Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-11-08 03:10:58 +00:00
parent 9695fcf519
commit 43feb20dca
21 changed files with 1529 additions and 640 deletions

View File

@ -1 +1 @@
ba02c22370d12ccf8ec464497603394effbaf8b0 038b442dc21c71a69ad170a61ce79a12a74fb725

View File

@ -1,176 +1,135 @@
{ {
"$schema": "http://json-schema.org/draft-07/schema#", "$schema": "http://json-schema.org/draft-07/schema#",
"global": [ "global": [
{
"field": "SECURE_ANALYZERS_PREFIX",
"label": "Image prefix",
"type": "string",
"default_value": "",
"value": "",
"size": "LARGE",
"description": "Analyzer image's registry prefix (or name of the registry providing the analyzers' image)"
},
{
"field": "SAST_EXCLUDED_PATHS",
"label": "Excluded Paths",
"type": "string",
"default_value": "",
"value": "",
"size": "MEDIUM",
"description": "Comma-separated list of paths to be excluded from analyzer output. Patterns can be globs, file paths, or folder paths."
}
],
"pipeline": [
{
"field": "stage",
"label": "Stage",
"type": "string",
"default_value": "",
"value": "",
"size": "MEDIUM",
"description": "Pipeline stage in which the scan jobs run"
},
{
"field": "SEARCH_MAX_DEPTH",
"label": "Search maximum depth",
"type": "string",
"default_value": "",
"value": "",
"size": "SMALL",
"description": "Maximum depth of language and framework detection"
}
],
"analyzers": [
{
"name": "brakeman",
"label": "Brakeman",
"enabled": true,
"description": "Ruby on Rails",
"variables": [
{ {
"field": "SECURE_ANALYZERS_PREFIX", "field": "SAST_BRAKEMAN_LEVEL",
"label": "Image prefix", "label": "Brakeman confidence level",
"type": "string", "type": "string",
"default_value": "", "default_value": "1",
"value": "", "value": "",
"size": "LARGE", "size": "SMALL",
"description": "Analyzer image's registry prefix (or name of the registry providing the analyzers' image)" "description": "Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low, 2=Medium, 3=High."
},
{
"field" : "SAST_EXCLUDED_PATHS",
"label" : "Excluded Paths",
"type": "string",
"default_value": "",
"value": "",
"size": "MEDIUM",
"description": "Comma-separated list of paths to be excluded from analyzer output. Patterns can be globs, file paths, or folder paths."
} }
], ]
"pipeline": [ },
{
"name": "flawfinder",
"label": "Flawfinder",
"enabled": true,
"description": "C, C++",
"variables": [
{ {
"field" : "stage", "field": "SAST_FLAWFINDER_LEVEL",
"label" : "Stage", "label": "Flawfinder risk level",
"type": "string", "type": "string",
"default_value": "", "default_value": "1",
"value": "", "value": "",
"size": "MEDIUM", "size": "SMALL",
"description": "Pipeline stage in which the scan jobs run" "description": "Ignore Flawfinder vulnerabilities under given risk level. Integer, 0=No risk, 5=High risk."
},
{
"field" : "SEARCH_MAX_DEPTH",
"label" : "Search maximum depth",
"type": "string",
"default_value": "",
"value": "",
"size": "SMALL",
"description": "Maximum depth of language and framework detection"
} }
], ]
"analyzers": [ },
{ {
"name": "bandit", "name": "kubesec",
"label": "Bandit", "label": "Kubesec",
"enabled" : true, "enabled": true,
"description": "Python", "description": "Kubernetes manifests, Helm Charts",
"variables": [ "variables": []
{ },
"field" : "SAST_BANDIT_EXCLUDED_PATHS", {
"label" : "Paths to exclude from scan", "name": "nodejs-scan",
"type": "string", "label": "Node.js Scan",
"default_value": "", "enabled": true,
"value": "", "description": "Node.js",
"size": "SMALL", "variables": []
"description": "Comma-separated list of paths to exclude from scan. Uses Pythons 'fnmatch' syntax; For example: '*/tests/*, */venv/*'" },
} {
] "name": "phpcs-security-audit",
}, "label": "PHP Security Audit",
{ "enabled": true,
"name": "brakeman", "description": "PHP",
"label": "Brakeman", "variables": []
"enabled" : true, },
"description": "Ruby on Rails", {
"variables": [ "name": "pmd-apex",
{ "label": "PMD APEX",
"field" : "SAST_BRAKEMAN_LEVEL", "enabled": true,
"label" : "Brakeman confidence level", "description": "Apex (Salesforce)",
"type": "string", "variables": []
"default_value": "1", },
"value": "", {
"size": "SMALL", "name": "security-code-scan",
"description": "Ignore Brakeman vulnerabilities under given confidence level. Integer, 1=Low, 2=Medium, 3=High." "label": "Security Code Scan",
} "enabled": true,
] "description": ".NET Core, .NET Framework",
}, "variables": []
{ },
"name": "eslint", {
"label": "ESLint", "name": "semgrep",
"enabled" : true, "label": "Semgrep",
"description": "JavaScript, TypeScript, React", "enabled": true,
"variables": [] "description": "Multi-language scanning",
}, "variables": []
{ },
"name": "flawfinder", {
"label": "Flawfinder", "name": "sobelow",
"enabled" : true, "label": "Sobelow",
"description": "C, C++", "enabled": true,
"variables": [ "description": "Elixir (Phoenix)",
{ "variables": []
"field" : "SAST_FLAWFINDER_LEVEL", },
"label" : "Flawfinder risk level", {
"type": "string", "name": "spotbugs",
"default_value": "1", "label": "Spotbugs",
"value": "", "enabled": true,
"size": "SMALL", "description": "Groovy, Java, Scala",
"description": "Ignore Flawfinder vulnerabilities under given risk level. Integer, 0=No risk, 5=High risk." "variables": []
} }
] ]
}, }
{
"name": "gosec",
"label": "Gosec",
"enabled" : true,
"description": "Go",
"variables": [
{
"field" : "SAST_GOSEC_LEVEL",
"label" : "Gosec confidence level",
"type": "string",
"default_value": "0",
"value": "",
"size": "SMALL",
"description": "Ignore Gosec vulnerabilities under given confidence level. Integer, 0=Undefined, 1=Low, 2=Medium, 3=High."
