Add project scan service
What does this MR do and why?
内容安全服务优化
提供检查某个仓库中主分支下当前所有文件的方案:
- 获取仓库默认分支的最新commit
ref = project.default_branch
recent_commit = project.repository.commit(ref)- 基于最新commit 递归获取仓库文件树
root_tree = repository.tree(recent_commit.id, "", recursive: true)- 依次获取目录下文件最新commit列表
commits = project.repository.list_last_commits_for_tree(
recent_commit.id,
File.join(path, ""),
offset: 0, limit: TREE_COMMITS_LIMIT
)- 依次检查文件树内容,把对应内容发送到 CVS 检查
if type == :tree
tree = repository.tree(commit.id, path)
tree_validate(commit, tree)
elsif type == :blob
blob = repository.blob_at(commit.id, path)
validate_blob(commit, blob)
end- 添加
ProjectScanService - 添加
ProjectScanWorker - 添加
content_blocked_states/project_scanapi, 目标用户 SaaS Admin
related to issue: https://jihulab.com/gitlab-cn/internal/content-security-backend/-/issues/36
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
由 Linjie Zhang 编辑于