From 6b9c480c8204adb2537e4110eeea6617f591f7ce Mon Sep 17 00:00:00 2001 From: Radoslav Dimitrov Date: Fri, 20 Dec 2024 11:04:14 +0200 Subject: [PATCH] Add a ruletype that checks if issues are enabled Signed-off-by: Radoslav Dimitrov --- .../github/repo_issues_enabled.test.yaml | 36 ++ .../disabled.json | 353 ++++++++++++++++++ .../repo_issues_enabled.testdata/enabled.json | 353 ++++++++++++++++++ .../notfound.json | 5 + rule-types/github/repo_issues_enabled.yaml | 49 +++ 5 files changed, 796 insertions(+) create mode 100644 rule-types/github/repo_issues_enabled.test.yaml create mode 100644 rule-types/github/repo_issues_enabled.testdata/disabled.json create mode 100644 rule-types/github/repo_issues_enabled.testdata/enabled.json create mode 100644 rule-types/github/repo_issues_enabled.testdata/notfound.json create mode 100644 rule-types/github/repo_issues_enabled.yaml diff --git a/rule-types/github/repo_issues_enabled.test.yaml b/rule-types/github/repo_issues_enabled.test.yaml new file mode 100644 index 0000000..88af363 --- /dev/null +++ b/rule-types/github/repo_issues_enabled.test.yaml @@ -0,0 +1,36 @@ +tests: + - name: "Issues are enabled" + def: {} + params: {} + expect: "pass" + entity: &test-repo + type: repository + entity: + owner: "coolhead" + name: "haze-wave" + http: + body_file: enabled.json + - name: "Issues should be enabled" + def: {} + params: {} + expect: "fail" + entity: *test-repo + http: + body_file: disabled.json + - name: "Not found should fail" + def: {} + params: {} + expect: "fail" + entity: *test-repo + http: + status: 404 + body_file: notfound.json + - name: "Internal server error should fail" + def: {} + params: {} + expect: "fail" + entity: *test-repo + http: + status: 500 + body: | + { "message": "Internal server error" } diff --git a/rule-types/github/repo_issues_enabled.testdata/disabled.json b/rule-types/github/repo_issues_enabled.testdata/disabled.json new file mode 100644 index 0000000..422f21b --- /dev/null +++ b/rule-types/github/repo_issues_enabled.testdata/disabled.json @@ -0,0 +1,353 @@ +{ + "id": 666.5, + "node_id": "R_kgDOJGa8UQ", + "name": "haze-wave", + "full_name": "coolhead/haze-wave", + "private": true, + "owner": { + "login": "coolhead", + "id": 777, + "node_id": "MDQ6VXNlcjE0NTU2NA==", + "gravatar_id": "", + "url": "https://api.github.com/users/coolhead", + "html_url": "https://github.com/coolhead", + "followers_url": "https://api.github.com/users/coolhead/followers", + "following_url": "https://api.github.com/users/coolhead/following{/other_user}", + "gists_url": "https://api.github.com/users/coolhead/gists{/gist_id}", + "starred_url": "https://api.github.com/users/coolhead/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/coolhead/subscriptions", + "organizations_url": "https://api.github.com/users/coolhead/orgs", + "repos_url": "https://api.github.com/users/coolhead/repos", + "events_url": "https://api.github.com/users/coolhead/events{/privacy}", + "received_events_url": "https://api.github.com/users/coolhead/received_events", + "type": "User", + "site_admin": false + }, + "html_url": "https://github.com/coolhead/haze-wave", + "description": "A daemon that will help you with your user audit needs for linux", + "fork": true, + "url": "https://api.github.com/repos/coolhead/haze-wave", + "forks_url": "https://api.github.com/repos/coolhead/haze-wave/forks", + "keys_url": "https://api.github.com/repos/coolhead/haze-wave/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/coolhead/haze-wave/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/coolhead/haze-wave/teams", + "hooks_url": "https://api.github.com/repos/coolhead/haze-wave/hooks", + "issue_events_url": "https://api.github.com/repos/coolhead/haze-wave/issues/events{/number}", + "events_url": "https://api.github.com/repos/coolhead/haze-wave/events", + "assignees_url": "https://api.github.com/repos/coolhead/haze-wave/assignees{/user}", + "branches_url": "https://api.github.com/repos/coolhead/haze-wave/branches{/branch}", + "tags_url": "https://api.github.com/repos/coolhead/haze-wave/tags", + "blobs_url": "https://api.github.com/repos/coolhead/haze-wave/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/coolhead/haze-wave/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/coolhead/haze-wave/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/coolhead/haze-wave/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/coolhead/haze-wave/statuses/{sha}", + "languages_url": "https://api.github.com/repos/coolhead/haze-wave/languages", + "stargazers_url": "https://api.github.com/repos/coolhead/haze-wave/stargazers", + "contributors_url": "https://api.github.com/repos/coolhead/haze-wave/contributors", + "subscribers_url": "https://api.github.com/repos/coolhead/haze-wave/subscribers", + "subscription_url": "https://api.github.com/repos/coolhead/haze-wave/subscription", + "commits_url": "https://api.github.com/repos/coolhead/haze-wave/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/coolhead/haze-wave/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/coolhead/haze-wave/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/coolhead/haze-wave/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/coolhead/haze-wave/contents/{+path}", + "compare_url": "https://api.github.com/repos/coolhead/haze-wave/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/coolhead/haze-wave/merges", + "archive_url": "https://api.github.com/repos/coolhead/haze-wave/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/coolhead/haze-wave/downloads", + "issues_url": "https://api.github.com/repos/coolhead/haze-wave/issues{/number}", + "pulls_url": "https://api.github.com/repos/coolhead/haze-wave/pulls{/number}", + "milestones_url": "https://api.github.com/repos/coolhead/haze-wave/milestones{/number}", + "notifications_url": "https://api.github.com/repos/coolhead/haze-wave/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/coolhead/haze-wave/labels{/name}", + "releases_url": "https://api.github.com/repos/coolhead/haze-wave/releases{/id}", + "deployments_url": "https://api.github.com/repos/coolhead/haze-wave/deployments", + "created_at": "2023-03-07T10:29:53Z", + "updated_at": "2024-06-17T08:00:06Z", + "pushed_at": "2024-08-05T15:40:18Z", + "git_url": "git://github.com/coolhead/haze-wave.git", + "ssh_url": "git@github.com:coolhead/haze-wave.git", + "clone_url": "https://github.com/coolhead/haze-wave.git", + "svn_url": "https://github.com/coolhead/haze-wave", + "homepage": null, + "size": 504, + "stargazers_count": 0, + "watchers_count": 0, + "language": "Go", + "has_issues": false, + "has_projects": true, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": false, + "forks_count": 0, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 6, + "license": { + "key": "apache-2.0", + "name": "Apache License 2.0", + "spdx_id": "Apache-2.0", + "url": "https://api.github.com/licenses/apache-2.0", + "node_id": "MDc6TGljZW5zZTI=" + }, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "private", + "forks": 0, + "open_issues": 6, + "watchers": 0, + "default_branch": "main", + "permissions": { + "admin": true, + "maintain": true, + "push": true, + "triage": true, + "pull": true + }, + "temp_clone_token": "", + "allow_squash_merge": true, + "allow_merge_commit": true, + "allow_rebase_merge": true, + "allow_auto_merge": false, + "delete_branch_on_merge": false, + "allow_update_branch": false, + "use_squash_pr_title_as_default": false, + "squash_merge_commit_message": "COMMIT_MESSAGES", + "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", + "merge_commit_message": "PR_TITLE", + "merge_commit_title": "MERGE_MESSAGE", + "parent": { + "id": 666.7, + "node_id": "R_kgDOJE5eUA", + "name": "haze-wave", + "full_name": "JAORMX/haze-wave", + "private": false, + "owner": { + "login": "JAORMX", + "id": 666.2, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjg4MTM1NjAw", + "gravatar_id": "", + "url": "https://api.github.com/users/JAORMX", + "html_url": "https://github.com/JAORMX", + "followers_url": "https://api.github.com/users/JAORMX/followers", + "following_url": "https://api.github.com/users/JAORMX/following{/other_user}", + "gists_url": "https://api.github.com/users/JAORMX/gists{/gist_id}", + "starred_url": "https://api.github.com/users/JAORMX/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/JAORMX/subscriptions", + "organizations_url": "https://api.github.com/users/JAORMX/orgs", + "repos_url": "https://api.github.com/users/JAORMX/repos", + "events_url": "https://api.github.com/users/JAORMX/events{/privacy}", + "received_events_url": "https://api.github.com/users/JAORMX/received_events", + "type": "Organization", + "site_admin": false + }, + "html_url": "https://github.com/JAORMX/haze-wave", + "description": "haze-wave is a daemon that monitors OpenSSH server logins and produces structured audit events describing what authenticated users did while logged