search

checkmarx-ltd / cx-flow

Checkmarx Scan and Result Orchestration
Apache License 2.0
88 stars 86 forks source link

Branch deletion handling with GitLab #718

Open james-bostock-cx opened 3 years ago

james-bostock-cx commented 3 years ago

Describe the problem

According to this GitLab issue, when a branch is deleted, GitLab sends a specially populated push event. Currently CxFlow does not handle this. I have not tested it but I imagine that it behaves as it does for BitBucket server (see issue #644).

Proposed solution

Implement the same logic as in GitHub to not scan delete push events and to delete SAST projects for the branch.

Additional details

Here is the sample push payload, associated with branch deletion, from the issue linked to above. Properties with values specific to a branch deletion push event are marked with //important.

{
  "object_kind": "push",
  "event_name": "push",
  "before": "25f858bc3cdfcb6c34cf386612be1f8eedc374ba",
  "after": "0000000000000000000000000000000000000000", //important
  "ref": "refs/heads/deleted_branch_name", //deleted branch ref
  "checkout_sha": null, //important
  "message": null,
  "user_id": 7,
  "user_name": "Developer",
  "user_username": "developer",
  "user_email": "developer@example.com",
  "user_avatar": "https://example.com/image.jpeg",
  "project_id": 1,
  "project": {
    "id": 1,
    "name": "My project",
    "description": null,
    "web_url": "https://example.com/default/my_project",
    "avatar_url": null,
    "git_ssh_url": "git@example.com:my_project.git",
    "git_http_url": "https://example.com/default/my_project.git",
    "namespace": "default",
    "visibility_level": 0,
    "path_with_namespace": "default/my_project",
    "default_branch": "develop",
    "ci_config_path": null,
    "homepage": "https://example.com/default/my_project",
    "url": "git@example.com:my_project.git",
    "ssh_url": "git@example.com:my_project.git",
    "http_url": "https://example.com/default/my_project.git"
  },
  "commits": [

  ],
  "total_commits_count": 0,
  "repository": {
    "name": "My Repository",
    "url": "git@example.com:my_project.git",
    "description": null,
    "homepage": "https://example.com/default/my_project",
    "git_ssh_url": "git@example.com:my_project.git",
    "git_http_url": "https://example.com/default/my_project.git",
    "visibility_level": 0
  }
}
james-bostock-cx commented 3 years ago

Looking through all the open issues for CxFlow, I found #509, which is a request for the same thing, I think.