gitlab

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

pkg/platforms/gitlab/client.go

pkg/gitlab/client_http.go

Package gitlab implements the platforms.Platform interface for GitLab

pkg/gitlab/include_resolver.go

pkg/gitlab/init.go

pkg/gitlab/ratelimit.go

pkg/gitlab/types.go

Index

Constants

View Source 
const (
	DefaultBaseURL        = "https://gitlab.com/api/v4"
	DefaultTimeout        = 30 * time.Second
	MaxConcurrentRequests = 100 // GitLab rate limit: 300-2000 req/min depending on tier
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessInfo 

type AccessInfo struct {
	AccessLevel int `json:"access_level"`
}

AccessInfo represents access level information

type AccessLevel 

type AccessLevel struct {
	AccessLevel            int    `json:"access_level"`
	AccessLevelDescription string `json:"access_level_description"`
	UserID                 *int   `json:"user_id,omitempty"`
	GroupID                *int   `json:"group_id,omitempty"`
}

AccessLevel represents GitLab access level for branch protection

type Branch 

type Branch struct {
	Name   string `json:"name"`
	Commit struct {
		ID string `json:"id"` // SHA
	} `json:"commit"`
	Protected bool `json:"protected"`
}

Branch represents a Git branch

type BranchProtection 

type BranchProtection struct {
	Name                      string        `json:"name"`
	AllowForcePush            bool          `json:"allow_force_push"`
	CodeOwnerApprovalRequired bool          `json:"code_owner_approval_required"`
	MergeAccessLevels         []AccessLevel `json:"merge_access_levels"`
	PushAccessLevels          []AccessLevel `json:"push_access_levels"`
	UnprotectAccessLevels     []AccessLevel `json:"unprotect_access_levels"`
}

BranchProtection represents a protected branch configuration

type BranchProtectionsEnumerateResult 

type BranchProtectionsEnumerateResult struct {
	Project       string             `json:"project"`
	ProjectID     int                `json:"project_id"`
	DefaultBranch string             `json:"default_branch"`
	Protections   []BranchProtection `json:"protections"`
	Errors        []string           `json:"errors,omitempty"`
}

BranchProtectionsEnumerateResult contains branch protection enumeration results

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is a GitLab REST API v4 client with rate limiting

func NewClient 

func NewClient(baseURL, token string, opts ...ClientOption) *Client

NewClient creates a new GitLab REST API v4 client Authentication: Uses PRIVATE-TOKEN header

func (*Client) BaseURL 

func (c *Client) BaseURL() string

BaseURL returns the GitLab base URL for SaaS detection

func (*Client) CreateBranch 

func (c *Client) CreateBranch(ctx context.Context, projectID int, branchName, ref string) error

CreateBranch creates a new branch POST /api/v4/projects/:id/repository/branches?branch=:name&ref=:sha

func (*Client) CreateCommit 

func (c *Client) CreateCommit(ctx context.Context, projectID int, branch string, actions []CommitAction, message string) (*Commit, error)

CreateCommit creates a commit with file actions POST /api/v4/projects/:id/repository/commits

func (*Client) DeleteBranch 

func (c *Client) DeleteBranch(ctx context.Context, projectID int, branch string) error

DeleteBranch deletes a repository branch DELETE /api/v4/projects/:id/repository/branches/:branch

func (*Client) DeleteJobLogs 

func (c *Client) DeleteJobLogs(ctx context.Context, projectID int, jobID int) error

DeleteJobLogs erases the job trace (logs) for a specific job POST /api/v4/projects/:id/jobs/:job_id/erase

func (*Client) DeletePipeline 

func (c *Client) DeletePipeline(ctx context.Context, projectID, pipelineID int) error

DeletePipeline deletes a pipeline and all associated jobs/logs DELETE /api/v4/projects/:id/pipelines/:pipeline_id

func (*Client) EnrichRunnersWithDetails 

func (c *Client) EnrichRunnersWithDetails(ctx context.Context, runners []RunnerInfo) ([]RunnerInfo, error)

EnrichRunnersWithDetails fetches detailed information for each runner This adds platform, version, architecture, and other detailed fields

func (*Client) GetBranch 

func (c *Client) GetBranch(ctx context.Context, projectID int, branch string) (*Branch, error)

