Fixed GitHub organization and GitLab group scans when using '--git-history=none'

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.36.0]
+- Fixed GitHub organization and GitLab group scans when using `--git-history=none`
+
 ## [1.35.0]
 - Remote scans with `--git-history=none` now clone repositories with a working tree and scan the current files instead of erroring with "No inputs to scan".
 - Fixed issue where `--redact` did not function properly

data/rules/onepassword.yml

@@ -44,7 +44,6 @@ rules:
       \b
     min_entropy: 3.8
     confidence: medium
-    prevalidated: true
     examples:
       - A3-R69SQK-TZ9KPW-8MXYD-6W373-V7GHJ-EDJQW
       - A3-ASWWYB-798JRY-LJVD4-23DC2-86TVM-H43EB

src/cli/commands/github.rs

@@ -60,7 +60,7 @@ pub struct GitHubRepoSpecifiers {
     pub all_organizations: bool,
 
     /// Filter by repository type
-    #[arg(long, default_value_t = GitHubRepoType::Source, alias = "github-repo-type")]
+    #[arg(long, default_value_t = GitHubRepoType::All, alias = "github-repo-type")]
     pub repo_type: GitHubRepoType,
 }
 

src/cli/commands/inputs.rs

@@ -60,7 +60,7 @@ pub struct InputSpecifierArgs {
     )]
     pub github_api_url: Url,
 
-    #[arg(long, default_value_t = GitHubRepoType::Source)]
+    #[arg(long, default_value_t = GitHubRepoType::All)]
     pub github_repo_type: GitHubRepoType,
 
     // GitLab Options
@@ -85,7 +85,7 @@ pub struct InputSpecifierArgs {
     )]
     pub gitlab_api_url: Url,
 
-    #[arg(long, default_value_t = GitLabRepoType::Owner)]
+    #[arg(long, default_value_t = GitLabRepoType::All)]
     pub gitlab_repo_type: GitLabRepoType,
 
     /// Jira base URL (e.g. https://jira.example.com)

src/gitlab.rs

@@ -88,9 +88,25 @@ pub async fn enumerate_repo_urls(
             hits.into_iter().next().context(format!("GitLab user `{}` not found", username))?;
         let user_id = user.id;
 
-        // b) List that user’s projects by ID
-        let projects_ep = UserProjects::builder().user(user_id).build()?;
+        // b) List that user's projects applying the requested filter
+        let mut builder = UserProjects::builder();
+        builder.user(user_id);
+
+        match repo_specifiers.repo_filter {
+            RepoType::Owner => {
+                builder.owned(true);
+            }
+            RepoType::Member => {
+                builder.membership(true);
+            }
+            RepoType::All => {
+                // nothing
+            }
+        }
+
+        let projects_ep = builder.build()?;  // now no borrows of a temporary
         let projects: Vec<SimpleProject> = projects_ep.query(&client)?;
+
         for proj in projects {
             repo_urls.push(proj.http_url_to_repo);
         }
@@ -102,19 +118,29 @@ pub async fn enumerate_repo_urls(
 
     // all groups
     let groups: Vec<SimpleGroup> = if repo_specifiers.all_groups {
-        gitlab::api::groups::Groups::builder().build()?.query(&client.clone())?
+        gitlab::api::groups::Groups::builder()
+            .all_available(true)
+            .build()?
+            .query(&client.clone())?
     } else {
         let mut found: Vec<SimpleGroup> = Vec::new();
         for grp in &repo_specifiers.group {
-            let ep = gitlab::api::groups::Groups::builder().search(grp).build()?;
-            let page: Vec<SimpleGroup> = ep.query(&client.clone())?;
-            found.extend(page);
+            let ep = gitlab::api::groups::Group::builder().group(grp).build()?;
+            let group: SimpleGroup = ep.query(&client.clone())?;
+            found.push(group);
         }
         found
     };
 
     for group in groups {
-        let gp_ep = GroupProjects::builder().group(group.id).build()?;
+        let mut gp_builder = GroupProjects::builder();
+        gp_builder.group(group.id);
+
+        if matches!(repo_specifiers.repo_filter, RepoType::Owner) {
+            gp_builder.owned(true);
+        }
+
+        let gp_ep = gp_builder.build()?;
         let projects: Vec<SimpleProject> = gp_ep.query(&client)?;
         for proj in projects {
             repo_urls.push(proj.http_url_to_repo);

src/main.rs

@@ -275,13 +275,13 @@ fn create_default_scan_args() -> cli::commands::scan::ScanArgs {
             github_organization: Vec::new(),
             all_github_organizations: false,
             github_api_url: url::Url::parse("https://api.github.com/").unwrap(),
-            github_repo_type: GitHubRepoType::Source,
+            github_repo_type: GitHubRepoType::All,
             // new GitLab defaults
             gitlab_user: Vec::new(),
             gitlab_group: Vec::new(),
             all_gitlab_groups: false,
             gitlab_api_url: Url::parse("https://gitlab.com/").unwrap(),
-            gitlab_repo_type: GitLabRepoType::Owner,
+            gitlab_repo_type: GitLabRepoType::All,
 
             jira_url: None,
             jql: None,

src/reporter/json_format.rs

@@ -76,14 +76,14 @@ mod tests {
                 github_organization: Vec::new(),
                 all_github_organizations: false,
                 github_api_url: Url::parse("https://api.github.com/").unwrap(),
-                github_repo_type: GitHubRepoType::Source,
+                github_repo_type: GitHubRepoType::All,
 
                 // GitLab
                 gitlab_user: Vec::new(),
                 gitlab_group: Vec::new(),
                 all_gitlab_groups: false,
                 gitlab_api_url: Url::parse("https://gitlab.com/").unwrap(),
-                gitlab_repo_type: GitLabRepoType::Owner,
+                gitlab_repo_type: GitLabRepoType::All,
                 // Jira options
                 jira_url: None,
                 jql: None,