Skip to content

Implemented Graphql requests for Github PR's, Issues and comments scanning #4431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 34 commits into
base: main
Choose a base branch
from
+843 −2
Open

Implemented Graphql requests for Github PR's, Issues and comments scanning #4431

Show file tree
Hide file tree
Changes from 22 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
ac2c609
Added graphql API for issues and PRs
kashifkhan0771 Aug 28, 2025
48a35a5
Merge branch 'main' into feature/oss-209
kashifkhan0771 Aug 29, 2025
f827313
enhancements
kashifkhan0771 Aug 29, 2025
24571ec
more cleanup
kashifkhan0771 Aug 29, 2025
5d96170
more enhancements
kashifkhan0771 Aug 29, 2025
cda3e75
some final touches
kashifkhan0771 Aug 29, 2025
f2ff9ca
some more cleanup
kashifkhan0771 Aug 29, 2025
a9dc2e0
Merge branch 'main' into feature/oss-209
kashifkhan0771 Aug 29, 2025
871a490
tweaked threads vars
kashifkhan0771 Sep 1, 2025
3f78ee1
minor changes
kashifkhan0771 Sep 1, 2025
a96a2ea
scan the markdown text not plain text
kashifkhan0771 Sep 1, 2025
1b0af83
ratelimit handling
kashifkhan0771 Sep 2, 2025
e6fff98
added ratelimit handling
kashifkhan0771 Sep 2, 2025
0b738a4
lint error fix
kashifkhan0771 Sep 2, 2025
2ab5514
Merge branch 'main' into feature/oss-209
kashifkhan0771 Sep 2, 2025
9b9761e
refactored the thread review comments chunking
kashifkhan0771 Sep 3, 2025
2fdf5cd
Merge branch 'main' into feature/oss-209
kashifkhan0771 Sep 3, 2025
c3a4de9
final commit - probably
kashifkhan0771 Sep 3, 2025
f6445af
Merge branch 'main' into feature/oss-209
kashifkhan0771 Sep 5, 2025
53bc5f1
refactored the rate limit handling
kashifkhan0771 Sep 5, 2025
4ddb045
adjusted comments
kashifkhan0771 Sep 5, 2025
ed85e32
Merge branch 'main' into feature/oss-209
kashifkhan0771 Sep 8, 2025
aa88342
Merge branch 'main' into feature/oss-209
kashifkhan0771 Sep 9, 2025
531985f
Merge branch 'main' into feature/oss-209
kashifkhan0771 Sep 10, 2025
5d00b5a
Merge branch 'main' into feature/oss-209
kashifkhan0771 Sep 11, 2025
d420cc2
resolved comments
kashifkhan0771 Sep 11, 2025
b993a03
remove old camel case func
kashifkhan0771 Sep 11, 2025
3d2fd13
renamed featureflag
kashifkhan0771 Sep 15, 2025
615cc9f
resolved martin's comments
kashifkhan0771 Oct 20, 2025
434e92a
Merge branch 'main' into feature/oss-209
kashifkhan0771 Oct 22, 2025
8a5b356
updated test cases
kashifkhan0771 Oct 22, 2025
0c4cda5
Merge branch 'main' into feature/oss-209
kashifkhan0771 Oct 23, 2025
765392d
Merge branch 'main' into feature/oss-209
kashifkhan0771 Oct 31, 2025
095e366
Merge branch 'main' into feature/oss-209
kashifkhan0771 Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -465,6 +465,9 @@ func run(state overseer.State) {
feature.UseSimplifiedGitlabEnumeration.Store(true)
feature.GitlabProjectsPerPage.Store(100)

// OSS Default using github graphql api for issues, pr's and comments
feature.UseGithubGraphqlAPI.Store(true)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's start this off as false so it's not automatically turned on for EE customers (we can/should make it true for OSS after we get the flag in EE)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, regretfully I think the initialism is GraphQL--if we're gonna do it for REST we should probably do it here too

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I'll temporarily turn it off. I didn't quite understand your second comment - just to clarify, we don’t use any initialism for REST.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I was just saying the "QL" is capitalized; Graphql -> GraphQL

