-
Notifications
You must be signed in to change notification settings - Fork 42
Expand file tree
/
Copy pathgit.mts
More file actions
109 lines (96 loc) · 2.97 KB
/
git.mts
File metadata and controls
109 lines (96 loc) · 2.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
import { joinAnd } from '@socketsecurity/registry/lib/arrays'
import constants from '../../constants.mts'
import type { GhsaDetails } from '../../utils/github.mts'
const GITHUB_ADVISORIES_URL = 'https://github.com/advisories'
/**
* Extract unique package names with ecosystems from vulnerability details.
*/
function getUniquePackages(details: GhsaDetails): string[] {
return [
...new Set(
details.vulnerabilities.nodes.map(
v => `${v.package.name} (${v.package.ecosystem})`,
),
),
]
}
export type SocketFixBranchParser = (
branch: string,
) => SocketFixBranchParseResult | undefined
export type SocketFixBranchParseResult = {
ghsaId: string
}
export function createSocketFixBranchParser(
ghsaId?: string | undefined,
): SocketFixBranchParser {
const pattern = getSocketFixBranchPattern(ghsaId)
return function parse(
branch: string,
): SocketFixBranchParseResult | undefined {
const match = pattern.exec(branch) as [string, string] | null
if (!match) {
return undefined
}
const { 1: ghsaId } = match
return { ghsaId } as SocketFixBranchParseResult
}
}
export const genericSocketFixBranchParser = createSocketFixBranchParser()
export function getSocketFixBranchName(ghsaId: string): string {
return `socket/fix/${ghsaId}`
}
export function getSocketFixBranchPattern(ghsaId?: string | undefined): RegExp {
return new RegExp(`^socket/fix/(${ghsaId ?? '.+'})$`)
}
export function getSocketFixCommitMessage(
ghsaId: string,
details?: GhsaDetails | undefined,
): string {
const summary = details?.summary
return `fix: ${ghsaId}${summary ? ` - ${summary}` : ''}`
}
export function getSocketFixPullRequestBody(
ghsaIds: string[],
ghsaDetails?: Map<string, GhsaDetails> | undefined,
): string {
const vulnCount = ghsaIds.length
if (vulnCount === 1) {
const ghsaId = ghsaIds[0]!
const details = ghsaDetails?.get(ghsaId)
const body = `[Socket](${constants.SOCKET_WEBSITE_URL}) fix for [${ghsaId}](${GITHUB_ADVISORIES_URL}/${ghsaId}).`
if (!details) {
return body
}
const packages = getUniquePackages(details)
return [
body,
'',
'',
`**Vulnerability Summary:** ${details.summary}`,
'',
`**Severity:** ${details.severity}`,
'',
`**Affected Packages:** ${joinAnd(packages)}`,
].join('\n')
}
return [
`[Socket](${constants.SOCKET_WEBSITE_URL}) fixes for ${vulnCount} GHSAs.`,
'',
'**Fixed Vulnerabilities:**',
...ghsaIds.map(id => {
const details = ghsaDetails?.get(id)
const item = `- [${id}](${GITHUB_ADVISORIES_URL}/${id})`
if (details) {
const packages = getUniquePackages(details)
return `${item} - ${details.summary} (${joinAnd(packages)})`
}
return item
}),
].join('\n')
}
export function getSocketFixPullRequestTitle(ghsaIds: string[]): string {
const vulnCount = ghsaIds.length
return vulnCount === 1
? `Fix for ${ghsaIds[0]}`
: `Fixes for ${vulnCount} GHSAs`
}