> 1.1, >= 1.1.4) @@ -151,8 +146,22 @@ GEM ruby2_keywords (>= 0.0.5) mutex_m (0.3.0) netrc (0.11.0) + nokogiri (1.19.3-aarch64-linux-gnu) + racc (~> 1.4) + nokogiri (1.19.3-aarch64-linux-musl) + racc (~> 1.4) + nokogiri (1.19.3-arm-linux-gnu) + racc (~> 1.4) + nokogiri (1.19.3-arm-linux-musl) + racc (~> 1.4) + nokogiri (1.19.3-arm64-darwin) + racc (~> 1.4) + nokogiri (1.19.3-x86_64-darwin) + racc (~> 1.4) nokogiri (1.19.3-x86_64-linux-gnu) racc (~> 1.4) + nokogiri (1.19.3-x86_64-linux-musl) + racc (~> 1.4) ostruct (0.6.3) parallel (1.28.0) parser (3.3.11.1) @@ -344,13 +353,25 @@ GEM crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) yard (0.9.43) + yard-junk (0.1.0) + benchmark + ostruct + rainbow + yard yard-relative_markdown_links (0.5.0) nokogiri (>= 1.14.3, < 2) zeitwerk (2.7.5) zlib (3.2.3) PLATFORMS - x86_64-linux + aarch64-linux-gnu + aarch64-linux-musl + arm-linux-gnu + arm-linux-musl + arm64-darwin + x86_64-darwin + x86_64-linux-gnu + x86_64-linux-musl DEPENDENCIES appraisal2 (~> 3.0) @@ -392,8 +413,157 @@ DEPENDENCIES vcr (>= 4) webmock (>= 3) yard (~> 0.9, >= 0.9.37) - yard-junk (~> 0.0, >= 0.0.10)! + yard-junk (~> 0.1, >= 0.1.0) yard-relative_markdown_links (~> 0.5.0) +CHECKSUMS + addressable (2.9.0) sha256=7fdf6ac3660f7f4e867a0838be3f6cf722ace541dd97767fa42bc6cfa980c7af + ansi (1.6.0) sha256=ac9ea0c0ea8d32fb4e271348e609963ac78882f34b73836c2a02b3622e666658 + appraisal2 (3.0.6) sha256=09387896b6c8c8c0ff0749af691ddff5e3168de2f06b591a80d8fd8b6394d147 + ast (2.4.3) sha256=954615157c1d6a382bc27d690d973195e79db7f55e9765ac7c481c60bdb4d383 + auth-sanitizer (0.1.2) sha256=29f7638d74b2a19ff890008f1561165668a78969a4d90bc85e991128825a7c03 + backports (3.25.3) sha256=94298d32dc3c40ca15633b54e282780b49e2db0c045f602ea1907e4f63a17235 + base64 (0.3.0) sha256=27337aeabad6ffae05c265c450490628ef3ebd4b67be58257393227588f5a97b + benchmark (0.5.0) sha256=465df122341aedcb81a2a24b4d3bd19b6c67c1530713fd533f3ff034e419236c + bigdecimal (4.1.2) sha256=53d217666027eab4280346fba98e7d5b66baaae1b9c3c1c0ffe89d48188a3fbd + bundler-audit (0.9.3) sha256=81c8766c71e47d0d28a0f98c7eed028539f21a6ea3cd8f685eb6f42333c9b4e9 + cgi (0.5.1) sha256=e93fcafc69b8a934fe1e6146121fa35430efa8b4a4047c4893764067036f18e9 + concurrent-ruby (1.3.6) sha256=6b56837e1e7e5292f9864f34b69c5a2cbc75c0cf5338f1ce9903d10fa762d5ab + crack (1.0.1) sha256=ff4a10390cd31d66440b7524eb1841874db86201d5b70032028553130b6d4c7e + date (3.5.1) sha256=750d06384d7b9c15d562c76291407d89e368dda4d4fff957eb94962d325a0dc0 + debug (1.11.1) sha256=2e0b0ac6119f2207a6f8ac7d4a73ca8eb4e440f64da0a3136c30343146e952b6 + delegate (0.6.1) sha256=54cf946cacfe05b1c23114edd8fbd8d54e9cea7abf36b95130ab53cc88b8f7e4 + diff-lcs (1.6.2) sha256=9ae0d2cba7d4df3075fe8cd8602a8604993efc0dfa934cff568969efb1909962 + diffy (3.4.4) sha256=79384ab5ca82d0e115b2771f0961e27c164c456074bd2ec46b637ebf7b6e47e3 + docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e + domain_name (0.6.20240107) sha256=5f693b2215708476517479bf2b3802e49068ad82167bcd2286f899536a17d933 + dry-configurable (1.4.0) sha256=e35d1b5f3c081753ef361f564919db79000f32cfa6f20ee3a3ba5921b41b73ce + dry-core (1.2.0) sha256=0cc5a7da88df397f153947eeeae42e876e999c1e30900f3c536fb173854e96a1 + dry-inflector (1.3.1) sha256=7fb0c2bb04f67638f25c52e7ba39ab435d922a3a5c3cd196120f63accb682dcc + dry-initializer (3.2.0) sha256=37d59798f912dc0a1efe14a4db4a9306989007b302dcd5f25d0a2a20c166c4e3 + dry-logic (1.6.0) sha256=da6fedbc0f90fc41f9b0cc7e6f05f5d529d1efaef6c8dcc8e0733f685745cea2 + dry-schema (1.16.0) sha256=cd3aaeabc0f1af66ec82a29096d4c4fb92a0a58b9dae29a22b1bbceb78985727 + dry-types (1.9.1) sha256=baebeecdb9f8395d6c9d227b62011279440943e3ef2468fe8ccc1ba11467f178 + erb (5.1.3) sha256=566e53057b6ba48699f824b578473b391fa8aef100aa14afad1c46725fae0e67 + ethon (0.18.0) sha256=b598afc9f30448cb068b850714b7d6948e941476095d04f90a4ac65b8d6efcb2 + ffi (1.17.4-aarch64-linux-gnu) sha256=b208f06f91ffd8f5e1193da3cae3d2ccfc27fc36fba577baf698d26d91c080df + ffi (1.17.4-aarch64-linux-musl) sha256=9286b7a615f2676245283aef0a0a3b475ae3aae2bb5448baace630bb77b91f39 + ffi (1.17.4-arm-linux-gnu) sha256=d6dbddf7cb77bf955411af5f187a65b8cd378cb003c15c05697f5feee1cb1564 + ffi (1.17.4-arm-linux-musl) sha256=9d4838ded0465bef6e2426935f6bcc93134b6616785a84ffd2a3d82bc3cf6f95 + ffi (1.17.4-arm64-darwin) sha256=19071aaf1419251b0a46852abf960e77330a3b334d13a4ab51d58b31a937001b + ffi (1.17.4-x86_64-darwin) sha256=aa70390523cf3235096cf64962b709b4cfbd5c082a2cb2ae714eb0fe2ccda496 + ffi (1.17.4-x86_64-linux-gnu) sha256=9d3db14c2eae074b382fa9c083fe95aec6e0a1451da249eab096c34002bc752d + ffi (1.17.4-x86_64-linux-musl) sha256=3fdf9888483de005f8ef8d1cf2d3b20d86626af206cbf780f6a6a12439a9c49e + gem_bench (2.0.5) sha256=0dc0fb44a5a5eb7b2f5c1c68a5b0164d72007132822c012bac3abe976b199ead + gitmoji-regex (1.0.3) sha256=538c6f49f5af6dc36d1630edb89a5a66f6e14ec5850d7fd071e0331f940e553f + hashdiff (1.2.1) sha256=9c079dbc513dfc8833ab59c0c2d8f230fa28499cc5efb4b8dd276cf931457cd1 + hashie (5.1.0) sha256=c266471896f323c446ea8207f8ffac985d2718df0a0ba98651a3057096ca3870 + http-accept (1.7.0) sha256=c626860682bfbb3b46462f8c39cd470fd7b0584f61b3cc9df5b2e9eb9972a126 + http-cookie (1.1.6) sha256=ba4b82be64de61dc281243dac70e3c382c45142f20268ed9276a3670c93feaa9 + io-console (0.8.2) sha256=d6e3ae7a7cc7574f4b8893b4fca2162e57a825b223a177b7afa236c5ef9814cc + irb (1.18.0) sha256=de9454a0703a54704b9811a5ef31a60c86949fbf4013fcf244fabc7c775248e3 + json (2.19.5) sha256=218a18553e4801d579ca7e0f5bc72bafd776d7397238a1fb4e74db5b0a812c59 + kettle-dev (1.2.4) sha256=71373c67fe7eb0a9656e70dfd10cf226a15083b6d1be18dafcb5360f21ee98b6 + kettle-soup-cover (1.1.1) sha256=2303885a9d8485d8d43cb250bcf73570f6b6fb997526beeaef3ef54e3501d445 + kettle-test (1.0.10) sha256=ddefc5d54b290ee6dbe5a3983128f6948fa63f624ca676c1e6cfffc9b6878179 + kramdown (2.5.2) sha256=1ba542204c66b6f9111ff00dcc26075b95b220b07f2905d8261740c82f7f02fa + kramdown-parser-gfm (1.1.0) sha256=fb39745516427d2988543bf01fc4cf0ab1149476382393e0e9c48592f6581729 + language_server-protocol (3.17.0.5) sha256=fd1e39a51a28bf3eec959379985a72e296e9f9acfce46f6a79d31ca8760803cc + lint_roller (1.1.0) sha256=2c0c845b632a7d172cb849cc90c1bce937a28c5c8ccccb50dfd46a485003cc87 + logger (1.7.0) sha256=196edec7cc44b66cfb40f9755ce11b392f21f7967696af15d274dde7edff0203 + mime-types (3.7.0) sha256=dcebf61c246f08e15a4de34e386ebe8233791e868564a470c3fe77c00eed5e56 + mime-types-data (3.2026.0414) sha256=461c4c655373a44bd6c5fe54bcf5b7776026ea96e808144b1ec465c4b99148cc + mocha (3.1.0) sha256=75f42d69ebfb1f10b32489dff8f8431d37a418120ecdfc07afe3bc183d4e1d56 + mutex_m (0.3.0) sha256=cfcb04ac16b69c4813777022fdceda24e9f798e48092a2b817eb4c0a782b0751 + netrc (0.11.0) sha256=de1ce33da8c99ab1d97871726cba75151113f117146becbe45aa85cb3dabee3f + nokogiri (1.19.3-aarch64-linux-gnu) sha256=46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639 + nokogiri (1.19.3-aarch64-linux-musl) sha256=8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7 + nokogiri (1.19.3-arm-linux-gnu) sha256=3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f + nokogiri (1.19.3-arm-linux-musl) sha256=9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6 + nokogiri (1.19.3-arm64-darwin) sha256=71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42 + nokogiri (1.19.3-x86_64-darwin) sha256=77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d + nokogiri (1.19.3-x86_64-linux-gnu) sha256=2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976 + nokogiri (1.19.3-x86_64-linux-musl) sha256=248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f + oauth (1.1.3) + oauth-tty (1.0.6) + ostruct (0.6.3) sha256=95a2ed4a4bd1d190784e666b47b2d3f078e4a9efda2fccf18f84ddc6538ed912 + parallel (1.28.0) sha256=33e6de1484baf2524792d178b0913fc8eb94c628d6cfe45599ad4458c638c970 + parser (3.3.11.1) sha256=d17ace7aabe3e72c3cc94043714be27cc6f852f104d81aa284c2281aecc65d54 + pp (0.6.3) sha256=2951d514450b93ccfeb1df7d021cae0da16e0a7f95ee1e2273719669d0ab9df6 + prettyprint (0.2.0) sha256=2bc9e15581a94742064a3cc8b0fb9d45aae3d03a1baa6ef80922627a0766f193 + prism (1.9.0) sha256=7b530c6a9f92c24300014919c9dcbc055bf4cdf51ec30aed099b06cd6674ef85 + psych (5.3.1) sha256=eb7a57cef10c9d70173ff74e739d843ac3b2c019a003de48447b2963d81b1974 + public_suffix (7.0.5) sha256=1a8bb08f1bbea19228d3bed6e5ed908d1cb4f7c2726d18bd9cadf60bc676f623 + racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f + rack (2.2.23) sha256=a8fe9d7e07064770b8ec123663fded8a59ef7e2b6db5cda7173d45a5718ab69c + rack-test (2.2.0) sha256=005a36692c306ac0b4a9350355ee080fd09ddef1148a5f8b2ac636c720f5c463 + rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a + rake (13.4.2) sha256=cb825b2bd5f1f8e91ca37bddb4b9aaf345551b4731da62949be002fa89283701 + rbs (3.10.4) sha256=b17d7c4be4bb31a11a3b529830f0aa206a807ca42f2e7921a3027dfc6b7e5ce8 + rdoc (6.17.0) sha256=0f50d4e568fc98195f9bb155a9e8dff6c7feabfb515fb22ef6df1d12ad5a02b7 + reek (6.5.0) sha256=d26d3a492773b2bbc228888067a21afe33ac07954a17dbd64cdeae42c4c69be1 + regexp_parser (2.12.0) sha256=35a916a1d63190ab5c9009457136ae5f3c0c7512d60291d0d1378ba18ce08ebb + reline (0.6.3) sha256=1198b04973565b36ec0f11542ab3f5cfeeec34823f4e54cebde90968092b1835 + require_bench (1.0.4) sha256=c8ef54aac5c01f80bb5f110f7c08d304417a6c7b34f3683e1923227b6e65d004 + rest-client (2.1.0) sha256=35a6400bdb14fae28596618e312776c158f7ebbb0ccad752ff4fa142bf2747e3 + rexml (3.4.4) sha256=19e0a2c3425dfbf2d4fc1189747bdb2f849b6c5e74180401b15734bc97b5d142 + rspec (3.13.2) sha256=206284a08ad798e61f86d7ca3e376718d52c0bc944626b2349266f239f820587 + rspec-block_is_expected (1.0.6) sha256=bbad3dc30eba93becf4dcb3fd1bff5f37f6e212ab5cbf6132c07edba6ff74282 + rspec-core (3.13.6) sha256=a8823c6411667b60a8bca135364351dda34cd55e44ff94c4be4633b37d828b2d + rspec-expectations (3.13.5) sha256=33a4d3a1d95060aea4c94e9f237030a8f9eae5615e9bd85718fe3a09e4b58836 + rspec-mocks (3.13.8) sha256=086ad3d3d17533f4237643de0b5c42f04b66348c28bf6b9c2d3f4a3b01af1d47 + rspec-pending_for (0.1.20) sha256=2130c6c959d05b61de1955e7dd986418aec4888b6f80f0711a1f88540a09d3cb + rspec-stubbed_env (1.0.4) sha256=647886e16338bc4028fd18dde07944c945f773cc65afaa258930196da780e70f + rspec-support (3.13.7) sha256=0640e5570872aafefd79867901deeeeb40b0c9875a36b983d85f54fb7381c47c + rspec_junit_formatter (0.6.0) sha256=40dde674e6ae4e6cc0ff560da25497677e34fefd2338cc467a8972f602b62b15 + rubocop (1.84.2) sha256=5692cea54168f3dc8cb79a6fe95c5424b7ea893c707ad7a4307b0585e88dbf5f + rubocop-ast (1.49.1) sha256=4412f3ee70f6fe4546cc489548e0f6fcf76cafcfa80fa03af67098ffed755035 + rubocop-gradual (0.3.6) sha256=d70505a81b63f95ff7d987afe66adf559c53708e4abf06328f6e6026b6571993 + rubocop-lts (10.1.1) sha256=0816ffb8a45e080679162048d1ca562c512953f962bfa0e01df793b333ef9c97 + rubocop-md (1.2.4) sha256=3e481bb08e2d7479eeba3d02359737074f58dd5694f7a57de4ad8d807fdaf6ff + rubocop-on-rbs (1.9.1) sha256=4c45fd9a7cd64baed4fe346f151bbf2ef7bd6479e27eda7eb93ff6383fbd750d + rubocop-packaging (0.6.0) sha256=fb92bd0fb48e6f8cdb1648d2249b0cd51c2497dcc87340132d22f01edbf558a7 + rubocop-performance (1.26.1) sha256=cd19b936ff196df85829d264b522fd4f98b6c89ad271fa52744a8c11b8f71834 + rubocop-rake (0.7.1) sha256=3797f2b6810c3e9df7376c26d5f44f3475eda59eb1adc38e6f62ecf027cbae4d + rubocop-rspec (3.9.0) sha256=8fa70a3619408237d789aeecfb9beef40576acc855173e60939d63332fdb55e2 + rubocop-ruby2_3 (2.0.5) sha256=8acecbd254e2fd74ec445fb030c9d140be33e7d30e886d2b435c1144f4278d35 + rubocop-shopify (2.18.0) sha256=dafa25e5617ce4600ff86b1de3d5b78e43ab3d58cc5729df38e492b8e10294eb + rubocop-thread_safety (0.7.3) sha256=067cdd52fbf5deffc18995437e45b5194236eaff4f71de3375a1f6052e48f431 + ruby-progressbar (1.13.0) sha256=80fc9c47a9b640d6834e0dc7b3c94c9df37f08cb072b7761e4a71e22cff29b33 + ruby2_keywords (0.0.5) sha256=ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef + ruby_engine (2.0.3) sha256=ca2ae7def8cfcdc2bfb6a186d36d5d59c8b403245dc0256c3802b767fa278aaa + ruby_version (1.0.3) sha256=5930f9950746b7e6c973184398ee364ee7440b170fef7922b9f5cdf317f1ccb5 + silent_stream (1.0.12) sha256=377c43aa10033fe90c33b39ea8cd97d79f2d1c4856df598efc56f3091f3ae782 + simplecov (0.22.0) sha256=fe2622c7834ff23b98066bb0a854284b2729a569ac659f82621fc22ef36213a5 + simplecov-cobertura (3.1.0) sha256=6d7f38aa32c965ca2174b2e5bd88cb17138eaf629518854976ac50e628925dc5 + simplecov-console (0.9.5) sha256=b1108bcfff5f210143e2b8301698c367b01586f20d25a73e95475a5df6fc6ff6 + simplecov-html (0.13.2) sha256=bd0b8e54e7c2d7685927e8d6286466359b6f16b18cb0df47b508e8d73c777246 + simplecov-lcov (0.9.0) sha256=7a77a31e200a595ed4b0249493056efd0c920601f53d2ef135ca34ee796346cd + simplecov-rcov (0.3.7) sha256=372f50bf6df6b6350b7d0c840f2f8bdabe021861a43c26877b747c9ac96139fc + simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428 + snaky_hash (2.0.3) sha256=25a3d299566e8153fb02fa23fd9a9358845950f7a523ddbbe1fa1e0d79a6d456 + standard (1.54.0) sha256=7a4b08f83d9893083c8f03bc486f0feeb6a84d48233b40829c03ef4767ea0100 + standard-custom (1.0.2) sha256=424adc84179a074f1a2a309bb9cf7cd6bfdb2b6541f20c6bf9436c0ba22a652b + standard-performance (1.9.0) sha256=49483d31be448292951d80e5e67cdcb576c2502103c7b40aec6f1b6e9c88e3f2 + standard-rubocop-lts (1.0.10) sha256=bdce3407fb6683a305f7f2e186858033dc88013d95bdc6ec4de8df0be55a0e47 + stone_checksums (1.0.3) sha256=1d7ee38b7c766c523cbf12ab886ffbae519a2c48288f9d8ecc7ca0deed0701fe + stringio (3.2.0) sha256=c37cb2e58b4ffbd33fe5cd948c05934af997b36e0b6ca6fdf43afa234cf222e1 + terminal-table (4.0.0) sha256=f504793203f8251b2ea7c7068333053f0beeea26093ec9962e62ea79f94301d2 + thor (1.5.0) sha256=e3a9e55fe857e44859ce104a84675ab6e8cd59c650a49106a05f55f136425e73 + timecop (0.9.11) sha256=41284dc6e5041f2184f781ace766f942108c842f8d8c1386a26e6343decc7542 + timecop-rspec (1.0.3) sha256=005f14841bb606dcaefb060e321b5388e2e59537742bee8b3a9a9a40e598fab9 + tsort (0.2.0) sha256=9650a793f6859a43b6641671278f79cfead60ac714148aabe4e3f0060480089f + typhoeus (1.6.0) sha256=bacc41c23e379547e29801dc235cd1699b70b955a1ba3d32b2b877aa844c331d + unicode-display_width (3.2.0) sha256=0cdd96b5681a5949cdbc2c55e7b420facae74c4aaf9a9815eee1087cb1853c42 + unicode-emoji (4.2.0) sha256=519e69150f75652e40bf736106cfbc8f0f73aa3fb6a65afe62fefa7f80b0f80f + vcr (6.4.0) sha256=077ac92cc16efc5904eb90492a18153b5e6ca5398046d8a249a7c96a9ea24ae6 + version_gem (1.1.9) sha256=0c1a0962ae543c84a00889bb018d9f14d8f8af6029d26b295d98774e3d2eb9a4 + webmock (3.26.2) sha256=774556f2ea6371846cca68c01769b2eac0d134492d21f6d0ab5dd643965a4c90 + yard (0.9.43) sha256=cf8733a8f0485df2a162927e9b5f182215a61f6d22de096b8f402c726a1c5821 + yard-junk (0.1.0) sha256=e85fe2ec1afa47313decd333447b53458cb1ed49b510b70015fdc3041a94bcdd + yard-relative_markdown_links (0.5.0) sha256=d5158786196bfb82ed8f6880cefea2ef3072cc9e774ecebd7803e0db9bbb3a71 + zeitwerk (2.7.5) sha256=d8da92128c09ea6ec62c949011b00ed4a20242b255293dd66bf41545398f73dd + zlib (3.2.3) sha256=5bd316698b32f31a64ab910a8b6c282442ca1626a81bbd6a1674e8522e319c20 + BUNDLED WITH 4.0.11 diff --git a/gemfiles/modular/documentation.gemfile b/gemfiles/modular/documentation.gemfile index 7853390..d08967f 100644 --- a/gemfiles/modular/documentation.gemfile +++ b/gemfiles/modular/documentation.gemfile @@ -4,7 +4,7 @@ gem "kramdown", "~> 2.5", ">= 2.5.1" # Ruby >= 2.5 gem "kramdown-parser-gfm", "~> 1.1" # Ruby >= 2.3 gem "yard", "~> 0.9", ">= 0.9.37", require: false -gem "yard-junk", "~> 0.0", ">= 0.0.10", github: "pboling/yard-junk", branch: "next", require: false +gem "yard-junk", "~> 0.1", ">= 0.1.0", require: false # Ruby >= 3.1 gem "yard-relative_markdown_links", "~> 0.5.0" # Std Lib extractions From 60465c71574cff70970abe1235f4229a6d82da3d Mon Sep 17 00:00:00 2001 From: autobolt Date: Sat, 16 May 2026 15:42:05 -0600 Subject: [PATCH 08/10] =?UTF-8?q?