-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Old PAT patterns are not supported #42
Comments
After some research, we found that: That means that for backward compatibility, we need to support either:
The other prefixes ( |
I believe they will @gal-legit . Thanks. |
@carltonmason Great! I'm closing the issue for now.
Or:
|
@gal-legit thank, I just tried and it doesn't complain about my GH token any more. I didn't get any output related to pass or fail though...
|
Hey @carltonmason, |
@noamd-legit Sorry for the delay, I was out on vaca for a few days last week. I can't get it to build now.
|
@carltonmason
p.s. as @noamd-legit mentioned, we plan on releasing an official release once we confirm that it works for you, so you'll be able to take the binaries off-the-shelf. |
@gal-legit thanks, I was able to build everything but, not getting any output:
I tried using a different GHE org and it at least shows "Gathering collection metadata"... but no real report.
|
@carltonmason p.s. feel free to contact us at gal@legitsecurity.com or noam@legitsecurity.com if the logs contain anything confidential. |
OK, getting further now, the error.log was helpful.
I fixed by GITHUB_TOKEN value and can now re-run. Not getting any output to stdout but the error.log contains some hopefully useful content:
|
@carltonmason thanks for sharing the logs. @noamd-legit FYI, I think we can omit it altogether for now since we don't have a policy for that anyway |
Alright, it worked! Finally get to see a report. FYI, contents of error.log below. Note also that our version of GHE doesn't yet support GH Actions.
|
@carltonmason, That's awesome! Thanks for the feedback! We hope that the report was helpful :) p.s. for security reasons, we recommend redacting the names of private repositories in your comment. |
TL;DR
As @carltonmason commented in #10, PATs generated for GHES instances might have a different pattern.
Remove the user-friendly checks (length & the ghp_ prefix) for GHES.
edit:
The issue is not with GHES but with old-style PATs (see comments for more info).
Instead of removing the check, we will just support the older pattern too.
Expected behavior
accept the custom PAT
Observed behavior
No response
Version
v0.1.5
On which operating system are you using legitify?
Linux
Relevant log output
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: