refactor: enforce config pattern compliance, reduce duplication, fix E2E test by Copilot · Pull Request #540 · CompassSecurity/pipeleek

Copilot · 2026-03-04T10:37:25Z

Several commands weren't following the mandatory AutoBindFlags + RequireConfigKeys pattern, BindCommandFlags lacked a deprecation notice, and scan flag definitions were duplicated.

Config compliance

gitlab/cicd/yaml: Replace manual if projectName == "" with config.RequireConfigKeys("gitlab.url", "gitlab.token", "gitlab.cicd.yaml.project") — also adds previously missing validation for gitlab.url and gitlab.token
bitbucket/scan: Add missing config.RequireConfigKeys("bitbucket.url") — was the only scan command without this call
pkg/config/loader.go: Add // Deprecated: godoc annotation to BindCommandFlags

Dead code removal

github/ghtoken/exploit and gitlab/jobToken/exploit: Remove if val == "" checks that duplicate the RequireConfigKeys call immediately above

Flag deduplication

internal/cmd/flags/common.go: Extract shared flags (threads, truffle-hog-verification, confidence, hit-timeout) into addBaseScanFlags, called by both AddCommonScanFlags and AddCommonScanFlagsNoArtifacts

func addBaseScanFlags(cmd *cobra.Command, opts *config.CommonScanOptions) { ... }

func AddCommonScanFlags(cmd *cobra.Command, opts *config.CommonScanOptions, maxArtifactSize *string) {
    addBaseScanFlags(cmd, opts)
    // artifacts, max-artifact-size, owned
}

func AddCommonScanFlagsNoArtifacts(cmd *cobra.Command, opts *config.CommonScanOptions) {
    addBaseScanFlags(cmd, opts)
}

E2E test fix

tests/e2e/gitlab/cicd/yaml/yaml_test.go: Update TestGLCicdYaml_MissingProject assertion from "Project name is required" to "gitlab.cicd.yaml.project" to match the RequireConfigKeys error format

