ENH: Added personal access token support to GitHub Collector

As github basic authentication has been marked as deprecated by GitHub, we now implemented the Personal Access Token authentication method. Fixes #1549 Signed-off-by: Sebastian Waldbauer <[email protected]>
certtools · Feb 1, 2022 · ecad38a · ecad38a
1 parent 1dc5364
commit ecad38a
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -39,6 +39,7 @@ CHANGELOG
 
 #### Collectors
 - `intelmq.bots.collectors.mail._lib`: Add support for unverified SSL/STARTTLS connections (PR#2055 by Sebastian Wagner).
+- `intelmq.bots.collectors.github_api._collector_github_api`: Added personal access token support (PR#2145 by Sebastian Waldbauer).
 
 #### Parsers
 - `intelmq.bots.parsers.alienvault.parser_otx`: Save CVE data in `extra.cve` instead of `extra.CVE` due to the field name restriction on lower-case characters  (PR#2059 by Sebastian Wagner).

diff --git a/docs/user/bots.rst b/docs/user/bots.rst
@@ -378,8 +378,9 @@ Github API
 **Configuration Parameters**
 
 * **Feed parameters** (see above)
-* `basic_auth_username:` GitHub account username (optional)
-* `basic_auth_password:` GitHub account password (optional)
+* `basic_auth_username:` GitHub account username (optional) (deprecated)
+* `basic_auth_password:` GitHub account password (optional) (deprecated)
+* `personal_access_token:` GitHub account personal access token (optional)
 * `repository:` GitHub target repository (`<USER>/<REPOSITORY>`)
 * `regex:` Valid regular expression of target files within the repository (defaults to `.*.json`)
 * `extra_fields:` Comma-separated list of extra fields from `GitHub contents API <https://developer.github.com/v3/repos/contents/>`_.

diff --git a/intelmq/bots/collectors/github_api/_collector_github_api.py b/intelmq/bots/collectors/github_api/_collector_github_api.py
@@ -23,8 +23,9 @@
 
 
 class GithubAPICollectorBot(CollectorBot):
-    basic_auth_username = None
-    basic_auth_password = None
+    basic_auth_username: str = None #deprecated (https://developer.github.com/changes/2020-02-14-deprecating-password-auth/)
+    basic_auth_password: str = None #deprecated (https://developer.github.com/changes/2020-02-14-deprecating-password-auth/)
+    personal_access_token: str = None
 
     def init(self):
         if requests is None:
@@ -33,6 +34,9 @@ def init(self):
         self.__user_headers = static_params['headers']
         if self.basic_auth_username is not None and self.basic_auth_password is not None:
             self.__user_headers.update(self.__produce_auth_header(self.basic_auth_username, self.basic_auth_password))
+            self.logger.info('Basic Username/Password authentication has been deprecated by GitHub, please use an personal access token instead.')
+        elif self.personal_access_token is not None:
+            self.__user_headers.update({'Authorization': self.personal_access_token})
         else:
             self.logger.warning('Using unauthenticated API access, means the request limit is at 60 per hour.')