fix

AdnaneKhan · Apr 24, 2024 · 1307650 · 1307650
1 parent bbb3a90
commit 1307650
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/gato/enumerate/repository.py b/gato/enumerate/repository.py
@@ -7,6 +7,7 @@
 from gato.github import Api
 from gato.workflow_parser import WorkflowParser
 from gato.caching import CacheManager
+from gato.notifications import send_slack_webhook
 
 
 logger = logging.getLogger(__name__)
@@ -138,7 +139,7 @@ def __perform_yml_enumeration(self, repository: Repository):
                 self_hosted_jobs = parsed_yml.self_hosted()
                 wf_injection = parsed_yml.check_injection()
                 pwn_reqs = parsed_yml.check_pwn_request()
-                composites = parsed_yml.extract_composite_actions()
+                #composites = parsed_yml.extract_composite_actions()
 
                 workflow_url = f"{repository.repo_data['html_url']}/blob/{repository.repo_data['default_branch']}/.github/workflows/{parsed_yml.wf_name}"
 
@@ -169,7 +170,12 @@ def __perform_yml_enumeration(self, repository: Repository):
                     injection_package = self.__create_info_package(parsed_yml.wf_name,workflow_url, wf_injection, rules)
                     repository.set_injection(injection_package)
                 if pwn_reqs and not skip_checks:
+
                     pwn_request_package = self.__create_info_package(parsed_yml.wf_name,workflow_url, pwn_reqs, rules)
+                    commit_date, author = self.api.get_file_last_updated(repository.name, ".github/workflows/" + parsed_yml.wf_name)
+                    print(commit_date)
+                    if self.is_within_last_day(commit_date) and '[bot]' not in author:
+                        send_slack_webhook(pwn_request_package)
                     repository.set_pwn_request(pwn_request_package)
 
                 if self_hosted_jobs: