Skip to content

Commit

Permalink
Port secret-scanning.js to TypeScript (#51187)
Browse files Browse the repository at this point in the history
  • Loading branch information
@peterbe
peterbe authored Jun 13, 2024
1 parent df6cb10 commit 1d86ea9
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 35 deletions.
2 changes: 1 addition & 1 deletion src/frame/middleware/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ import robots from './robots'
import earlyAccessLinks from '@/early-access/middleware/early-access-links'
import categoriesForSupport from './categories-for-support'
import triggerError from '@/observability/middleware/trigger-error'
import secretScanning from '@/secret-scanning/middleware/secret-scanning.js'
import secretScanning from '@/secret-scanning/middleware/secret-scanning'
import ghesReleaseNotes from '@/release-notes/middleware/ghes-release-notes.js'
import whatsNewChangelog from './context/whats-new-changelog.js'
import layout from './context/layout.js'
Expand Down
34 changes: 0 additions & 34 deletions src/secret-scanning/middleware/secret-scanning.js
View file

This file was deleted.

43 changes: 43 additions & 0 deletions src/secret-scanning/middleware/secret-scanning.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
import fs from 'fs'

import yaml from 'js-yaml'
import type { NextFunction, Response } from 'express'

import getApplicableVersions from '@/versions/lib/get-applicable-versions.js'
import { liquid } from '@/content-render/index.js'
import { ExtendedRequest, SecretScanningData } from '@/types'

const secretScanningPath = 'data/secret-scanning.yml'

export default async function secretScanning(
req: ExtendedRequest,
res: Response,
next: NextFunction,
) {
if (!req.pagePath!.endsWith('code-security/secret-scanning/secret-scanning-patterns'))
return next()

const secretScanningData = yaml.load(
fs.readFileSync(secretScanningPath, 'utf-8'),
) as SecretScanningData[]

if (!req.context) throw new Error('request not contextualized')
const { currentVersion } = req.context

req.context.secretScanningData = secretScanningData.filter((entry) =>
getApplicableVersions(entry.versions).includes(currentVersion),
)

// Some entries might use Liquid syntax, so we need
// to execute that Liquid to get the actual value.
req.context.secretScanningData.forEach(async (entry) => {
for (const [key, value] of Object.entries(entry)) {
if (key === 'hasValidityCheck' && typeof value === 'string' && value.includes('{%')) {
const evaluated = yaml.load(await liquid.parseAndRender(value, req.context))
entry[key] = evaluated as string
}
}
})

return next()
}
12 changes: 12 additions & 0 deletions src/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,18 @@ export type Context = {
languages?: Languages
redirectNotFound?: string
earlyAccessPageLinks?: string
secretScanningData?: SecretScanningData[]
}

export type SecretScanningData = {
provider: string
supportedSecret: string
secretType: string
versions: Record<string, string>
isPublic: boolean
isPrivateWithGhas: boolean
hasPushProtection: boolean
hasValidityCheck: boolean | string
}

type Language = {
Expand Down

0 comments on commit 1d86ea9

Please sign in to comment.