From 9e17a8866822dc660130946703df73eb6b1a3e97 Mon Sep 17 00:00:00 2001
From: Oran Moshai <12291998+oranmoshai@users.noreply.github.com>
Date: Wed, 1 Jun 2022 12:14:51 +0300
Subject: [PATCH] fix(github): git event path (#114)

* fix(github): git event path

* Update text

Co-authored-by: oranmoshai <oran.moshai@aquasec.com>
---
 pkg/buildClient/comments.go | 26 +++++++++++++-------------
 pkg/buildClient/upload.go   |  2 +-
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/pkg/buildClient/comments.go b/pkg/buildClient/comments.go
index 9ccfbcb7..8c80504b 100644
--- a/pkg/buildClient/comments.go
+++ b/pkg/buildClient/comments.go
@@ -68,25 +68,25 @@ func prComments(buildSystem string, result []*buildsecurity.Result) error {
 }
 
 func returnSecretMsg(r *buildsecurity.Result) string {
-	return fmt.Sprintf("### :warning:  Aqua found issue"+
-		"\n<b>CATEGORY:</b> %s "+
-		"\n<b>DESCRIPTION:</b> %s "+
-		"\n<b>SEVERITY:</b> %s "+
-		"\n<b>MATCH:</b> %s",
+	return fmt.Sprintf("### :warning: Aqua detected sensitive data in your code"+
+		"\n<b>Category:</b> %s "+
+		"\n<b>Description:</b> %s "+
+		"\n<b>Severity:</b> %s "+
+		"\n<b>Match:</b> %s",
 		r.Resource,
 		r.Title,
-		r.Severity.String(),
+		strings.ReplaceAll(r.Severity.String(), "SEVERITY_", ""),
 		r.Message)
 }
 func returnMisconfMsg(r *buildsecurity.Result) string {
-	return fmt.Sprintf("### :warning:  Aqua found issue "+
-		"\n<b>MISCONF ID:</b> %s "+
-		"\n<b>CHECK:</b> %s "+
-		"\n<b>SEVERITY:</b> %s "+
-		"\n<b>MESSAGE:</b> %s",
+	return fmt.Sprintf("### :warning: Aqua detected misconfiguration in your code"+
+		"\n<b>Misconfiguration ID:</b> %s "+
+		"\n<b>Check Name:</b> %s "+
+		"\n<b>Severity:</b> %s "+
+		"\n<b>Message:</b> %s",
 		r.AVDID,
 		r.Title,
-		r.Severity.String(),
+		strings.ReplaceAll(r.Severity.String(), "SEVERITY_", ""),
 		r.Message)
 }
 
@@ -104,7 +104,7 @@ func getGitHubRepositoryDetails() (owner, repo string, err error) {
 
 // extractGitHubActionPrNumber take the pull request number from the GitHub action run
 func extractGitHubActionPrNumber() (int, error) {
-	githubEventFile := "/github/workflow/event.json"
+	githubEventFile := os.Getenv("GITHUB_EVENT_PATH")
 	file, err := ioutil.ReadFile(githubEventFile)
 	if err != nil {
 		return 0, fmt.Errorf("failed gitHub event payload not found in %s", githubEventFile)
diff --git a/pkg/buildClient/upload.go b/pkg/buildClient/upload.go
index 50e10303..60b4cca2 100644
--- a/pkg/buildClient/upload.go
+++ b/pkg/buildClient/upload.go
@@ -51,7 +51,7 @@ func (bc *TwirpClient) Upload(results []*buildsecurity.Result, tags map[string]s
 	}
 
 	// Send pull request comments
-	if triggeredBy == "pr" && len(results) > 0 {
+	if triggeredBy == "PR" && len(results) > 0 {
 		err = prComments(buildSystem, results)
 		if err != nil {
 			log.Logger.Info("failed send PR comment logging and continue the scan err: ", err)