Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
9695fcf519
commit
43feb20dca
|
@ -1 +1 @@
|
|||
ba02c22370d12ccf8ec464497603394effbaf8b0
|
||||
038b442dc21c71a69ad170a61ce79a12a74fb725
|
||||
|
|
|
@ -1,176 +1,135 @@
|
|||
{
|
||||
"$schema": "http://json-schema.org/draft-07/schema#",
|
||||
"global": [
|
||||
"$schema": "http://json-schema.org/draft-07/schema#",
|
||||
"global": [
|
||||
{
|
||||
"field": "SECURE_ANALYZERS_PREFIX",
|
||||
"label": "Image prefix",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "LARGE",
|
||||
"description": "Analyzer image's registry prefix (or name of the registry providing the analyzers' image)"
|
||||
},
|
||||
{
|
||||
"field": "SAST_EXCLUDED_PATHS",
|
||||
"label": "Excluded Paths",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "MEDIUM",
|
||||
"description": "Comma-separated list of paths to be excluded from analyzer output. Patterns can be globs, file paths, or folder paths."
|
||||
}
|
||||
],
|
||||
"pipeline": [
|
||||
{
|
||||
"field": "stage",
|
||||
"label": "Stage",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "MEDIUM",
|
||||
"description": "Pipeline stage in which the scan jobs run"
|
||||
},
|
||||
{
|
||||
"field": "SEARCH_MAX_DEPTH",
|
||||
"label": "Search maximum depth",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "SMALL",
|
||||
"description": "Maximum depth of language and framework detection"
|
||||
}
|
||||
],
|
||||
"analyzers": [
|
||||
{
|
||||
"name": "brakeman",
|
||||
"label": "Brakeman",
|
||||
"enabled": true,
|
||||
"description": "Ruby on Rails",
|
||||
"variables": [
|
||||
{
|
||||
"field": "SECURE_ANALYZERS_PREFIX",
|
||||
"label": "Image prefix",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "LARGE",
|
||||
"description": "Analyzer image's registry prefix (or name of the registry providing the analyzers' image)"
|
||||
},
|
||||
{
|
||||
"field" : "SAST_EXCLUDED_PATHS",
|
||||
"label" : "Excluded Paths",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "MEDIUM",
|
||||
"description": "Comma-separated list of paths to be excluded from analyzer output. Patterns can be globs, file paths, or folder paths."
|
||||
"field": "SAST_BRAKEMAN_LEVEL",
|
||||
"label": "Brakeman confidence level",
|
||||
"type": "string",
|
||||
"default_value": "1",
|
||||
"value": "",
|
||||
"size": "SMALL",
|
||||
"description": "Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low, 2=Medium, 3=High."
|
||||
}
|
||||
],
|
||||
"pipeline": [
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "flawfinder",
|
||||
"label": "Flawfinder",
|
||||
"enabled": true,
|
||||
"description": "C, C++",
|
||||
"variables": [
|
||||
{
|
||||
"field" : "stage",
|
||||
"label" : "Stage",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "MEDIUM",
|
||||
"description": "Pipeline stage in which the scan jobs run"
|
||||
},
|
||||
{
|
||||
"field" : "SEARCH_MAX_DEPTH",
|
||||
"label" : "Search maximum depth",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "SMALL",
|
||||
"description": "Maximum depth of language and framework detection"
|
||||
"field": "SAST_FLAWFINDER_LEVEL",
|
||||
"label": "Flawfinder risk level",
|
||||
"type": "string",
|
||||
"default_value": "1",
|
||||
"value": "",
|
||||
"size": "SMALL",
|
||||
"description": "Ignore Flawfinder vulnerabilities under given risk level. Integer, 0=No risk, 5=High risk."
|
||||
}
|
||||
],
|
||||
"analyzers": [
|
||||
{
|
||||
"name": "bandit",
|
||||
"label": "Bandit",
|
||||
"enabled" : true,
|
||||
"description": "Python",
|
||||
"variables": [
|
||||
{
|
||||
"field" : "SAST_BANDIT_EXCLUDED_PATHS",
|
||||
"label" : "Paths to exclude from scan",
|
||||
"type": "string",
|
||||
"default_value": "",
|
||||
"value": "",
|
||||
"size": "SMALL",
|
||||
"description": "Comma-separated list of paths to exclude from scan. Uses Python’s 'fnmatch' syntax; For example: '*/tests/*, */venv/*'"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "brakeman",
|
||||
"label": "Brakeman",
|
||||
"enabled" : true,
|
||||
"description": "Ruby on Rails",
|
||||
"variables": [
|
||||
{
|
||||
"field" : "SAST_BRAKEMAN_LEVEL",
|
||||
"label" : "Brakeman confidence level",
|
||||
"type": "string",
|
||||
"default_value": "1",
|
||||
"value": "",
|
||||
"size": "SMALL",
|
||||
"description": "Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low, 2=Medium, 3=High."
