Skip to content

Navigation Menu

Appearance settings

View all features
- BY COMPANY SIZE
  Enterprises
  Small and medium teams
  Startups
  Nonprofits
- BY USE CASE
  App Modernization
  DevSecOps
  DevOps
  CI/CD
  View all use cases
- BY INDUSTRY
  Healthcare
  Financial services
  Manufacturing
  Government
  View all industries
View all solutions
- EXPLORE BY TOPIC
  AI
  Software Development
  DevOps
  Security
  View all topics
- EXPLORE BY TYPE
  Customer stories
  Events & webinars
  Ebooks & reports
  Business insights
  GitHub Skills
- SUPPORT & SERVICES
  Documentation
  Customer support
  Community forum
  Trust center
  Partners
- COMMUNITY
  GitHub SponsorsFund open source developers
- PROGRAMS
  Security Lab
  Maintainer Community
  Accelerator
  Archive Program
- REPOSITORIES
  Topics
  Trending
  Collections
- ENTERPRISE SOLUTIONS
  Enterprise platformAI-powered developer platform
- AVAILABLE ADD-ONS
  GitHub Advanced SecurityEnterprise-grade security features
  Copilot for BusinessEnterprise-grade AI features
  Premium SupportEnterprise-grade 24/7 support
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

deploymenttheory / go-api-http-client Public

generated from deploymenttheory/Template

Notifications You must be signed in to change notification settings
Fork 1
Star 1

Code
Issues
Pull requests 6
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

1st commit #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

ShocOne merged 4 commits into main from dev

Feb 7, 2024

Merged

1st commit #1

ShocOne merged 4 commits into main from dev

Feb 7, 2024

Conversation 13 Commits 4 Checks 0 Files changed

Uh oh!

There was an error while loading. Please reload this page.

Conversation

Copy link

Member

ShocOne commented Feb 7, 2024

Change

Feel free to remove this sample text

Thank you for your contribution !
Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context.
List any dependencies that are required for this change.

Type of Change

Please delete options that are not relevant.

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
This change requires a documentation update (Wiki)

Checklist

I'm sure there are no other open Pull Requests for the same update/change
My corresponding pipelines / checks run clean and green without any errors or warnings
My code follows the style guidelines of this project
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation (readme)
I did format my code

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions


          1st commit

e496efc

Copy link

github-advanced-security bot commented Feb 7, 2024

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

All reactions

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

github-advanced-security bot found potential problems

View reviewed changes

internal/httpclient/http_rate_handler.go

+              // calculateBackoff calculates the next delay for retry with exponential backoff and jitter.
+              func calculateBackoff(retry int) time.Duration {
+              	delay := float64(baseDelay) * math.Pow(2, float64(retry))
+              	jitter := (rand.Float64() - 0.5) * jitterFactor * 2.0 // Random value between -jitterFactor and +jitterFactor

Check failure

Code scanning / gosec

Use of weak random number generator (math/rand instead of crypto/rand)

Use of weak random number generator (math/rand instead of crypto/rand)

internal/apihandlers/jamfpro/jamfpro_api_handler.go

+              	OAuthTokenEndpoint      = "/api/oauth/token"              // OAuthTokenEndpoint: The endpoint to obtain an OAuth token.
+              	BearerTokenEndpoint     = "/api/v1/auth/token"            // BearerTokenEndpoint: The endpoint to obtain a bearer token.
+              	TokenRefreshEndpoint    = "/api/v1/auth/keep-alive"       // TokenRefreshEndpoint: The endpoint to refresh an existing token.
+              	TokenInvalidateEndpoint = "/api/v1/auth/invalidate-token" // TokenInvalidateEndpoint: The endpoint to invalidate an active token.

Check failure

Code scanning / gosec

Potential hardcoded credentials

Potential hardcoded credentials

internal/apihandlers/jamfpro/jamfpro_api_handler.go

+              	DefaultBaseDomain       = ".jamfcloud.com"                // DefaultBaseDomain: represents the base domain for the jamf instance.
+              	OAuthTokenEndpoint      = "/api/oauth/token"              // OAuthTokenEndpoint: The endpoint to obtain an OAuth token.
+              	BearerTokenEndpoint     = "/api/v1/auth/token"            // BearerTokenEndpoint: The endpoint to obtain a bearer token.
+              	TokenRefreshEndpoint    = "/api/v1/auth/keep-alive"       // TokenRefreshEndpoint: The endpoint to refresh an existing token.

Check failure

Code scanning / gosec

Potential hardcoded credentials

Potential hardcoded credentials

internal/apihandlers/jamfpro/jamfpro_api_handler.go

+              const (
+              	DefaultBaseDomain       = ".jamfcloud.com"                // DefaultBaseDomain: represents the base domain for the jamf instance.
+              	OAuthTokenEndpoint      = "/api/oauth/token"              // OAuthTokenEndpoint: The endpoint to obtain an OAuth token.
+              	BearerTokenEndpoint     = "/api/v1/auth/token"            // BearerTokenEndpoint: The endpoint to obtain a bearer token.

Check failure

Code scanning / gosec

Potential hardcoded credentials

Potential hardcoded credentials

internal/apihandlers/jamfpro/jamfpro_api_handler.go

+              // Endpoint constants represent the URL suffixes used for Jamf API token interactions.
+              const (
+              	DefaultBaseDomain       = ".jamfcloud.com"                // DefaultBaseDomain: represents the base domain for the jamf instance.
+              	OAuthTokenEndpoint      = "/api/oauth/token"              // OAuthTokenEndpoint: The endpoint to obtain an OAuth token.

Check failure

Code scanning / gosec

Potential hardcoded credentials

Potential hardcoded credentials

internal/httpclient/http_helpers.go

+              // LoadAuthConfig reads a JSON configuration file and decodes it into a ClientAuthConfig struct.
+              // It is used to retrieve authentication details like BaseURL, Username, and Password for the client.
+              func LoadAuthConfig(filename string) (*AuthConfig, error) {
+              	file, err := os.Open(filename)

Check failure

Code scanning / gosec

Potential file inclusion via variable

Potential file inclusion via variable

internal/apihandlers/jamfpro/jamfpro_api_handler.go

+              	// Add the files to the form data
+              	for formField, filepath := range files {
+              		file, err := os.Open(filepath)

Check failure

Code scanning / gosec

Potential file inclusion via variable

Potential file inclusion via variable

internal/apihandlers/jamfpro/jamfpro_api_handler.go Outdated

+              // If reading or unmarshalling fails, an error is returned.
+              func LoadUserConfig(filename string) error {
+              	// Read the user-provided JSON configuration file and unmarshal it into the global configMap.
+              	userConfigBytes, err := os.ReadFile(filename)

Check failure

Code scanning / gosec

Potential file inclusion via variable

Potential file inclusion via variable


          Add new dependencies and update package structure***

aca1b14

***Remove unused http client default configuration***

***Improve error handling and logging in http client***

***Update go.sum with new dependencies

github-advanced-security bot found potential problems

View reviewed changes

internal/apihandlers/graph/graph_api_handler.go

+              // Endpoint constants represent the URL suffixes used for Graph API token interactions.
+              const (
+              	DefaultBaseDomain       = "graph.microsoft.com"           // DefaultBaseDomain: represents the base domain for graph.
+              	TokenInvalidateEndpoint = "/api/v1/auth/invalidate-token" // TokenInvalidateEndpoint: The endpoint to invalidate an active token.

Check failure

Code scanning / gosec

Potential hardcoded credentials

Potential hardcoded credentials

internal/apihandlers/graph/graph_api_handler.go

+              	// Add the files to the form data
+              	for formField, filepath := range files {
+              		file, err := os.Open(filepath)

Check failure

Code scanning / gosec

Potential file inclusion via variable

Potential file inclusion via variable

internal/apihandlers/graph/graph_api_handler.go

+              // If reading or unmarshalling fails, an error is returned.
+              func LoadUserConfig(filename string) error {
+              	// Read the user-provided JSON configuration file and unmarshal it into the global configMap.
+              	userConfigBytes, err := os.ReadFile(filename)

Check failure

Code scanning / gosec

Potential file inclusion via variable

Potential file inclusion via variable

github-advanced-security bot found potential problems

View reviewed changes

internal/httpclient/http_logger.go

+              // Debug method implementation
+              func (d *defaultLogger) Debug(msg string, keysAndValues ...interface{}) {
+              	if d.logLevel >= LogLevelDebug {
+              		d.logger.Debug(msg, toZapFields(keysAndValues...)...)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by HTTP request headers](1) flows to a logging call. [Sensitive data returned by HTTP request headers](2) flows to a logging call.

ShocOne added 2 commits

February 7, 2024 15:24


          Refactor HTTP client logging and deprecation handling

382cd64


          Refactor API handler and module name***

003b713

ShocOne merged commit a127fe1 into main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Uh oh!

There was an error while loading. Please reload this page.

2 participants

Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Community
Docs
Contact

You can’t perform that action at this time.