Skip to content

Commit

Permalink
Merge pull request #1 from ps-copilot-sandbox/ghcas-2.0
Browse files Browse the repository at this point in the history
Update GitHub Copilot configuration and telemetry demo documentation
  • Loading branch information
arilivigni authored Jun 3, 2024
2 parents 75b763e + 4770455 commit ffdf842
Show file tree
Hide file tree
Showing 17 changed files with 170 additions and 65 deletions.
95 changes: 74 additions & 21 deletions Demo1-Policies-Settings/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,54 +2,107 @@

## Overview

This demo will show you how to configure GitHub Copilot for your organization and enterprise. It will guide the customer on each level of configuration and how to enable/disable features.
This demo will show you how to configure GitHub Copilot for your enterprise and organization. It will guide the customer on each level of configuration and how to enable/disable features.

## GitHub Settings
## GitHub Settings

### Enterprise Settings

#### Access and Policies
#### Enterprise Access Management

- Show Suggestions matching public code
- Notification on matching code
- Manage organization access to GitHub Copilot
Show the following options:

#### Beta Features
- Total seats assigned and a monthly cost and a link to view billing details
- **Action Item:** Click link `View billing` and showcase how it looks in your enterprise.
- Copilot Enterprise is active in your enterprise options
- Disabled
- Allow for all organizations
- Allow for specific organizations

- GitHub Copilot Chat IDE
- GitHub Copilot in the CLI
#### Enterprise Policies and Features

Show the following options:

- Suggestions matching public code
- Copilot in github.com
- Give Copilot access to Bing **Beta**
- Opt in to user feedback collection
- Copilot Chat in the IDE
- Copilot Chat in GitHub Mobile
- Copilot in the CLI

### Organization Settings

#### Access
#### Manage & Control Access

- Number of copilot seats
- Estimated monthly cost
- Number of copilot seats
- Estimated monthly cost
- View billing details
- Policy for enabled members
- Policy for enabled members
- Access management
- **Action Item:** Download report and showcase how it looks in your organization.

#### Policies and Features
#### Organization Policies

Show the following options:

- Suggestions matching public code
- Copilot in github.com
- Give Copilot access to Bing **Beta**
- Opt in to user feedback collection
- Copilot Chat in the IDE
- Copilot Chat in GitHub Mobile
- Copilot in the CLI

#### Organization Features

##### Knowledge Bases

- Review creating a Knowledge Base
- Adding a knowledge base path inclusion

![Knowledge Base Creation](../docs/images/copilot-manage-knowledge-bases1-dark.gif)

- Suggestions matching public code
- Notifications on matching code
- Beta Features
- GitHub Copilot Chat for IDE
- GitHub Copilot in the CLI
![Knowledge Base Include Paths](../docs/images/copilot-manage-knowledge-bases2-dark.gif)

##### Content Exclusion

- Review creating a Content Exclusion
- Adding repository and path to files to exclude

![Content Exclusion adding repositories and paths to exclude](../docs/images/copilot-content-exclusion-organization-dark.gif)

## Client Side Settings

### Network Settings

- Proxy Settings
- **Action Item:** Show how to configure proxy settings in the IDE
- Authentication Modes
- **Action Item:** Show how authentication modes work with GitHub Copilot

### Firewall Settings

## IDE Settings
- Show the URLs to add to an allowlist

## IDE Advanced Settings

### Supported IDEs

- Visual Studio Code
- Visual Studio
- IntelliJ IDEA
- Vim/Neovim
- Azure Data Studio

### Enable non-programming Meta Files

- **Action Item:** Show how to enable/disable non-programming meta files in the IDE

### VSCode

GitHub Copilot Extension and click on it -> Click the gear icon -> Click on Extension Settings -> Click on the blue Edit in settings.json button

### IntelliJ
### IntelliJ IDEA

Go to Settings -> Language and Framework -> GitHub Copilot -> Update advanced settings in this view
14 changes: 10 additions & 4 deletions Demo2-Telemetry/GitHub-Copilot-API-Demo.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,23 +18,29 @@ Update "TOKEN" under the Authentication tab with the token you created in the [C

![postman token update](../docs/images/Telemetry/postman-update-token.png)

Update the variables "ORG" and "USERNAME" under the Variables tab with your organization name and your GitHub username you want to view.
Update the variables "ORG" and "USERNAME" under the Variables tab with your organization name and your GitHub username you want to view. "ENTERPRISE" if you want to view usage for an enterprise account.

![postman variable update](../docs/images/Telemetry/postman-update-variables.png)

### Step 2: Demo the Copilot REST API _Get Org Seat Information_
### Step 2: Demo the Copilot REST API _Get Org Usage Information_

Double click on "Get Org Usage Information" to open the request. Click "Send" to send the request.

