From 216952f57bddc8e38c366ba6ab67ed705ced6f58 Mon Sep 17 00:00:00 2001 From: be0x74a Date: Sat, 5 Aug 2023 18:18:18 +0100 Subject: [PATCH 1/3] Add support for Security Advisories Request CVE endpoint --- AUTHORS | 1 + README.md | 3 +- github/github.go | 64 +++++++++++++++--------------- github/security_advisories.go | 38 ++++++++++++++++++ github/security_advisories_test.go | 37 +++++++++++++++++ 5 files changed, 111 insertions(+), 32 deletions(-) create mode 100644 github/security_advisories.go create mode 100644 github/security_advisories_test.go diff --git a/AUTHORS b/AUTHORS index 5e40cd1f38..a833043b0f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -125,6 +125,7 @@ Derek Jobst DeviousLab Dhi Aurrahman Diego Lapiduz +Diogo Vilela Dmitri Shuralyov dmnlk Don Petersen diff --git a/README.md b/README.md index 4e954e1575..1085b1dfd5 100644 --- a/README.md +++ b/README.md @@ -395,7 +395,8 @@ supported by this (and past) versions of this repo (go-github). Versions prior to 48.2.0 are not listed. | go-github Version | GitHub v3 API Version | -| ----------------- | --------------------- | +|-------------------| --------------------- | +| 53.3.0 | 2022-11-28 | | 53.2.0 | 2022-11-28 | | 53.1.0 | 2022-11-28 | | 53.0.0 | 2022-11-28 | diff --git a/github/github.go b/github/github.go index 1b41ffdc0e..bdf3515762 100644 --- a/github/github.go +++ b/github/github.go @@ -28,7 +28,7 @@ import ( ) const ( - Version = "v53.2.0" + Version = "v53.3.0" defaultAPIVersion = "2022-11-28" defaultBaseURL = "https://api.github.com/" @@ -179,36 +179,37 @@ type Client struct { common service // Reuse a single struct instead of allocating one for each service on the heap. // Services used for talking to different parts of the GitHub API. - Actions *ActionsService - Activity *ActivityService - Admin *AdminService - Apps *AppsService - Authorizations *AuthorizationsService - Billing *BillingService - Checks *ChecksService - CodeScanning *CodeScanningService - Codespaces *CodespacesService - Dependabot *DependabotService - Enterprise *EnterpriseService - Gists *GistsService - Git *GitService - Gitignores *GitignoresService - Interactions *InteractionsService - IssueImport *IssueImportService - Issues *IssuesService - Licenses *LicensesService - Marketplace *MarketplaceService - Migrations *MigrationService - Organizations *OrganizationsService - Projects *ProjectsService - PullRequests *PullRequestsService - Reactions *ReactionsService - Repositories *RepositoriesService - SCIM *SCIMService - Search *SearchService - SecretScanning *SecretScanningService - Teams *TeamsService - Users *UsersService + Actions *ActionsService + Activity *ActivityService + Admin *AdminService + Apps *AppsService + Authorizations *AuthorizationsService + Billing *BillingService + Checks *ChecksService + CodeScanning *CodeScanningService + Codespaces *CodespacesService + Dependabot *DependabotService + Enterprise *EnterpriseService + Gists *GistsService + Git *GitService + Gitignores *GitignoresService + Interactions *InteractionsService + IssueImport *IssueImportService + Issues *IssuesService + Licenses *LicensesService + Marketplace *MarketplaceService + Migrations *MigrationService + Organizations *OrganizationsService + Projects *ProjectsService + PullRequests *PullRequestsService + Reactions *ReactionsService + Repositories *RepositoriesService + SCIM *SCIMService + Search *SearchService + SecretScanning *SecretScanningService + SecurityAdvisories *SecurityAdvisoriesService + Teams *TeamsService + Users *UsersService } type service struct { @@ -346,6 +347,7 @@ func NewClient(httpClient *http.Client) *Client { c.SCIM = (*SCIMService)(&c.common) c.Search = (*SearchService)(&c.common) c.SecretScanning = (*SecretScanningService)(&c.common) + c.SecurityAdvisories = (*SecurityAdvisoriesService)(&c.common) c.Teams = (*TeamsService)(&c.common) c.Users = (*UsersService)(&c.common) return c diff --git a/github/security_advisories.go b/github/security_advisories.go new file mode 100644 index 0000000000..9caeb55ccc --- /dev/null +++ b/github/security_advisories.go @@ -0,0 +1,38 @@ +// Copyright 2023 The go-github AUTHORS. All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package github + +import ( + "context" + "fmt" +) + +type SecurityAdvisoriesService service + +// RequestCVE request a CVE for a repository security advisory. +// +// GitHub API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories#request-a-cve-for-a-repository-security-advisory +func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, ghsaID string) (*Response, error) { + url := fmt.Sprintf("repos/%v/%v/security-advisories/%v/cve", owner, repo, ghsaID) + + req, err := s.client.NewRequest("POST", url, nil) + if err != nil { + return nil, err + } + + resp, err := s.client.Do(ctx, req, nil) + + if err != nil { + _, ok := err.