GetBranch gets information about a specific branch GET /api/v4/projects/:id/repository/branches/:branch

func (*Client) GetGroup 

func (c *Client) GetGroup(ctx context.Context, groupPath string) (*Group, error)

GetGroup gets a group by its path GET /api/v4/groups/:id

func (*Client) GetGroupAccessLevel 

func (c *Client) GetGroupAccessLevel(ctx context.Context, groupID, userID int) (int, error)

GetGroupAccessLevel gets the current user's access level for a group Uses /api/v4/groups/:id/members/:user_id endpoint

func (*Client) GetJobTrace 

func (c *Client) GetJobTrace(ctx context.Context, projectID, jobID int) (string, error)

GetJobTrace gets the raw log output (trace) for a job GET /api/v4/projects/:id/jobs/:job_id/trace

func (*Client) GetPersonalAccessToken 

func (c *Client) GetPersonalAccessToken(ctx context.Context) (*PersonalAccessToken, error)

GetPersonalAccessToken retrieves info about the current token GET /api/v4/personal_access_tokens/self Note: May fail for project/group tokens or older GitLab versions

func (*Client) GetProject 

func (c *Client) GetProject(ctx context.Context, projectPath string) (*Project, error)

GetProject retrieves a single project

func (*Client) GetProjectAccessLevel 

func (c *Client) GetProjectAccessLevel(ctx context.Context, projectID, userID int) (int, error)

GetProjectAccessLevel gets the current user's access level for a project Uses /api/v4/projects/:id/members/:user_id endpoint

func (*Client) GetProjectMember 

func (c *Client) GetProjectMember(ctx context.Context, projectID int, userID string) (*ProjectMember, error)

GetProjectMember gets a specific project member by user ID GET /api/v4/projects/:id/members/all/:user_id

func (*Client) GetRunner 

func (c *Client) GetRunner(ctx context.Context, runnerID int) (*RunnerInfo, error)

GetRunner fetches detailed information for a specific runner GET /api/v4/runners/:id GetRunner fetches detailed information for a specific runner GET /api/v4/runners/:id

func (*Client) GetTemplate 

func (c *Client) GetTemplate(ctx context.Context, templateName string) ([]byte, error)

GetTemplate retrieves a GitLab CI template

func (*Client) GetUser 

func (c *Client) GetUser(ctx context.Context) (*User, error)

GetUser retrieves the current authenticated user GET /api/v4/user

func (*Client) GetWorkflowFile 

func (c *Client) GetWorkflowFile(ctx context.Context, projectID int, filePath, ref string) ([]byte, error)

GetWorkflowFile retrieves a .gitlab-ci.yml file ref should be a branch name, tag, or commit SHA

func (*Client) GoString 

func (c *Client) GoString() string

GoString implements fmt.GoStringer to prevent token leakage with %#v format

func (*Client) ListAllProjects 

func (c *Client) ListAllProjects(ctx context.Context) ([]Project, error)

ListAllProjects lists all projects accessible to the token GET /api/v4/projects

func (*Client) ListGroupMembers 

func (c *Client) ListGroupMembers(ctx context.Context, groupID int) ([]Member, error)

ListGroupMembers lists members of a group with access levels GET /api/v4/groups/:id/members

func (*Client) ListGroupProjects 

func (c *Client) ListGroupProjects(ctx context.Context, groupName string) ([]Project, error)

ListGroupProjects lists all projects in a group

func (*Client) ListGroupRunners 

func (c *Client) ListGroupRunners(ctx context.Context, groupID int) ([]RunnerInfo, error)

ListGroupRunners lists runners for a group GET /api/v4/groups/:id/runners

func (*Client) ListGroupVariables 

func (c *Client) ListGroupVariables(ctx context.Context, groupID int) ([]Variable, error)

ListGroupVariables lists CI/CD variables for a group GET /api/v4/groups/:id/variables

func (*Client) ListGroups 

func (c *Client) ListGroups(ctx context.Context) ([]Group, error)

ListGroups lists groups accessible to the token GET /api/v4/groups

func (*Client) ListInstanceRunners 

func (c *Client) ListInstanceRunners(ctx context.Context) ([]RunnerInfo, error)

