11import json
2- from dojo .models import Finding
32
3+ from dojo .models import Finding
44
5- class GithubSecretsDetectionReportParser (object ):
6- """
7- Import secrets detection report from GitHub
8- """
95
6+ class GithubSecretsDetectionReportParser :
107 def get_scan_types (self ):
118 return ["Github Secrets Detection Report Scan" ]
129
@@ -18,7 +15,7 @@ def get_description_for_scan_types(self, scan_type):
1815
1916 def get_findings (self , file , test ):
2017 data = json .load (file )
21-
18+
2219 if not isinstance (data , list ):
2320 error_msg = "Invalid GitHub secrets detection report format, expected a JSON list of alerts."
2421 raise TypeError (error_msg )
@@ -31,101 +28,99 @@ def get_findings(self, file, test):
3128 secret_type = alert .get ("secret_type" , "Unknown" )
3229 secret_type_display_name = alert .get ("secret_type_display_name" , secret_type )
3330 html_url = alert .get ("html_url" , "" )
34-
31+
3532 # Create title
3633 title = f"Exposed Secret Detected: { secret_type_display_name }
37-
34+
3835 # Build description
3936 desc_lines = []
4037 if html_url :
4138 desc_lines .append (f"**GitHub Alert**: [{ html_url } { html_url } )
42-
43- desc_lines .append (f"**Secret Type**: { secret_type_display_name } )
44- desc_lines .append (f"**Alert State**: { state } )
45-
39+
40+ desc_lines .extend ([f"**Secret Type**: { secret_type_display_name } , f"**Alert State**: { state } ])
41+
4642 # Add repository information
4743 repository = alert .get ("repository" , {})
4844 if repository :
4945 repo_full_name = repository .get ("full_name" )
5046 if repo_full_name :
5147 desc_lines .append (f"**Repository**: { repo_full_name } )
52-
48+
5349 # Add location information
5450 first_location = alert .get ("first_location_detected" , {})
5551 if first_location :
5652 file_path = first_location .get ("path" )
5753 start_line = first_location .get ("start_line" )
5854 end_line = first_location .get ("end_line" )
59-
55+
6056 if file_path :
6157 desc_lines .append (f"**File Path**: { file_path } )
6258 if start_line :
6359 if end_line and end_line != start_line :
6460 desc_lines .append (f"**Lines**: { start_line } { end_line } )
6561 else :
6662 desc_lines .append (f"**Line**: { start_line } )
67-
63+
6864 # Add resolution information
6965 resolution = alert .get ("resolution" )
7066 if resolution :
7167 desc_lines .append (f"**Resolution**: { resolution } )
72-
68+
7369 resolved_by = alert .get ("resolved_by" )
7470 if resolved_by :
7571 resolved_by_login = resolved_by .get ("login" , "Unknown" )
7672 desc_lines .append (f"**Resolved By**: { resolved_by_login } )
77-
73+
7874 resolved_at = alert .get ("resolved_at" )
7975 if resolved_at :
8076 desc_lines .append (f"**Resolved At**: { resolved_at } )
81-
77+
8278 resolution_comment = alert .get ("resolution_comment" )
8379 if resolution_comment :
8480 desc_lines .append (f"**Resolution Comment**: { resolution_comment } )
85-
81+
8682 # Add push protection information
8783 push_protection_bypassed = alert .get ("push_protection_bypassed" , False )
8884 if push_protection_bypassed :
8985 desc_lines .append ("**Push Protection Bypassed**: True" )
90-
86+
9187 bypassed_by = alert .get ("push_protection_bypassed_by" )
9288 if bypassed_by :
9389 bypassed_by_login = bypassed_by .get ("login" , "Unknown" )
9490 desc_lines .append (f"**Bypassed By**: { bypassed_by_login } )
95-
91+
9692 bypassed_at = alert .get ("push_protection_bypassed_at" )
9793 if bypassed_at :
9894 desc_lines .append (f"**Bypassed At**: { bypassed_at } )
9995 else :
10096 desc_lines .append ("**Push Protection Bypassed**: False" )
101-
97+
10298 # Add additional metadata
10399 validity = alert .get ("validity" , "unknown" )
104100 desc_lines .append (f"**Validity**: { validity } )
105-
101+
106102 publicly_leaked = alert .get ("publicly_leaked" , False )
107103 desc_lines .append (f"**Publicly Leaked**: { 'Yes' if publicly_leaked else 'No' } )
108-
104+
109105 multi_repo = alert .get ("multi_repo" , False )
110106 desc_lines .append (f"**Multi-Repository**: { 'Yes' if multi_repo else 'No' } )
111-
107+
112108 has_more_locations = alert .get ("has_more_locations" , False )
113109 if has_more_locations :
114110 desc_lines .append ("**Note**: This secret has been detected in multiple locations" )
115-
111+
116112 description = "\n \n " .join (desc_lines )
117-
113+
118114 # Determine severity based on state and other factors
119115 if state == "resolved" :
120116 severity = "Info"
117+ elif validity == "active" and publicly_leaked :
118+ severity = "Critical"
119+ elif validity == "active" :
120+ severity = "High"
121121 else :
122- if validity == "active" and publicly_leaked :
123- severity = "Critical"
124- elif validity == "active" :
125- severity = "High"
126- else :
127- severity = "Medium"
128-
122+ severity = "Medium"
123+
129124 # Create finding
130125 finding = Finding (
131126 title = title ,
@@ -136,16 +131,16 @@ def get_findings(self, file, test):
136131 dynamic_finding = False ,
137132 vuln_id_from_tool = str (alert_number ) if alert_number else None ,
138133 )
139-
134+
140135 # Set file path and line information
141136 if first_location :
142137 finding .file_path = first_location .get ("path" )
143138 finding .line = first_location .get ("start_line" )
144-
139+
145140 # Set external URL
146141 if html_url :
147142 finding .url = html_url
148-
143+
149144 findings .append (finding )
150-
145+
151146 return findings
0 commit comments