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "eslint",
|
||||
"label": "ESLint",
|
||||
"enabled" : true,
|
||||
"description": "JavaScript, TypeScript, React",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "flawfinder",
|
||||
"label": "Flawfinder",
|
||||
"enabled" : true,
|
||||
"description": "C, C++",
|
||||
"variables": [
|
||||
{
|
||||
"field" : "SAST_FLAWFINDER_LEVEL",
|
||||
"label" : "Flawfinder risk level",
|
||||
"type": "string",
|
||||
"default_value": "1",
|
||||
"value": "",
|
||||
"size": "SMALL",
|
||||
"description": "Ignore Flawfinder vulnerabilities under given risk level. Integer, 0=No risk, 5=High risk."
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "gosec",
|
||||
"label": "Gosec",
|
||||
"enabled" : true,
|
||||
"description": "Go",
|
||||
"variables": [
|
||||
{
|
||||
"field" : "SAST_GOSEC_LEVEL",
|
||||
"label" : "Gosec confidence level",
|
||||
"type": "string",
|
||||
"default_value": "0",
|
||||
"value": "",
|
||||
"size": "SMALL",
|
||||
"description": "Ignore Gosec vulnerabilities under given confidence level. Integer, 0=Undefined, 1=Low, 2=Medium, 3=High."
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "kubesec",
|
||||
"label": "Kubesec",
|
||||
"enabled" : true,
|
||||
"description": "Kubernetes manifests, Helm Charts",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "nodejs-scan",
|
||||
"label": "Node.js Scan",
|
||||
"enabled" : true,
|
||||
"description": "Node.js",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "phpcs-security-audit",
|
||||
"label": "PHP Security Audit",
|
||||
"enabled" : true,
|
||||
"description": "PHP",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "pmd-apex",
|
||||
"label": "PMD APEX",
|
||||
"enabled" : true,
|
||||
"description": "Apex (Salesforce)",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "security-code-scan",
|
||||
"label": "Security Code Scan",
|
||||
"enabled" : true,
|
||||
"description": ".NET Core, .NET Framework",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "semgrep",
|
||||
"label": "Semgrep",
|
||||
"enabled": true,
|
||||
"description": "Multi-language scanning",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "sobelow",
|
||||
"label": "Sobelow",
|
||||
"enabled" : true,
|
||||
"description": "Elixir (Phoenix)",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "spotbugs",
|
||||
"label": "Spotbugs",
|
||||
"enabled" : true,
|
||||
"description": "Groovy, Java, Scala",
|
||||
"variables": []
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "kubesec",
|
||||
"label": "Kubesec",
|
||||
"enabled": true,
|
||||
"description": "Kubernetes manifests, Helm Charts",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "nodejs-scan",
|
||||
"label": "Node.js Scan",
|
||||
"enabled": true,
|
||||
"description": "Node.js",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "phpcs-security-audit",
|
||||
"label": "PHP Security Audit",
|
||||
"enabled": true,
|
||||
"description": "PHP",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "pmd-apex",
|
||||
"label": "PMD APEX",
|
||||
"enabled": true,
|
||||
"description": "Apex (Salesforce)",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "security-code-scan",
|
||||
"label": "Security Code Scan",
|
||||
"enabled": true,
|
||||
"description": ".NET Core, .NET Framework",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "semgrep",
|
||||
"label": "Semgrep",
|
||||
"enabled": true,
|
||||
"description": "Multi-language scanning",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "sobelow",
|
||||
"label": "Sobelow",
|
||||
"enabled": true,
|
||||
"description": "Elixir (Phoenix)",
|
||||
"variables": []
|
||||
},
|
||||
{
|
||||
"name": "spotbugs",
|
||||
"label": "Spotbugs",
|
||||
"enabled": true,
|
||||
"description": "Groovy, Java, Scala",
|
||||
"variables": []
|
||||
}
|
||||
]
|
||||
}
|
|
@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356464
|
|||
milestone: '14.9'
|
||||
type: ops
|
||||
group: group::threat insights
|
||||
default_enabled: false
|
||||
default_enabled: true
|
||||
|
|
|
@ -30,9 +30,11 @@ Parameters:
|
|||
|
||||
```graphql
|
||||
mutation CreateCustomEmoji($groupPath: ID!) {
|
||||
createCustomEmoji(input: {groupPath: $groupPath, name: "party-parrot", file: "https://cultofthepartyparrot.com/parrots/hd/parrot.gif", external: true}) {
|
||||
createCustomEmoji(input: {groupPath: $groupPath, name: "party-parrot", url: "https://cultofthepartyparrot.com/parrots/hd/parrot.gif"}) {
|
||||
clientMutationId
|
||||
name
|
||||
customEmoji {
|
||||
name
|
||||
}
|
||||
errors
|
||||
}
|
||||
}
|
||||
|
|
|
@ -198,11 +198,11 @@ The response is `404 Not Found` if the vulnerability export is not finished yet
|
|||
Example response:
|
||||
|
||||
```csv
|
||||
Group Name,Project Name,Tool,Scanner Name,Status,Vulnerability,Details,Additional Info,Severity,CVE,CWE,Other Identifiers,Detected At,Location,Activity,
|
||||
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-14697 in musl-utils-1.1.20-r4,"musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",CVE-2019-14697 in musl-utils-1.1.20-r4,critical,CVE-2019-14697,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl-utils""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,
|
||||
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-19242 in sqlite-libs-3.26.0-r3,"SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",CVE-2019-19242 in sqlite-libs-3.26.0-r3,medium,CVE-2019-19242,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""sqlite-libs""}, ""version""=>""3.26.0-r3""}, ""operating_system""=>""alpine 3.9.2""}",true,
