CET-19215 add secret scanning

Author: lukbla

pom.xml

@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.kohsuke</groupId>
   <artifactId>cortexapps-github-api</artifactId>
-  <version>1.326</version>
+  <version>1.327</version>
   <name>GitHub API for Java</name>
   <url>https://github-api.kohsuke.org/</url>
   <description>GitHub API for Java</description>

src/main/java/org/kohsuke/github/GHSecretScanningAlert.java

@@ -22,9 +22,12 @@ public class GHSecretScanningAlert extends GHObject {
     private String resolution;
     private String resolved_at;
     private GHUser resolved_by;
+    private String secret_name;
     private String secret_type;
-    private Secret secret;
-    private String push_protection_bypassed;
+    private String secret_type_display_name;
+    private String secret;
+
+    private Boolean push_protection_bypassed;
     private GHUser push_protection_bypassed_by;
     private String push_protection_bypassed_at;
 
@@ -105,11 +108,29 @@ public String getSecretType() {
     }
 
     /**
-     * Secret that was detected
+     * Display name for tyype of secret that was detected
+     *
+     * @return the secret type display name
+     */
+    public String getSecretTypeDisplayName() {
+        return secret_type_display_name;
+    }
+
+    /**
+     * Secret name that was detected
+     *
+     * @return the secret name
+     */
+    public String getSecretName() {
+        return secret_name;
+    }
+
+    /**
+     * Secret value that was detected
      *
-     * @return the secret
+     * @return the secret value
      */
-    public Secret getSecret() {
+    public String getSecret() {
         return secret;
     }
 
@@ -118,8 +139,8 @@ public Secret getSecret() {
      *
      * @return true if push protection was bypassed, false otherwise
      */
-    public boolean isPushProtectionBypassed() {
-        return push_protection_bypassed != null && !push_protection_bypassed.isEmpty();
+    public Boolean isPushProtectionBypassed() {
+        return push_protection_bypassed;
     }
 
     /**
@@ -146,40 +167,4 @@ public URL getHtmlUrl() throws IOException {
         return GitHubClient.parseURL(html_url);
     }
 
-    /**
-     * Secret details
-     */
-    @SuppressFBWarnings(value = { "UWF_UNWRITTEN_FIELD" }, justification = "JSON API")
-    public static class Secret {
-        private String name;
-        private String type;
-        private String value;
-
-        /**
-         * Name of the secret
-         *
-         * @return the name
-         */
-        public String getName() {
-            return name;
-        }
-
-        /**
-         * Type of the secret
-         *
-         * @return the type
-         */
-        public String getType() {
-            return type;
-        }
-
-        /**
-         * Value of the secret
-         *
-         * @return the value
-         */
-        public String getValue() {
-            return value;
-        }
-    }
 }

src/test/java/org/kohsuke/github/GHSecretScanningAlertTest.java

@@ -1,10 +1,8 @@
 package org.kohsuke.github;
 
-import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Test;
 
-import java.io.IOException;
 import java.util.List;
 
 import static org.hamcrest.Matchers.*;
@@ -28,11 +26,11 @@ public class GHSecretScanningAlertTest extends AbstractGitHubWireMockTest {
      */
     @Before
     public void setUp() throws Exception {
-        repo = gitHub.getRepository("cortextests" + "/" + "test-code-scanning");
+        repo = gitHub.getRepository("cortextests" + "/" + "secret-scanning");
     }
 
     /**
-     * Test list code scanning alert payload
+     * Test list secret scanning alert payload
      */
     @Test
     public void testListSecretScanningAlerts() {
@@ -42,62 +40,27 @@ public void testListSecretScanningAlerts() {
         List<GHSecretScanningAlert> alerts = repo.listSecretScanningAlerts()._iterator(2).nextPage();
 
         // Assert
-        assertThat(alerts.size(), equalTo(2)); // This assertion is based on manual setup done on repo to
-        // guarantee there are atleast 2 issues
+        assertThat(alerts.size(), equalTo(2));
 
