Merge pull request #48 from crashappsec/nettrino/disableserver

crashappsec · Oct 24, 2022 · 2eb58e9 · 2eb58e9
2 parents 136ed3d + 6c19b69
commit 2eb58e9
Show file tree

Hide file tree

Showing 10 changed files with 88 additions and 13 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+coverage.txt
 *.pem
 github-security-auditor.log
 github-analyzer

diff --git a/Makefile b/Makefile
@@ -25,6 +25,10 @@ fmt: ## go format
 vet: ## go vet
 	go vet ./...
 
+.PHONY: test
+test: ## run go tests (requires GitHub to be reachable via the network)
+	go test -v -race -coverprofile coverage.txt ./...
+
 .PHONY: help
 help: ## show help
 	@grep -E '^[a-zA-Z_\-]+:.*?## .*$$' $(MAKEFILE_LIST) | \

diff --git a/README.md b/README.md
@@ -113,9 +113,10 @@ You can see available options via the `--help` flag.
   docker compose build --no-cache
   ```
 - Run
+
   ```sh
   docker compose run \
-      --rm \
+      --rm --service-ports \
       co-github-analyzer \
           --organization <your org name> \
           --output output \

diff --git a/cmd/github-analyzer/main.go b/cmd/github-analyzer/main.go
@@ -119,16 +119,18 @@ func runCmd() {
 	futils.SerializeFile(stats, auditStatsPath)
 	futils.SerializeFile(errors, execStatusPath)
 
-	html.Serve(
-		config.ViperEnv.Organization,
-		orgStatsPath,
-		permissionsPath,
-		oauthPath,
-		execStatusPath,
-		issuesPath,
-		futils.HtmlDir,
-		config.ViperEnv.Port,
-	)
+	if !config.ViperEnv.DisableServer {
+		html.Serve(
+			config.ViperEnv.Organization,
+			orgStatsPath,
+			permissionsPath,
+			oauthPath,
+			execStatusPath,
+			issuesPath,
+			futils.HtmlDir,
+			config.ViperEnv.Port,
+		)
+	}
 }
 
 func NewRootCommand() *cobra.Command {
@@ -173,6 +175,9 @@ func NewRootCommand() *cobra.Command {
 	rootCmd.Flags().
 		BoolVarP(&config.ViperEnv.UserPermissionStats, "userPermissionStats", "", false, "enable user permission statistics (might be slow in large orgs due to throttling limits)")
 
+	rootCmd.Flags().
+		BoolVarP(&config.ViperEnv.DisableServer, "disableServer", "", false, "do not spin up an HTTP server, and only emit data in the designated output folder")
+
 	rootCmd.Flags().
 		BoolVarP(&config.ViperEnv.EnableScraping, "enableScraping", "", false, "enable experimental checks that rely on screen scraping")
 	rootCmd.Flags().

diff --git a/cmd/github-analyzer/version.txt b/cmd/github-analyzer/version.txt
@@ -1 +1 @@
-v0.1.3-pre-alpha-0-g76167ce
+v0.1.4-pre-alpha-5-g1722c63
diff --git a/go.mod b/go.mod
@@ -9,13 +9,15 @@ require (
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.13.0
+	github.com/stretchr/testify v1.8.1
 	go.uber.org/zap v1.23.0
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
 )
 
 require (
 	github.com/PuerkitoBio/goquery v1.8.0 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
@@ -25,6 +27,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/afero v1.8.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect

diff --git a/go.sum b/go.sum
@@ -183,14 +183,16 @@ github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU=
 github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
 github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119 h1:YyPWX3jLOtYKulBR6AScGIs74lLrJcgeKRwcbAuQOG4=

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -9,6 +9,7 @@ const (
 type ViperEnvVars struct {
 	CfgFile             string `mapstructure:"CFG_FILE"`
 	EnableScraping      bool   `mapstructure:"ENABLE_SCRAPING"`
+	DisableServer       bool   `mapstructure:"DISABLE_SERVER"`
 	UserPermissionStats bool   `mapstructure:"USER_PERMISSION_STATS"`
 	Version             bool   `mapstructure:"VERSION"`
 	Organization        string `mapstructure:"ORGANIZATION"`

diff --git a/pkg/futils/futils.go b/pkg/futils/futils.go
@@ -14,6 +14,8 @@ import (
 var IssuesDir, StatsDir, MetadataDir, HtmlDir string
 
 func Init() {
+
+	log.Logger.Debugf("Output dir is %s", config.ViperEnv.OutputDir)
 	IssuesDir = filepath.Join(config.ViperEnv.OutputDir, "issues")
 	StatsDir = filepath.Join(config.ViperEnv.OutputDir, "stats")
 	MetadataDir = filepath.Join(config.ViperEnv.OutputDir, "metadata")

diff --git a/pkg/github/auditor/auditor_test.go b/pkg/github/auditor/auditor_test.go
@@ -0,0 +1,56 @@
+package auditor
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/crashappsec/github-analyzer/pkg/github/org"
+	"github.com/google/go-github/v47/github"
+	"github.com/jpillora/backoff"
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/oauth2"
+)
+
+var (
+	client *github.Client
+
+	// auth indicates whether tests are being run with an OAuth token.
+	// Tests can use this flag to skip certain tests when run without auth.
+	auth bool
+)
+
+func init() {
+	token := os.Getenv("GH_SECURITY_AUDITOR_TOKEN")
+	if token == "" {
+		client = github.NewClient(nil)
+	} else {
+		tc := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(
+			&oauth2.Token{AccessToken: token},
+		))
+		client = github.NewClient(tc)
+		auth = true
+	}
+}
+
+func TestSampleOrg(t *testing.T) {
+	auditor := &GithubAuditor{client: client}
+	ctx := context.Background()
+	back := &backoff.Backoff{
+		Min:    30 * time.Second,
+		Max:    3 * time.Minute,
+		Jitter: true,
+	}
+	name := "github-security-auditor-test-org"
+	org, err := org.NewOrganization(ctx, auditor.client, back, name)
+	assert.Nil(t, err, "Could not create organization")
+	assert.NotNil(t, org.CoreStats, "Could not fetch core stats")
+	assert.Equal(t, name, *org.CoreStats.Login)
+	assert.GreaterOrEqual(t, 1, org.CoreStats.TotalPrivateRepos)
+	assert.NotNil(
+		t,
+		org.CoreStats.TwoFactorRequirementEnabled,
+		"nil two factor auth",
+	)
+}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		v0.1.3-pre-alpha-0-g76167ce
		v0.1.4-pre-alpha-5-g1722c63