}
]
},
{
"name": "kubesec",
"label": "Kubesec",
"enabled" : true,
"description": "Kubernetes manifests, Helm Charts",
"variables": []
},
{
"name": "nodejs-scan",
"label": "Node.js Scan",
"enabled" : true,
"description": "Node.js",
"variables": []
},
{
"name": "phpcs-security-audit",
"label": "PHP Security Audit",
"enabled" : true,
"description": "PHP",
"variables": []
},
{
"name": "pmd-apex",
"label": "PMD APEX",
"enabled" : true,
"description": "Apex (Salesforce)",
"variables": []
},
{
"name": "security-code-scan",
"label": "Security Code Scan",
"enabled" : true,
"description": ".NET Core, .NET Framework",
"variables": []
},
{
"name": "semgrep",
"label": "Semgrep",
"enabled": true,
"description": "Multi-language scanning",
"variables": []
},
{
"name": "sobelow",
"label": "Sobelow",
"enabled" : true,
"description": "Elixir (Phoenix)",
"variables": []
},
{
"name": "spotbugs",
"label": "Spotbugs",
"enabled" : true,
"description": "Groovy, Java, Scala",
"variables": []
}
]
}

View File

@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356464
milestone: '14.9' milestone: '14.9'
type: ops type: ops
group: group::threat insights group: group::threat insights
default_enabled: false default_enabled: true

View File

@ -30,9 +30,11 @@ Parameters:
```graphql ```graphql
mutation CreateCustomEmoji($groupPath: ID!) { mutation CreateCustomEmoji($groupPath: ID!) {
createCustomEmoji(input: {groupPath: $groupPath, name: "party-parrot", file: "https://cultofthepartyparrot.com/parrots/hd/parrot.gif", external: true}) { createCustomEmoji(input: {groupPath: $groupPath, name: "party-parrot", url: "https://cultofthepartyparrot.com/parrots/hd/parrot.gif"}) {
clientMutationId clientMutationId
name customEmoji {
name
}
errors errors
} }
} }

View File

@ -198,11 +198,11 @@ The response is `404 Not Found` if the vulnerability export is not finished yet
Example response: Example response:
```csv ```csv
Group Name,Project Name,Tool,Scanner Name,Status,Vulnerability,Details,Additional Info,Severity,CVE,CWE,Other Identifiers,Detected At,Location,Activity, Group Name,Project Name,Tool,Scanner Name,Status,Vulnerability,Details,Additional Info,Severity,CVE,CWE,Other Identifiers,Detected At,Location,Activity,Comments,
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-14697 in musl-utils-1.1.20-r4,"musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",CVE-2019-14697 in musl-utils-1.1.20-r4,critical,CVE-2019-14697,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl-utils""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true, Gitlab.org,Defend,container_scanning,Trivy,resolved,CVE-2019-14697 in musl-utils-1.1.20-r4,"musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",CVE-2019-14697 in musl-utils-1.1.20-r4,critical,CVE-2019-14697,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl-utils""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,"2022-10-07 13:41:08 UTC|root|resolved|changed vulnerability status to resolved",
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-19242 in sqlite-libs-3.26.0-r3,"SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",CVE-2019-19242 in sqlite-libs-3.26.0-r3,medium,CVE-2019-19242,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""sqlite-libs""}, ""version""=>""3.26.0-r3""}, ""operating_system""=>""alpine 3.9.2""}",true, Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-19242 in sqlite-libs-3.26.0-r3,"SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",CVE-2019-19242 in sqlite-libs-3.26.0-r3,medium,CVE-2019-19242,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""sqlite-libs""}, ""version""=>""3.26.0-r3""}, ""operating_system""=>""alpine 3.9.2""}",true,"",
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2020-28928 in musl-1.1.20-r4,"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",CVE-2020-28928 in musl-1.1.20-r4,medium,CVE-2020-28928,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true, Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2020-28928 in musl-1.1.20-r4,"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",CVE-2020-28928 in musl-1.1.20-r4,medium,CVE-2020-28928,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,"",
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack's Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim's terminal.,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,unknown,Gemfile.lock:rack:gemnasium:60b5a27f-4e4d-4ab4-8ae7-74b4b212e177,,Gemnasium-60b5a27f-4e4d-4ab4-8ae7-74b4b212e177; GHSA-wq4h-7r42-5hrr,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false, Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack's Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim's terminal.,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,unknown,Gemfile.lock:rack:gemnasium:60b5a27f-4e4d-4ab4-8ae7-74b4b212e177,,Gemnasium-60b5a27f-4e4d-4ab4-8ae7-74b4b212e177; GHSA-wq4h-7r42-5hrr,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,"",
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Denial of Service Vulnerability in Rack Multipart Parsing in rack,"Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability. Impacted code will use Rack's multipart parser to parse multipart posts.",Denial of Service Vulnerability in Rack Multipart Parsing in rack,unknown,Gemfile.lock:rack:gemnasium:20daa17a-47b5-4f79-80c2-cd8f2db9805c,,Gemnasium-20daa17a-47b5-4f79-80c2-cd8f2db9805c; GHSA-hxqx-xwvh-44m2,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false, Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Denial of Service Vulnerability in Rack Multipart Parsing in rack,"Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability. Impacted code will use Rack's multipart parser to parse multipart posts.",Denial of Service Vulnerability in Rack Multipart Parsing in rack,unknown,Gemfile.lock:rack:gemnasium:20daa17a-47b5-4f79-80c2-cd8f2db9805c,,Gemnasium-20daa17a-47b5-4f79-80c2-cd8f2db9805c; GHSA-hxqx-xwvh-44m2,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,"",
Gitlab.org,Defend,sast,Brakeman,detected,Possible SQL injection,,Possible SQL injection,medium,e52f23a259cd489168b4313317ac94a3f13bffde57b9635171c1a44a9f329e9a,,"""Brakeman Warning Code 0""",2022-10-13 15:16:36 UTC,"{""file""=>""main.rb"", ""class""=>""User"", ""method""=>""index"", ""start_line""=>3}",false Gitlab.org,Defend,sast,Brakeman,detected,Possible SQL injection,,Possible SQL injection,medium,e52f23a259cd489168b4313317ac94a3f13bffde57b9635171c1a44a9f329e9a,,"""Brakeman Warning Code 0""",2022-10-13 15:16:36 UTC,"{""file""=>""main.rb"", ""class""=>""User"", ""method""=>""index"", ""start_line""=>3}",false,""
``` ```

View File

@ -304,12 +304,24 @@ spotbugs-sast:
#### Pinning to minor image version #### Pinning to minor image version
While our templates use `MAJOR` version pinning to always ensure the latest analyzer The GitLab-managed CI/CD template specifies a major version and automatically pulls the latest analyzer release within that major version.
versions are pulled, there are certain cases where it can be beneficial to pin
an analyzer to a specific release. To do so, override the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
in the job template directly.
In the example below, we pin to a minor version of the `semgrep` analyzer and a specific patch version of the `brakeman` analyzer: In some cases, you may need to use a specific version.
For example, you might need to avoid a regression in a later release.
To override the automatic update behavior, set the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
in your CI/CD configuration file after you include the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml).
Only set this variable within a specific job.
If you set it [at the top level](../../../ci/variables/index.md#create-a-custom-cicd-variable-in-the-gitlab-ciyml-file), the version you set will be used for other SAST analyzers.
You can set the tag to:
- A major version, like `3`. Your pipelines will use any minor or patch updates that are released within this major version.
- A minor version, like `3.7`. Your pipelines will use any patch updates that are released within this minor version.
- A patch version, like `3.7.0`. Your pipelines won't receive any updates.
This example uses a specific minor version of the `semgrep` analyzer and a specific patch version of the `brakeman` analyzer:
```yaml ```yaml
include: include:
@ -317,11 +329,11 @@ include:
semgrep-sast: semgrep-sast:
variables: variables:
SAST_ANALYZER_IMAGE_TAG: "2.16" SAST_ANALYZER_IMAGE_TAG: "3.7"
brakeman-sast: brakeman-sast:
variables: variables:
SAST_ANALYZER_IMAGE_TAG: "2.21.1" SAST_ANALYZER_IMAGE_TAG: "3.1.1"
``` ```
### False Positive Detection **(ULTIMATE)** ### False Positive Detection **(ULTIMATE)**

View File

@ -124,6 +124,33 @@ widget.
If the scanner detects a secret you should rotate it immediately. [Purging a file from the repository's history](../../project/repository/reducing_the_repo_size_using_git.md#purge-files-from-repository-history) may not be effective in removing all references to the file. Also, the secret remains in any forks of the repository. If the scanner detects a secret you should rotate it immediately. [Purging a file from the repository's history](../../project/repository/reducing_the_repo_size_using_git.md#purge-files-from-repository-history) may not be effective in removing all references to the file. Also, the secret remains in any forks of the repository.