-        // GHCodeScanningAlert alert = codeQlAlerts.get(0);
-        //
-        // // Verify the code scanning tool details
-        // assertThat(alert.getTool(), not((Object) null));
-        // GHCodeScanningAlert.Tool tool = alert.getTool();
-        // assertThat(tool.getName(), is("CodeQL"));
-        // assertThat(tool.getVersion(), not((Object) null));
-        //
-        // // Verify that fields of the code scanning rule are non-null
-        // assertThat(alert.getRule(), not((Object) null));
-        // GHCodeScanningAlert.Rule rule = alert.getRule();
-        // assertThat(rule.getId(), not((Object) null));
-        // assertThat(rule.getName(), not((Object) null));
-        // assertThat(rule.getSeverity(), not((Object) null));
-        // assertThat(rule.getSecuritySeverityLevel(), not((Object) null));
-        //
-        // // Act - Search by filtering on alert status
-        // List<GHCodeScanningAlert> openAlerts = repo.listCodeScanningAlerts(GHCodeScanningAlertState.OPEN)
-        // ._iterator(2)
-        // .nextPage(); // This assertion is based on manual setup done on repo to
-        // // guarantee there are atleast 2 issues
-        //
-        // // Assert
-        // assertThat(openAlerts.size(), equalTo(2));
-        // GHCodeScanningAlert openAlert = openAlerts.get(0);
-        // assertThat(openAlert.getState(), is(GHCodeScanningAlertState.OPEN));
-    }
-
-    /**
-     * Test get code scanning alert payload
-     *
-     * @throws IOException
-     *             Signals that an I/O exception has occurred.
-     */
-    @Test
-    public void testGetCodeScanningAlert() throws IOException {
-        // Arrange
-        List<GHCodeScanningAlert> dismissedAlerts = repo.listCodeScanningAlerts(GHCodeScanningAlertState.DISMISSED)
-                ._iterator(1)
-                .nextPage();
-        Assume.assumeThat(dismissedAlerts.size(), greaterThanOrEqualTo(1));
-        GHCodeScanningAlert dismissedAlert = dismissedAlerts.get(0);
-        long idOfDismissed = dismissedAlert.getId();
+        GHSecretScanningAlert alert1 = alerts.get(0);
+        assertThat(alert1.getNumber(), equalTo(2L));
+        assertThat(alert1.getState(), equalTo(GHSecretScanningAlertState.OPEN));
+        assertThat(alert1.getSecretType(), equalTo("npm_access_token"));
+        assertThat(alert1.getSecret(), equalTo("secret1"));
+        assertThat(alert1.isPushProtectionBypassed(), equalTo(false));
+        assertThat(alert1.getResolvedBy(), nullValue());
+        assertThat(alert1.getResolvedAt(), nullValue());
 
-        // Act
-        GHCodeScanningAlert result = repo.getCodeScanningAlert(idOfDismissed);
-
-        // Assert
-        assertThat(result, not((Object) null));
-        assertThat(result.getId(), equalTo(idOfDismissed));
-        assertThat(result.getDismissedReason(), equalTo(dismissedAlert.getDismissedReason()));
-        assertThat(result.getDismissedAt(), equalTo(dismissedAlert.getDismissedAt()));
-        assertThat(result.getDismissedBy().login, equalTo(dismissedAlert.getDismissedBy().login));
+        GHSecretScanningAlert alert2 = alerts.get(1);
+        assertThat(alert2.getNumber(), equalTo(1L));
+        assertThat(alert2.getState(), equalTo(GHSecretScanningAlertState.OPEN));
+        assertThat(alert2.getSecretType(), equalTo("stripe_test_secret_key"));
+        assertThat(alert2.getSecret(), equalTo("secret2"));
+        assertThat(alert2.isPushProtectionBypassed(), equalTo(true));
+        assertThat(alert2.getPushProtectionBypassedBy().getLogin(), equalTo("lukbla"));
+        assertThat(alert2.getPushProtectionBypassedAt(), equalTo(GitHubClient.parseDate("2025-05-05T15:32:05Z")));
+        assertThat(alert2.getResolvedBy(), nullValue());
+        assertThat(alert2.getResolvedAt(), nullValue());
     }
 
 }

src/test/resources/org/kohsuke/github/GHSecretScanningAlertTest/wiremock/testListSecretScanningAlerts/__files/repos_cortextests_secret-scanning-1.json

