Tweak alert types and add alert fix type

Author: jdalton

src/commands/diff-scan/fetch-diff-scan.ts

@@ -1,7 +1,7 @@
 import colors from 'yoctocolors-cjs'
 
 import constants from '../../constants'
-import { handleAPIError, handleApiCall, queryAPI } from '../../utils/api'
+import { handleApiCall, handleApiError, queryApi } from '../../utils/api'
 import { AuthError } from '../../utils/errors'
 import { getDefaultToken } from '../../utils/sdk'
 
@@ -47,15 +47,15 @@ export async function fetchDiffScanWithToken(
 
   spinner.start('Fetching diff-scan...')
 
-  const response = await queryAPI(
+  const response = await queryApi(
     `orgs/${orgSlug}/full-scans/diff?before=${encodeURIComponent(before)}&after=${encodeURIComponent(after)}`,
     apiToken
   )
 
   spinner?.successAndStop('Received diff-scan response')
 
   if (!response.ok) {
-    const err = await handleAPIError(response.status)
+    const err = await handleApiError(response.status)
     spinner.errorAndStop(
       `${colors.bgRed(colors.white(response.statusText))}: ${err}`
     )

src/commands/info/output-package-info.ts

@@ -5,7 +5,7 @@ import constants from '@socketsecurity/registry/lib/constants'
 import { logger } from '@socketsecurity/registry/lib/logger'
 import { hasKeys } from '@socketsecurity/registry/lib/objects'
 
-import { SEVERITY, formatSeverityCount } from '../../utils/alert/severity'
+import { ALERT_SEVERITY, formatSeverityCount } from '../../utils/alert/severity'
 import { ColorOrMarkdown } from '../../utils/color-or-markdown'
 import {
   getSocketDevAlertUrl,
@@ -32,8 +32,8 @@ function outputPackageIssuesDetails(
 ) {
   const issueDetails = packageData.filter(
     d =>
-      d.value?.severity === SEVERITY.critical ||
-      d.value?.severity === SEVERITY.high
+      d.value?.severity === ALERT_SEVERITY.critical ||
+      d.value?.severity === ALERT_SEVERITY.high
   )
   const uniqueIssueDetails = issueDetails.reduce((acc, issue) => {
     const { type } = issue

src/commands/scan/fetch-report-data.ts

@@ -3,7 +3,7 @@ import colors from 'yoctocolors-cjs'
 import { logger } from '@socketsecurity/registry/lib/logger'
 
 import constants from '../../constants'
-import { handleAPIError, handleApiCall, queryAPI } from '../../utils/api'
+import { handleApiCall, handleApiError, queryApi } from '../../utils/api'
 import { AuthError } from '../../utils/errors'
 import { getDefaultToken, setupSdk } from '../../utils/sdk'
 
@@ -102,7 +102,7 @@ export async function fetchReportData(
   ] = await Promise.all([
     (async () => {
       try {
-        const response = await queryAPI(
+        const response = await queryApi(
           `orgs/${orgSlug}/full-scans/${encodeURIComponent(fullScanId)}`,
           apiToken
         )
@@ -111,7 +111,7 @@ export async function fetchReportData(
         updateProgress()
 
         if (!response.ok) {
-          const err = await handleAPIError(response.status)
+          const err = await handleApiError(response.status)
           logger.fail(
             `${colors.bgRed(colors.white(response.statusText))}: Fetch error: ${err}`
           )

src/commands/scan/get-full-scan.ts

@@ -3,7 +3,7 @@ import colors from 'yoctocolors-cjs'
 import { logger } from '@socketsecurity/registry/lib/logger'
 
 import constants from '../../constants'
-import { handleAPIError, queryAPI } from '../../utils/api'
+import { handleApiError, queryApi } from '../../utils/api'
 import { AuthError } from '../../utils/errors'
 import { getDefaultToken } from '../../utils/sdk'
 
@@ -25,15 +25,15 @@ export async function getFullScan(
 
   spinner.start('Fetching full-scan...')
 
-  const response = await queryAPI(
+  const response = await queryApi(
     `orgs/${orgSlug}/full-scans/${encodeURIComponent(fullScanId)}`,
     apiToken
   )
 
   spinner.stop('Fetch complete.')
 
   if (!response.ok) {
-    const err = await handleAPIError(response.status)
+    const err = await handleApiError(response.status)
     logger.fail(
       `${colors.bgRed(colors.white(response.statusText))}: Fetch error: ${err}`
     )

src/commands/threat-feed/get-threat-feed.ts

@@ -10,7 +10,7 @@ import TableWidget from 'blessed-contrib/lib/widget/table'
 import { logger } from '@socketsecurity/registry/lib/logger'
 
 import constants from '../../constants'
-import { queryAPI } from '../../utils/api'
+import { queryApi } from '../../utils/api'
 import { AuthError } from '../../utils/errors'
 import { getDefaultToken } from '../../utils/sdk'
 
@@ -90,7 +90,7 @@ async function getThreatFeedWithToken({
 
   spinner.start('Fetching Threat Feed data...')
 
