Filter by pr better (#630)

Author: jdalton

src/commands/fix/git.mts

@@ -1,3 +1,5 @@
+import semver from 'semver'
+
 import { PackageURL } from '@socketregistry/packageurl-js'
 import { debugFn } from '@socketsecurity/registry/lib/debug'
 import { normalizePath } from '@socketsecurity/registry/lib/path'
@@ -7,11 +9,12 @@ import { spawn } from '@socketsecurity/registry/lib/spawn'
 import constants from '../../constants.mts'
 import { getPurlObject } from '../../utils/purl.mts'
 import {
-  getPkgFullNameFromPurlObj,
+  getPkgFullNameFromPurl,
   getSocketDevPackageOverviewUrlFromPurl,
 } from '../../utils/socket-url.mts'
 
 import type { CResult } from '../../types.mts'
+import type { SocketArtifact } from '../../utils/alert/artifact.mts'
 import type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'
 
 export type GitCreateAndPushBranchOptions = {
@@ -21,10 +24,7 @@ export type GitCreateAndPushBranchOptions = {
 }
 
 function formatBranchName(name: string): string {
-  return name
-    .replace(/[-_.\\/]+/g, '-')
-    .replace(/[^-a-zA-Z0-9]+/g, '')
-    .replace(/^-+|-+$/g, '')
+  return name.replace(/[^-a-zA-Z0-9/._-]+/g, '+')
 }
 
 export function getBaseGitBranch(): string {
@@ -37,19 +37,54 @@ export function getBaseGitBranch(): string {
   )
 }
 
-export function getSocketBranchName(
-  purl: string | PackageURL,
-  newVersion: string,
-  workspace?: string | undefined,
+export function getSocketBranchPurlTypeComponent(
+  purl: string | PackageURL | SocketArtifact,
 ): string {
   const purlObj = getPurlObject(purl)
-  const fmtType = formatBranchName(purlObj.type)
-  const fmtWorkspace = workspace ? `${formatBranchName(workspace)}` : 'root'
+  return formatBranchName(purlObj.type)
+}
+
+export function getSocketBranchFullNameComponent(
+  pkgName: string | PackageURL | SocketArtifact,
+): string {
+  const purlObj = getPurlObject(
+    typeof pkgName === 'string' && !pkgName.startsWith('pkg:')
+      ? PackageURL.fromString(`pkg:unknown/${pkgName}`)
+      : pkgName,
+  )
   const fmtMaybeNamespace = purlObj.namespace
     ? `${formatBranchName(purlObj.namespace)}--`
     : ''
-  const fmtFullName = `${fmtMaybeNamespace}${formatBranchName(purlObj.name)}`
-  const fmtVersion = formatBranchName(purlObj.version!)
+  return `${fmtMaybeNamespace}${formatBranchName(purlObj.name)}`
+}
+
+export function getSocketBranchPackageVersionComponent(
+  version: string | PackageURL | SocketArtifact,
+): string {
+  const purlObj = getPurlObject(
+    typeof version === 'string' && !version.startsWith('pkg:')
+      ? PackageURL.fromString(`pkg:unknown/unknown@${version}`)
+      : version,
+  )
+  return formatBranchName(purlObj.version!)
+}
+
+export function getSocketBranchWorkspaceComponent(
+  workspace: string | undefined,
+): string {
+  return workspace ? formatBranchName(workspace) : 'root'
+}
+
+export function getSocketBranchName(
+  purl: string | PackageURL | SocketArtifact,
+  newVersion: string,
+  workspace?: string | undefined,
+): string {
+  const purlObj = getPurlObject(purl)
+  const fmtType = getSocketBranchPurlTypeComponent(purlObj)
+  const fmtWorkspace = getSocketBranchWorkspaceComponent(workspace)
+  const fmtFullName = getSocketBranchFullNameComponent(purlObj)
+  const fmtVersion = getSocketBranchPackageVersionComponent(purlObj.version!)
   const fmtNewVersion = formatBranchName(newVersion)
   return `socket/${fmtType}_${fmtWorkspace}_${fmtFullName}_${fmtVersion}_${fmtNewVersion}`
 }
@@ -94,18 +129,21 @@ export type SocketBranchParser = (
 ) => SocketBranchParseResult | null
 
