Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GitHub Copilot configuration and telemetry demo documentation #1

Merged
merged 6 commits into from
Jun 3, 2024
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
95 changes: 74 additions & 21 deletions Demo1-Policies-Settings/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,54 +2,107 @@

## Overview

This demo will show you how to configure GitHub Copilot for your organization and enterprise. It will guide the customer on each level of configuration and how to enable/disable features.
This demo will show you how to configure GitHub Copilot for your enterprise and organization. It will guide the customer on each level of configuration and how to enable/disable features.

## GitHub Settings
## GitHub Settings

### Enterprise Settings

#### Access and Policies
#### Enterprise Access Management

- Show Suggestions matching public code
- Notification on matching code
- Manage organization access to GitHub Copilot
Show the following options:

#### Beta Features
- Total seats assigned and a monthly cost and a link to view billing details
- **Action Item:** Click link `View billing` and showcase how it looks in your enterprise.
- Copilot Enterprise is active in your enterprise options
- Disabled
- Allow for all organizations
- Allow for specific organizations

- GitHub Copilot Chat IDE
- GitHub Copilot in the CLI
#### Enterprise Policies and Features

Show the following options:

- Suggestions matching public code
- Copilot in github.com
- Give Copilot access to Bing **Beta**
- Opt in to user feedback collection
- Copilot Chat in the IDE
- Copilot Chat in GitHub Mobile
- Copilot in the CLI

### Organization Settings

#### Access
#### Manage & Control Access

- Number of copilot seats
- Estimated monthly cost
- Number of copilot seats
- Estimated monthly cost
- View billing details
- Policy for enabled members
- Policy for enabled members
- Access management
- **Action Item:** Download report and showcase how it looks in your organization.

#### Policies and Features
#### Organization Policies

Show the following options:

- Suggestions matching public code
- Copilot in github.com
- Give Copilot access to Bing **Beta**
- Opt in to user feedback collection
- Copilot Chat in the IDE
- Copilot Chat in GitHub Mobile
- Copilot in the CLI

#### Organization Features

##### Knowledge Bases

- Review creating a Knowledge Base
- Adding a knowledge base path inclusion

![Knowledge Base Creation](../docs/images/copilot-manage-knowledge-bases1-dark.gif)

- Suggestions matching public code
- Notifications on matching code
- Beta Features
- GitHub Copilot Chat for IDE
- GitHub Copilot in the CLI
![Knowledge Base Include Paths](../docs/images/copilot-manage-knowledge-bases2-dark.gif)

##### Content Exclusion

- Review creating a Content Exclusion
- Adding repository and path to files to exclude

![Content Exclusion adding repositories and paths to exclude](../docs/images/copilot-content-exclusion-organization-dark.gif)

## Client Side Settings

### Network Settings

- Proxy Settings
- **Action Item:** Show how to configure proxy settings in the IDE
- Authentication Modes
- **Action Item:** Show how authentication modes work with GitHub Copilot

### Firewall Settings

## IDE Settings
- Show the URLs to add to an allowlist

## IDE Advanced Settings

### Supported IDEs

- Visual Studio Code
- Visual Studio
- IntelliJ IDEA
- Vim/Neovim
- Azure Data Studio

### Enable non-programming Meta Files

- **Action Item:** Show how to enable/disable non-programming meta files in the IDE

### VSCode

GitHub Copilot Extension and click on it -> Click the gear icon -> Click on Extension Settings -> Click on the blue Edit in settings.json button

### IntelliJ
### IntelliJ IDEA

Go to Settings -> Language and Framework -> GitHub Copilot -> Update advanced settings in this view
14 changes: 10 additions & 4 deletions Demo2-Telemetry/GitHub-Copilot-API-Demo.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,23 +18,29 @@ Update "TOKEN" under the Authentication tab with the token you created in the [C

![postman token update](../docs/images/Telemetry/postman-update-token.png)

Update the variables "ORG" and "USERNAME" under the Variables tab with your organization name and your GitHub username you want to view.
Update the variables "ORG" and "USERNAME" under the Variables tab with your organization name and your GitHub username you want to view. "ENTERPRISE" if you want to view usage for an enterprise account.

![postman variable update](../docs/images/Telemetry/postman-update-variables.png)

### Step 2: Demo the Copilot REST API _Get Org Seat Information_
### Step 2: Demo the Copilot REST API _Get Org Usage Information_

Double click on "Get Org Usage Information" to open the request. Click "Send" to send the request.

![Get Org Usage Information](../docs/images/Telemetry/get-org-usage-information.png)

### Step 3: Demo the Copilot REST API _Get Org Seat Information_

Double click on "Get Org Seat Information" to open the request. Click "Send" to send the request.

