🔄 synced local '.github/scripts/security-checker.mjs' with remote 'scripts/security-checker.mjs'

testcafe-build-bot · testcafe-build-bot · commit d34f52ce1217 · 2023-12-07T10:05:29.000Z
diff --git a/.github/scripts/security-checker.mjs b/.github/scripts/security-checker.mjs
@@ -9,6 +9,11 @@ const LABELS = {
   security:   'security notification',
 };
 
+const ALERT_TYPES = {
+  dependabot: 'dependabot',
+  codeq:      'codeql',
+}
+
 class SecurityChecker {
   constructor (github, context, issueRepo) {
       this.github    = github;
@@ -27,8 +32,8 @@ class SecurityChecker {
       this.alertDictionary = this.createAlertDictionary(existedIssues);
 
       await this.closeSpoiledIssues();
-      this.createDependabotlIssues(dependabotAlerts);
-      this.createCodeqlIssues(codeqlAlerts);
+      await this.createDependabotlIssues(dependabotAlerts);
+      await this.createCodeqlIssues(codeqlAlerts);
   }
 
   async getDependabotAlerts () {
@@ -64,15 +69,13 @@ class SecurityChecker {
 
   createAlertDictionary (existedIssues) {
       return existedIssues.reduce((res, issue) => {
-          const [, url, number] = issue.body.match(/Link:\s*(https.*?(\d+)$)/);
+          const [, repo] = issue.body.match(/Repository:\s*`(.*)`/);
+          const [, url, type, number] = issue.body.match(/Link:\s*(https:.*\/(dependabot|code-scanning)\/(\d+))/);
 
-          if (!url)
+          if (!url || repo !== this.context.repo)
               return res;
 
-          res[url] = {
-              issue, number,
-              isDependabot: url.includes('dependabot'),
-          };
+          res[url] = { issue, number, type };
 
           return res;
       }, {});
@@ -82,7 +85,7 @@ class SecurityChecker {
       for (const key in this.alertDictionary) {
           const alert = this.alertDictionary[key];
 
-          if (alert.isDependabot) {
+          if (alert.type === ALERT_TYPES.dependabot) {
               const isAlertOpened = await this.isDependabotAlertOpened(alert.number);
 
               if (isAlertOpened)
@@ -123,38 +126,38 @@ class SecurityChecker {
   }
 
   async createDependabotlIssues (dependabotAlerts) {
-      dependabotAlerts.forEach(alert => {
+    for (const alert of dependabotAlerts) {
           if (!this.needCreateIssue(alert))
               return;
 
-          this.createIssue({
+          await this.createIssue({
               labels:       [LABELS.dependabot, LABELS.security, alert.dependency.scope],
               originRepo:   this.context.repo,
               summary:      alert.security_advisory.summary,
               description:  alert.security_advisory.description,
               link:         alert.html_url,
               issuePackage: alert.dependency.package.name,
           });
-      });
+      }
   }
 
   async createCodeqlIssues (codeqlAlerts) {
-      codeqlAlerts.forEach(alert => {
+      for (const alert of codeqlAlerts) {
           if (!this.needCreateIssue(alert))
               return;
 
-          this.createIssue({
+          await this.createIssue({
               labels:      [LABELS.codeql, LABELS.security],
               originRepo:  this.context.repo,
               summary:     alert.rule.description,
               description: alert.most_recent_instance.message.text,
               link:        alert.html_url,
           });
-      });
+      }
   }
 
   needCreateIssue (alert) {
-      return !this.alertDictionary[alert.html_url] && Date.now() - new Date(alert.created_at) <= 1000 * 60 * 60 * 24;;
+      return !this.alertDictionary[alert.html_url] && Date.now() - new Date(alert.created_at) <= 1000 * 60 * 60 * 24;
   }
 
   async createIssue ({ labels, originRepo, summary, description, link, issuePackage = '' }) {
