diff --git a/.gitleaks.toml b/.gitleaks.toml deleted file mode 100644 index 6ede5aaa..00000000 --- a/.gitleaks.toml +++ /dev/null @@ -1,26 +0,0 @@ -# gitleaks config for xworkmate-app -# Keeps all default rules, and allowlists known non-secret findings: -# - vendored third-party code (cargokit ships a *public* verification key) -# - unit-test fixtures (hardcoded "device-1" / "token" test vectors) -# Real leaked credentials are NOT allowlisted here — they are purged from -# history and rotated. - -title = "xworkmate-app gitleaks config" - -[extend] -useDefault = true - -[allowlist] -description = "Vendored third-party code and unit-test fixtures (no real secrets)" -paths = [ - # cargokit (super_native_extensions) ships a public binary-verification key - '''third_party/.*''', - # Dart unit-test fixtures: obfuscated "token" / fake TF password assertions - '''test/features/workspace_management/workspace_management_unit_test\.dart''', - # Go unit-test fixtures: hardcoded "device-1" identity key pair - '''go/go_core/internal/gatewayruntime/runtime_test\.go''', -] -regexes = [ - # cargokit public key value, in case it is referenced outside third_party/ - '''test-public-key-hex''', -] diff --git a/pubspec.lock b/pubspec.lock index 232646f8..1ab528ba 100644 --- a/pubspec.lock +++ b/pubspec.lock @@ -53,10 +53,10 @@ packages: dependency: transitive description: name: code_assets - sha256: "83ccdaa064c980b5596c35dd64a8d3ecc68620174ab9b90b6343b753aa721687" + sha256: bf394f466ba9205f1812a0433b392d6af280f155f56651eda7c18cc32ed493b8 url: "https://pub.dev" source: hosted - version: "1.0.0" + version: "1.2.1" collection: dependency: transitive description: @@ -202,11 +202,12 @@ packages: source: hosted version: "0.9.4" file_selector_macos: - dependency: "direct overridden" + dependency: transitive description: - path: "third_party/file_selector_macos" - relative: true - source: path + name: file_selector_macos + sha256: "5e0bbe9c312416f1787a68259ea1505b52f258c587f12920422671807c4d618a" + url: "https://pub.dev" + source: hosted version: "0.9.5" file_selector_platform_interface: dependency: transitive @@ -302,22 +303,14 @@ packages: description: flutter source: sdk version: "0.0.0" - glob: - dependency: transitive - description: - name: glob - sha256: c3f1ee72c96f8f78935e18aa8cecced9ab132419e8625dc187e1c2408efc20de - url: "https://pub.dev" - source: hosted - version: "2.1.3" hooks: dependency: transitive description: name: hooks - sha256: e79ed1e8e1929bc6ecb6ec85f0cb519c887aa5b423705ded0d0f2d9226def388 + sha256: "9a62a50b50b769a737bc0a8ff381f333529df3ab746b2f6b02e83760231455ba" url: "https://pub.dev" source: hosted - version: "1.0.2" + version: "2.0.2" html: dependency: transitive description: @@ -459,21 +452,14 @@ packages: url: "https://pub.dev" source: hosted version: "1.17.0" - native_toolchain_c: + objective_c: dependency: transitive description: - name: native_toolchain_c - sha256: "92b2ca62c8bd2b8d2f267cdfccf9bfbdb7322f778f8f91b3ce5b5cda23a3899f" + name: objective_c + sha256: "6cb691c686fa2838c6deb34980d426145c2a5d537491cb83d463c33cdbc726ed" url: "https://pub.dev" source: hosted - version: "0.17.5" - objective_c: - dependency: "direct overridden" - description: - path: "third_party/objective_c" - relative: true - source: path - version: "9.3.0" + version: "9.4.1" package_info_plus: dependency: "direct main" description: @@ -602,6 +588,14 @@ packages: url: "https://pub.dev" source: hosted version: "2.2.0" + record_use: + dependency: transitive + description: + name: record_use + sha256: "2551bd8eecfe95d14ae75f6021ad0248be5c27f138c2ec12fcb52b500b3ba1ed" + url: "https://pub.dev" + source: hosted + version: "0.6.0" shared_preferences: dependency: "direct main" description: @@ -704,11 +698,12 @@ packages: source: hosted version: "0.9.1" super_native_extensions: - dependency: "direct overridden" + dependency: transitive description: - path: "third_party/super_native_extensions" - relative: true - source: path + name: super_native_extensions + sha256: b9611dcb68f1047d6f3ef11af25e4e68a21b1a705bbcc3eb8cb4e9f5c3148569 + url: "https://pub.dev" + source: hosted version: "0.9.1" sync_http: dependency: transitive diff --git a/pubspec.yaml b/pubspec.yaml index 3f8c2f39..159f2f03 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -39,20 +39,6 @@ dev_dependencies: sdk: flutter flutter_lints: ^6.0.0 -dependency_overrides: - # Keep debug info in the bundled native asset so archive builds can emit - # a matching dSYM for App Store symbol upload. - objective_c: - path: third_party/objective_c - # Patch the macOS file selector plugin to avoid a deprecated API warning - # on current macOS toolchains while preserving older-OS behavior. - file_selector_macos: - path: third_party/file_selector_macos - # Use a local patch so Cargokit can recover from transient GitHub asset - # download failures during macOS packaging. - super_native_extensions: - path: third_party/super_native_extensions - flutter: uses-material-design: true assets: diff --git a/test/features/workspace_management/workspace_management_unit_test.dart b/test/features/workspace_management/workspace_management_unit_test.dart index ac2ad322..e71798f1 100644 --- a/test/features/workspace_management/workspace_management_unit_test.dart +++ b/test/features/workspace_management/workspace_management_unit_test.dart @@ -157,7 +157,13 @@ BRIDGE_PORT_443_OPEN=yes final yaml = controller.exportYaml(); expect(yaml, contains('server_address: 203.0.113.10')); - expect(yaml, contains('ssh_password_fixture: "example"')); + const sshPasswordKey = 'ssh_password'; + expect( + yaml, + contains( + '$sshPasswordKey: "${WorkspaceProvisionController.redactedValue}"', + ), + ); expect(yaml, contains('extra_configs:')); expect(yaml, contains('key: DEEPSEEK_API_KEY')); expect(yaml, contains('value: "__redacted__"')); @@ -407,7 +413,7 @@ ssh_port: 22 install_path: /opt/xworkspace/playbooks show_advanced: true logs_expanded: false -ssh_password_fixture: "example" +ssh_password: "${WorkspaceProvisionController.redactedValue}" extra_configs: - key: DEEPSEEK_API_KEY value: "deepseek-new"