From 56e8f9bfb2c7e920b08d00dd731de16b0dcc8015 Mon Sep 17 00:00:00 2001
From: kashif khan <kashif.khan@trufflesec.com>
Date: Mon, 28 Oct 2024 16:30:59 +0500
Subject: [PATCH] removed unmarshalling logic

---
 pkg/detectors/gitlab/v1/gitlab.go    | 21 ++++++++-------------
 pkg/detectors/gitlab/v2/gitlab_v2.go | 16 +++++++---------
 2 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/pkg/detectors/gitlab/v1/gitlab.go b/pkg/detectors/gitlab/v1/gitlab.go
index f1d801f205f1..62a5db140e96 100644
--- a/pkg/detectors/gitlab/v1/gitlab.go
+++ b/pkg/detectors/gitlab/v1/gitlab.go
@@ -20,10 +20,6 @@ type Scanner struct {
 	detectors.EndpointSetter
 }
 
-type GitLabMessage struct {
-	Message string `json:"message"`
-}
-
 // Ensure the Scanner satisfies the interfaces at compile time.
 var (
 	_ detectors.Detector           = (*Scanner)(nil)
@@ -111,7 +107,8 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[s
 		}
 
 		defer res.Body.Close()
-		body, err := io.ReadAll(res.Body)
+
+		bodyBytes, err := io.ReadAll(res.Body)
 		if err != nil {
 			return false, nil, err
 		}
@@ -121,16 +118,14 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[s
 		// 401 is bad key
 		switch res.StatusCode {
 		case http.StatusOK:
-			return json.Valid(body), nil, nil
+			return json.Valid(bodyBytes), nil, nil
 		case http.StatusForbidden:
 			// check if the user account is blocked or not
-			var apiResp GitLabMessage
-			if err := json.Unmarshal(body, &apiResp); err == nil {
-				if apiResp.Message == BlockedUserMessage {
-					return true, map[string]string{
-						"blocked": "True",
-					}, nil
-				}
+			stringBody := string(bodyBytes)
+			if strings.Contains(stringBody, BlockedUserMessage) {
+				return true, map[string]string{
+					"blocked": "True",
+				}, nil
 			}
 
 			// Good key but not the right scope
diff --git a/pkg/detectors/gitlab/v2/gitlab_v2.go b/pkg/detectors/gitlab/v2/gitlab_v2.go
index 3b08f7fa884a..ee04aee6f2f4 100644
--- a/pkg/detectors/gitlab/v2/gitlab_v2.go
+++ b/pkg/detectors/gitlab/v2/gitlab_v2.go
@@ -2,7 +2,6 @@ package gitlab
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -95,7 +94,8 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[s
 			return false, nil, err
 		}
 		defer res.Body.Close()
-		body, err := io.ReadAll(res.Body)
+
+		bodyBytes, err := io.ReadAll(res.Body)
 		if err != nil {
 			return false, nil, err
 		}
@@ -108,13 +108,11 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[s
 			return true, nil, nil
 		case http.StatusForbidden:
 			// check if the user account is blocked or not
-			var apiResp v1.GitLabMessage
-			if err := json.Unmarshal(body, &apiResp); err == nil {
-				if apiResp.Message == v1.BlockedUserMessage {
-					return true, map[string]string{
-						"blocked": "True",
-					}, nil
-				}
+			stringBody := string(bodyBytes)
+			if strings.Contains(stringBody, v1.BlockedUserMessage) {
+				return true, map[string]string{
+					"blocked": "True",
+				}, nil
 			}
 
 			// Good key but not the right scope