feat(metadata): add remediation messages

GitGuardian · Jul 1, 2024 · 180040f · 180040f
1 parent a2485b8
commit 180040f
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 1 deletion.
diff --git a/pygitguardian/client.py b/pygitguardian/client.py
@@ -35,6 +35,7 @@
     JWTService,
     MultiScanResult,
     QuotaResponse,
+    RemediationMessages,
     ScanResult,
     SecretScanPreferences,
     ServerMetadata,
@@ -151,6 +152,7 @@ class GGClient:
     user_agent: str
     extra_headers: Dict
     secret_scan_preferences: SecretScanPreferences
+    remediation_messages: RemediationMessages
     callbacks: Optional[GGClientCallbacks]
 
     def __init__(
@@ -214,6 +216,7 @@ def __init__(
         )
         self.maximum_payload_size = MAXIMUM_PAYLOAD_SIZE
         self.secret_scan_preferences = SecretScanPreferences()
+        self.remediation_messages = RemediationMessages()
 
     def request(
         self,
@@ -676,6 +679,7 @@ def read_metadata(self) -> Optional[Detail]:
             "general__maximum_payload_size", MAXIMUM_PAYLOAD_SIZE
         )
         self.secret_scan_preferences = metadata.secret_scan_preferences
+        self.remediation_messages = metadata.remediation_messages
         return None
 
     def create_jwt(

diff --git a/pygitguardian/config.py b/pygitguardian/config.py
@@ -5,3 +5,16 @@
 MULTI_DOCUMENT_LIMIT = 20
 DOCUMENT_SIZE_THRESHOLD_BYTES = 1048576  # 1MB
 MAXIMUM_PAYLOAD_SIZE = 2621440  # 25MB
+
+DEFAULT_PRE_COMMIT_MESSAGE = """Since the secret was detected before the commit was made:
+1. replace the secret with its reference (e.g. environment variable).
+2. commit again."""
+
+DEFAULT_PRE_PUSH_MESSAGE = """Since the secret was detected before the push BUT after the commit, you need to:
+1. rewrite the git history making sure to replace the secret with its reference (e.g. environment variable).
+2. push again."""
+
+DEFAULT_PRE_RECEIVE_MESSAGE = """A pre-receive hook set server side prevented you from pushing secrets.
+Since the secret was detected during the push BUT after the commit, you need to:
+1. rewrite the git history making sure to replace the secret with its reference (e.g. environment variable).
+2. push again."""
diff --git a/pygitguardian/models.py b/pygitguardian/models.py
@@ -19,7 +19,13 @@
 )
 from typing_extensions import Self
 
-from .config import DOCUMENT_SIZE_THRESHOLD_BYTES, MULTI_DOCUMENT_LIMIT
+from .config import (
+    DEFAULT_PRE_COMMIT_MESSAGE,
+    DEFAULT_PRE_PUSH_MESSAGE,
+    DEFAULT_PRE_RECEIVE_MESSAGE,
+    DOCUMENT_SIZE_THRESHOLD_BYTES,
+    MULTI_DOCUMENT_LIMIT,
+)
 
 
 class ToDictMixin:
@@ -734,13 +740,23 @@ class SecretScanPreferences:
     maximum_documents_per_scan: int = MULTI_DOCUMENT_LIMIT
 
 
+@dataclass
+class RemediationMessages:
+    pre_commit: str = DEFAULT_PRE_COMMIT_MESSAGE
+    pre_push: str = DEFAULT_PRE_PUSH_MESSAGE
+    pre_receive: str = DEFAULT_PRE_RECEIVE_MESSAGE
+
+
 @dataclass
 class ServerMetadata(Base, FromDictMixin):
     version: str
     preferences: Dict[str, Any]
     secret_scan_preferences: SecretScanPreferences = field(
         default_factory=SecretScanPreferences
     )
+    remediation_messages: RemediationMessages = field(
+        default_factory=RemediationMessages
+    )
 
 
 ServerMetadata.SCHEMA = cast(