mirror of
https://github.com/trufflesecurity/trufflehog.git
synced 2024-11-10 07:04:24 +00:00
Provide user when during private clones with token and fix integration tests (#811)
This commit is contained in:
Dustin Decker
GitHub
parent
593f1e6754
commit
335e676caa
2 changed files with 21 additions and 22 deletions
|
|
@ -79,26 +79,30 @@ func (s *Source) JobID() int64 {
|
|||
return s.jobID
|
||||
}
|
||||
|
||||
func (s *Source) Token(ctx context.Context, installationClient *github.Client) (string, error) {
|
||||
func (s *Source) UserAndToken(ctx context.Context, installationClient *github.Client) (string, string, error) {
|
||||
switch cred := s.conn.GetCredential().(type) {
|
||||
case *sourcespb.GitHub_Unauthenticated:
|
||||
// do nothing
|
||||
case *sourcespb.GitHub_GithubApp:
|
||||
id, err := strconv.ParseInt(cred.GithubApp.InstallationId, 10, 64)
|
||||
if err != nil {
|
||||
return "", errors.New(err)
|
||||
return "", "", errors.New(err)
|
||||
}
|
||||
token, _, err := installationClient.Apps.CreateInstallationToken(
|
||||
ctx, id, &github.InstallationTokenOptions{})
|
||||
if err != nil {
|
||||
return "", errors.WrapPrefix(err, "unable to create installation token", 0)
|
||||
return "", "", errors.WrapPrefix(err, "unable to create installation token", 0)
|
||||
}
|
||||
return token.GetToken(), nil // TODO: multiple workers request this, track the TTL
|
||||
return "x-access-token", token.GetToken(), nil // TODO: multiple workers request this, track the TTL
|
||||
case *sourcespb.GitHub_Token:
|
||||
return cred.Token, nil
|
||||
ghUser, _, err := s.apiClient.Users.Get(context.TODO(), "")
|
||||
if err != nil {
|
||||
return "", "", errors.New(err)
|
||||
}
|
||||
return ghUser.GetLogin(), cred.Token, nil
|
||||
}
|
||||
|
||||
return "", errors.New("unhandled credential type for token fetch")
|
||||
return "", "", errors.New("unhandled credential type for token fetch")
|
||||
}
|
||||
|
||||
// Init returns an initialized GitHub source.
|
||||
|
|
@ -114,6 +118,7 @@ func (s *Source) Init(aCtx context.Context, name string, jobID, sourceID int64,
|
|||
s.jobPool.SetLimit(concurrency)
|
||||
|
||||
s.httpClient = common.SaneHttpClient()
|
||||
s.apiClient = github.NewClient(s.httpClient)
|
||||
|
||||
var conn sourcespb.GitHub
|
||||
err := anypb.UnmarshalTo(connection, &conn, proto.UnmarshalOptions{})
|
||||
|
|
@ -457,7 +462,7 @@ func (s *Source) cloneRepo(ctx context.Context, repoURL string, installationClie
|
|||
var repo *gogit.Repository
|
||||
var err error
|
||||
|
||||
switch cred := s.conn.GetCredential().(type) {
|
||||
switch s.conn.GetCredential().(type) {
|
||||
case *sourcespb.GitHub_Unauthenticated:
|
||||
path, repo, err = git.CloneRepoUsingUnauthenticated(repoURL)
|
||||
if err != nil {
|
||||
|
|
@ -465,14 +470,10 @@ func (s *Source) cloneRepo(ctx context.Context, repoURL string, installationClie
|
|||
}
|
||||
default:
|
||||
var token string
|
||||
token, err := s.Token(ctx, installationClient)
|
||||
user, token, err := s.UserAndToken(ctx, installationClient)
|
||||
if err != nil {
|
||||
return "", nil, fmt.Errorf("error getting token for repo %s: %w", repoURL, err)
|
||||
}
|
||||
user := ""
|
||||
if _, ok := cred.(*sourcespb.GitHub_GithubApp); ok {
|
||||
user = "x-access-token"
|
||||
}
|
||||
path, repo, err = git.CloneRepoUsingToken(token, repoURL, user)
|
||||
if err != nil {
|
||||
return "", nil, fmt.Errorf("error cloning repo %s: %w", repoURL, err)
|
||||
|
|
|
|||
|
|
@ -6,11 +6,9 @@ package github
|
|||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/google/go-github/v42/github"
|
||||
"github.com/kylelemons/godebug/pretty"
|
||||
"github.com/mattn/go-colorable"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
|
@ -62,13 +60,18 @@ func TestSource_Token(t *testing.T) {
|
|||
log: log.WithField("source", "github"),
|
||||
}
|
||||
|
||||
_, installationClient, err := s.enumerateWithApp(ctx, "https://api.github.com", conn.GetGithubApp())
|
||||
installationClient, err := s.enumerateWithApp(ctx, "https://api.github.com", conn.GetGithubApp())
|
||||
assert.NoError(t, err)
|
||||
|
||||
token, err := s.Token(ctx, installationClient)
|
||||
user, token, err := s.UserAndToken(ctx, installationClient)
|
||||
assert.NotEmpty(t, token)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// user provided
|
||||
_, _, err = git.CloneRepoUsingToken(token, "https://github.com/trufflesecurity/trufflehog-updater.git", user)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// no user provided
|
||||
_, _, err = git.CloneRepoUsingToken(token, "https://github.com/trufflesecurity/trufflehog-updater.git", "")
|
||||
assert.Error(t, err)
|
||||
|
||||
|
|
@ -77,8 +80,6 @@ func TestSource_Token(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestSource_Scan(t *testing.T) {
|
||||
os.Setenv("DO_NOT_RANDOMIZE", "true")
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), time.Second*300)
|
||||
defer cancel()
|
||||
|
||||
|
|
@ -427,9 +428,6 @@ func TestSource_Scan(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestSource_paginateGists(t *testing.T) {
|
||||
|
||||
os.Setenv("DO_NOT_RANDOMIZE", "true")
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
|
||||
defer cancel()
|
||||
|
||||
|
|
@ -559,7 +557,7 @@ func TestSource_paginateGists(t *testing.T) {
|
|||
}
|
||||
chunksCh := make(chan *sources.Chunk, 5)
|
||||
go func() {
|
||||
s.addGistsByUser(ctx, github.NewClient(s.httpClient), tt.user)
|
||||
s.addGistsByUser(ctx, tt.user)
|
||||
chunksCh <- &sources.Chunk{}
|
||||
}()
|
||||
var wantedRepo string
|
||||
|
|
|
|||
Loading…
Reference in a new issue