ListInstanceRunners lists all instance-level runners GET /api/v4/runners/all Note: Requires admin access

func (*Client) ListInstanceVariables 

func (c *Client) ListInstanceVariables(ctx context.Context) ([]Variable, error)

ListInstanceVariables lists instance-level CI/CD variables GET /api/v4/admin/ci/variables Note: Requires admin access

func (*Client) ListMemberProjects 

func (c *Client) ListMemberProjects(ctx context.Context) ([]Project, error)

ListMemberProjects lists projects where user is a member with permissions GET /api/v4/projects?membership=true

func (*Client) ListPipelineJobs 

func (c *Client) ListPipelineJobs(ctx context.Context, projectID, pipelineID int) ([]Job, error)

ListPipelineJobs lists jobs for a specific pipeline GET /api/v4/projects/:id/pipelines/:pipeline_id/jobs

func (*Client) ListPipelines 

func (c *Client) ListPipelines(ctx context.Context, projectID int, ref string) ([]Pipeline, error)

ListPipelines lists pipelines for a project, optionally filtered by branch GET /api/v4/projects/:id/pipelines?ref=:branch

func (*Client) ListProjectMembers 

func (c *Client) ListProjectMembers(ctx context.Context, projectID int) ([]Member, error)

ListProjectMembers lists members of a project with access levels GET /api/v4/projects/:id/members

func (*Client) ListProjectPipelines 

func (c *Client) ListProjectPipelines(ctx context.Context, projectID int) ([]Pipeline, error)

ListProjectPipelines lists all pipelines for a project (no filtering) Deprecated: Use ListPipelines with empty ref instead for new code GET /api/v4/projects/:id/pipelines

func (*Client) ListProjectRunners 

func (c *Client) ListProjectRunners(ctx context.Context, projectID int) ([]RunnerInfo, error)

ListProjectRunners lists runners for a project GET /api/v4/projects/:id/runners

func (*Client) ListProjectVariables 

func (c *Client) ListProjectVariables(ctx context.Context, projectID int) ([]Variable, error)

ListProjectVariables lists CI/CD variables for a project GET /api/v4/projects/:id/variables

func (*Client) ListProtectedBranches 

func (c *Client) ListProtectedBranches(ctx context.Context, projectID int) ([]BranchProtection, error)

ListProtectedBranches lists protected branches for a project GET /api/v4/projects/:id/protected_branches

func (*Client) ListRecentPipelines 

func (c *Client) ListRecentPipelines(ctx context.Context, projectID int, limit int) ([]Pipeline, error)

ListRecentPipelines fetches recent pipelines for a project GET /api/v4/projects/:id/pipelines

func (*Client) ListSharedGroups 

func (c *Client) ListSharedGroups(ctx context.Context, groupID int) ([]SharedGroup, error)

ListSharedGroups lists groups shared with a group GET /api/v4/groups/:id/groups/shared

func (*Client) ListSubgroups 

func (c *Client) ListSubgroups(ctx context.Context, groupID int) ([]Group, error)

ListSubgroups lists subgroups of a group GET /api/v4/groups/:id/subgroups

func (*Client) ListUserProjects 

func (c *Client) ListUserProjects(ctx context.Context, username string) ([]Project, error)

ListUserProjects lists all projects for a user

func (*Client) RateLimiter 

func (c *Client) RateLimiter() *RateLimiter

RateLimiter returns the underlying rate limiter

func (*Client) String 

func (c *Client) String() string

String implements fmt.Stringer to prevent token leakage in logs

type ClientOption 

type ClientOption func(*Client)

ClientOption configures a Client

func WithConcurrency 

func WithConcurrency(max int64) ClientOption

WithConcurrency sets the maximum concurrent requests

func WithHTTPTransport 

func WithHTTPTransport(transport http.RoundTripper) ClientOption

WithHTTPTransport sets a custom HTTP transport on the underlying client.

func WithTimeout 

func WithTimeout(timeout time.Duration) ClientOption

WithTimeout sets the HTTP client timeout

type Commit 

type Commit struct {
	ID        string `json:"id"`
	ShortID   string `json:"short_id"`
	Title     string `json:"title"`
	Message   string `json:"message"`
	CreatedAt string `json:"created_at"`
}