|
||||
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2020-28928 in musl-1.1.20-r4,"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",CVE-2020-28928 in musl-1.1.20-r4,medium,CVE-2020-28928,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,
|
||||
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack's Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim's terminal.,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,unknown,Gemfile.lock:rack:gemnasium:60b5a27f-4e4d-4ab4-8ae7-74b4b212e177,,Gemnasium-60b5a27f-4e4d-4ab4-8ae7-74b4b212e177; GHSA-wq4h-7r42-5hrr,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,
|
||||
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Denial of Service Vulnerability in Rack Multipart Parsing in rack,"Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability. Impacted code will use Rack's multipart parser to parse multipart posts.",Denial of Service Vulnerability in Rack Multipart Parsing in rack,unknown,Gemfile.lock:rack:gemnasium:20daa17a-47b5-4f79-80c2-cd8f2db9805c,,Gemnasium-20daa17a-47b5-4f79-80c2-cd8f2db9805c; GHSA-hxqx-xwvh-44m2,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,
|
||||
Gitlab.org,Defend,sast,Brakeman,detected,Possible SQL injection,,Possible SQL injection,medium,e52f23a259cd489168b4313317ac94a3f13bffde57b9635171c1a44a9f329e9a,,"""Brakeman Warning Code 0""",2022-10-13 15:16:36 UTC,"{""file""=>""main.rb"", ""class""=>""User"", ""method""=>""index"", ""start_line""=>3}",false
|
||||
Group Name,Project Name,Tool,Scanner Name,Status,Vulnerability,Details,Additional Info,Severity,CVE,CWE,Other Identifiers,Detected At,Location,Activity,Comments,
|
||||
Gitlab.org,Defend,container_scanning,Trivy,resolved,CVE-2019-14697 in musl-utils-1.1.20-r4,"musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",CVE-2019-14697 in musl-utils-1.1.20-r4,critical,CVE-2019-14697,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl-utils""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,"2022-10-07 13:41:08 UTC|root|resolved|changed vulnerability status to resolved",
|
||||
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-19242 in sqlite-libs-3.26.0-r3,"SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",CVE-2019-19242 in sqlite-libs-3.26.0-r3,medium,CVE-2019-19242,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""sqlite-libs""}, ""version""=>""3.26.0-r3""}, ""operating_system""=>""alpine 3.9.2""}",true,"",
|
||||
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2020-28928 in musl-1.1.20-r4,"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",CVE-2020-28928 in musl-1.1.20-r4,medium,CVE-2020-28928,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,"",
|
||||
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack's Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim's terminal.,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,unknown,Gemfile.lock:rack:gemnasium:60b5a27f-4e4d-4ab4-8ae7-74b4b212e177,,Gemnasium-60b5a27f-4e4d-4ab4-8ae7-74b4b212e177; GHSA-wq4h-7r42-5hrr,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,"",
|
||||
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Denial of Service Vulnerability in Rack Multipart Parsing in rack,"Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability. Impacted code will use Rack's multipart parser to parse multipart posts.",Denial of Service Vulnerability in Rack Multipart Parsing in rack,unknown,Gemfile.lock:rack:gemnasium:20daa17a-47b5-4f79-80c2-cd8f2db9805c,,Gemnasium-20daa17a-47b5-4f79-80c2-cd8f2db9805c; GHSA-hxqx-xwvh-44m2,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,"",
|
||||
Gitlab.org,Defend,sast,Brakeman,detected,Possible SQL injection,,Possible SQL injection,medium,e52f23a259cd489168b4313317ac94a3f13bffde57b9635171c1a44a9f329e9a,,"""Brakeman Warning Code 0""",2022-10-13 15:16:36 UTC,"{""file""=>""main.rb"", ""class""=>""User"", ""method""=>""index"", ""start_line""=>3}",false,""
|
||||
```
|
||||
|
|
|
@ -304,12 +304,24 @@ spotbugs-sast:
|
|||
|
||||
#### Pinning to minor image version
|
||||
|
||||
While our templates use `MAJOR` version pinning to always ensure the latest analyzer
|
||||
versions are pulled, there are certain cases where it can be beneficial to pin
|
||||
an analyzer to a specific release. To do so, override the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
|
||||
in the job template directly.
|
||||
The GitLab-managed CI/CD template specifies a major version and automatically pulls the latest analyzer release within that major version.
|
||||
|
||||
In the example below, we pin to a minor version of the `semgrep` analyzer and a specific patch version of the `brakeman` analyzer:
|
||||
In some cases, you may need to use a specific version.
|
||||
For example, you might need to avoid a regression in a later release.
|
||||
|
||||
To override the automatic update behavior, set the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
|
||||
in your CI/CD configuration file after you include the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml).
|
||||
|
||||
Only set this variable within a specific job.
|
||||
If you set it [at the top level](../../../ci/variables/index.md#create-a-custom-cicd-variable-in-the-gitlab-ciyml-file), the version you set will be used for other SAST analyzers.
