Merge pull request #37 from boringtools/33-suport-scanning-list-of-usernames

Added support for custom users scan

Author: c0d3G33k

README.md

@@ -57,6 +57,19 @@ Scan and generate report with custom path
 git-alerts scan --org your-org-name --report-path /your/file/path/
 ```
 
+Scan custom list of GitHub users
+
+```bash
+git-alerts scan --org your-org-name --users-file-path /path/to/csv/file
+```
+> Ensure to pass CSV file with the list of GitHub usernames
+
+```csv
+username01
+username02
+username03
+```
+
 ### Monitor
 
 Monitor new public repositories being created by your organization users
@@ -89,6 +102,19 @@ Monitor new public repositories being created by your organization users along w
 git-alerts monitor --org your-org-name --gitleaks --slack-alert
 ```
 
+Monitor custom list of GitHub users
+
+```bash
+git-alerts monitor --org your-org-name --users-file-path /path/to/csv/file
+```
+> Ensure to pass CSV file with the list of GitHub usernames
+
+```csv
+username01
+username02
+username03
+```
+
 ### Secrets
 
 Scan with secrets detection using Trufflehog
@@ -105,6 +131,19 @@ Scan with secrets detection using Gitleaks
 git-alerts detect --org your-org-name --gitleaks
 ```
 
+Scan with secrets detection using custom list of GitHub users
+
+```bash
+git-alerts detect --org your-org-name --users-file-path /path/to/csv/file --gitleaks
+```
+> Ensure to pass CSV file with the list of GitHub usernames
+
+```csv
+username01
+username02
+username03
+```
+
 ## Documentation
 
 [docs](https://github.com/boringtools/git-alerts/tree/main/docs)

cmd/root.go

@@ -24,4 +24,5 @@ func init() {
 	rootCmd.PersistentFlags().StringVarP(&common.GitHubOrg, "org", "o", "", "GitHub organization name")
 	rootCmd.MarkPersistentFlagRequired("org")
 	rootCmd.PersistentFlags().StringVarP(&common.ReportPath, "report-path", "r", "/tmp/", "Report file path")
+	rootCmd.PersistentFlags().StringVarP(&common.UsersFilePath, "users-file-path", "u", "", "Users file path (CSV)")
 }

pkg/common/config.go

@@ -4,9 +4,10 @@ import (
 	"github.com/boringtools/git-alerts/pkg/models"
 )
 
-func GetGitHubAPIEndPoints() *models.GitHubAPIEndPoints {
+func GetGitHubAPIEndPoints(username string) *models.GitHubAPIEndPoints {
 	return &models.GitHubAPIEndPoints{
 		GetUsers: GitHubAPIBaseURL + "/orgs/" + GitHubOrg + "/members",
+		GetUsersRepo: GitHubAPIBaseURL + "/users/" + username + "/repos",
 	}
 }
 

pkg/common/read_data.go

@@ -1,6 +1,7 @@
 package common
 
 import (
+	"encoding/csv"
 	"io"
 	"os"
 )
@@ -22,3 +23,28 @@ func GetJSONFileContent(filePath string) ([]byte, error) {
 
 	return byteData, nil
 }
+
+func GetCSVFileContent(filePath string) ([]string, error) {
+	openFile, errOpenFile := os.Open(filePath)
+
+	if errOpenFile != nil {
+		return nil, errOpenFile
+	}
+
+	defer openFile.Close()
+
+	reader := csv.NewReader(openFile)
+	records, errRecords := reader.ReadAll()
+
+	if errRecords != nil {
+		return nil, errRecords
+	}
+
+	var lines []string
+
+	for _, record := range records {
+		lines = append(lines, record[0])
+	}
+
+	return lines, nil
+}

pkg/common/variables.go

@@ -8,6 +8,7 @@ var (
 	TrufflehogScan         bool
 	TrufflehogVerifiedScan bool
 	GitleaksScan           bool
+	UsersFilePath          string
 )
 
 var (

pkg/github/get_org_users.go

@@ -17,7 +17,7 @@ var (
 func GetGitHubUsers() ([]byte, error) {
 	ui.PrintMsg("Fetching %s users...", common.GitHubOrg)
 
-	url := common.GetGitHubAPIEndPoints().GetUsers
+	url := common.GetGitHubAPIEndPoints("").GetUsers
 	parameters := map[string]string{
 		"per_page": "100",
 	}

pkg/github/get_users_repos.go

@@ -8,30 +8,44 @@ import (
 	"github.com/boringtools/git-alerts/pkg/models"
 )
 
-type RepoURL struct {
-	URL string `json:"repos_url"`
-}
-
 var (
-	rURL     []RepoURL
+	users    []models.GitHubUser
 	repos    []models.GitHubRepository
 	allRepos []models.GitHubRepository
 )
 
 func GetGitHubUsersRepos() ([]byte, error) {
-	ui.PrintMsg("Fetching " + common.GitHubOrg + " users public repositories...")
-
-	users, _ := common.GetJSONFileContent(common.GetReportFilePaths().GitHubOrgUsers)
-	json.Unmarshal(users, &rURL)
+	ui.PrintMsg("Fetching %s users public repositories...", common.GitHubOrg)
 
 	parameters := map[string]string{
 		"per_page": "100",
 	}
-	for _, value := range rURL {
-		usersRepo, _, _ := GetGitHubResponse(value.URL, common.AuthenticatedScan, parameters)
 
-		json.Unmarshal(usersRepo, &repos)
-		allRepos = append(allRepos, repos...)
+	if common.UsersFilePath == "" {
+		data, _ := common.GetJSONFileContent(common.GetReportFilePaths().GitHubOrgUsers)
+		json.Unmarshal(data, &users)
+
+		for _, value := range users {
+			usersRepo, _, _ := GetGitHubResponse(value.ReposUrl, common.AuthenticatedScan, parameters)
+
+			json.Unmarshal(usersRepo, &repos)
+			allRepos = append(allRepos, repos...)
+		}
+
+	} else {
+
+		users, errUsers := common.GetCSVFileContent(common.UsersFilePath)
+
+		if errUsers != nil {
+			return nil, errUsers
+		}
+
+		for _, username := range users {
+			repos_url := common.GetGitHubAPIEndPoints(username).GetUsersRepo
+			usersRepo, _, _ := GetGitHubResponse(repos_url, common.AuthenticatedScan, parameters)
+			json.Unmarshal(usersRepo, &repos)
+			allRepos = append(allRepos, repos...)
+		}
 	}
 
 	jsonData, err := json.Marshal(allRepos)

pkg/models/models.go

@@ -36,7 +36,8 @@ type Limits struct {
 }
 
 type GitHubAPIEndPoints struct {
-	GetUsers string
+	GetUsers     string
+	GetUsersRepo string
 }
 
 type ReportFileNames struct {