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

192.0.2.2
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gluna shodan --json /tmp/TestGLunaShodan_HTTPModule2319685110/001/shodan-export.json ked/patterns.go ked/scanner.go 0.1-go1.25.1.lin-nilfunc onalaccesstoken//home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.1.linux-amd64/pkg/too--scope lehog/v3/pkg/det-o mpile 0.1-go1.25.1.lin-importcfg -o 8.0/openpgp/armo-s 8.0/openpgp/armo-w 0.1-go1.25.1.lin-buildmode=exe onvier.go num mpile 0.1-go1.25.1.linexploit (packet block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gluna shodan --json /tmp/TestGLunaShodan_HTTPModule3456649573/001/shodan-export.json kg_.a mpile rg/toolchain@v0.0.1-go1.25.1.lin--token /larksuite.go (packet block)
192.0.2.4
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gluna shodan --json /tmp/TestGLunaShodan_MultipleInstances4220900832/001/shodan-export.json d.go mpile 0.1-go1.25.1.linux-amd64/pkg/tool/linux_amd64/compile s_keys/accesskey/home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.1.linux-amd64/pkg/toosecurity lehog/v3/pkg/det-o mpile 0.1-go1.25.1.lin-trimpath -o ip@v1.6.1/intern-p mpile 0.1-go1.25.1.lin-lang=go1.25 ch.pb.go /gitlab/enum mpile 0.1-go1.25.1.lin-goversion (packet block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gluna shodan --json /tmp/TestGLunaShodan_MultipleInstances2063848585/001/shodan-export.json kg_.a mpile pkg/mod/golang.org/toolchain@v0.0.1-go1.25.1.lin-lang=go1.25 pi.go bing/format/pktlgitea mpile portcfg -p EIOUtnxFg mpile rg/toolchain@v0.0.1-go1.25.1.lin-lang=go1.25 e/noticeable.go lesecurity/truff-atomic mpile rg/toolchain@v0.-buildtags (packet block)
api.stripe.com
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek bb scan --bitbucket REDACTED --email testuser --token testpass --cookie test-cookie-value --workspace test-workspace --artifacts /openpgp/interna-nolocalimports ux-amd64/pkg/tool/linux_amd64/vet -p ectors/yandex mpile ux-amd64/pkg/tool/linux_amd64/vet (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek bb scan --bitbucket REDACTED --email testuser --token testpass --cookie test-cookie-value --workspace test-workspace --artifacts ver@v1.17.4/mongo/options/autoengithub.com/hashicorp/go-version ux-amd64/pkg/tool/linux_amd64/vet -p ectors/zipcodebagl mpile ux-amd64/pkg/tooyaml (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek bb scan --bitbucket REDACTED --email testuser --token testpass --cookie test-cookie-value --workspace test-workspace --artifacts mpile ux-amd64/pkg/tool/linux_amd64/vet -p lehog/v3/pkg/det--norc mpile ux-amd64/pkg/tool/linux_amd64/vet (dns block)
api.zipbooks.com
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek ad scan --devops REDACTED --token test-token --username testuser --organization TestOrg --project TestProject --artifacts --max-artifact-size 50Mb --log-level debug mpile ux-amd64/pkg/too/tmp/go-build1765779732/b069/vet.cfg (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gitea scan --gitea REDACTED --token test-token --artifacts --max-artifact-size 50Mb --log-level debug -o o 0.1-go1.25.1.lin-nolocalimports ux-amd64/pkg/tool/linux_amd64/vet -p ectors/weatherbi-atomic mpile ux-amd64/pkg/too-buildtags (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek ad scan --devops REDACTED --token test-token --username testuser --organization TestOrg --project TestProject --artifacts --max-artifact-size 50Mb --log-level debug mpile 0.1-go1.25.1.lin-trimpath (dns block)
cluster.example.com
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gitea scan --gitea REDACTED --token test-token --artifacts --max-artifact-size 50Mb --log-level debug -o o 0.1-go1.25.1.lin-nolocalimports ux-amd64/pkg/tool/linux_amd64/vet -p ectors/weatherbi-atomic mpile ux-amd64/pkg/too-buildtags (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gitea scan --gitea REDACTED --token test-token --artifacts --max-artifact-size 50Mb --log-level debug -o s@v1.18.1/trees/--token s@v1.18.1/trees/ghp_test_token ux-amd64/pkg/tool/linux_amd64/link payments.go lesecurity/truffgl mpile ux-amd64/pkg/too--gitlab (dns block)
db.example.com
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek bb scan --bitbucket REDACTED --email testuser --token testpass --cookie test-cookie-value --workspace test-workspace --artifacts /openpgp/interna-nolocalimports ux-amd64/pkg/tool/linux_amd64/vet -p ectors/yandex mpile ux-amd64/pkg/tool/linux_amd64/vet (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek ad scan --devops REDACTED --token azure-pat-token --username testuser --organization myorg ux-amd64/pkg/too/tmp/go-build1765779732/b071/vet.cfg -o ty/trufflehog/v3-c=4 mpile ux-amd64/pkg/tool/linux_amd64/vet -p ectors/zeplin mpile ux-amd64/pkg/tool/linux_amd64/vet (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek ad scan --devops REDACTED --token azure-pat-token --username testuser --organization myorg --artifacts 3445�� scan.go mpile ux-amd64/pkg/tool/linux_amd64/vet -p ectors/zulipchat--norc mpile ux-amd64/pkg/tool/linux_amd64/vet (dns block)
db.local
