Skip to content

Commit 0bafa24

Browse files
RafaelGSSRafaelGSS
authored
feat: add patchedVersions on --request-cve (#956)
Refs: nodejs-private/security-release#64
1 parent 7a1c5d3 commit 0bafa24

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

lib/update_security_release.js

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,7 @@ export default class UpdateSecurityRelease extends SecurityRelease {
152152
for (const cve of cves) {
153153
const report = reports.find(report => report.id === cve.reportId);
154154
report.cveIds = [cve.cve_identifier];
155+
report.patchedVersions = cve.patchedVersions;
155156
}
156157
}
157158

@@ -219,12 +220,14 @@ Summary: ${summary}\n`,
219220

220221
if (!create) continue;
221222

223+
const { h1AffectedVersions, patchedVersions } =
224+
await this.calculateVersions(affectedVersions, supportedVersions);
222225
const body = {
223226
data: {
224227
type: 'cve-request',
225228
attributes: {
226229
team_handle: 'nodejs-team',
227-
versions: await this.formatAffected(affectedVersions, supportedVersions),
230+
versions: h1AffectedVersions,
228231
metrics: [
229232
{
230233
vectorString: cvss_vector_string
@@ -246,7 +249,7 @@ Summary: ${summary}\n`,
246249
continue;
247250
}
248251
const { cve_identifier } = data.attributes;
249-
cves.push({ cve_identifier, reportId: id });
252+
cves.push({ cve_identifier, reportId: id, patchedVersions });
250253
}
251254
return cves;
252255
}
@@ -262,15 +265,23 @@ Summary: ${summary}\n`,
262265
}
263266
}
264267

265-
async formatAffected(affectedVersions, supportedVersions) {
266-
const result = [];
268+
async calculateVersions(affectedVersions, supportedVersions) {
269+
const h1AffectedVersions = [];
270+
const patchedVersions = [];
267271
for (const affectedVersion of affectedVersions) {
268272
const major = affectedVersion.split('.')[0];
269273
const latest = supportedVersions.find((v) => v.major === Number(major)).version;
270274
const version = await this.cli.prompt(
271275
`What is the affected version (<=) for release line ${affectedVersion}?`,
272276
{ questionType: 'input', defaultAnswer: latest });
273-
result.push({
277+
278+
const nextPatchVersion = parseInt(version.split('.')[2]) + 1;
279+
const patchedVersion = await this.cli.prompt(
280+
`What is the patched version (>=) for release line ${affectedVersion}?`,
281+
{ questionType: 'input', defaultAnswer: nextPatchVersion });
282+
283+
patchedVersions.push(patchedVersion);
284+
h1AffectedVersions.push({
274285
vendor: 'nodejs',
275286
product: 'node',
276287
func: '<=',
@@ -279,6 +290,6 @@ Summary: ${summary}\n`,
279290
affected: true
280291
});
281292
}
282-
return result;
293+
return { h1AffectedVersions, patchedVersions };
283294
}
284295
}

0 commit comments

Comments
 (0)