|
||||
|
||||
You can set the tag to:
|
||||
|
||||
- A major version, like `3`. Your pipelines will use any minor or patch updates that are released within this major version.
|
||||
- A minor version, like `3.7`. Your pipelines will use any patch updates that are released within this minor version.
|
||||
- A patch version, like `3.7.0`. Your pipelines won't receive any updates.
|
||||
|
||||
This example uses a specific minor version of the `semgrep` analyzer and a specific patch version of the `brakeman` analyzer:
|
||||
|
||||
```yaml
|
||||
include:
|
||||
|
@ -317,11 +329,11 @@ include:
|
|||
|
||||
semgrep-sast:
|
||||
variables:
|
||||
SAST_ANALYZER_IMAGE_TAG: "2.16"
|
||||
SAST_ANALYZER_IMAGE_TAG: "3.7"
|
||||
|
||||
brakeman-sast:
|
||||
variables:
|
||||
SAST_ANALYZER_IMAGE_TAG: "2.21.1"
|
||||
SAST_ANALYZER_IMAGE_TAG: "3.1.1"
|
||||
```
|
||||
|
||||
### False Positive Detection **(ULTIMATE)**
|
||||
|
|
|
@ -124,6 +124,33 @@ widget.
|
|||
|
||||
If the scanner detects a secret you should rotate it immediately. [Purging a file from the repository's history](../../project/repository/reducing_the_repo_size_using_git.md#purge-files-from-repository-history) may not be effective in removing all references to the file. Also, the secret remains in any forks of the repository.
|
||||
|
||||
## Pinning to specific analyzer version
|
||||
|
||||
The GitLab-managed CI/CD template specifies a major version and automatically pulls the latest analyzer release within that major version.
|
||||
|
||||
In some cases, you may need to use a specific version.
|
||||
For example, you might need to avoid a regression in a later release.
|
||||
|
||||
To override the automatic update behavior, set the `SECRETS_ANALYZER_VERSION` CI/CD variable
|
||||
in your CI/CD configuration file after you include the [`Secret-Detection.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml).
|
||||
|
||||
You can set the tag to:
|
||||
|
||||
- A major version, like `4`. Your pipelines will use any minor or patch updates that are released within this major version.
|
||||
- A minor version, like `4.5`. Your pipelines will use any patch updates that are released within this minor version.
|
||||
- A patch version, like `4.5.0`. Your pipelines won't receive any updates.
|
||||
|
||||
This example uses a specific minor version of the analyzer:
|
||||
|
||||
```yaml
|
||||
include:
|
||||
- template: Security/Secret-Detection.gitlab-ci.yml
|
||||
|
||||
secret_detection:
|
||||
variables:
|
||||
SECRETS_ANALYZER_VERSION: "4.5"
|
||||
```
|
||||
|
||||
## Configure scan settings
|
||||
|
||||
The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables)
|
||||
|
|
|
@ -219,6 +219,7 @@ Fields included are:
|
|||
- Detected At
|
||||
- Location
|
||||
- Activity
|
||||
- Comments
|
||||
|
||||
NOTE:
|
||||
Full details are available through our
|
||||
|
|
|
@ -60,7 +60,8 @@ Self-managed installations can configure the following additional password requi
|
|||
|
||||
## Block weak passwords
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23610) in GitLab 15.4 [with a flag](../../administration/feature_flags.md) named `block_weak_passwords`, weak passwords aren't accepted. Disabled by default.
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23610) in GitLab 15.4 [with a flag](../../administration/feature_flags.md) named `block_weak_passwords`, weak passwords aren't accepted. Disabled by default on self-managed.
|
||||
> - [Enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/363445) on GitLab.com.
