[analyze] Add Analyzer interface for Gitlab #3232
Conversation
abmussani
force-pushed
the
impl-data-model-gitlab
branch
from
ccc7f7c
to
ca8ac04
Compare
There was a problem hiding this comment.
The code looks good but the test isn't passing. It looks like the gitlab token is expired:
» curl 'https://gitlab.com/api/v4/personal_access_tokens/self' -H "Private-Token: $GITLAB_TOKEN"
{
"error": "invalid_token",
"error_description": "Token is expired. You can either do re-authorization or token refresh."
}
abmussani
force-pushed
the
impl-data-model-gitlab
branch
from
3b5b769
to
051aadf
Compare
to make more unique FullyQualifiedName, Ids are added for resources.
|
@mcastorina I have updated the active |
| Bindings: []analyzers.Binding{}, | ||
| } | ||
|
|
||
| // Add token and it's permissions to bindings |
There was a problem hiding this comment.
Are we sure token should be a resource here? Does the credential we're analyzing grant permission to perform actions on the token?
There was a problem hiding this comment.
Yup, The permission determine what action can be perform using that token.
There was a problem hiding this comment.
Permissions operate on a resource though, so in this case the permissions would describe operations that could be performed on the token itself, which seems wrong to me..
There was a problem hiding this comment.
@mcastorina I had gone through the login. PAT token does belongs to user and we do get userID in response. So, resource can be a User with those permissions. What do you think ?
* main: (76 commits) update aws descriptions (trufflesecurity#3529) enforce timeout on circleci test (trufflesecurity#3528) rm snifftest (trufflesecurity#3527) Redact more source credentials (trufflesecurity#3526) Create global log redaction capability (trufflesecurity#3522) Adding basic "what is trufflehog" to the readme (trufflesecurity#3514) Handle custom detector response and include in extra data (trufflesecurity#3411) fix: fixed validation logic for `calendarific` (trufflesecurity#3480) fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (trufflesecurity#3518) Move DecoderType into ResultWithMetadata trufflesecurity#3502 Addeded 403 account block status code handling for gitlab (trufflesecurity#3471) updated gcpapplicationdefaultcredentials detector results with RawV2 (trufflesecurity#3499) fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (trufflesecurity#3512) fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (trufflesecurity#3510) fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (trufflesecurity#3498) Adds a logging section in the contributing guidelines (trufflesecurity#3509) fix: fixed verifcation pattern logic for `bulksms` (trufflesecurity#3478) Extend `algoliaadminkey` with additional checks (trufflesecurity#3459) fix(deps): update module google.golang.org/api to v0.203.0 (trufflesecurity#3497) fix: added correct api endpoint for verification & logic for Aeroworkflow (trufflesecurity#3435) ...
Thanks @mcastorina for letting me. I have fixed the breaking changes. Seems like |
Description:
This PR implements the analyzer interface for Gitlab.
Checklist:
make test-community)?make lintthis requires golangci-lint)?