diff --git a/README.md b/README.md index 09341cc..7aae8ba 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ Configuration is done through `config.toml`. In this file, you set your `access_ Setting Up the Access Token --------------------------- -You may wish to avoid having the access token in a file. Instead, you can set this value to `env`, and put the access token in the `GITHUB_WATCHER_TOKEN` environment variable. +You may wish to avoid having the access token in a file. Instead, you can set this value to `env` (or leave it blank), and put the access token in the `GITHUB_WATCHER_TOKEN` environment variable. Setting Up the Monitors ----------------------- @@ -91,6 +91,13 @@ To configure Slack/Teams notifications, create the following configuration optio webhook_url='your_webhook_url' ``` +You may supply the webhook URL via the environment variable `SLACK_WEBHOOK_URL`, and setting the requisite value in `config.toml` to `env` or leaving it blank. + +Setting Up the Webhook +---------------------- + +You may choose to pass the Github webhook secret and host via the environment variables `GITHUB_WEBHOOK_SECRET` and `GITHUB_WEBHOOK_HOST`, and setting the corresponding values in `config.toml` to `env` or leaving them blank. + Usage ===== diff --git a/config.py b/config.py index 3e63b76..314fbd0 100644 --- a/config.py +++ b/config.py @@ -21,11 +21,15 @@ def load_file(self, filepath): self._config = toml.load(filepath) self.access_token = self._config['auth']['access_token'] - if self.access_token == 'env': + if self.access_token == 'env' or environ.get('GITHUB_WATCHER_TOKEN') != '': self.access_token = environ.get('GITHUB_WATCHER_TOKEN') self.webhook = self._config['webhook'] - + if self.webhook['secret'] == 'env' or environ.get('GITHUB_WEBHOOK_SECRET') != '': + self.webhook['secret'] = environ.get('GITHUB_WEBHOOK_SECRET') + if self.webhook['host'] == 'env' or environ.get('GITHUB_WEBHOOK_HOST') != '': + self.webhook['host'] = environ.get('GITHUB_WEBHOOK_HOST') + for detector in self._config['detectors']: if detector not in AvailableDetectors: logging.error( diff --git a/config.toml b/config.toml index 7d9f267..a9fc178 100644 --- a/config.toml +++ b/config.toml @@ -5,7 +5,7 @@ detectors = [ ] [auth] -access_token='env' +access_token='' [monitors] organizations = [] diff --git a/notifiers/slack.py b/notifiers/slack.py index c94cb78..236475e 100644 --- a/notifiers/slack.py +++ b/notifiers/slack.py @@ -1,3 +1,5 @@ +from os import environ + from notifiers.notifier import Notifier from notifiers import Registry import requests @@ -11,6 +13,9 @@ def __init__(self, config): self._webhook_url = config['webhook_url'] + if self._webhook_url == 'env' or environ.get('SLACK_WEBHOOK_URL') != '': + self._webhook_url = environ.get('SLACK_WEBHOOK_URL') + def process(self, findings, detector_name): """Send a list of findings via Slack incoming webhook.""" requests.post(self._webhook_url, json={"text": "{} found the following:".format(detector_name)}) diff --git a/processor.py b/processor.py index 0dfa5a1..41fdca9 100644 --- a/processor.py +++ b/processor.py @@ -1,6 +1,9 @@ import logging import tempfile import subprocess +import re + +from config import Config class EventProcessor: def __init__(self): @@ -32,7 +35,8 @@ def _clone_and_establish_baseline(self, event): logging.info( 'Cloning repository {} into {}'. format(repo_full_name, repo_dir.name)) - subprocess.run(["git", "clone", repo_url, repo_dir.name], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + repo_url_with_token = repo_url.replace("https://", "https://" + re.sub('[^0-9a-zA-Z]+', '', Config.access_token) + "@") + subprocess.run(["git", "clone", repo_url_with_token, repo_dir.name], stdout=subprocess.PIPE, stderr=subprocess.PIPE) self.repo_cache[repo_url] = repo_dir # we haven't cloned this repository yet, so we don't have a baseline logging.info(