feat: add PR_URL to vuln.json and fetch from H1 (#815)

RafaelGSS · web-flow · commit c4e7c03cc649 · 2024-06-08T09:53:30.000-03:00
diff --git a/lib/prepare_security.js b/lib/prepare_security.js
@@ -248,8 +248,7 @@ export default class PrepareSecurityRelease {
         });
 
       try {
-        const prUrl = dep.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');
-        const res = await this.req.getPullRequest(prUrl);
+        const res = await this.req.getPullRequest(dep);
         const { html_url, title } = res;
         deps.push({
           name,
diff --git a/lib/request.js b/lib/request.js
@@ -77,7 +77,8 @@ export default class Request {
     return this.json(url, options);
   }
 
-  async getPullRequest(url) {
+  async getPullRequest(fullUrl) {
+    const prUrl = fullUrl.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');
     const options = {
       method: 'GET',
       headers: {
@@ -86,7 +87,7 @@ export default class Request {
         Accept: 'application/vnd.github+json'
       }
     };
-    return this.json(url, options);
+    return this.json(prUrl, options);
   }
 
   async createPullRequest(title, body, { owner, repo, head, base }) {
diff --git a/lib/security-release/security-release.js b/lib/security-release/security-release.js
@@ -142,7 +142,7 @@ export async function createIssue(title, content, repository, { cli, req }) {
 export async function pickReport(report, { cli, req }) {
   const {
     id, attributes: { title, cve_ids },
-    relationships: { severity, weakness, reporter }
+    relationships: { severity, weakness, reporter, custom_field_values }
   } = report;
   const link = `https://hackerone.com/reports/${id}`;
   const reportSeverity = {
@@ -165,16 +165,24 @@ export async function pickReport(report, { cli, req }) {
     defaultAnswer: await getSupportedVersions()
   });
 
-  let patchAuthors = await cli.prompt(
-    'Add github username of the authors of the patch (split by comma if multiple)', {
-      questionType: 'input',
-      defaultAnswer: ''
-    });
-
-  if (!patchAuthors) {
-    patchAuthors = [];
+  let prURL = '';
+  let patchAuthors = [];
+  if (custom_field_values.data.length) {
+    prURL = custom_field_values.data[0].attributes.value;
+    const { user } = await req.getPullRequest(prURL);
+    patchAuthors = [user.login];
   } else {
-    patchAuthors = patchAuthors.split(',').map((p) => p.trim());
+    patchAuthors = await cli.prompt(
+      'Add github username of the authors of the patch (split by comma if multiple)', {
+        questionType: 'input',
+        defaultAnswer: ''
+      });
+
+    if (!patchAuthors) {
+      patchAuthors = [];
+    } else {
+      patchAuthors = patchAuthors.split(',').map((p) => p.trim());
+    }
   }
 
   const summaryContent = await getSummary(id, req);
@@ -186,6 +194,7 @@ export async function pickReport(report, { cli, req }) {
     severity: reportSeverity,
     summary: summaryContent ?? '',
     patchAuthors,
+    prURL,
     affectedVersions: versions.split(',').map((v) => v.replace('v', '').trim()),
     link,
     reporter: reporter.data.attributes.username

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,8 @@ export default class Request {`
`77`	`77`	`return this.json(url, options);`
`78`	`78`	`}`
`79`	`79`
`80`		`- async getPullRequest(url) {`
	`80`	`+ async getPullRequest(fullUrl) {`
	`81`	`+ const prUrl = fullUrl.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');`
`81`	`82`	`const options = {`
`82`	`83`	`method: 'GET',`
`83`	`84`	`headers: {`
`@@ -86,7 +87,7 @@ export default class Request {`
`86`	`87`	`Accept: 'application/vnd.github+json'`
`87`	`88`	`}`
`88`	`89`	`};`
`89`		`- return this.json(url, options);`
	`90`	`+ return this.json(prUrl, options);`
`90`	`91`	`}`
`91`	`92`
`92`	`93`	`async createPullRequest(title, body, { owner, repo, head, base }) {`