![Get Org Usage Information](../docs/images/Telemetry/get-org-usage-information.png)

### Step 3: Demo the Copilot REST API _Get Org Seat Information_

Double click on "Get Org Seat Information" to open the request. Click "Send" to send the request.

![Get Org Seat Information](../docs/images/Telemetry/get-org-seat-information.png)

### Step 3: Demo the Copilot REST API _List Org Seat Assignments_
### Step 4: Demo the Copilot REST API _List Org Seat Assignments_

Double click on "List Org Seat Assignments" to open the request. Click "Send" to send the request.

![List Org Seat Assignments](../docs/images/Telemetry/list-org-seat-assignments.png)

### Step 4: Demo the Copilot REST API _Get Seat for a User_
### Step 5: Demo the Copilot REST API _Get Seat for a User_

Double click on "Get Seat for a User" to open the request. Click "Send" to send the request.

Expand Down
3 changes: 1 addition & 2 deletions Demo2-Telemetry/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,7 @@ Step One: [Setup Postman](postman-setup-info/postman-collection-setup.md)

Step Two: [Demo Copilot API](GitHub-Copilot-API-Demo.md)


### Collections
### Collections

- [GitHub v3 REST APIs](postman-setup-info/GitHub-v3-REST-API.postman_collection.json)
- [GitHub Copilot REST APIs](postman-setup-info/GitHubCopilotAPI.postman_collection.json)
Original file line number Diff line number Diff line change
@@ -1,12 +1,51 @@
{
"info": {
"_postman_id": "ac350d03-c04a-497e-8c3d-48cda67500d8",
"_postman_id": "ff194d7e-adf0-4ee2-9fae-07223e43812a",
"name": "GitHub Copilot API",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "23948556",
"_collection_link": "https://warped-resonance-718170.postman.co/workspace/New-Team-Workspace~8b7cd40b-aab9-4298-b6e3-921cbe93bba4/collection/23948556-ac350d03-c04a-497e-8c3d-48cda67500d8?action=share&source=collection_link&creator=23948556"
"_exporter_id": "17175297"
},
"item": [
{
"name": "Get Org Usage",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "{{url}}/orgs/{{org}}/copilot/usage",
"host": [
"{{url}}"
],
"path": [
"orgs",
"{{org}}",
"copilot",
"usage"
]
}
},
"response": []
},
{
"name": "Get Enterprise Usage",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "{{url}}/enterprises/{{enterprise}}/copilot/usage",
"host": [
"{{url}}"
],
"path": [
"enterprises",
"{{enterprise}}",
"copilot",
"usage"
]
}
},
"response": []
},
{
"name": "Get Org Seat Information",
"request": {
Expand Down Expand Up @@ -203,7 +242,7 @@
"variable": [
{
"key": "org",
"value": "ORGNAME",
"value": "ORG",
"type": "string"
},
{
Expand All @@ -215,6 +254,11 @@
"key": "username",
"value": "USERNAME",
"type": "string"
},
{
"key": "enterprise",
"value": "ENTERPRISE",
"type": "string"
}
]
}
3 changes: 0 additions & 3 deletions Demo3-Data-Privacy/README.md

This file was deleted.

File renamed without changes.
1 change: 0 additions & 1 deletion Demo4-Troubleshooting/README.log

This file was deleted.

File renamed without changes.
5 changes: 5 additions & 0 deletions Demo5-Data-Privacy/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Copilot Administration & Security - Demo: Data Privacy

## [Copilot Transcripts](copilot-transcript-sql.md)

## [Vulnerable Patterns in Incomplete Code Fragments](vulnerable_patterns_in_incomplete_fragments_of_code.md)
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ whats the difference, interms of security, between an SQL Statement and a Prepar

In terms of security, there are a few key differences between a SQL statement and a prepared statement:

1. SQL Injection Protection: Prepared statements provide built-in protection against SQL injection attacks. With a prepared statement, the SQL query is precompiled and the query parameters are treated as separate entities, preventing malicious input from altering the structure of the query. This helps to mitigate the risk of SQL injection vulnerabilities.
1. SQL Injection Protection: Prepared statements provide built-in protection against SQL injection attacks. With a prepared statement, the SQL query is precompiled and the query parameters are treated as separate entities, preventing malicious input from altering the structure of the query. This helps to mitigate the risk of SQL injection vulnerabilities.

2. Parameterized Queries: Prepared statements use parameterized queries, where the query parameters are represented by placeholders in the SQL statement. The actual parameter values are then bound to these placeholders at runtime. This separation of the query logic from the data values helps to ensure that user input is properly sanitized and prevents unauthorized access to the underlying database.

