Updated list secret scanning alerts to give all default and generic by default, allow switching off either, and listing a custom set of types if needed #11
Conversation
…y default, allow switching off either, and listing a custom set of types if needed
aegilops
requested review from
adrienpessu,
Copilot and
felickz
and removed request for
a team
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the secret scanning alerts listing functionality to provide more granular control over which types of secrets are included in the output. Instead of a single --generic flag to include generic secrets, the new approach allows users to independently control default secrets, generic secrets, and specify custom secret types.
Key changes:
- Changed from single
--genericflag to--no-genericand--no-defaultflags with--include-typesfor custom types - Modified the alert collection to support fetching multiple categories of secrets (default, generic, and specific types)
- Updated the API to accept a
secret_typesparameter for custom secret type filtering
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| list_secret_scanning_alerts.py | Added support for separate default/generic/specific secret type filtering; changed parameter signature of decorate_alerts to accept Iterable instead of Generator; updated argument parsing to use --no-generic, --no-default, and --include-types |
| githubapi.py | Added secret_types parameter to list_secret_scanning_alerts method to support custom secret type filtering |
| README.md | Updated documentation to reflect the new command-line interface with --no-generic, --no-default, and --include-types options |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| alerts = [] | ||
|
|
||
| if default: | ||
| default_alerts = g.list_secret_scanning_alerts( | ||
| name, state=state, since=since, scope=scope, bypassed=bypassed, generic=False, progress=progress | ||
| ) | ||
|
|
||
| alerts.append(default_alerts) | ||
|
|
||
| if generic: | ||
| generic_alerts = g.list_secret_scanning_alerts( | ||
| name, state=state, since=since, scope=scope, bypassed=bypassed, generic=True, progress=progress | ||
| ) | ||
|
|
||
| alerts.append(generic_alerts) | ||
|
|
||
| if specific: | ||
| specific_alerts = g.list_secret_scanning_alerts( | ||
| name, state=state, since=since, scope=scope, bypassed=bypassed, secret_types=specific, progress=progress | ||
| ) | ||
| alerts.append(specific_alerts) |
There was a problem hiding this comment.
This code appends generators to a list, but decorate_alerts expects a flat iterable of alert dictionaries. When decorate_alerts iterates over alerts, it will iterate over the generator objects themselves, not the alert dictionaries within them.
Consider using itertools.chain to chain the generators together:
from itertools import chain
alert_generators = []
if default:
default_alerts = g.list_secret_scanning_alerts(...)
alert_generators.append(default_alerts)
if generic:
generic_alerts = g.list_secret_scanning_alerts(...)
alert_generators.append(generic_alerts)
if specific:
specific_alerts = g.list_secret_scanning_alerts(...)
alert_generators.append(specific_alerts)
alerts = chain.from_iterable(alert_generators)There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
No description provided.