secret_scanning.go

Documentation: github.com/google/go-github/v47/github

     1  // Copyright 2022 The go-github AUTHORS. All rights reserved.
     2  //
     3  // Use of this source code is governed by a BSD-style
     4  // license that can be found in the LICENSE file.
     5  
     6  package github
     7  
     8  import (
     9  	"context"
    10  	"fmt"
    11  )
    12  
    13  // SecretScanningService handles communication with the secret scanning related
    14  // methods of the GitHub API.
    15  type SecretScanningService service
    16  
    17  // SecretScanningAlert represents a GitHub secret scanning alert.
    18  type SecretScanningAlert struct {
    19  	Number       *int       `json:"number,omitempty"`
    20  	CreatedAt    *Timestamp `json:"created_at,omitempty"`
    21  	URL          *string    `json:"url,omitempty"`
    22  	HTMLURL      *string    `json:"html_url,omitempty"`
    23  	LocationsURL *string    `json:"locations_url,omitempty"`
    24  	State        *string    `json:"state,omitempty"`
    25  	Resolution   *string    `json:"resolution,omitempty"`
    26  	ResolvedAt   *Timestamp `json:"resolved_at,omitempty"`
    27  	ResolvedBy   *User      `json:"resolved_by,omitempty"`
    28  	SecretType   *string    `json:"secret_type,omitempty"`
    29  	Secret       *string    `json:"secret,omitempty"`
    30  }
    31  
    32  // SecretScanningAlertLocation represents the location for a secret scanning alert.
    33  type SecretScanningAlertLocation struct {
    34  	Type    *string                             `json:"type,omitempty"`
    35  	Details *SecretScanningAlertLocationDetails `json:"details,omitempty"`
    36  }
    37  
    38  // SecretScanningAlertLocationDetails represents the location details for a secret scanning alert.
    39  type SecretScanningAlertLocationDetails struct {
    40  	Path        *string `json:"path,omitempty"`
    41  	Startline   *int    `json:"start_line,omitempty"`
    42  	EndLine     *int    `json:"end_line,omitempty"`
    43  	StartColumn *int    `json:"start_column,omitempty"`
    44  	EndColumn   *int    `json:"end_column,omitempty"`
    45  	BlobSHA     *string `json:"blob_sha,omitempty"`
    46  	BlobURL     *string `json:"blob_url,omitempty"`
    47  	CommitSHA   *string `json:"commit_sha,omitempty"`
    48  	CommitURL   *string `json:"commit_url,omitempty"`
    49  }
    50  
    51  // SecretScanningAlertListOptions specifies optional parameters to the SecretScanningService.ListAlertsForEnterprise method.
    52  type SecretScanningAlertListOptions struct {
    53  	// State of the secret scanning alerts to list. Set to open or resolved to only list secret scanning alerts in a specific state.
    54  	State string `url:"state,omitempty"`
    55  
    56  	// A comma-separated list of secret types to return. By default all secret types are returned.
    57  	SecretType string `url:"secret_type,omitempty"`
    58  
    59  	// A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed.
    60  	// Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests.
    61  	Resolution string `url:"resolution,omitempty"`
    62  
    63  	ListCursorOptions
    64  
    65  	// List options can vary on the Enterprise type.
    66  	// On Enterprise Cloud, Secret Scan alerts support requesting by page number
    67  	// along with providing a cursor for an "after" param.
    68  	// See: https://docs.github.com/en/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization
    69  	// Whereas on Enterprise Server, pagination is by index.
    70  	// See: https://docs.github.com/en/enterprise-server@3.6/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization
    71  	ListOptions
    72  }
    73  
    74  // SecretScanningAlertUpdateOptions specifies optional parameters to the SecretScanningService.UpdateAlert method.
    75  type SecretScanningAlertUpdateOptions struct {
    76  	// Required. Sets the state of the secret scanning alert. Can be either open or resolved.
    77  	// You must provide resolution when you set the state to resolved.
    78  	State *string `url:"state,omitempty"`
    79  
    80  	// A comma-separated list of secret types to return. By default all secret types are returned.
    81  	SecretType *string `url:"secret_type,omitempty"`
    82  
    83  	// Required when the state is resolved. The reason for resolving the alert. Can be one of false_positive,
    84  	// wont_fix, revoked, or used_in_tests.
    85  	Resolution *string `url:"resolution,omitempty"`
    86  }
    87  
    88  // Lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest.
    89  //
    90  // To use this endpoint, you must be a member of the enterprise, and you must use an access token with the repo scope or
    91  // security_events scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager.
    92  //
    93  // GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#list-secret-scanning-alerts-for-an-enterprise
    94  func (s *SecretScanningService) ListAlertsForEnterprise(ctx context.Context, enterprise string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) {
    95  	u := fmt.Sprintf("enterprises/%v/secret-scanning/alerts", enterprise)
    96  	u, err := addOptions(u, opts)
    97  	if err != nil {
    98  		return nil, nil, err
    99  	}
   100  
   101  	req, err := s.client.NewRequest("GET", u, nil)
   102  	if err != nil {
   103  		return nil, nil, err
   104  	}
   105  
   106  	var alerts []*SecretScanningAlert
   107  	resp, err := s.client.Do(ctx, req, &alerts)
   108  	if err != nil {
   109  		return nil, resp, err
   110  	}
   111  
   112  	return alerts, resp, nil
   113  }
   114  
   115  // Lists secret scanning alerts for eligible repositories in an organization, from newest to oldest.
