Class: Rules::MissingPermissions

Inherits:
Base
  • Object
show all
Defined in:
lib/rules/missing_permissions.rb

Instance Method Summary collapse

Instance Method Details

#check(workflow) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
 
# File 'lib/rules/missing_permissions.rb', line 7

def check(workflow)
    return [] if workflow.permissions(scope: :workflow)

    line = workflow.line_of(/^jobs:/) || 1
    [finding(workflow,
        line: line,
        message: "No top-level permissions block — jobs inherit broad default token permissions",
        fix: "Add permissions: contents: read at the workflow level"
    )]
end

#descriptionObject 



4
 
# File 'lib/rules/missing_permissions.rb', line 4

def description = "No top-level permissions block"

#nameObject 



3
 
# File 'lib/rules/missing_permissions.rb', line 3

def name = "missing-permissions"

#severityObject 



5
 
# File 'lib/rules/missing_permissions.rb', line 5

def severity = :medium