github.com/google/go-github/v42@v42.0.0/github/code-scanning.go (about) 1 // Copyright 2020 The go-github AUTHORS. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style 4 // license that can be found in the LICENSE file. 5 6 package github 7 8 import ( 9 "context" 10 "fmt" 11 "strconv" 12 "strings" 13 ) 14 15 // CodeScanningService handles communication with the code scanning related 16 // methods of the GitHub API. 17 // 18 // GitHub API docs: https://docs.github.com/en/free-pro-team@latest/rest/reference/code-scanning/ 19 type CodeScanningService service 20 21 // Rule represents the complete details of GitHub Code Scanning alert type. 22 type Rule struct { 23 ID *string `json:"id,omitempty"` 24 Severity *string `json:"severity,omitempty"` 25 Description *string `json:"description,omitempty"` 26 Name *string `json:"name,omitempty"` 27 SecuritySeverityLevel *string `json:"security_severity_level,omitempty"` 28 FullDescription *string `json:"full_description,omitempty"` 29 Tags []string `json:"tags,omitempty"` 30 Help *string `json:"help,omitempty"` 31 } 32 33 // Location represents the exact location of the GitHub Code Scanning Alert in the scanned project. 34 type Location struct { 35 Path *string `json:"path,omitempty"` 36 StartLine *int `json:"start_line,omitempty"` 37 EndLine *int `json:"end_line,omitempty"` 38 StartColumn *int `json:"start_column,omitempty"` 39 EndColumn *int `json:"end_column,omitempty"` 40 } 41 42 // Message is a part of MostRecentInstance struct which provides the appropriate message when any action is performed on the analysis object. 43 type Message struct { 44 Text *string `json:"text,omitempty"` 45 } 46 47 // MostRecentInstance provides details of the most recent instance of this alert for the default branch or for the specified Git reference. 48 type MostRecentInstance struct { 49 Ref *string `json:"ref,omitempty"` 50 AnalysisKey *string `json:"analysis_key,omitempty"` 51 Environment *string `json:"environment,omitempty"` 52 State *string `json:"state,omitempty"` 53 CommitSHA *string `json:"commit_sha,omitempty"` 54 Message *Message `json:"message,omitempty"` 55 Location *Location `json:"location,omitempty"` 56 Classifications []string `json:"classifications,omitempty"` 57 } 58 59 // Tool represents the tool used to generate a GitHub Code Scanning Alert. 60 type Tool struct { 61 Name *string `json:"name,omitempty"` 62 GUID *string `json:"guid,omitempty"` 63 Version *string `json:"version,omitempty"` 64 } 65 66 // Alert represents an individual GitHub Code Scanning Alert on a single repository. 67 // 68 // GitHub API docs: https://docs.github.com/en/rest/reference/code-scanning#list-code-scanning-alerts-for-a-repository 69 type Alert struct { 70 RuleID *string `json:"rule_id,omitempty"` 71 RuleSeverity *string `json:"rule_severity,omitempty"` 72 RuleDescription *string `json:"rule_description,omitempty"` 73 Rule *Rule `json:"rule,omitempty"` 74 Tool *Tool `json:"tool,omitempty"` 75 CreatedAt *Timestamp `json:"created_at,omitempty"` 76 State *string `json:"state,omitempty"` 77 ClosedBy *User `json:"closed_by,omitempty"` 78 ClosedAt *Timestamp `json:"closed_at,omitempty"` 79 URL *string `json:"url,omitempty"` 80 HTMLURL *string `json:"html_url,omitempty"` 81 MostRecentInstance *MostRecentInstance `json:"most_recent_instance,omitempty"` 82 DismissedBy *User `json:"dismissed_by,omitempty"` 83 DismissedAt *Timestamp `json:"dismissed_at,omitempty"` 84 DismissedReason *string `json:"dismissed_reason,omitempty"` 85 InstancesURL *string `json:"instances_url,omitempty"` 86 } 87 88 // ID returns the ID associated with an alert. It is the number at the end of the security alert's URL. 89 func (a *Alert) ID() int64 { 90 if a == nil { 91 return 0 92 } 93 94 s := a.GetHTMLURL() 95 96 // Check for an ID to parse at the end of the url 97 if i := strings.LastIndex(s, "/"); i >= 0 { 98 s = s[i+1:] 99 } 100 101 // Return the alert ID as a 64-bit integer. Unable to convert or out of range returns 0. 