github-docs-fork/middleware/contextualizers/secret-scanning.js at main · DenverCoderOne/github-docs-fork · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
import fs from 'fs'
import path from 'path'
import yaml from 'js-yaml'

import getApplicableVersions from '../../lib/get-applicable-versions.js'
import { liquid } from '#src/content-render/index.js'

const secretScanningPath = path.join('data/secret-scanning.yml')

export default async function secretScanning(req, res, next) {
  if (!req.pagePath.endsWith('code-security/secret-scanning/secret-scanning-patterns'))
    return next()

  const secretScanningData = yaml.load(fs.readFileSync(secretScanningPath, 'utf-8'))

  const { currentVersion } = req.context

  req.context.secretScanningData = secretScanningData.filter((entry) =>
    getApplicableVersions(entry.versions).includes(currentVersion),
  )

  // Some entries might use Liquid syntax, so we need
  // to execute that Liquid to get the actual value.
  req.context.secretScanningData.forEach(async (entry, i) => {
    for (const [key, value] of Object.entries(entry)) {
      if (typeof value === 'string' && value.includes('{%')) {
        const evaluated = yaml.load(await liquid.parseAndRender(value, req.context))
        entry[key] = evaluated
      }
    }
  })

  return next()
}