Last active
June 7, 2024 05:24
-
-
Save wtfiwtz/af2aefe7cf11b3aae8483cd107ce8582 to your computer and use it in GitHub Desktop.
Clean up Github Advanced Security secret scanning results
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'json' | |
require 'uri' | |
require 'net/http' | |
require 'net/http/post/multipart' | |
require 'amazing_print' | |
# require 'http-cookie' | |
COOKIE_PART = "_octo=; preferred_color_mode=; tz=; _device_id=; has_recent_activity=1; saved_user_sessions=; user_session=; __Host-user_session_same_site=; color_mode=; logged_in=yes; dotcom_user=; " | |
COOKIE = "_gh_sess=" | |
SECRET_TYPE = "email_addresses" | |
ORG_NAME = "your-org" | |
REPO_NAME = "your-repo" | |
page = 1220 | |
puts "Page #{page}..." | |
while page > 0 | |
uri = URI("https://github.com/#{ORG_NAME}/#{REPO_NAME}/security/secret-scanning?page=#{page}&query=is%3Aopen") | |
# jar = HTTP::CookieJar.new | |
# jar.parse(COOKIE_PART, uri) | |
get = Net::HTTP::Get.new(uri, { "Cookie" => COOKIE_PART + COOKIE }) | |
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http| | |
http.request(get) | |
end | |
raise "Failed to fetch secret scanning alerts: code=#{response.code}; body: #{response.body}" unless response.code == "200" | |
alerts = JSON.parse(response.body) | |
# ap alerts['payload']['alerts'][0] | |
numbers = alerts['payload']['alerts'].select { | |
|x| x['raw_secret'].end_with?("@Falcon.com") or x['raw_secret'].end_with?("@powercorp.com") | |
}.collect { |x| x['number'] } | |
slugs = alerts['payload']['alerts'].select { | |
|x| x['raw_secret'].end_with?("@Falcon.com") or x['raw_secret'].end_with?("@powercorp.com") | |
}.collect { |x| x['slug'] } | |
ap "Numbers: #{numbers}" | |
form_data = { | |
:resolution => "wont_fix", | |
:dismissal_comment => "Fixed in master branch", | |
:repository => REPO_NAME, | |
:user_id => ORG_NAME, | |
"id[]" => numbers.map(&:to_s), | |
"id_with_slug[]" => numbers.map { |x| "#{x}:#{SECRET_TYPE}" } | |
} | |
uri2 = URI("https://github.com/#{ORG_NAME}/#{REPO_NAME}/security/secret-scanning/resolve-react") | |
request = Net::HTTP::Put::Multipart.new uri2.path, form_data | |
request["Cookie"] = COOKIE_PART + COOKIE # HTTP::Cookie.cookie_value(jar.cookies(uri)) | |
request["Referer"] = "https://github.com/#{ORG_NAME}/#{REPO_NAME}/security/secret-scanning?query=is%3Aopen" | |
request["Github-Verified-Fetch"] = 'true' | |
request["X-Requested-With"] = 'XMLHttpRequest' | |
request["User-Agent"] = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" | |
request["Origin"] = "https://github.com" | |
http = Net::HTTP.new(uri2.host, uri2.port) | |
http.use_ssl = true if uri2.scheme == 'https' | |
response = http.start do |http| | |
http.request(request) | |
end | |
raise "Failed to resolve secret scanning alerts - code=#{response.code}; body=#{response.body}" unless response.code == "200" | |
page -= 1 | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment