diff --git a/security-gate.pl b/security-gate.pl index d96bcab..7c7f052 100644 --- a/security-gate.pl +++ b/security-gate.pl @@ -3,27 +3,15 @@ use 5.030; use strict; use warnings; +use lib "./lib/"; +use SecurityGate::Engine::Dependencies qw(@SEVERITIES); +use SecurityGate::Utils::Helper; use Getopt::Long; -use Mojo::JSON; -use Mojo::UserAgent; sub main { - my ($token, $repository, @severity); - my @severities = ("critical", "high", "medium", "low"); + my ($token, $repository, $dependency_alerts); - my %severity_counts = ( - critical => 0, - high => 0, - medium => 0, - low => 0 - ); - - my %severity_limits = ( - critical => 0, - high => 0, - medium => 0, - low => 0 - ); + my %severity_limits = map { $_ => 0 } @SEVERITIES; Getopt::Long::GetOptions( "t|token=s" => \$token, @@ -31,74 +19,26 @@ sub main { "c|critical=i" => \$severity_limits{critical}, "h|high=i" => \$severity_limits{high}, "m|medium=i" => \$severity_limits{medium}, - "l|low=i" => \$severity_limits{low} + "l|low=i" => \$severity_limits{low}, + "dependency-alerts" => \$dependency_alerts ); if ($token && $repository) { - my $endpoint = "https://api.github.com/repos/$repository/dependabot/alerts"; - my $userAgent = Mojo::UserAgent -> new(); - my $request = $userAgent -> get($endpoint, {Authorization => "Bearer $token"}) -> result(); - - if ($request -> code() == 200) { - my $data = $request -> json(); - - foreach my $alert (@$data) { - if ($alert -> {state} eq "open") { - my $severity = $alert -> {security_vulnerability} -> {severity}; - $severity_counts{$severity}++; - } - } - - print "[!] Total of security alerts:\n\n"; - - foreach my $severity (@severities) { - print "[-] $severity: $severity_counts{$severity}\n"; - } - - print "\n"; - - print "Debug: Severity counts: " . join(", ", map {"$_: $severity_counts{$_}"} @severities) . "\n"; - print "Debug: Severity limits: " . join(", ", map {"$_: $severity_limits{$_}"} @severities) . "\n"; - - my $threshold_exceeded = 0; - foreach my $severity (@severities) { - print "Debug: Checking $severity - Count: $severity_counts{$severity}, Limit: $severity_limits{$severity}\n"; - if ($severity_counts{$severity} > $severity_limits{$severity}) { - print "[+] More than $severity_limits{$severity} $severity security alerts found.\n"; - $threshold_exceeded = 1; - } - } - - print "Debug: Threshold exceeded: $threshold_exceeded\n"; + my $result = 0; - if ($threshold_exceeded) { - print "Finalizing the process with error.\n"; - return 1; - } + if ($dependency_alerts) { + $result = SecurityGate::Engine::Dependencies -> new($token, $repository, \%severity_limits); } else { - print "Error: Unable to fetch alerts. HTTP status code: " . $request->code() . "\n"; - return 1; + print "No alerts type specified. Use --dependency-alerts to check for dependency alerts.\n"; } - return 0; + return $result; } else { - print " - \rSecurity Gate v0.0.3 - \rCore Commands - \r============== - \r\tCommand Description - \r\t------- ----------- - \r\t-t, --token GitHub token - \r\t-r, --repo GitHub repository - \r\t-c, --critical Critical severity limit - \r\t-h, --high High severity limit - \r\t-m, --medium Medium severity limit - \r\t-l, --low Low severity limit - \n"; + print SecurityGate::Utils::Helper -> new(); return 1; }