feat: add vulnerability vector string to json (#780)

* feat: add vulnerability vector string to json * feat: add weakness_id * fix: add created_at value to json
nodejs · Mar 22, 2024 · f52c4fd · f52c4fd
1 parent ec9faa8
commit f52c4fd
Showing 1 changed file with 29 additions and 16 deletions.
diff --git a/lib/prepare_security.js b/lib/prepare_security.js
@@ -144,7 +144,7 @@ class PrepareSecurityRelease {
   async createIssue(content, { cli }) {
     const data = await this.req.createIssue(this.title, content, this.repository);
     if (data.html_url) {
-      cli.ok('Created: ' + data.html_url);
+      cli.ok(`Created: ${data.html_url}`);
     } else {
       cli.error(data);
       process.exit(1);
@@ -155,16 +155,29 @@ class PrepareSecurityRelease {
     cli.info('Getting triaged H1 reports...');
     const reports = await this.req.getTriagedReports();
     const supportedVersions = (await nv('supported'))
-      .map((v) => v.versionName + '.x')
+      .map((v) => `${v.versionName}.x`)
       .join(',');
     const selectedReports = [];
 
     for (const report of reports.data) {
-      const { id, attributes: { title, cve_ids }, relationships: { severity, reporter } } = report;
+      const {
+        id, attributes: { title, cve_ids, created_at },
+        relationships: { severity, weakness, reporter }
+      } = report;
       const link = `https://hackerone.com/reports/${id}`;
-      const reportLevel = severity ? severity.data.attributes.rating : 'TBD';
+      let reportSeverity = 'TBD';
+      if (severity?.data?.attributes?.cvss_vector_string) {
+        const { cvss_vector_string, rating } = severity.data.attributes;
+        reportSeverity = {
+          cvss_vector_string,
+          rating,
+          weakness_id: weakness?.data?.id
+        };
+      }
+
       cli.separator();
-      cli.info(`Report: ${link} - ${title} (${reportLevel})`);
+      cli.info(`Report: ${link} - ${title} (${
+        reportSeverity?.rating?.toUpperCase() || reportSeverity})`);
       const include = await cli.prompt(
         'Would you like to include this report to the next security release?',
         { defaultAnswer: true });
@@ -182,11 +195,12 @@ class PrepareSecurityRelease {
         id,
         title,
         cve_ids,
-        severity: reportLevel,
+        severity: reportSeverity,
         summary: summaryContent ?? '',
         affectedVersions: versions.split(',').map((v) => v.replace('v', '').trim()),
         link,
-        reporter: reporter.data.attributes.username
+        reporter: reporter.data.attributes.username,
+        created_at // when we request CVE we need to input vulnerability_discovered_at
       });
     }
     return selectedReports;
@@ -227,17 +241,16 @@ class PrepareSecurityRelease {
     );
     const url = response?.html_url;
     if (url) {
-      cli.ok('Created: ' + url);
+      cli.ok(`Created: ${url}`);
       return url;
-    } else {
-      if (response?.errors) {
-        for (const error of response.errors) {
-          cli.error(error.message);
-        }
-      } else {
-        cli.error(response);
+    }
+    if (response?.errors) {
+      for (const error of response.errors) {
+        cli.error(error.message);
       }
-      process.exit(1);
+    } else {
+      cli.error(response);
     }
+    process.exit(1);
   }
 }