Skip to content

GitHub Secret Scanning improvements #5638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Dec 13, 2022
Merged

GitHub Secret Scanning improvements #5638

merged 7 commits into from
Dec 13, 2022

Conversation

Turbo87
Copy link
Member

@Turbo87 Turbo87 commented Dec 13, 2022

This PR builds on top of #5495 and improves the code a little bit more. See the individual commit messages for more details.

@Turbo87
github/secret_scanning: Improve is_cache_valid() readability
0f02c8d 
The comparison is essentially the same, but slightly more straight forward to understand.
@Turbo87
github/secret_scanning: Prevent potential panic in `get_public_keys()…
23595d3 
…` function

We shouldn't panic if the network call fails, instead we can forward the error and return a 500 response.
@Turbo87 Turbo87 added C-internal 🔧 Category: Nonessential work that would make the codebase more consistent or clear A-backend ⚙️ labels Dec 13, 2022
@Turbo87 Turbo87 marked this pull request as ready for review December 13, 2022 11:31
@Turbo87
github/secret_scanning: Reduce nesting in verify_github_signature()
4ee895e 
… function

The logic is essentially the same, but using `find()` and `let-else` to simplify the code.
@Turbo87
github/secret_scanning: Remove redundant string conversion before JSO…
81536a1 
…N parsing

We can use `from_slice()` instead to simplify the code
@Turbo87
tests/github: Simplify public_keys() implementation
cfc3f11
@Turbo87
github/secret_scanning: Extract GitHubSecretAlertFeedbackLabel enum
26cbca3
@Turbo87
github/secret_scanning: Treat missing token as Ok
27c3e79 
If GitHub reports a potential token we should treat false positives as legitimate cases instead of errors. Only real errors like failing to revoke a token should be considered errors.
@Turbo87 Turbo87 merged commit fb56426 into rust-lang:master Dec 13, 2022
@Turbo87 Turbo87 deleted the gh-secret-alerts branch December 13, 2022 12:12
@lopopolo lopopolo mentioned this pull request Apr 20, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
A-backend ⚙️ C-internal 🔧 Category: Nonessential work that would make the codebase more consistent or clear
Projects
crates.io team meetings
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Turbo87