more environment variable configuration + github access token usage

README.md

@@ -55,7 +55,7 @@ Configuration is done through `config.toml`. In this file, you set your `access_
 Setting Up the Access Token
 ---------------------------
 
-You may wish to avoid having the access token in a file. Instead, you can set this value to `env`, and put the access token in the `GITHUB_WATCHER_TOKEN` environment variable.
+You may wish to avoid having the access token in a file. Instead, you can set this value to `env` (or leave it blank), and put the access token in the `GITHUB_WATCHER_TOKEN` environment variable.
 
 Setting Up the Monitors
 -----------------------
@@ -91,6 +91,13 @@ To configure Slack/Teams notifications, create the following configuration optio
     webhook_url='your_webhook_url'
 ```
 
+You may supply the webhook URL via the environment variable `SLACK_WEBHOOK_URL`, and setting the requisite value in `config.toml` to `env` or leaving it blank.
+
+Setting Up the Webhook
+----------------------
+
+You may choose to pass the Github webhook secret and host via the environment variables `GITHUB_WEBHOOK_SECRET` and `GITHUB_WEBHOOK_HOST`, and setting the corresponding values in `config.toml` to `env` or leaving them blank.
+
 Usage
 =====
 

config.py

@@ -21,11 +21,15 @@ def load_file(self, filepath):
         self._config = toml.load(filepath)
 
         self.access_token = self._config['auth']['access_token']
-        if self.access_token == 'env':
+        if self.access_token == 'env' or environ.get('GITHUB_WATCHER_TOKEN') != '':
             self.access_token = environ.get('GITHUB_WATCHER_TOKEN')
 
         self.webhook = self._config['webhook']
-
+        if self.webhook['secret'] == 'env' or environ.get('GITHUB_WEBHOOK_SECRET') != '':
+            self.webhook['secret'] = environ.get('GITHUB_WEBHOOK_SECRET')
+        if self.webhook['host'] == 'env' or environ.get('GITHUB_WEBHOOK_HOST') != '':
+            self.webhook['host'] = environ.get('GITHUB_WEBHOOK_HOST')
+
         for detector in self._config['detectors']:
             if detector not in AvailableDetectors:
                 logging.error(

config.toml

@@ -5,7 +5,7 @@ detectors = [
 ]
 
 [auth]
-access_token='env'
+access_token=''
 
 [monitors]
     organizations = []

notifiers/slack.py

@@ -1,3 +1,5 @@
+from os import environ
+
 from notifiers.notifier import Notifier
 from notifiers import Registry
 import requests
@@ -11,6 +13,9 @@ def __init__(self, config):
 
         self._webhook_url = config['webhook_url']
 
+        if self._webhook_url == 'env' or environ.get('SLACK_WEBHOOK_URL') != '':
+            self._webhook_url = environ.get('SLACK_WEBHOOK_URL')
+
     def process(self, findings, detector_name):
         """Send a list of findings via Slack incoming webhook."""
         requests.post(self._webhook_url, json={"text": "{} found the following:".format(detector_name)})

processor.py

@@ -1,6 +1,9 @@
 import logging
 import tempfile
 import subprocess
+import re
+
+from config import Config
 
 class EventProcessor:
     def __init__(self):
@@ -32,7 +35,8 @@ def _clone_and_establish_baseline(self, event):
             logging.info(
                 'Cloning repository {} into {}'.
                 format(repo_full_name, repo_dir.name))
-            subprocess.run(["git", "clone", repo_url, repo_dir.name], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+            repo_url_with_token = repo_url.replace("https://", "https://git:" + re.sub('[^0-9a-zA-Z]+', '', Config.access_token) + "@")
+            subprocess.run(["git", "clone", repo_url_with_token, repo_dir.name], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
             self.repo_cache[repo_url] = repo_dir
             # we haven't cloned this repository yet, so we don't have a baseline
             logging.info(