|
||||
|
||||
FLAG:
|
||||
On self-managed GitLab, by default blocking weak passwords is not available. To make it available, ask an administrator
|
||||
|
|
|
@ -199,12 +199,14 @@ module API
|
|||
mount ::API::ProjectExport
|
||||
mount ::API::ProjectHooks
|
||||
mount ::API::ProjectRepositoryStorageMoves
|
||||
mount ::API::ProjectSnippets
|
||||
mount ::API::ProjectSnapshots
|
||||
mount ::API::ProtectedBranches
|
||||
mount ::API::ProtectedTags
|
||||
mount ::API::Release::Links
|
||||
mount ::API::Releases
|
||||
mount ::API::Release::Links
|
||||
mount ::API::ResourceAccessTokens
|
||||
mount ::API::Snippets
|
||||
mount ::API::SnippetRepositoryStorageMoves
|
||||
mount ::API::Statistics
|
||||
mount ::API::Submodules
|
||||
|
@ -299,7 +301,6 @@ module API
|
|||
mount ::API::ProjectImport
|
||||
mount ::API::ProjectMilestones
|
||||
mount ::API::ProjectPackages
|
||||
mount ::API::ProjectSnippets
|
||||
mount ::API::ProjectStatistics
|
||||
mount ::API::ProjectTemplates
|
||||
mount ::API::Projects
|
||||
|
@ -315,7 +316,6 @@ module API
|
|||
mount ::API::Search
|
||||
mount ::API::Settings
|
||||
mount ::API::SidekiqMetrics
|
||||
mount ::API::Snippets
|
||||
mount ::API::Subscriptions
|
||||
mount ::API::Tags
|
||||
mount ::API::Templates
|
||||
|
|
|
@ -3,16 +3,30 @@
|
|||
module API
|
||||
module Entities
|
||||
class BasicSnippet < Grape::Entity
|
||||
expose :id, :title, :description, :visibility
|
||||
expose :updated_at, :created_at
|
||||
expose :project_id
|
||||
expose :web_url do |snippet|
|
||||
expose :id, documentation: { type: 'integer', example: 1 }
|
||||
expose :title, documentation: { type: 'string', example: 'test' }
|
||||
expose :description, documentation: { type: 'string', example: 'Ruby test snippet' }
|
||||
expose :visibility, documentation: { type: 'string', example: 'public' }
|
||||
expose :author, using: Entities::UserBasic, documentation: { type: 'Entities::UserBasic' }
|
||||
expose :created_at, documentation: { type: 'dateTime', example: '2012-06-28T10:52:04Z' }
|
||||
expose :updated_at, documentation: { type: 'dateTime', example: '2012-06-28T10:52:04Z' }
|
||||
expose :project_id, documentation: { type: 'integer', example: 1 }
|
||||
expose :web_url, documentation: {
|
||||
type: 'string', example: 'http://example.com/example/example/snippets/1'
|
||||
} do |snippet|
|
||||
Gitlab::UrlBuilder.build(snippet)
|
||||
end
|
||||
expose :raw_url do |snippet|
|
||||
expose :raw_url, documentation: {
|
||||
type: 'string', example: 'http://example.com/example/example/snippets/1/raw'
|
||||
} do |snippet|
|
||||
Gitlab::UrlBuilder.build(snippet, raw: true)
|
||||
end
|
||||
expose :ssh_url_to_repo, :http_url_to_repo, if: ->(snippet) { snippet.repository_exists? }
|
||||
expose :ssh_url_to_repo, documentation: {
|
||||
type: 'string', example: 'ssh://user@gitlab.example.com/snippets/65.git'
|
||||
}, if: ->(snippet) { snippet.repository_exists? }
|
||||
expose :http_url_to_repo, documentation: {
|
||||
type: 'string', example: 'https://gitlab.example.com/snippets/65.git'
|
||||
}, if: ->(snippet) { snippet.repository_exists? }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,11 +3,13 @@
|
|||
module API
|
||||
module Entities
|
||||
class Snippet < BasicSnippet
|
||||
expose :author, using: Entities::UserBasic
|
||||
expose :file_name do |snippet|
|
||||
expose :author, using: Entities::UserBasic, documentation: { type: 'Entities::UserBasic' }
|
||||
expose :file_name, documentation: { type: 'string', example: 'add.rb' } do |snippet|
|
||||
snippet_files.first || snippet.file_name
|
||||
end
|
||||
expose :files do |snippet, options|
|
||||
expose :files, documentation: {
|
||||
is_array: true, example: 'e0d123e5f316bef78bfdf5a008837577'
|
||||
} do |snippet, options|
|
||||
snippet_files.map do |file|
|
||||
{
|
||||
path: file,
|
||||
|
|
|
@ -4,7 +4,7 @@ module API
|
|||
module Entities
|
||||
module Snippets
|
||||
class RepositoryStorageMove < BasicRepositoryStorageMove
|
||||
expose :snippet, using: Entities::BasicSnippet
|
||||
expose :snippet, using: Entities::BasicSnippet, documentation: { type: 'Entities::BasicSnippet' }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
module API
|
||||
module Entities
|
||||
class UserAgentDetail < Grape::Entity
|
||||
expose :user_agent
|
||||
expose :ip_address
|
||||
expose :submitted, as: :akismet_submitted
|
||||
expose :user_agent, documentation: { type: 'string', example: 'AppleWebKit/537.36' }
|
||||
expose :ip_address, documentation: { type: 'string', example: '127.0.0.1' }
|
||||
expose :submitted, as: :akismet_submitted, documentation: { type: 'boolean', example: false }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -34,6 +34,11 @@ module API
|
|||
|
||||
desc 'Get all project snippets' do
|
||||
success Entities::ProjectSnippet
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[project_snippets]
|
||||
is_array true
|
||||
end
|
||||
params do
|
||||
use :pagination
|
||||
|
@ -46,6 +51,10 @@ module API
|
|||
|
||||
desc 'Get a single project snippet' do
|
||||
success Entities::ProjectSnippet