## Pinning to specific analyzer version
The GitLab-managed CI/CD template specifies a major version and automatically pulls the latest analyzer release within that major version.
In some cases, you may need to use a specific version.
For example, you might need to avoid a regression in a later release.
To override the automatic update behavior, set the `SECRETS_ANALYZER_VERSION` CI/CD variable
in your CI/CD configuration file after you include the [`Secret-Detection.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml).
You can set the tag to:
- A major version, like `4`. Your pipelines will use any minor or patch updates that are released within this major version.
- A minor version, like `4.5`. Your pipelines will use any patch updates that are released within this minor version.
- A patch version, like `4.5.0`. Your pipelines won't receive any updates.
This example uses a specific minor version of the analyzer:
```yaml
include:
- template: Security/Secret-Detection.gitlab-ci.yml
secret_detection:
variables:
SECRETS_ANALYZER_VERSION: "4.5"
```
## Configure scan settings ## Configure scan settings
The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables) The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables)

View File

@ -219,6 +219,7 @@ Fields included are:
- Detected At - Detected At
- Location - Location
- Activity - Activity
- Comments
NOTE: NOTE:
Full details are available through our Full details are available through our

View File

@ -60,7 +60,8 @@ Self-managed installations can configure the following additional password requi
## Block weak passwords ## Block weak passwords
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23610) in GitLab 15.4 [with a flag](../../administration/feature_flags.md) named `block_weak_passwords`, weak passwords aren't accepted. Disabled by default. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23610) in GitLab 15.4 [with a flag](../../administration/feature_flags.md) named `block_weak_passwords`, weak passwords aren't accepted. Disabled by default on self-managed.
> - [Enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/363445) on GitLab.com.
FLAG: FLAG:
On self-managed GitLab, by default blocking weak passwords is not available. To make it available, ask an administrator On self-managed GitLab, by default blocking weak passwords is not available. To make it available, ask an administrator

View File

@ -199,12 +199,14 @@ module API
mount ::API::ProjectExport mount ::API::ProjectExport
mount ::API::ProjectHooks mount ::API::ProjectHooks
mount ::API::ProjectRepositoryStorageMoves mount ::API::ProjectRepositoryStorageMoves
mount ::API::ProjectSnippets
mount ::API::ProjectSnapshots mount ::API::ProjectSnapshots
mount ::API::ProtectedBranches mount ::API::ProtectedBranches
mount ::API::ProtectedTags mount ::API::ProtectedTags
mount ::API::Release::Links
mount ::API::Releases mount ::API::Releases
mount ::API::Release::Links
mount ::API::ResourceAccessTokens mount ::API::ResourceAccessTokens
mount ::API::Snippets
mount ::API::SnippetRepositoryStorageMoves mount ::API::SnippetRepositoryStorageMoves
mount ::API::Statistics mount ::API::Statistics
mount ::API::Submodules mount ::API::Submodules
@ -299,7 +301,6 @@ module API
mount ::API::ProjectImport mount ::API::ProjectImport
mount ::API::ProjectMilestones mount ::API::ProjectMilestones
mount ::API::ProjectPackages mount ::API::ProjectPackages
mount ::API::ProjectSnippets
mount ::API::ProjectStatistics mount ::API::ProjectStatistics
mount ::API::ProjectTemplates mount ::API::ProjectTemplates
mount ::API::Projects mount ::API::Projects
@ -315,7 +316,6 @@ module API
mount ::API::Search mount ::API::Search
mount ::API::Settings mount ::API::Settings
mount ::API::SidekiqMetrics mount ::API::SidekiqMetrics
mount ::API::Snippets
mount ::API::Subscriptions mount ::API::Subscriptions
mount ::API::Tags mount ::API::Tags
mount ::API::Templates mount ::API::Templates

View File

@ -3,16 +3,30 @@
module API module API
module Entities module Entities
class BasicSnippet < Grape::Entity class BasicSnippet < Grape::Entity
expose :id, :title, :description, :visibility expose :id, documentation: { type: 'integer', example: 1 }
expose :updated_at, :created_at expose :title, documentation: { type: 'string', example: 'test' }
expose :project_id expose :description, documentation: { type: 'string', example: 'Ruby test snippet' }
expose :web_url do |snippet| expose :visibility, documentation: { type: 'string', example: 'public' }
expose :author, using: Entities::UserBasic, documentation: { type: 'Entities::UserBasic' }
expose :created_at, documentation: { type: 'dateTime', example: '2012-06-28T10:52:04Z' }
expose :updated_at, documentation: { type: 'dateTime', example: '2012-06-28T10:52:04Z' }
expose :project_id, documentation: { type: 'integer', example: 1 }
expose :web_url, documentation: {
type: 'string', example: 'http://example.com/example/example/snippets/1'
} do |snippet|
Gitlab::UrlBuilder.build(snippet) Gitlab::UrlBuilder.build(snippet)
end end
expose :raw_url do |snippet| expose :raw_url, documentation: {
type: 'string', example: 'http://example.com/example/example/snippets/1/raw'
} do |snippet|
Gitlab::UrlBuilder.build(snippet, raw: true) Gitlab::UrlBuilder.build(snippet, raw: true)
end end
expose :ssh_url_to_repo, :http_url_to_repo, if: ->(snippet) { snippet.repository_exists? } expose :ssh_url_to_repo, documentation: {
