Updated main fork

.github/actions/rl-scanner/action.yml

@@ -0,0 +1,71 @@
+name: RL-Security-Scanner
+description: Runs the Reversing Labs scanner on a specified artifact.
+inputs:
+  artifact-path:
+    description: Path to the artifact to be scanned.
+    required: true
+  version:
+    description: Version of the artifact.
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Set up python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.10'
+
+    - name: Install Python dependencies
+      shell: bash
+      run: |
+        pip install boto3 requests
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # [email protected]
+      with:
+        role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
+        aws-region: us-east-1
+        mask-aws-account-id: true
+
+    - name: Install RL Wrapper
+      shell: bash
+      run: |
+        pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
+
+    - name: Run RL Scanner
+      shell: bash
+      env:
+        RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }}
+        RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }}
+        SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }}
+        PYTHONUNBUFFERED: 1
+      run: |
+        if [ ! -f "${{ inputs.artifact-path }}" ]; then
+          echo "Artifact not found: ${{ inputs.artifact-path }}"
+          exit 1
+        fi
+
+        rl-wrapper \
+          --artifact "${{ inputs.artifact-path }}" \
+          --version "${{ inputs.version }}" \
+          --name "${{ github.event.repository.name }}" \
+          --repository "${{ github.repository }}" \
+          --commit "${{ github.sha }}" \
+          --build-env "github_actions" \
+          --suppress_output
+
+        # Check the outcome of the scanner
+        if [ $? -ne 0 ]; then
+          echo "RL Scanner failed."
+          echo "scan-status=failed" >> $GITHUB_ENV
+          exit 1
+        else
+          echo "RL Scanner passed."
+          echo "scan-status=success" >> $GITHUB_ENV
+        fi
+
+outputs:
+  scan-status:
+    description: The outcome of the scan process.
+    value: ${{ env.scan-status }}

.github/actions/setup/action.yml

@@ -2,6 +2,10 @@ name: Set up environment
 description: Set up the environment for building and testing the library on a given platform
 
 inputs:
+  ruby:
+    description: The version of Ruby to use
+    required: true
+
   xcode:
     description: The version of Xcode to use
     required: true
@@ -11,14 +15,15 @@ runs:
 
   steps:
     - name: Set up Ruby
-      uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # pinned to version v1.191.0
+      uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # pin@v1.233.0
       with:
-        ruby-version: '3.1.0'
+        ruby-version: ${{ inputs.ruby }}
         bundler-cache: true
         cache-version: 1
 
     - name: Setup Xcode
-      uses: mxcl/xcodebuild@6e60022a0cbe8c89278be2dd1773a2f68e7c5c87
+      uses: mxcl/xcodebuild@e366f14791346edb74397fe9a762ccee86eddc06 # [email protected]
       with:
         xcode: ${{ inputs.xcode }}
         action: none
+        verbosity: xcbeautify

.github/actions/test/action.yml

@@ -5,9 +5,11 @@ inputs:
   xcode:
     description: The version of Xcode to use
     required: true
+
   scheme:
     description: The Xcode scheme to use
     required: true
+
   platform:
     description: The platform to build for
     required: true
@@ -16,17 +18,13 @@ runs:
   using: composite
 
   steps:
-    - name: Install xcpretty
-      run: gem install xcpretty
-      shell: bash
-
     - name: Save Xcode version
       run: xcodebuild -version | tee .xcode-version
       shell: bash
 
     - id: restore-carthage-cache
       name: Restore Carthage cache
-      uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
+      uses: actions/cache@v4
       with:
         path: Carthage
         key: carthage-${{ inputs.platform }}-${{ hashFiles('Cartfile.resolved') }}-${{ hashFiles('.xcode-version') }}-v1
@@ -37,9 +35,10 @@ runs:
       shell: bash
 
     - name: Run tests
-      uses: mxcl/xcodebuild@6e60022a0cbe8c89278be2dd1773a2f68e7c5c87
+      uses: mxcl/xcodebuild@e366f14791346edb74397fe9a762ccee86eddc06 # [email protected]
       with:
         xcode: ${{ inputs.xcode }}
         scheme: ${{ inputs.scheme }}
         platform: ${{ inputs.platform }}
         code-coverage: true
+        verbosity: xcbeautify

.github/dependabot.yml

@@ -1,7 +1,40 @@
 version: 2
 
 updates:
+  - package-ecosystem: bundler
+    directory: /
+    schedule:
+      interval: daily
+    ignore:
+      - dependency-name: '*'
+        update-types: [version-update:semver-major]
+    labels:
+      - dependencies
+
   - package-ecosystem: github-actions
     directory: /
     schedule:
       interval: daily
+    labels:
+      - dependencies
+
+  - package-ecosystem: github-actions
+    directory: /.github/actions/rl-scanner
+    schedule:
+      interval: daily
+    labels:
+      - dependencies
+
+  - package-ecosystem: github-actions
+    directory: /.github/actions/setup
+    schedule:
+      interval: daily
+    labels:
+      - dependencies
+
+  - package-ecosystem: github-actions
+    directory: /.github/actions/test
+    schedule:
+      interval: daily
+    labels:
+      - dependencies