Expand Down Expand Up @@ -142,4 +142,3 @@ Securing a Java application that interacts with a database involves implementing
1. Regularly Perform Security Audits and Penetration Testing: Conduct regular security audits and penetration testing to identify and address any vulnerabilities in your application and database configuration. This helps ensure that your security measures are effective and up to date.

Remember that security is an ongoing process, and it's important to stay informed about the latest security best practices and vulnerabilities relevant to your specific database technology and application stack.

Original file line number Diff line number Diff line change
Expand Up @@ -2,91 +2,83 @@

![abelberhane](../docs/images/abelberhane.png)

Examples by [@abelberhane](https://www.github.com/abelberhane)
Examples by [@abelberhane](https://www.github.com/abelberhane)

---
<!-- markdownlint-disable MD033 -->
## SQL Injection Vulnerability

<br><br><br>

# SQL Injection Vulnerability

## Incomplete Code Fragment (Python) <img width="50px" src="../docs/images/python-logo.png">
### Incomplete Code Fragment (Python) #1 <img width="50px" src="../docs/images/python-logo.png" alt="Python">

```python
def get_user_data(user_id): query = "SELECT * FROM users WHERE id = " + user_id # ... database query execution
```

### Copilot's Contribution
#### Copilot's Contribution #1

>Copilot can recognize that concatenating a variable directly into a SQL query string is a common pattern leading to SQL injection vulnerabilities. It might suggest a modification using parameterized queries or ORM (Object-Relational Mapping) methods to prevent such issues.
### Suggested Code
#### Suggested Code #1

```python
def get_user_data(user_id): query = "SELECT * FROM users WHERE id = %s" params = (user_id,) # ... database query execution with parameters...
```

---

<br><br><br>

# Cross-Site Scripting (XSS) in Web Applications
## Cross-Site Scripting (XSS) in Web Applications

## Incomplete Code Fragment (JavaScript) <img width="40px" src="../docs/images/node-js.png">
### Incomplete Code Fragment (JavaScript) #2 <img width="40px" src="../docs/images/node-js.png" alt="NodeJS">

```javascript
app.get('/search', function(req, res) { var searchTerm = req.query.term; res.send('Results for: ' + searchTerm); });
```

### Copilot's Contribution
#### Copilot's Contribution #2

>Recognizing the pattern of directly including user input in the response, Copilot might suggest sanitizing the input or encoding the output to prevent XSS attacks.
### Suggested Code
#### Suggested Code #2

```javascript
app.get('/search', function(req, res) { var searchTerm = escape(req.query.term); res.send('Results for: ' + searchTerm); });
```

---

<br><br><br>
## Insecure Password Storage

# Insecure Password Storage

## Incomplete Code Fragment (JavaScript) <img width="40px" src="../docs/images/node-js.png">
### Incomplete Code Fragment (JavaScript) #3 <img width="40px" src="../docs/images/node-js.png" alt="NodeJS">

```javascript
function storeUser(username, password) { // Code to store username and password directly in the database }
```
### Copilot's Contribution
#### Copilot's Contribution #3
>Identifying the pattern of insecure password handling, Copilot could suggest implementing hashing with a strong algorithm like bcrypt before storing passwords.
### Suggested Code
#### Suggested Code #3
```javascript
const bcrypt = require('bcrypt'); function storeUser(username, password) { const salt = bcrypt.genSaltSync(10); const hash = bcrypt.hashSync(password, salt); // Code to store username and hashed password in the database }
```
---
<br><br><br>
# Inadequate Encryption Use
## Inadequate Encryption Use
## Incomplete Code Fragment (Python) <img width="50px" src="../docs/images/python-logo.png">
### Incomplete Code Fragment (Python) #4 <img width="50px" src="../docs/images/python-logo.png" alt="Python">
```python
from Crypto.Cipher import AES import os def encrypt_message(message): key = os.urandom(16) # 16-byte key cipher = AES.new(key, AES.MODE_ECB) # ...
```
## Copilot's Contribution:
#### Copilot's Contribution Python #4
>In this case, Copilot might highlight the use of ECB mode, which is generally considered insecure for encryption, and suggest using a more secure mode like CBC or GCM.
## Suggested Code:
#### Suggested Code Python #4
```python
from Crypto.Cipher import AES import os def encrypt_message(message): key = os.urandom(16) # 16-byte key cipher = AES.new(key, AES.MODE_CBC, iv) # ...
Expand Down
Loading

0 comments on commit ffdf842

Please sign in to comment.