type: 'string', example: 'ssh://user@gitlab.example.com/snippets/65.git'
}, if: ->(snippet) { snippet.repository_exists? }
expose :http_url_to_repo, documentation: {
type: 'string', example: 'https://gitlab.example.com/snippets/65.git'
}, if: ->(snippet) { snippet.repository_exists? }
end end
end end
end end

View File

@ -3,11 +3,13 @@
module API module API
module Entities module Entities
class Snippet < BasicSnippet class Snippet < BasicSnippet
expose :author, using: Entities::UserBasic expose :author, using: Entities::UserBasic, documentation: { type: 'Entities::UserBasic' }
expose :file_name do |snippet| expose :file_name, documentation: { type: 'string', example: 'add.rb' } do |snippet|
snippet_files.first || snippet.file_name snippet_files.first || snippet.file_name
end end
expose :files do |snippet, options| expose :files, documentation: {
is_array: true, example: 'e0d123e5f316bef78bfdf5a008837577'
} do |snippet, options|
snippet_files.map do |file| snippet_files.map do |file|
{ {
path: file, path: file,

View File

@ -4,7 +4,7 @@ module API
module Entities module Entities
module Snippets module Snippets
class RepositoryStorageMove < BasicRepositoryStorageMove class RepositoryStorageMove < BasicRepositoryStorageMove
expose :snippet, using: Entities::BasicSnippet expose :snippet, using: Entities::BasicSnippet, documentation: { type: 'Entities::BasicSnippet' }
end end
end end
end end

View File

@ -3,9 +3,9 @@
module API module API
module Entities module Entities
class UserAgentDetail < Grape::Entity class UserAgentDetail < Grape::Entity
expose :user_agent expose :user_agent, documentation: { type: 'string', example: 'AppleWebKit/537.36' }
expose :ip_address expose :ip_address, documentation: { type: 'string', example: '127.0.0.1' }
expose :submitted, as: :akismet_submitted expose :submitted, as: :akismet_submitted, documentation: { type: 'boolean', example: false }
end end
end end
end end

View File

@ -34,6 +34,11 @@ module API
desc 'Get all project snippets' do desc 'Get all project snippets' do
success Entities::ProjectSnippet success Entities::ProjectSnippet
failure [
{ code: 404, message: 'Not found' }
]
tags %w[project_snippets]
is_array true
end end
params do params do
use :pagination use :pagination
@ -46,6 +51,10 @@ module API
desc 'Get a single project snippet' do desc 'Get a single project snippet' do
success Entities::ProjectSnippet success Entities::ProjectSnippet
failure [
{ code: 404, message: 'Not found' }
]
tags %w[project_snippets]
end end
params do params do
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
@ -60,6 +69,12 @@ module API
desc 'Create a new project snippet' do desc 'Create a new project snippet' do
success Entities::ProjectSnippet success Entities::ProjectSnippet
failure [
{ code: 400, message: 'Validation error' },
{ code: 404, message: 'Not found' },
{ code: 422, message: 'Unprocessable entity' }
]
tags %w[project_snippets]
end end
params do params do
requires :title, type: String, allow_blank: false, desc: 'The title of the snippet' requires :title, type: String, allow_blank: false, desc: 'The title of the snippet'
@ -91,6 +106,12 @@ module API
desc 'Update an existing project snippet' do desc 'Update an existing project snippet' do
success Entities::ProjectSnippet success Entities::ProjectSnippet
failure [
{ code: 400, message: 'Validation error' },
{ code: 404, message: 'Not found' },
{ code: 422, message: 'Unprocessable entity' }
]
tags %w[project_snippets]
end end
params do params do
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
@ -132,7 +153,14 @@ module API
end end
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
desc 'Delete a project snippet' desc 'Delete a project snippet' do
success code: 204
failure [
{ code: 400, message: 'Validation error' },
{ code: 404, message: 'Not found' }
]
tags %w[project_snippets]
end
params do params do
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
end end
@ -156,7 +184,13 @@ module API
end end
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
desc 'Get a raw project snippet' desc 'Get a raw project snippet' do
success Entities::ProjectSnippet
failure [
{ code: 404, message: 'Not found' }
]
tags %w[project_snippets]
end
params do params do
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
end end
@ -168,7 +202,13 @@ module API
present content_for(snippet) present content_for(snippet)
end end
desc 'Get raw project snippet file contents from the repository' desc 'Get raw project snippet file contents from the repository' do
success Entities::ProjectSnippet
failure [
{ code: 404, message: 'Not found' }
]
tags %w[project_snippets]
end
params do params do
use :raw_file_params use :raw_file_params
end end
@ -182,6 +222,10 @@ module API
desc 'Get the user agent details for a project snippet' do desc 'Get the user agent details for a project snippet' do
success Entities::UserAgentDetail success Entities::UserAgentDetail
failure [
{ code: 404, message: 'Not found' }
]
tags %w[project_snippets]
end end
params do params do
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'

View File

@ -28,6 +28,11 @@ module API
desc 'Get a snippets list for an authenticated user' do desc 'Get a snippets list for an authenticated user' do
detail 'This feature was introduced in GitLab 8.15.' detail 'This feature was introduced in GitLab 8.15.'
