Security new this week (#134)

* grab createdAt of the issue * remove extra space from hyperlink * update to filter new this week if this week command is checked * Update security_reporter.rb * block condition for filtering security reports by newest
zooniverse · Jun 2, 2022 · ab7dba7 · ab7dba7
1 parent 20a05f9
commit ab7dba7
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 3 deletions.
diff --git a/handlers/security_reporter.rb b/handlers/security_reporter.rb
@@ -11,6 +11,7 @@ class SecurityReporter < Handler
                                                                  help: { 'status dependabot' => 'displays dependabot security alerts' })
 
       def get_dependabot_issues(response)
+        filter = filter_without_whitespace(response.matches[0][1])
         get_issues = true
         last_repo_listed = nil
         repo_to_alert_count = {}
@@ -39,8 +40,15 @@ def get_dependabot_issues(response)
 
             next if @repos_to_skip.include? repo_name.downcase
 
-            categorize_alerts_by_severity node_alerts, repo_to_alert_count, repo_name,
-                                             repo_to_high_alert_count, repo_to_critical_alert_count, repo_to_reported_packages
+            if filter.downcase.include? 'this week'
+              categorize_alerts_by_severity_filter_for_this_week(
+                node_alerts, repo_to_alert_count, repo_name,
+                repo_to_high_alert_count, repo_to_critical_alert_count, repo_to_reported_packages)
+            else
+              categorize_alerts_by_severity(node_alerts, repo_to_alert_count, repo_name,
+                                            repo_to_high_alert_count, repo_to_critical_alert_count,
+                                            repo_to_reported_packages)
+            end
           end
           repo_count = edges.length
           last_repo_listed = edges[repo_count - 1]['cursor']
@@ -54,10 +62,30 @@ def get_dependabot_issues(response)
 
       private
 
+      def filter_without_whitespace(filter)
+        filter.strip
+      end
+
       def total_alert_count(repo_to_alert_count)
         repo_to_alert_count.reduce(0) { |sum, (_, count)| sum + count }
       end
 
+      def categorize_alerts_by_severity_filter_for_this_week(node_alerts, repo_to_alert_count, repo_name, repo_to_high_alert_count, repo_to_critical_alert_count, repo_to_reported_packages)
+        node_alerts.each do |alert|
+          next if Date.parse(alert['createdAt']) <= (Date.today - 7)
+
+          vulnerability = alert['securityVulnerability']
+          add_alert_count(repo_to_alert_count, repo_name)
+
+          severity = vulnerability['severity'].downcase
+          add_alert_count(repo_to_high_alert_count, repo_name) if severity == 'high'
+          add_alert_count(repo_to_critical_alert_count, repo_name) if severity == 'critical'
+
+          package_name = vulnerability['package']['name'].downcase
+          add_unique_reported_packages(repo_to_reported_packages, repo_name, package_name)
+        end
+      end
+
       def categorize_alerts_by_severity(node_alerts, repo_to_alert_count, repo_name, repo_to_high_alert_count, repo_to_critical_alert_count, repo_to_reported_packages)
         node_alerts.each do |alert|
           vulnerability = alert['securityVulnerability']
@@ -85,7 +113,7 @@ def add_alert_count(repo_to_alert_count, repo_name)
 
       def format_alerts(repo_to_alert_count, repo_to_high_alert_count, repo_to_critical_alert_count, repo_to_reported_packages)
         repo_to_alert_count.map do |repo, count|
-          "<https://github.com/zooniverse/#{repo}/security/dependabot | #{repo}> -- #{count} (#{repo_to_high_alert_count[repo]} HIGH; #{repo_to_critical_alert_count[repo]} CRITICAL) #{repo_to_reported_packages[repo].length} flagged packages"
+          "<https://github.com/zooniverse/#{repo}/security/dependabot|#{repo}> -- #{count} (#{repo_to_high_alert_count[repo]} HIGH; #{repo_to_critical_alert_count[repo]} CRITICAL) #{repo_to_reported_packages[repo].length} flagged packages"
         end.join("\n")
       end
 

diff --git a/lib/zooniverse_github.rb b/lib/zooniverse_github.rb
@@ -146,6 +146,7 @@ def query_without_after
                     }
                     dismissedAt
                     fixedAt
+                    createdAt
                   }
                 }
               }
@@ -178,6 +179,7 @@ def query_with_after(after)
                     }
                     dismissedAt
                     fixedAt
+                    createdAt
                   }
                 }
               }
-Original file line number
+Diff line change
@@ Expand Up / @@ -146,6 +146,7 @@ def query_without_after @@
                         }
                         dismissedAt
                         fixedAt
+                        createdAt
                       }
                     }
                   }
@@ Expand Down Expand Up / @@ -178,6 +179,7 @@ def query_with_after(after) @@
                         }
                         dismissedAt
                         fixedAt
+                        createdAt
                       }
                     }
                   }
@@ Expand Down @@