Merge pull request #33 from snyk-tech-services/develop

Releasing changes
snyk-tech-services · Jun 29, 2021 · 88d2935 · 88d2935
2 parents 297ced4 + ec0e695
commit 88d2935
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 11 deletions.
diff --git a/src/lib/github/prComments.ts b/src/lib/github/prComments.ts
@@ -107,35 +107,32 @@ export const createPrComment = async (
   });
 
   let ghResponse;
-  let firstComment = false;
-  let commentUrl = '';
+  let firstComment = true;
+  let commentUrl = `/repos/${ghDetails.orgName}/${ghDetails.repoName}/issues/${ghDetails.prNumber}/comments`;
 
   ghResponse = await ghClient.get(
-    `/repos/${ghDetails.orgName}/${ghDetails.repoName}/issues/${ghDetails.prNumber}/comments`
+    commentUrl
   );
 
-  if (ghResponse.data.length === 0) {
-    firstComment = true
-  } else {
+  if ((ghResponse.data.length != 0) && !keepHistory) {
     ghResponse.data.map((comments: any) => {
       if (comments.body.includes('******* Vulnerabilities report for commit')) 
       {
         commentUrl = comments.url
+        firstComment = false
       }
     }) 
   }
 
   if (keepHistory == true || firstComment == true)
   {
     ghResponse = await ghClient.post(
-      `/repos/${ghDetails.orgName}/${ghDetails.repoName}/issues/${ghDetails.prNumber}/comments`,
-      JSON.stringify(data),
-  );
+      commentUrl,
+      JSON.stringify(data),);
   } else {
     ghResponse = await ghClient.patch(
       commentUrl,
-      JSON.stringify(data),
-    );
+      JSON.stringify(data),);
   }
 
   return ghResponse.data as ghPrCommentsStatus

diff --git a/test/lib/index.test.ts b/test/lib/index.test.ts
@@ -28,6 +28,14 @@ beforeAll(() => {
     });
 });
 
+const responseWithOneOtherComment = [
+  {
+    id: 1,
+    body: '### Anything but a vulnerability summary *******',
+    url: 'https://api.github.com/repos/124/124/issues/124/comments/1',
+  },
+];
+
 const responseAfterComment = [
   {
     id: 1,
@@ -37,6 +45,7 @@ const responseAfterComment = [
 ];
 const responseBeforeComment: unknown[] = [];
 let responseForComment = responseBeforeComment;
+let firstPost = true;
 
 beforeAll(() => {
   return nock('https://api.github.com')
@@ -46,6 +55,8 @@ beforeAll(() => {
       switch (uri) {
         case '/repos/123/123/issues/123/comments':
           return responseForComment;
+        case '/repos/124/124/issues/124/comments':
+          return responseWithOneOtherComment;
         default:
           throw new Error('unexpected status GETing to Github');
       }
@@ -55,11 +66,21 @@ beforeAll(() => {
       switch (uri) {
         case '/repos/123/123/statuses/123':
           return requestBody;
+        case '/repos/124/124/statuses/124':
+          return requestBody;
         case '/repos/123/123/issues/123/comments':
           responseForComment = responseAfterComment;
           return requestBody;
         case '/repos/123/123/issues/123/comments/1':
           return requestBody;
+        case '/repos/124/124/issues/124/comments':
+          return requestBody;
+        case '/repos/124/124/issues/124/comments/1':
+          if (firstPost) {
+            responseForComment = responseWithOneOtherComment;
+            firstPost = false;
+          }
+          return requestBody;
         default:
           throw new Error('unexpected status POSTing to Github');
       }
@@ -69,6 +90,8 @@ beforeAll(() => {
       switch (uri) {
         case '/repos/123/123/issues/123/comments/1':
           return requestBody;
+        case '/repos/124/124/issues/124/comments/1':
+          return requestBody;
         default:
           throw new Error('unexpected status PATCHing to Github');
       }
@@ -491,6 +514,53 @@ New Issues Introduced!
       Artistic-2.0 license 
       [Medium Severity]
 \t+ Via: [email protected] => [email protected]
+`,
+        },
+        /* eslint-enable no-useless-escape */
+      },
+    ]);
+  });
+
+  test('[snyk-delta module] Is it working with 1 issue and 1 previous non vulnerability summary comment', async () => {
+    process.argv = [
+      '',
+      '',
+      path.resolve(__dirname, '..') +
+        '/fixtures/snyktest-goof-with-one-more-vuln-and-one-more-license.json',
+      '124',
+      '124',
+      '124',
+      '124',
+      '124',
+    ];
+    const response = await main();
+
+    expect(response).toEqual([
+      {
+        status: {
+          context: 'Snyk Prevent (playground - package-lock.json)',
+          description: 'New issue(s) found',
+          state: 'failure',
+          // eslint-disable-next-line
+          target_url:
+            'https://app.snyk.io/org/playground/project/09235fa4-c241-42c6-8c63-c053bd272789',
+        },
+        /* eslint-disable no-useless-escape */
+        prComment: {
+          body: `### ******* Vulnerabilities report for commit number 124 *******
+New Issues Introduced!
+## Security
+1 issue found 
+* 1/1: Regular Expression Denial of Service (ReDoS) [High Severity]
+\t+ Via:   [email protected] => [email protected] => @snyk/[email protected] => [email protected]
+\t+ Fixed in: acorn, 5.7.4, 6.4.1, 7.1.1
+\t+ Fixable by upgrade: @snyk/[email protected]=>[email protected]
+## License
+1 issue found 
+  1/1: 
+      Artistic-2.0 license 
+      [Medium Severity]
+\t+ Via: [email protected] => [email protected]
 `,
         },
         /* eslint-enable no-useless-escape */