-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch '4-stable' into suppress_various_warnings
- Loading branch information
Showing
6 changed files
with
127 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# Security Policy | ||
|
||
Thanks for helping make GitHub Open Source Software safe for everyone. | ||
|
||
GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [Octokit](https://github.com/octokit). | ||
|
||
Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we want to make sure that your finding gets passed along to the maintainers of this project for remediation. | ||
|
||
|
||
## Reporting a Vulnerability | ||
|
||
Since this source is part of [Octokit](https://github.com/octokit) (a GitHub organization) we ask that you follow the guidelines [here](https://github.com/github/.github/blob/master/SECURITY.md#reporting-security-issues) to report anything that you might've found. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
#!/usr/bin/env bash | ||
# Usage: script/gem | ||
# Validates the packed gem to determine if file permissions are correct. | ||
|
||
<<'###SCRIPT_COMMENT' | ||
Purpose: | ||
(Given octokit.rb is currently shipped "manually") | ||
Because different environments behave differently, it is recommended that the integrity and file permissions of the files packed in the gem are verified. | ||
This is to help prevent things like releasing world writeable files in the gem. The simple check below looks at each file contained in the packed gem and | ||
verifies that the files are only owner writeable. | ||
Requirements: | ||
This script expects that script/package, script/release or 'gem build *.gemspec' have been run | ||
###SCRIPT_COMMENT | ||
|
||
|
||
FILE=$(ls *.gem| head -1) | ||
|
||
echo "*** Validating file permissions in the octokit gem ***" | ||
|
||
if [ ! -f "$FILE" ]; then | ||
echo "$FILE does not exist. Please run script/package, script/release or 'gem build *.gemspec' to generate the gem to be validated" | ||
echo -e '☒ failure' | ||
exit 1 | ||
fi | ||
|
||
tar -xf "${FILE}" | ||
|
||
# naive check to quickly see if any files in the gem are set to the wrong permissions | ||
for f in $(tar --numeric-owner -tvf data.tar.gz ) | ||
do | ||
if [ $f == "-rw-rw-rw-" ]; then | ||
echo "World writeable files (-rw-rw-rw- | 666) detected in the gem. Please repack and make sure that all files in the gem are owner read write ( -rw-r--r-- | 644 )" | ||
echo -e '☒ failure' | ||
rm -f checksums.yaml.gz data.tar.gz metadata.gz | ||
exit 1 | ||
fi | ||
done | ||
|
||
# Check clean up | ||
echo -e '☑ success' | ||
rm -f checksums.yaml.gz data.tar.gz metadata.gz |