added member filter option

CompassSecurity · Aug 12, 2024 · 6ae2dcd · 6ae2dcd
1 parent 870907f
commit 6ae2dcd
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 9 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   release-platforms:
-    name: release linux/amd64
+    name: release builds
     runs-on: ubuntu-latest
     strategy:
       matrix:

diff --git a/readme.md b/readme.md
@@ -36,6 +36,8 @@ Filter the scanned projects by using the `--search` flag and provide a search qu
 
 Filter the scanned projects by using the `--owned` flag to only process projects owned by you.
 
+Filter the scanned projects by using the `--member` flag to only process projects you are a member of.
+
 Limit the scanned nr of jobs by using the `--job-limit` flag.
 
 ## Customizing Scan Rules

diff --git a/src/pipeleak/cmd/scan.go b/src/pipeleak/cmd/scan.go
@@ -17,6 +17,7 @@ var (
 	projectSearchQuery string
 	artifacts          bool
 	owned              bool
+	member             bool
 	jobLimit           int
 	verbose            bool
 )
@@ -44,11 +45,12 @@ func NewScanCmd() *cobra.Command {
 	scanCmd.Flags().StringVarP(&gitlabCookie, "cookie", "c", "", "GitLab Cookie _gitlab_session (must be extracted from your browser, use remember me)")
 	scanCmd.Flags().StringVarP(&projectSearchQuery, "search", "s", "", "Query string for searching projects")
 
-	scanCmd.PersistentFlags().BoolVarP(&artifacts, "artifacts", "a", false, "Scan Job Artifacts")
-	scanCmd.PersistentFlags().BoolVarP(&owned, "owned", "o", false, "Scan Onwed Projects Only")
+	scanCmd.PersistentFlags().BoolVarP(&artifacts, "artifacts", "a", false, "Scan job artifacts")
+	scanCmd.PersistentFlags().BoolVarP(&owned, "owned", "o", false, "Scan user onwed projects only")
+	scanCmd.PersistentFlags().BoolVarP(&member, "member", "m", false, "Scan projects the user is member of")
 	scanCmd.PersistentFlags().IntVarP(&jobLimit, "job-limit", "j", 0, "Scan a max number of pipeline jobs - trade speed vs coverage. 0 scans all and is the default.")
 
-	scanCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "Verbose Logging")
+	scanCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "Verbose logging")
 
 	return scanCmd
 }
@@ -62,7 +64,7 @@ func Scan(cmd *cobra.Command, args []string) {
 		os.Exit(1)
 	}
 
-	scanner.ScanGitLabPipelines(gitlabUrl, gitlabApiToken, gitlabCookie, artifacts, owned, projectSearchQuery, jobLimit)
+	scanner.ScanGitLabPipelines(gitlabUrl, gitlabApiToken, gitlabCookie, artifacts, owned, projectSearchQuery, jobLimit, member)
 }
 
 func setLogLevel() {

diff --git a/src/pipeleak/scanner/gitlab.go b/src/pipeleak/scanner/gitlab.go
@@ -14,7 +14,7 @@ import (
 	"github.com/xanzy/go-gitlab"
 )
 
-func ScanGitLabPipelines(gitlabUrl string, apiToken string, cookie string, scanArtifacts bool, scanOwnedOnly bool, query string, jobLimit int) {
+func ScanGitLabPipelines(gitlabUrl string, apiToken string, cookie string, scanArtifacts bool, scanOwnedOnly bool, query string, jobLimit int, member bool) {
 	log.Info().Msg("Fetching projects")
 	git, err := gitlab.NewClient(apiToken, gitlab.WithBaseURL(gitlabUrl))
 	if err != nil {
@@ -30,9 +30,10 @@ func ScanGitLabPipelines(gitlabUrl string, apiToken string, cookie string, scanA
 			PerPage: 100,
 			Page:    1,
 		},
-		Owned:   gitlab.Ptr(scanOwnedOnly),
-		Search:  gitlab.Ptr(query),
-		OrderBy: gitlab.Ptr("last_activity_at"),
+		Owned:      gitlab.Ptr(scanOwnedOnly),
+		Membership: gitlab.Ptr(member),
+		Search:     gitlab.Ptr(query),
+		OrderBy:    gitlab.Ptr("last_activity_at"),
 	}
 
 	for {