mirror of
https://github.com/github/awesome-copilot.git
synced 2026-02-20 02:15:12 +00:00
- Switch from colon to tab delimiter to handle colons in evidence text - Base64-encode evidence to prevent parsing issues - Use MAX_SEVERITY in log output and JSON events - Narrow regex patterns to reduce false positives: - third[_-]?party instead of third.?party - Role reassignment scoped to AI terms - System prompt injection requires 'you are' context - Fix session-end stats to scope to current session only - Update privacy statement to clarify evidence snippets are logged - Rename credential description to 'Possible hardcoded credential' - Fix database destruction regex to also match semicolons Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
49 lines
1.6 KiB
Bash
49 lines
1.6 KiB
Bash
#!/bin/bash
|
|
|
|
# Governance Audit: Log session end with summary statistics
|
|
|
|
set -euo pipefail
|
|
|
|
if [[ "${SKIP_GOVERNANCE_AUDIT:-}" == "true" ]]; then
|
|
exit 0
|
|
fi
|
|
|
|
INPUT=$(cat)
|
|
|
|
mkdir -p logs/copilot/governance
|
|
|
|
TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
|
|
LOG_FILE="logs/copilot/governance/audit.log"
|
|
|
|
# Count events from this session (filter by session start timestamp)
|
|
TOTAL=0
|
|
THREATS=0
|
|
SESSION_START=""
|
|
if [[ -f "$LOG_FILE" ]]; then
|
|
# Find the last session_start event to scope stats to current session
|
|
SESSION_START=$(grep '"session_start"' "$LOG_FILE" 2>/dev/null | tail -1 | jq -r '.timestamp' 2>/dev/null || echo "")
|
|
if [[ -n "$SESSION_START" ]]; then
|
|
# Count events after session start
|
|
TOTAL=$(awk -v start="$SESSION_START" -F'"timestamp":"' '{split($2,a,"\""); if(a[1]>=start) count++} END{print count+0}' "$LOG_FILE" 2>/dev/null || echo 0)
|
|
THREATS=$(awk -v start="$SESSION_START" -F'"timestamp":"' '{split($2,a,"\""); if(a[1]>=start && /threat_detected/) count++} END{print count+0}' "$LOG_FILE" 2>/dev/null || echo 0)
|
|
else
|
|
TOTAL=$(wc -l < "$LOG_FILE" 2>/dev/null || echo 0)
|
|
THREATS=$(grep -c '"threat_detected"' "$LOG_FILE" 2>/dev/null || echo 0)
|
|
fi
|
|
fi
|
|
|
|
jq -Rn \
|
|
--arg timestamp "$TIMESTAMP" \
|
|
--argjson total "$TOTAL" \
|
|
--argjson threats "$THREATS" \
|
|
'{"timestamp":$timestamp,"event":"session_end","total_events":$total,"threats_detected":$threats}' \
|
|
>> "$LOG_FILE"
|
|
|
|
if [[ "$THREATS" -gt 0 ]]; then
|
|
echo "⚠️ Session ended: $THREATS threat(s) detected in $TOTAL events"
|
|
else
|
|
echo "✅ Session ended: $TOTAL events, no threats"
|
|
fi
|
|
|
|
exit 0
|