feat: add PR_URL to vuln.json and fetch from H1

nodejs · Jun 8, 2024 · f088ae5 · f088ae5
1 parent 8673073
commit f088ae5
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 14 deletions.
diff --git a/lib/prepare_security.js b/lib/prepare_security.js
@@ -248,8 +248,7 @@ export default class PrepareSecurityRelease {
         });
 
       try {
-        const prUrl = dep.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');
-        const res = await this.req.getPullRequest(prUrl);
+        const res = await this.req.getPullRequest(dep);
         const { html_url, title } = res;
         deps.push({
           name,

diff --git a/lib/request.js b/lib/request.js
@@ -77,7 +77,8 @@ export default class Request {
     return this.json(url, options);
   }
 
-  async getPullRequest(url) {
+  async getPullRequest(fullUrl) {
+    const prUrl = fullUrl.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');
     const options = {
       method: 'GET',
       headers: {
@@ -86,7 +87,7 @@ export default class Request {
         Accept: 'application/vnd.github+json'
       }
     };
-    return this.json(url, options);
+    return this.json(prUrl, options);
   }
 
   async createPullRequest(title, body, { owner, repo, head, base }) {

diff --git a/lib/security-release/security-release.js b/lib/security-release/security-release.js
@@ -142,7 +142,7 @@ export async function createIssue(title, content, repository, { cli, req }) {
 export async function pickReport(report, { cli, req }) {
   const {
     id, attributes: { title, cve_ids },
-    relationships: { severity, weakness, reporter }
+    relationships: { severity, weakness, reporter, custom_field_values }
   } = report;
   const link = `https://hackerone.com/reports/${id}`;
   const reportSeverity = {
@@ -165,16 +165,24 @@ export async function pickReport(report, { cli, req }) {
     defaultAnswer: await getSupportedVersions()
   });
 
-  let patchAuthors = await cli.prompt(
-    'Add github username of the authors of the patch (split by comma if multiple)', {
-      questionType: 'input',
-      defaultAnswer: ''
-    });
-
-  if (!patchAuthors) {
-    patchAuthors = [];
+  let prURL = '';
+  let patchAuthors = [];
+  if (custom_field_values.data.length) {
+    prURL = custom_field_values.data[0].attributes.value;
+    const { user } = await req.getPullRequest(prURL);
+    patchAuthors = [user.login];
   } else {
-    patchAuthors = patchAuthors.split(',').map((p) => p.trim());
+    patchAuthors = await cli.prompt(
+      'Add github username of the authors of the patch (split by comma if multiple)', {
+        questionType: 'input',
+        defaultAnswer: ''
+      });
+
+    if (!patchAuthors) {
+      patchAuthors = [];
+    } else {
+      patchAuthors = patchAuthors.split(',').map((p) => p.trim());
+    }
   }
 
   const summaryContent = await getSummary(id, req);
@@ -186,6 +194,7 @@ export async function pickReport(report, { cli, req }) {
     severity: reportSeverity,
     summary: summaryContent ?? '',
     patchAuthors,
+    prURL,
     affectedVersions: versions.split(',').map((v) => v.replace('v', '').trim()),
     link,
     reporter: reporter.data.attributes.username