-
Notifications
You must be signed in to change notification settings - Fork 3
/
securityfilter.go
61 lines (58 loc) · 1.4 KB
/
securityfilter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package main
import (
"context"
"fmt"
"strings"
"github.com/shurcooL/githubv4"
)
func filterSecurityPullRequests(
ctx context.Context,
client *githubv4.Client,
pullRequests *[]pullRequest,
) ([]pullRequest, error) {
filteredPullRequests := []pullRequest{}
for _, pr := range *pullRequests {
type vulnQuery struct {
Repository struct {
VulnerabilityAlerts struct {
Nodes []struct {
VulnerableRequirements string
State string
SecurityVulnerability struct {
Package struct {
Name string
}
}
}
} `graphql:"vulnerabilityAlerts(first:100,states:OPEN)"`
} `graphql:"repository(owner: $owner, name: $name)"`
}
vulnVars := map[string]interface{}{
"owner": githubv4.String(pr.owner),
"name": githubv4.String(pr.repository),
}
var vulnQ vulnQuery
if err := client.Query(ctx, &vulnQ, vulnVars); err != nil {
return nil, fmt.Errorf("load vulnerability reports: %w", err)
}
for _, vulnAlert := range vulnQ.Repository.VulnerabilityAlerts.Nodes {
if strings.HasPrefix(
pr.bodyText,
fmt.Sprintf(
"Bumps %s from %s to ",
vulnAlert.SecurityVulnerability.Package.Name,
strings.Replace(
vulnAlert.VulnerableRequirements,
"= ",
"",
1,
),
),
) {
filteredPullRequests = append(filteredPullRequests, pr)
break
}
}
}
return filteredPullRequests, nil
}