Skip to content

Commit

Permalink
Support CVE hovercards in GitHub
Browse files Browse the repository at this point in the history
Remove URLs from the pull request Markdown content for CVEs in GitHub.com so that CVE IDs render a hovercard.
The link format is unchanged for GitHub Enterprise Server as I don't believe that's supported as the appliance would need internet connectivity.
Resolves #443.
  • Loading branch information
martincostello committed May 3, 2023
1 parent 005f9e4 commit 138e60e
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 8 deletions.
2 changes: 1 addition & 1 deletion dist/index.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/index.js.map

Large diffs are not rendered by default.

7 changes: 4 additions & 3 deletions src/DotNetSdkUpdater.ts
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ export class DotNetSdkUpdater {
return messageLines.join('\n');
}

public static generatePullRequestBody(update: SdkVersions, options: UpdateOptions): string {
public static generatePullRequestBody(update: SdkVersions, options: UpdateOptions, isGitHubEnterprise: boolean): string {
let body = `Updates the .NET SDK to version \`${update.latest.sdkVersion}\`, `;

if (update.latest.runtimeVersion === update.current.runtimeVersion) {
Expand All @@ -106,7 +106,7 @@ export class DotNetSdkUpdater {
if (update.security && update.securityIssues.length > 0) {
body += `\n\nThis release includes fixes for the following security issue(s):`;
for (const issue of update.securityIssues) {
body += `\n * [${issue.id}](${issue.url})`;
body += `\n- ${isGitHubEnterprise ? `[${issue.id}](${issue.url})` : issue.id}`;
}
}

Expand Down Expand Up @@ -218,7 +218,8 @@ export class DotNetSdkUpdater {

private async createPullRequest(base: string, update: SdkVersions): Promise<PullRequest> {
const title = `Update .NET SDK to ${update.latest.sdkVersion}`;
const body = DotNetSdkUpdater.generatePullRequestBody(update, this.options);
const isGitHubEnterprise = this.options.serverUrl !== 'https://github.com';
const body = DotNetSdkUpdater.generatePullRequestBody(update, this.options, isGitHubEnterprise);

const options = {
baseUrl: this.options.apiUrl,
Expand Down
9 changes: 6 additions & 3 deletions tests/DotNetSdkUpdater.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,10 @@ describe('DotNetSdkUpdater tests', () => {
expect(actual).toContain(`update-type: version-update:semver-${expected}`);
});

test('Sorts the CVEs in the pull request description', () => {
test.each([
[false, '\n- CVE-2022-41089\n- CVE-2023-21808'],
[true, '\n- [CVE-2022-41089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41089)\n- [CVE-2023-21808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21808)']
])('Sorts the CVEs in the pull request description', (isGitHubEnterprise, expected) => {
const channel = JSON.parse(fs.readFileSync(path.join(process.cwd(), 'tests', 'releases-7.0.json'), {encoding: 'utf8'}));
const versions = updater.DotNetSdkUpdater.getLatestRelease('7.0.100', channel);
const options: UpdateOptions = {
Expand All @@ -198,8 +201,8 @@ describe('DotNetSdkUpdater tests', () => {
userEmail: '',
userName: '',
};
const actual = updater.DotNetSdkUpdater.generatePullRequestBody(versions, options);
expect(actual).toContain('\n * [CVE-2022-41089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41089)\n * [CVE-2023-21808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21808)');
const actual = updater.DotNetSdkUpdater.generatePullRequestBody(versions, options, isGitHubEnterprise);
expect(actual).toContain(expected);
});

test.each([
Expand Down

0 comments on commit 138e60e

Please sign in to comment.