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek ad scan --devops REDACTED --token test-token --username testuser --organization TestOrg --project TestProject --artifacts --max-artifact-size 50Mb --log-level debug mpile ux-amd64/pkg/too/tmp/go-build1765779732/b069/vet.cfg (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek ad scan --devops REDACTED --token test-token --username testuser --organization TestOrg --project TestProject --artifacts --max-artifact-size 50Mb --log-level debug mpile 0.1-go1.25.1.lin-trimpath (dns block)
example.invalid
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gluna shodan --json /tmp/TestGLunaShodan_WithHostname1107315667/001/shodan-export.json /renovate.go mpile 0.1-go1.25.1.lin-nilfunc oken/azuresastok/home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.1.linux-amd64/pkg/too-trimpath lehog/v3/pkg/det-o mpile wWZCOvnXG193 -o compress@v0.0.0--p compress@v0.0.0-main 0.1-go1.25.1.lin-lang=go1.25 rowdin.go /gitlab/secureFi-atomic mpile 0.1-go1.25.1.lin-buildtags (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gluna shodan --json /tmp/TestGLunaShodan_WithHostname3321120859/001/shodan-export.json kg_.a 0.1-go1.25.1.linglpat-test-token ux-amd64/pkg/tool/linux_amd64/vet us/loginradius.g/home/REDACTED/work/pipeleek/pipeleek/pipeleek bing/transport/igitea mpile ux-amd64/pkg/too--gitea port�� g_.a rg/toolchain@v0.gitea-token rg/toolchain@v0.--owned .go lesecurity/truff-o mpile rg/toolchain@v0.-importcfg (dns block)
gitlab.example.com
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gl container artipacked --gitlab REDACTED --token test-token -p lehog/v3/pkg/det-atomic mpile ux-amd64/pkg/too-buildtags -o privesc.go mpile 0.1-go1.25.1.lin-nilfunc ra/serviceprinci/home/REDACTED/work/pipeleek/pipeleek/pipeleek lehog/v3/pkg/detbb mpile 0.1-go1.25.1.lin--bitbucket (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gl container artipacked --gitlab REDACTED --token test-token html2pdf.go eek/pkg/scanner/gl mpile 0.1-go1.25.1.lin--gitlab pkg/�� kg_.a mpile ux-amd64/pkg/tool/linux_amd64/vet .go bing/transport/sgitea mpile ux-amd64/pkg/too--gitea (dns block)
https://api.github.com/user
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek bb scan --bitbucket REDACTED --email testuser --token testtoken --workspace test-workspace --confidence high,medium ient.go rward.go ux-amd64/pkg/tool/linux_amd64/vet -p ectors/vouchery mpile ux-amd64/pkg/too/tmp/go-build1765779732/b061/vet.cfg (http block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek bb scan --bitbucket REDACTED --email testuser --token testpass --cookie test-cookie-value --workspace test-workspace --artifacts /openpgp/interna-nolocalimports ux-amd64/pkg/tool/linux_amd64/vet -p ectors/yandex mpile ux-amd64/pkg/tool/linux_amd64/vet (http block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek bb scan --bitbucket REDACTED --email testuser --token testpass --cookie test-cookie-value --workspace test-workspace --artifacts s@v6.15.9+incompatible/cluster_cgithub.com/gofri/go-github-ratelimit/v2/github_ratelimit/github_1 ux-amd64/pkg/tool/linux_amd64/vet -p ine/defaults mpile ux-amd64/pkg/tool/linux_amd64/vet (http block)
invalid.local
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gl enum --gitlab REDACTED --token test --logfile /tmp/TestLogging_FileOutputDisablesColorsAutomatically2734826099/001/test.log gnore mpile 0.1-go1.25.1.lin-buildtags -o .6/circuit_break-errorsas .6/client.go 0.1-go1.25.1.lin-nilfunc loud/currencyclo/home/REDACTED/work/pipeleek/pipeleek/pipeleek /gitlab/REDACTEDs mpile 0.1-go1.25.1.linenum (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gl enum --gitlab REDACTED --token test --logfile /tmp/TestLogging_FileOutputWithExplicitColorEnabled369527205/001/test_color.log --color=true mpile rg/toolchain@v0.-importcfg -o y@v1.2.1/pretty.-s db.org/mongo-dri-w 0.1-go1.25.1.lin-buildmode=exe guage/detectlang/home/REDACTED/work/pipeleek/pipeleek/pipeleek lehog/v3/pkg/detgl mpile 0.1-go1.25.1.linprivesc (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek gl enum --gitlab REDACTED --token test --logfile /tmp/TestLogging_FileOutputWithExplicitColorDisabled3818851511/001/test_nocolor.log --color=false mpile ux-amd64/pkg/toolist -o go-crypto@v1.1.6REDACTED go-crypto@v1.1.6--token ux-amd64/pkg/tool/linux_amd64/link l/dotdigital.go lehog/v3/pkg/det-atomic mpile ux-amd64/pkg/too-buildtags (dns block)
sts.us-east-1.amazonaws.com
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek ad scan --devops REDACTED --token azure-pat-token --username testuser --organization myorg --confidence high,medium endency.go .go ux-amd64/pkg/tool/linux_amd64/vet -p /privesc mpile ux-amd64/pkg/too/tmp/go-build1765779732/b138/vet.cfg (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek bb scan --bitbucket REDACTED --email testuser --token testpass --cookie test-cookie-value --workspace test-workspace --artifacts /openpgp/interna-nolocalimports ux-amd64/pkg/tool/linux_amd64/vet -p ectors/yandex mpile ux-amd64/pkg/tool/linux_amd64/vet (dns block)
- Triggering command: /home/REDACTED/work/pipeleek/pipeleek/pipeleek /home/REDACTED/work/pipeleek/pipeleek/pipeleek ad scan --devops REDACTED --token azure-pat-token --username testuser --organization myorg ux-amd64/pkg/too/tmp/go-build1765779732/b071/vet.cfg -o ty/trufflehog/v3-c=4 mpile ux-amd64/pkg/tool/linux_amd64/vet -p ectors/zeplin mpile ux-amd64/pkg/tool/linux_amd64/vet (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

…Flags - Replace manual validation in gitlab/cicd/yaml with RequireConfigKeys - Add missing RequireConfigKeys call to bitbucket/scan - Mark BindCommandFlags as deprecated in favor of AutoBindFlags Co-authored-by: frjcomp <107982661+frjcomp@users.noreply.github.com>

- Remove dead-code empty checks in github/ghtoken/exploit and gitlab/jobToken/exploit that duplicate RequireConfigKeys validation - Extract shared scan flags into addBaseScanFlags helper to eliminate duplication between AddCommonScanFlags and AddCommonScanFlagsNoArtifacts Co-authored-by: frjcomp <107982661+frjcomp@users.noreply.github.com>

Copilot

Pull request overview

Refactors several CLI commands to better align with Pipeleek’s unified configuration-loading pattern (AutoBindFlags + RequireConfigKeys), removes redundant manual validations, and deduplicates shared scan-flag definitions.

Changes:

Enforce config-key validation in gitlab cicd yaml and remove redundant manual “empty value” checks in exploit commands.
Add a deprecation notice for BindCommandFlags in the config loader.
Reduce duplicated scan flag definitions by extracting shared flags into an internal helper.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/config/loader.go	Adds GoDoc `// Deprecated:` annotation for `BindCommandFlags`.
internal/cmd/gitlab/jobToken/exploit/exploit.go	Removes redundant manual `project` emptiness validation, relying on `RequireConfigKeys`.
internal/cmd/gitlab/cicd/yaml/yaml.go	Replaces manual project validation with `RequireConfigKeys` (also validating GitLab URL/token).
internal/cmd/github/ghtoken/exploit/exploit.go	Removes redundant manual `repo` emptiness validation, relying on `RequireConfigKeys`.
internal/cmd/flags/common.go	Extracts shared scan flags into `addBaseScanFlags` to remove duplication.
internal/cmd/bitbucket/scan/scan.go	Adds `RequireConfigKeys("bitbucket.url")` prior to reading config values.

internal/cmd/bitbucket/scan/scan.go

The TestGLCicdYaml_MissingProject test expected "Project name is required" but the refactored code now uses config.RequireConfigKeys which outputs "gitlab.cicd.yaml.project" in the error. Updated assertion to match. Co-authored-by: frjcomp <107982661+frjcomp@users.noreply.github.com>

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Initial plan

739e74e

Copilot AI assigned Copilot and frjcomp Mar 4, 2026

Copilot started work on behalf of frjcomp March 4, 2026 10:37 View session

Copilot AI changed the title ~~[WIP] Analyze and refactor Pipeleek project for code quality~~ refactor: enforce config.RequireConfigKeys compliance and deprecate BindCommandFlags Mar 4, 2026

Copilot finished work on behalf of frjcomp March 4, 2026 10:51

Copilot started work on behalf of frjcomp March 4, 2026 10:54 View session

Copilot AI changed the title ~~refactor: enforce config.RequireConfigKeys compliance and deprecate BindCommandFlags~~ refactor: enforce config pattern compliance and reduce code duplication Mar 4, 2026

Copilot finished work on behalf of frjcomp March 4, 2026 11:04

frjcomp marked this pull request as ready for review March 4, 2026 11:11

Copilot AI review requested due to automatic review settings March 4, 2026 11:11

Copilot started reviewing on behalf of frjcomp March 4, 2026 11:12 View session

Copilot AI reviewed Mar 4, 2026

View reviewed changes

internal/cmd/bitbucket/scan/scan.go Outdated Show resolved Hide resolved

Copilot started work on behalf of frjcomp March 4, 2026 11:46 View session

Copilot AI changed the title ~~refactor: enforce config pattern compliance and reduce code duplication~~ refactor: enforce config pattern compliance, reduce duplication, fix E2E test Mar 4, 2026

Copilot finished work on behalf of frjcomp March 4, 2026 12:00

Update internal/cmd/bitbucket/scan/scan.go

9ddab2a

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

frjcomp merged commit fb79611 into main Mar 4, 2026
12 checks passed

frjcomp deleted the copilot/refactor-pipeleek-code-quality branch March 4, 2026 12:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: enforce config pattern compliance, reduce duplication, fix E2E test#540

refactor: enforce config pattern compliance, reduce duplication, fix E2E test#540
frjcomp merged 5 commits intomainfrom
copilot/refactor-pipeleek-code-quality

Copilot AI commented Mar 4, 2026 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Copilot AI commented Mar 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Config compliance

Dead code removal

Flag deduplication

E2E test fix

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Copilot AI commented Mar 4, 2026 •

edited

Loading