feat(github): add graphql client

go.mod

@@ -270,6 +270,8 @@ require (
 	github.com/sendgrid/rest v2.6.9+incompatible // indirect
 	github.com/shirou/gopsutil/v3 v3.23.12 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
+	github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7 // indirect
+	github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.3.0 // indirect
 	github.com/sorairolake/lzip-go v0.3.5 // indirect

go.sum

@@ -709,6 +709,10 @@ github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
 github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
 github.com/shuheiktgw/go-travis v0.3.1 h1:SAT16mi77ccqogOslnXxBXzXbpeyChaIYUwi2aJpVZY=
 github.com/shuheiktgw/go-travis v0.3.1/go.mod h1:avnFFDqJDdRHwlF9tgqvYi3asQCm/HGL8aLxYiKa4Yg=
+github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7 h1:cYCy18SHPKRkvclm+pWm1Lk4YrREb4IOIb/YdFO0p2M=
+github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7/go.mod h1:zqMwyHmnN/eDOZOdiTohqIUKUrTFX62PNlu7IJdu0q8=
+github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 h1:17JxqqJY66GmZVHkmAsGEkcIu0oCe3AM420QDgGwZx0=
+github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466/go.mod h1:9dIRpgIY7hVhoqfe0/FcYp0bpInZaT7dc3BYOprrIUE=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=

pkg/sources/github/connector.go

@@ -5,9 +5,10 @@ import (
 
 	gogit "github.com/go-git/go-git/v5"
 	"github.com/google/go-github/v67/github"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/log"
+	"github.com/shurcooL/githubv4"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/log"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
 )
 
@@ -16,6 +17,8 @@ const cloudEndpoint = "https://api.github.com"
 type connector interface {
 	// APIClient returns a configured GitHub client that can be used for GitHub API operations.
 	APIClient() *github.Client
+	// GraphQLClient returns a client that can be used for GraphQL operations.
+	GraphQLClient() *githubv4.Client
 	// Clone clones a repository using the configured authentication information.
 	Clone(ctx context.Context, repoURL string) (string, *gogit.Repository, error)
 }

pkg/sources/github/connector_app.go

@@ -7,6 +7,8 @@ import (
 	"github.com/bradleyfalzon/ghinstallation/v2"
 	gogit "github.com/go-git/go-git/v5"
 	"github.com/google/go-github/v67/github"
+	"github.com/shurcooL/githubv4"
+
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/credentialspb"
@@ -15,6 +17,7 @@ import (
 
 type appConnector struct {
 	apiClient          *github.Client
+	graphQlClient      *githubv4.Client
 	installationClient *github.Client
 	installationID     int64
 }
@@ -69,6 +72,7 @@ func newAppConnector(apiEndpoint string, app *credentialspb.GitHubApp) (*appConn
 
 	return &appConnector{
 		apiClient:          apiClient,
+		graphQlClient:      githubv4.NewEnterpriseClient(apiEndpoint, httpClient),
 		installationClient: installationClient,
 		installationID:     installationID,
 	}, nil
@@ -78,6 +82,10 @@ func (c *appConnector) APIClient() *github.Client {
 	return c.apiClient
 }
 
+func (c *appConnector) GraphQLClient() *githubv4.Client {
+	return c.graphQlClient
+}
+
 func (c *appConnector) Clone(ctx context.Context, repoURL string) (string, *gogit.Repository, error) {
 	// TODO: Check rate limit for this call.
 	token, _, err := c.installationClient.Apps.CreateInstallationToken(

pkg/sources/github/connector_basicauth.go

@@ -5,16 +5,19 @@ import (
 
 	gogit "github.com/go-git/go-git/v5"
 	"github.com/google/go-github/v67/github"
+	"github.com/shurcooL/githubv4"
+
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/credentialspb"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/git"
 )
 
 type basicAuthConnector struct {
-	apiClient *github.Client
-	username  string
-	password  string
+	apiClient     *github.Client
+	graphQlClient *githubv4.Client
+	username      string
+	password      string
 }
 
 var _ connector = (*basicAuthConnector)(nil)
@@ -33,16 +36,21 @@ func newBasicAuthConnector(apiEndpoint string, cred *credentialspb.BasicAuth) (*
 	}
 
 	return &basicAuthConnector{
-		apiClient: apiClient,
-		username:  cred.Username,
-		password:  cred.Password,
+		apiClient:     apiClient,
+		graphQlClient: githubv4.NewEnterpriseClient(apiEndpoint, httpClient),
+		username:      cred.Username,
+		password:      cred.Password,
 	}, nil
 }
 
 func (c *basicAuthConnector) APIClient() *github.Client {
 	return c.apiClient
 }
 
+func (c *basicAuthConnector) GraphQLClient() *githubv4.Client {
+	return c.graphQlClient
+}
+
 func (c *basicAuthConnector) Clone(ctx context.Context, repoURL string) (string, *gogit.Repository, error) {
 	return git.CloneRepoUsingToken(ctx, c.password, repoURL, c.username)
 }

pkg/sources/github/connector_token.go

@@ -7,15 +7,18 @@ import (
 
 	gogit "github.com/go-git/go-git/v5"
 	"github.com/google/go-github/v67/github"
+	"github.com/shurcooL/githubv4"
+	"golang.org/x/oauth2"
+
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/git"
-	"golang.org/x/oauth2"
 )
 
 type tokenConnector struct {
 	apiClient          *github.Client
 	token              string
+	graphQlClient      *githubv4.Client
 	isGitHubEnterprise bool
 	handleRateLimit    func(context.Context, error) bool
 	user               string
@@ -40,6 +43,7 @@ func newTokenConnector(apiEndpoint string, token string, handleRateLimit func(co
 
 	return &tokenConnector{
 		apiClient:          apiClient,
+		graphQlClient:      githubv4.NewEnterpriseClient(apiEndpoint, httpClient),
 		token:              token,
 		isGitHubEnterprise: !strings.EqualFold(apiEndpoint, cloudEndpoint),
 		handleRateLimit:    handleRateLimit,
@@ -50,6 +54,10 @@ func (c *tokenConnector) APIClient() *github.Client {
 	return c.apiClient
 }
 
+func (c *tokenConnector) GraphQLClient() *githubv4.Client {
+	return c.graphQlClient
+}
+
 func (c *tokenConnector) Clone(ctx context.Context, repoURL string) (string, *gogit.Repository, error) {
 	if err := c.setUserIfUnset(ctx); err != nil {
 		return "", nil, err

pkg/sources/github/connector_unauthenticated.go

@@ -5,14 +5,16 @@ import (
 
 	gogit "github.com/go-git/go-git/v5"
 	"github.com/google/go-github/v67/github"
+	"github.com/shurcooL/githubv4"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/git"
 )
 
 type unauthenticatedConnector struct {
-	apiClient *github.Client
+	apiClient     *github.Client
+	graphQlClient *githubv4.Client
 }
 
 var _ connector = (*unauthenticatedConnector)(nil)
@@ -25,14 +27,19 @@ func newUnauthenticatedConnector(apiEndpoint string) (*unauthenticatedConnector,
 		return nil, fmt.Errorf("could not create API client: %w", err)
 	}
 	return &unauthenticatedConnector{
-		apiClient: apiClient,
+		apiClient:     apiClient,
+		graphQlClient: githubv4.NewEnterpriseClient(apiEndpoint, httpClient),
 	}, nil
 }
 
 func (c *unauthenticatedConnector) APIClient() *github.Client {
 	return c.apiClient
 }
 
+func (c *unauthenticatedConnector) GraphQLClient() *githubv4.Client {
+	return c.graphQlClient
+}
+
 func (c *unauthenticatedConnector) Clone(ctx context.Context, repoURL string) (string, *gogit.Repository, error) {
 	return git.CloneRepoUsingUnauthenticated(ctx, repoURL)
 }