feat: add default env PAT login

Added env PAT login by default and --pat flag retrieval
2026-06-11 05:46:05 +00:00 · 2024-11-25 13:07:52 +01:00
parent 45668eb53a
commit b2e58c3045
4 changed files with 52 additions and 7 deletions
@@ -216,6 +216,7 @@ class Provider(ABC):
                        personal_access_token=arguments.personal_access_token,
                        github_app=arguments.github_app,
                        oauth_app=arguments.oauth_app,
+                        pat=arguments.pat,
                        config_path=arguments.config_file,
                    )

@@ -15,7 +15,6 @@ from prowler.providers.common.provider import Provider
 from prowler.providers.github.exceptions.exceptions import (
    GithubEnvironmentVariableError,
    GithubInvalidTokenError,
-    GithubNonExistentTokenError,
    GithubSetUpIdentityError,
    GithubSetUpSessionError,
 )
@@ -26,6 +25,7 @@ from prowler.providers.github.models import GithubIdentityInfo, GithubSession
 class GithubProvider(Provider):
    _type: str = "github"
    _auth_method: str
+    _pat: str
    _session: GithubSession
    _identity: GithubIdentityInfo
    _audit_config: dict
@@ -37,6 +37,7 @@ class GithubProvider(Provider):
        personal_access_token: bool = False,
        github_app: bool = False,
        oauth_app: bool = False,
+        pat: str = None,
        config_path: str = None,
        config_content: dict = None,
        fixer_config: dict = {},
@@ -55,6 +56,8 @@ class GithubProvider(Provider):
        """
        logger.info("Instantiating GitHub Provider...")

+        self._pat = pat
+
        self._session = self.setup_session(
            personal_access_token,
            github_app,
@@ -96,6 +99,11 @@ class GithubProvider(Provider):
        """Returns the authentication method for the GitHub provider."""
        return self._auth_method

+    @property
+    def pat(self):
+        """Returns the personal access token for the GitHub provider."""
+        return self._pat
+
    @property
    def session(self):
        """Returns the session object for the GitHub provider."""
@@ -144,7 +152,15 @@ class GithubProvider(Provider):
            GithubSession: Authenticated session token for API requests.
        """
        try:
-            if personal_access_token:
+            if not personal_access_token and not github_app and not oauth_app:
+                logger.error(
+                    "GitHub provider: No authentication method selected. Prowler will try to use GITHUB_PERSONAL_ACCESS_TOKEN enviroment variable to log in by default."
+                )
+                personal_access_token = True
+            if self.pat:
+                session_token = self.pat
+                self._auth_method = "personal_access_token"
+            elif personal_access_token:
                if not getenv("GITHUB_PERSONAL_ACCESS_TOKEN"):
                    logger.critical(
                        "GitHub provider: Missing enviroment variable GITHUB_PERSONAL_ACCESS_TOKEN needed to authenticate against GitHub."
@@ -181,10 +197,6 @@ class GithubProvider(Provider):
                logger.critical(
                    "GitHub provider: A Github token is required to authenticate against Github."
                )
-                raise GithubNonExistentTokenError(
-                    file=os.path.basename(__file__),
-                    message="A Github token is required to authenticate against Github.",
-                )

            credentials = GithubSession(token=session_token)

@@ -219,7 +231,12 @@ class GithubProvider(Provider):
        credentials = self.session

        try:
-            if personal_access_token or github_app or oauth_app:
+            if (self.pat or personal_access_token or github_app or oauth_app) or (
+                not self.pat
+                and not personal_access_token
+                and not github_app
+                and not oauth_app
+            ):
                auth = Auth.Token(credentials.token)
                g = Github(auth=auth)

@@ -24,3 +24,27 @@ def init_parser(self):
        help="Use GitHub app token to log in against GitHub",
        default=False,
    )
+    github_auth_modes_group.add_argument(
+        "--user-password",
+        action="store_true",
+        help="Use user login and password to log in against GitHub",
+        default=False,
+    ),
+    github_auth_subparser.add_argument(
+        "--pat",
+        nargs="?",
+        default=None,
+        help="Personal access token to log in against GitHub",
+    ),
+    github_auth_subparser.add_argument(
+        "--user",
+        nargs="?",
+        default=None,
+        help="User to log in against GitHub",
+    ),
+    github_auth_subparser.add_argument(
+        "--password",
+        nargs="?",
+        default=None,
+        help="Password to log in against GitHub",
+    ),
@@ -17,6 +17,8 @@ class Repository(GithubService):
        try:
            for repo in self.client.get_user().get_repos():
                try:
+                    securitymd_exists = repo.get_contents("SECURITY.md") is not None
+                    """
                    securitymd_exists = False
                    contents = repo.get_contents("")
                    while contents:
@@ -26,6 +28,7 @@ class Repository(GithubService):
                        elif file_content.path.endswith("SECURITY.md"):
                            securitymd_exists = True
                            break
+                    """
                except Exception:
                    securitymd_exists = False
                repos[repo.id] = Repo(