Skip to content

Instantly share code, notes, and snippets.

@wtfiwtz
Last active June 7, 2024 05:24
Show Gist options
  • Save wtfiwtz/af2aefe7cf11b3aae8483cd107ce8582 to your computer and use it in GitHub Desktop.
Save wtfiwtz/af2aefe7cf11b3aae8483cd107ce8582 to your computer and use it in GitHub Desktop.
Clean up Github Advanced Security secret scanning results
require 'json'
require 'uri'
require 'net/http'
require 'net/http/post/multipart'
require 'amazing_print'
# require 'http-cookie'
COOKIE_PART = "_octo=; preferred_color_mode=; tz=; _device_id=; has_recent_activity=1; saved_user_sessions=; user_session=; __Host-user_session_same_site=; color_mode=; logged_in=yes; dotcom_user=; "
COOKIE = "_gh_sess="
SECRET_TYPE = "email_addresses"
ORG_NAME = "your-org"
REPO_NAME = "your-repo"
page = 1220
puts "Page #{page}..."
while page > 0
uri = URI("https://github.com/#{ORG_NAME}/#{REPO_NAME}/security/secret-scanning?page=#{page}&query=is%3Aopen")
# jar = HTTP::CookieJar.new
# jar.parse(COOKIE_PART, uri)
get = Net::HTTP::Get.new(uri, { "Cookie" => COOKIE_PART + COOKIE })
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
http.request(get)
end
raise "Failed to fetch secret scanning alerts: code=#{response.code}; body: #{response.body}" unless response.code == "200"
alerts = JSON.parse(response.body)
# ap alerts['payload']['alerts'][0]
numbers = alerts['payload']['alerts'].select {
|x| x['raw_secret'].end_with?("@Falcon.com") or x['raw_secret'].end_with?("@powercorp.com")
}.collect { |x| x['number'] }
slugs = alerts['payload']['alerts'].select {
|x| x['raw_secret'].end_with?("@Falcon.com") or x['raw_secret'].end_with?("@powercorp.com")
}.collect { |x| x['slug'] }
ap "Numbers: #{numbers}"
form_data = {
:resolution => "wont_fix",
:dismissal_comment => "Fixed in master branch",
:repository => REPO_NAME,
:user_id => ORG_NAME,
"id[]" => numbers.map(&:to_s),
"id_with_slug[]" => numbers.map { |x| "#{x}:#{SECRET_TYPE}" }
}
uri2 = URI("https://github.com/#{ORG_NAME}/#{REPO_NAME}/security/secret-scanning/resolve-react")
request = Net::HTTP::Put::Multipart.new uri2.path, form_data
request["Cookie"] = COOKIE_PART + COOKIE # HTTP::Cookie.cookie_value(jar.cookies(uri))
request["Referer"] = "https://github.com/#{ORG_NAME}/#{REPO_NAME}/security/secret-scanning?query=is%3Aopen"
request["Github-Verified-Fetch"] = 'true'
request["X-Requested-With"] = 'XMLHttpRequest'
request["User-Agent"] = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
request["Origin"] = "https://github.com"
http = Net::HTTP.new(uri2.host, uri2.port)
http.use_ssl = true if uri2.scheme == 'https'
response = http.start do |http|
http.request(request)
end
raise "Failed to resolve secret scanning alerts - code=#{response.code}; body=#{response.body}" unless response.code == "200"
page -= 1
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment