Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

more environment variable configuration + github access token usage #8

Open
wants to merge 5 commits into
base: master
Choose a base branch
from

Conversation

realytcracker
Copy link

this patch allows for the pulling of repositories available under the scope of the token's user by modifying the git clone request to include the provided access token as basic authentication, especially helpful in the webhook implementation. it also allows for the configuration of other seemingly sensitive variables to be passed along as environment variables.

@realytcracker
Copy link
Author

i believe this is safe from command injection via subprocess.run using the environment variable, but i do have an additional sanitization layer if required that simply import re and re.sub('[^0-9a-zA-Z]+', '', Config.access_token).

Copy link
Contributor

@jordan-wright jordan-wright left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @realytcracker!

So sorry for not getting this review out sooner. Thank you so much for taking the time to send this in.

I left a couple of small comments, but I'd be interested in getting this merged. I understand that this has been here for some time so if you don't have time to knock these out just let me know and I can merge into a branch, make the minor changes then get this merged into master.

processor.py Outdated Show resolved Hide resolved
notifiers/slack.py Show resolved Hide resolved
@jordan-wright jordan-wright added the enhancement New feature or request label Jan 28, 2020
https://github.blog/2012-09-21-easier-builds-and-deployments-using-git-over-https-and-oauth/

```
If you’re cloning inside a script and need to avoid the prompts, you can add the token to the clone URL:

git clone https://<token>@github.com/owner/repo.git
or

git clone https://<token>:[email protected]/owner/repo.git
```
@realytcracker
Copy link
Author

sorry for the 3y necromancy - i just noticed this wasn't merged, and updated accordingly.

@realytcracker
Copy link
Author

also, i noticed you're at stripe now @jordan-wright, so you may not even be maintaining this anymore. my old supervisor (super cool, sharp dude) does offensive security there - b steg.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants