[THOG-204] Use oauth2 as username when cloning #441
Conversation
ahrav
requested review from
mcastorina,
dustin-decker,
bill-rich and
trufflesteeeve
pkg/sources/gitlab/gitlab.go
Outdated
| @@ -324,7 +324,7 @@ func (s *Source) scanRepos(ctx context.Context, chunksChan chan *sources.Chunk, | |||
| } | |||
| s.SetProgressComplete(i, len(repos), fmt.Sprintf("Repo: %s", repoURL), "") | |||
|
|
|||
| path, repo, err := git.CloneRepoUsingToken(s.token, repoURL.String(), s.user) | |||
| path, repo, err := git.CloneRepoUsingToken(s.token, repoURL.String(), "oauth2") | |||
There was a problem hiding this comment.
Maybe "placeholder" instead? We don't support oauth2 for gitlab, this is kind of confusing.
There was a problem hiding this comment.
well the "oauth2" string is actually need in order to server as the user here:
trufflehog/pkg/sources/git/git.go
Lines 244 to 247 in b574327
which is then used here:
trufflehog/pkg/sources/git/git.go
Lines 216 to 220 in b574327
That way when we construct the url to clone it has the correct format of:
git clone https://oauth2:${Personal Access Tokens}@gitlab.com/username/myrepo.git Without oauth2 as part of the url string the clone command fails because it requires a username and password. Not sure if there is an alternative way to clone a private repo without setting the url string as in the example above.
There was a problem hiding this comment.
Are you saying the specific string "oauth2" is required and a string that is "placeholder" (or similar) won't work? As far as I can tell, there is nothing related to oauth2 happening here so it's confusing.
There was a problem hiding this comment.
ahh got it, yea I was under the impression it needed to be oauth2 as the string before : in the url because that's what i was reading SO answers
but with some additional testing as long as it's a string it works, it just can't be an empty string. Interesting and weird 🤔
Updated to "placeholder"
pkg/sources/gitlab/gitlab.go
Outdated
| @@ -324,7 +324,7 @@ func (s *Source) scanRepos(ctx context.Context, chunksChan chan *sources.Chunk, | |||
| } | |||
| s.SetProgressComplete(i, len(repos), fmt.Sprintf("Repo: %s", repoURL), "") | |||
|
|
|||
| path, repo, err := git.CloneRepoUsingToken(s.token, repoURL.String(), s.user) | |||
| path, repo, err := git.CloneRepoUsingToken(s.token, repoURL.String(), "placeholder") | |||
There was a problem hiding this comment.
I think basic auth used to be supported on gitlab, so we should leave the option for a username. The on prem gitlab offering could still support it. Using "placeholder" if s.user is empty should work.
There was a problem hiding this comment.
makes sense. Updated to check if s.user is set in the event it isn't we can use "placeholder".
* Use oauth2 as the username for cloning private repos with a token. * Update username string. * Only set user to "placeholder" if no username is present.
What?
Fix error when cloning private gitlab repos.
Why?
In order to scan repos for secret we need to be able to clone them first.
How?
Use oauth2 as the username when constructing the url for cloning a repo.
Testing?
Updated unit tests and they are also now working.
Screenshots (optional)
Anything Else?