Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

[THOG-768] - Add ability to skip scanning Github repos (#846)

Browse source 
* Add ability to skip scanning Github repos.

* remove old change.

* rename method.
This commit is contained in:
ahrav 2022-10-12 16:28:24 -07:00 committed by GitHub
parent 4aab7b7276
commit 04c9bb535e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
pkg/sources/github/github.go
View file

@ -42,22 +42,23 @@ const (
) )
type Source struct { type Source struct {
name string name string
sourceID int64 token string
jobID int64 sourceID int64
verify bool jobID int64
repos []string verify bool
orgs []string repos,
members []string orgs,
members,
ignoreRepos []string
git *git.Git git *git.Git
httpClient *http.Client httpClient *http.Client
aCtx context.Context aCtx context.Context
log *log.Entry log *log.Entry
token string
conn *sourcespb.GitHub conn *sourcespb.GitHub
jobPool *errgroup.Group jobPool *errgroup.Group
resumeInfoSlice []string
resumeInfoMutex sync.Mutex resumeInfoMutex sync.Mutex
resumeInfoSlice []string
apiClient *github.Client apiClient *github.Client
publicMap map[string]source_metadatapb.Visibility publicMap map[string]source_metadatapb.Visibility
sources.Progress sources.Progress
@ -131,6 +132,7 @@ func (s *Source) Init(aCtx context.Context, name string, jobID, sourceID int64,
s.repos = s.conn.Repositories s.repos = s.conn.Repositories
s.orgs = s.conn.Organizations s.orgs = s.conn.Organizations
s.ignoreRepos = s.conn.IgnoreRepos
// Head or base should only be used with incoming webhooks // Head or base should only be used with incoming webhooks
if (len(s.conn.Head) > 0 || len(s.conn.Base) > 0) && len(s.repos) != 1 { if (len(s.conn.Head) > 0 || len(s.conn.Base) > 0) && len(s.repos) != 1 {
@ -600,6 +602,7 @@ func (s *Source) getReposByOrg(ctx context.Context, org string) ([]string, error
PerPage: defaultPagination, PerPage: defaultPagination,
}, },
} }
var numRepos, numForks int var numRepos, numForks int
for { for {
someRepos, res, err := s.apiClient.Repositories.ListByOrg(ctx, org, opts) someRepos, res, err := s.apiClient.Repositories.ListByOrg(ctx, org, opts)
@ -615,8 +618,13 @@ func (s *Source) getReposByOrg(ctx context.Context, org string) ([]string, error
if len(someRepos) == 0 || res == nil { if len(someRepos) == 0 || res == nil {
break break
} }
s.log.Debugf("Listed repos for org %s page %d/%d", org, opts.Page, res.LastPage) s.log.Debugf("Listed repos for org %s page %d/%d", org, opts.Page, res.LastPage)
for _, r := range someRepos { for _, r := range someRepos {
if s.ignoreRepo(r.GetName()) {
continue
}
numRepos++ numRepos++
if r.GetFork() { if r.GetFork() {
numForks++ numForks++
@ -654,6 +662,7 @@ func (s *Source) getReposByUser(ctx context.Context, user string) ([]string, err
PerPage: 50, PerPage: 50,
}, },
} }
for { for {
someRepos, res, err := s.apiClient.Repositories.List(ctx, user, opts) someRepos, res, err := s.apiClient.Repositories.List(ctx, user, opts)
if err == nil { if err == nil {
@ -668,8 +677,13 @@ func (s *Source) getReposByUser(ctx context.Context, user string) ([]string, err
if res == nil { if res == nil {
break break
} }
s.log.Debugf("Listed repos for user %s page %d/%d", user, opts.Page, res.LastPage) s.log.Debugf("Listed repos for user %s page %d/%d", user, opts.Page, res.LastPage)
for _, r := range someRepos { for _, r := range someRepos {
if s.ignoreRepo(r.GetName()) {
continue
}
if r.GetFork() && !s.conn.IncludeForks { if r.GetFork() && !s.conn.IncludeForks {
continue continue
} }
@ -683,6 +697,23 @@ func (s *Source) getReposByUser(ctx context.Context, user string) ([]string, err
return repos, nil return repos, nil
} }
func (s *Source) ignoreRepo(r string) bool {
if stringInSlice(r, s.ignoreRepos) {
s.log.Debugf("ignoring repo %s", r)
return true
}
return false
}
func stringInSlice(s string, l []string) bool {
for _, b := range l {
if b == s {
return true
}
}
return false
}
func (s *Source) getGistsByUser(ctx context.Context, user string) ([]string, error) { func (s *Source) getGistsByUser(ctx context.Context, user string) ([]string, error) {
var gistURLs []string var gistURLs []string
gistOpts := &github.GistListOptions{} gistOpts := &github.GistListOptions{}

19
pkg/sources/github/github_test.go
View file

@ -17,12 +17,13 @@ import (
"github.com/google/go-github/v42/github" "github.com/google/go-github/v42/github"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/trufflesecurity/trufflehog/v3/pkg/context"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/credentialspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
"golang.org/x/sync/errgroup" "golang.org/x/sync/errgroup"
"google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/anypb"
"gopkg.in/h2non/gock.v1" "gopkg.in/h2non/gock.v1"
"github.com/trufflesecurity/trufflehog/v3/pkg/context"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/credentialspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
) )
func createTestSource(src *sourcespb.GitHub) (*Source, *anypb.Any) { func createTestSource(src *sourcespb.GitHub) (*Source, *anypb.Any) {
@ -64,9 +65,13 @@ func TestAddReposByOrg(t *testing.T) {
gock.New("https://api.github.com"). gock.New("https://api.github.com").
Get("/orgs/super-secret-org/repos"). Get("/orgs/super-secret-org/repos").
Reply(200). Reply(200).
JSON([]map[string]string{{"clone_url": "super-secret-repo"}}) JSON([]map[string]string{
{"clone_url": "super-secret-repo", "name": "super-secret-repo"},
{"clone_url": "super-secret-repo2", "name": "super-secret-repo2"},
})
s := initTestSource(nil) s := initTestSource(nil)
s.ignoreRepos = []string{"super-secret-repo2"}
// gock works here because github.NewClient is using the default HTTP Transport // gock works here because github.NewClient is using the default HTTP Transport
err := s.addRepos(context.TODO(), "super-secret-org", s.getReposByOrg) err := s.addRepos(context.TODO(), "super-secret-org", s.getReposByOrg)
assert.Nil(t, err) assert.Nil(t, err)
@ -81,9 +86,13 @@ func TestAddReposByUser(t *testing.T) {
gock.New("https://api.github.com"). gock.New("https://api.github.com").
Get("/users/super-secret-user/repos"). Get("/users/super-secret-user/repos").
Reply(200). Reply(200).
JSON([]map[string]string{{"clone_url": "super-secret-repo"}}) JSON([]map[string]string{
{"clone_url": "super-secret-repo", "name": "super-secret-repo"},
{"clone_url": "super-secret-repo2", "name": "super-secret-repo2"},
})
s := initTestSource(nil) s := initTestSource(nil)
s.ignoreRepos = []string{"super-secret-repo2"}
err := s.addRepos(context.TODO(), "super-secret-user", s.getReposByUser) err := s.addRepos(context.TODO(), "super-secret-user", s.getReposByUser)
assert.Nil(t, err) assert.Nil(t, err)
assert.Equal(t, 1, len(s.repos)) assert.Equal(t, 1, len(s.repos))