![Get Org Seat Information](../docs/images/Telemetry/get-org-seat-information.png)

### Step 3: Demo the Copilot REST API _List Org Seat Assignments_
### Step 4: Demo the Copilot REST API _List Org Seat Assignments_

Double click on "List Org Seat Assignments" to open the request. Click "Send" to send the request.

![List Org Seat Assignments](../docs/images/Telemetry/list-org-seat-assignments.png)

### Step 4: Demo the Copilot REST API _Get Seat for a User_
### Step 5: Demo the Copilot REST API _Get Seat for a User_

Double click on "Get Seat for a User" to open the request. Click "Send" to send the request.

Expand Down
3 changes: 1 addition & 2 deletions Demo2-Telemetry/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,7 @@ Step One: [Setup Postman](postman-setup-info/postman-collection-setup.md)

Step Two: [Demo Copilot API](GitHub-Copilot-API-Demo.md)


### Collections
### Collections

- [GitHub v3 REST APIs](postman-setup-info/GitHub-v3-REST-API.postman_collection.json)
- [GitHub Copilot REST APIs](postman-setup-info/GitHubCopilotAPI.postman_collection.json)
Original file line number Diff line number Diff line change
@@ -1,12 +1,51 @@
{
"info": {
"_postman_id": "ac350d03-c04a-497e-8c3d-48cda67500d8",
"_postman_id": "ff194d7e-adf0-4ee2-9fae-07223e43812a",
"name": "GitHub Copilot API",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "23948556",
"_collection_link": "https://warped-resonance-718170.postman.co/workspace/New-Team-Workspace~8b7cd40b-aab9-4298-b6e3-921cbe93bba4/collection/23948556-ac350d03-c04a-497e-8c3d-48cda67500d8?action=share&source=collection_link&creator=23948556"
"_exporter_id": "17175297"
},
"item": [
{
"name": "Get Org Usage",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "{{url}}/orgs/{{org}}/copilot/usage",
"host": [
"{{url}}"
],
"path": [
"orgs",
"{{org}}",
"copilot",
"usage"
]
}
},
"response": []
},
{
"name": "Get Enterprise Usage",
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "{{url}}/enterprises/{{enterprise}}/copilot/usage",
"host": [
"{{url}}"
],
"path": [
"enterprises",
"{{enterprise}}",
"copilot",
"usage"
]
}
},
"response": []
},
{
"name": "Get Org Seat Information",
"request": {
Expand Down Expand Up @@ -175,7 +214,7 @@
"bearer": [
{
"key": "token",
"value": "TOKEN",
"value": "{{collection-auditing-pat}}",
arilivigni marked this conversation as resolved.
Show resolved Hide resolved
"type": "string"
}
]
Expand Down Expand Up @@ -203,7 +242,7 @@
"variable": [
{
"key": "org",
"value": "ORGNAME",
"value": "ORG",
"type": "string"
},
{
Expand All @@ -215,6 +254,11 @@
"key": "username",
"value": "USERNAME",
"type": "string"
},
{
"key": "enterprise",
"value": "ENTERPRISE",
"type": "string"
}
]
}
2 changes: 1 addition & 1 deletion Demo3-Data-Privacy/README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# Copilot Administration & Security - Demo: Data Privacy

## Overview
## Overview
3 changes: 1 addition & 2 deletions Demo3-Data-Privacy/copilot-transcript-sql.md
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ whats the difference, interms of security, between an SQL Statement and a Prepar

In terms of security, there are a few key differences between a SQL statement and a prepared statement:

1. SQL Injection Protection: Prepared statements provide built-in protection against SQL injection attacks. With a prepared statement, the SQL query is precompiled and the query parameters are treated as separate entities, preventing malicious input from altering the structure of the query. This helps to mitigate the risk of SQL injection vulnerabilities.
1. SQL Injection Protection: Prepared statements provide built-in protection against SQL injection attacks. With a prepared statement, the SQL query is precompiled and the query parameters are treated as separate entities, preventing malicious input from altering the structure of the query. This helps to mitigate the risk of SQL injection vulnerabilities.

2. Parameterized Queries: Prepared statements use parameterized queries, where the query parameters are represented by placeholders in the SQL statement. The actual parameter values are then bound to these placeholders at runtime. This separation of the query logic from the data values helps to ensure that user input is properly sanitized and prevents unauthorized access to the underlying database.

Expand Down Expand Up @@ -142,4 +142,3 @@ Securing a Java application that interacts with a database involves implementing
1. Regularly Perform Security Audits and Penetration Testing: Conduct regular security audits and penetration testing to identify and address any vulnerabilities in your application and database configuration. This helps ensure that your security measures are effective and up to date.

