From 8d69caa25b1a502f0ea7e81a8a5e914170ca645f Mon Sep 17 00:00:00 2001 From: Popov Aleksey Date: Thu, 7 Dec 2023 11:58:03 +0200 Subject: [PATCH 1/2] fix: fixed closing issues based on other repositories --- scripts/security-checker.mjs | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/scripts/security-checker.mjs b/scripts/security-checker.mjs index 9d9f50f..9810407 100644 --- a/scripts/security-checker.mjs +++ b/scripts/security-checker.mjs @@ -9,6 +9,11 @@ const LABELS = { security: 'security notification', }; +const ALERT_TYPES = { + dependabot: 'dependabot', + codeq: 'codeql', +} + class SecurityChecker { constructor (github, context, issueRepo) { this.github = github; @@ -27,8 +32,8 @@ class SecurityChecker { this.alertDictionary = this.createAlertDictionary(existedIssues); await this.closeSpoiledIssues(); - this.createDependabotlIssues(dependabotAlerts); - this.createCodeqlIssues(codeqlAlerts); + await this.createDependabotlIssues(dependabotAlerts); + await this.createCodeqlIssues(codeqlAlerts); } async getDependabotAlerts () { @@ -64,15 +69,13 @@ class SecurityChecker { createAlertDictionary (existedIssues) { return existedIssues.reduce((res, issue) => { - const [, url, number] = issue.body.match(/Link:\s*(https.*?(\d+)$)/); + const [, repo] = issue.body.match(/Repository:\s*`(.*)`/); + const [, url, type, number] = issue.body.match(/Link:\s*(https:.*\/(dependabot|code-scanning)\/(\d+))/); - if (!url) + if (!url || repo !== this.context.repo) return res; - res[url] = { - issue, number, - isDependabot: url.includes('dependabot'), - }; + res[url] = { issue, number, type }; return res; }, {}); @@ -82,7 +85,7 @@ class SecurityChecker { for (const key in this.alertDictionary) { const alert = this.alertDictionary[key]; - if (alert.isDependabot) { + if (alert.type === ALERT_TYPES.dependabot) { const isAlertOpened = await this.isDependabotAlertOpened(alert.number); if (isAlertOpened) @@ -154,7 +157,7 @@ class SecurityChecker { } needCreateIssue (alert) { - return !this.alertDictionary[alert.html_url] && Date.now() - new Date(alert.created_at) <= 1000 * 60 * 60 * 24;; + return !this.alertDictionary[alert.html_url] && Date.now() - new Date(alert.created_at) <= 1000 * 60 * 60 * 24; } async createIssue ({ labels, originRepo, summary, description, link, issuePackage = '' }) { From b5e6bae03e6a26dc109939f92bbdde946d26ec9e Mon Sep 17 00:00:00 2001 From: Popov Aleksey Date: Thu, 7 Dec 2023 12:00:59 +0200 Subject: [PATCH 2/2] fix: added awaiting --- scripts/security-checker.mjs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/security-checker.mjs b/scripts/security-checker.mjs index 9810407..ae345c6 100644 --- a/scripts/security-checker.mjs +++ b/scripts/security-checker.mjs @@ -126,11 +126,11 @@ class SecurityChecker { } async createDependabotlIssues (dependabotAlerts) { - dependabotAlerts.forEach(alert => { + for (const alert of dependabotAlerts) { if (!this.needCreateIssue(alert)) return; - this.createIssue({ + await this.createIssue({ labels: [LABELS.dependabot, LABELS.security, alert.dependency.scope], originRepo: this.context.repo, summary: alert.security_advisory.summary, @@ -138,22 +138,22 @@ class SecurityChecker { link: alert.html_url, issuePackage: alert.dependency.package.name, }); - }); + } } async createCodeqlIssues (codeqlAlerts) { - codeqlAlerts.forEach(alert => { + for (const alert of codeqlAlerts) { if (!this.needCreateIssue(alert)) return; - this.createIssue({ + await this.createIssue({ labels: [LABELS.codeql, LABELS.security], originRepo: this.context.repo, summary: alert.rule.description, description: alert.most_recent_instance.message.text, link: alert.html_url, }); - }); + } } needCreateIssue (alert) {