Skip to content

Commit

Permalink
fix(secrets): display alert locations
Browse files Browse the repository at this point in the history 
- shows correct file paths and line numbers
- removed spacing around arrows
  • Loading branch information
@scriptprivate
scriptprivate authored Sep 10, 2024
1 parent 8f59a4e commit 99613c2
Showing 1 changed file with 21 additions and 16 deletions.
37 changes: 21 additions & 16 deletions lib/SecurityGate/Engine/Secrets.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,43 +8,48 @@ package SecurityGate::Engine::Secrets {
my ($class, $token, $repository, $severity_limits) = @_;

my $endpoint = "https://api.github.com/repos/$repository/secret-scanning/alerts";
my $userAgent = Mojo::UserAgent -> new();
my $request = $userAgent -> get($endpoint, {Authorization => "Bearer $token"}) -> result();
my $userAgent = Mojo::UserAgent->new();
my $request = $userAgent->get($endpoint, {Authorization => "Bearer $token"})->result();

if ($request -> code() == 200) {
my $data = $request -> json();
if ($request->code() == 200) {
my $data = $request->json();
my $open_alerts = 0;
my @alert_details;

foreach my $alert (@$data) {
if ($alert -> {state} eq "open") {
if ($alert->{state} eq "open") {
$open_alerts++;

my $locations_endpoint = "https://api.github.com/repos/$repository/secret-scanning/alerts/$alert -> {number}/locations";
my $locations_request = $userAgent -> get($locations_endpoint, {Authorization => "Bearer $token"}) -> result();
my $locations_endpoint = "https://api.github.com/repos/$repository/secret-scanning/alerts/" . $alert->{number} . "/locations";
my $locations_request = $userAgent->get($locations_endpoint, {Authorization => "Bearer $token"})->result();

if ($locations_request -> code() == 200) {
my $locations = $locations_request -> json();
if ($locations_request->code() == 200) {
my $locations = $locations_request->json();

push @alert_details, {
alert_number => $alert -> {number},
alert_number => $alert->{number},
locations => $locations,
};
}
}
}

print "[!] Total of open secret scanning alerts: $open_alerts\n";
print "\n[!] Total of open secret scanning alerts: $open_alerts\n\n";

foreach my $detail (@alert_details) {
print "[-] Alert " . $detail -> {alert_number} . " found in the following locations:\n";
print "[-] Alert " . $detail->{alert_number} . " found in the following locations:\n";

foreach my $location (@{$detail -> {locations}}) {
print " File: " . $location -> {path} . ", Start line: " . $location -> {start_line} . "\n";
foreach my $location (@{$detail->{locations}}) {
my $file_path = $location->{details}->{path} // 'Unknown file';
my $start_line = $location->{details}->{start_line} // 'Unknown line';

print " File: $file_path, Start line: $start_line\n";
}
}

my $threshold = $severity_limits -> {high};
print "\n";

my $threshold = $severity_limits->{high};
if ($open_alerts > $threshold) {
print "[+] More than $threshold secret scanning alerts found. Blocking pipeline.\n";
return 1;
Expand All @@ -57,7 +62,7 @@ package SecurityGate::Engine::Secrets {
}

else {
print "Error: Unable to fetch secret scanning alerts. HTTP status code: " . $request -> code() . "\n";
print "Error: Unable to fetch secret scanning alerts. HTTP status code: " . $request->code() . "\n";
return 1;
}
}
Expand Down

0 comments on commit 99613c2

Please sign in to comment.