.github/workflows/main.yml

@@ -12,6 +12,9 @@ concurrency:
     group: ${{ github.workflow }}-${{ github.ref }}
     cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
 
+env:
+    ruby: '3.3.1'
+
 jobs:
     test:
         name: Test on ${{ matrix.platform.os }} using Xcode ${{ matrix.xcode }}
@@ -31,11 +34,12 @@ jobs:
 
         steps:
             - name: Checkout
-              uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+              uses: actions/checkout@v4
 
             - name: Set up environment
               uses: ./.github/actions/setup
               with:
+                ruby: ${{ env.ruby }}
                 xcode: ${{ matrix.xcode }}
 
             - name: Run tests
@@ -51,7 +55,7 @@ jobs:
 
             - name: Upload coverage report
               if: ${{ matrix.platform.os == 'iOS' }}
-              uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # pin@4.5.0
+              uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # pin@5.4.2
               with:
                 token: ${{ secrets.CODECOV_TOKEN }}
 
@@ -66,11 +70,12 @@ jobs:
 
         steps:
             - name: Checkout
-              uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+              uses: actions/checkout@v4
 
             - name: Set up environment
               uses: ./.github/actions/setup
               with:
+                ruby: ${{ env.ruby }}
                 xcode: ${{ matrix.xcode }}
 
             - name: Run tests
@@ -87,11 +92,12 @@ jobs:
 
         steps:
             - name: Checkout
-              uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+              uses: actions/checkout@v4
 
             - name: Set up environment
               uses: ./.github/actions/setup
               with:
+                ruby: ${{ env.ruby }}
                 xcode: ${{ matrix.xcode }}
 
             - name: Run pod lib lint
@@ -103,7 +109,7 @@ jobs:
 
         steps:
             - name: Checkout
-              uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+              uses: actions/checkout@v4
 
             - name: Run SwiftLint
               run: swiftlint lint --reporter github-actions-logging

.github/workflows/rl-scanner.yml

@@ -0,0 +1,59 @@
+name: RL-Security-Scanner
+run-name: rl-security-scanner
+
+on:
+  pull_request:
+    types:
+      - closed
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  rl-scanner:
+    name: Run Reversing Labs Scanner
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && github.event.pull_request.base.ref == 'master' && startsWith(github.event.pull_request.head.ref, 'release/'))
+    runs-on: ubuntu-latest
+    outputs:
+      scan-status: ${{ steps.rl-scan-conclusion.outcome }}
+
+    strategy:
+      matrix:
+        xcode:
+          - "15.0.1"
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Build package
+        shell: bash
+        run: |
+          zip -r auth0-swift.zip ./*
+
+      - name: Get Artifact Version
+        id: get_version
+        run: |
+          version=$(awk -F'"' '/let version/ {print $2}' Auth0/Version.swift)
+          echo "version=$version" >> $GITHUB_OUTPUT
+
+      - name: Run Reversing Labs  Scanner
+        id: rl-scan-conclusion
+        uses: ./.github/actions/rl-scanner
+        with:
+          artifact-path: "$(pwd)/auth0-swift.zip"
+          version: "${{ steps.get_version.outputs.version }}"
+        env:
+          RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+          RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+          SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+          PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+          PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+          PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
+      - name: Output scan result
+        run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV

.github/workflows/semgrep.yml

@@ -4,7 +4,7 @@ on:
   pull_request: {}
 
   push:
-    branches: ["master", "main"]
+    branches: [master, main]
 
   schedule:
     - cron: '30 0 1,15 * *'
@@ -18,9 +18,8 @@ jobs:
     # Skip any PR created by dependabot to avoid permission issues
     if: (github.actor != 'dependabot[bot]')
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      - uses: actions/checkout@v4
 
       - run: semgrep ci
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
-

App/ViewController.swift

@@ -2,33 +2,25 @@ import UIKit
 import Auth0
 
 class ViewController: UIViewController {
-
-    var onAuth: ((WebAuthResult<Credentials>) -> ())!
-
-    override func viewDidLoad() {
-        super.viewDidLoad()
-
-        self.onAuth = {
-            switch $0 {
-            case .failure(let error):
-                DispatchQueue.main.async {
-                    self.alert(title: "Error", message: "\(error)")
-                }
-            case .success(let credentials):
-                DispatchQueue.main.async {
-                    self.alert(title: "Success",
-                               message: "Authorized and got a token \(credentials.accessToken)")
-                }
-            }
-            print($0)
-        }
-    }
-
+
     @IBAction func login(_ sender: Any) {
         Auth0
             .webAuth()
             .logging(enabled: true)
-            .start(onAuth)
+            .start {
+                switch $0 {
+                case .failure(let error):
+                    DispatchQueue.main.async {
+                        self.alert(title: "Error", message: "\(error)")
+                    }
+                case .success(let credentials):
+                    DispatchQueue.main.async {
+                        self.alert(title: "Success",
+                                   message: "Authorized and got a token \(credentials.accessToken)")
+                    }
+                }
+                print($0)
+            }
     }
 
     @IBAction func logout(_ sender: Any) {