in.", + "fork": false, + "url": "https://api.github.com/repos/JAORMX/haze-wave", + "forks_url": "https://api.github.com/repos/JAORMX/haze-wave/forks", + "keys_url": "https://api.github.com/repos/JAORMX/haze-wave/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/JAORMX/haze-wave/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/JAORMX/haze-wave/teams", + "hooks_url": "https://api.github.com/repos/JAORMX/haze-wave/hooks", + "issue_events_url": "https://api.github.com/repos/JAORMX/haze-wave/issues/events{/number}", + "events_url": "https://api.github.com/repos/JAORMX/haze-wave/events", + "assignees_url": "https://api.github.com/repos/JAORMX/haze-wave/assignees{/user}", + "branches_url": "https://api.github.com/repos/JAORMX/haze-wave/branches{/branch}", + "tags_url": "https://api.github.com/repos/JAORMX/haze-wave/tags", + "blobs_url": "https://api.github.com/repos/JAORMX/haze-wave/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/JAORMX/haze-wave/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/JAORMX/haze-wave/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/JAORMX/haze-wave/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/JAORMX/haze-wave/statuses/{sha}", + "languages_url": "https://api.github.com/repos/JAORMX/haze-wave/languages", + "stargazers_url": "https://api.github.com/repos/JAORMX/haze-wave/stargazers", + "contributors_url": "https://api.github.com/repos/JAORMX/haze-wave/contributors", + "subscribers_url": "https://api.github.com/repos/JAORMX/haze-wave/subscribers", + "subscription_url": "https://api.github.com/repos/JAORMX/haze-wave/subscription", + "commits_url": "https://api.github.com/repos/JAORMX/haze-wave/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/JAORMX/haze-wave/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/JAORMX/haze-wave/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/JAORMX/haze-wave/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/JAORMX/haze-wave/contents/{+path}", + "compare_url": "https://api.github.com/repos/JAORMX/haze-wave/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/JAORMX/haze-wave/merges", + "archive_url": "https://api.github.com/repos/JAORMX/haze-wave/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/JAORMX/haze-wave/downloads", + "issues_url": "https://api.github.com/repos/JAORMX/haze-wave/issues{/number}", + "pulls_url": "https://api.github.com/repos/JAORMX/haze-wave/pulls{/number}", + "milestones_url": "https://api.github.com/repos/JAORMX/haze-wave/milestones{/number}", + "notifications_url": "https://api.github.com/repos/JAORMX/haze-wave/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/JAORMX/haze-wave/labels{/name}", + "releases_url": "https://api.github.com/repos/JAORMX/haze-wave/releases{/id}", + "deployments_url": "https://api.github.com/repos/JAORMX/haze-wave/deployments", + "created_at": "2023-03-03T12:08:37Z", + "updated_at": "2023-12-08T22:51:08Z", + "pushed_at": "2024-10-15T11:46:11Z", + "git_url": "git://github.com/JAORMX/haze-wave.git", + "ssh_url": "git@github.com:JAORMX/haze-wave.git", + "clone_url": "https://github.com/JAORMX/haze-wave.git", + "svn_url": "https://github.com/JAORMX/haze-wave", + "homepage": "", + "size": 609, + "stargazers_count": 2, + "watchers_count": 2, + "language": "Go", + "has_issues": false, + "has_projects": true, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": false, + "forks_count": 5, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 12, + "license": { + "key": "apache-2.0", + "name": "Apache License 2.0", + "spdx_id": "Apache-2.0", + "url": "https://api.github.com/licenses/apache-2.0", + "node_id": "MDc6TGljZW5zZTI=" + }, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 5, + "open_issues": 12, + "watchers": 2, + "default_branch": "main" + }, + "source": { + "id": 666.7, + "node_id": "R_kgDOJE5eUA", + "name": "haze-wave", + "full_name": "JAORMX/haze-wave", + "private": false, + "owner": { + "login": "JAORMX", + "id": 777, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjg4MTM1NjAw", + "gravatar_id": "", + "url": "https://api.github.com/users/JAORMX", + "html_url": "https://github.com/JAORMX", + "followers_url": "https://api.github.com/users/JAORMX/followers", + "following_url": "https://api.github.com/users/JAORMX/following{/other_user}", + "gists_url": "https://api.github.com/users/JAORMX/gists{/gist_id}", + "starred_url": "https://api.github.com/users/JAORMX/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/JAORMX/subscriptions", + "organizations_url": "https://api.github.com/users/JAORMX/orgs", + "repos_url": "https://api.github.com/users/JAORMX/repos", + "events_url": "https://api.github.com/users/JAORMX/events{/privacy}", + "received_events_url": "https://api.github.com/users/JAORMX/received_events", + "type": "Organization", + "site_admin": false + }, + "html_url": "https://github.com/JAORMX/haze-wave", + "description": "haze-wave is a daemon that monitors OpenSSH server logins and produces structured audit events describing what authenticated users did while logged in.", + "fork": false, + "url": "https://api.github.com/repos/JAORMX/haze-wave", + "forks_url": "https://api.github.com/repos/JAORMX/haze-wave/forks", + "keys_url": "https://api.github.com/repos/JAORMX/haze-wave/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/JAORMX/haze-wave/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/JAORMX/haze-wave/teams", + "hooks_url": "https://api.github.com/repos/JAORMX/haze-wave/hooks", + "issue_events_url": "https://api.github.com/repos/JAORMX/haze-wave/issues/events{/number}", + "events_url": "https://api.github.com/repos/JAORMX/haze-wave/events", + "assignees_url": "https://api.github.com/repos/JAORMX/haze-wave/assignees{/user}", + "branches_url": "https://api.github.com/repos/JAORMX/haze-wave/branches{/branch}", + "tags_url": "https://api.github.com/repos/JAORMX/haze-wave/tags", + "blobs_url": "https://api.github.com/repos/JAORMX/haze-wave/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/JAORMX/haze-wave/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/JAORMX/haze-wave/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/JAORMX/haze-wave/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/JAORMX/haze-wave/statuses/{sha}", + "languages_url": "https://api.github.com/repos/JAORMX/haze-wave/languages", + "stargazers_url": "https://api.github.com/repos/JAORMX/haze-wave/stargazers", + "contributors_url": "https://api.github.com/repos/JAORMX/haze-wave/contributors", + "subscribers_url": "https://api.github.com/repos/JAORMX/haze-wave/subscribers", + "subscription_url": "https://api.github.com/repos/JAORMX/haze-wave/subscription", + "commits_url": "https://api.github.com/repos/JAORMX/haze-wave/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/JAORMX/haze-wave/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/JAORMX/haze-wave/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/JAORMX/haze-wave/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/JAORMX/haze-wave/contents/{+path}", + "compare_url": "https://api.github.com/repos/JAORMX/haze-wave/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/JAORMX/haze-wave/merges", + "archive_url": "https://api.github.com/repos/JAORMX/haze-wave/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/JAORMX/haze-wave/downloads", + "issues_url": "https://api.github.com/repos/JAORMX/haze-wave/issues{/number}", + "pulls_url": "https://api.github.com/repos/JAORMX/haze-wave/pulls{/number}", + "milestones_url": "https://api.github.com/repos/JAORMX/haze-wave/milestones{/number}", + "notifications_url": "https://api.github.com/repos/JAORMX/haze-wave/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/JAORMX/haze-wave/labels{/name}", + "releases_url": "https://api.github.com/repos/JAORMX/haze-wave/releases{/id}", + "deployments_url": "https://api.github.com/repos/JAORMX/haze-wave/deployments", + "created_at": "2023-03-03T12:08:37Z", + "updated_at": "2023-12-08T22:51:08Z", + "pushed_at": "2024-10-15T11:46:11Z", + "git_url": "git://github.com/JAORMX/haze-wave.git", + "ssh_url": "git@github.com:JAORMX/haze-wave.git", + "clone_url": "https://github.com/JAORMX/haze-wave.git", + "svn_url": "https://github.com/JAORMX/haze-wave", + "homepage": "", + "size": 609, + "stargazers_count": 2, + "watchers_count": 2, + "language": "Go", + "has_issues": false, + "has_projects": true, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": false, + "forks_count": 5, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 12, + "license": { + "key": "apache-2.0", + "name": "Apache License 2.0", + "spdx_id": "Apache-2.0", + "url": "https://api.github.com/licenses/apache-2.0", + "node_id": "MDc6TGljZW5zZTI=" + }, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 5, + "open_issues": 12, + "watchers": 2, + "default_branch": "main" + }, + "security_and_analysis": { + "secret_scanning": { + "status": "enabled" + }, + "secret_scanning_push_protection": { + "status": "enabled" + }, + "dependabot_security_updates": { + "status": "disabled" + }, + "secret_scanning_non_provider_patterns": { + "status": "disabled" + }, + "secret_scanning_validity_checks": { + "status": "disabled" + } + }, + "network_count": 5, + "subscribers_count": 1 +} diff --git a/rule-types/github/repo_issues_enabled.testdata/enabled.json