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[project_snippets]
|
||||
end
|
||||
params do
|
||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||
|
@ -60,6 +69,12 @@ module API
|
|||
|
||||
desc 'Create a new project snippet' do
|
||||
success Entities::ProjectSnippet
|
||||
failure [
|
||||
{ code: 400, message: 'Validation error' },
|
||||
{ code: 404, message: 'Not found' },
|
||||
{ code: 422, message: 'Unprocessable entity' }
|
||||
]
|
||||
tags %w[project_snippets]
|
||||
end
|
||||
params do
|
||||
requires :title, type: String, allow_blank: false, desc: 'The title of the snippet'
|
||||
|
@ -91,6 +106,12 @@ module API
|
|||
|
||||
desc 'Update an existing project snippet' do
|
||||
success Entities::ProjectSnippet
|
||||
failure [
|
||||
{ code: 400, message: 'Validation error' },
|
||||
{ code: 404, message: 'Not found' },
|
||||
{ code: 422, message: 'Unprocessable entity' }
|
||||
]
|
||||
tags %w[project_snippets]
|
||||
end
|
||||
params do
|
||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||
|
@ -132,7 +153,14 @@ module API
|
|||
end
|
||||
# rubocop: enable CodeReuse/ActiveRecord
|
||||
|
||||
desc 'Delete a project snippet'
|
||||
desc 'Delete a project snippet' do
|
||||
success code: 204
|
||||
failure [
|
||||
{ code: 400, message: 'Validation error' },
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[project_snippets]
|
||||
end
|
||||
params do
|
||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||
end
|
||||
|
@ -156,7 +184,13 @@ module API
|
|||
end
|
||||
# rubocop: enable CodeReuse/ActiveRecord
|
||||
|
||||
desc 'Get a raw project snippet'
|
||||
desc 'Get a raw project snippet' do
|
||||
success Entities::ProjectSnippet
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[project_snippets]
|
||||
end
|
||||
params do
|
||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||
end
|
||||
|
@ -168,7 +202,13 @@ module API
|
|||
present content_for(snippet)
|
||||
end
|
||||
|
||||
desc 'Get raw project snippet file contents from the repository'
|
||||
desc 'Get raw project snippet file contents from the repository' do
|
||||
success Entities::ProjectSnippet
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[project_snippets]
|
||||
end
|
||||
params do
|
||||
use :raw_file_params
|
||||
end
|
||||
|
@ -182,6 +222,10 @@ module API
|
|||
|
||||
desc 'Get the user agent details for a project snippet' do
|
||||
success Entities::UserAgentDetail
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[project_snippets]
|
||||
end
|
||||
params do
|
||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||
|
|
|
@ -28,6 +28,11 @@ module API
|
|||
desc 'Get a snippets list for an authenticated user' do
|
||||
detail 'This feature was introduced in GitLab 8.15.'
|
||||
success Entities::Snippet
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
is_array true
|
||||
end
|
||||
params do
|
||||
optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time'
|
||||
|
@ -45,6 +50,11 @@ module API
|
|||
desc 'List all public personal snippets current_user has access to' do
|
||||
detail 'This feature was introduced in GitLab 8.15.'
|
||||
success Entities::PersonalSnippet
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
is_array true
|
||||
end
|
||||
params do
|
||||
optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time'
|
||||
|
@ -62,6 +72,10 @@ module API
|
|||
desc 'Get a single snippet' do
|
||||
detail 'This feature was introduced in GitLab 8.15.'
|
||||
success Entities::PersonalSnippet
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
end
|
||||
params do
|
||||
requires :id, type: Integer, desc: 'The ID of a snippet'
|
||||
|
@ -77,6 +91,12 @@ module API
|
|||
desc 'Create new snippet' do
|
||||
detail 'This feature was introduced in GitLab 8.15.'
|
||||
success Entities::PersonalSnippet
|
||||
failure [
|
||||
{ code: 400, message: 'Validation error' },
|
||||
{ code: 404, message: 'Not found' },
|
||||
{ code: 422, message: 'Unprocessable entity' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
end
|
||||
params do
|
||||
requires :title, type: String, allow_blank: false, desc: 'The title of a snippet'
|
||||
|
@ -110,6 +130,12 @@ module API
|
|||
desc 'Update an existing snippet' do
|
||||
detail 'This feature was introduced in GitLab 8.15.'
|
||||
success Entities::PersonalSnippet
|
||||
failure [
|
||||
{ code: 400, message: 'Validation error' },
|
||||
{ code: 404, message: 'Not found' },
|
||||
{ code: 422, message: 'Unprocessable entity' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
end
|
||||
|
||||
params do
|
||||
|
@ -154,6 +180,11 @@ module API
|
|||
desc 'Remove snippet' do
|
||||
detail 'This feature was introduced in GitLab 8.15.'
|
||||
success Entities::PersonalSnippet
|
||||
failure [
|
||||
{ code: 400, message: 'Validation error' },
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
end
|
||||
params do
|
||||
requires :id, type: Integer, desc: 'The ID of a snippet'
|
||||
|
@ -178,6 +209,10 @@ module API
|
|||
|
||||
desc 'Get a raw snippet' do
|
||||
detail 'This feature was introduced in GitLab 8.15.'
