From 078b113ad77ad155089684fca718408dd68863c5 Mon Sep 17 00:00:00 2001 From: Alexandr Date: Fri, 25 Aug 2023 17:59:31 +0300 Subject: [PATCH 1/3] Add config for Semgrep --- .circleci/config.yml | 67 ++++++++++++++++++++++++++++++++++++++++++-- .semgrepignore | 16 +++++++++++ .semgrepignore.py | 16 +++++++++++ 3 files changed, 96 insertions(+), 3 deletions(-) create mode 100644 .semgrepignore create mode 100644 .semgrepignore.py diff --git a/.circleci/config.yml b/.circleci/config.yml index 3c769627..82f6b153 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,5 +1,11 @@ version: 2.1 +# === Scheduled Pipeline Parameters === +parameters: + nightly-security-scan: + type: boolean + default: false + jobs: build-and-test-sdk: macos: @@ -31,7 +37,7 @@ jobs: echo "Code coverage will only be pushed to compass on the main branch." fi - + build-and-ui-test-demo-app-ios-16-iphone14: macos: xcode: "14.2" @@ -51,9 +57,64 @@ jobs: -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 14,OS=16.2' + scan-sast-pr: + parameters: + default_branch: + type: string + default: master + environment: + SEMGREP_REPO_URL: << pipeline.project.git_url >> + SEMGREP_BRANCH: << pipeline.git.branch >> + SEMGREP_BASELINE_REF: << parameters.default_branch >> + docker: + - image: returntocorp/semgrep + steps: + - checkout + - run: + name: "Semgrep diff scan" + command: semgrep ci + + scan-sast-full: + parameters: + default_branch: + type: string + default: master + environment: + SEMGREP_REPO_URL: << pipeline.project.git_url >> + SEMGREP_BRANCH: << pipeline.git.branch >> + docker: + - image: returntocorp/semgrep + steps: + - checkout + - run: + name: "Semgrep full scan" + command: semgrep ci + workflows: - version: 2 build-and-test: + when: + not: << pipeline.parameters.nightly-security-scan >> jobs: - build-and-test-sdk - - build-and-ui-test-demo-app-ios-16-iphone14 \ No newline at end of file + - build-and-ui-test-demo-app-ios-16-iphone14 + - scan-sast-pr: + context: + - security-tools + + - scan-sast-full: + filters: + # ignore any commit on any branch by default + branches: + ignore: /.*/ + tags: + only: + - /production-.*/ + context: + - security-tools + + scheduled-security-scan: + when: << pipeline.parameters.nightly-security-scan >> + jobs: + - scan-sast-full: + context: + - security-tools \ No newline at end of file diff --git a/.semgrepignore b/.semgrepignore new file mode 100644 index 00000000..42981672 --- /dev/null +++ b/.semgrepignore @@ -0,0 +1,16 @@ +# Common large paths +build/ +docs/ +.env/ + + +# Common test paths +VGSCardIOCollectorTests/ +Tests/ +xcov_report/ + +# Semgrep rules folder +.semgrep + +# Semgrep-action log folder +.semgrep_logs/ \ No newline at end of file diff --git a/.semgrepignore.py b/.semgrepignore.py new file mode 100644 index 00000000..42981672 --- /dev/null +++ b/.semgrepignore.py @@ -0,0 +1,16 @@ +# Common large paths +build/ +docs/ +.env/ + + +# Common test paths +VGSCardIOCollectorTests/ +Tests/ +xcov_report/ + +# Semgrep rules folder +.semgrep + +# Semgrep-action log folder +.semgrep_logs/ \ No newline at end of file From ce455c633f2ccc06673c3f09bbc495aef51b3e80 Mon Sep 17 00:00:00 2001 From: Donald Rodriguez Gutierrez <129230521+DonaldRG@users.noreply.github.com> Date: Wed, 25 Oct 2023 10:13:16 -0600 Subject: [PATCH 2/3] update regex for jcb, mastercard and maestro (#367) (#369) --- .../Core/CardBrand+default.swift | 8 +- .../_CardBrandDataSource.swift | 439 ++++++++++-------- 2 files changed, 242 insertions(+), 205 deletions(-) diff --git a/Sources/VGSCollectSDK/Core/VGSPaymentCards/Core/CardBrand+default.swift b/Sources/VGSCollectSDK/Core/VGSPaymentCards/Core/CardBrand+default.swift index b774fff5..73390719 100644 --- a/Sources/VGSCollectSDK/Core/VGSPaymentCards/Core/CardBrand+default.swift +++ b/Sources/VGSCollectSDK/Core/VGSPaymentCards/Core/CardBrand+default.swift @@ -23,15 +23,15 @@ extension VGSPaymentCards.CardBrand { case .unionpay: return "^62\\d*$" case .jcb: - return "^35\\d*$" + return "^(2131|1800|35)\\d*$" case .mastercard: - return "^(5[1-5]|677189)\\d*$|^(222[1-9]|2[3-6]\\d{2,}|27[0-1]\\d|2720)([0-9]{2,})\\d*$" + return "^(5[1-5][0-9]{4})\\d*$|^(222[1-9]|22[3-9]|2[3-6]\\d{2}|27[0-1]\\d|2720)([0-9]{2})\\d*$" case .visaElectron: return "^4(026|17500|405|508|844|91[37])\\d*$" case .visa: return "^4\\d*$" case .maestro: - return "^(5018|5020|5038|56|57|58|6304|6390[0-9]{2,}|67[0-9]{4,})\\d*$" + return "^(5018|5020|5038|6304|6390[0-9]{2}|67[0-9]{4})\\d*$" case .forbrugsforeningen: return "^600\\d*$" case .dankort: @@ -58,7 +58,7 @@ extension VGSPaymentCards.CardBrand { case .unionpay: return [16, 17, 18, 19] case .jcb: - return [16, 17, 18, 19] + return [15, 16] case .mastercard: return [16] case .visaElectron: diff --git a/Tests/FrameworkTests/Card Brand Tests/_CardBrandDataSource.swift b/Tests/FrameworkTests/Card Brand Tests/_CardBrandDataSource.swift index 5cb917f0..e0a8edb5 100644 --- a/Tests/FrameworkTests/Card Brand Tests/_CardBrandDataSource.swift +++ b/Tests/FrameworkTests/Card Brand Tests/_CardBrandDataSource.swift @@ -16,125 +16,146 @@ extension VGSPaymentCards.CardBrand { switch self { case .amex: return [ - "340000099900036", - "340000099900028", - "340000099900044", - "340000099900051", - "343434343434343", + "370000000000002", "378282246310005", "371449635398431", "378734493671000", - "370000000000002", - "370000000100018" + "374111111111111", + "373953192351004", + "346018484777573", + "374101000000608", + "376525000000010", + "375425000000907", + "343452000000306", + "372349000000852" ] case .visaElectron: return [ - "4917300800000000", - "4917300000000008" + "4917610000000000", + "4917300000000008", + "4917300800000000" ] case .visa: return [ - "4000020000000000", - "4000060000000006", - "4000160000000004", - "4000180000000002", - "4000620000000007", - "4000640000000005", - "4000760000000001", - "4002690000000008", - "4003550000000003", - "4005519000000006", - "4017340000000003", - "4035501000000008", "4111111111111111", - "4111111145551142", - "4131840000000003", - "4151500000000008", - "4166676667666746", - "4199350000000002", - "4293189100000008", - "4400000000000008", + "4007000000027", + "4012888818888", + "4005519200000004", + "4009348888881881", + "4012000033330026", + "4012000077777777", + "4012888888881881", + "4217651111111119", + "4500600000000061", "4444333322221111", - "4484600000000004", - "4571000000000001", - "4607000000000009", - "4646464646464644", - "4977949494949497", - "4988080000000000", - "4988438843884305", + "4119862760338320", + "4012001038443335", + "4149011500000147", + "4000007000000031", "4462030000000000", - "4242424242424242", - "4444333322221111455", - "4761000000000001" + "4012001037461114", + "4012001036853337", + "4012001037484447", + "4012001036273338", + "4263970000005262", + "4484070000000000", + "4911830000000", + "4003830171874018", + "4012001036983332", + "4012001038488884" ] case .mastercard: return [ - "2222400010000008", - "2222400030000004", - "2222400050000009", - "2222400060000007", - "2222400070000005", - "2222410700000002", - "2222410740360010", - "2223000048410010", - "2223520443560010", - "5100060000000002", - "5100290029002909", - "5100705000000002", - "5101180000000007", - "5103221911199245", - "5106040000000008", - "5136333333333335", - "5424000000000015", - "5500000000000004", - "5555341244441115", - "5555444433331111", "5555555555554444", - "5577000055770004", - "5585558555855583", - "5454545454545454" + "5454545454545454", + "5105105105105100", + "5399999999999999", + "5232569007637831", + "5556011778787485", + "2720992593319364", + "2222420000001113", + "2222630000001125", + "5185540810000019", + "5420923878724339", + "5111010030175156", + "5200828282828210", + "5204230080000017", + "5425230000004415", + "5114610000004778", + "5114630000009791", + "5121220000006921", + "5135020000005871", + "5100000000000131", + "5301250070000050", + "5454609899026213", + "5123456789012346", + "5133333333333338", + "5111111111111118", + "2223000000000023", + "5413000000000000", + "5404000000000068", + "5404000000000084", + "5404000000000043", + "5496198584584769", + "2226350000000003", + "2229140000000005", + "2230140000000002", + "2308643800000012", + "2718010000000008", + "2650050400000000", + "2560000141000008", + "2460010000000008", + "2390000990000006", + "2265080000000008" ] case .discover: return [ - "6011000400000000", - "6011100099900013", + "6011000000000004", "6011111111111117", "6011000990139424", - "6011601160116611", - "6445644564456445" + "6011000400000000", + "6011000000000087", + "6011000000001010", + "6011000000001028", + "6011000000001036", + "6011000000002000", + "6011000000000012" ] case .dinersClub: return [ - "30599900026332", - "30599900026340", - "38520000023237", "30569309025904", - "36006666333344", - "36070500001020", + "38520000023237", + "38000000000006", + "36256000000725", + "36256000000998", + "36256000000634", + "38865000000705", "36700102000000", - "36148900647913", - "3096000032340126", - "3056930009020004" + "36148900647913" ] case .jcb: return [ - "3569990010095841", - "3530111333300000", "3566002020360505", - "3569990010030400" + "3530111333300000", + "3566111111111113", + "3566000000000000", + "3566000000001016", + "3566000000001024", + "3566000000001032", + "3566000000002006", + "3569990000000009", + "3528000700000000", + "2131000000000214", + "1800000000000216" ] case .maestro: return [ - "6759649826438453", "6771798021000008", - "6771798025000004", - "6759156019808393", - "6761000000000006", + "6771830999991239", + "6759649826438453", "5020620000000000", - "6771830000000000006", - "5611111111111113", - "5711111111111112", - "5811111111111111" + "6304000000000216", + "6723680000000000008" ] case .unionpay: return [ @@ -143,140 +164,156 @@ extension VGSPaymentCards.CardBrand { "62123456789000003", "621234567890000002", "6212345678900000003" - ] + ] case .dankort: - return [ - "5019555544445555", + return [ "5019717010103742", - "5019346126415137"] + "5019555544445555", + "5019200000000004", + "5019356488230958" + ] case .forbrugsforeningen: - return [ - "6007220000000004"] + return [ + "6007220000000004" + ] case .elo: - return [ - "6362970000457013", + return [ "5066991111111118", - "6362970000457013"] + "6362970000457013", + "5067310000000010", + "5067312520593847" + ] case .hipercard: - return [ + return [ "6062826786276634", - "6062828888666688"] + "6062828888666688" + ] case .unknown: return [] case .custom: - return [] - } + return [] + } } - - var firsDigitsInCardNumber: [String] { - switch self { - case .amex: - return [ - "34", "37", "341", "379" - ] - case .visaElectron: - return [ - "4026", - "417500", - "4405", - "4508", - "4844", - "4913", - "4917", - "40261", - "491790" - ] - case .visa: - return [ - "4", "41", "40", "49" - ] - case .mastercard: - return [ - "51", "52", "53", - "54", "55", - "222123", "22223456", "271923", - "272000" - ] - case .discover: - return [ - "6011", "65", "644", - "645", "646", "647", - "648", "649", "622", - "60110", "659", "6456" - ] - case .dinersClub: - return [ - "305", "300", "309", - "36", "38", "39", - "3000", "366", "391" - ] - case .jcb: - return [ - "35", "350", "359" - ] - case .maestro: - return [ - "6701234", "6790000", - "6390012", "639099", - "50181", "50201", - "5018", "5020", - "5038", "56", "57", "58" - ] - case .unionpay: - return ["62", "621", "629", "620"] - case .forbrugsforeningen: - return ["600", "6001", "6009"] - case .dankort: - return ["5019", "50191", "50199"] - case .elo: - return ["401178", "4011789", "627780", "6277800"] - case .hipercard: - return ["384100", "3841009", "606282", "6062820", "637568"] - case .unknown: - return [] - case .custom: - return [] + + var firsDigitsInCardNumber: [String] { + switch self { + case .amex: + return [ + "34", "37", "341", "379" + ] + case .visaElectron: + return [ + "4026", + "417500", + "4405", + "4508", + "4844", + "4913", + "4917", + "40261", + "491790" + ] + case .visa: + return [ + "4", "41", "40", "49" + ] + case .mastercard: + return [ + "512345", + "526754", + "537898", + "540000", + "557777", + "222123", + "223333", + "22223456", + "271923", + "272000" + ] + case .discover: + return [ + "6011", "65", "644", + "645", "646", "647", + "648", "649", "622", + "60110", "659", "6456" + ] + case .dinersClub: + return [ + "305", "300", "309", + "36", "38", "39", + "3000", "366", "391" + ] + case .jcb: + return [ + "35", "350", "359" + ] + case .maestro: + return [ + "6701234", + "6790000", + "6390012", + "639099", + "50181", + "50201", + "5018", + "5020", + "5038" + ] + case .unionpay: + return ["62", "621", "629", "620"] + case .forbrugsforeningen: + return ["600", "6001", "6009"] + case .dankort: + return ["5019", "50191", "50199"] + case .elo: + return ["401178", "4011789", "627780", "6277800"] + case .hipercard: + return ["384100", "3841009", "606282", "6062820", "637568"] + case .unknown: + return [] + case .custom: + return [] + } } - } } extension VGSPaymentCards { static var specificNotValidCardNumbers: [String] { return [ - "4", - "41", - "411", - "4111", - "41111", - "411111", - "4111111", - "41111111", - "411111111", - "4111111111", - "41111111111", - "411111111111", - "4111111111111", - "41111111111111", - "411111111111111", - "0000000000000000", - "1111111111111111", - "2222222222222222", - "3333333333333333", - "4444444444444444", - "5555555555555555", - "6666666666666666", - "7777777777777777", - "8888888888888888", - "9999999999999999", - "1234123412342134", - "1234567890000000", - "0987654321111111", - "4111111o1111111", - "34000000000000000", - "3400000000000000", - "340000000000000", - "601100040000000", - "5555555555" ] + "4", + "41", + "411", + "4111", + "41111", + "411111", + "4111111", + "41111111", + "411111111", + "4111111111", + "41111111111", + "411111111111", + "4111111111111", + "41111111111111", + "411111111111111", + "0000000000000000", + "1111111111111111", + "2222222222222222", + "3333333333333333", + "4444444444444444", + "5555555555555555", + "6666666666666666", + "7777777777777777", + "8888888888888888", + "9999999999999999", + "1234123412342134", + "1234567890000000", + "0987654321111111", + "4111111o1111111", + "34000000000000000", + "3400000000000000", + "340000000000000", + "601100040000000", + "5555555555" ] } } From ec74d9187498ccea22ec8d118b901a037865a74f Mon Sep 17 00:00:00 2001 From: Donald Rodriguez Gutierrez <129230521+DonaldRG@users.noreply.github.com> Date: Wed, 25 Oct 2023 10:57:05 -0600 Subject: [PATCH 3/3] Release candidate 1.15.2 (#370) * update regex for jcb, mastercard and maestro (#367) * Version name & code bump --- Sources/VGSCollectSDK/Utils/Extensions/Utils.swift | 2 +- VGSCollectSDK.podspec | 2 +- VGSCollectSDK.xcodeproj/project.pbxproj | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Sources/VGSCollectSDK/Utils/Extensions/Utils.swift b/Sources/VGSCollectSDK/Utils/Extensions/Utils.swift index 3115809a..0840db82 100644 --- a/Sources/VGSCollectSDK/Utils/Extensions/Utils.swift +++ b/Sources/VGSCollectSDK/Utils/Extensions/Utils.swift @@ -46,7 +46,7 @@ internal class Utils { /// VGS Collect SDK Version. /// Necessary since SPM doesn't track info plist correctly: https://forums.swift.org/t/add-info-plist-on-spm-bundle/40274/5 - static let vgsCollectVersion: String = "1.15.1" + static let vgsCollectVersion: String = "1.15.2" } extension Dictionary { diff --git a/VGSCollectSDK.podspec b/VGSCollectSDK.podspec index b1857211..9015b132 100644 --- a/VGSCollectSDK.podspec +++ b/VGSCollectSDK.podspec @@ -1,6 +1,6 @@ Pod::Spec.new do |spec| spec.name = 'VGSCollectSDK' - spec.version = '1.15.1' + spec.version = '1.15.2' spec.summary = 'VGS Collect - is a product suite that allows customers to collect information securely without possession of it.' spec.swift_version = '5.0' spec.description = <<-DESC diff --git a/VGSCollectSDK.xcodeproj/project.pbxproj b/VGSCollectSDK.xcodeproj/project.pbxproj index c2cd6b10..49bf7bac 100644 --- a/VGSCollectSDK.xcodeproj/project.pbxproj +++ b/VGSCollectSDK.xcodeproj/project.pbxproj @@ -2043,7 +2043,7 @@ "@executable_path/Frameworks", "@loader_path/Frameworks", ); - MARKETING_VERSION = 1.15.1; + MARKETING_VERSION = 1.15.2; PRODUCT_BUNDLE_IDENTIFIER = com.vgs.framework; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; PROVISIONING_PROFILE_SPECIFIER = ""; @@ -2075,7 +2075,7 @@ "@executable_path/Frameworks", "@loader_path/Frameworks", ); - MARKETING_VERSION = 1.15.1; + MARKETING_VERSION = 1.15.2; PRODUCT_BUNDLE_IDENTIFIER = com.vgs.framework; PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; PROVISIONING_PROFILE_SPECIFIER = "";