Skip to content

Add Gitlab V3 Detector #4563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add Gitlab V3 Detector #4563

wants to merge 7 commits into from

Conversation

@mustansir14
Copy link
Contributor

@mustansir14 mustansir14 commented Nov 20, 2025
edited
Loading

Description:

This PR resolves #4551 by introducing a V3 detector for Gitlab. Newly generated Gitlab PATs have a different format than what we are looking for in v1 and v2.

Thanks to @trufflesteeeve, we found Gitlab's merged PR that introduced this change. The regex is now made flexible to match what they have.

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@mustansir14 mustansir14 requested a review from a team November 20, 2025 14:11
@mustansir14 mustansir14 requested a review from a team as a code owner November 20, 2025 14:11
@shahzadhaider1
Copy link
Contributor

shahzadhaider1 commented Nov 20, 2025

Great work, @mustansir14. Let's add the v3 to engine defaults as well.

@mustansir14 mustansir14 requested a review from a team as a code owner November 20, 2025 14:45
trufflesteeeve
trufflesteeeve reviewed Nov 20, 2025
View reviewed changes
pkg/detectors/gitlab/v3/gitlab_v3.go Outdated

var (
defaultClient = common.SaneHttpClient()
keyPat = regexp.MustCompile(`\b(glpat-[a-zA-Z0-9\-=_]{27,300}.[0-9a-z]{2}.[a-z0-9]{9})\b`)
Copy link
Contributor

@trufflesteeeve trufflesteeeve Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

optional: It's probably worth adding a comment and a link to the gitlab commit that sets the regex, just so anyone curious about it can more easily pull up that info.

Though, it's also included as a part of the PR, so the information is available, which is great! A comment would just make it easier.

Copy link
Contributor Author

@mustansir14 mustansir14 Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. Added.

shahzadhaider1
shahzadhaider1 approved these changes Nov 25, 2025
View reviewed changes
Copy link
Contributor

@shahzadhaider1 shahzadhaider1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GW

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shahzadhaider1 shahzadhaider1 shahzadhaider1 approved these changes

@trufflesteeeve trufflesteeeve trufflesteeeve left review comments

@nabeelalam nabeelalam nabeelalam approved these changes

@kashifkhan0771 kashifkhan0771 kashifkhan0771 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GitLab Personal Access Token Syntax Change

5 participants

@mustansir14 @shahzadhaider1 @nabeelalam @kashifkhan0771 @trufflesteeeve