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
end
|
||||
params do
|
||||
requires :id, type: Integer, desc: 'The ID of a snippet'
|
||||
|
@ -189,7 +224,12 @@ module API
|
|||
present content_for(snippet)
|
||||
end
|
||||
|
||||
desc 'Get raw snippet file contents from the repository'
|
||||
desc 'Get raw snippet file contents from the repository' do
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
end
|
||||
params do
|
||||
use :raw_file_params
|
||||
end
|
||||
|
@ -202,6 +242,10 @@ module API
|
|||
|
||||
desc 'Get the user agent details for a snippet' do
|
||||
success Entities::UserAgentDetail
|
||||
failure [
|
||||
{ code: 404, message: 'Not found' }
|
||||
]
|
||||
tags %w[snippets]
|
||||
end
|
||||
params do
|
||||
requires :id, type: Integer, desc: 'The ID of a snippet'
|
||||
|
|
|
@ -212,8 +212,8 @@ RSpec.describe GitlabSchema.types['Project'] do
|
|||
|
||||
it "returns the project's sast configuration for analyzer variables" do
|
||||
analyzer = subject.dig('data', 'project', 'sastCiConfiguration', 'analyzers', 'nodes').first
|
||||
expect(analyzer['name']).to eq('bandit')
|
||||
expect(analyzer['label']).to eq('Bandit')
|
||||
expect(analyzer['name']).to eq('brakeman')
|
||||
expect(analyzer['label']).to eq('Brakeman')
|
||||
expect(analyzer['enabled']).to eq(true)
|
||||
end
|
||||
|
||||
|
|
|
@ -11,9 +11,9 @@ RSpec.describe Security::CiConfiguration::SastParserService do
|
|||
let(:sast_excluded_paths) { configuration['global'][1] }
|
||||
let(:sast_pipeline_stage) { configuration['pipeline'][0] }
|
||||
let(:sast_search_max_depth) { configuration['pipeline'][1] }
|
||||
let(:bandit) { configuration['analyzers'][0] }
|
||||
let(:brakeman) { configuration['analyzers'][1] }
|
||||
let(:brakeman) { configuration['analyzers'][0] }
|
||||
let(:sast_brakeman_level) { brakeman['variables'][0] }
|
||||
let(:semgrep) { configuration['analyzers'][1] }
|
||||
let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' }
|
||||
|
||||
it 'parses the configuration for SAST' do
|
||||
|
@ -34,7 +34,7 @@ RSpec.describe Security::CiConfiguration::SastParserService do
|
|||
expect(sast_pipeline_stage['value']).to eql('our_custom_security_stage')
|
||||
expect(sast_search_max_depth['value']).to eql('8')
|
||||
expect(brakeman['enabled']).to be(false)
|
||||
expect(bandit['enabled']).to be(true)
|
||||
expect(semgrep['enabled']).to be(true)
|
||||
expect(sast_brakeman_level['value']).to eql('2')
|
||||
end
|
||||
|
||||
|
@ -43,7 +43,7 @@ RSpec.describe Security::CiConfiguration::SastParserService do
|
|||
allow(project.repository).to receive(:blob_data_at).and_return(gitlab_ci_yml_excluded_analyzers_content)
|
||||
|
||||
expect(brakeman['enabled']).to be(false)
|
||||
expect(bandit['enabled']).to be(true)
|
||||
expect(semgrep['enabled']).to be(true)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
module gitlab.com/gitlab-org/gitlab/workhorse
|
||||
|
||||
go 1.17
|
||||
go 1.18
|
||||
|
||||
require (
|
||||
github.com/Azure/azure-storage-blob-go v0.14.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1
|
||||
github.com/BurntSushi/toml v1.2.1
|
||||
github.com/FZambia/sentinel v1.1.1
|
||||
github.com/alecthomas/chroma/v2 v2.3.0
|
||||
|
@ -29,11 +29,11 @@ require (
|
|||
gitlab.com/gitlab-org/gitaly/v15 v15.5.1
|
||||
gitlab.com/gitlab-org/golang-archive-zip v0.1.1
|
||||
gitlab.com/gitlab-org/labkit v1.16.1
|
||||
gocloud.dev v0.26.0
|
||||
gocloud.dev v0.27.0
|
||||
golang.org/x/image v0.0.0-20220722155232-062f8c9fd539
|
||||
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
|
||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b
|
||||
golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a
|
||||
golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b
|
||||
golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c
|
||||
golang.org/x/tools v0.1.12
|
||||
google.golang.org/grpc v1.50.1
|
||||
google.golang.org/protobuf v1.28.1
|
||||
|
@ -41,24 +41,23 @@ require (
|
|||
)
|
||||
|
||||
require (
|
||||
cloud.google.com/go v0.100.2 // indirect
|
||||
cloud.google.com/go/compute v1.5.0 // indirect
|
||||
cloud.google.com/go v0.103.0 // indirect
|
||||
cloud.google.com/go/compute v1.7.0 // indirect
|
||||
cloud.google.com/go/iam v0.3.0 // indirect
|
||||
cloud.google.com/go/monitoring v1.4.0 // indirect
|
||||
cloud.google.com/go/monitoring v1.5.0 // indirect
|
||||
cloud.google.com/go/profiler v0.1.0 // indirect
|
||||
cloud.google.com/go/storage v1.21.0 // indirect
|
||||
cloud.google.com/go/storage v1.24.0 // indirect
|
||||
cloud.google.com/go/trace v1.2.0 // indirect
|
||||
contrib.go.opencensus.io/exporter/stackdriver v0.13.10 // indirect
|
||||
github.com/Azure/azure-pipeline-go v0.2.3 // indirect
|
||||
contrib.go.opencensus.io/exporter/stackdriver v0.13.13 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
|
||||
github.com/Azure/go-autorest/autorest v0.11.22 // indirect
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.17 // indirect
|
||||
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
|
||||
github.com/Azure/go-autorest/logger v0.2.1 // indirect
|
