Doug/fix pr comment issues (#15)

* Fixed logic for ignoring alerts, diff logic, and consolidation of alerts

* New version build

* Additional fix for commenting logic

Author: dacoburn

socketsecurity/__init__.py

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '1.0.1'
+__version__ = '1.0.3'

socketsecurity/core/__init__.py

@@ -548,11 +548,13 @@ def compare_sboms(new_scan: list, head_scan: list) -> Diff:
         head_packages = Core.create_sbom_dict(head_scan)
         new_scan_alerts = {}
         head_scan_alerts = {}
-
+        consolidated = []
         for package_id in new_packages:
             purl, package = Core.create_purl(package_id, new_packages)
-            if package_id not in head_packages and package.direct:
+            base_purl = f"{purl.ecosystem}/{purl.name}@{purl.version}"
+            if package_id not in head_packages and package.direct and base_purl not in consolidated:
                 diff.new_packages.append(purl)
+                consolidated.append(base_purl)
             new_scan_alerts = Core.create_issue_alerts(package, new_scan_alerts, new_packages)
         for package_id in head_packages:
             purl, package = Core.create_purl(package_id, head_packages)
@@ -633,18 +635,27 @@ def compare_issue_alerts(new_scan_alerts: dict, head_scan_alerts: dict, alerts:
         :param alerts: List of new alerts that are only in the new Full Scan
         :return:
         """
+        consolidated_alerts = []
         for alert_key in new_scan_alerts:
             if alert_key not in head_scan_alerts:
                 new_alerts = new_scan_alerts[alert_key]
                 for alert in new_alerts:
+                    alert: Issue
+                    alert_str = f"{alert.purl},{alert.manifests},{alert.type}"
                     if alert.error or alert.warn:
-                        alerts.append(alert)
+                        if alert_str not in consolidated_alerts:
+                            alerts.append(alert)
+                            consolidated_alerts.append(alert_str)
             else:
                 new_alerts = new_scan_alerts[alert_key]
                 head_alerts = head_scan_alerts[alert_key]
                 for alert in new_alerts:
-                    if alert not in head_alerts and (alert.error or alert.warn):
-                        alerts.append(alert)
+                    alert: Issue
+                    alert_str = f"{alert.purl},{alert.manifests},{alert.type}"
+                    if alert not in head_alerts and alert_str not in consolidated_alerts:
+                        if alert.error or alert.warn:
+                            alerts.append(alert)
+                            consolidated_alerts.append(alert_str)
         return alerts
 
     @staticmethod

socketsecurity/core/github.py

@@ -207,4 +207,40 @@ def remove_comment_alerts(comments: dict):
         if security_alert is not None:
             security_alert: Comment
             new_body = Comments.process_security_comment(security_alert, comments)
+            Github.handle_ignore_reactions(comments)
             Github.update_comment(new_body, str(security_alert.id))
+
+    @staticmethod
+    def handle_ignore_reactions(comments: dict) -> None:
+        for comment in comments["ignore"]:
+            comment: Comment
+            if "SocketSecurity ignore" in comment.body:
+                if not Github.comment_reaction_exists(comment.id):
+                    Github.post_reaction(comment.id)
+
+    @staticmethod
+    def post_reaction(comment_id: int) -> None:
+        repo = github_repository.rsplit("/", 1)[1]
+        path = f"repos/{github_repository_owner}/{repo}/issues/comments/{comment_id}/reactions"
+        payload = {
+            "content": "+1"
+        }
+        payload = json.dumps(payload)
+        do_request(path, payload=payload, method="POST", headers=headers, base_url=github_api_url)
+
+    @staticmethod
+    def comment_reaction_exists(comment_id: int) -> bool:
+        repo = github_repository.rsplit("/", 1)[1]
+        path = f"repos/{github_repository_owner}/{repo}/issues/comments/{comment_id}/reactions"
+        response = do_request(path, headers=headers, base_url=github_api_url)
+        exists = False
+        try:
+            data = response.json()
+            for reaction in data:
+                content = reaction.get("content")
+                if content is not None and content == ":thumbsup:":
+                    exists = True
+        except Exception as error:
+            log.error(f"Unable to get reaction for {comment_id} for PR {pr_number}")
+            log.error(error)
+        return  exists

socketsecurity/core/messages.py

@@ -148,7 +148,7 @@ def create_security_alert_table(diff: Diff, md: MdUtils) -> (MdUtils, list, dict
             ignore = f"`SocketSecurity ignore {alert.purl}`"
             if ignore not in ignore_commands:
                 ignore_commands.append(ignore)
-            manifest_str, sources = Messages.create_sources(alert, "console")
+            manifest_str, source_str = Messages.create_sources(alert)
             purl_url = f"[{alert.purl}]({alert.url})"
             if alert.error:
                 emoji = ':no_entry_sign:'
@@ -157,7 +157,7 @@ def create_security_alert_table(diff: Diff, md: MdUtils) -> (MdUtils, list, dict
             row = [
                 alert.title,
                 purl_url,
-                ", ".join(sources),
+                source_str,
                 manifest_str,
                 emoji
             ]
@@ -269,14 +269,15 @@ def create_console_security_alert_table(diff: Diff) -> PrettyTable:
             [
                 "Alert",
                 "Package",
+                "url",
                 "Introduced by",
                 "Manifest File",
                 "CI Status"
             ]
         )
         for alert in diff.new_alerts:
             alert: Issue
-            manifest_str, sources = Messages.create_sources(alert, "console")
+            manifest_str, source_str = Messages.create_sources(alert, "console")
             if alert.error:
                 state = "block"
             elif alert.warn:
@@ -287,27 +288,38 @@ def create_console_security_alert_table(diff: Diff) -> PrettyTable:
                 state = "ignore"
             row = [
                 alert.title,
+                alert.purl,
                 alert.url,
-                ", ".join(sources),
+                source_str,
                 manifest_str,
                 state
             ]
             alert_table.add_row(row)
         return alert_table
 
     @staticmethod
-    def create_sources(alert: Issue, style="md") -> [str, list]:
+    def create_sources(alert: Issue, style="md") -> [str, str]:
         sources = []
         manifests = []
         for source, manifest in alert.introduced_by:
-            sources.append(source)
             if style == "md":
-                manifests.append(f"<li>{manifest}</li>")
+                add_str = f"<li>{manifest}</li>"
+                source_str = f"<li>{source}</li>"
             else:
-                manifests.append(manifest)
+                add_str = f"{manifest};"
+                source_str = f"{source};"
+            if source_str not in sources:
+                sources.append(source_str)
+            if add_str not in manifests:
+                manifests.append(add_str)
         manifest_list = "".join(manifests)
+        source_list = "".join(sources)
+        source_list = source_list.rstrip(";")
+        manifest_list = manifest_list.rstrip(";")
         if style == "md":
             manifest_str = f"<ul>{manifest_list}</ul>"
+            sources_str = f"<ul>{source_list}</ul>"
         else:
             manifest_str = manifest_list
-        return manifest_str, sources
+            sources_str = source_list
+        return manifest_str, sources_str

socketsecurity/core/scm_comments.py

@@ -31,12 +31,13 @@ def remove_alerts(comments: dict, new_alerts: list) -> list:
             if ignore_all:
                 break
             else:
-                purl = f"{alert.pkg_name}, {alert.pkg_version}"
-                purl_star = f"{alert.pkg_name}, *"
+                full_name = f"{alert.pkg_type}/{alert.pkg_name}"
+                purl = (full_name, alert.pkg_version)
+                purl_star = (full_name, "*")
                 if purl in ignore_commands or purl_star in ignore_commands:
-                    print(f"Alerts for {alert.pkg_name}@{alert.pkg_version} ignored")
+                    log.info(f"Alerts for {alert.pkg_name}@{alert.pkg_version} ignored")
                 else:
-                    print(f"Adding alert {alert.type} for {alert.pkg_name}@{alert.pkg_version}")
+                    log.info(f"Adding alert {alert.type} for {alert.pkg_name}@{alert.pkg_version}")
                     alerts.append(alert)
         return alerts
 
@@ -49,16 +50,20 @@ def get_ignore_options(comments: dict) -> [bool, list]:
             comment: Comment
             first_line = comment.body_list[0]
             if not ignore_all and "SocketSecurity ignore" in first_line:
-                first_line = first_line.lstrip("@")
-                _, command = first_line.split("SocketSecurity ")
-                command = command.strip()
-                if command == "ignore-all":
-                    ignore_all = True
-                else:
-                    command = command.lstrip("ignore").strip()
-                    name, version = command.split("@")
-                    data = f"{name}, {version}"
-                    ignore_commands.append(data)
+                try:
+                    first_line = first_line.lstrip("@")
+                    _, command = first_line.split("SocketSecurity ")
+                    command = command.strip()
+                    if command == "ignore-all":
+                        ignore_all = True
+                    else:
+                        command = command.lstrip("ignore").strip()
+                        name, version = command.split("@")
+                        data = (name, version)
+                        ignore_commands.append(data)
+                except Exception as error:
+                    log.error(f"Unable to process ignore command for {comment}")
+                    log.error(error)
         return ignore_all, ignore_commands
 
     @staticmethod
@@ -71,7 +76,7 @@ def is_ignore(pkg_name: str, pkg_version: str, name: str, version: str) -> bool:
     @staticmethod
     def is_heading_line(line) -> bool:
         is_heading_line = True
-        if line != "|Alert|Package|Introduced by|Manifest File|" and ":---" not in line:
+        if line != "|Alert|Package|Introduced by|Manifest File|CI|" and ":---" not in line:
             is_heading_line = False
         return is_heading_line
 
@@ -86,10 +91,12 @@ def process_security_comment(comment: Comment, comments) -> str:
                 start = True
                 lines.append(line)
             elif start and "end-socket-alerts-table" not in line and not Comments.is_heading_line(line) and line != '':
-                title, package, introduced_by, manifest = line.lstrip("|").rstrip("|").split("|")
+                title, package, introduced_by, manifest, ci = line.lstrip("|").rstrip("|").split("|")
                 details, _ = package.split("](")
                 ecosystem, details = details.split("/", 1)
+                ecosystem = ecosystem.lstrip("[")
                 pkg_name, pkg_version = details.split("@")
+                pkg_name = f"{ecosystem}/{pkg_name}"
                 ignore = False
                 for name, version in ignore_commands:
                     if ignore_all or Comments.is_ignore(pkg_name, pkg_version, name, version):
@@ -114,7 +121,7 @@ def check_for_socket_comments(comments: dict):
                 socket_comments["security"] = comment
             elif "socket-overview-comment-actions" in comment.body:
                 socket_comments["overview"] = comment
-            elif "SocketSecurity ignore" in comment.body:
+            elif "SocketSecurity ignore".lower() in comment.body_list[0].lower():
                 if "ignore" not in socket_comments:
                     socket_comments["ignore"] = []
                 socket_comments["ignore"].append(comment)

socketsecurity/socketcli.py

@@ -5,7 +5,7 @@
 from socketsecurity.core.messages import Messages
 from socketsecurity.core.scm_comments import Comments
 from socketsecurity.core.git_interface import Git
-from git import InvalidGitRepositoryError
+from git import InvalidGitRepositoryError, NoSuchPathError
 import os
 import sys
 import logging
@@ -245,6 +245,8 @@ def main_code():
     except InvalidGitRepositoryError:
         is_repo = False
         pass
+    except NoSuchPathError:
+        raise Exception(f"Unable to find path {target_path}")
         # git_repo = None
     if repo is None:
         log.info("Repo name needs to be set")
@@ -306,11 +308,17 @@ def main_code():
             new_security_comment = True
             new_overview_comment = True
             if len(diff.new_alerts) == 0 or disable_security_issue:
-                new_security_comment = False
-                log.debug("No new alerts or security issue comment disabled")
+                if security_comment is None or security_comment == "":
+                    new_security_comment = False
+                    log.debug("No new alerts or security issue comment disabled")
+                else:
+                    log.debug("Updated security comment with no new alerts")
             if (len(diff.new_packages) == 0 and len(diff.removed_packages) == 0) or disable_overview:
-                new_overview_comment = False
-                log.debug("No new/removed packages or Dependency Overview comment disabled")
+                if overview_comment is None or overview_comment == "":
+                    new_overview_comment = False
+                    log.debug("No new/removed packages or Dependency Overview comment disabled")
+                else:
+                    log.debug("Updated overview comment with no dependencies")
             log.debug(f"Adding comments for {scm_type}")
             scm.add_socket_comments(
                 security_comment,