Commit represents a Git commit

type CommitAction 

type CommitAction struct {
	Action   string `json:"action"` // "create", "update", "delete"
	FilePath string `json:"file_path"`
	Content  string `json:"content,omitempty"`
}

CommitAction represents an action in a commit (create, update, delete file)

type FileResponse 

type FileResponse struct {
	FileName string `json:"file_name"`
	FilePath string `json:"file_path"`
	Content  string `json:"content"`  // Base64-encoded content
	Encoding string `json:"encoding"` // "base64" or "text"
	BlobID   string `json:"blob_id"`  // SHA
}

FileResponse represents a GitLab file API response

type Group 

type Group struct {
	ID         int    `json:"id"`
	Name       string `json:"name"`
	Path       string `json:"path"`
	FullPath   string `json:"full_path"`
	Visibility string `json:"visibility"` // public, internal, private
	WebURL     string `json:"web_url"`
	ParentID   *int   `json:"parent_id"` // nil for top-level groups
}

Group represents a GitLab group

type GroupInfo 

type GroupInfo struct {
	Name     string `json:"name"`
	FullPath string `json:"full_path"`
	ID       int    `json:"id"`
}

GroupInfo contains group summary for token enumerate

type GroupWithAccess 

type GroupWithAccess struct {
	Group
	AccessLevel int    `json:"access_level"`
	Shared      bool   `json:"shared"`               // discovered via sharing
	SharedVia   string `json:"shared_via,omitempty"` // parent group path
}

GroupWithAccess contains group info with user's access level

type GroupsEnumerateResult 

type GroupsEnumerateResult struct {
	Groups []GroupWithAccess `json:"groups"`
	Errors []string          `json:"errors,omitempty"`
}

GroupsEnumerateResult contains group enumeration results

type IncludeResolver 

type IncludeResolver struct {
	// contains filtered or unexported fields
}

IncludeResolver resolves GitLab CI include directives recursively. This resolver is not thread-safe and should not be shared across goroutines.

func NewIncludeResolver 

func NewIncludeResolver(client *Client, projectID int, ref string) *IncludeResolver

NewIncludeResolver creates a new include resolver

func (*IncludeResolver) ResolveIncludes 

func (r *IncludeResolver) ResolveIncludes(ctx context.Context, includes []parser.GitLabInclude) ([]*IncludedWorkflow, error)

ResolveIncludes resolves multiple include directives

type IncludedWorkflow 

type IncludedWorkflow struct {
	Source   string // Cache key (for deduplication)
	Path     string // Clean file path (for display)
	Type     string // local, project, template
	Content  []byte // Raw YAML content before parsing
	Workflow *parser.NormalizedWorkflow
	Includes []*IncludedWorkflow
}

IncludedWorkflow represents a resolved included workflow

type Job 

type Job struct {
	ID         int                    `json:"id"`
	Name       string                 `json:"name"`
	Status     string                 `json:"status"`
	Stage      string                 `json:"stage"`
	Runner     map[string]interface{} `json:"runner,omitempty"` // From log analysis branch
	Ref        string                 `json:"ref"`
	CreatedAt  string                 `json:"created_at"`
	StartedAt  string                 `json:"started_at"`
	FinishedAt string                 `json:"finished_at"`
	WebURL     string                 `json:"web_url"`
}

Job represents a CI/CD pipeline job

type Member 

type Member struct {
	ID          int    `json:"id"`
	Username    string `json:"username"`
	Name        string `json:"name"`
	State       string `json:"state"`
	AccessLevel int    `json:"access_level"` // 10=Guest, 20=Reporter, etc.
}

Member represents a project or group member with access level

type Namespace 

type Namespace struct {
	Name     string `json:"name"`
	FullPath string `json:"full_path"` // e.g., "groupname" or "username"
}

Namespace represents a GitLab namespace (user or group)

type PersonalAccessToken 

type PersonalAccessToken struct {
	ID        int       `json:"id"`
	Name      string    `json:"name"`
	Revoked   bool      `json:"revoked"`
	CreatedAt time.Time `json:"created_at"`
	Scopes    []string  `json:"scopes"`
	UserID    int       `json:"user_id"`
	Active    bool      `json:"active"`
	ExpiresAt *string   `json:"expires_at"` // Can be null
}

PersonalAccessToken represents token info from /personal_access_tokens/self

type Pipeline 

type Pipeline struct {
	ID        int    `json:"id"`
	Status    string `json:"status"`
	Ref       string `json:"ref"`
	SHA       string `json:"sha"`
	WebURL    string `json:"web_url"`
	CreatedAt string `json:"created_at"`
}

Pipeline represents a CI/CD pipeline

type Platform 

type Platform struct {
	// contains filtered or unexported fields
}

Platform implements the platforms.Platform interface for GitLab

func NewPlatform 

func NewPlatform() *Platform

NewPlatform creates a new GitLab platform adapter

func (*Platform) AnalyzeProjectLogs 

func (p *Platform) AnalyzeProjectLogs(ctx context.Context, projectID int, pipelineLimit int) ([]RunnerInfo, error)

AnalyzeProjectLogs analyzes recent pipeline logs to discover historical runner usage Automatically filters GitLab SaaS shared runners on gitlab.com instances

func (*Platform) AnalyzeWorkflowTags 

func (p *Platform) AnalyzeWorkflowTags(ctx context.Context, yamlContent []byte, availableRunners []RunnerInfo) (*WorkflowTagAnalysis, error)

AnalyzeWorkflowTags analyzes .gitlab-ci.yml content to extract required runner tags and compares them against available runners to identify gaps.

func (*Platform) Client 

func (p *Platform) Client() *Client

Client returns the underlying GitLab client

func (*Platform) EnumerateBranchProtections 

func (p *Platform) EnumerateBranchProtections(ctx context.Context, target platforms.Target) (*BranchProtectionsEnumerateResult, error)

EnumerateBranchProtections discovers branch protection rules for a project.

func (*Platform) EnumerateGroups 

func (p *Platform) EnumerateGroups(ctx context.Context, recursive bool) (*GroupsEnumerateResult, error)

EnumerateGroups discovers groups accessible to the authenticated token. When recursive is true, subgroups are also enumerated.

func (*Platform) EnumerateProjects 

func (p *Platform) EnumerateProjects(ctx context.Context, target platforms.Target) (*ProjectsEnumerateResult, error)

EnumerateProjects discovers projects accessible to the authenticated token.

func (*Platform) EnumerateRunners 

func (p *Platform) EnumerateRunners(ctx context.Context, projectPath string, includeGroup, includeInstance bool) (*RunnersEnumerateResult, error)

EnumerateRunners discovers GitLab runners for a project and optionally its group/instance. projectPath: "owner/repo" format includeGroup: fetch group runners (requires project to belong to a group) includeInstance: fetch instance-wide runners (requires admin access)

func (*Platform) EnumerateSecrets 

func (p *Platform) EnumerateSecrets(ctx context.Context, target platforms.Target) (*SecretsEnumerateResult, error)

EnumerateSecrets discovers CI/CD variables at project, group, and instance level.

func (*Platform) EnumerateToken 

func (p *Platform) EnumerateToken(ctx context.Context) (*TokenEnumerateResult, error)

EnumerateToken validates the token and returns comprehensive token information.

func (*Platform) Init 

func (p *Platform) Init(ctx context.Context, config platforms.Config) error

Init initializes the platform with configuration

func (*Platform) Name 

func (p *Platform) Name() string

Name returns the platform identifier

func (*Platform) Scan 

func (p *Platform) Scan(ctx context.Context, target platforms.Target) (*platforms.ScanResult, error)

Scan retrieves repositories and workflows from the target

type Project 

type Project struct {
	ID                int                 `json:"id"`
	Name              string              `json:"name"`
	Path              string              `json:"path"`
	PathWithNamespace string              `json:"path_with_namespace"` // "owner/project"
	DefaultBranch     string              `json:"default_branch"`
	Visibility        string              `json:"visibility"` // public, internal, private
	Archived          bool                `json:"archived"`
	ArchivedAt        string              `json:"archived_at,omitempty"`
	JobsEnabled       bool                `json:"jobs_enabled"`
	WebURL            string              `json:"web_url"`
	Namespace         Namespace           `json:"namespace"`
	Permissions       *ProjectPermissions `json:"permissions,omitempty"`
}

