Small fixes

2026-01-08 23:18:05 -05:00 · 2023-09-01 23:08:38 +01:00
parent 4adb2a623e
commit 011507b8e0
3 changed files with 54 additions and 55 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -57,3 +57,4 @@ yarn-error.log*

 # Infisical init
 .infisical.json
+.vscode
--- a/backend/src/ee/services/GithubSecretScanning/helper.ts
+++ b/backend/src/ee/services/GithubSecretScanning/helper.ts
@@ -4,7 +4,7 @@ import { tmpdir } from "os";
 import { join } from "path"
 import { SecretMatch } from "./types";

-export async function scanFullContentAndGetFindings(octokit: any, installationId: number, repositoryFullName: string): Promise<SecretMatch[]> {
+export async function scanFullRepoContentAndGetFindings(octokit: any, installationId: number, repositoryFullName: string): Promise<SecretMatch[]> {
  const tempFolder = await createTempFolder();
  const findingsPath = join(tempFolder, "findings.json");
  const repoPath = join(tempFolder, "repo.git")
--- a/backend/src/queues/secret-scanning/githubScanFullRepository.ts
+++ b/backend/src/queues/secret-scanning/githubScanFullRepository.ts
@@ -5,7 +5,7 @@ import { sendMail } from "../../helpers";
 import GitRisks from "../../ee/models/gitRisks";
 import { MembershipOrg, User } from "../../models";
 import { ADMIN, OWNER } from "../../variables";
-import { convertKeysToLowercase, scanFullContentAndGetFindings } from "../../ee/services/GithubSecretScanning/helper";
+import { convertKeysToLowercase, scanFullRepoContentAndGetFindings } from "../../ee/services/GithubSecretScanning/helper";
 import { getSecretScanningGitAppId, getSecretScanningPrivateKey } from "../../config";
 import { SecretMatch } from "../../ee/services/GithubSecretScanning/types";

@@ -22,72 +22,70 @@ type TScanPushEventQueueDetails = {

 githubFullRepositorySecretScan.process(async (job: Job, done: Queue.DoneCallback) => {
  const { organizationId, repository, installationId }: TScanPushEventQueueDetails = job.data
-  const octokit = new ProbotOctokit({
-    auth: {
-      appId: await getSecretScanningGitAppId(),
-      privateKey: await getSecretScanningPrivateKey(),
-      installationId: installationId
-    },
-  });
-try {
-  const findings : SecretMatch[] = await scanFullContentAndGetFindings(octokit, installationId, repository.fullName)
-
-  for (const finding of findings) {
-    await GitRisks.findOneAndUpdate({ fingerprint: finding.Fingerprint},
-      {
+  try {
+    const octokit = new ProbotOctokit({
+        auth: {
+        appId: await getSecretScanningGitAppId(),
+        privateKey: await getSecretScanningPrivateKey(),
+        installationId: installationId
+        },
+    });
+    const findings : SecretMatch[] = await scanFullRepoContentAndGetFindings(octokit, installationId, repository.fullName)
+    for (const finding of findings) {
+      await GitRisks.findOneAndUpdate({ fingerprint: finding.Fingerprint}, 
+        {
        ...convertKeysToLowercase(finding),
        installationId: installationId,
        organization: organizationId,
        repositoryFullName: repository.fullName,
        repositoryId: repository.id
      }, {
-      upsert: true
-    }).lean()
-  }
-
-  // get emails of admins
-  const adminsOfWork = await MembershipOrg.find({
-    organization: organizationId,
-    $or: [
-      { role: OWNER },
-      { role: ADMIN }
-    ]
-  }).lean()
-
-  const userEmails = await User.find({
-    _id: {
-      $in: [adminsOfWork.map(orgMembership => orgMembership.user)]
+        upsert: true
+      }).lean()
    }
-  }).select("email").lean()

-  const usersToNotify = userEmails.map(userObject => userObject.email)
+    // get emails of admins
+    const adminsOfWork = await MembershipOrg.find({
+      organization: organizationId,
+      $or: [
+        { role: OWNER },
+        { role: ADMIN }
+      ]
+    }).lean()

-  if (findings.length) {
-    await sendMail({
-      template: "historicalSecretLeakIncident.handlebars",
-      subjectLine: `Incident alert: leaked secrets found in Github repository ${repository.fullName}`,
-      recipients: usersToNotify,
-      substitutions: {
-        numberOfSecrets: findings.length,
+    const userEmails = await User.find({
+      _id: {
+        $in: [adminsOfWork.map(orgMembership => orgMembership.user)]
      }
-    });
-  }
+    }).select("email").lean()

-  const postHogClient = await TelemetryService.getPostHogClient();
-  if (postHogClient) {
-    postHogClient.capture({
-      event: "historical cloud secret scan",
-      distinctId: repository.fullName,
-      properties: {
-        numberOfRisksFound: findings.length,
-      }
-    });
-  }
-  done(null, findings)
-} catch (error) {
+    const usersToNotify = userEmails.map(userObject => userObject.email)
+
+    if (findings.length) {
+      await sendMail({
+        template: "historicalSecretLeakIncident.handlebars",
+        subjectLine: `Incident alert: leaked secrets found in Github repository ${repository.fullName}`,
+        recipients: usersToNotify,
+        substitutions: {
+          numberOfSecrets: findings.length,
+        }
+      });
+    }
+
+    const postHogClient = await TelemetryService.getPostHogClient();
+    if (postHogClient) {
+      postHogClient.capture({
+        event: "historical cloud secret scan",
+        distinctId: repository.fullName,
+        properties: {
+          numberOfRisksFound: findings.length,
+        }
+      });
+    }
+    done(null, findings)
+  } catch (error) {
    done(new Error(`gitHubHistoricalScanning.process: an error occurred ${error}`), null)
  }
-
 })

 export const scanGithubFullRepoForSecretLeaks = (pushEventPayload: TScanPushEventQueueDetails) => {