Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

security: Log AccessGranted events when repo accessed directly#23168

Merged
ryanslade merged 5 commits intomainfrom
log-access-granted
Jul 27, 2021
Merged

security: Log AccessGranted events when repo accessed directly#23168
ryanslade merged 5 commits intomainfrom
log-access-granted

Conversation

@ryanslade
Copy link
Copy Markdown
Contributor

@ryanslade ryanslade commented Jul 23, 2021
edited
Loading

Log AccessGranted event when private repo accessed

I added some instrumentation to see how often this happens, which right now is not a lot:
https://sourcegraph.com/-/debug/grafana/explore?orgId=1&left=%5B%22now-1h%22,%22now%22,%22Prometheus%22,%7B%22exemplar%22:true,%22expr%22:%22max(src_access_granted_private_repo)%22,%22requestId%22:%22Q-e60cde3b-6771-4b1e-b23c-196cc38600a3-0A%22%7D%5D

I've also added counter for where I plan to log events when listing repos

@ryanslade ryanslade requested a review from a team July 23, 2021 13:11
@ryanslade ryanslade marked this pull request as ready for review July 23, 2021 13:11
@sourcegraph-bot
Copy link
Copy Markdown
Contributor

sourcegraph-bot commented Jul 23, 2021
edited
Loading

Notifying subscribers in CODENOTIFY files for diff 8aeec8c...b91355e.

Notify File(s)
@asdine internal/database/repos.go
@eseliger internal/database/repos.go

@ryanslade ryanslade changed the title log access granted security: Log AccessGranted events when repo accessed directly Jul 23, 2021
unknwon
unknwon approved these changes Jul 23, 2021
View reviewed changes
Comment thread internal/database/repos.go Outdated
@ryanslade
Copy link
Copy Markdown
Contributor Author

ryanslade commented Jul 23, 2021

@unknwon Made a few more changes, PTAL

@ryanslade
Copy link
Copy Markdown
Contributor Author

ryanslade commented Jul 23, 2021

@unknwon Thanks. I'm going to hold off committing this until I'm back on Tuesday because there are currently some database issues and I don't want anything unexpected to happen over the weekend.

@ryanslade ryanslade merged commit d362f5c into main Jul 27, 2021
@ryanslade ryanslade deleted the log-access-granted branch July 27, 2021 07:58
efritz pushed a commit that referenced this pull request Jul 27, 2021
@ryanslade @efritz
security: Log AccessGranted events when repo accessed directly (#23168)
c0e251c 
Log when a private repo is accessed directly.

Also, instrument when a private repo is listed before deciding whether
we should log it.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@unknwon unknwon unknwon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ryanslade @sourcegraph-bot @unknwon