Project represents a GitLab project (repository)

type ProjectMember 

type ProjectMember struct {
	ID          int    `json:"id"`
	Username    string `json:"username"`
	Name        string `json:"name"`
	AccessLevel int    `json:"access_level"` // 10=Guest, 20=Reporter, 30=Developer, 40=Maintainer, 50=Owner
	RoleName    string `json:"-"`            // Computed from AccessLevel
}

ProjectMember represents a project member with access level

type ProjectPermissions 

type ProjectPermissions struct {
	ProjectAccess *AccessInfo `json:"project_access"`
	GroupAccess   *AccessInfo `json:"group_access"`
}

ProjectPermissions represents the user's access permissions to a project

type ProjectWithPermissions 

type ProjectWithPermissions struct {
	platforms.Repository
	AccessLevel  int    `json:"access_level"` // 10-50
	Visibility   string `json:"visibility"`   // public, internal, private
	LastActivity string `json:"last_activity,omitempty"`
}

ProjectWithPermissions extends Repository with GitLab access level

type ProjectsEnumerateResult 

type ProjectsEnumerateResult struct {
	Projects []ProjectWithPermissions `json:"projects"`
	Summary  ProjectsSummary          `json:"summary"`
	Errors   []string                 `json:"errors,omitempty"`
}

ProjectsEnumerateResult contains project enumeration results

type ProjectsSummary 

type ProjectsSummary struct {
	Total       int `json:"total"`
	Private     int `json:"private"`
	Internal    int `json:"internal"`
	Public      int `json:"public"`
	Archived    int `json:"archived"`
	WriteAccess int `json:"write_access"`
	ReadAccess  int `json:"read_access"`
}

ProjectsSummary provides statistics about enumerated projects

type RateLimitInfo 

type RateLimitInfo struct {
	Limit     int `json:"limit"`
	Remaining int `json:"remaining"`
}

RateLimitInfo contains GitLab rate limit status

type RateLimiter 

type RateLimiter struct {
	*ratelimit.Limiter
}

RateLimiter tracks GitLab API rate limits GitLab rate limit: 300-2000 requests/minute depending on tier Free tier: ~300 req/min, Premium/Ultimate: 2000 req/min Thin wrapper around shared ratelimit implementation with GitLab-specific configuration

func NewRateLimiter 

func NewRateLimiter() *RateLimiter

NewRateLimiter creates a new rate limiter with GitLab-specific configuration

type RunnerInfo 

type RunnerInfo struct {
	ID           int      `json:"id"`
	Description  string   `json:"description"`
	RunnerType   string   `json:"runner_type"` // instance_type, group_type, project_type
	Tags         []string `json:"tag_list"`
	Online       bool     `json:"online"`
	Status       string   `json:"status"`
	IPAddress    string   `json:"ip_address,omitempty"`
	Active       bool     `json:"active"`
	Paused       bool     `json:"paused"`
	IsShared     bool     `json:"is_shared"`
	ContactedAt  string   `json:"contacted_at,omitempty"`
	Version      string   `json:"version,omitempty"`
	Platform     string   `json:"platform,omitempty"`
	Architecture string   `json:"architecture,omitempty"`
	Executor     string   `json:"executor_type,omitempty"` // shell, docker, kubernetes, etc.
	Source       string   `json:"source,omitempty"`        // "api" or "logs" - indicates discovery method
	LastSeenAt   string   `json:"last_seen_at,omitempty"`  // For historical runners - last pipeline execution
}

RunnerInfo represents a GitLab runner

type RunnerLogInfo 

type RunnerLogInfo struct {
	RunnerName   string
	MachineName  string
	Version      string
	Executor     string
	Platform     string
	Tags         []string
	IsSelfHosted bool
}

RunnerLogInfo holds runner details extracted from job logs

func ParseJobTrace 

func ParseJobTrace(traceContent string) (*RunnerLogInfo, error)

ParseJobTrace extracts runner information from job log content

type RunnerSummary 

type RunnerSummary struct {
	Total    int `json:"total"`
	Online   int `json:"online"`
	Offline  int `json:"offline"`
	Instance int `json:"instance_runners"`
	Group    int `json:"group_runners"`
	Project  int `json:"project_runners"`
}

RunnerSummary provides statistics about enumerated runners

type RunnersEnumerateResult 

type RunnersEnumerateResult struct {
	ProjectRunners    []RunnerInfo        `json:"project_runners,omitempty"`
	GroupRunners      []RunnerInfo        `json:"group_runners,omitempty"`
	InstanceRunners   []RunnerInfo        `json:"instance_runners,omitempty"`
	HistoricalRunners []RunnerInfo        `json:"historical_runners,omitempty"` // Runners discovered from pipeline logs
	WorkflowTags      WorkflowTagAnalysis `json:"workflow_tags,omitempty"`
	Summary           RunnerSummary       `json:"summary"`
	Errors            []string            `json:"errors,omitempty"`
}

RunnersEnumerateResult contains runner enumeration results

type SecretsEnumerateResult 

type SecretsEnumerateResult struct {
	ProjectVariables  map[string][]Variable `json:"project_variables,omitempty"`
	GroupVariables    map[string][]Variable `json:"group_variables,omitempty"`
	InstanceVariables []Variable            `json:"instance_variables,omitempty"`
	PermissionErrors  []string              `json:"permission_errors,omitempty"`
	Errors            []string              `json:"errors,omitempty"`
}

SecretsEnumerateResult contains CI/CD variable enumeration results

type SharedGroup 

type SharedGroup struct {
	ID               int    `json:"id"`
	Name             string `json:"name"`
	FullPath         string `json:"full_path"`
	Visibility       string `json:"visibility"`
	GroupAccessLevel int    `json:"group_access_level"`
}

SharedGroup represents a group shared with another group

type TokenEnumerateResult 

type TokenEnumerateResult struct {
	User             *User                `json:"user,omitempty"`
	Token            *PersonalAccessToken `json:"token,omitempty"`
	TokenType        string               `json:"token_type"`
	IsAdmin          bool                 `json:"is_admin"`
	IsBot            bool                 `json:"is_bot"`
	CanCreateGroup   bool                 `json:"can_create_group"`
	CanCreateProject bool                 `json:"can_create_project"`
	Groups           []GroupInfo          `json:"groups,omitempty"`
	RateLimit        *RateLimitInfo       `json:"rate_limit,omitempty"`
	Errors           []string             `json:"errors,omitempty"`
}

TokenEnumerateResult contains GitLab token validation results

type User 

type User struct {
	ID               int    `json:"id"`
	Username         string `json:"username"`
	Name             string `json:"name"`
	Email            string `json:"email"`
	State            string `json:"state"`
	AvatarURL        string `json:"avatar_url"`
	WebURL           string `json:"web_url"`
	IsAdmin          bool   `json:"is_admin"`
	Bot              bool   `json:"bot"`
	CanCreateGroup   bool   `json:"can_create_group"`
	CanCreateProject bool   `json:"can_create_project"`
}

User represents a GitLab user from /user endpoint

type Variable 

type Variable struct {
	Key              string `json:"key"`
	Value            string `json:"value"`
	Protected        bool   `json:"protected"`
	Masked           bool   `json:"masked"`
	EnvironmentScope string `json:"environment_scope"`
	VariableType     string `json:"variable_type"` // "env_var" or "file"
	Hidden           bool   `json:"hidden"`        // true if variable is masked
}

Variable represents a CI/CD variable

type WorkflowTagAnalysis 

type WorkflowTagAnalysis struct {
	RequiredTags     []string `json:"required_tags"`
	AvailableTags    []string `json:"available_tags"`
	MissingTags      []string `json:"missing_tags"`
	ProjectsAnalyzed int      `json:"projects_analyzed"`
}

WorkflowTagAnalysis contains analysis of workflow runner tag requirements

Source Files

View all Source files

Directories

Path Synopsis
attacks
aiprobe
common
runnerexec
pkg/gitlab/attacks/runnerexec/logparser.go
 pkg/gitlab/attacks/runnerexec/logparser.go
secretsdump
pkg/gitlab/attacks/secretsdump/crypto.go
 pkg/gitlab/attacks/secretsdump/crypto.go
Package gitlab registers all GitLab CI detections
 Package gitlab registers all GitLab CI detections
ai
common
includes
injection
mrcheckout
mrsecrets
permissions
selfhostedrunner
unpinned

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.