=F0=9F=94=A7=20oauth=20=3D>=20nomono?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile | 4 +--- Gemfile.lock | 22 ---------------------- 2 files changed, 1 insertion(+), 25 deletions(-) diff --git a/Gemfile b/Gemfile index 93ff9b0..74a992a 100644 --- a/Gemfile +++ b/Gemfile @@ -12,8 +12,6 @@ git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } # Include dependencies from .gemspec gemspec -gem "oauth", path: "../oauth" - unless %w[false 0 no off].include?(ENV.fetch("RUBY_OAUTH_DEV", "false").downcase) begin require "nomono/bundler" unless defined?(Nomono) @@ -22,7 +20,7 @@ unless %w[false 0 no off].include?(ENV.fetch("RUBY_OAUTH_DEV", "false").downcase end eval_nomono_gems( - gems: %w[auth-sanitizer], + gems: %w[auth-sanitizer oauth], prefix: "RUBY_OAUTH", path_env: "RUBY_OAUTH_DEV", root: %w[code src ruby-oauth], diff --git a/Gemfile.lock b/Gemfile.lock index 8d66f38..49341cf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,14 +1,3 @@ -PATH - remote: ../oauth - specs: - oauth (1.1.3) - auth-sanitizer (~> 0.1) - base64 (~> 0.1) - cgi - oauth-tty (~> 1.0, >= 1.0.6) - snaky_hash (~> 2.0) - version_gem (~> 1.1, >= 1.1.9) - PATH remote: . specs: @@ -31,7 +20,6 @@ GEM auth-sanitizer (0.1.2) version_gem (~> 1.1, >= 1.1.9) backports (3.25.3) - base64 (0.3.0) benchmark (0.5.0) bigdecimal (4.1.2) bundler-audit (0.9.3) @@ -98,8 +86,6 @@ GEM gitmoji-regex (1.0.3) version_gem (~> 1.1, >= 1.1.8) hashdiff (1.2.1) - hashie (5.1.0) - logger http-accept (1.7.0) http-cookie (1.1.6) domain_name (~> 0.5) @@ -308,9 +294,6 @@ GEM simplecov-rcov (0.3.7) simplecov (>= 0.4.1) simplecov_json_formatter (0.1.4) - snaky_hash (2.0.3) - hashie (>= 0.1.0, < 6) - version_gem (>= 1.1.8, < 3) standard (1.54.0) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) @@ -390,7 +373,6 @@ DEPENDENCIES kramdown-parser-gfm (~> 1.1) mocha (~> 3.0) mutex_m (~> 0.2) - oauth! oauth-tty! rack (~> 2.0) rack-test (~> 2.0) @@ -423,7 +405,6 @@ CHECKSUMS ast (2.4.3) sha256=954615157c1d6a382bc27d690d973195e79db7f55e9765ac7c481c60bdb4d383 auth-sanitizer (0.1.2) sha256=29f7638d74b2a19ff890008f1561165668a78969a4d90bc85e991128825a7c03 backports (3.25.3) sha256=94298d32dc3c40ca15633b54e282780b49e2db0c045f602ea1907e4f63a17235 - base64 (0.3.0) sha256=27337aeabad6ffae05c265c450490628ef3ebd4b67be58257393227588f5a97b benchmark (0.5.0) sha256=465df122341aedcb81a2a24b4d3bd19b6c67c1530713fd533f3ff034e419236c bigdecimal (4.1.2) sha256=53d217666027eab4280346fba98e7d5b66baaae1b9c3c1c0ffe89d48188a3fbd bundler-audit (0.9.3) sha256=81c8766c71e47d0d28a0f98c7eed028539f21a6ea3cd8f685eb6f42333c9b4e9 @@ -457,7 +438,6 @@ CHECKSUMS gem_bench (2.0.5) sha256=0dc0fb44a5a5eb7b2f5c1c68a5b0164d72007132822c012bac3abe976b199ead gitmoji-regex (1.0.3) sha256=538c6f49f5af6dc36d1630edb89a5a66f6e14ec5850d7fd071e0331f940e553f hashdiff (1.2.1) sha256=9c079dbc513dfc8833ab59c0c2d8f230fa28499cc5efb4b8dd276cf931457cd1 - hashie (5.1.0) sha256=c266471896f323c446ea8207f8ffac985d2718df0a0ba98651a3057096ca3870 http-accept (1.7.0) sha256=c626860682bfbb3b46462f8c39cd470fd7b0584f61b3cc9df5b2e9eb9972a126 http-cookie (1.1.6) sha256=ba4b82be64de61dc281243dac70e3c382c45142f20268ed9276a3670c93feaa9 io-console (0.8.2) sha256=d6e3ae7a7cc7574f4b8893b4fca2162e57a825b223a177b7afa236c5ef9814cc @@ -484,7 +464,6 @@ CHECKSUMS nokogiri (1.19.3-x86_64-darwin) sha256=77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d nokogiri (1.19.3-x86_64-linux-gnu) sha256=2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976 nokogiri (1.19.3-x86_64-linux-musl) sha256=248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f - oauth (1.1.3) oauth-tty (1.0.6) ostruct (0.6.3) sha256=95a2ed4a4bd1d190784e666b47b2d3f078e4a9efda2fccf18f84ddc6538ed912 parallel (1.28.0) sha256=33e6de1484baf2524792d178b0913fc8eb94c628d6cfe45599ad4458c638c970 @@ -541,7 +520,6 @@ CHECKSUMS simplecov-lcov (0.9.0) sha256=7a77a31e200a595ed4b0249493056efd0c920601f53d2ef135ca34ee796346cd simplecov-rcov (0.3.7) sha256=372f50bf6df6b6350b7d0c840f2f8bdabe021861a43c26877b747c9ac96139fc simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428 - snaky_hash (2.0.3) sha256=25a3d299566e8153fb02fa23fd9a9358845950f7a523ddbbe1fa1e0d79a6d456 standard (1.54.0) sha256=7a4b08f83d9893083c8f03bc486f0feeb6a84d48233b40829c03ef4767ea0100 standard-custom (1.0.2) sha256=424adc84179a074f1a2a309bb9cf7cd6bfdb2b6541f20c6bf9436c0ba22a652b standard-performance (1.9.0) sha256=49483d31be448292951d80e5e67cdcb576c2502103c7b40aec6f1b6e9c88e3f2 From d55435f8000234ddc6ebdd73c3547ec20bd9a71e Mon Sep 17 00:00:00 2001 From: autobolt Date: Sat, 16 May 2026 15:54:11 -0600 Subject: [PATCH 09/10] =?UTF-8?q?=F0=9F=94=A7=20require=20"cgi";=20no=20lo?= =?UTF-8?q?nger=20stdlib?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile | 4 +- Gemfile.lock | 16 + REEK | 1 + docs/OAuth.html | 19 +- docs/OAuth/TTY.html | 19 +- docs/OAuth/TTY/CLI.html | 43 +- docs/OAuth/TTY/Command.html | 157 +- docs/OAuth/TTY/Commands.html | 19 +- docs/OAuth/TTY/Commands/AuthorizeCommand.html | 24 +- docs/OAuth/TTY/Commands/HelpCommand.html | 24 +- docs/OAuth/TTY/Commands/QueryCommand.html | 24 +- docs/OAuth/TTY/Commands/SignCommand.html | 24 +- docs/OAuth/TTY/Commands/VersionCommand.html | 24 +- docs/OAuth/TTY/Version.html | 17 +- docs/_index.html | 36 +- docs/class_list.html | 10 +- docs/css/common.css | 2 +- docs/css/full_list.css | 254 ++- docs/css/style.css | 1390 ++++++++++++----- docs/file.CHANGELOG.html | 22 +- docs/file.CITATION.html | 14 +- docs/file.CODE_OF_CONDUCT.html | 14 +- docs/file.CONTRIBUTING.html | 14 +- docs/file.FUNDING.html | 14 +- docs/file.IRP.html | 223 +++ docs/file.LICENSE.html | 16 +- docs/file.README.html | 16 +- docs/file.REEK.html | 18 +- docs/file.RUBOCOP.html | 14 +- docs/file.SECURITY.html | 16 +- docs/file.command.html | 86 + docs/file.version.html | 14 +- docs/file_list.html | 46 +- docs/frames.html | 2 +- docs/index.html | 16 +- docs/js/app.js | 1143 ++++++++++---- docs/js/full_list.js | 572 ++++--- docs/method_list.html | 42 +- docs/top-level-namespace.html | 14 +- lib/oauth/tty.rb | 1 + sig/oauth/tty/command.rbs | 2 +- 41 files changed, 3103 insertions(+), 1323 deletions(-) create mode 100644 docs/file.IRP.html create mode 100644 docs/file.command.html diff --git a/Gemfile b/Gemfile index 74a992a..30adee0 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,9 @@ git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" } # Include dependencies from .gemspec gemspec -unless %w[false 0 no off].include?(ENV.fetch("RUBY_OAUTH_DEV", "false").downcase) +if %w[false 0 no off].include?(ENV.fetch("RUBY_OAUTH_DEV", "false").downcase) + gem "oauth" +else begin require "nomono/bundler" unless defined?