b/rule-types/github/repo_issues_enabled.testdata/enabled.json new file mode 100644 index 0000000..0cc5fe6 --- /dev/null +++ b/rule-types/github/repo_issues_enabled.testdata/enabled.json @@ -0,0 +1,353 @@ +{ + "id": 666.5, + "node_id": "R_kgDOJGa8UQ", + "name": "haze-wave", + "full_name": "coolhead/haze-wave", + "private": false, + "owner": { + "login": "coolhead", + "id": 145564, + "node_id": "MDQ6VXNlcjE0NTU2NA==", + "gravatar_id": "", + "url": "https://api.github.com/users/coolhead", + "html_url": "https://github.com/coolhead", + "followers_url": "https://api.github.com/users/coolhead/followers", + "following_url": "https://api.github.com/users/coolhead/following{/other_user}", + "gists_url": "https://api.github.com/users/coolhead/gists{/gist_id}", + "starred_url": "https://api.github.com/users/coolhead/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/coolhead/subscriptions", + "organizations_url": "https://api.github.com/users/coolhead/orgs", + "repos_url": "https://api.github.com/users/coolhead/repos", + "events_url": "https://api.github.com/users/coolhead/events{/privacy}", + "received_events_url": "https://api.github.com/users/coolhead/received_events", + "type": "User", + "site_admin": false + }, + "html_url": "https://github.com/coolhead/haze-wave", + "description": "A daemon that will help you with your user audit needs for linux", + "fork": true, + "url": "https://api.github.com/repos/coolhead/haze-wave", + "forks_url": "https://api.github.com/repos/coolhead/haze-wave/forks", + "keys_url": "https://api.github.com/repos/coolhead/haze-wave/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/coolhead/haze-wave/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/coolhead/haze-wave/teams", + "hooks_url": "https://api.github.com/repos/coolhead/haze-wave/hooks", + "issue_events_url": "https://api.github.com/repos/coolhead/haze-wave/issues/events{/number}", + "events_url": "https://api.github.com/repos/coolhead/haze-wave/events", + "assignees_url": "https://api.github.com/repos/coolhead/haze-wave/assignees{/user}", + "branches_url": "https://api.github.com/repos/coolhead/haze-wave/branches{/branch}", + "tags_url": "https://api.github.com/repos/coolhead/haze-wave/tags", + "blobs_url": "https://api.github.com/repos/coolhead/haze-wave/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/coolhead/haze-wave/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/coolhead/haze-wave/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/coolhead/haze-wave/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/coolhead/haze-wave/statuses/{sha}", + "languages_url": "https://api.github.com/repos/coolhead/haze-wave/languages", + "stargazers_url": "https://api.github.com/repos/coolhead/haze-wave/stargazers", + "contributors_url": "https://api.github.com/repos/coolhead/haze-wave/contributors", + "subscribers_url": "https://api.github.com/repos/coolhead/haze-wave/subscribers", + "subscription_url": "https://api.github.com/repos/coolhead/haze-wave/subscription", + "commits_url": "https://api.github.com/repos/coolhead/haze-wave/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/coolhead/haze-wave/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/coolhead/haze-wave/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/coolhead/haze-wave/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/coolhead/haze-wave/contents/{+path}", + "compare_url": "https://api.github.com/repos/coolhead/haze-wave/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/coolhead/haze-wave/merges", + "archive_url": "https://api.github.com/repos/coolhead/haze-wave/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/coolhead/haze-wave/downloads", + "issues_url": "https://api.github.com/repos/coolhead/haze-wave/issues{/number}", + "pulls_url": "https://api.github.com/repos/coolhead/haze-wave/pulls{/number}", + "milestones_url": "https://api.github.com/repos/coolhead/haze-wave/milestones{/number}", + "notifications_url": "https://api.github.com/repos/coolhead/haze-wave/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/coolhead/haze-wave/labels{/name}", + "releases_url": "https://api.github.com/repos/coolhead/haze-wave/releases{/id}", + "deployments_url": "https://api.github.com/repos/coolhead/haze-wave/deployments", + "created_at": "2023-03-07T10:29:53Z", + "updated_at": "2024-06-17T08:00:06Z", + "pushed_at": "2024-08-05T15:40:18Z", + "git_url": "git://github.com/coolhead/haze-wave.git", + "ssh_url": "git@github.com:coolhead/haze-wave.git", + "clone_url": "https://github.com/coolhead/haze-wave.git", + "svn_url": "https://github.com/coolhead/haze-wave", + "homepage": null, + "size": 