-  const response = await queryAPI(`threat-feed?${queryParams}`, apiToken)
+  const response = await queryApi(`threat-feed?${queryParams}`, apiToken)
   const data = (await response.json()) as {
     results: ThreatResult[]
     nextPage: string

src/constants.ts

@@ -57,8 +57,6 @@ type IPC = Readonly<{
 type Constants = Remap<
   Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {
     readonly 'Symbol(kInternalsSymbol)': Internals
-    readonly ALERT_FIX_TYPE_CVE: 'cve'
-    readonly ALERT_FIX_TYPE_UPGRADE: 'upgrade'
     readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'
     readonly ALERT_TYPE_CVE: 'cve'
     readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'
@@ -128,8 +126,6 @@ type Constants = Remap<
   }
 >
 
-const ALERT_FIX_TYPE_CVE = 'cve'
-const ALERT_FIX_TYPE_UPGRADE = 'upgrade'
 const ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'
 const ALERT_TYPE_CVE = 'cve'
 const ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'
@@ -303,8 +299,6 @@ const lazyZshRcPath = () =>
 
 const constants = createConstantsObject(
   {
-    ALERT_FIX_TYPE_CVE,
-    ALERT_FIX_TYPE_UPGRADE,
     ALERT_TYPE_CRITICAL_CVE,
     ALERT_TYPE_CVE,
     ALERT_TYPE_MEDIUM_CVE,

src/utils/alert/fix.ts

@@ -0,0 +1,4 @@
+export enum ALERT_FIX_TYPE {
+  cve = 'cve',
+  upgrade = 'upgrade'
+}

src/utils/alert/rules.ts

@@ -185,29 +185,35 @@ export async function uxLookup(
         const sockSdk = await setupSdk(getPublicToken())
         const orgResult = await sockSdk.getOrganizations()
         if (!orgResult.success) {
+          if (orgResult.status === 429) {
+            throw new Error(
+              `API token quota exceeded: ${orgResult.error}`
+            )
+          }
           throw new Error(
-            `Failed to fetch Socket organization info: ${orgResult.error.message}`
+            `Failed to fetch Socket organization info: ${orgResult.error}`
           )
         }
+        const { organizations } = orgResult.data
         const orgs: Array<
-          Exclude<(typeof orgResult.data.organizations)[string], undefined>
+          Exclude<(typeof organizations)[string], undefined>
         > = []
-        for (const org of Object.values(orgResult.data.organizations)) {
+        for (const org of Object.values(organizations)) {
           if (org) {
             orgs.push(org)
           }
         }
-        const result = await sockSdk.postSettings(
+        const settingsResult = await sockSdk.postSettings(
           orgs.map(org => ({ organization: org.id }))
         )
-        if (!result.success) {
+        if (!settingsResult.success) {
           throw new Error(
-            `Failed to fetch API key settings: ${result.error.message}`
+            `Failed to fetch API key settings: ${settingsResult.error}`
           )
         }
         return {
           orgs,
-          settings: result.data
+          settings: settingsResult.data
         }
       } catch (e) {
         const cause = isObject(e) && 'cause' in e ? e['cause'] : undefined

src/utils/alert/severity.ts

@@ -3,6 +3,13 @@ import { stringJoinWithSeparateFinalSeparator } from '../strings'
 
 import type { SocketSdkReturnType } from '@socketsecurity/sdk'
 
+export enum ALERT_SEVERITY {
+  critical = 'critical',
+  high = 'high',
+  middle = 'middle',
+  low = 'low'
+}
+
 export type SocketSdkAlertList =
   SocketSdkReturnType<'getIssuesByNPMPackage'>['data']
 
@@ -12,20 +19,9 @@ export type SocketSdkAlert = SocketSdkAlertList[number]['value'] extends
   ? U
   : never
 
-export enum SEVERITY {
-  critical = 'critical',
-  high = 'high',
-  middle = 'middle',
-  low = 'low'
-}
-
 // Ordered from most severe to least.
-const SEVERITIES_BY_ORDER: Array<SocketSdkAlert['severity']> = [
-  'critical',
-  'high',
-  'middle',
-  'low'
-]
+const SEVERITIES_BY_ORDER: ReadonlyArray<SocketSdkAlert['severity']> =
+  Object.freeze(['critical', 'high', 'middle', 'low'])
 
 function getDesiredSeverities(
   lowestToInclude: SocketSdkAlert['severity'] | undefined
@@ -66,8 +62,9 @@ export function getSeverityCount(
     if (!value) {
       continue
     }
-    if (severityCount[value.severity] !== undefined) {
-      severityCount[value.severity] += 1
+    const { severity } = value
+    if (severityCount[severity] !== undefined) {
+      severityCount[severity] += 1
     }
   }
   return severityCount

src/utils/api.ts

@@ -50,7 +50,7 @@ export async function handleApiCall<T>(
   return result
 }
 
-export async function handleAPIError(code: number) {
+export async function handleApiError(code: number) {
   if (code === 400) {
     return 'One of the options passed might be incorrect.'
   } else if (code === 403) {
@@ -72,7 +72,7 @@ function getDefaultApiBaseUrl(): string | undefined {
   return isNonEmptyString(baseUrl) ? baseUrl : undefined
 }
 
-export async function queryAPI(path: string, apiToken: string) {
+export async function queryApi(path: string, apiToken: string) {
   const API_V0_URL = getDefaultApiBaseUrl()
   return await fetch(`${API_V0_URL}/${path}`, {
     method: 'GET',