 export type SocketBranchParseResult = {
+  fullName: string
   newVersion: string
-  purl: PackageURL
+  type: string
   workspace: string
+  version: string
 }
 
 export function createSocketBranchParser(
   options?: SocketBranchPatternOptions | undefined,
 ): SocketBranchParser {
   const pattern = getSocketBranchPattern(options)
   return function parse(branch: string): SocketBranchParseResult | null {
-    debugFn('pattern', pattern.toString())
-    const match = pattern.exec(branch)
+    const match = pattern.exec(branch) as
+      | [string, string, string, string, string, string]
+      | null
     if (!match) {
       return null
     }
@@ -117,41 +155,43 @@ export function createSocketBranchParser(
       5: newVersion,
     } = match
     return {
-      newVersion,
-      purl: getPurlObject(`pkg:${type}/${fullName}@${version}`),
+      fullName,
+      newVersion: semver.coerce(newVersion.replaceAll('+', '.'))?.version,
+      type,
       workspace,
+      version: semver.coerce(version.replaceAll('+', '.'))?.version,
     } as SocketBranchParseResult
   }
 }
 
 export function getSocketPullRequestTitle(
-  purl: string | PackageURL,
+  purl: string | PackageURL | SocketArtifact,
   newVersion: string,
   workspace?: string | undefined,
 ): string {
   const purlObj = getPurlObject(purl)
-  const fullName = getPkgFullNameFromPurlObj(purlObj)
+  const fullName = getPkgFullNameFromPurl(purlObj)
   return `Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`
 }
 
 export function getSocketPullRequestBody(
-  purl: string | PackageURL,
+  purl: string | PackageURL | SocketArtifact,
   newVersion: string,
   workspace?: string | undefined,
 ): string {
   const purlObj = getPurlObject(purl)
-  const fullName = getPkgFullNameFromPurlObj(purlObj)
+  const fullName = getPkgFullNameFromPurl(purlObj)
   const pkgOverviewUrl = getSocketDevPackageOverviewUrlFromPurl(purlObj)
   return `Bump [${fullName}](${pkgOverviewUrl}) from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}.`
 }
 
 export function getSocketCommitMessage(
-  purl: string | PackageURL,
+  purl: string | PackageURL | SocketArtifact,
   newVersion: string,
   workspace?: string | undefined,
 ): string {
   const purlObj = getPurlObject(purl)
-  const fullName = getPkgFullNameFromPurlObj(purlObj)
+  const fullName = getPkgFullNameFromPurl(purlObj)
   return `socket: Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`
 }
 

src/commands/fix/npm-fix.mts

@@ -15,8 +15,11 @@ import {
 import { naturalCompare } from '@socketsecurity/registry/lib/sorts'
 
 import {
+  createSocketBranchParser,
   getBaseGitBranch,
+  getSocketBranchFullNameComponent,
   getSocketBranchName,
+  getSocketBranchPurlTypeComponent,
   getSocketCommitMessage,
   gitCreateAndPushBranch,
   gitRemoteBranchExists,
@@ -49,21 +52,22 @@ import {
 import { getAlertsMapFromPurls } from '../../utils/alerts-map.mts'
 import { removeNodeModules } from '../../utils/fs.mts'
 import { globWorkspace } from '../../utils/glob.mts'
+import { getPurlObject } from '../../utils/purl.mts'
 import { applyRange } from '../../utils/semver.mts'
 import { getCveInfoFromAlertsMap } from '../../utils/socket-package-alert.mts'
 import { idToPurl } from '../../utils/spec.mts'
 
