/
dependabot_alerts.go
128 lines (110 loc) · 5.03 KB
/
dependabot_alerts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
// Copyright 2022 The go-github AUTHORS. All rights reserved.
//
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package github
import (
"context"
"fmt"
)
type Dependency struct {
Package *VulnerabilityPackage `json:"package,omitempty"`
ManifestPath *string `json:"manifest_path,omitempty"`
Scope *string `json:"scope,omitempty"`
}
type AdvisoryCVSs struct {
Score *float64 `json:"score,omitempty"`
VectorString *string `json:"vector_string,omitempty"`
}
type AdvisoryCWEs struct {
CWEID *string `json:"cwe_id,omitempty"`
Name *string `json:"name,omitempty"`
}
type DependabotSecurityAdvisory struct {
GHSAID *string `json:"ghsa_id,omitempty"`
CVEID *string `json:"cve_id,omitempty"`
Summary *string `json:"summary,omitempty"`
Description *string `json:"description,omitempty"`
Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"`
Severity *string `json:"severity,omitempty"`
CVSs *AdvisoryCVSs `json:"cvss,omitempty"`
CWEs []*AdvisoryCWEs `json:"cwes,omitempty"`
Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"`
References []*AdvisoryReference `json:"references,omitempty"`
PublishedAt *Timestamp `json:"published_at,omitempty"`
UpdatedAt *Timestamp `json:"updated_at,omitempty"`
WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"`
}
// DependabotAlert represents a dependabot alert
type DependabotAlert struct {
Number *int `json:"number,omitempty"`
State *string `json:"state,omitempty"`
Dependency *Dependency `json:"dependency,omitempty"`
SecurityAdvisory *DependabotSecurityAdvisory `json:"security_advisory,omitempty"`
SecurityVulnerability *AdvisoryVulnerability `json:"security_vulnerability,omitempty"`
URL *string `json:"url,omitempty"`
HtmlURL *string `json:"html_url,omitempty"`
CreatedAt *Timestamp `json:"created_at,omitempty"`
UpdatedAt *Timestamp `json:"updated_at,omitempty"`
DismissedAt *Timestamp `json:"dismissed_at,omitempty"`
DismissedBy *User `json:"dismissed_by,omitempty"`
DismissedReason *string `json:"dismissed_reason,omitempty"`
DismissedComment *string `json:"dismissed_comment,omitempty"`
FixedAt *Timestamp `json:"fixed_at,omitempty"`
}
type ListAlertsOptions struct {
State *string `url:"state,omitempty"`
Severity *string `url:"severity,omitempty"`
Ecosystem *string `url:"ecosystem,omitempty"`
Package *string `url:"package,omitempty"`
Scope *string `url:"scope,omitempty"`
Sort *string `url:"sort,omitempty"`
Direction *string `url:"direction,omitempty"`
ListCursorOptions
}
func (s *DependabotService) listAlerts(ctx context.Context, url string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) {
u, err := addOptions(url, opts)
if err != nil {
return nil, nil, err
}
req, err := s.client.NewRequest("GET", u, nil)
if err != nil {
return nil, nil, err
}
var alerts []*DependabotAlert
resp, err := s.client.Do(ctx, req, &alerts)
if err != nil {
return nil, resp, err
}
return alerts, resp, nil
}
// ListRepoAlerts lists all Dependabot alerts of a repository.
//
// GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-a-repository
func (s *DependabotService) ListRepoAlerts(ctx context.Context, owner, repo string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) {
url := fmt.Sprintf("repos/%v/%v/dependabot/alerts", owner, repo)
return s.listAlerts(ctx, url, opts)
}
// ListOrgAlerts lists all Dependabot alerts of an organization.
//
// GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization
func (s *DependabotService) ListOrgAlerts(ctx context.Context, org string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) {
url := fmt.Sprintf("orgs/%v/dependabot/alerts", org)
return s.listAlerts(ctx, url, opts)
}
// GetRepoAlert gets a single repository Dependabot alert.
//
// GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#get-a-dependabot-alert
func (s *DependabotService) GetRepoAlert(ctx context.Context, owner, repo string, number int) (*DependabotAlert, *Response, error) {
url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number)
req, err := s.client.NewRequest("GET", url, nil)
if err != nil {
return nil, nil, err
}
alert := new(DependabotAlert)
resp, err := s.client.Do(ctx, req, alert)
if err != nil {
return nil, resp, err
}
return alert, resp, nil
}