Skip to content

Commit

Permalink
refactor: restructure main script to use new modules
Browse files Browse the repository at this point in the history
  • Loading branch information
@scriptprivate
scriptprivate authored Aug 19, 2024
1 parent ee6bb66 commit af3b701
Showing 1 changed file with 13 additions and 73 deletions.
86 changes: 13 additions & 73 deletions security-gate.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,102 +3,42 @@
use 5.030;
use strict;
use warnings;
use lib "./lib/";
use SecurityGate::Engine::Dependencies qw(@SEVERITIES);
use SecurityGate::Utils::Helper;
use Getopt::Long;
use Mojo::JSON;
use Mojo::UserAgent;

sub main {
my ($token, $repository, @severity);
my @severities = ("critical", "high", "medium", "low");
my ($token, $repository, $dependency_alerts);

my %severity_counts = (
critical => 0,
high => 0,
medium => 0,
low => 0
);

my %severity_limits = (
critical => 0,
high => 0,
medium => 0,
low => 0
);
my %severity_limits = map { $_ => 0 } @SEVERITIES;

Getopt::Long::GetOptions(
"t|token=s" => \$token,
"r|repo=s" => \$repository,
"c|critical=i" => \$severity_limits{critical},
"h|high=i" => \$severity_limits{high},
"m|medium=i" => \$severity_limits{medium},
"l|low=i" => \$severity_limits{low}
"l|low=i" => \$severity_limits{low},
"dependency-alerts" => \$dependency_alerts
);

if ($token && $repository) {
my $endpoint = "https://api.github.com/repos/$repository/dependabot/alerts";
my $userAgent = Mojo::UserAgent -> new();
my $request = $userAgent -> get($endpoint, {Authorization => "Bearer $token"}) -> result();

if ($request -> code() == 200) {
my $data = $request -> json();

foreach my $alert (@$data) {
if ($alert -> {state} eq "open") {
my $severity = $alert -> {security_vulnerability} -> {severity};
$severity_counts{$severity}++;
}
}

print "[!] Total of security alerts:\n\n";

foreach my $severity (@severities) {
print "[-] $severity: $severity_counts{$severity}\n";
}

print "\n";

print "Debug: Severity counts: " . join(", ", map {"$_: $severity_counts{$_}"} @severities) . "\n";
print "Debug: Severity limits: " . join(", ", map {"$_: $severity_limits{$_}"} @severities) . "\n";

my $threshold_exceeded = 0;
foreach my $severity (@severities) {
print "Debug: Checking $severity - Count: $severity_counts{$severity}, Limit: $severity_limits{$severity}\n";
if ($severity_counts{$severity} > $severity_limits{$severity}) {
print "[+] More than $severity_limits{$severity} $severity security alerts found.\n";
$threshold_exceeded = 1;
}
}

print "Debug: Threshold exceeded: $threshold_exceeded\n";
my $result = 0;

if ($threshold_exceeded) {
print "Finalizing the process with error.\n";
return 1;
}
if ($dependency_alerts) {
$result = SecurityGate::Engine::Dependencies -> new($token, $repository, \%severity_limits);
}

else {
print "Error: Unable to fetch alerts. HTTP status code: " . $request->code() . "\n";
return 1;
print "No alerts type specified. Use --dependency-alerts to check for dependency alerts.\n";
}

return 0;
return $result;
}

else {
print "
\rSecurity Gate v0.0.3
\rCore Commands
\r==============
\r\tCommand Description
\r\t------- -----------
\r\t-t, --token GitHub token
\r\t-r, --repo GitHub repository
\r\t-c, --critical Critical severity limit
\r\t-h, --high High severity limit
\r\t-m, --medium Medium severity limit
\r\t-l, --low Low severity limit
\n";
print SecurityGate::Utils::Helper -> new();

return 1;
}
Expand Down

0 comments on commit af3b701

Please sign in to comment.