@@ -0,0 +1,161 @@
+{
+  "id": 978177282,
+  "node_id": "R_kgDOOk3NAg",
+  "name": "secret-scanning",
+  "full_name": "cortextests/secret-scanning",
+  "private": false,
+  "owner": {
+    "login": "cortextests",
+    "id": 87100841,
+    "node_id": "MDEyOk9yZ2FuaXphdGlvbjg3MTAwODQx",
+    "avatar_url": "https://avatars.githubusercontent.com/u/87100841?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/cortextests",
+    "html_url": "https://github.com/cortextests",
+    "followers_url": "https://api.github.com/users/cortextests/followers",
+    "following_url": "https://api.github.com/users/cortextests/following{/other_user}",
+    "gists_url": "https://api.github.com/users/cortextests/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/cortextests/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/cortextests/subscriptions",
+    "organizations_url": "https://api.github.com/users/cortextests/orgs",
+    "repos_url": "https://api.github.com/users/cortextests/repos",
+    "events_url": "https://api.github.com/users/cortextests/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/cortextests/received_events",
+    "type": "Organization",
+    "user_view_type": "public",
+    "site_admin": false
+  },
+  "html_url": "https://github.com/cortextests/secret-scanning",
+  "description": null,
+  "fork": false,
+  "url": "https://api.github.com/repos/cortextests/secret-scanning",
+  "forks_url": "https://api.github.com/repos/cortextests/secret-scanning/forks",
+  "keys_url": "https://api.github.com/repos/cortextests/secret-scanning/keys{/key_id}",
+  "collaborators_url": "https://api.github.com/repos/cortextests/secret-scanning/collaborators{/collaborator}",
+  "teams_url": "https://api.github.com/repos/cortextests/secret-scanning/teams",
+  "hooks_url": "https://api.github.com/repos/cortextests/secret-scanning/hooks",
+  "issue_events_url": "https://api.github.com/repos/cortextests/secret-scanning/issues/events{/number}",
+  "events_url": "https://api.github.com/repos/cortextests/secret-scanning/events",
+  "assignees_url": "https://api.github.com/repos/cortextests/secret-scanning/assignees{/user}",
+  "branches_url": "https://api.github.com/repos/cortextests/secret-scanning/branches{/branch}",
+  "tags_url": "https://api.github.com/repos/cortextests/secret-scanning/tags",
+  "blobs_url": "https://api.github.com/repos/cortextests/secret-scanning/git/blobs{/sha}",
+  "git_tags_url": "https://api.github.com/repos/cortextests/secret-scanning/git/tags{/sha}",
+  "git_refs_url": "https://api.github.com/repos/cortextests/secret-scanning/git/refs{/sha}",
+  "trees_url": "https://api.github.com/repos/cortextests/secret-scanning/git/trees{/sha}",
+  "statuses_url": "https://api.github.com/repos/cortextests/secret-scanning/statuses/{sha}",
+  "languages_url": "https://api.github.com/repos/cortextests/secret-scanning/languages",
+  "stargazers_url": "https://api.github.com/repos/cortextests/secret-scanning/stargazers",
+  "contributors_url": "https://api.github.com/repos/cortextests/secret-scanning/contributors",
+  "subscribers_url": "https://api.github.com/repos/cortextests/secret-scanning/subscribers",
+  "subscription_url": "https://api.github.com/repos/cortextests/secret-scanning/subscription",
+  "commits_url": "https://api.github.com/repos/cortextests/secret-scanning/commits{/sha}",
+  "git_commits_url": "https://api.github.com/repos/cortextests/secret-scanning/git/commits{/sha}",
+  "comments_url": "https://api.github.com/repos/cortextests/secret-scanning/comments{/number}",
+  "issue_comment_url": "https://api.github.com/repos/cortextests/secret-scanning/issues/comments{/number}",
+  "contents_url": "https://api.github.com/repos/cortextests/secret-scanning/contents/{+path}",
+  "compare_url": "https://api.github.com/repos/cortextests/secret-scanning/compare/{base}...{head}",
+  "merges_url": "https://api.github.com/repos/cortextests/secret-scanning/merges",
+  "archive_url": "https://api.github.com/repos/cortextests/secret-scanning/{archive_format}{/ref}",
+  "downloads_url": "https://api.github.com/repos/cortextests/secret-scanning/downloads",
+  "issues_url": "https://api.github.com/repos/cortextests/secret-scanning/issues{/number}",
+  "pulls_url": "https://api.github.com/repos/cortextests/secret-scanning/pulls{/number}",
+  "milestones_url": "https://api.github.com/repos/cortextests/secret-scanning/milestones{/number}",
+  "notifications_url": "https://api.github.com/repos/cortextests/secret-scanning/notifications{?since,all,participating}",
+  "labels_url": "https://api.github.com/repos/cortextests/secret-scanning/labels{/name}",
+  "releases_url": "https://api.github.com/repos/cortextests/secret-scanning/releases{/id}",
+  "deployments_url": "https://api.github.com/repos/cortextests/secret-scanning/deployments",
+  "created_at": "2025-05-05T15:30:32Z",
+  "updated_at": "2025-05-05T15:32:18Z",
+  "pushed_at": "2025-05-05T15:32:15Z",
+  "git_url": "git://github.com/cortextests/secret-scanning.git",
+  "ssh_url": "git@github.com:cortextests/secret-scanning.git",
+  "clone_url": "https://github.com/cortextests/secret-scanning.git",
+  "svn_url": "https://github.com/cortextests/secret-scanning",
+  "homepage": null,
+  "size": 1,
+  "stargazers_count": 0,
+  "watchers_count": 0,
+  "language": null,
+  "has_issues": true,
+  "has_projects": true,
+  "has_downloads": true,
+  "has_wiki": true,
+  "has_pages": false,
+  "has_discussions": false,
+  "forks_count": 0,
+  "mirror_url": null,
+  "archived": false,
+  "disabled": false,
+  "open_issues_count": 0,
+  "license": null,
+  "allow_forking": true,
+  "is_template": false,
+  "web_commit_signoff_required": false,
+  "topics": [],
+  "visibility": "public",
+  "forks": 0,
+  "open_issues": 0,
+  "watchers": 0,
+  "default_branch": "main",
+  "permissions": {
+    "admin": true,
+    "maintain": true,
+    "push": true,
+    "triage": true,
+    "pull": true
+  },
+  "temp_clone_token": "",
+  "allow_squash_merge": true,
+  "allow_merge_commit": true,
+  "allow_rebase_merge": true,
+  "allow_auto_merge": false,
+  "delete_branch_on_merge": false,
+  "allow_update_branch": false,
+  "use_squash_pr_title_as_default": false,
+  "squash_merge_commit_message": "COMMIT_MESSAGES",
+  "squash_merge_commit_title": "COMMIT_OR_PR_TITLE",
+  "merge_commit_message": "PR_TITLE",
+  "merge_commit_title": "MERGE_MESSAGE",
+  "custom_properties": {},
+  "organization": {
+    "login": "cortextests",
+    "id": 87100841,
+    "node_id": "MDEyOk9yZ2FuaXphdGlvbjg3MTAwODQx",
+    "avatar_url": "https://avatars.githubusercontent.com/u/87100841?v=4",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/cortextests",
+    "html_url": "https://github.com/cortextests",
+    "followers_url": "https://api.github.com/users/cortextests/followers",
+    "following_url": "https://api.github.com/users/cortextests/following{/other_user}",
+    "gists_url": "https://api.github.com/users/cortextests/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/cortextests/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/cortextests/subscriptions",
+    "organizations_url": "https://api.github.com/users/cortextests/orgs",
+    "repos_url": "https://api.github.com/users/cortextests/repos",
+    "events_url": "https://api.github.com/users/cortextests/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/cortextests/received_events",
+    "type": "Organization",
+    "user_view_type": "public",
+    "site_admin": false
+  },
+  "security_and_analysis": {
+    "secret_scanning": {
+      "status": "enabled"
+    },
+    "secret_scanning_push_protection": {
+      "status": "disabled"
+    },
+    "dependabot_security_updates": {
+      "status": "disabled"
+    },
+    "secret_scanning_non_provider_patterns": {
+      "status": "disabled"
+    },
+    "secret_scanning_validity_checks": {
+      "status": "disabled"
+    }
+  },
+  "network_count": 0,
+  "subscribers_count": 4
+}