(Nomono) rescue LoadError diff --git a/Gemfile.lock b/Gemfile.lock index 49341cf..12ba03d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,6 +20,7 @@ GEM auth-sanitizer (0.1.2) version_gem (~> 1.1, >= 1.1.9) backports (3.25.3) + base64 (0.3.0) benchmark (0.5.0) bigdecimal (4.1.2) bundler-audit (0.9.3) @@ -86,6 +87,8 @@ GEM gitmoji-regex (1.0.3) version_gem (~> 1.1, >= 1.1.8) hashdiff (1.2.1) + hashie (5.1.0) + logger http-accept (1.7.0) http-cookie (1.1.6) domain_name (~> 0.5) @@ -148,6 +151,11 @@ GEM racc (~> 1.4) nokogiri (1.19.3-x86_64-linux-musl) racc (~> 1.4) + oauth (1.1.3) + base64 (~> 0.1) + oauth-tty (~> 1.0, >= 1.0.6) + snaky_hash (~> 2.0) + version_gem (~> 1.1, >= 1.1.9) ostruct (0.6.3) parallel (1.28.0) parser (3.3.11.1) @@ -294,6 +302,9 @@ GEM simplecov-rcov (0.3.7) simplecov (>= 0.4.1) simplecov_json_formatter (0.1.4) + snaky_hash (2.0.3) + hashie (>= 0.1.0, < 6) + version_gem (>= 1.1.8, < 3) standard (1.54.0) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) @@ -373,6 +384,7 @@ DEPENDENCIES kramdown-parser-gfm (~> 1.1) mocha (~> 3.0) mutex_m (~> 0.2) + oauth oauth-tty! rack (~> 2.0) rack-test (~> 2.0) @@ -405,6 +417,7 @@ CHECKSUMS ast (2.4.3) sha256=954615157c1d6a382bc27d690d973195e79db7f55e9765ac7c481c60bdb4d383 auth-sanitizer (0.1.2) sha256=29f7638d74b2a19ff890008f1561165668a78969a4d90bc85e991128825a7c03 backports (3.25.3) sha256=94298d32dc3c40ca15633b54e282780b49e2db0c045f602ea1907e4f63a17235 + base64 (0.3.0) sha256=27337aeabad6ffae05c265c450490628ef3ebd4b67be58257393227588f5a97b benchmark (0.5.0) sha256=465df122341aedcb81a2a24b4d3bd19b6c67c1530713fd533f3ff034e419236c bigdecimal (4.1.2) sha256=53d217666027eab4280346fba98e7d5b66baaae1b9c3c1c0ffe89d48188a3fbd bundler-audit (0.9.3) sha256=81c8766c71e47d0d28a0f98c7eed028539f21a6ea3cd8f685eb6f42333c9b4e9 @@ -438,6 +451,7 @@ CHECKSUMS gem_bench (2.0.5) sha256=0dc0fb44a5a5eb7b2f5c1c68a5b0164d72007132822c012bac3abe976b199ead gitmoji-regex (1.0.3) sha256=538c6f49f5af6dc36d1630edb89a5a66f6e14ec5850d7fd071e0331f940e553f hashdiff (1.2.1) sha256=9c079dbc513dfc8833ab59c0c2d8f230fa28499cc5efb4b8dd276cf931457cd1 + hashie (5.1.0) sha256=c266471896f323c446ea8207f8ffac985d2718df0a0ba98651a3057096ca3870 http-accept (1.7.0) sha256=c626860682bfbb3b46462f8c39cd470fd7b0584f61b3cc9df5b2e9eb9972a126 http-cookie (1.1.6) sha256=ba4b82be64de61dc281243dac70e3c382c45142f20268ed9276a3670c93feaa9 io-console (0.8.2) sha256=d6e3ae7a7cc7574f4b8893b4fca2162e57a825b223a177b7afa236c5ef9814cc @@ -464,6 +478,7 @@ CHECKSUMS nokogiri (1.19.3-x86_64-darwin) sha256=77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d nokogiri (1.19.3-x86_64-linux-gnu) sha256=2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976 nokogiri (1.19.3-x86_64-linux-musl) sha256=248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f + oauth (1.1.3) sha256=71ca1b534561bf31a9b2aee01147384064b555e796d1a0fe2591806bb4bdd633 oauth-tty (1.0.6) ostruct (0.6.3) sha256=95a2ed4a4bd1d190784e666b47b2d3f078e4a9efda2fccf18f84ddc6538ed912 parallel (1.28.0) sha256=33e6de1484baf2524792d178b0913fc8eb94c628d6cfe45599ad4458c638c970 @@ -520,6 +535,7 @@ CHECKSUMS simplecov-lcov (0.9.0) sha256=7a77a31e200a595ed4b0249493056efd0c920601f53d2ef135ca34ee796346cd simplecov-rcov (0.3.7) sha256=372f50bf6df6b6350b7d0c840f2f8bdabe021861a43c26877b747c9ac96139fc simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428 + snaky_hash (2.0.3) sha256=25a3d299566e8153fb02fa23fd9a9358845950f7a523ddbbe1fa1e0d79a6d456 standard (1.54.0) sha256=7a4b08f83d9893083c8f03bc486f0feeb6a84d48233b40829c03ef4767ea0100 standard-custom (1.0.2) sha256=424adc84179a074f1a2a309bb9cf7cd6bfdb2b6541f20c6bf9436c0ba22a652b standard-performance (1.9.0) sha256=49483d31be448292951d80e5e67cdcb576c2502103c7b40aec6f1b6e9c88e3f2 diff --git a/REEK b/REEK index e69de29..5968dbb 100644 --- a/REEK +++ b/REEK @@ -0,0 +1 @@ +reek is empty diff --git a/docs/OAuth.html b/docs/OAuth.html index f7d115a..be4f184 100644 --- a/docs/OAuth.html +++ b/docs/OAuth.html @@ -6,13 +6,13 @@ Module: OAuth - — Documentation by YARD 0.9.37 + — Documentation by YARD 0.9.43 - + - + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Incident Response Plan (IRP)

