Skip to content

Commit

Permalink
feat(secrets): add severity threshold and improve output formatting
Browse files Browse the repository at this point in the history
  • Loading branch information
@scriptprivate
scriptprivate authored Aug 29, 2024
1 parent 975f42c commit 7861aa5
Showing 1 changed file with 44 additions and 43 deletions.
87 changes: 44 additions & 43 deletions lib/SecurityGate/Engine/Secrets.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,61 +5,62 @@ package SecurityGate::Engine::Secrets {
use Mojo::JSON;

sub new {
my ($class, $token, $repository) = @_;
my ($class, $token, $repository, $severity_limits) = @_;

my $endpoint = "https://api.github.com/repos/$repository/secret-scanning/alerts";
my $userAgent = Mojo::UserAgent -> new();
my $request = $userAgent -> get($endpoint, {Authorization => "Bearer $token"}) -> result();
my $endpoint = "https://api.github.com/repos/$repository/secret-scanning/alerts";
my $userAgent = Mojo::UserAgent -> new();
my $request = $userAgent -> get($endpoint, {Authorization => "Bearer $token"}) -> result();

if ($request -> code() == 200) {
my $data = $request -> json();
my $open_alerts = 0;
my @alert_details;
if ($request -> code() == 200) {
my $data = $request -> json();
my $open_alerts = 0;
my @alert_details;

foreach my $alert (@$data) {
if ($alert -> {state} eq "open") {
$open_alerts++;
foreach my $alert (@$data) {
if ($alert -> {state} eq "open") {
$open_alerts++;

my $locations_endpoint = "https://api.github.com/repos/$repository/secret-scanning/alerts/$alert -> {number}/locations";
my $locations_request = $userAgent -> get($locations_endpoint, {Authorization => "Bearer $token"}) -> result();
my $locations_endpoint = "https://api.github.com/repos/$repository/secret-scanning/alerts/$alert -> {number}/locations";
my $locations_request = $userAgent -> get($locations_endpoint, {Authorization => "Bearer $token"}) -> result();

if ($locations_request -> code() == 200) {
my $locations = $locations_request -> json();

push @alert_details, {
alert_number => $alert -> {number},
locations => $locations,
};
if ($locations_request -> code() == 200) {
my $locations = $locations_request -> json();

push @alert_details, {
alert_number => $alert -> {number},
locations => $locations,
};
}
}
}
}
}

if ($open_alerts > 0) {
print "[!] Total of open secret scanning alerts: $open_alerts\n";

foreach my $detail (@alert_details) {
print "[-] Alert $detail -> {alert_number} found in the following locations:\n";

foreach my $location (@{$detail -> {locations}}) {
print " File: $location -> {path}, Start line: $location -> {start_line}\n";
print "[!] Total of open secret scanning alerts: $open_alerts\n";

foreach my $detail (@alert_details) {
print "[-] Alert " . $detail -> {alert_number} . " found in the following locations:\n";

foreach my $location (@{$detail -> {locations}}) {
print " File: " . $location -> {path} . ", Start line: " . $location -> {start_line} . "\n";
}
}
}

print "[+] Secret scanning alert(s) found. Blocking pipeline.\n";
return 1;
my $threshold = $severity_limits -> {high};
if ($open_alerts > $threshold) {
print "[+] More than $threshold secret scanning alerts found. Blocking pipeline.\n";
return 1;
}

else {
print "[-] Number of secret scanning alerts ($open_alerts) is within the acceptable limit ($threshold).\n";
return 0;
}
}

else {
print "[-] No secret scanning alerts found.\n";
return 0;
print "Error: Unable to fetch secret scanning alerts. HTTP status code: " . $request -> code() . "\n";
return 1;
}
}

else {
print "Error: Unable to fetch secret scanning alerts. HTTP status code: " . $request -> code() . "\n";
return 1;
}
}
}
}

1;
1;

0 comments on commit 7861aa5

Please sign in to comment.