Skip to content

Commit

Permalink
fix(github): scan user repos
Browse files Browse the repository at this point in the history
  • Loading branch information
rgmz authored and Richard Gomez committed May 9, 2024
1 parent c7b72b9 commit 2a8e6f7
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 28 deletions.
64 changes: 36 additions & 28 deletions pkg/sources/github/github.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,12 @@ import (
"time"

"golang.org/x/exp/rand"
"golang.org/x/oauth2"

"github.com/bradleyfalzon/ghinstallation/v2"
"github.com/go-logr/logr"
"github.com/gobwas/glob"
"github.com/google/go-github/v61/github"
"golang.org/x/oauth2"
"golang.org/x/sync/errgroup"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/types/known/anypb"
Expand Down Expand Up @@ -480,8 +480,17 @@ func (s *Source) enumerateBasicAuth(ctx context.Context, apiEndpoint string, bas
s.apiClient = ghClient

for _, org := range s.orgsCache.Keys() {
if err := s.getReposByOrg(ctx, org); err != nil {
s.log.Error(err, "error fetching repos for org or user")
logger := s.log.WithValues("org", org)
err, userType := s.getReposByOrgOrUser(ctx, org)
if err != nil {
logger.Error(err, "error fetching repos for org or user")
continue
}

if s.conn.ScanUsers && userType == organization {
if err := s.addMembersByOrg(ctx, org); err != nil {
logger.Error(err, "Unable to add members by org")
}
}
}

Expand All @@ -499,17 +508,15 @@ func (s *Source) enumerateUnauthenticated(ctx context.Context, apiEndpoint strin
}

for _, org := range s.orgsCache.Keys() {
if err := s.getReposByOrg(ctx, org); err != nil {
s.log.Error(err, "error fetching repos for org")
}

// We probably don't need to do this, since getting repos by org makes more sense?
if err := s.getReposByUser(ctx, org); err != nil {
s.log.Error(err, "error fetching repos for user")
logger := s.log.WithValues("org", org)
err, userType := s.getReposByOrgOrUser(ctx, org)
if err != nil {
logger.Error(err, "error fetching repos for org or user")
continue
}

if s.conn.ScanUsers {
s.log.Info("Enumerating unauthenticated does not support scanning organization members")
if s.conn.ScanUsers && userType == organization {
logger.Info("Enumerating unauthenticated does not support scanning organization members")
}
}
}
Expand Down Expand Up @@ -563,15 +570,15 @@ func (s *Source) enumerateWithToken(ctx context.Context, apiEndpoint, token stri
specificScope = true
for _, org := range s.orgsCache.Keys() {
logger := s.log.WithValues("org", org)
if err := s.getReposByOrg(ctx, org); err != nil {
logger.Error(err, "error fetching repos for org")
err, userType := s.getReposByOrgOrUser(ctx, org)
if err != nil {
logger.Error(err, "error fetching repos for org or user")
continue
}

if s.conn.ScanUsers {
err := s.addMembersByOrg(ctx, org)
if err != nil {
if s.conn.ScanUsers && userType == organization {
if err := s.addMembersByOrg(ctx, org); err != nil {
logger.Error(err, "Unable to add members by org")
continue
}
}
}
Expand All @@ -594,22 +601,23 @@ func (s *Source) enumerateWithToken(ctx context.Context, apiEndpoint, token stri

for _, org := range s.orgsCache.Keys() {
logger := s.log.WithValues("org", org)
if err := s.getReposByOrg(ctx, org); err != nil {
logger.Error(err, "error fetching repos by org")
}

if err := s.getReposByUser(ctx, ghUser.GetLogin()); err != nil {
logger.Error(err, "error fetching repos by user")
err, userType := s.getReposByOrgOrUser(ctx, org)
if err != nil {
logger.Error(err, "error fetching repos for org or user")
continue
}

if s.conn.ScanUsers {
err := s.addMembersByOrg(ctx, org)
if err != nil {
if s.conn.ScanUsers && userType == organization {
if err := s.addMembersByOrg(ctx, org); err != nil {
logger.Error(err, "Unable to add members by org for org")
}
}
}

if err := s.getReposByUser(ctx, ghUser.GetLogin()); err != nil {
s.log.Error(err, "error fetching repos for the current user")
}

// If we enabled ScanUsers above, we've already added the gists for the current user and users from the orgs.
// So if we don't have ScanUsers enabled, add the user gists as normal.
if err := s.addUserGistsToCache(ctx, ghUser.GetLogin()); err != nil {
Expand Down Expand Up @@ -693,7 +701,7 @@ func (s *Source) enumerateWithApp(ctx context.Context, apiEndpoint string, app *
s.log.Info("Scanning repos", "org_members", len(s.memberCache))
for member := range s.memberCache {
logger := s.log.WithValues("member", member)
if err := s.getReposByUser(ctx, member); err != nil {
if err := s.addUserGistsToCache(ctx, member); err != nil {
logger.Error(err, "error fetching gists by user")
}
if err := s.getReposByUser(ctx, member); err != nil {
Expand Down
49 changes: 49 additions & 0 deletions pkg/sources/github/repo.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package github

import (
"errors"
"fmt"
"io"
"net/http"
Expand Down Expand Up @@ -225,6 +226,54 @@ func (s *Source) getReposByOrg(ctx context.Context, org string) error {
})
}

// userType indicates whether an account belongs to a person or organization.
//
// See:
// - https://docs.github.com/en/get-started/learning-about-github/types-of-github-accounts
// - https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-a-user
type userType int

const (
// Default invalid state.
unknown userType = iota
// The account is a person (https://docs.github.com/en/rest/users/users).
user
// The account is an organization (https://docs.github.com/en/rest/orgs/orgs).
organization
)

func (s *Source) getReposByOrgOrUser(ctx context.Context, name string) (error, userType) {
var err error

// List repositories for the organization |name|.
err = s.getReposByOrg(ctx, name)
if err == nil {
return nil, organization
} else if !isGitHub404Error(err) {
return err, unknown
}

// List repositories for the user |name|.
err = s.getReposByUser(ctx, name)
if err == nil {
return nil, user
} else if !isGitHub404Error(err) {
return err, unknown
}

return fmt.Errorf("account '%s' not found", name), unknown
}

// isGitHub404Error returns true if |err| is a `github.ErrorResponse` and has the status code `404`.
func isGitHub404Error(err error) bool {
var ghErr *github.ErrorResponse
if !errors.As(err, &ghErr) {
return false
}

return ghErr.Response.StatusCode == http.StatusNotFound
}

func (s *Source) orgListReposWrapper(ctx context.Context, org string, opts repoListOptions) ([]*github.Repository, *github.Response, error) {
return s.apiClient.Repositories.ListByOrg(ctx, org, &opts.(*orgListOptions).RepositoryListByOrgOptions)
}
Expand Down

0 comments on commit 2a8e6f7

Please sign in to comment.