fix: group annotations to avoid reaching limit

bullfrogsec · Jun 27, 2024 · 241d330 · 241d330
1 parent c3af209
commit 241d330
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/action/dist/post.js b/action/dist/post.js
@@ -19020,27 +19020,29 @@ async function printAnnotations({
     const { egressPolicy } = parseInputs();
     const result = egressPolicy === BLOCK ? "Blocked" : "Unauthorized";
     core2.debug("\n\nCorrelated data:\n");
+    const annotations = [];
     correlatedData.forEach((data) => {
       core2.debug(JSON.stringify(data));
       if (data.decision !== "blocked") {
         return;
       }
       const time = data.ts.toISOString();
       if (data.domain === "unknown") {
-        core2.warning(
+        annotations.push(
           `[${time}] ${result} request to ${data.destIp}:${data.destPort} from processs \`${data.binary} ${data.args}\``
         );
         return;
       } else if (data.destIp === "unknown") {
-        core2.warning(
+        annotations.push(
           `[${time}] ${result} DNS request to ${data.domain} from unknown process`
         );
       } else {
-        core2.warning(
+        annotations.push(
           `[${time}] ${result} request to ${data.domain} (${data.destIp}:${data.destPort}) from process \`${data.binary} ${data.args}\``
         );
       }
     });
+    core2.warning(annotations.join("\n"));
     return;
   } catch (error) {
     core2.debug("No annotations found");

diff --git a/action/dist/post.js.map b/action/dist/post.js.map
diff --git a/action/src/post.ts b/action/src/post.ts
@@ -22,27 +22,30 @@ async function printAnnotations({
 
     core.debug("\n\nCorrelated data:\n");
 
+    const annotations: string[] = [];
+
     correlatedData.forEach((data) => {
       core.debug(JSON.stringify(data));
       if (data.decision !== "blocked") {
         return;
       }
       const time = data.ts.toISOString();
       if (data.domain === "unknown") {
-        core.warning(
+        annotations.push(
           `[${time}] ${result} request to ${data.destIp}:${data.destPort} from processs \`${data.binary} ${data.args}\``
         );
         return;
       } else if (data.destIp === "unknown") {
-        core.warning(
+        annotations.push(
           `[${time}] ${result} DNS request to ${data.domain} from unknown process`
         );
       } else {
-        core.warning(
+        annotations.push(
           `[${time}] ${result} request to ${data.domain} (${data.destIp}:${data.destPort}) from process \`${data.binary} ${data.args}\``
         );
       }
     });
+    core.warning(annotations.join("\n"));
     return;
   } catch (error) {
     core.debug("No annotations found");