-
Notifications
You must be signed in to change notification settings - Fork 5
/
org_find_keys.py
executable file
·108 lines (91 loc) · 3.25 KB
/
org_find_keys.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/usr/bin/env python
"""
Script to search for keys in repos in an org.
"""
import sys
import alive_progress
from github3 import exceptions as gh_exceptions
from github3 import login
from github_scripts import utils
def parse_arguments():
"""
Parse the command line
"""
parser = utils.GH_ArgParser(description="Search through an org for repos with keys")
parser.add_argument("orgs", help="List of organizations that the repos belong to", nargs="+")
parser.add_argument("--archived", help="Include archived repos", action="store_true")
parser.add_argument(
"--type",
help="Type of repo, all (default), public, private",
default="all",
choices=["all", "public", "private"],
dest="repo_type",
)
args = parser.parse_args()
return args
def find_keys_in_org(gh_sess, org, repo_type, archived, bar):
"""
Given an organization, return a list of found keys
:param gh_sess: Active github session
:param org: initialized org object
:param repo_type: "all", "private", "public" for repo filtering
:param archived: Boolean, include archived repos
:param bar: initialized progress bar.
:result: a list of strings with the hook information
"""
foundkeyslist = []
bar.text = " - Getting repositories"
bar()
repolist = org.repositories(type=repo_type)
for repo in repolist:
bar.text = f" - checking {repo.name}..."
if archived or not repo.archived:
bar()
try:
for key in repo.keys():
foundkeyslist.append(
f"{org.name},{repo.name},{key.title},{key.created_at},{key.last_used}"
)
utils.check_rate_remain(gh_sess=gh_sess, bar=bar)
except gh_exceptions.NotFoundError:
# ghsa repos do not have the keys endpoint.
if repo.name.find("-ghsa-") == -1:
raise gh_exceptions.NotFoundError()
return foundkeyslist
def main():
"""
Search through the indicated org and repo types and report all repo keys found
"""
args = parse_arguments()
gh_sess = login(token=args.token)
header_str = "Org,Repo,Key title,created,last_used"
foundkeyslist = []
for orgname in args.orgs:
try:
organization = gh_sess.organization(orgname)
with alive_progress.alive_bar(
dual_line=True,
title=f"Searching for keys in {orgname}",
file=sys.stderr,
length=20,
force_tty=True,
) as bar:
foundkeyslist.extend(
find_keys_in_org(
gh_sess=gh_sess,
org=organization,
repo_type=args.repo_type,
archived=args.archived,
bar=bar,
)
)
except gh_exceptions.NotFoundError:
print(
f"Organization {orgname} not found - check spelling? Continuing to next org if there is one.",
file=sys.stderr,
)
finally:
print(header_str)
print("\n".join(foundkeyslist))
if __name__ == "__main__":
main()