Fix some parsing bugs and misc. cleanup.

AdnaneKhan · Jul 14, 2024 · 1dfde1f · 1dfde1f
1 parent c56675a
commit 1dfde1f
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 10 deletions.
diff --git a/gatox/enumerate/repository.py b/gatox/enumerate/repository.py
@@ -95,10 +95,10 @@ def __is_within_last_day(timestamp_str, format='%Y-%m-%dT%H:%M:%SZ'):
         now = datetime.now()
 
         # Calculate the date 1 days ago
-        seven_days_ago = now - timedelta(days=1)
+        one_day_ago = now - timedelta(days=1)
 
         # Return True if the date is within the last day, False otherwise
-        return seven_days_ago <= date <= now
+        return one_day_ago <= date <= now
 
     @staticmethod
     def __parse_github_path(path):

diff --git a/gatox/github/api.py b/gatox/github/api.py
@@ -802,10 +802,12 @@ def get_recent_workflow(self, repo_name: str, sha: str, file_name: str, time_aft
             repo_name (str): The name of the repository. It should be in the format 'owner/repo'.
             sha (str): The SHA of the commit for which to get the workflow.
             file_name (str): The name of the workflow file (without the .yml extension).
-            time_after (str, optional): A timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. Only show workflows updated after this time.
+            time_after (str, optional): A timestamp in ISO 8601 format: 
+            YYYY-MM-DDTHH:MM:SSZ. Only show workflows updated after this time.
 
         Returns:
-            int: The ID of the workflow if found, 0 if no workflows are found, or -1 if there was an error querying the workflows.
+            int: The ID of the workflow if found, 0 if no workflows are found, or -1 
+            if there was an error querying the workflows.
 
         Raises:
             None

diff --git a/gatox/github/gql_queries.py b/gatox/github/gql_queries.py
@@ -174,7 +174,8 @@ def get_workflow_ymls(repos: list):
 
             top_len = len(repos) if len(repos) < (100 + i*100) else (100 + i*100)
             query = {
-                # We list envs if we have write access (for secrets reasons, otherwise we don't list them)
+                # We list envs if we have write access to one in the set (for secrets
+                # reasons, otherwise we don't list them)
                 "query": GqlQueries.GET_YMLS_ENV if repos[i].can_push() else GqlQueries.GET_YMLS,
                 "variables": {
                     "node_ids": [

diff --git a/gatox/workflow_parser/components/step.py b/gatox/workflow_parser/components/step.py
@@ -54,7 +54,7 @@ def __init__(self, step_data: dict):
         if 'name' in self.step_data:
             self.name = self.step_data['name']
 
-        if 'if' in self.step_data:
+        if 'if' in self.step_data and self.step_data['if']:
             self.if_condition = self.step_data['if'].replace('\n','')
         else:
             self.if_condition = None

diff --git a/gatox/workflow_parser/workflow_parser.py b/gatox/workflow_parser/workflow_parser.py
@@ -336,8 +336,9 @@ def check_injection(self, bypass=False):
 
                 def check_token(token, container):
                     if token.startswith('env.') and token.split('.')[1] in container['env']:
-
-                        if container['env'][token.split('.')[1]] and '${{' in container['env'][token.split('.')[1]]:
+                        value = container['env'][token.split('.')[1]]
+
+                        if value and type(value) not in [int, float] and '${{' in value:
                             return True
                         else:
                             return False

diff --git a/pyproject.toml b/pyproject.toml
@@ -20,7 +20,6 @@ dependencies = [
     "colorama",
     "requests",
     "pyyaml",
-    "packaging",
     "cryptography"
 ]
 
@@ -49,3 +48,4 @@ directory = "cov_html"
 
 [project.scripts]
 gato-x = "gatox.main:entry"
+gatox = "gatox.main:entry"
diff --git a/setup.cfg b/setup.cfg
@@ -2,4 +2,4 @@
 per-file-ignores = __init__.py:F401
 
 [report]
-fail_under = 60
+fail_under = 70