Support gitlab_oauth_app_secret in validity checks
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
If a gitlab_oauth_app_secret is detected by pipeline secret detection, checking its validity using validity checks is not supported.
Update validity checks to support gitlab_oauth_app_secret
Proposed Solution
gitlab_oauth_app_secret are found using Doorkeeper::Application.find_by_plaintext_token. Because these tokens are implemented using Doorkeeper, Doorkeeper doesn't provide a method of finding multiple tokens at once.
Option 1
Call find_by_plaintext_token once for each token detected. The issue here is that would cause N+1 database queries which will result in performance problems. We could work around this by limiting the number of tokens validity checks will update the status for per pipeline.
Option 2 (Preferred)
Extend Doorkeeper to provide the scope with_plaintext_token. This is the most flexible solution but will require work to reverse engineer how Doorkeeper encrypts its tokens so that the method we use matches that.