-
Notifications
You must be signed in to change notification settings - Fork 107
/
security.js
113 lines (103 loc) · 3.32 KB
/
security.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import CLI from '../../lib/cli.js';
import SecurityReleaseSteward from '../../lib/prepare_security.js';
import UpdateSecurityRelease from '../../lib/update_security_release.js';
import SecurityBlog from '../../lib/security_blog.js';
export const command = 'security [options]';
export const describe = 'Manage an in-progress security release or start a new one.';
const securityOptions = {
start: {
describe: 'Start security release process',
type: 'boolean'
},
'update-date': {
describe: 'Updates the target date of the security release',
type: 'string'
},
'add-report': {
describe: 'Extracts data from HackerOne report and adds it into vulnerabilities.json',
type: 'string'
},
'remove-report': {
describe: 'Removes a report from vulnerabilities.json',
type: 'string'
},
'pre-release': {
describe: 'Create the pre-release announcement',
type: 'boolean'
}
};
let yargsInstance;
export function builder(yargs) {
yargsInstance = yargs;
return yargs.options(securityOptions)
.example(
'git node security --start',
'Prepare a security release of Node.js')
.example(
'git node security --update-date=YYYY/MM/DD',
'Updates the target date of the security release'
)
.example(
'git node security --add-report=H1-ID',
'Fetches HackerOne report based on ID provided and adds it into vulnerabilities.json'
)
.example(
'git node security --remove-report=H1-ID',
'Removes the Hackerone report based on ID provided from vulnerabilities.json'
)
.example(
'git node security --pre-release' +
'Create the pre-release announcement on the Nodejs.org repo'
);
}
export function handler(argv) {
if (argv.start) {
return startSecurityRelease(argv);
}
if (argv['update-date']) {
return updateReleaseDate(argv);
}
if (argv['pre-release']) {
return createPreRelease(argv);
}
if (argv['add-report']) {
return addReport(argv);
}
if (argv['remove-report']) {
return removeReport(argv);
}
yargsInstance.showHelp();
}
async function removeReport(argv) {
const reportId = argv['remove-report'];
const logStream = process.stdout.isTTY ? process.stdout : process.stderr;
const cli = new CLI(logStream);
const update = new UpdateSecurityRelease(cli);
return update.removeReport(reportId);
}
async function addReport(argv) {
const reportId = argv['add-report'];
const logStream = process.stdout.isTTY ? process.stdout : process.stderr;
const cli = new CLI(logStream);
const update = new UpdateSecurityRelease(cli);
return update.addReport(reportId);
}
async function updateReleaseDate(argv) {
const releaseDate = argv['update-date'];
const logStream = process.stdout.isTTY ? process.stdout : process.stderr;
const cli = new CLI(logStream);
const update = new UpdateSecurityRelease(cli);
return update.updateReleaseDate(releaseDate);
}
async function createPreRelease() {
const logStream = process.stdout.isTTY ? process.stdout : process.stderr;
const cli = new CLI(logStream);
const preRelease = new SecurityBlog(cli);
return preRelease.createPreRelease();
}
async function startSecurityRelease() {
const logStream = process.stdout.isTTY ? process.stdout : process.stderr;
const cli = new CLI(logStream);
const release = new SecurityReleaseSteward(cli);
return release.start();
}