504, + "stargazers_count": 0, + "watchers_count": 0, + "language": "Go", + "has_issues": true, + "has_projects": true, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": false, + "forks_count": 0, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 6, + "license": { + "key": "apache-2.0", + "name": "Apache License 2.0", + "spdx_id": "Apache-2.0", + "url": "https://api.github.com/licenses/apache-2.0", + "node_id": "MDc6TGljZW5zZTI=" + }, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "open_issues": 6, + "watchers": 0, + "default_branch": "main", + "permissions": { + "admin": true, + "maintain": true, + "push": true, + "triage": true, + "pull": true + }, + "temp_clone_token": "", + "allow_squash_merge": true, + "allow_merge_commit": true, + "allow_rebase_merge": true, + "allow_auto_merge": false, + "delete_branch_on_merge": false, + "allow_update_branch": false, + "use_squash_pr_title_as_default": false, + "squash_merge_commit_message": "COMMIT_MESSAGES", + "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", + "merge_commit_message": "PR_TITLE", + "merge_commit_title": "MERGE_MESSAGE", + "parent": { + "id": 777, + "node_id": "R_kgDOJE5eUA", + "name": "haze-wave", + "full_name": "JAORMX/haze-wave", + "private": false, + "owner": { + "login": "JAORMX", + "id": 777, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjg4MTM1NjAw", + "gravatar_id": "", + "url": "https://api.github.com/users/JAORMX", + "html_url": "https://github.com/JAORMX", + "followers_url": "https://api.github.com/users/JAORMX/followers", + "following_url": "https://api.github.com/users/JAORMX/following{/other_user}", + "gists_url": "https://api.github.com/users/JAORMX/gists{/gist_id}", + "starred_url": "https://api.github.com/users/JAORMX/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/JAORMX/subscriptions", + "organizations_url": "https://api.github.com/users/JAORMX/orgs", + "repos_url": "https://api.github.com/users/JAORMX/repos", + "events_url": "https://api.github.com/users/JAORMX/events{/privacy}", + "received_events_url": "https://api.github.com/users/JAORMX/received_events", + "type": "Organization", + "site_admin": false + }, + "html_url": "https://github.com/JAORMX/haze-wave", + "description": "haze-wave is a daemon that monitors OpenSSH server logins and produces structured audit events describing what authenticated users did while logged in.", + "fork": false, + "url": "https://api.github.com/repos/JAORMX/haze-wave", + "forks_url": "https://api.github.com/repos/JAORMX/haze-wave/forks", + "keys_url": "https://api.github.com/repos/JAORMX/haze-wave/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/JAORMX/haze-wave/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/JAORMX/haze-wave/teams", + "hooks_url": "https://api.github.com/repos/JAORMX/haze-wave/hooks", + "issue_events_url": "https://api.github.com/repos/JAORMX/haze-wave/issues/events{/number}", + "events_url": "https://api.github.com/repos/JAORMX/haze-wave/events", + "assignees_url": "https://api.github.com/repos/JAORMX/haze-wave/assignees{/user}", + "branches_url": "https://api.github.com/repos/JAORMX/haze-wave/branches{/branch}", + "tags_url": "https://api.github.com/repos/JAORMX/haze-wave/tags", + "blobs_url": "https://api.github.com/repos/JAORMX/haze-wave/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/JAORMX/haze-wave/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/JAORMX/haze-wave/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/JAORMX/haze-wave/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/JAORMX/haze-wave/statuses/{sha}", + "languages_url": "https://api.github.com/repos/JAORMX/haze-wave/languages", + "stargazers_url": "https://api.github.com/repos/JAORMX/haze-wave/stargazers", + "contributors_url": "https://api.github.com/repos/JAORMX/haze-wave/contributors", + "subscribers_url": "https://api.github.com/repos/JAORMX/haze-wave/subscribers", + "subscription_url": "https://api.github.com/repos/JAORMX/haze-wave/subscription", + "commits_url": "https://api.github.com/repos/JAORMX/haze-wave/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/JAORMX/haze-wave/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/JAORMX/haze-wave/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/JAORMX/haze-wave/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/JAORMX/haze-wave/contents/{+path}", + "compare_url": "https://api.github.com/repos/JAORMX/haze-wave/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