Skip to content

Commit

Permalink
fix: don't run vuln detecttion if webhook not configured
Browse files Browse the repository at this point in the history
  • Loading branch information
balazsorban44 committed Oct 2, 2023
1 parent e1b591d commit 9dbc53b
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 3 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Nissuer
uses: balazsorban44/nissuer@1.7.2
uses: balazsorban44/nissuer@1.7.3
with:
label-area-section: 'Which area\(s\) are affected\?(.*)'
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Nissuer
uses: balazsorban44/nissuer@1.7.2
uses: balazsorban44/nissuer@1.7.3
```

Add a comment file (by default we look for `.github/invalid-reproduction.md`):
Expand Down
2 changes: 1 addition & 1 deletion dist/index.js

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,9 @@ async function notifyOnPubliclyDisclosedVulnerability() {
if (action !== "opened" || !issue?.body) return
const { body, title, number: issue_number, user } = issue

if (!config.webhook.url || !config.webhook.secret)
return debug("No webhook URL or secret defined")

if (!vulnRegex.test(`${title} ${body}`))
return debug("No public vulnerability disclosure detected")

Expand Down

0 comments on commit 9dbc53b

Please sign in to comment.