search

synacktiv / octoscan

Octoscan is a static vulnerability scanner for GitHub action workflows.
GNU General Public License v3.0
175 stars 11 forks source link

[Download] Add --include-archives option #1

Closed bboilot-ledger closed 5 months ago

bboilot-ledger commented 5 months ago

This PR adds an --include-archives option that changes the download behavior. Now, archived repositories won't be downloaded by default if this new option isn't specified. IMO, it makes more sense to exclude archived repositories by default since they're read only and thus can't be exploited. But if you feel that we should do the contrary, I can replace this option by --exclude-archives so archived remain downloaded by default, if the option is not specified.

This PR also fixes the issue related to default value not being processed by docopt. It seems that docopt does not like indentation using spaces and tabs. From the tests I did, the default value is parsed if the field is followed by 2 spaces.

hugo-syn commented 5 months ago

Hi, thanks for the PR, I think that it's a good idea I already had the case of Archived repository but didn't took time to manage this.

Also many thanks for the docopt bug, I had so many problems with the indentation !