/JAORMX/haze-wave/merges", + "archive_url": "https://api.github.com/repos/JAORMX/haze-wave/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/JAORMX/haze-wave/downloads", + "issues_url": "https://api.github.com/repos/JAORMX/haze-wave/issues{/number}", + "pulls_url": "https://api.github.com/repos/JAORMX/haze-wave/pulls{/number}", + "milestones_url": "https://api.github.com/repos/JAORMX/haze-wave/milestones{/number}", + "notifications_url": "https://api.github.com/repos/JAORMX/haze-wave/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/JAORMX/haze-wave/labels{/name}", + "releases_url": "https://api.github.com/repos/JAORMX/haze-wave/releases{/id}", + "deployments_url": "https://api.github.com/repos/JAORMX/haze-wave/deployments", + "created_at": "2023-03-03T12:08:37Z", + "updated_at": "2023-12-08T22:51:08Z", + "pushed_at": "2024-10-15T11:46:11Z", + "git_url": "git://github.com/JAORMX/haze-wave.git", + "ssh_url": "git@github.com:JAORMX/haze-wave.git", + "clone_url": "https://github.com/JAORMX/haze-wave.git", + "svn_url": "https://github.com/JAORMX/haze-wave", + "homepage": "", + "size": 609, + "stargazers_count": 2, + "watchers_count": 2, + "language": "Go", + "has_issues": true, + "has_projects": true, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": false, + "forks_count": 5, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 12, + "license": { + "key": "apache-2.0", + "name": "Apache License 2.0", + "spdx_id": "Apache-2.0", + "url": "https://api.github.com/licenses/apache-2.0", + "node_id": "MDc6TGljZW5zZTI=" + }, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 5, + "open_issues": 12, + "watchers": 2, + "default_branch": "main" + }, + "source": { + "id": 666.7, + "node_id": "R_kgDOJE5eUA", + "name": "haze-wave", + "full_name": "JAORMX/haze-wave", + "private": false, + "owner": { + "login": "JAORMX", + "id": 666.25, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjg4MTM1NjAw", + "gravatar_id": "", + "url": "https://api.github.com/users/JAORMX", + "html_url": "https://github.com/JAORMX", + "followers_url": "https://api.github.com/users/JAORMX/followers", + "following_url": "https://api.github.com/users/JAORMX/following{/other_user}", + "gists_url": "https://api.github.com/users/JAORMX/gists{/gist_id}", + "starred_url": "https://api.github.com/users/JAORMX/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/JAORMX/subscriptions", + "organizations_url": "https://api.github.com/users/JAORMX/orgs", + "repos_url": "https://api.github.com/users/JAORMX/repos", + "events_url": "https://api.github.com/users/JAORMX/events{/privacy}", + "received_events_url": "https://api.github.com/users/JAORMX/received_events", + "type": "Organization", + "site_admin": false + }, + "html_url": "https://github.com/JAORMX/haze-wave", + "description": "haze-wave is a daemon that monitors OpenSSH server logins and produces structured audit events describing what authenticated users did while logged in.", + "fork": false, + "url": "https://api.github.com/repos/JAORMX/haze-wave", + "forks_url": "https://api.github.com/repos/JAORMX/haze-wave/forks", + "keys_url": "https://api.github.com/repos/JAORMX/haze-wave/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/JAORMX/haze-wave/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/JAORMX/haze-wave/teams", + "hooks_url": "https://api.github.com/repos/JAORMX/haze-wave/hooks", + "issue_events_url": "https://api.github.com/repos/JAORMX/haze-wave/issues/events{/number}", + "events_url": "https://api.github.com/repos/JAORMX/haze-wave/events", + "assignees_url": "https://api.github.com/repos/JAORMX/haze-wave/assignees{/user}", + "branches_url": "https://api.github.com/repos/JAORMX/haze-wave/branches{/branch}", + "tags_url": "https://api.github.com/repos/JAORMX/haze-wave/tags", + "blobs_url": "https://api.github.com/repos/JAORMX/haze-wave/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/JAORMX/haze-wave/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/JAORMX/haze-wave/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/JAORMX/haze-wave/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/JAORMX/haze-wave/statuses/{sha}", + "languages_url": "https://api.github.com/repos/JAORMX/haze-wave/languages", + "stargazers_url": "https://api.github.com/repos/JAORMX/haze-wave/stargazers", + "contributors_url": "https://api.github.com/repos/JAORMX/haze-wave/contributors", + "subscribers_url": "https://api.github.com/repos/JAORMX/haze-wave/subscribers", + "subscription_url": "https://api.github.com/repos/