Skip to content

Commit 2f475a9

Browse files
matthewdean-semgrepmatthewdean-semgrep
committed
chore: add remaining missing allowlist items for github
1 parent a75d49e commit 2f475a9

File tree

1 file changed

+37
-1
lines changed

1 file changed

+37
-1
lines changed

pkg/config.go

+37-1
Original file line numberDiff line numberDiff line change
@@ -454,6 +454,16 @@ func LoadConfig(configFiles []string, deploymentId int) (*Config, error) {
454454
Methods: ParseHttpMethods([]string{"GET"}),
455455
SetRequestHeaders: headers,
456456
},
457+
AllowlistItem{
458+
URL: gitHubBaseUrl.JoinPath("/user").String(),
459+
Methods: ParseHttpMethods([]string{"GET"}),
460+
SetRequestHeaders: headers,
461+
},
462+
AllowlistItem{
463+
URL: gitHubBaseUrl.JoinPath("/user/repos").String(),
464+
Methods: ParseHttpMethods([]string{"GET"}),
465+
SetRequestHeaders: headers,
466+
},
457467
// PR info
458468
AllowlistItem{
459469
URL: gitHubBaseUrl.JoinPath("/repos/:owner/:repo/pulls").String(),
@@ -466,6 +476,12 @@ func LoadConfig(configFiles []string, deploymentId int) (*Config, error) {
466476
Methods: ParseHttpMethods([]string{"POST"}),
467477
SetRequestHeaders: headers,
468478
},
479+
// get PR comment reactions
480+
AllowlistItem{
481+
URL: gitHubBaseUrl.JoinPath("/repos/:owner/:repo/pulls/comments/:comment_id/reactions").String(),
482+
Methods: ParseHttpMethods([]string{"GET"}),
483+
SetRequestHeaders: headers,
484+
},
469485
// post issue comment
470486
AllowlistItem{
471487
URL: gitHubBaseUrl.JoinPath("/repos/:owner/:repo/issues/:number/comments").String(),
@@ -554,6 +570,21 @@ func LoadConfig(configFiles []string, deploymentId int) (*Config, error) {
554570
Methods: ParseHttpMethods([]string{"PATCH"}),
555571
SetRequestHeaders: headers,
556572
},
573+
AllowlistItem{
574+
URL: gitHubBaseUrl.JoinPath("/repos/:org/:repo/compare/:basehead").String(),
575+
Methods: ParseHttpMethods([]string{"GET"}),
576+
SetRequestHeaders: headers,
577+
},
578+
AllowlistItem{
579+
URL: gitHubBaseUrl.JoinPath("/repos/:org/:repo/pulls/:number/comments/:comment_id").String(),
580+
Methods: ParseHttpMethods([]string{"PATCH"}),
581+
SetRequestHeaders: headers,
582+
},
583+
AllowlistItem{
584+
URL: gitHubBaseUrl.JoinPath("/repos/:org/:repo/pulls/comments/:comment_id/replies").String(),
585+
Methods: ParseHttpMethods([]string{"POST"}),
586+
SetRequestHeaders: headers,
587+
},
557588
AllowlistItem{
558589
URL: gitHubBaseUrl.JoinPath("/orgs/:org/teams").String(),
559590
Methods: ParseHttpMethods([]string{"GET"}),
@@ -576,7 +607,7 @@ func LoadConfig(configFiles []string, deploymentId int) (*Config, error) {
576607
},
577608
AllowlistItem{
578609
URL: gitHubBaseUrl.JoinPath("/orgs/:org/hooks").String(),
579-
Methods: ParseHttpMethods([]string{"GET"}),
610+
Methods: ParseHttpMethods([]string{"GET", "POST"}),
580611
SetRequestHeaders: headers,
581612
},
582613
AllowlistItem{
@@ -593,6 +624,11 @@ func LoadConfig(configFiles []string, deploymentId int) (*Config, error) {
593624

594625
if config.Inbound.GitHub.AllowCodeAccess {
595626
config.Inbound.Allowlist = append(config.Inbound.Allowlist,
627+
AllowlistItem{
628+
URL: gitHubBaseUrl.JoinPath("/repos/:org/:repo/contents").String(),
629+
Methods: ParseHttpMethods([]string{"GET"}),
630+
SetRequestHeaders: headers,
631+
},
596632
// get contents of file
597633
AllowlistItem{
598634
URL: gitHubBaseUrl.JoinPath("/repos/:org/:repo/contents/*").String(),

0 commit comments

Comments
 (0)