Develop (#56)

* return feature to remove blank lines and comments * add samples to perform tests * pushing some tools to help during debug tasks * skip false positives - draft function * improve taint analysis function * drafting new rules * update sarif output with new variables * apply design pattern practices to a better code compreension * remove Data::Dumper * fixed sarif * remove unecessary variables * remove old file * remove samples * create some unit tests * update rules on linter * resolv linter warnings * resolv linter warnings * new module * remove tools/ * tdy * update perltidyrc * new line * deleted tests/Sarif.t * remove blank lines * checking if the name of file that does exists * fix(Source-to-Sink): handle empty token list in PPI find method (#55) * fix(Source-to-Sink): handle empty token list in PPI find method - prevent runtime error when no tokens are found by using an empty array reference as a fallback * update security-gate.yml --------- Co-authored-by: Heitor <[email protected]> Co-authored-by: priv <[email protected]>
htrgouvea · Dec 24, 2024 · 64b471b · 64b471b
1 parent 5ec7323
commit 64b471b
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 14 deletions.
diff --git a/.github/workflows/security-gate.yml b/.github/workflows/security-gate.yml
@@ -1,13 +1,14 @@
 name: Security Gate - LESIS
 
 on:
-  push:
-    branches:
-      - main
   pull_request:
     branches:
       - main
 
+permissions:
+  security-events: read
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -24,15 +25,15 @@ jobs:
     - name: Pull Docker image from GitHub Container Registry
       run: docker pull ghcr.io/instriq/security-gate/security-gate:latest
 
-    - name: Verify security alerts from dependabot
+    - name: Verify security alerts from GHAS
       run: |
         docker run ghcr.io/instriq/security-gate/security-gate:latest \
-        -t $GITHUB_TOKEN \
-        -r ${{ github.repository }} \
-        --critical $MAX_CRITICAL \
-        --high $MAX_HIGH \
-        --medium $MAX_MEDIUM \
-        --low $MAX_LOW \
+        -t "$GITHUB_TOKEN" \
+        -r "${{ github.repository }}" \
+        -c "$MAX_CRITICAL" \
+        -h "$MAX_HIGH" \
+        -m "$MAX_MEDIUM" \
+        -l "$MAX_LOW" \
         --dependency-alerts \
-        --code-alerts \
-        --secret-alerts 
+        --secret-alerts \
+        --code-alerts
diff --git a/lib/Zarn/Engine/Source_to_Sink.pm b/lib/Zarn/Engine/Source_to_Sink.pm
@@ -20,7 +20,7 @@ package Zarn::Engine::Source_to_Sink {
         );
 
         if ($ast && $rules) {
-            foreach my $token (@{$ast -> find('PPI::Token')}) {
+            foreach my $token (@{$ast -> find('PPI::Token') || []}) {
                 foreach my $rule (@{$rules}) {
                     my @sample   = $rule -> {sample} -> @*;
                     my $category = $rule -> {category};
@@ -63,4 +63,4 @@ package Zarn::Engine::Source_to_Sink {
     }
 }
 
-1;
+1;