refactor

DevExpress · Jan 11, 2024 · c82775f · c82775f
1 parent 023190d
commit c82775f
Showing 1 changed file with 65 additions and 60 deletions.
diff --git a/scripts/security-checker.mjs b/scripts/security-checker.mjs
@@ -14,6 +14,11 @@ const ALERT_TYPES = {
   codeq:      'codeql',
 }
 
+const UPDATE_TYPE = {
+  addAlertToIssue: 'addAlertToIssue',
+  closeTask:       'closeTask'
+}
+
 class SecurityChecker {
   constructor (github, context, issueRepo) {
       this.github    = github;
@@ -69,36 +74,40 @@ class SecurityChecker {
 
   createAlertDictionary (existedIssues) {
       return existedIssues.reduce((res, issue) => {
-          const [repo] = issue.body.match(/(?<=Repository:)[\s\S]*?(?=####|$)/g);
-          const [, url, type] = issue.body.match(/Link:\s*(https:.*\/(dependabot|code-scanning)\/(\d+))/);
-          const [, cveId] = issue.body.match(/CVE ID:\s*`(.*)`/);
-          const [, ghsaId] = issue.body.match(/GHSA ID:\s*`(.*)`/);
+          const [, url, type] = issue.body.match(/(https:.*\/(dependabot|code-scanning)\/(\d+))/);
 
           if (!url)
               return res;
 
-          res[issue.title] = { issue, type, cveId, ghsaId, repo};
+          if (type === ALERT_TYPES.dependabot) {
+              const [, cveId] = issue.body.match(/CVE ID:\s*`(.*)`/);
+              const [, ghsaId] = issue.body.match(/GHSA ID:\s*`(.*)`/);
+
+              res.set(issue.title, { issue, type, cveId, ghsaId });
+          } 
+          else 
+              res.set(issue.title, { issue, type })
+
 
           return res;
-      }, {});
+      }, new Map());
   }
 
   async closeSpoiledIssues () {
-      for (const key in this.alertDictionary) {
-          const alert = this.alertDictionary[key];
+      for (const alert of this.alertDictionary.values()) {
 
           if (alert.type === ALERT_TYPES.dependabot) {
-              const matchAlertInIssue = alert.issue.body.match(new RegExp(`\`${this.context.repo}\` - Link:\\s*(https:.*/(dependabot|code-scanning)/(\\d+))`));
+              const matchAlertInIssue = alert.issue.body.match(new RegExp(`\`${this.context.repo}\` - https:.*/dependabot/(\\d+)`));
 
               if (!matchAlertInIssue) 
                   continue;
 
-              const isAlertOpened = await this.isDependabotAlertOpened(matchAlertInIssue[3]);
+              const isAlertOpened = await this.isDependabotAlertOpened(matchAlertInIssue[1]);
 
               if (isAlertOpened)
                   continue;
 
-              await this.closeAlertOrIssue(alert.issue);
+              await this.updateIssue(alert, UPDATE_TYPE.closeTask);
           }
       }
   }
@@ -123,66 +132,60 @@ class SecurityChecker {
       }
   }
 
-  async closeAlertOrIssue (issue) {
-      issue.body = issue.body.replace(new RegExp(`\\[ \\](?= \`${this.context.repo}\`)`), '[x]');
-
-      const unresolvedAlertCheckbox = issue.body.match(/\[ \]/);
-
-      return this.github.rest.issues.update({
-          owner:        this.context.owner,
-          repo:         this.issueRepo,
-          issue_number: issue.number,
-          state:        !unresolvedAlertCheckbox ? STATES.closed : STATES.open,
-          body:         issue.body,
-      });
-  }
+  async updateIssue (alert, type) {
+    const updates = {};
 
-  needAddAlertToIssue (alert) {
-      const existIssue = this.alertDictionary[alert.security_advisory.summary];
-      return existIssue 
-          && existIssue.cveId === alert.security_advisory.cve_id
-          && existIssue.ghsaId === alert.security_advisory.ghsa_id
-          && existIssue.repo.search(`\`${this.context.repo}\``) === -1;
-  }
+      if (type === UPDATE_TYPE.addAlertToIssue) {
+        const { issue } = this.alertDictionary.get(alert.security_advisory.summary);
 