+ +

Status: Draft

+ +

Purpose

+ +

This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the oauth-tty gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.

+ +

Scope

+ +

Applies to security incidents that affect the oauth-tty codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.

+ +

Key assumptions

+
    +
  • This project is maintained primarily by a single maintainer.
    • +
  • Public vulnerability disclosure is handled via Tidelift (see SECURITY.md).
    • +
  • The maintainer will act as incident commander unless otherwise delegated.
    • +
+ +

Contact & Roles

+ +
    +
  • Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.
    • +
  • Secondary Contact: (optional) A trusted collaborator or organization contact if available.
    • +
+ +

If you are an external reporter

+
    +
  • Do not publicly disclose details of an active vulnerability before coordination via Tidelift.
    • +
  • See SECURITY.md for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in SECURITY.md (if available) or email the maintainer contact listed in the repository.
    • +
+ +

Incident Handling Workflow (high level)

+
    +
  1. Identification & Reporting +
      +
    • Reports may arrive via Tidelift, issue tracker, direct email, or third-party advisories.
      • +
    • Immediately acknowledge receipt (within 24-72 hours) via the reporting channel.
      • +
    +
    2. +
  2. Triage & Initial Assessment (first 72 hours) +
      +
    • Confirm the report is not duplicative and gather: reproducer, affected versions, attack surface, exploitability, and CVSS-like severity estimate.
      • +
    • Verify the issue against the codebase and reproduce locally if possible.
      • +
    • Determine scope: which versions are affected, whether the issue is in code paths executed in common setups, and whether a workaround exists.
      • +
    +
    3. +
  3. Containment & Mitigation +
      +
    • If a simple mitigation or workaround (configuration change, safe default, or recommended upgrade) exists, document it clearly in the issue/Tidelift advisory.
      • +
    • If immediate removal of a release is required (rare), consult Tidelift for coordinated takedown and notify package hosts if applicable.
      • +
    +
    4. +
  4. Remediation & Patch +
      +
    • Prepare a fix in a branch with tests and changelog entries. Prefer minimal, well-tested changes.
      • +
    • Include tests that reproduce the faulty behavior and demonstrate the fix.
      • +
    • Hardening: add fuzz tests, input validation, or additional checks as appropriate.
      • +
    +
    5. +
  5. Release & Disclosure +
      +
    • Coordinate disclosure through Tidelift per SECURITY.md timelines. Aim for a coordinated disclosure and patch release to minimize risk to users.
      • +
    • Publish a patch release (increment gem version) and an advisory via Tidelift.
      • +
    • Update CHANGELOG.md and repository release notes with non-sensitive details.
      • +
    +
    6. +
  6. Post-Incident +
      +
    • Produce a short postmortem: timeline, root cause, actions taken, and follow-ups.
      • +
    • Add/adjust tests and CI checks to prevent regressions.
      • +
    • If credentials or infrastructure were compromised, rotate secrets and audit access.
      • +
    +
    7. +
+ +

Severity classification (guidance)

+
    +
  • High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching.
    • +
  • Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
    • +
  • Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.
    • +
+ +

Preservation of evidence

+
    +
  • Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation.
    • +
  • Do not publish evidence that would enable exploitation before coordinated disclosure.
    • +
+ +

Communication templates

+

Acknowledgement (to reporter)

+ +

โ€œThank you for reporting this issue. Iโ€™ve received your report and will triage it within 72 hours. If you can, please provide reproduction steps, affected versions, and any exploit PoC. I will coordinate disclosure through Tidelift per the projectโ€™s security policy.โ€

+ +

Public advisory (after patch is ready)

+ +

โ€œA security advisory for oauth-tty (versions X.Y.Z) has been published via Tidelift. Please upgrade to version A.B.C which patches [brief description]. See the advisory for details and recommended mitigations.โ€

+ +

Runbook: Quick steps for a maintainer to patch and release

+
    +
  1. Create a branch: git checkout -b fix/security-brief-description +
    2. +
  2. Reproduce the issue locally and add a regression spec in spec/.
    3. +
  3. Implement the fix and run the test suite: bundle exec rspec (or the projectโ€™s preferred test command).
    4. +
  4. Bump version in lib/oauth-tty/version.rb following semantic versioning.
    5. +
  5. Update CHANGELOG.md with an entry describing the fix (avoid exploit details).
    6. +
  6. Commit and push the branch, open a PR, and merge after approvals.
    7. +
  7. Build and push the gem: gem build oauth-tty.gemspec && gem push pkg/... (coordinate with Tidelift before public push if disclosure is coordinated).
    8. +
  8. Publish a release on GitHub and ensure the Tidelift advisory is posted.
    9. +
+ +

Operational notes

+
    +
  • Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services.
    • +
  • Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place.
    • +
+ +

Legal & regulatory

+
    +
  • If the incident involves user data or has legal implications, consult legal counsel or the maintainersโ€™ employer as appropriate. The maintainer should document the timeline and all communications.
    • +
+ +

Retrospective & continuous improvement

+

After an incident, perform a brief post-incident review covering:

+
    +
  • What happened and why
    • +
  • What was done to contain and remediate
    • +
  • What tests or process changes will prevent recurrence
    • +
  • Assign owners and deadlines for follow-up tasks
    • +
+ +

References

+
    +
  • See SECURITY.md for the projectโ€™s official disclosure channel (Tidelift).
    • +
+ +

Appendix: Example checklist for an incident

+
    +
  • +Acknowledge report to reporter (24-72 hours)
    • +
  • +Reproduce and classify severity
    • +
  • +Prepare and test a fix in a branch
    • +
  • +Coordinate disclosure via Tidelift
    • +
  • +Publish patch release and advisory
    • +
  • +Postmortem and follow-up actions
    • +
+
+ + + +
+ + diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html index 1314162..c2c87ad 100644 --- a/docs/file.LICENSE.html +++ b/docs/file.LICENSE.html @@ -6,13 +6,13 @@ File: LICENSE - — Documentation by YARD 0.9.37 + — Documentation by YARD 0.9.43 - + - + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth
+ module TTY
+ class Command
+ include Auth::Sanitizer::FilteredAttributes

+ +
  def initialize: (untyped stdout, untyped stdin, untyped stderr, untyped arguments) -> void
+  def run: () -> untyped
+  def required_options: () -> Array[untyped]
+
+  private
+
+  attr_reader options: untyped
+end   end end
+
+
+ + + +
+ + diff --git a/docs/file.version.html b/docs/file.version.html index 3d52b94..037332a 100644 --- a/docs/file.version.html +++ b/docs/file.version.html @@ -6,13 +6,13 @@ File: version - — Documentation by YARD 0.9.37 + — Documentation by YARD 0.9.43 - + - +