Remember that security is an ongoing process, and it's important to stay informed about the latest security best practices and vulnerabilities relevant to your specific database technology and application stack.

Original file line number Diff line number Diff line change
Expand Up @@ -2,91 +2,83 @@

![abelberhane](../docs/images/abelberhane.png)

Examples by [@abelberhane](https://www.github.com/abelberhane)
Examples by [@abelberhane](https://www.github.com/abelberhane)

---
<!-- markdownlint-disable MD033 -->
## SQL Injection Vulnerability

<br><br><br>

# SQL Injection Vulnerability

## Incomplete Code Fragment (Python) <img width="50px" src="../docs/images/python-logo.png">
### Incomplete Code Fragment (Python) #1 <img width="50px" src="../docs/images/python-logo.png" alt="Python">

```python
def get_user_data(user_id): query = "SELECT * FROM users WHERE id = " + user_id # ... database query execution
```

### Copilot's Contribution
#### Copilot's Contribution #1

>Copilot can recognize that concatenating a variable directly into a SQL query string is a common pattern leading to SQL injection vulnerabilities. It might suggest a modification using parameterized queries or ORM (Object-Relational Mapping) methods to prevent such issues.

### Suggested Code
#### Suggested Code #1

```python
def get_user_data(user_id): query = "SELECT * FROM users WHERE id = %s" params = (user_id,) # ... database query execution with parameters...
```

---

<br><br><br>

# Cross-Site Scripting (XSS) in Web Applications
## Cross-Site Scripting (XSS) in Web Applications

## Incomplete Code Fragment (JavaScript) <img width="40px" src="../docs/images/node-js.png">
### Incomplete Code Fragment (JavaScript) #2 <img width="40px" src="../docs/images/node-js.png" alt="NodeJS">

```javascript
app.get('/search', function(req, res) { var searchTerm = req.query.term; res.send('Results for: ' + searchTerm); });
```

### Copilot's Contribution
#### Copilot's Contribution #2

>Recognizing the pattern of directly including user input in the response, Copilot might suggest sanitizing the input or encoding the output to prevent XSS attacks.

### Suggested Code
#### Suggested Code #2

```javascript
app.get('/search', function(req, res) { var searchTerm = escape(req.query.term); res.send('Results for: ' + searchTerm); });
```

---

<br><br><br>
## Insecure Password Storage

# Insecure Password Storage

## Incomplete Code Fragment (JavaScript) <img width="40px" src="../docs/images/node-js.png">
### Incomplete Code Fragment (JavaScript) #3 <img width="40px" src="../docs/images/node-js.png" alt="NodeJS">

```javascript
function storeUser(username, password) { // Code to store username and password directly in the database }
```

### Copilot's Contribution
#### Copilot's Contribution #3

>Identifying the pattern of insecure password handling, Copilot could suggest implementing hashing with a strong algorithm like bcrypt before storing passwords.

### Suggested Code
#### Suggested Code #3

```javascript
const bcrypt = require('bcrypt'); function storeUser(username, password) { const salt = bcrypt.genSaltSync(10); const hash = bcrypt.hashSync(password, salt); // Code to store username and hashed password in the database }
```

---

<br><br><br>

# Inadequate Encryption Use
## Inadequate Encryption Use

## Incomplete Code Fragment (Python) <img width="50px" src="../docs/images/python-logo.png">
### Incomplete Code Fragment (Python) #4 <img width="50px" src="../docs/images/python-logo.png" alt="Python">

```python
from Crypto.Cipher import AES import os def encrypt_message(message): key = os.urandom(16) # 16-byte key cipher = AES.new(key, AES.MODE_ECB) # ...
```

## Copilot's Contribution:
#### Copilot's Contribution Python #4

>In this case, Copilot might highlight the use of ECB mode, which is generally considered insecure for encryption, and suggest using a more secure mode like CBC or GCM.

## Suggested Code:
#### Suggested Code Python #4

```python
from Crypto.Cipher import AES import os def encrypt_message(message): key = os.urandom(16) # 16-byte key cipher = AES.new(key, AES.MODE_CBC, iv) # ...
Expand Down
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
![copilot-logo-medium](https://github.com/copilot-training-pex/copilot-administration-security/assets/863198/33082dfb-d2f7-46ed-b86d-b72ba9d11437)

# Copilot Administration & Security - Training Demo Material
# ![copilot logo](/docs/images/copilot-icon-s.png) Copilot Administration & Security - Training Demo Material

Complementary course material for the Copilot Administration & Security training (L200)
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/postman-collection-set-variables.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.