success Entities::Snippet success Entities::Snippet
failure [
{ code: 404, message: 'Not found' }
]
tags %w[snippets]
is_array true
end end
params do params do
optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time' optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time'
@ -45,6 +50,11 @@ module API
desc 'List all public personal snippets current_user has access to' do desc 'List all public personal snippets current_user has access to' do
detail 'This feature was introduced in GitLab 8.15.' detail 'This feature was introduced in GitLab 8.15.'
success Entities::PersonalSnippet success Entities::PersonalSnippet
failure [
{ code: 404, message: 'Not found' }
]
tags %w[snippets]
is_array true
end end
params do params do
optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time' optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time'
@ -62,6 +72,10 @@ module API
desc 'Get a single snippet' do desc 'Get a single snippet' do
detail 'This feature was introduced in GitLab 8.15.' detail 'This feature was introduced in GitLab 8.15.'
success Entities::PersonalSnippet success Entities::PersonalSnippet
failure [
{ code: 404, message: 'Not found' }
]
tags %w[snippets]
end end
params do params do
requires :id, type: Integer, desc: 'The ID of a snippet' requires :id, type: Integer, desc: 'The ID of a snippet'
@ -77,6 +91,12 @@ module API
desc 'Create new snippet' do desc 'Create new snippet' do
detail 'This feature was introduced in GitLab 8.15.' detail 'This feature was introduced in GitLab 8.15.'
success Entities::PersonalSnippet success Entities::PersonalSnippet
failure [
{ code: 400, message: 'Validation error' },
{ code: 404, message: 'Not found' },
{ code: 422, message: 'Unprocessable entity' }
]
tags %w[snippets]
end end
params do params do
requires :title, type: String, allow_blank: false, desc: 'The title of a snippet' requires :title, type: String, allow_blank: false, desc: 'The title of a snippet'
@ -110,6 +130,12 @@ module API
desc 'Update an existing snippet' do desc 'Update an existing snippet' do
detail 'This feature was introduced in GitLab 8.15.' detail 'This feature was introduced in GitLab 8.15.'
success Entities::PersonalSnippet success Entities::PersonalSnippet
failure [
{ code: 400, message: 'Validation error' },
{ code: 404, message: 'Not found' },
{ code: 422, message: 'Unprocessable entity' }
]
tags %w[snippets]
end end
params do params do
@ -154,6 +180,11 @@ module API
desc 'Remove snippet' do desc 'Remove snippet' do
detail 'This feature was introduced in GitLab 8.15.' detail 'This feature was introduced in GitLab 8.15.'
success Entities::PersonalSnippet success Entities::PersonalSnippet
failure [
{ code: 400, message: 'Validation error' },
{ code: 404, message: 'Not found' }
]
tags %w[snippets]
end end
params do params do
requires :id, type: Integer, desc: 'The ID of a snippet' requires :id, type: Integer, desc: 'The ID of a snippet'
@ -178,6 +209,10 @@ module API
desc 'Get a raw snippet' do desc 'Get a raw snippet' do
detail 'This feature was introduced in GitLab 8.15.' detail 'This feature was introduced in GitLab 8.15.'
