m-q-t
commented
3 years ago Note: Setting this as a draft while I add the associated task to enable searching across Gitlab repositories.
Closed m-q-t closed 3 years ago
m-q-t
commented
3 years ago Note: Setting this as a draft while I add the associated task to enable searching across Gitlab repositories.
jcran
commented
3 years ago This looks good to merge here.
m-q-t
commented
3 years ago Converting to draft as there's still some additional refactoring and testing to be done.
m-q-t
commented
3 years ago @shpendk PR is ready to go - updated the initial description to add more information regarding changes.
Hi team,
Please find attached in this PR the following tasks which are responsible for supporting
Gitlab:Two new entities have been created:
GitlabAccountGitlabProjectEach entity has their own respective enrichment task:
lib/tasks/enrich/gitlab_account.rblib/tasks/enrich/gitlab_project.rblib/tasks/enrich/gitlab_project.rbfollows a similar pattern to itsGithubRepositorycounterpart in terms of creating metadata regarding the Gitlab Project.lib/tasks/gather_gitlab_projects.rbGitlabAccountentity. This supports both SaaS and self-managed instances. The returned projects will be created asGitlabProjectentities.lib/tasks/gitleaks.rbGitlabProjectentities. Similar to the task above it supports both SaaS and self-managed instances.lib/tasks/helpers/gitlab.rbtask.json, verifying the access token exists, etc.However one interesting method is
parse_gitlab_uri(). It appears to be far more common for organizations to have self-managed instances with Gitlab. As such, a technique was needed to be implemented that would be able to make the appropriate API calls to gather information. Luckily, the routes for the API calls are the same for all instances. Furthermore Gitlab has some quirky naming conventions such as being able to have subgroups within groups thus a project such as the following is valid:https://gitlab.intrigue.io/mgroup/random/one/two/abc/b/intrigue-coreGitlab Groups are analogous to Github Organizations.
The
parse_gitlab_uri()method was written to be able to deal with such quirky instances and it extracts the following information:Running on the URI shown above, it returns:
Furthermore a spec is provided to verify this method behaves as intended ->
spec/integration/gitlab_parse_uri_spec.rblib/tasks/search_searchcode.rbhttps://gitlab.com. Searchcode provides this service for Gitlab and several other repository hosting services (Github, Bitbucket, etc.) At the current moment this task will only search across the Gitlab results however its planned in the future to expand the scope of this task to support the different types of repository hosting services.09/08/2021 Updates
gather_gitlab_projectstask was refactored and enhancements implemented to add additional exception handling such as checking whether rate limiting is in place, etc.spec/integration/gitlab_gather_projects.rbwas added as a spec. This spec is not aimed to behave as a traditional spec but rather as a smoke test. Furthermore it has the added value in providing additional context for the different use cases covered which helps both the reviewer and myself. Will probably not be a good idea to run this spec in the pipeline due to various reasons such as maybe the amount of repositories a user has is subject to change (all the accounts belong to me) or the chance of someone registering an invalid account. I suggest the spec be removed once the PR is confirmed to be working.Thank you.
Best regards, Maxim