Skip to content

Commit

Permalink
testing regex
Browse files Browse the repository at this point in the history
  • Loading branch information
CharlieMc0 committed Sep 13, 2023
1 parent a676b46 commit 698b150
Showing 1 changed file with 21 additions and 6 deletions.
27 changes: 21 additions & 6 deletions .github/workflows/sast-linters.yml
Original file line number Diff line number Diff line change
Expand Up @@ -184,9 +184,24 @@ jobs:
labels: ["nosec"]
})
- name: Block broad "#nosec" annotations without a specific rule
uses: pablo-statsig/gh-pr-content-checker@master
if: env.nosec_detected == 1
with:
github-token: ${{github.token}}
diffContainsRegex: '#nosec(?!(\sG\d{3}))(?![^\s\t])([\s\t]*|$)'
# - name: Block broad "#nosec" annotations without a specific rule
# uses: pablo-statsig/gh-pr-content-checker@master
# if: env.nosec_detected == 1
# with:
# github-token: ${{github.token}}
# diffContainsRegex: '#nosec(?!(\sG\d{3}))(?![^\s\t])([\s\t]*|$)'

- name: Report nosec usage
run: |
REGEX='#nosec(?!(\sG\d{3}))(?![^\s\t])([\s\t]*|$)''
EXIT_CODE=$(git diff --stat | grep -c -E "$REGEX")
if [ $? -eq 0 ]; then
echo "Broad '#nosec' annotation found in code without a specific rule"
echo "Make sure you specific which rule you are bypassed with '#nosec G999' with G999 being the gosec rule number"
exit 1
else
echo "Regex found nothing"
exit 0
fi

0 comments on commit 698b150

Please sign in to comment.