102 id, err := strconv.ParseInt(s, 10, 64) 103 if err != nil { 104 return 0 105 } 106 107 return id 108 } 109 110 // AlertListOptions specifies optional parameters to the CodeScanningService.ListAlerts 111 // method. 112 type AlertListOptions struct { 113 // State of the code scanning alerts to list. Set to closed to list only closed code scanning alerts. Default: open 114 State string `url:"state,omitempty"` 115 116 // Return code scanning alerts for a specific branch reference. The ref must be formatted as heads/<branch name>. 117 Ref string `url:"ref,omitempty"` 118 119 ListOptions 120 } 121 122 // AnalysesListOptions specifies optional parameters to the CodeScanningService.ListAnalysesForRepo method. 123 type AnalysesListOptions struct { 124 // Return code scanning analyses belonging to the same SARIF upload. 125 SarifID *string `url:"sarif_id,omitempty"` 126 127 // Return code scanning analyses for a specific branch reference. The ref can be formatted as refs/heads/<branch name> or simply <branch name>. 128 Ref *string `url:"ref,omitempty"` 129 130 ListOptions 131 } 132 133 // ScanningAnalysis represents an individual GitHub Code Scanning ScanningAnalysis on a single repository. 134 // 135 // GitHub API docs: https://docs.github.com/en/rest/reference/code-scanning#list-code-scanning-analyses-for-a-repository 136 type ScanningAnalysis struct { 137 ID *int64 `json:"id,omitempty"` 138 Ref *string `json:"ref,omitempty"` 139 CommitSHA *string `json:"commit_sha,omitempty"` 140 AnalysisKey *string `json:"analysis_key,omitempty"` 141 Environment *string `json:"environment,omitempty"` 142 Error *string `json:"error,omitempty"` 143 Category *string `json:"category,omitempty"` 144 CreatedAt *Timestamp `json:"created_at,omitempty"` 145 ResultsCount *int `json:"results_count,omitempty"` 146 RulesCount *int `json:"rules_count,omitempty"` 147 URL *string `json:"url,omitempty"` 148 SarifID *string `json:"sarif_id,omitempty"` 149 Tool *Tool `json:"tool,omitempty"` 150 Deletable *bool `json:"deletable,omitempty"` 151 Warning *string `json:"warning,omitempty"` 152 } 153 154 // SarifAnalysis specifies the results of a code scanning job. 155 // 156 // GitHub API docs: https://docs.github.com/en/rest/reference/code-scanning#upload-an-analysis-as-sarif-data 157 type SarifAnalysis struct { 158 CommitSHA *string `json:"commit_sha,omitempty"` 159 Ref *string `json:"ref,omitempty"` 160 Sarif *string `json:"sarif,omitempty"` 161 CheckoutURI *string `json:"checkout_uri,omitempty"` 162 StartedAt *Timestamp `json:"started_at,omitempty"` 163 ToolName *string `json:"tool_name,omitempty"` 164 } 165 166 // SarifID identifies a sarif analysis upload. 167 // 168 // GitHub API docs: https://docs.github.com/en/rest/reference/code-scanning#upload-an-analysis-as-sarif-data 169 type SarifID struct { 170 ID *string `json:"id,omitempty"` 171 URL *string `json:"url,omitempty"` 172 } 173 174 // ListAlertsForRepo lists code scanning alerts for a repository. 175 // 176 // Lists all open code scanning alerts for the default branch (usually master) and protected branches in a repository. 177 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events 178 // read permission to use this endpoint. 179 // 180 // GitHub API docs: https://docs.github.com/en/free-pro-team@latest/rest/reference/code-scanning/#list-code-scanning-alerts-for-a-repository 181 func (s *CodeScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *AlertListOptions) ([]*Alert, *Response, error) { 182 u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts", owner, repo) 183 u, err := addOptions(u, opts) 184 if err != nil { 185 return nil, nil, err 186 } 187 188 req, err := s.client.NewRequest("GET", u, nil) 189 if err != nil { 190 return nil, nil, err 191 } 192 193 var alerts []*Alert 194 resp, err := s.client.Do(ctx, req, &alerts) 195 if err != nil { 196 return nil, resp, err 197 } 198 199 return alerts, resp, nil 200 } 201 202 // GetAlert gets a single code scanning alert for a repository. 