failure [
{ code: 404, message: 'Not found' }
]
tags %w[snippets]
end end
params do params do
requires :id, type: Integer, desc: 'The ID of a snippet' requires :id, type: Integer, desc: 'The ID of a snippet'
@ -189,7 +224,12 @@ module API
present content_for(snippet) present content_for(snippet)
end end
desc 'Get raw snippet file contents from the repository' desc 'Get raw snippet file contents from the repository' do
failure [
{ code: 404, message: 'Not found' }
]
tags %w[snippets]
end
params do params do
use :raw_file_params use :raw_file_params
end end
@ -202,6 +242,10 @@ module API
desc 'Get the user agent details for a snippet' do desc 'Get the user agent details for a snippet' do
success Entities::UserAgentDetail success Entities::UserAgentDetail
failure [
{ code: 404, message: 'Not found' }
]
tags %w[snippets]
end end
params do params do
requires :id, type: Integer, desc: 'The ID of a snippet' requires :id, type: Integer, desc: 'The ID of a snippet'

View File

@ -212,8 +212,8 @@ RSpec.describe GitlabSchema.types['Project'] do
it "returns the project's sast configuration for analyzer variables" do it "returns the project's sast configuration for analyzer variables" do
analyzer = subject.dig('data', 'project', 'sastCiConfiguration', 'analyzers', 'nodes').first analyzer = subject.dig('data', 'project', 'sastCiConfiguration', 'analyzers', 'nodes').first
expect(analyzer['name']).to eq('bandit') expect(analyzer['name']).to eq('brakeman')
expect(analyzer['label']).to eq('Bandit') expect(analyzer['label']).to eq('Brakeman')
expect(analyzer['enabled']).to eq(true) expect(analyzer['enabled']).to eq(true)
end end

View File

@ -11,9 +11,9 @@ RSpec.describe Security::CiConfiguration::SastParserService do
let(:sast_excluded_paths) { configuration['global'][1] } let(:sast_excluded_paths) { configuration['global'][1] }
let(:sast_pipeline_stage) { configuration['pipeline'][0] } let(:sast_pipeline_stage) { configuration['pipeline'][0] }
let(:sast_search_max_depth) { configuration['pipeline'][1] } let(:sast_search_max_depth) { configuration['pipeline'][1] }
let(:bandit) { configuration['analyzers'][0] } let(:brakeman) { configuration['analyzers'][0] }
let(:brakeman) { configuration['analyzers'][1] }
let(:sast_brakeman_level) { brakeman['variables'][0] } let(:sast_brakeman_level) { brakeman['variables'][0] }
let(:semgrep) { configuration['analyzers'][1] }
let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' } let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' }
it 'parses the configuration for SAST' do it 'parses the configuration for SAST' do
@ -34,7 +34,7 @@ RSpec.describe Security::CiConfiguration::SastParserService do
expect(sast_pipeline_stage['value']).to eql('our_custom_security_stage') expect(sast_pipeline_stage['value']).to eql('our_custom_security_stage')
expect(sast_search_max_depth['value']).to eql('8') expect(sast_search_max_depth['value']).to eql('8')
expect(brakeman['enabled']).to be(false) expect(brakeman['enabled']).to be(false)
expect(bandit['enabled']).to be(true) expect(semgrep['enabled']).to be(true)
expect(sast_brakeman_level['value']).to eql('2') expect(sast_brakeman_level['value']).to eql('2')
end end
@ -43,7 +43,7 @@ RSpec.describe Security::CiConfiguration::SastParserService do
allow(project.repository).to receive(:blob_data_at).and_return(gitlab_ci_yml_excluded_analyzers_content) allow(project.repository).to receive(:blob_data_at).and_return(gitlab_ci_yml_excluded_analyzers_content)
expect(brakeman['enabled']).to be(false) expect(brakeman['enabled']).to be(false)
expect(bandit['enabled']).to be(true) expect(semgrep['enabled']).to be(true)
end end
end end
end end

View File

@ -1,9 +1,9 @@
module gitlab.com/gitlab-org/gitlab/workhorse module gitlab.com/gitlab-org/gitlab/workhorse
go 1.17 go 1.18
require ( require (
github.com/Azure/azure-storage-blob-go v0.14.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1
github.com/BurntSushi/toml v1.2.1 github.com/BurntSushi/toml v1.2.1
github.com/FZambia/sentinel v1.1.1 github.com/FZambia/sentinel v1.1.1
github.com/alecthomas/chroma/v2 v2.3.0 github.com/alecthomas/chroma/v2 v2.3.0
@ -29,11 +29,11 @@ require (
gitlab.com/gitlab-org/gitaly/v15 v15.5.1 gitlab.com/gitlab-org/gitaly/v15 v15.5.1
gitlab.com/gitlab-org/golang-archive-zip v0.1.1 gitlab.com/gitlab-org/golang-archive-zip v0.1.1
gitlab.com/gitlab-org/labkit v1.16.1 gitlab.com/gitlab-org/labkit v1.16.1
gocloud.dev v0.26.0 gocloud.dev v0.27.0
golang.org/x/image v0.0.0-20220722155232-062f8c9fd539 golang.org/x/image v0.0.0-20220722155232-062f8c9fd539
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
golang.org/x/net v0.0.0-20220722155237-a158d28d115b golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b
golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c
golang.org/x/tools v0.1.12 golang.org/x/tools v0.1.12
google.golang.org/grpc v1.50.1 google.golang.org/grpc v1.50.1
google.golang.org/protobuf v1.28.1 google.golang.org/protobuf v1.28.1
@ -41,24 +41,23 @@ require (
) )
require ( require (
cloud.google.com/go v0.100.2 // indirect cloud.google.com/go v0.103.0 // indirect
cloud.google.com/go/compute v1.5.0 // indirect cloud.google.com/go/compute v1.7.0 // indirect
cloud.google.com/go/iam v0.3.0 // indirect cloud.google.com/go/iam v0.3.0 // indirect
cloud.google.com/go/monitoring v1.4.0 // indirect cloud.google.com/go/monitoring v1.5.0 // indirect
cloud.google.com/go/profiler v0.1.0 // indirect cloud.google.com/go/profiler v0.1.0 // indirect
cloud.google.com/go/storage v1.21.0 // indirect cloud.google.com/go/storage v1.24.0 // indirect
cloud.google.com/go/trace v1.2.0 // indirect cloud.google.com/go/trace v1.2.0 // indirect