+import type { SocketBranchParseResult } from './git.mts'
 import type {
   ArboristInstance,
   NodeClass,
 } from '../../shadow/npm/arborist/types.mts'
 import type { CResult } from '../../types.mts'
+import type { PURL_Type } from '../../utils/alert/artifact.mts'
 import type { EnvDetails } from '../../utils/package-environment.mts'
 import type { RangeStyle } from '../../utils/semver.mts'
 import type { PackageJson } from '@socketsecurity/registry/lib/packages'
 
-const { NPM } = constants
-
 type InstallOptions = {
   cwd?: string | undefined
 }
@@ -171,16 +175,17 @@ export async function npmFix(
     }
   }
 
-  const infoByPkgName = getCveInfoFromAlertsMap(alertsMap, {
+  const infoByPartialPurl = getCveInfoFromAlertsMap(alertsMap, {
     limit: limit + openPrs.length,
   })
-  if (!infoByPkgName) {
+  if (!infoByPartialPurl) {
     spinner?.stop()
     logger.info('No fixable vulns found.')
     return { ok: true, data: { fixed: false } }
   }
 
   const baseBranch = isCi ? getBaseGitBranch() : ''
+  const branchParser = isCi ? createSocketBranchParser() : null
   const workspacePkgJsonPaths = await globWorkspace(
     pkgEnvDetails.agent,
     rootPath,
@@ -190,7 +195,7 @@ export async function npmFix(
     // Process the workspace root last since it will add an override to package.json.
     pkgEnvDetails.editablePkgJson.filename!,
   ]
-  const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) =>
+  const sortedInfoEntries = [...infoByPartialPurl.entries()].sort((a, b) =>
     naturalCompare(a[0], b[0]),
   )
 
@@ -215,16 +220,29 @@ export async function npmFix(
   ) {
     const isLastInfoEntry = i === length - 1
     const infoEntry = sortedInfoEntries[i]!
-    const { 0: name } = infoEntry
-    const openPrsForPkg = openPrs.filter(
-      pr => name === resolvePackageName(pr.purl),
-    )
-    const infos = [...infoEntry[1].values()].filter(
-      info =>
-        !openPrsForPkg.find(
-          pr => pr.newVersion === info.firstPatchedVersionIdentifier,
-        ),
-    )
+    const partialPurlObj = getPurlObject(infoEntry[0])
+    const name = resolvePackageName(partialPurlObj)
+    let infos = [...infoEntry[1].values()]
+    if (isCi) {
+      const branchFullName = getSocketBranchFullNameComponent(partialPurlObj)
+      const branchPurlType = getSocketBranchPurlTypeComponent(partialPurlObj)
+      const activeBranches: SocketBranchParseResult[] = []
+      for (const pr of openPrs) {
+        const parsedBranch = branchParser!(pr.headRefName)
+        if (
+          branchPurlType === parsedBranch?.type &&
+          branchFullName === parsedBranch?.fullName
+        ) {
+          activeBranches.push(parsedBranch)
+        }
+      }
+      infos = infos.filter(
+        info =>
+          !activeBranches.find(
+            b => b.newVersion === info.firstPatchedVersionIdentifier,
+          ),
+      )
+    }
 
     if (!infos.length) {
       continue infoEntriesLoop
@@ -234,7 +252,7 @@ export async function npmFix(
     logger.indent()
     spinner?.indent()
 
-    if (getManifestData(NPM, name)) {
+    if (getManifestData(partialPurlObj.type as PURL_Type, name)) {
       debugFn(`found: Socket Optimize variant for ${name}`)
     }
     // eslint-disable-next-line no-await-in-loop
@@ -295,7 +313,7 @@ export async function npmFix(
 
       oldVersionsLoop: for (const oldVersion of oldVersions) {
         const oldId = `${name}@${oldVersion}`
-        const oldPurl = idToPurl(oldId)
+        const oldPurl = idToPurl(oldId, partialPurlObj.type)
 
         const node = findPackageNode(actualTree, name, oldVersion)
         if (!node) {