-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathanalyze-github-pat
More file actions
executable file
·54 lines (45 loc) · 1.84 KB
/
analyze-github-pat
File metadata and controls
executable file
·54 lines (45 loc) · 1.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/usr/bin/env python3
import sys
import json
import requests
def analyze(token):
"""
Checks the validity of a GitHub Personal Access Token and retrieves its scopes.
"""
results = {"valid": False, "analysis": {}}
headers = {
"Accept": "application/vnd.github.v3+json",
"Authorization": f"Bearer {token}",
}
try:
# The /user endpoint is a simple way to check the token's validity
# The response headers will contain the token's scopes.
resp = requests.get("https://api.github.com/user", headers=headers)
results["analysis"]["status_code"] = resp.status_code
if resp.status_code == 200:
results["valid"] = True
results["analysis"]["user"] = resp.json()
# The X-OAuth-Scopes header lists the permissions of the token
if "X-OAuth-Scopes" in resp.headers:
results["analysis"]["scopes"] = resp.headers["X-OAuth-Scopes"].split(
", "
)
else:
results["analysis"]["scopes"] = ["(no scopes)"]
elif resp.status_code == 401:
# Unauthorized, meaning the token is invalid or expired
results["valid"] = False
results["analysis"]["message"] = "Invalid or expired token."
else:
# Handle other potential HTTP errors
results["analysis"]["error"] = f"Unexpected status code: {resp.status_code}"
results["analysis"]["raw"] = resp.text[:128]
except requests.exceptions.RequestException as e:
results["analysis"]["error"] = f"Request failed: {e}"
return results
if __name__ == "__main__":
if len(sys.argv) != 2:
print(f"USAGE\n\t{sys.argv[0]} <github-pat>", file=sys.stderr)
sys.exit(1)
result = analyze(sys.argv[1])
print(json.dumps(result, indent=2))