Skip to content

a8n: Add a prototype campaign type to search & replace leaked NPM credentials.

Administrator requested to merge a8n/npm-creds into master

Created by: mrnugget

This is a rough prototype that implements the first steps of #6852. I built this to illustrate how it can work with the current architecture and, more importantly, what we could change to make it more performant and robust.

Note to reviewers: Look at this by commits. I had to create one huge commit first that exposes types from the graphqlbackend so I can access search

Shortcomings of this PR:

  • The campaign type has to search again, even though we already searched for the tokens before constructing the CampaignJobs. Possible solution: persist the FileMatches along with LineMatches on the CampaignJob in a jsonb column.
  • The diff is created by hand and thus (judging by past "diff does not apply" experiences) very brittle. Possible solutions: shell out to diff/git diff once we have "old file content" and "new file content" at hand, or use a library that constructs a diff in memory (so far, none of them were able to produce a working unified diff), or build a library that does this...
  • The search queries are constructed by concatenating strings. That can be brittle, since we concatenate the scopeQuery, a user-defined string, to our search terms. We're also missing "count:9999" here to make sure we get everything. Possible solutions: something along the lines of RFC 75 that proposes a more structured interface to search.

We now need to decide which one of these shortcomings is a blocker.


Update in this comment

Merge request reports

Loading