diff --git a/CHANGELOG.md b/CHANGELOG.md index 482eca5..b06639d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ All notable changes to this project will be documented in this file. +## [1.36.0] +- Fixed GitHub organization and GitLab group scans when using `--git-history=none` + ## [1.35.0] - Remote scans with `--git-history=none` now clone repositories with a working tree and scan the current files instead of erroring with "No inputs to scan". - Fixed issue where `--redact` did not function properly diff --git a/data/rules/onepassword.yml b/data/rules/onepassword.yml index e521e01..b7cc0bc 100644 --- a/data/rules/onepassword.yml +++ b/data/rules/onepassword.yml @@ -44,7 +44,6 @@ rules: \b min_entropy: 3.8 confidence: medium - prevalidated: true examples: - A3-R69SQK-TZ9KPW-8MXYD-6W373-V7GHJ-EDJQW - A3-ASWWYB-798JRY-LJVD4-23DC2-86TVM-H43EB diff --git a/src/cli/commands/github.rs b/src/cli/commands/github.rs index 766df83..cea9a44 100644 --- a/src/cli/commands/github.rs +++ b/src/cli/commands/github.rs @@ -60,7 +60,7 @@ pub struct GitHubRepoSpecifiers { pub all_organizations: bool, /// Filter by repository type - #[arg(long, default_value_t = GitHubRepoType::Source, alias = "github-repo-type")] + #[arg(long, default_value_t = GitHubRepoType::All, alias = "github-repo-type")] pub repo_type: GitHubRepoType, } diff --git a/src/cli/commands/inputs.rs b/src/cli/commands/inputs.rs index 13bc78b..4cf4f26 100644 --- a/src/cli/commands/inputs.rs +++ b/src/cli/commands/inputs.rs @@ -60,7 +60,7 @@ pub struct InputSpecifierArgs { )] pub github_api_url: Url, - #[arg(long, default_value_t = GitHubRepoType::Source)] + #[arg(long, default_value_t = GitHubRepoType::All)] pub github_repo_type: GitHubRepoType, // GitLab Options @@ -85,7 +85,7 @@ pub struct InputSpecifierArgs { )] pub gitlab_api_url: Url, - #[arg(long, default_value_t = GitLabRepoType::Owner)] + #[arg(long, default_value_t = GitLabRepoType::All)] pub gitlab_repo_type: GitLabRepoType, /// Jira base URL (e.g. https://jira.example.com) diff --git a/src/gitlab.rs b/src/gitlab.rs index c7b0549..d94f46c 100644 --- a/src/gitlab.rs +++ b/src/gitlab.rs @@ -88,9 +88,25 @@ pub async fn enumerate_repo_urls( hits.into_iter().next().context(format!("GitLab user `{}` not found", username))?; let user_id = user.id; - // b) List that user’s projects by ID - let projects_ep = UserProjects::builder().user(user_id).build()?; + // b) List that user's projects applying the requested filter + let mut builder = UserProjects::builder(); + builder.user(user_id); + + match repo_specifiers.repo_filter { + RepoType::Owner => { + builder.owned(true); + } + RepoType::Member => { + builder.membership(true); + } + RepoType::All => { + // nothing + } + } + + let projects_ep = builder.build()?; // now no borrows of a temporary let projects: Vec = projects_ep.query(&client)?; + for proj in projects { repo_urls.push(proj.http_url_to_repo); } @@ -102,19 +118,29 @@ pub async fn enumerate_repo_urls( // all groups let groups: Vec = if repo_specifiers.all_groups { - gitlab::api::groups::Groups::builder().build()?.query(&client.clone())? + gitlab::api::groups::Groups::builder() + .all_available(true) + .build()? + .query(&client.clone())? } else { let mut found: Vec = Vec::new(); for grp in &repo_specifiers.group { - let ep = gitlab::api::groups::Groups::builder().search(grp).build()?; - let page: Vec = ep.query(&client.clone())?; - found.extend(page); + let ep = gitlab::api::groups::Group::builder().group(grp).build()?; + let group: SimpleGroup = ep.query(&client.clone())?; + found.push(group); } found }; for group in groups { - let gp_ep = GroupProjects::builder().group(group.id).build()?; + let mut gp_builder = GroupProjects::builder(); + gp_builder.group(group.id); + + if matches!(repo_specifiers.repo_filter, RepoType::Owner) { + gp_builder.owned(true); + } + + let gp_ep = gp_builder.build()?; let projects: Vec = gp_ep.query(&client)?; for proj in projects { repo_urls.push(proj.http_url_to_repo); diff --git a/src/main.rs b/src/main.rs index 73c77a5..9c9c1bd 100644 --- a/src/main.rs +++ b/src/main.rs @@ -275,13 +275,13 @@ fn create_default_scan_args() -> cli::commands::scan::ScanArgs { github_organization: Vec::new(), all_github_organizations: false, github_api_url: url::Url::parse("https://api.github.com/").unwrap(), - github_repo_type: GitHubRepoType::Source, + github_repo_type: GitHubRepoType::All, // new GitLab defaults gitlab_user: Vec::new(), gitlab_group: Vec::new(), all_gitlab_groups: false, gitlab_api_url: Url::parse("https://gitlab.com/").unwrap(), - gitlab_repo_type: GitLabRepoType::Owner, + gitlab_repo_type: GitLabRepoType::All, jira_url: None, jql: None, diff --git a/src/reporter/json_format.rs b/src/reporter/json_format.rs index 154bb58..0e5a845 100644 --- a/src/reporter/json_format.rs +++ b/src/reporter/json_format.rs @@ -76,14 +76,14 @@ mod tests { github_organization: Vec::new(), all_github_organizations: false, github_api_url: Url::parse("https://api.github.com/").unwrap(), - github_repo_type: GitHubRepoType::Source, + github_repo_type: GitHubRepoType::All, // GitLab gitlab_user: Vec::new(), gitlab_group: Vec::new(), all_gitlab_groups: false, gitlab_api_url: Url::parse("https://gitlab.com/").unwrap(), - gitlab_repo_type: GitLabRepoType::Owner, + gitlab_repo_type: GitLabRepoType::All, // Jira options jira_url: None, jql: None,