gitguardian / py-gitguardian Goto Github PK

View Code? Open in Web Editor NEW

73.0 18.0 15.0 373 KB

Python API client library for the GitGuardian API

License: MIT License

Makefile 0.39% Python 99.61%

api-client devsecops secrets-detection security-tools python library gitguardian ci shift-left

py-gitguardian's People

Stargazers

Watchers

Forkers

chiragkyal boy699 devopstoday11 connectionmaster sayrus ekmixon julienc91 rgajason the-delta-slumerican-organization krtk30 irgeek fiatleak fnareoh gg-cedric odenizo

py-gitguardian's Issues

Please stop spamming the GitHub community with your "services"!

You have been sending me multiple emails looking like this:

GitGuardian has detected the following ____ exposed within your GitHub account.
Details

- Secret type: ____

- Repository: ____/____

- Pushed date: ____, ____ UTC

Fix This Secret Leak
Read our guide to remediate an exposed secret.

GitGuardian is an automated secrets detection service trusted by 150,000 developers worldwide.

Unsubscribe from these alerts.
--


</div></td></tr><br class="Apple-interchange-newline">

Most GitHub users have never signed up for your services, and your action is the exact definition of spamming. If you like to get more users from this community, you need to stop spamming them to begin with!

Here's more reports about your spamming actions: https://github.community/t/gitguardian-alert-but-i-wasnt-signed-up/123151

Only for scanning, no incident management/retrieve findings ?

It seems that the client here doesn't have a lot of coverage of the overall https://api.gitguardian.com/docs

Maybe I'll try a generated client from the API spec, but I thought this client was supporting more operations

Complete type-hinting

Description

pygitguardian has type-hints but they are not complete and the package does not announce itself as typed.

As per PEP-561, a Python package can announce itself as typed by shipping a py.typed marker file.

By not announcing itself as typed, pygitguardian forces its users such as ggshield to ignore its imports. To see what this implies, one can do the following with ggshield:

edit pyproject.toml, remove the ignore_missing_imports = true
run mypy:

ggshield/output/json/schemas.py:4: error: Skipping analyzing "pygitguardian.iac_models": module is installed, but missing library stubs or py.typed marker
ggshield/output/json/schemas.py:5: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/debug_logs.py:4: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
ggshield/output/text/message.py:5: error: Skipping analyzing "pygitguardian.client": module is installed, but missing library stubs or py.typed marker
ggshield/output/text/message.py:6: error: Skipping analyzing "pygitguardian.iac_models": module is installed, but missing library stubs or py.typed marker
ggshield/output/text/message.py:7: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/core/filter.py:10: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/core/utils.py:12: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/core/cache.py:5: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/core/client.py:3: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
ggshield/scan/scanner.py:9: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
ggshield/scan/scanner.py:10: error: Skipping analyzing "pygitguardian.config": module is installed, but missing library stubs or py.typed marker
ggshield/scan/scanner.py:11: error: Skipping analyzing "pygitguardian.iac_models": module is installed, but missing library stubs or py.typed marker
ggshield/scan/scanner.py:12: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/status.py:5: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/status.py:6: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/quota.py:5: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/quota.py:6: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/scan/docker.py:12: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
ggshield/output/text/text_output_handler.py:5: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/output/text/iac_text_output_handler.py:5: error: Skipping analyzing "pygitguardian.iac_models": module is installed, but missing library stubs or py.typed marker
ggshield/output/json/json_output_handler.py:3: error: Skipping analyzing "pygitguardian.client": module is installed, but missing library stubs or py.typed marker
ggshield/output/json/json_output_handler.py:4: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/output/json/iac_json_output_handler.py:3: error: Skipping analyzing "pygitguardian.iac_models": module is installed, but missing library stubs or py.typed marker
ggshield/output/gitlab_webui/gitlab_webui_output_handler.py:1: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/scan/repo.py:10: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
ggshield/scan/repo.py:11: error: Skipping analyzing "pygitguardian.config": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/iac/scan.py:5: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/iac/scan.py:5: note: See https://mypy.readthedocs.io/en/stable/running_mypy.html#missing-imports
ggshield/cmd/iac/scan.py:6: error: Skipping analyzing "pygitguardian.iac_models": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/iac/scan.py:7: error: Skipping analyzing "pygitguardian.models": module is installed, but missing library stubs or py.typed marker
ggshield/cmd/secret/scan/repo.py:7: error: Skipping analyzing "pygitguardian": module is installed, but missing library stubs or py.typed marker
Found 31 errors in 19 files (checked 82 source files)

Even with the ignore_missing_imports flag, there are some places in ggshield code it has to use # type:ignore because mypy does not know the type returned by a py-gitguardian function.

Definition of Done

Type-hints are checked by the CI
Installing the package installs a py.typed mark

Libraries are imported that aren't dependencies.

Commit 9642af5 added imports for libraries that aren't actually dependencies for pygitguardian. Specifically, these imports:

py-gitguardian/pygitguardian/client.py

Line 9 in 183784d

import click

py-gitguardian/tests/test_utils.py

Line 5 in 183784d

import click

py-gitguardian/pygitguardian/iac_models.py

Line 4 in 183784d

import marshmallow_dataclass

It seems reasonable that marshmallow-dataclass should be added as a dependency for an API client, but I think making click a dependency would limit the usefulness. I suspect removing click will require modifications to ggshield.

Automate GitHub release creation

For each tag, our CI automatically creates a package and publishes it on PyPI, but it does not create the matching GitHub release. This can be automated. One can look at ggshield CI for inspiration.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.