Skip to content

Commit

Permalink
Updated python script
Browse files Browse the repository at this point in the history
  • Loading branch information
@developerkunal
developerkunal committed Sep 9, 2024
1 parent dc3f480 commit 8a83609
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 36 deletions.
83 changes: 53 additions & 30 deletions .github/workflows/rl-secure.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,36 +67,59 @@ jobs:
with:
script: |
const fs = require('fs');
const path = 'violations.txt';
const commentBody = fs.readFileSync(path, 'utf8');
const prNumber = context.issue.number;
const repoOwner = context.repo.owner;
const repoName = context.repo.repo;
const header = 'RL-Secure Scanner Results';
const { data: comments } = await github.rest.issues.listComments({
owner: repoOwner,
repo: repoName,
issue_number: prNumber
});
const existingComment = comments.find(comment => comment.body.startsWith(header));
if (existingComment) {
await github.rest.issues.updateComment({
owner: repoOwner,
repo: repoName,
comment_id: existingComment.id,
body: `${header}\n\n${commentBody}`
});
} else {
await github.rest.issues.createComment({
owner: repoOwner,
repo: repoName,
issue_number: prNumber,
body: `${header}\n\n${commentBody}`
});
const path = require('path');
const glob = require('glob');
const util = require('util');
const globPromise = util.promisify(glob);
const pattern = '/tmp/*/violations.txt';
let foundFilePath = null;
try {
const files = await globPromise(pattern);
if (files.length > 0) {
foundFilePath = files[0];
console.log(`Found file at: ${foundFilePath}`);
} else {
console.log('No file found matching pattern.');
}
if (foundFilePath) {
const commentBody = fs.readFileSync(foundFilePath, 'utf8');
const prNumber = context.issue.number;
const repoOwner = context.repo.owner;
const repoName = context.repo.repo;
const header = 'RL-Secure Scanner Results';
const { data: comments } = await github.rest.issues.listComments({
owner: repoOwner,
repo: repoName,
issue_number: prNumber
});
const existingComment = comments.find(comment => comment.body.startsWith(header));
if (existingComment) {
await github.rest.issues.updateComment({
owner: repoOwner,
repo: repoName,
comment_id: existingComment.id,
body: `${header}\n\n${commentBody}`
});
} else {
await github.rest.issues.createComment({
owner: repoOwner,
repo: repoName,
issue_number: prNumber,
body: `${header}\n\n${commentBody}`
});
}
} else {
console.log('File not found.');
}
} catch (error) {
console.error('Error finding or reading file:', error);
}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
12 changes: 6 additions & 6 deletions scripts/rl-wrapper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,13 +86,13 @@ def generate_report(rlsecure_path, workdir, targetdir, artifact_name, artifact_v
except subprocess.CalledProcessError as e:
sys.exit(f'[x] Failed to generate report: {e}')

def detect_malware(report_file,workdir, artifact_name, artifact_version, repository, commit, build_env):
def detect_malware(report_file, artifact_name, artifact_version, repository, commit, build_env):
report_data = load_report(report_file)
try:
report_metadata = report_data['report']['metadata']
malware_violation_rule_ids = MALWARE_VIOLATION_IDS

is_malware_detected = process_and_export_violations(report_metadata, workdir, malware_violation_rule_ids, artifact_name, artifact_version, repository, commit, build_env)
is_malware_detected = process_and_export_violations(report_metadata, malware_violation_rule_ids, artifact_name, artifact_version, repository, commit, build_env)

if not is_malware_detected:
print('[i] No Malware was detected.')
Expand All @@ -110,7 +110,7 @@ def load_report(report_file):

import sys

def process_and_export_violations(report_metadata, workdir, malware_violation_rule_ids, artifact_name, artifact_version, repository, commit, build_env):
def process_and_export_violations(report_metadata, malware_violation_rule_ids, artifact_name, artifact_version, repository, commit, build_env):
print('----------------- Detections -----------------', file=sys.stderr)

is_malware_detected = False
Expand All @@ -127,10 +127,10 @@ def process_and_export_violations(report_metadata, workdir, malware_violation_ru

report_malware_detection(violation['rule_id'])


file_name = 'violations.txt'
file_path = os.path.join(workdir, file_name)
print('------------------RL Wrapper Scanner Save Violations------------------', file=sys.stderr)
with open(file_path, 'w') as file:
with open(file_name, 'w') as file:
file.write('## 🚨 RL Wrapper Scanner Results: Malware Detected\n\n')
file.write(f'**Artifact:** {artifact_name}\n')
file.write(f'**Version:** {artifact_version}\n')
Expand Down Expand Up @@ -270,7 +270,7 @@ def main():
scan_artifact(rlsecure_path, args.artifact, workdir, args.name, args.version)
generate_report(rlsecure_path, workdir, targetdir, args.name, args.version)

is_non_compliant_violations = detect_malware(f'{workdir}/{targetdir}/report.rl.json', workdir, args.name, args.version, args.repository, args.commit, args.build_env)
is_non_compliant_violations = detect_malware(f'{workdir}/{targetdir}/report.rl.json', args.name, args.version, args.repository, args.commit, args.build_env)

s3_results_path = submit_to_s3(workdir, targetdir, s3_bucket_name, tool_name, args.name, args.version, timestamp)

Expand Down

0 comments on commit 8a83609

Please sign in to comment.