||||
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
|
||||
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect
|
||||
github.com/DataDog/datadog-go v4.4.0+incompatible // indirect
|
||||
github.com/DataDog/sketches-go v1.0.0 // indirect
|
||||
github.com/Microsoft/go-winio v0.5.0 // indirect
|
||||
github.com/Microsoft/go-winio v0.5.1 // indirect
|
||||
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
|
||||
github.com/beevik/ntp v0.3.0 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
|
@ -70,30 +69,33 @@ require (
|
|||
github.com/dlclark/regexp2 v1.4.0 // indirect
|
||||
github.com/go-ole/go-ole v1.2.4 // indirect
|
||||
github.com/gogo/protobuf v1.3.2 // indirect
|
||||
github.com/golang-jwt/jwt v3.2.1+incompatible // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/google/go-cmp v0.5.9 // indirect
|
||||
github.com/google/pprof v0.0.0-20210804190019-f964ff605595 // indirect
|
||||
github.com/google/pprof v0.0.0-20220608213341-c488b8fa1db3 // indirect
|
||||
github.com/google/uuid v1.3.0 // indirect
|
||||
github.com/google/wire v0.5.0 // indirect
|
||||
github.com/googleapis/gax-go/v2 v2.2.0 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
|
||||
github.com/googleapis/gax-go/v2 v2.4.0 // indirect
|
||||
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect
|
||||
github.com/hashicorp/yamux v0.1.1 // indirect
|
||||
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
||||
github.com/jtolds/gls v4.20.0+incompatible // indirect
|
||||
github.com/kr/text v0.2.0 // indirect
|
||||
github.com/kylelemons/godebug v1.1.0 // indirect
|
||||
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20210210170715-a8dfcb80d3a7 // indirect
|
||||
github.com/lightstep/lightstep-tracer-go v0.25.0 // indirect
|
||||
github.com/mattn/go-ieproxy v0.0.6 // indirect
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
|
||||
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
||||
github.com/oklog/ulid/v2 v2.0.2 // indirect
|
||||
github.com/opentracing/opentracing-go v1.2.0 // indirect
|
||||
github.com/philhofer/fwd v1.1.1 // indirect
|
||||
github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/prometheus/client_model v0.2.0 // indirect
|
||||
github.com/prometheus/common v0.37.0 // indirect
|
||||
github.com/prometheus/procfs v0.8.0 // indirect
|
||||
github.com/prometheus/prometheus v0.37.0 // indirect
|
||||
github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 // indirect
|
||||
github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 // indirect
|
||||
github.com/shirou/gopsutil/v3 v3.21.2 // indirect
|
||||
|
@ -109,13 +111,13 @@ require (
|
|||
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e // indirect
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
|
||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
|
||||
golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect
|
||||
golang.org/x/text v0.3.8 // indirect
|
||||
golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
|
||||
google.golang.org/api v0.74.0 // indirect
|
||||
golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
|
||||
google.golang.org/api v0.91.0 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20220401170504-314d38edb7de // indirect
|
||||
google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 // indirect
|
||||
gopkg.in/DataDog/dd-trace-go.v1 v1.32.0 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
)
|
||||
|
|
1554
workhorse/go.sum
1554
workhorse/go.sum
File diff suppressed because it is too large
Load Diff
|
@ -10,7 +10,7 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/Azure/azure-storage-blob-go/azblob"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
|
||||
"github.com/BurntSushi/toml"
|
||||
"gocloud.dev/blob"
|
||||
"gocloud.dev/blob/azureblob"
|
||||
|
@ -174,18 +174,21 @@ func (c *Config) RegisterGoCloudURLOpeners() error {
|
|||
}
|
||||
|
||||
func (creds *AzureCredentials) getURLOpener() (*azureblob.URLOpener, error) {
|
||||
accountName := azureblob.AccountName(creds.AccountName)
|
||||
accountKey := azureblob.AccountKey(creds.AccountKey)
|
||||
serviceURLOptions := azureblob.ServiceURLOptions{
|
||||
AccountName: creds.AccountName,
|
||||
}
|
||||
|
||||
credential, err := azureblob.NewCredential(accountName, accountKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error creating Azure credentials: %w", err)
|
||||
clientFunc := func(svcURL azureblob.ServiceURL) (*azblob.ServiceClient, error) {
|
||||
sharedKeyCred, err := azblob.NewSharedKeyCredential(creds.AccountName, creds.AccountKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error creating Azure credentials: %w", err)
|
||||
}
|
||||
return azblob.NewServiceClientWithSharedKey(string(svcURL), sharedKeyCred, &azblob.ClientOptions{})
|
||||
}
|
||||
|
||||
return &azureblob.URLOpener{
|
||||
AccountName: accountName,
|
||||
Pipeline: azureblob.NewPipeline(credential, azblob.PipelineOptions{}),
|
||||
Options: azureblob.Options{Credential: credential},
|
||||
MakeClient: clientFunc,
|
||||
ServiceURLOptions: serviceURLOptions,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue