Coder Social home page Coder Social logo

ghastoolkit's People

Contributors

arbitraryrw avatar ctcampbell avatar dependabot[bot] avatar geekmasher avatar pradoxzon avatar pritchyspritch avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

zzhsec arbitraryrw pritchyspritch pradoxzon samyaza-geek

ghastoolkit's Issues

CreatedAt always returning None for dependabot alerts

I've raised an issue on the policy-as-code repo but while writing it up I realised the issue might actually be in this library rather than with PaC, so I thought I'd link it here, please refer for further details: advanced-security/policy-as-code#21

For a private repository I've run this for, it appears the dependencyalert createdAt function is returning None for all of my alerts. I've checked the graphql request manually, and it definitely has correct dates, so i think it might be a bug in the logic within this function.

Example script:

from ghastoolkit.octokit.dependabot import Dependabot
from ghastoolkit.octokit.github import GitHub

import os

GitHub.init("owner/repo")

__HERE__ = os.path.dirname(os.path.realpath(__file__))
GRAPHQL_QUERIES = [os.path.join(__HERE__, "octokit", "graphql")]

dependabot = Dependabot()

dependabot.graphql.loadQueries(GRAPHQL_QUERIES)

alerts = dependabot.getAlerts()

for alert in alerts:
    alert_creation_time = alert.createdAt()

    print(alert_creation_time)

print(alerts)

This is using your query: https://github.com/GeekMasher/ghastoolkit/blob/main/src/ghastoolkit/octokit/graphql/GetDependencyAlerts.graphql

It returns as below:

None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
[DependencyAlert(severity='LOW', advisory=Advisory(ghsa_id='GHSA-gxpj-cx7g-858c', severity='LOW', summary=None, url=None, cwes=[]), purl='pkg:npm/debug', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-gwg9-rgvj-4h5j', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:npm/morgan', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-82v2-mx6x-wq7q', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:npm/log4js', created_at=None), DependencyAlert(severity='CRITICAL', advisory=Advisory(ghsa_id='GHSA-phwq-j96m-2c2q', severity='CRITICAL', summary=None, url=None, cwes=[]), purl='pkg:npm/ejs', created_at=None), DependencyAlert(severity='HIGH', advisory=Advisory(ghsa_id='GHSA-9vvw-cc9w-f27h', severity='HIGH', summary=None, url=None, cwes=[]), purl='pkg:npm/debug', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-3m2r-q8x3-xmf7', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:nuget/microsoft.aspnetcore.all', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-cgpw-2gph-2r9g', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:nuget/microsoft.aspnetcore.all', created_at=None), DependencyAlert(severity='HIGH', advisory=Advisory(ghsa_id='GHSA-3wcj-rg8q-9cqv', severity='HIGH', summary=None, url=None, cwes=[]), purl='pkg:nuget/microsoft.aspnetcore.all', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-3m2r-q8x3-xmf7', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:nuget/microsoft.aspnetcore.all', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-cgpw-2gph-2r9g', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:nuget/microsoft.aspnetcore.all', created_at=None), DependencyAlert(severity='HIGH', advisory=Advisory(ghsa_id='GHSA-5crp-9r3c-p9vr', severity='HIGH', summary=None, url=None, cwes=[]), purl='pkg:nuget/newtonsoft.json', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-45q2-34rf-mr94', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:npm/mquery', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-p92x-r36w-9395', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:npm/mpath', created_at=None), DependencyAlert(severity='HIGH', advisory=Advisory(ghsa_id='GHSA-hrpp-h998-j3pp', severity='HIGH', summary=None, url=None, cwes=[]), purl='pkg:npm/qs', created_at=None), DependencyAlert(severity='HIGH', advisory=Advisory(ghsa_id='GHSA-f825-f98c-gj3g', severity='HIGH', summary=None, url=None, cwes=[]), purl='pkg:npm/mongoose', created_at=None), DependencyAlert(severity='MODERATE', advisory=Advisory(ghsa_id='GHSA-c2qf-rxjj-qqgw', severity='MODERATE', summary=None, url=None, cwes=[]), purl='pkg:npm/semver', created_at=None)]

Dependency Graph - getOrganizationDependencies filters

It would be great to have an easy way to filter out certain repos based on a criteria.

Ideas:

  • Language(s)
  • Team(s)
  • Name wildcard

Example:

from ghastoolkit import GitHub, DependencyGraph

# languages
depgraph.getOrganizationDependencies(languages=["csharp"])

# or teams
depgraph.getOrganizationDependencies(teams=["security"])

# or name
depgraph.getOrganizationDependencies(names=["sec*"])

CodeScanning.getAlerts() returns wrong data type

Currently CodeScanning.getAlerts() (octokit/codescanning.py on line 94) returns a list[dict] instead of the expected list[CodeAlert]. This causes any usage that expects CodeAlert objects to fail. For example, when Policy as Code attempts to access CodeAlert properties in checks.py starting on line 89, an exception is raised since a 'dict' object does not have those properties.

It looks like this may have been introduced with the changes to CodeScanning.getAlerts() in commit 88195cc.

Example of the error when this happens:
image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.