203 // 204 // You must use an access token with the security_events scope to use this endpoint. 205 // GitHub Apps must have the security_events read permission to use this endpoint. 206 // 207 // The security alert_id is the number at the end of the security alert's URL. 208 // 209 // GitHub API docs: https://docs.github.com/en/free-pro-team@latest/rest/reference/code-scanning/#get-a-code-scanning-alert 210 func (s *CodeScanningService) GetAlert(ctx context.Context, owner, repo string, id int64) (*Alert, *Response, error) { 211 u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts/%v", owner, repo, id) 212 213 req, err := s.client.NewRequest("GET", u, nil) 214 if err != nil { 215 return nil, nil, err 216 } 217 218 a := new(Alert) 219 resp, err := s.client.Do(ctx, req, a) 220 if err != nil { 221 return nil, resp, err 222 } 223 224 return a, resp, nil 225 } 226 227 // UploadSarif uploads the result of code scanning job to GitHub. 228 // 229 // For the parameter sarif, you must first compress your SARIF file using gzip and then translate the contents of the file into a Base64 encoding string. 230 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events 231 // write permission to use this endpoint. 232 // 233 // GitHub API docs: https://docs.github.com/en/rest/reference/code-scanning#upload-an-analysis-as-sarif-data 234 func (s *CodeScanningService) UploadSarif(ctx context.Context, owner, repo string, sarif *SarifAnalysis) (*SarifID, *Response, error) { 235 u := fmt.Sprintf("repos/%v/%v/code-scanning/sarifs", owner, repo) 236 237 req, err := s.client.NewRequest("POST", u, sarif) 238 if err != nil { 239 return nil, nil, err 240 } 241 242 sarifID := new(SarifID) 243 resp, err := s.client.Do(ctx, req, sarifID) 244 if err != nil { 245 return nil, resp, err 246 } 247 248 return sarifID, resp, nil 249 } 250 251 // ListAnalysesForRepo lists code scanning analyses for a repository. 252 // 253 // Lists the details of all code scanning analyses for a repository, starting with the most recent. 254 // You must use an access token with the security_events scope to use this endpoint. 255 // GitHub Apps must have the security_events read permission to use this endpoint. 256 // 257 // GitHub API docs: https://docs.github.com/en/rest/reference/code-scanning#list-code-scanning-analyses-for-a-repository 258 func (s *CodeScanningService) ListAnalysesForRepo(ctx context.Context, owner, repo string, opts *AnalysesListOptions) ([]*ScanningAnalysis, *Response, error) { 259 u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses", owner, repo) 260 u, err := addOptions(u, opts) 261 if err != nil { 262 return nil, nil, err 263 } 264 265 req, err := s.client.NewRequest("GET", u, nil) 266 if err != nil { 267 return nil, nil, err 268 } 269 270 var analyses []*ScanningAnalysis 271 resp, err := s.client.Do(ctx, req, &analyses) 272 if err != nil { 273 return nil, resp, err 274 } 275 276 return analyses, resp, nil 277 } 278 279 // GetAnalysis gets a single code scanning analysis for a repository. 280 // 281 // You must use an access token with the security_events scope to use this endpoint. 282 // GitHub Apps must have the security_events read permission to use this endpoint. 283 // 284 // The security analysis_id is the ID of the analysis, as returned from the ListAnalysesForRepo operation. 285 // 286 // GitHub API docs: https://docs.github.com/en/rest/reference/code-scanning#get-a-code-scanning-analysis-for-a-repository 287 func (s *CodeScanningService) GetAnalysis(ctx context.Context, owner, repo string, id int64) (*ScanningAnalysis, *Response, error) { 288 u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses/%v", owner, repo, id) 289 290 req, err := s.client.NewRequest("GET", u, nil) 291 if err != nil { 292 return nil, nil, err 293 } 294 295 analysis := new(ScanningAnalysis) 296 resp, err := s.client.Do(ctx, req, analysis) 297 if err != nil { 298 return nil, resp, err 299 } 300 301 return analysis, resp, nil 302 }