Test Gitlab basic authentication with password and personal access to…

…ken (trufflesecurity#474)
sainsburys-tech · Apr 24, 2022 · 8cd0831 · 8cd0831
1 parent 753f116
commit 8cd0831
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 1 deletion.
diff --git a/pkg/sources/gitlab/gitlab.go b/pkg/sources/gitlab/gitlab.go
@@ -377,7 +377,7 @@ func (s *Source) basicAuthSuccessful(apiClient *gitlab.Client) bool {
 	if err != nil {
 		return false
 	}
-	if resp.StatusCode <= 400 {
+	if resp.StatusCode != 200 {
 		return false
 	}
 	if user != nil {

diff --git a/pkg/sources/gitlab/gitlab_test.go b/pkg/sources/gitlab/gitlab_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kylelemons/godebug/pretty"
 	"google.golang.org/protobuf/types/known/anypb"
 
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/credentialspb"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
 
 	log "github.com/sirupsen/logrus"
@@ -27,6 +28,8 @@ func TestSource_Scan(t *testing.T) {
 		t.Fatal(fmt.Errorf("failed to access secret: %v", err))
 	}
 	token := secret.MustGetField("GITLAB_TOKEN")
+	basicUser := secret.MustGetField("GITLAB_USER")
+	basicPass := secret.MustGetField("GITLAB_PASS")
 
 	type init struct {
 		name       string
@@ -74,6 +77,48 @@ func TestSource_Scan(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "basic auth, scoped repo",
+			init: init{
+				name: "test source basic auth scoped",
+				connection: &sourcespb.GitLab{
+					Repositories: []string{"https://gitlab.com/testermctestface/testy.git"},
+					Credential: &sourcespb.GitLab_BasicAuth{
+						BasicAuth: &credentialspb.BasicAuth{
+							Username: basicUser,
+							Password: basicPass,
+						},
+					},
+				},
+			},
+			wantChunk: &sources.Chunk{
+				SourceType: sourcespb.SourceType_SOURCE_TYPE_GITLAB,
+				SourceName: "test source basic auth scoped",
+				Verify:     false,
+			},
+			wantErr: false,
+		},
+		{
+			name: "basic auth access token, scoped repo",
+			init: init{
+				name: "test source basic auth access token scoped",
+				connection: &sourcespb.GitLab{
+					Repositories: []string{"https://gitlab.com/testermctestface/testy.git"},
+					Credential: &sourcespb.GitLab_BasicAuth{
+						BasicAuth: &credentialspb.BasicAuth{
+							Username: basicUser,
+							Password: token,
+						},
+					},
+				},
+			},
+			wantChunk: &sources.Chunk{
+				SourceType: sourcespb.SourceType_SOURCE_TYPE_GITLAB,
+				SourceName: "test source basic auth access token scoped",
+				Verify:     false,
+			},
+			wantErr: false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {