feat: remove report from vulnerabilities.json (#784)

nodejs · Mar 22, 2024 · 648918b · 648918b
1 parent f52c4fd
commit 648918b
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 0 deletions.
diff --git a/components/git/security.js b/components/git/security.js
@@ -17,6 +17,10 @@ const securityOptions = {
   'add-report': {
     describe: 'Extracts data from HackerOne report and adds it into vulnerabilities.json',
     type: 'string'
+  },
+  'remove-report': {
+    describe: 'Removes a report from vulnerabilities.json',
+    type: 'string'
   }
 };
 
@@ -34,6 +38,10 @@ export function builder(yargs) {
     .example(
       'git node security --add-report=H1-ID',
       'Fetches HackerOne report based on ID provided and adds it into vulnerabilities.json'
+    )
+    .example(
+      'git node security --remove-report=H1-ID',
+      'Removes the Hackerone report based on ID provided from vulnerabilities.json'
     );
 }
 
@@ -47,9 +55,20 @@ export function handler(argv) {
   if (argv['add-report']) {
     return addReport(argv);
   }
+  if (argv['remove-report']) {
+    return removeReport(argv);
+  }
   yargsInstance.showHelp();
 }
 
+async function removeReport(argv) {
+  const reportId = argv['remove-report'];
+  const logStream = process.stdout.isTTY ? process.stdout : process.stderr;
+  const cli = new CLI(logStream);
+  const update = new UpdateSecurityRelease(cli);
+  return update.removeReport(reportId);
+}
+
 async function addReport(argv) {
   const reportId = argv['add-report'];
   const logStream = process.stdout.isTTY ? process.stdout : process.stderr;

diff --git a/docs/git-node.md b/docs/git-node.md
@@ -466,6 +466,24 @@ Example:
   git node security --update-date=16/12/2023
 ```
 
+### `git node security --add-report=report-id`
+
+This command adds a HackerOne report to the `vulnerabilities.json`.
+Example:
+
+```sh
+  git node security --add-report=12345
+```
+
+### `git node security --remove-report=report-id`
+
+This command removes a HackerOne report from the `vulnerabilities.json`.
+Example:
+
+```sh
+  git node security --remove-report=12345
+```
+
 ## `git node status`
 
 Return status and information about the current git-node land session. Shows the following information:

diff --git a/lib/update_security_release.js b/lib/update_security_release.js
@@ -112,5 +112,30 @@ export default class UpdateSecurityRelease {
     content.reports.push(entry);
     fs.writeFileSync(vulnerabilitiesJSONPath, JSON.stringify(content, null, 2));
     this.cli.ok(`Updated vulnerabilities.json with the report: ${id}`);
+    const commitMessage = `chore: added report ${id} to vulnerabilities.json`;
+    commitAndPushVulnerabilitiesJSON(vulnerabilitiesJSONPath,
+      commitMessage, { cli, repository: this.repository });
+    cli.ok('Done!');
+  }
+
+  removeReport(reportId) {
+    const { cli } = this;
+    // checkout on the next-security-release branch
+    checkoutOnSecurityReleaseBranch(cli, this.repository);
+    const vulnerabilitiesJSONPath = this.getVulnerabilitiesJSONPath();
+    const content = this.readVulnerabilitiesJSON(vulnerabilitiesJSONPath);
+    const found = content.reports.some((report) => report.id === reportId);
+    if (!found) {
+      cli.error(`Report with id ${reportId} not found in vulnerabilities.json`);
+      process.exit(1);
+    }
+    content.reports = content.reports.filter((report) => report.id !== reportId);
+    fs.writeFileSync(vulnerabilitiesJSONPath, JSON.stringify(content, null, 2));
+    this.cli.ok(`Updated vulnerabilities.json with the report: ${reportId}`);
+
+    const commitMessage = `chore: remove report ${reportId} from vulnerabilities.json`;
+    commitAndPushVulnerabilitiesJSON(vulnerabilitiesJSONPath,
+      commitMessage, { cli, repository: this.repository });
+    cli.ok('Done!');
   }
 }