reverted the cli to old one.

code refactoring
trufflesecurity · Jan 8, 2025 · 4eb606a · 4eb606a
1 parent 33c59be
commit 4eb606a
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 32 deletions.
diff --git a/pkg/analyzer/analyzers/gitlab/gitlab.go b/pkg/analyzer/analyzers/gitlab/gitlab.go
@@ -21,6 +21,10 @@ import (
 
 var _ analyzers.Analyzer = (*Analyzer)(nil)
 
+const (
+	DefaultGitLabHost = "https://gitlab.com"
+)
+
 type Analyzer struct {
 	Cfg *config.Config
 }
@@ -34,7 +38,7 @@ func (a Analyzer) Analyze(_ context.Context, credInfo map[string]string) (*analy
 	}
 	host, ok := credInfo["host"]
 	if !ok {
-		host = "https://gitlab.com"
+		host = DefaultGitLabHost
 	}
 
 	info, err := AnalyzePermissions(a.Cfg, key, host)
@@ -274,8 +278,8 @@ func AnalyzePermissions(cfg *config.Config, key string, host string) (*SecretInf
 	}, nil
 }
 
-func AnalyzeAndPrintPermissions(cfg *config.Config, key, host string) {
-	info, err := AnalyzePermissions(cfg, key, host)
+func AnalyzeAndPrintPermissions(cfg *config.Config, key string) {
+	info, err := AnalyzePermissions(cfg, key, DefaultGitLabHost)
 	if err != nil {
 		color.Red("[x] Error: %s", err)
 		return

diff --git a/pkg/analyzer/cli.go b/pkg/analyzer/cli.go
@@ -83,7 +83,7 @@ func Run(cmd string) {
 	case "stripe":
 		stripe.AnalyzeAndPrintPermissions(secretInfo.Cfg, secretInfo.Parts["key"])
 	case "gitlab":
-		gitlab.AnalyzeAndPrintPermissions(secretInfo.Cfg, secretInfo.Parts["key"], "https://gitlab.com")
+		gitlab.AnalyzeAndPrintPermissions(secretInfo.Cfg, secretInfo.Parts["key"])
 	case "mailchimp":
 		mailchimp.AnalyzeAndPrintPermissions(secretInfo.Cfg, secretInfo.Parts["key"])
 	case "postman":

diff --git a/pkg/detectors/gitlab/v1/gitlab.go b/pkg/detectors/gitlab/v1/gitlab.go
@@ -70,17 +70,14 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		}
 
 		if verify {
-			isVerified, extraData, host, verificationErr := s.verifyGitlab(ctx, resMatch)
+			isVerified, extraData, analysisInfo, verificationErr := s.verifyGitlab(ctx, resMatch)
 			s1.Verified = isVerified
 			for key, value := range extraData {
 				s1.ExtraData[key] = value
 			}
 
 			s1.SetVerificationError(verificationErr, resMatch)
-			s1.AnalysisInfo = map[string]string{
-				"key":  resMatch,
-				"host": host,
-			}
+			s1.AnalysisInfo = analysisInfo
 		}
 
 		results = append(results, s1)
@@ -89,7 +86,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 	return results, nil
 }
 
-func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[string]string, string, error) {
+func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[string]string, map[string]string, error) {
 	// there are 4 read 'scopes' for a gitlab token: api, read_user, read_repo, and read_registry
 	// they all grant access to different parts of the API. I couldn't find an endpoint that every
 	// one of these scopes has access to, so we just check an example endpoint for each scope. If any
@@ -109,43 +106,48 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[s
 		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
 		res, err := client.Do(req)
 		if err != nil {
-			return false, nil, baseURL, err
+			return false, nil, nil, err
 		}
 
 		defer res.Body.Close()
 
 		bodyBytes, err := io.ReadAll(res.Body)
 		if err != nil {
-			return false, nil, baseURL, err
+			return false, nil, nil, err
+		}
+
+		analysisInfo := map[string]string{
+			"key":  resMatch,
+			"host": baseURL,
 		}
 
