From 698b150f79c340798f6f4b196932c61ef82339aa Mon Sep 17 00:00:00 2001 From: CharlieM <31941002+CharlieMc0@users.noreply.github.com> Date: Wed, 13 Sep 2023 09:55:11 -0600 Subject: [PATCH] testing regex --- .github/workflows/sast-linters.yml | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sast-linters.yml b/.github/workflows/sast-linters.yml index 886c9ef268..87b7b3c942 100644 --- a/.github/workflows/sast-linters.yml +++ b/.github/workflows/sast-linters.yml @@ -184,9 +184,24 @@ jobs: labels: ["nosec"] }) - - name: Block broad "#nosec" annotations without a specific rule - uses: pablo-statsig/gh-pr-content-checker@master - if: env.nosec_detected == 1 - with: - github-token: ${{github.token}} - diffContainsRegex: '#nosec(?!(\sG\d{3}))(?![^\s\t])([\s\t]*|$)' + # - name: Block broad "#nosec" annotations without a specific rule + # uses: pablo-statsig/gh-pr-content-checker@master + # if: env.nosec_detected == 1 + # with: + # github-token: ${{github.token}} + # diffContainsRegex: '#nosec(?!(\sG\d{3}))(?![^\s\t])([\s\t]*|$)' + + - name: Report nosec usage + run: | + + REGEX='#nosec(?!(\sG\d{3}))(?![^\s\t])([\s\t]*|$)'' + EXIT_CODE=$(git diff --stat | grep -c -E "$REGEX") + + if [ $? -eq 0 ]; then + echo "Broad '#nosec' annotation found in code without a specific rule" + echo "Make sure you specific which rule you are bypassed with '#nosec G999' with G999 being the gosec rule number" + exit 1 + else + echo "Regex found nothing" + exit 0 + fi \ No newline at end of file