-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding adhoc GitHub script #56
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks great so far!! 💯
has_results = any([ | ||
line | ||
for line in f.getvalue().splitlines() | ||
if 'True' in line.split(':')[1] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Could add # For e.g. 'SomeDetector : Bool' output
|
||
|
||
def _parse_comment(body: Dict[str, Any]) -> Tuple[str, str]: | ||
if body.get('action', 'created') == 'deleted': |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could be wrong, but I don't think this does what you want it to.
'created' is the return value of .get if 'action' is not a present key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that's accurate. Some comments don't have action
on them, and we want to scan the contents as default behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess my feedback is since 'created' == 'deleted'
will always be false, it feels weird, but not a strong opinion.
raise KeyError | ||
|
||
# NOTE: Explicitly ignoring the issue "title" here, because | ||
# I trust developers enough (hopefully, not famous last words). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 😄
re: regular We can add a ref to this additional functionality to the |
5e4a4c4
to
5814ee5
Compare
5814ee5
to
6c3515f
Compare
Summary
Accidents happen. Sometimes, people write secrets in form fields on Github. However, organizations who subscribe to Github webhooks can scan these fields for secrets, and alert off them appropriately.
This adhoc script enables this functionality, by doing:
I'm uncertain whether this should live in
detect-secrets-server
ordetect-secrets
-- I'm open to suggestions for that.This makes
python-crontab
an optional dependency. This is because this PR introduces the idea of usingdetect-secrets-server
as a standalone package, that doesn't need to use cron to auto scan repositories.To address this, I've modified the README to indicate the non-breaking install instruction. However, this will also allow us to install
detect-secrets-server
with less bloat.This also depends on Yelp/detect-secrets#287, so I need to perform the appropriate version bumps for necessary tests to pass. However, I thought I'd post the review early on to get comments on it first.