Add GitLab support to CLI (trufflesecurity#78)

* Add GitLab support to CLI * Update cli message Co-authored-by: Dustin Decker <dustin@trufflesec.com>
sainsburys-tech · Mar 15, 2022 · 2cb5b27 · 2cb5b27
1 parent 8d1db04
commit 2cb5b27
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 4 deletions.
diff --git a/main.go b/main.go
@@ -54,9 +54,11 @@ func main() {
 	githubScanToken := githubScan.Flag("token", "GitHub token.").String()
 	githubIncludeForks := githubScan.Flag("include_forks", "Include forks in scan.").Bool()
 
-	gitlabScan := cli.Command("gitlab", "Coming soon. Find credentials in GitLab repositories.")
-	// gitlabScanTarget := gitlabScan.Arg("target", "GitLab target. Can be a repository, user or organization.").Required().String()
-	// gitlabScanToken := gitlabScan.Flag("token", "GitLab token.").String()
+	gitlabScan := cli.Command("gitlab", "Find credentials in GitLab repositories.")
+	// TODO: Add more GitLab options
+	gitlabScanEndpoint := gitlabScan.Flag("endpoint", "GitLab endpoint.").Default("https://gitlab.com").String()
+	gitlabScanRepos := gitlabScan.Flag("repo", "GitLab repo url. You can repeat this flag. Leave empty to scan all repos accessible with provided credential. Example: https://gitlab.com/org/repo.git").Strings()
+	gitlabScanToken := gitlabScan.Flag("token", "GitLab token.").Required().String()
 
 	filesystemScan := cli.Command("filesystem", "Find credentials in a filesystem.")
 	filesystemDirectories := filesystemScan.Flag("directory", "Path to directory to scan. You can repeat this flag.").Required().Strings()
@@ -131,7 +133,10 @@ func main() {
 			logrus.WithError(err).Fatal("Failed to scan git.")
 		}
 	case gitlabScan.FullCommand():
-		log.Fatal("GitLab not implemented. Coming soon.")
+		err := e.ScanGitLab(ctx, *gitlabScanEndpoint, *gitlabScanToken, *gitlabScanRepos)
+		if err != nil {
+			logrus.WithError(err).Fatal("Failed to scan GitLab.")
+		}
 	case filesystemScan.FullCommand():
 		err := e.ScanFileSystem(ctx, *filesystemDirectories)
 		if err != nil {

diff --git a/pkg/engine/gitlab.go b/pkg/engine/gitlab.go
@@ -0,0 +1,55 @@
+package engine
+
+import (
+	"fmt"
+	"github.com/go-errors/errors"
+	"github.com/sirupsen/logrus"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/gitlab"
+	"golang.org/x/net/context"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
+	"runtime"
+)
+
+func (e *Engine) ScanGitLab(ctx context.Context, endpoint, token string, repositories []string) error {
+	connection := &sourcespb.GitLab{}
+
+	switch {
+	case len(token) > 0:
+		connection.Credential = &sourcespb.GitLab_Token{
+			Token: token,
+		}
+	default:
+		return fmt.Errorf("must provide token")
+	}
+
+	if len(endpoint) > 0 {
+		connection.Endpoint = endpoint
+	}
+
+	if len(repositories) > 0 {
+		connection.Repositories = repositories
+	}
+
+	var conn anypb.Any
+	err := anypb.MarshalFrom(&conn, connection, proto.MarshalOptions{})
+	if err != nil {
+		logrus.WithError(err).Error("failed to marshal gitlab connection")
+		return err
+	}
+
+	gitlabSource := gitlab.Source{}
+	err = gitlabSource.Init(ctx, "trufflehog - gitlab", 0, int64(sourcespb.SourceType_SOURCE_TYPE_GITLAB), true, &conn, runtime.NumCPU())
+	if err != nil {
+		return errors.WrapPrefix(err, "could not init GitLab source", 0)
+	}
+	go func() {
+		err := gitlabSource.Chunks(ctx, e.ChunksChan())
+		if err != nil {
+			logrus.WithError(err).Error("error scanning GitLab")
+		}
+		close(e.ChunksChan())
+	}()
+	return nil
+}