feat: Add LoadRemote capability for referencing remote ruleset configs
What does this MR do?
Implementation of gitlab-org/gitlab#393452 (closed)
- Update package to include
ruleset.LoadRemotefunction for loading remote rulesets using an SCP-style reference string. - Update
ruleset.Loadto prioritize relative configuration over remote and accept logger to improve error handling - Bumps to major version
Example usage:
import "gitlab.com/gitlab-org/security-products/analyzers/ruleset"
config1 := ruleset.LoadRemote("gitlab.com/theoretick/sdlksdjklw3")
config2 := ruleset.LoadRemote("gitlab.com/gitlab-org/security-products/tests/go@2488eaa671cc02ecc73cddffc5a2b4c528469933")
config3 := ruleset.LoadRemote("myusername:glpat-notarealtoken@gitlab.com/theoretick/tests-go-private@2488eaa671cc02ecc73cddffc5a2b4c528469933")Within analyzers/semgrep:
// Load custom config if available
if _, err := os.Stat(rulesetPath); err == nil {
rulesetConfig, err = ruleset.LoadRelative(rulesetPath, "semgrep")
} else if rulesetGitRef != "" {
rulesetConfig, err = ruleset.LoadRemote(rulesetGitRef, "semgrep", log.StandardLogger())
}Or by using new Load function:
rulesetConfig, err := ruleset.Load(rulesetPath, "semgrep", log.StandardLogger())
if err != nil {
return nil, err
}Tests
The tests for private repository authentication require credentials to be passed as an environment variable like so:
GITLAB_AUTH="myuser:mypersonalaccesstoken" go test ./...What are the relevant issue numbers?
gitlab-org/gitlab#393452 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles