feat(dependencies): add Dependencies module for dependency alert proc…

…essing
instriq · Aug 19, 2024 · 962b4f1 · 962b4f1
1 parent afdd477
commit 962b4f1
Showing 1 changed file with 56 additions and 0 deletions.
diff --git a/lib/SecurityGate/Engine/Dependencies.pm b/lib/SecurityGate/Engine/Dependencies.pm
@@ -0,0 +1,56 @@
+package SecurityGate::Engine::Dependencies;
+
+use strict;
+use warnings;
+use Mojo::UserAgent;
+use Mojo::JSON;
+use Exporter 'import';
+
+our @EXPORT_OK = qw(@SEVERITIES);
+our @SEVERITIES = ("critical", "high", "medium", "low");
+
+sub new {
+    my ($class, $token, $repository, $severity_limits) = @_;
+
+    my %severity_counts = map { $_ => 0 } @SEVERITIES;
+
+    my $endpoint = "https://api.github.com/repos/$repository/dependabot/alerts";
+    my $userAgent = Mojo::UserAgent -> new();
+    my $request = $userAgent -> get($endpoint, {Authorization => "Bearer $token"}) -> result();
+
+    if ($request -> code() == 200) {
+        my $data = $request -> json();
+
+        foreach my $alert (@$data) {
+            if ($alert -> {state} eq "open") {
+                my $severity = $alert -> {security_vulnerability} -> {severity};
+                $severity_counts{$severity}++;
+            }
+        }
+
+        print "[!] Total of security alerts:\n\n";
+
+        foreach my $severity (@SEVERITIES) {
+            print "[-] $severity: $severity_counts{$severity}\n";
+        }
+
+        print "\n";
+
+        my $threshold_exceeded = 0;
+        foreach my $severity (@SEVERITIES) {
+            if ($severity_counts{$severity} > $severity_limits -> {$severity}) {
+                print "[+] More than $severity_limits -> {$severity} $severity security alerts found.\n";
+                $threshold_exceeded = 1;
+            }
+        }
+
+        return $threshold_exceeded;
+    }
+
+    else {
+        print "Error: Unable to fetch alerts. HTTP status code: " . $request -> code() . "\n";
+        return 1;
+    }
+}
+
+1;