From ca5c404a97cd54ce688e37aff672196fc8815841 Mon Sep 17 00:00:00 2001 From: Gabriela Gutierrez Date: Mon, 23 Oct 2023 20:57:55 +0000 Subject: [PATCH] :bug: scanning gitlab private repositories (#3596) * fix: Run for gitlab private repos Signed-off-by: Gabriela Gutierrez * test: gitlab repo is accessible Signed-off-by: Gabriela Gutierrez * fix: linter error Signed-off-by: Gabriela Gutierrez --------- Signed-off-by: Gabriela Gutierrez Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> --- clients/gitlabrepo/client.go | 3 +- clients/gitlabrepo/client_test.go | 71 +++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 clients/gitlabrepo/client_test.go diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go index 601d9dbff75..a0196d245b1 100644 --- a/clients/gitlabrepo/client.go +++ b/clients/gitlabrepo/client.go @@ -62,8 +62,7 @@ var errRepoAccess = errors.New("repo inaccessible") // Raise an error if repository access level is private or disabled. func checkRepoInaccessible(repo *gitlab.Project) error { - if (repo.RepositoryAccessLevel == gitlab.PrivateAccessControl) || - (repo.RepositoryAccessLevel == gitlab.DisabledAccessControl) { + if repo.RepositoryAccessLevel == gitlab.DisabledAccessControl { return fmt.Errorf("%w: %s access level %s", errRepoAccess, repo.PathWithNamespace, string(repo.RepositoryAccessLevel), ) diff --git a/clients/gitlabrepo/client_test.go b/clients/gitlabrepo/client_test.go new file mode 100644 index 00000000000..c305533550e --- /dev/null +++ b/clients/gitlabrepo/client_test.go @@ -0,0 +1,71 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "errors" + "testing" + + "github.com/xanzy/go-gitlab" +) + +func TestCheckRepoInaccessible(t *testing.T) { + t.Parallel() + + tests := []struct { + want error + repo *gitlab.Project + name string + }{ + { + name: "if repo is enabled then it is accessible", + repo: &gitlab.Project{ + RepositoryAccessLevel: gitlab.EnabledAccessControl, + }, + }, + { + name: "repo should not have public access in this case, but if it does it is accessible", + repo: &gitlab.Project{ + RepositoryAccessLevel: gitlab.PublicAccessControl, + }, + }, + { + name: "if repo is disabled then is inaccessible", + repo: &gitlab.Project{ + RepositoryAccessLevel: gitlab.DisabledAccessControl, + }, + want: errRepoAccess, + }, + { + name: "if repo is private then it is accessible", + repo: &gitlab.Project{ + RepositoryAccessLevel: gitlab.PrivateAccessControl, + }, + }, + } + + for _, tt := range tests { + tt := tt + + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + got := checkRepoInaccessible(tt.repo) + if !errors.Is(got, tt.want) { + t.Errorf("checkRepoInaccessible() got %v, want %v", got, tt.want) + } + }) + } +}