   116  //
   117  // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
   118  // the repo scope or security_events scope.
   119  //
   120  // GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#list-secret-scanning-alerts-for-an-organization
   121  func (s *SecretScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) {
   122  	u := fmt.Sprintf("orgs/%v/secret-scanning/alerts", org)
   123  	u, err := addOptions(u, opts)
   124  	if err != nil {
   125  		return nil, nil, err
   126  	}
   127  
   128  	req, err := s.client.NewRequest("GET", u, nil)
   129  	if err != nil {
   130  		return nil, nil, err
   131  	}
   132  
   133  	var alerts []*SecretScanningAlert
   134  	resp, err := s.client.Do(ctx, req, &alerts)
   135  	if err != nil {
   136  		return nil, resp, err
   137  	}
   138  
   139  	return alerts, resp, nil
   140  }
   141  
   142  // Lists secret scanning alerts for a private repository, from newest to oldest.
   143  //
   144  // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
   145  // the repo scope or security_events scope.
   146  //
   147  // GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#list-secret-scanning-alerts-for-a-repository
   148  func (s *SecretScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *SecretScanningAlertListOptions) ([]*SecretScanningAlert, *Response, error) {
   149  	u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts", owner, repo)
   150  	u, err := addOptions(u, opts)
   151  	if err != nil {
   152  		return nil, nil, err
   153  	}
   154  
   155  	req, err := s.client.NewRequest("GET", u, nil)
   156  	if err != nil {
   157  		return nil, nil, err
   158  	}
   159  
   160  	var alerts []*SecretScanningAlert
   161  	resp, err := s.client.Do(ctx, req, &alerts)
   162  	if err != nil {
   163  		return nil, resp, err
   164  	}
   165  
   166  	return alerts, resp, nil
   167  }
   168  
   169  // Gets a single secret scanning alert detected in a private repository.
   170  //
   171  // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
   172  // the repo scope or security_events scope.
   173  //
   174  // GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#get-a-secret-scanning-alert
   175  func (s *SecretScanningService) GetAlert(ctx context.Context, owner, repo string, number int64) (*SecretScanningAlert, *Response, error) {
   176  	u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number)
   177  
   178  	req, err := s.client.NewRequest("GET", u, nil)
   179  	if err != nil {
   180  		return nil, nil, err
   181  	}
   182  
   183  	var alert *SecretScanningAlert
   184  	resp, err := s.client.Do(ctx, req, &alert)
   185  	if err != nil {
   186  		return nil, resp, err
   187  	}
   188  
   189  	return alert, resp, nil
   190  }
   191  
   192  // Updates the status of a secret scanning alert in a private repository.
   193  //
   194  // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
   195  // the repo scope or security_events scope.
   196  //
   197  // GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#update-a-secret-scanning-alert
   198  func (s *SecretScanningService) UpdateAlert(ctx context.Context, owner, repo string, number int64, opts *SecretScanningAlertUpdateOptions) (*SecretScanningAlert, *Response, error) {
   199  	u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v", owner, repo, number)
   200  
   201  	req, err := s.client.NewRequest("PATCH", u, opts)
   202  	if err != nil {
   203  		return nil, nil, err
   204  	}
   205  
   206  	var alert *SecretScanningAlert
   207  	resp, err := s.client.Do(ctx, req, &alert)
   208  	if err != nil {
   209  		return nil, resp, err
   210  	}
   211  
   212  	return alert, resp, nil
   213  }
   214  
   215  // Lists all locations for a given secret scanning alert for a private repository.
   216  //
   217  // To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
   218  // the repo scope or security_events scope.
   219  //
   220  // GitHub API docs: https://docs.github.com/en/enterprise-server@3.5/rest/secret-scanning#list-locations-for-a-secret-scanning-alert
   221  func (s *SecretScanningService) ListLocationsForAlert(ctx context.Context, owner, repo string, number int64, opts *ListOptions) ([]*SecretScanningAlertLocation, *Response, error) {
   222  	u := fmt.Sprintf("repos/%v/%v/secret-scanning/alerts/%v/locations", owner, repo, number)
   223  	u, err := addOptions(u, opts)
   224  	if err != nil {
   225  		return nil, nil, err
   226  	}
   227  
   228  	req, err := s.client.NewRequest("GET", u, nil)
   229  	if err != nil {
   230  		return nil, nil, err
   231  	}
   232  
   233  	var locations []*SecretScanningAlertLocation
   234  	resp, err := s.client.Do(ctx, req, &locations)
   235  	if err != nil {
   236  		return nil, resp, err
   237  	}
   238  
   239  	return locations, resp, nil
   240  }
   241
View as plain text