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done


conf := &config.Config{}
if *configFilename != "" {
var err error
Expand Down
1 change: 1 addition & 0 deletions pkg/feature/feature.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ var (
UseSimplifiedGitlabEnumeration atomic.Bool
UseGitMirror atomic.Bool
GitlabProjectsPerPage atomic.Int64
UseGithubGraphqlAPI atomic.Bool // use github graphql api to fetch issues, pr's and comments
)

type AtomicString struct {
Expand Down
33 changes: 31 additions & 2 deletions pkg/sources/github/github.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"github.com/trufflesecurity/trufflehog/v3/pkg/cache/simple"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/context"
"github.com/trufflesecurity/trufflehog/v3/pkg/feature"
"github.com/trufflesecurity/trufflehog/v3/pkg/giturl"
"github.com/trufflesecurity/trufflehog/v3/pkg/handlers"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"
Expand Down Expand Up @@ -1096,8 +1097,14 @@ func (s *Source) scanComments(ctx context.Context, repoPath string, repoInfo rep
if s.includeGistComments && isGistUrl(urlParts) && !s.ignoreGists {
return s.processGistComments(ctx, urlString, urlParts, repoInfo, reporter, cutoffTime)
} else if s.includeIssueComments || s.includePRComments {
return s.processRepoComments(ctx, repoInfo, reporter, cutoffTime)
// if we need to use graphql api for repo issues, prs and comments
if feature.UseGithubGraphqlAPI.Load() {
return s.processRepoIssueandPRsWithCommentsGraphql(ctx, repoInfo, reporter, cutoffTime)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(No need to do anything here, just musing)

Hrm, w/ the old code passing cutoffTime just the once was kind of 🤷🏻 , but now that we're carrying it around everywhere, it makes me think it'd be nice if we processed s.commentsTimeframeDays up top in Init, that way we don't need to drill it down everywhere.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sound's good we can do it in a separate optimization PR.

}

return s.processIssueandPRsWithCommentsREST(ctx, repoInfo, reporter, cutoffTime)
}

return nil
}

Expand Down Expand Up @@ -1264,7 +1271,7 @@ var (
state = "all"
)

func (s *Source) processRepoComments(ctx context.Context, repoInfo repoInfo, reporter sources.ChunkReporter, cutoffTime *time.Time) error {
func (s *Source) processIssueandPRsWithCommentsREST(ctx context.Context, repoInfo repoInfo, reporter sources.ChunkReporter, cutoffTime *time.Time) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm an 80 columns person because I have a bunch of buffers open side-by-side, but I accept I'm a relic from an earlier time. This one (and at least one more below) are > 150 though--can we wrap somewhere between 90 and 120?

if s.includeIssueComments {
ctx.Logger().V(2).Info("Scanning issues")
if err := s.processIssues(ctx, repoInfo, reporter); err != nil {
Expand All @@ -1288,6 +1295,28 @@ func (s *Source) processRepoComments(ctx context.Context, repoInfo repoInfo, rep
return nil
}

func (s *Source) processRepoIssueandPRsWithCommentsGraphql(ctx context.Context, repoInfo repoInfo, reporter sources.ChunkReporter, cutoffTime *time.Time) error {
if s.includeIssueComments {
ctx.Logger().V(2).Info("Scanning issues")
if err := s.processIssuesWithComments(ctx, repoInfo, reporter, cutoffTime); err != nil {
return err
}
}

if s.includePRComments {
ctx.Logger().V(2).Info("Scanning pull requests")
if err := s.processPRWithComments(ctx, repoInfo, reporter, cutoffTime); err != nil {
return err
}

if err := s.processReviewThreads(ctx, repoInfo, reporter, cutoffTime); err != nil {
return err
}
}

return nil
}

func (s *Source) processIssues(ctx context.Context, repoInfo repoInfo, reporter sources.ChunkReporter) error {
bodyTextsOpts := &github.IssueListByRepoOptions{
Sort: sortType,
Expand Down
Loading