Force uid/guid when copying project directory for nodejs-scan
What does this MR do?
Force uid/guid when copying project directory for nodejs-scan
Fixes missing read permissions when scanning project directories
as nodejs-scan
fails when walking filepath over unreadable entities
What are the relevant issue numbers?
Fixes gitlab-org/gitlab#32344 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
QA Process
- Checkout
sast
project locally - Import go module from this branch:
sast ❯ go get gitlab.com/gitlab-org/security-products/analyzers/common/orchestrator/v2@force-uid-for-nodejs-projects
go: finding gitlab.com/gitlab-org/security-products/analyzers/common/orchestrator/v2 force-uid-for-nodejs-projects
go: downloading gitlab.com/gitlab-org/security-products/analyzers/common/orchestrator/v2 v2.0.0-20190919192349-143432b1d757
go: extracting gitlab.com/gitlab-org/security-products/analyzers/common/orchestrator/v2 v2.0.0-20190919192349-143432b1d757
- Build
sast
:GO111MODULE=on GOOS=linux go build -o sast
- Build
sast
container:docker build -t sast .
5a. Test container againstgitlab-org/gitlab
project (this takes about 15min locally):
docker run -it --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --env SAST_DEFAULT_ANALYZERS=nodejs-scan saast /app/bin/run /code
5b. If you dont want to wait 15min you can "cheat" like this:
touch shared/foo.js
docker run -it --volume "$PWD/shared":/code --volume /var/run/docker.sock:/var/run/docker.sock --env SAST_DEFAULT_ANALYZERS=nodejs-scan saast /app/bin/run /code
Edited by Lucas Charles