 		// 200 means good key and has `read_user` scope
 		// 403 means good key but not the right scope
 		// 401 is bad key
 		switch res.StatusCode {
 		case http.StatusOK:
-			return json.Valid(bodyBytes), nil, baseURL, nil
+			return json.Valid(bodyBytes), nil, analysisInfo, nil
 		case http.StatusForbidden:
 			// check if the user account is blocked or not
 			stringBody := string(bodyBytes)
 			if strings.Contains(stringBody, BlockedUserMessage) {
 				return true, map[string]string{
 					"blocked": "True",
-				}, baseURL, nil
+				}, analysisInfo, nil
 			}
 
 			// Good key but not the right scope
-			return true, nil, baseURL, nil
+			return true, nil, analysisInfo, nil
 		case http.StatusUnauthorized:
 			// Nothing to do; zero values are the ones we want
-			return false, nil, baseURL, nil
+			return false, nil, nil, nil
 		default:
-			return false, nil, baseURL, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
+			return false, nil, nil, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
 		}
 
 	}
 
-	return false, nil, "", nil
+	return false, nil, nil, nil
 }
 
 func (s Scanner) Type() detectorspb.DetectorType {

diff --git a/pkg/detectors/gitlab/v2/gitlab_v2.go b/pkg/detectors/gitlab/v2/gitlab_v2.go
@@ -59,17 +59,14 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		}
 
 		if verify {
-			isVerified, extraData, host, verificationErr := s.verifyGitlab(ctx, resMatch)
+			isVerified, extraData, analysisInfo, verificationErr := s.verifyGitlab(ctx, resMatch)
 			s1.Verified = isVerified
 			for key, value := range extraData {
 				s1.ExtraData[key] = value
 			}
 
 			s1.SetVerificationError(verificationErr, resMatch)
-			s1.AnalysisInfo = map[string]string{
-				"key":  resMatch,
-				"host": host,
-			}
+			s1.AnalysisInfo = analysisInfo
 		}
 
 		results = append(results, s1)
@@ -78,7 +75,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 	return results, nil
 }
 
-func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[string]string, string, error) {
+func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[string]string, map[string]string, error) {
 	// there are 4 read 'scopes' for a gitlab token: api, read_user, read_repo, and read_registry
 	// they all grant access to different parts of the API. I couldn't find an endpoint that every
 	// one of these scopes has access to, so we just check an example endpoint for each scope. If any
@@ -97,41 +94,46 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[s
 		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
 		res, err := client.Do(req)
 		if err != nil {
-			return false, nil, baseURL, err
+			return false, nil, nil, err
 		}
 		defer res.Body.Close()
 
 		bodyBytes, err := io.ReadAll(res.Body)
 		if err != nil {
-			return false, nil, baseURL, err
+			return false, nil, nil, err
+		}
+
+		analysisInfo := map[string]string{
+			"key":  resMatch,
+			"host": baseURL,
 		}
 
 		// 200 means good key and has `read_user` scope
 		// 403 means good key but not the right scope
 		// 401 is bad key
 		switch res.StatusCode {
 		case http.StatusOK:
-			return true, nil, baseURL, nil
+			return true, nil, analysisInfo, nil
 		case http.StatusForbidden:
 			// check if the user account is blocked or not
 			stringBody := string(bodyBytes)
 			if strings.Contains(stringBody, v1.BlockedUserMessage) {
 				return true, map[string]string{
 					"blocked": "True",
-				}, baseURL, nil
+				}, analysisInfo, nil
 			}
 
 			// Good key but not the right scope
-			return true, nil, baseURL, nil
+			return true, nil, analysisInfo, nil
 		case http.StatusUnauthorized:
 			// Nothing to do; zero values are the ones we want
-			return false, nil, baseURL, nil
+			return false, nil, nil, nil
 		default:
-			return false, nil, baseURL, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
+			return false, nil, nil, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
 		}
 
 	}
-	return false, nil, "", nil
+	return false, nil, nil, nil
 }
 
 func (s Scanner) Type() detectorspb.DetectorType {