JAORMX/haze-wave/subscription", + "commits_url": "https://api.github.com/repos/JAORMX/haze-wave/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/JAORMX/haze-wave/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/JAORMX/haze-wave/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/JAORMX/haze-wave/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/JAORMX/haze-wave/contents/{+path}", + "compare_url": "https://api.github.com/repos/JAORMX/haze-wave/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/JAORMX/haze-wave/merges", + "archive_url": "https://api.github.com/repos/JAORMX/haze-wave/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/JAORMX/haze-wave/downloads", + "issues_url": "https://api.github.com/repos/JAORMX/haze-wave/issues{/number}", + "pulls_url": "https://api.github.com/repos/JAORMX/haze-wave/pulls{/number}", + "milestones_url": "https://api.github.com/repos/JAORMX/haze-wave/milestones{/number}", + "notifications_url": "https://api.github.com/repos/JAORMX/haze-wave/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/JAORMX/haze-wave/labels{/name}", + "releases_url": "https://api.github.com/repos/JAORMX/haze-wave/releases{/id}", + "deployments_url": "https://api.github.com/repos/JAORMX/haze-wave/deployments", + "created_at": "2023-03-03T12:08:37Z", + "updated_at": "2023-12-08T22:51:08Z", + "pushed_at": "2024-10-15T11:46:11Z", + "git_url": "git://github.com/JAORMX/haze-wave.git", + "ssh_url": "git@github.com:JAORMX/haze-wave.git", + "clone_url": "https://github.com/JAORMX/haze-wave.git", + "svn_url": "https://github.com/JAORMX/haze-wave", + "homepage": "", + "size": 609, + "stargazers_count": 2, + "watchers_count": 2, + "language": "Go", + "has_issues": true, + "has_projects": true, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": false, + "forks_count": 5, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 12, + "license": { + "key": "apache-2.0", + "name": "Apache License 2.0", + "spdx_id": "Apache-2.0", + "url": "https://api.github.com/licenses/apache-2.0", + "node_id": "MDc6TGljZW5zZTI=" + }, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 5, + "open_issues": 12, + "watchers": 2, + "default_branch": "main" + }, + "security_and_analysis": { + "secret_scanning": { + "status": "disabled" + }, + "secret_scanning_push_protection": { + "status": "disabled" + }, + "dependabot_security_updates": { + "status": "disabled" + }, + "secret_scanning_non_provider_patterns": { + "status": "disabled" + }, + "secret_scanning_validity_checks": { + "status": "disabled" + } + }, + "network_count": 5, + "subscribers_count": 1 +} diff --git a/rule-types/github/repo_issues_enabled.testdata/notfound.json b/rule-types/github/repo_issues_enabled.testdata/notfound.json new file mode 100644 index 0000000..d62b205 --- /dev/null +++ b/rule-types/github/repo_issues_enabled.testdata/notfound.json @@ -0,0 +1,5 @@ +{ + "message": "Not Found", + "documentation_url": "https://docs.github.com/rest/repos/repos#get-a-repository", + "status": "404" +} diff --git a/rule-types/github/repo_issues_enabled.yaml b/rule-types/github/repo_issues_enabled.yaml new file mode 100644 index 0000000..60de6fd --- /dev/null +++ b/rule-types/github/repo_issues_enabled.yaml @@ -0,0 +1,49 @@ +--- +version: v1 +release_phase: alpha +type: rule-type +name: repo_issues_enabled +display_name: Ensure repository has issues enabled +short_failure_message: Repository issues are not enabled +severity: + value: low +context: + provider: github +description: | + Verifies that a repository has its issue tracker enabled. + This helps ensure repositories are configured for proper issue tracking + and community engagement. +guidance: | + Ensure that the repository's issue tracker is enabled. + + The issue tracker should be enabled when you want to: + - Track bugs, enhancements, and other requests + - Foster community discussions and feedback + - Create and track milestones + - Manage project work items directly in GitHub + + For more information, see [GitHub's documentation](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/disabling-issues). +def: + in_entity: repository + rule_schema: {} # No configuration needed + ingest: + type: rest + rest: + endpoint: "/repos/{{.Entity.Owner}}/{{.Entity.Name}}" + parse: json + eval: + type: jq + jq: + - ingested: + def: ".has_issues" + constant: true + remediate: + type: rest + rest: + method: PATCH + endpoint: "/repos/{{.Entity.Owner}}/{{.Entity.Name}}" + body: | + { "has_issues": true } + alert: + type: security_advisory + security_advisory: {}