(*AcceptedError) + if ok { + return resp, nil + } + + return resp, err + } + + return resp, nil +} diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go new file mode 100644 index 0000000000..1062b1b2c5 --- /dev/null +++ b/github/security_advisories_test.go @@ -0,0 +1,37 @@ +// Copyright 2023 The go-github AUTHORS. All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package github + +import ( + "context" + "net/http" + "testing" +) + +func TestSecurityAdvisoriesService_RequestCVE(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/repos/o/r/security-advisories/ghsa_id/cve", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "POST") + w.WriteHeader(http.StatusAccepted) + }) + + ctx := context.Background() + _, err := client.SecurityAdvisories.RequestCVE(ctx, "o", "r", "ghsa_id") + if err != nil { + t.Errorf("SecurityAdvisoriesService.RequestCVE returned error: %v", err) + } + + const methodName = "RequestCVE" + testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { + resp, err := client.SecurityAdvisories.RequestCVE(ctx, "o", "r", "ghsa_id") + if err == nil { + t.Errorf("testNewRequestAndDoFailure %v should have return err", methodName) + } + return resp, err + }) +} From 1cad15282baa82f3c83305e9fe2f5fd54fe9fd27 Mon Sep 17 00:00:00 2001 From: be0x74a Date: Tue, 8 Aug 2023 09:11:10 +0100 Subject: [PATCH 2/3] Address PR review comments --- README.md | 3 +-- github/github.go | 2 +- github/security_advisories.go | 5 ++--- github/security_advisories_test.go | 19 +++++++++++++++++-- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1085b1dfd5..4e954e1575 100644 --- a/README.md +++ b/README.md @@ -395,8 +395,7 @@ supported by this (and past) versions of this repo (go-github). Versions prior to 48.2.0 are not listed. | go-github Version | GitHub v3 API Version | -|-------------------| --------------------- | -| 53.3.0 | 2022-11-28 | +| ----------------- | --------------------- | | 53.2.0 | 2022-11-28 | | 53.1.0 | 2022-11-28 | | 53.0.0 | 2022-11-28 | diff --git a/github/github.go b/github/github.go index bdf3515762..799608359b 100644 --- a/github/github.go +++ b/github/github.go @@ -28,7 +28,7 @@ import ( ) const ( - Version = "v53.3.0" + Version = "v53.2.0" defaultAPIVersion = "2022-11-28" defaultBaseURL = "https://api.github.com/" diff --git a/github/security_advisories.go b/github/security_advisories.go index 9caeb55ccc..dfba0a1d49 100644 --- a/github/security_advisories.go +++ b/github/security_advisories.go @@ -12,7 +12,7 @@ import ( type SecurityAdvisoriesService service -// RequestCVE request a CVE for a repository security advisory. +// RequestCVE requests a Common Vulnerabilities and Exposures (CVE) for a repository security advisory. // // GitHub API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories#request-a-cve-for-a-repository-security-advisory func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, ghsaID string) (*Response, error) { @@ -26,8 +26,7 @@ func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, resp, err := s.client.Do(ctx, req, nil) if err != nil { - _, ok := err.(*AcceptedError) - if ok { + if _, ok := err.(*AcceptedError); ok { return resp, nil } diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go index 1062b1b2c5..e4a6fbd7c1 100644 --- a/github/security_advisories_test.go +++ b/github/security_advisories_test.go @@ -15,18 +15,33 @@ func TestSecurityAdvisoriesService_RequestCVE(t *testing.T) { client, mux, _, teardown := setup() defer teardown() - mux.HandleFunc("/repos/o/r/security-advisories/ghsa_id/cve", func(w http.ResponseWriter, r *http.Request) { + mux.HandleFunc("/repos/o/r/security-advisories/ghsa_id_ok/cve", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "POST") + w.WriteHeader(http.StatusOK) + }) + + mux.HandleFunc("/repos/o/r/security-advisories/ghsa_id_accepted/cve", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "POST") w.WriteHeader(http.StatusAccepted) }) ctx := context.Background() - _, err := client.SecurityAdvisories.RequestCVE(ctx, "o", "r", "ghsa_id") + _, err := client.SecurityAdvisories.RequestCVE(ctx, "o", "r", "ghsa_id_ok") + if err != nil { + t.Errorf("SecurityAdvisoriesService.RequestCVE returned error: %v", err) + } + + _, err = client.SecurityAdvisories.RequestCVE(ctx, "o", "r", "ghsa_id_accepted") if err != nil { t.Errorf("SecurityAdvisoriesService.RequestCVE returned error: %v", err) } const methodName = "RequestCVE" + testBadOptions(t, methodName, func() (err error) { + _, err = client.SecurityAdvisories.RequestCVE(ctx, "\n", "\n", "\n") + return err + }) + testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { resp, err := client.SecurityAdvisories.RequestCVE(ctx, "o", "r", "ghsa_id") if err == nil { From 2353a1712fc7adb91c73b78c97d0f8dc4feb20ea Mon Sep 17 00:00:00 2001 From: be0x74a Date: Tue, 8 Aug 2023 13:04:58 +0100 Subject: [PATCH 3/3] Address PR review comments --- github/security_advisories.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/security_advisories.go b/github/security_advisories.go index dfba0a1d49..a75fce54d9 100644 --- a/github/security_advisories.go +++ b/github/security_advisories.go @@ -13,6 +13,7 @@ import ( type SecurityAdvisoriesService service // RequestCVE requests a Common Vulnerabilities and Exposures (CVE) for a repository security advisory. +// The ghsaID is the GitHub Security Advisory identifier of the advisory. // // GitHub API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories#request-a-cve-for-a-repository-security-advisory func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, ghsaID string) (*Response, error) { @@ -24,7 +25,6 @@ func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, } resp, err := s.client.Do(ctx, req, nil) - if err != nil { if _, ok := err.(*AcceptedError); ok { return resp, nil