-  async addAlertToIssue (alert) {
-      const { issue } = this.alertDictionary[alert.security_advisory.summary];
+        updates.issue_number = issue.number;
+        updates.body         = issue.body.replace(/(?<=Repositories:)[\s\S]*?(?=####|$)/g, (match) => {
+            return match += `- [ ] \`${this.context.repo}\` - ${alert.html_url}\n`;
+        });
+      }
 
-      const body = issue.body.replace(/(?<=Repository:)[\s\S]*?(?=####|$)/g, (match) => {
-          return match += `- [ ] \`${this.context.repo}\` - Link: ${alert.html_url}\n`;
-      });
+      if (type === UPDATE_TYPE.closeTask) {
+        updates.body         = alert.issue.body.replace(new RegExp(`\\[ \\](?= \`${this.context.repo}\`)`), '[x]');
+        updates.state        = !updates.body.match(/\[ \]/) ? STATES.closed : STATES.open;
+        updates.issue_number = alert.issue.number;
+      }
 
       return this.github.rest.issues.update({
           owner:        this.context.owner,
           repo:         this.issueRepo,
-          issue_number: issue.number,
-          body,
+          ...updates,
       });
-
   }
 
+
   async createDependabotlIssues (dependabotAlerts) {
     for (const alert of dependabotAlerts) {
-          if (this.needAddAlertToIssue(alert)) {
-              await this.addAlertToIssue(alert);
-              continue;
-          }
+        if (this.needAddAlertToIssue(alert)) {
+            await this.updateIssue(alert, UPDATE_TYPE.addAlertToIssue);
+        }
+        else if (this.needCreateIssue(alert)) {
+            await this.createIssue({
+                labels:       [LABELS.dependabot, LABELS.security, alert.dependency.scope],
+                originRepo:   this.context.repo,
+                summary:      alert.security_advisory.summary,
+                description:  alert.security_advisory.description,
+                link:         alert.html_url,
+                issuePackage: alert.dependency.package.name,
+                cveId:        alert.security_advisory.cve_id,
+                ghsaId:       alert.security_advisory.ghsa_id,
+            });
+        }
+    }
+}
 
-          if (!this.needCreateIssue(alert))
-              continue;
+needAddAlertToIssue (alert) {
+    const existIssue = this.alertDictionary.get(alert.security_advisory.summary);
 
-          await this.createIssue({
-              labels:       [LABELS.dependabot, LABELS.security, alert.dependency.scope],
-              originRepo:   this.context.repo,
-              summary:      alert.security_advisory.summary,
-              description:  alert.security_advisory.description,
-              link:         alert.html_url,
-              issuePackage: alert.dependency.package.name,
-              cveId:        alert.security_advisory.cve_id,
-              ghsaId:       alert.security_advisory.ghsa_id,
-          });
-      }
-  }
+    return existIssue 
+        && existIssue.cveId === alert.security_advisory.cve_id
+        && existIssue.ghsaId === alert.security_advisory.ghsa_id
+        && !existIssue.issue.body.includes(`\`${this.context.repo}\``);
+}
 
   async createCodeqlIssues (codeqlAlerts) {
       for (const alert of codeqlAlerts) {
@@ -200,14 +203,16 @@ class SecurityChecker {
   }
 
   needCreateIssue (alert, isDependabotAlert = true) {
-      const alert = isDependabotAlert ? alert.security_advisory.summary : `[${this.context.repo}] ${alert.rule.description}`;
-      return !this.alertDictionary[alert] && Date.now() - new Date(alert.created_at) <= 1000 * 60 * 60 * 24;
+      const keyDictionary = isDependabotAlert ? alert.security_advisory.summary : `[${this.context.repo}] ${alert.rule.description}`;
+
+      return !this.alertDictionary.get(keyDictionary) && Date.now() - new Date(alert.created_at) <= 1000 * 60 * 60 * 24;
   }
 
   async createIssue ({ labels, originRepo, summary, description, link, issuePackage = '', cveId, ghsaId }, isDependabotAlert = true) {
       const title = isDependabotAlert ? `${summary}` : `[${originRepo}] ${summary}`;
       let body = ''
-                    + `#### Repository:\n- [ ] \`${originRepo}\` - Link: ${link}\n`
+                    + `#### Repositories:\n`
+                    + `- [ ] \`${originRepo}\` - ${link}\n`
                     + (issuePackage ? `#### Package: \`${issuePackage}\`\n` : '')
                     + `#### Description:\n`
                     + `${description}\n`;