-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[analyze] Add Analyzer interface for Gitlab (#3232)
* implement analyzer interface for gitlab * generated permissions, added unit test for gitlab analyzer * revert deletion of scopes.go * appending domain in resource names * [chore] moved expected output of test in json file to neat the code. * updated the test for gitlab analyzer to make more unique FullyQualifiedName, Ids are added for resources. * remove unnecessary metadata field and fix github -> gitlab * extract user id from access token json, make user as resource * link analyzer with gitlab v2 detector * fixed code breaking changes due to analyzer protobuf removal. --------- Co-authored-by: Abdul Basit <[email protected]>
- Loading branch information
1 parent
f4670aa
commit 9b2cef5
Showing
11 changed files
with
303 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"AnalyzerType":5,"Bindings":[{"Resource":{"Name":"gitlab.com/user/22466472","FullyQualifiedName":"gitlab.com/user/22466472","Type":"user","Metadata":{"token_created_at":"2024-08-15T06:33:00.337Z","token_expires_at":"2025-08-15","token_id":10470457,"token_name":"test-project-token","token_revoked":false},"Parent":null},"Permission":{"Value":"read_api","Parent":null}},{"Resource":{"Name":"gitlab.com/user/22466472","FullyQualifiedName":"gitlab.com/user/22466472","Type":"user","Metadata":{"token_created_at":"2024-08-15T06:33:00.337Z","token_expires_at":"2025-08-15","token_id":10470457,"token_name":"test-project-token","token_revoked":false},"Parent":null},"Permission":{"Value":"read_repository","Parent":null}},{"Resource":{"Name":"truffletester / trufflehog","FullyQualifiedName":"gitlab.com/project/60871295","Type":"project","Metadata":null,"Parent":null},"Permission":{"Value":"Developer","Parent":null}}],"UnboundedResources":null,"Metadata":{"enterprise":true,"version":"17.6.0-pre"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
package gitlab | ||
|
||
import ( | ||
_ "embed" | ||
"encoding/json" | ||
"testing" | ||
"time" | ||
|
||
"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers" | ||
"github.com/trufflesecurity/trufflehog/v3/pkg/common" | ||
"github.com/trufflesecurity/trufflehog/v3/pkg/context" | ||
) | ||
|
||
//go:embed expected_output.json | ||
var expectedOutput []byte | ||
|
||
func TestAnalyzer_Analyze(t *testing.T) { | ||
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) | ||
defer cancel() | ||
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors4") | ||
if err != nil { | ||
t.Fatalf("could not get test secrets from GCP: %s", err) | ||
} | ||
|
||
tests := []struct { | ||
name string | ||
key string | ||
want string // JSON string | ||
wantErr bool | ||
}{ | ||
{ | ||
name: "valid gitlab access token", | ||
key: testSecrets.MustGetField("GITLABV2"), | ||
want: string(expectedOutput), | ||
wantErr: false, | ||
}, | ||
} | ||
|
||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
a := Analyzer{} | ||
got, err := a.Analyze(ctx, map[string]string{"key": tt.key}) | ||
if (err != nil) != tt.wantErr { | ||
t.Errorf("Analyzer.Analyze() error = %v, wantErr %v", err, tt.wantErr) | ||
return | ||
} | ||
|
||
// Marshal the actual result to JSON | ||
gotJSON, err := json.Marshal(got) | ||
if err != nil { | ||
t.Fatalf("could not marshal got to JSON: %s", err) | ||
} | ||
|
||
// Parse the expected JSON string | ||
var wantObj analyzers.AnalyzerResult | ||
if err := json.Unmarshal([]byte(tt.want), &wantObj); err != nil { | ||
t.Fatalf("could not unmarshal want JSON string: %s", err) | ||
} | ||
|
||
// Marshal the expected result to JSON (to normalize) | ||
wantJSON, err := json.Marshal(wantObj) | ||
if err != nil { | ||
t.Fatalf("could not marshal want to JSON: %s", err) | ||
} | ||
|
||
// Compare the JSON strings | ||
if string(gotJSON) != string(wantJSON) { | ||
// Pretty-print both JSON strings for easier comparison | ||
var gotIndented []byte | ||
gotIndented, err = json.MarshalIndent(got, "", " ") | ||
if err != nil { | ||
t.Fatalf("could not marshal got to indented JSON: %s", err) | ||
} | ||
t.Errorf("Analyzer.Analyze() = \n%s", gotIndented) | ||
} | ||
}) | ||
} | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
permissions: | ||
- api | ||
- read_user | ||
- read_api | ||
- read_repository | ||
- write_repository | ||
- read_registry | ||
- write_registry | ||
- sudo | ||
- admin_mode | ||
- create_runner | ||
- manage_runner | ||
- ai_features | ||
- k8s_proxy | ||
- read_service_ping |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters