Skip to content

Commit

Permalink
Add validation for GitLab personal access tokens
Browse files Browse the repository at this point in the history 
Add Secret validation #191
  • Loading branch information
Baruch Odem committed Mar 26, 2024
1 parent 7a8a406 commit ae8bcbb
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 8 deletions.
21 changes: 21 additions & 0 deletions engine/validation/client.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package validation

import (
"net/http"
)

func sendValidationRequest(endpoint string, authorization string) (*http.Response, error) {
req, err := http.NewRequest("GET", endpoint, nil)
if err != nil {
return nil, err
}
req.Header.Set("Authorization", authorization)

client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
return nil, err
}

return resp, nil
}
9 changes: 1 addition & 8 deletions engine/validation/github.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,8 @@ import (
func validateGithub(s *secrets.Secret) secrets.ValidationResult {
const githubURL = "https://api.github.com/"

req, err := http.NewRequest("GET", githubURL, nil)
if err != nil {
log.Warn().Err(err).Msg("Failed to validate secret")
return secrets.UnknownResult
}
req.Header.Set("Authorization", fmt.Sprintf("token %s", s.Value))
resp, err := sendValidationRequest(githubURL, fmt.Sprintf("token %s", s.Value))

client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
log.Warn().Err(err).Msg("Failed to validate secret")
return secrets.UnknownResult
Expand Down
25 changes: 25 additions & 0 deletions engine/validation/gitlab.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package validation

import (
"fmt"
"net/http"

"github.com/checkmarx/2ms/lib/secrets"
"github.com/rs/zerolog/log"
)

func validateGitlab(s *secrets.Secret) secrets.ValidationResult {
const gitlabURL = "https://gitlab.com/api/v4/user"

resp, err := sendValidationRequest(gitlabURL, fmt.Sprintf("Bearer %s", s.Value))

if err != nil {
log.Warn().Err(err).Msg("Failed to validate secret")
return secrets.UnknownResult
}

if resp.StatusCode == http.StatusOK {
return secrets.ValidResult
}
return secrets.RevokedResult
}
1 change: 1 addition & 0 deletions engine/validation/validator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ type validationFunc = func(*secrets.Secret) secrets.ValidationResult
var ruleIDToFunction = map[string]validationFunc{
"github-fine-grained-pat": validateGithub,
"github-pat": validateGithub,
"gitlab-pat": validateGitlab,
}

type Validator struct {
Expand Down

0 comments on commit ae8bcbb

Please sign in to comment.