Grant Security Alert Permission on GitHub Org Script

README.md

1. Set your Cookie header value in Line 3 of give-access.sh
2. Set the user IDs that will have access on Line 24. You can add multiple teams.
3. Edit the repos.txt file with one repository per line
4. Make sure jq curl and pup are installed. (pup is available at https://github.com/EricChiang/pup)
5. Run the script (./give-access.sh). A response code of 302 indicates the change was made successfully for that repo. Anything else is failure.

The only 3 cookies that you need to set are: __Host-user_session_same_site, user_session, _gh_sess

The values for user_session and _gh_sess are the same.

give-access.sh

#!/bin/bash

COOKIE=""

function give_access() {
  # Get Authenticity Token
  curl --silent --request GET \
    --url "https://github.com/$1/settings/security_analysis" \
    -H "cookie: $COOKIE" \ > /tmp/repo-settings.html

  CSRF_TOKEN=$(cat /tmp/repo-settings.html | pup '.js-protected-branch-settings input[name=authenticity_token] attr{value}')

  # echo "Got authenticity_token as $CSRF_TOKEN"
  token=$(printf %s "$CSRF_TOKEN"|jq -sRr @uri)
  # echo $token
  sleep 0.5

  CURL_STATUS=$(curl "https://github.com/$1/settings/alerts" \
    -H 'authority: github.com' \
    -H 'origin: https://github.com' \
    -H 'content-type: application/x-www-form-urlencoded' \
    -H "referer: https://github.com/$1/settings/security_analysis" \
    -H "cookie: $COOKIE" \
    --data-raw "_method=put&authenticity_token=$token&vulnerability_team_ids%5B%5D=1234&vulnerability_team_ids%5B%5D=5678" --silent \
    -o /dev/null --write-out '%{http_code}\n' \
    --compressed)

  echo "$CURL_STATUS $1"
}

while IFS= read -r LINE; do
  give_access $LINE
done < repos.txt

repos.txt

org/repo1
org/repo2
org/repo3