contrib.go.opencensus.io/exporter/stackdriver v0.13.10 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.13 // indirect
github.com/Azure/azure-pipeline-go v0.2.3 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.22 // indirect github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.17 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/DataDog/datadog-go v4.4.0+incompatible // indirect github.com/DataDog/datadog-go v4.4.0+incompatible // indirect
github.com/DataDog/sketches-go v1.0.0 // indirect github.com/DataDog/sketches-go v1.0.0 // indirect
github.com/Microsoft/go-winio v0.5.0 // indirect github.com/Microsoft/go-winio v0.5.1 // indirect
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
github.com/beevik/ntp v0.3.0 // indirect github.com/beevik/ntp v0.3.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect
@ -70,30 +69,33 @@ require (
github.com/dlclark/regexp2 v1.4.0 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect
github.com/go-ole/go-ole v1.2.4 // indirect github.com/go-ole/go-ole v1.2.4 // indirect
github.com/gogo/protobuf v1.3.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt v3.2.1+incompatible // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/go-cmp v0.5.9 // indirect github.com/google/go-cmp v0.5.9 // indirect
github.com/google/pprof v0.0.0-20210804190019-f964ff605595 // indirect github.com/google/pprof v0.0.0-20220608213341-c488b8fa1db3 // indirect
github.com/google/uuid v1.3.0 // indirect github.com/google/uuid v1.3.0 // indirect
github.com/google/wire v0.5.0 // indirect github.com/google/wire v0.5.0 // indirect
github.com/googleapis/gax-go/v2 v2.2.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
github.com/googleapis/gax-go/v2 v2.4.0 // indirect
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect
github.com/hashicorp/yamux v0.1.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/jtolds/gls v4.20.0+incompatible // indirect github.com/jtolds/gls v4.20.0+incompatible // indirect
github.com/kr/text v0.2.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20210210170715-a8dfcb80d3a7 // indirect github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20210210170715-a8dfcb80d3a7 // indirect
github.com/lightstep/lightstep-tracer-go v0.25.0 // indirect github.com/lightstep/lightstep-tracer-go v0.25.0 // indirect
github.com/mattn/go-ieproxy v0.0.6 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/oklog/ulid/v2 v2.0.2 // indirect github.com/oklog/ulid/v2 v2.0.2 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/philhofer/fwd v1.1.1 // indirect github.com/philhofer/fwd v1.1.1 // indirect
github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect
github.com/pkg/errors v0.9.1 // indirect github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/common v0.37.0 // indirect
github.com/prometheus/procfs v0.8.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect
github.com/prometheus/prometheus v0.37.0 // indirect
github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 // indirect github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 // indirect
github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 // indirect github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 // indirect
github.com/shirou/gopsutil/v3 v3.21.2 // indirect github.com/shirou/gopsutil/v3 v3.21.2 // indirect
@ -109,13 +111,13 @@ require (
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e // indirect golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e // indirect
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect
golang.org/x/text v0.3.8 // indirect golang.org/x/text v0.3.8 // indirect
golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
google.golang.org/api v0.74.0 // indirect google.golang.org/api v0.91.0 // indirect
google.golang.org/appengine v1.6.7 // indirect google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20220401170504-314d38edb7de // indirect google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 // indirect
gopkg.in/DataDog/dd-trace-go.v1 v1.32.0 // indirect gopkg.in/DataDog/dd-trace-go.v1 v1.32.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
) )

File diff suppressed because it is too large Load Diff

View File

@ -10,7 +10,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/Azure/azure-storage-blob-go/azblob" "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
"github.com/BurntSushi/toml" "github.com/BurntSushi/toml"
"gocloud.dev/blob" "gocloud.dev/blob"
"gocloud.dev/blob/azureblob" "gocloud.dev/blob/azureblob"
@ -174,18 +174,21 @@ func (c *Config) RegisterGoCloudURLOpeners() error {
} }
func (creds *AzureCredentials) getURLOpener() (*azureblob.URLOpener, error) { func (creds *AzureCredentials) getURLOpener() (*azureblob.URLOpener, error) {
accountName := azureblob.AccountName(creds.AccountName) serviceURLOptions := azureblob.ServiceURLOptions{
accountKey := azureblob.AccountKey(creds.AccountKey) AccountName: creds.AccountName,
}
credential, err := azureblob.NewCredential(accountName, accountKey) clientFunc := func(svcURL azureblob.ServiceURL) (*azblob.ServiceClient, error) {
if err != nil { sharedKeyCred, err := azblob.NewSharedKeyCredential(creds.AccountName, creds.AccountKey)
return nil, fmt.Errorf("error creating Azure credentials: %w", err) if err != nil {
return nil, fmt.Errorf("error creating Azure credentials: %w", err)
}
return azblob.NewServiceClientWithSharedKey(string(svcURL), sharedKeyCred, &azblob.ClientOptions{})
} }
return &azureblob.URLOpener{ return &azureblob.URLOpener{
AccountName: accountName, MakeClient: clientFunc,
Pipeline: azureblob.NewPipeline(credential, azblob.PipelineOptions{}), ServiceURLOptions: serviceURLOptions,
Options: azureblob.Options{Credential: credential},
}, nil }, nil
} }