(self)
| 89 | self.assertIsNone(alert.dismissal_approved_by) |
| 90 | |
| 91 | def testMultipleAlerts(self): |
| 92 | multiple_alerts = self.repo.get_codescan_alerts() |
| 93 | self.assertIsInstance(multiple_alerts, github.PaginatedList.PaginatedList) |
| 94 | self.assertIsInstance(multiple_alerts[0], github.CodeScanAlert.CodeScanAlert) |
| 95 | alert_list = [alert for alert in multiple_alerts] |
| 96 | self.assertEqual(len(alert_list), 14) # Update this when more alerts are added to the PyGithub repo |
| 97 | |
| 98 | test_alert = alert_list[ |
| 99 | -1 |
| 100 | ] # Alerts are returned in descending order, so the first alert is the most recent and the last alert is the oldest |
| 101 | # Everything below is the same as testAttributes. This is just to make sure the list works. |
| 102 | self.assertEqual(test_alert.number, 1) |
| 103 | self.assertEqual(test_alert.created_at, datetime(2025, 8, 22, 23, 38, 23, tzinfo=timezone.utc)) |
| 104 | self.assertEqual(test_alert.updated_at, datetime(2025, 8, 25, 16, 3, 10, tzinfo=timezone.utc)) |
| 105 | self.assertEqual(test_alert.url, "https://api.github.com/repos/matt-davis27/PyGithub/code-scanning/alerts/1") |
| 106 | self.assertEqual(test_alert.html_url, "https://github.com/matt-davis27/PyGithub/security/code-scanning/1") |
| 107 | self.assertEqual(test_alert.state, "fixed") |
| 108 | self.assertEqual(test_alert.fixed_at, datetime(2025, 8, 25, 16, 3, 9, tzinfo=timezone.utc)) |
| 109 | self.assertIsNone(test_alert.dismissed_by) |
| 110 | self.assertIsNone(test_alert.dismissed_at) |
| 111 | self.assertIsNone(test_alert.dismissed_reason) |
| 112 | self.assertIsNone(test_alert.dismissed_comment) |
| 113 | self.assertEqual(test_alert.rule.id, "actions/missing-workflow-permissions") |
| 114 | self.assertEqual(test_alert.rule.severity, "warning") |
| 115 | self.assertEqual(test_alert.rule.description, "Workflow does not contain permissions") |
| 116 | self.assertEqual(test_alert.rule.name, "actions/missing-workflow-permissions") |
| 117 | self.assertEqual(test_alert.rule.tags[0], "actions") |
| 118 | self.assertEqual(test_alert.rule.tags[1], "external/cwe/cwe-275") |
| 119 | self.assertEqual(test_alert.rule.tags[2], "maintainability") |
| 120 | self.assertEqual(test_alert.rule.tags[3], "security") |
| 121 | self.assertEqual( |
| 122 | test_alert.rule.full_description, |
| 123 | "Workflows should contain explicit permissions to restrict the scope of the default GITHUB_TOKEN.", |
| 124 | ) |
| 125 | self.assertTrue(test_alert.rule.help.startswith("## Overview")) |
| 126 | self.assertEqual(test_alert.rule.security_severity_level, "medium") |
| 127 | self.assertEqual(test_alert.tool.name, "CodeQL") |
| 128 | self.assertIsNone(test_alert.tool.guid) |
| 129 | self.assertEqual(test_alert.tool.version, "2.22.4") |
| 130 | self.assertEqual(test_alert.most_recent_instance.ref, "refs/heads/main") |
| 131 | self.assertEqual(test_alert.most_recent_instance.analysis_key, ".github/workflows/codeql.yml:analyze") |
| 132 | self.assertEqual(test_alert.most_recent_instance.environment, '{"build-mode":"none","language":"actions"}') |
| 133 | self.assertEqual(test_alert.most_recent_instance.category, "/language:actions") |
| 134 | self.assertEqual(test_alert.most_recent_instance.state, "fixed") |
| 135 | self.assertEqual(test_alert.most_recent_instance.commit_sha, "908396804d41cdb1d0c0538b97f25a81383ee61b") |
| 136 | self.assertEqual( |
| 137 | test_alert.most_recent_instance.message["text"], |
| 138 | "Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}", |
| 139 | ) |
| 140 | self.assertEqual(test_alert.most_recent_instance.location.path, ".github/workflows/lint.yml") |
| 141 | self.assertEqual(test_alert.most_recent_instance.location.start_line, 12) |
| 142 | self.assertEqual(test_alert.most_recent_instance.location.end_line, 29) |
| 143 | self.assertEqual(test_alert.most_recent_instance.location.start_column, 5) |
| 144 | self.assertEqual(test_alert.most_recent_instance.location.end_column, 3) |
| 145 | self.assertEqual(len(test_alert.most_recent_instance.classifications), 0) |
| 146 | self.assertEqual( |
| 147 | test_alert.instances_url, |
| 148 | "https://api.github.com/repos/matt-davis27/PyGithub/code-scanning/alerts/1/instances", |
nothing calls this directly
no test coverage detected