From e53fa9295d44026b2715ed6b1dd87dae3e33f76f Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Sat, 26 Aug 2023 17:22:30 +0530 Subject: [PATCH 01/10] added API for Lists repository security advisories for an organization --- github/security_advisories.go | 223 +++++++++++++++++++++++++++++ github/security_advisories_test.go | 126 ++++++++++++++++ 2 files changed, 349 insertions(+) diff --git a/github/security_advisories.go b/github/security_advisories.go index a75fce54d9..2f2ac2a0d3 100644 --- a/github/security_advisories.go +++ b/github/security_advisories.go @@ -12,6 +12,205 @@ import ( type SecurityAdvisoriesService service +// SecurityAdvisoryUser represents a security advisory user +type SecurityAdvisoryUser struct { + Name *string `json:"name,omitempty"` + Email *string `json:"email,omitempty"` + Login *string `json:"login,omitempty"` + ID *int64 `json:"id,omitempty"` + NodeID *string `json:"node_id,omitempty"` + AvatarURL *string `json:"avatar_url,omitempty"` + GravatarID *string `json:"gravatar_id,omitempty"` + URL *string `json:"url,omitempty"` + HTMLURL *string `json:"html_url,omitempty"` + FollowersURL *string `json:"followers_url,omitempty"` + FollowingURL *string `json:"following_url,omitempty"` + GistsURL *string `json:"gists_url,omitempty"` + StarredURL *string `json:"starred_url,omitempty"` + SubscriptionsURL *string `json:"subscriptions_url,omitempty"` + OrganizationsURL *string `json:"organizations_url,omitempty"` + ReposURL *string `json:"repos_url,omitempty"` + EventsURL *string `json:"events_url,omitempty"` + ReceivedEventsURL *string `json:"received_events_url,omitempty"` + Type *string `json:"type,omitempty"` + SiteAdmin *bool `json:"site_admin,omitempty"` + StarredAt *Timestamp `json:"starred_at,omitempty"` +} + +// SecurityAdvisorySubmission represents the Security Advisory Submission +type SecurityAdvisorySubmission struct { + // Accepted represents whether a private vulnerability report was accepted by the repository's administrators. + Accepted *bool `json:"accepted,omitempty"` +} + +// Vulnerability represents the vulnerability object for a Security Advisory. +type Vulnerability struct { + Package *VulnerabilityPackage `json:"package,omitempty"` + VulnerableVersionRange *string `json:"vulnerable_version_range,omitempty"` + PatchedVersions *string `json:"patched_versions,omitempty"` + VulnerableFunctions []string `json:"vulnerable_functions,omitempty"` +} + +// Credit represents the credit object for a Security Advisory. +type Credit struct { + Login *string `json:"login,omitempty"` + Type *string `json:"type,omitempty"` +} + +// CreditDetailed represents a credit given to a user for a repository Security Advisory. +type CreditDetailed struct { + User *SecurityAdvisoryUser `json:"user,omitempty"` + Type *string `json:"type,omitempty"` + State *string `json:"state,omitempty"` +} + +// Permissions represent a team's permissions +type Permissions struct { + Pull *bool `json:"pull,omitempty"` + Triage *bool `json:"triage,omitempty"` + Push *bool `json:"push,omitempty"` + Maintain *bool `json:"maintain,omitempty"` + Admin *bool `json:"admin,omitempty"` +} + +// TeamParent represents a team's parent team +type TeamParent struct { + ID *int64 `json:"id,omitempty"` + NodeID *string `json:"node_id,omitempty"` + URL *string `json:"url,omitempty"` + MembersURL *string `json:"members_url,omitempty"` + Name *string `json:"name,omitempty"` + Description *string `json:"description,omitempty"` + Permission *string `json:"permission,omitempty"` + Privacy *string `json:"privacy,omitempty"` + NotificationSetting *string `json:"notification_setting,omitempty"` + HTMLURL *string `json:"html_url,omitempty"` + RepositoriesURL *string `json:"repositories_url,omitempty"` + Slug *string `json:"slug,omitempty"` + LDAPDN *string `json:"ldap_dn,omitempty"` +} + +// CollaboratingTeam represents a team that collaborate on the advisory. +type CollaboratingTeam struct { + ID *int64 `json:"id,omitempty"` + NodeID *string `json:"node_id,omitempty"` + Name *string `json:"name,omitempty"` + Slug *string `json:"slug,omitempty"` + Description *string `json:"description,omitempty"` + Privacy *string `json:"privacy,omitempty"` + NotificationSetting *string `json:"notification_setting,omitempty"` + Permission *string `json:"permission,omitempty"` + Permissions Permissions `json:"permissions,omitempty"` + URL *string `json:"url,omitempty"` + HTMLURL *string `json:"html_url,omitempty"` + MembersURL *string `json:"members_url,omitempty"` + RepositoriesURL *string `json:"repositories_url,omitempty"` + Parent *TeamParent `json:"parent,omitempty"` +} + +// PrivateFork represents a temporary private fork of the advisory's repository for collaborating on a fix. +type PrivateFork struct { + ID *int64 `json:"id,omitempty"` + NodeID *string `json:"node_id,omitempty"` + Name *string `json:"name,omitempty"` + FullName *string `json:"full_name,omitempty"` + Owner *SecurityAdvisoryUser `json:"owner,omitempty"` + Private *bool `json:"private,omitempty"` + HTMLURL *string `json:"html_url,omitempty"` + Description *string `json:"description,omitempty"` + Fork *bool `json:"fork,omitempty"` + URL *string `json:"url,omitempty"` + ArchiveURL *string `json:"archive_url,omitempty"` + AssigneesURL *string `json:"assignees_url,omitempty"` + BlobsURL *string `json:"blobs_url,omitempty"` + BranchesURL *string `json:"branches_url,omitempty"` + CollaboratorsURL *string `json:"collaborators_url,omitempty"` + CommentsURL *string `json:"comments_url,omitempty"` + CommitsURL *string `json:"commits_url,omitempty"` + CompareURL *string `json:"compare_url,omitempty"` + ContentsURL *string `json:"contents_url,omitempty"` + ContributorsURL *string `json:"contributors_url,omitempty"` + DeploymentsURL *string `json:"deployments_url,omitempty"` + DownloadsURL *string `json:"downloads_url,omitempty"` + EventsURL *string `json:"events_url,omitempty"` + ForksURL *string `json:"forks_url,omitempty"` + GitCommitsURL *string `json:"git_commits_url,omitempty"` + GitRefsURL *string `json:"git_refs_url,omitempty"` + GitTagsURL *string `json:"git_tags_url,omitempty"` + IssueCommentURL *string `json:"issue_comment_url,omitempty"` + IssueEventsURL *string `json:"issue_events_url,omitempty"` + IssuesURL *string `json:"issues_url,omitempty"` + KeysURL *string `json:"keys_url,omitempty"` + LabelsURL *string `json:"labels_url,omitempty"` + LanguagesURL *string `json:"languages_url,omitempty"` + MergesURL *string `json:"merges_url,omitempty"` + MilestonesURL *string `json:"milestones_url,omitempty"` + NotificationsURL *string `json:"notifications_url,omitempty"` + PullsURL *string `json:"pulls_url,omitempty"` + ReleasesURL *string `json:"releases_url,omitempty"` + StargazersURL *string `json:"stargazers_url,omitempty"` + StatusesURL *string `json:"statuses_url,omitempty"` + SubscribersURL *string `json:"subscribers_url,omitempty"` + SubscriptionURL *string `json:"subscription_url,omitempty"` + TagsURL *string `json:"tags_url,omitempty"` + TeamsURL *string `json:"teams_url,omitempty"` + TreesURL *string `json:"trees_url,omitempty"` + HooksURL *string `json:"hooks_url,omitempty"` +} + +// RepoSecurityAdvisory represents a repository security advisory. +type RepoSecurityAdvisory struct { + GHSAID *string `json:"ghsa_id,omitempty"` + CVEID *string `json:"cve_id,omitempty"` + URL *string `json:"url,omitempty"` + HTMLURL *string `json:"html_url,omitempty"` + Summary *string `json:"summary,omitempty"` + Description *string `json:"description,omitempty"` + Severity *string `json:"severity,omitempty"` + Author *SecurityAdvisoryUser `json:"author,omitempty"` + Publisher *SecurityAdvisoryUser `json:"publisher,omitempty"` + Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` + State *string `json:"state,omitempty"` + CreatedAt *Timestamp `json:"created_at,omitempty"` + UpdatedAt *Timestamp `json:"updated_at,omitempty"` + PublishedAt *Timestamp `json:"published_at,omitempty"` + ClosedAt *Timestamp `json:"closed_at,omitempty"` + WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` + Submission *SecurityAdvisorySubmission `json:"submission,omitempty"` + Vulnerabilities []*Vulnerability `json:"vulnerabilities,omitempty"` + CVSs *AdvisoryCVSs `json:"cvss,omitempty"` + CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` + CWEIDs []string `json:"cwe_ids,omitempty"` + Credits []*Credit `json:"credits,omitempty"` + CreditsDetailed []*CreditDetailed `json:"credits_detailed,omitempty"` + CollaboratingUsers []*SecurityAdvisoryUser `json:"collaborating_users,omitempty"` + CollaboratingTeams []*CollaboratingTeam `json:"collaborating_teams,omitempty"` + PrivateFork *PrivateFork `json:"private_fork,omitempty"` +} + +// ListRepositorySecurityAdvisoriesOptions specifies the optional parameters to lists the repository security advisories +type ListRepositorySecurityAdvisoriesOptions struct { + // Direction in which to sort advisories. Possible values are: asc, desc. + // Default is "asc". + Direction string `url:"direction,omitempty"` + + // Sort specifies how to sort advisories. Possible values are: created, updated, + // and published. Default value is "created". + Sort string `url:"sort,omitempty"` + + // A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. + Before string `url:"before,omitempty"` + + // A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. + After string `url:"after,omitempty"` + + // For paginated result sets, the number of advisories to include per page. + PerPage int `url:"per_page,omitempty"` + + // State filters advisories based on their state. Possible values are: triage, draft, published, closed + State string `url:"state,omitempty"` +} + // RequestCVE requests a Common Vulnerabilities and Exposures (CVE) for a repository security advisory. // The ghsaID is the GitHub Security Advisory identifier of the advisory. // @@ -35,3 +234,27 @@ func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, return resp, nil } + +// ListRepositorySecurityAdvisoriesForOrg lists the repository security advisories for an organization. +// +// Github API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories-for-an-organization +func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx context.Context, org string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*RepoSecurityAdvisory, *Response, error) { + url := fmt.Sprintf("orgs/%v/security-advisories", org) + url, err := addOptions(url, opt) + if err != nil { + return nil, nil, err + } + + req, err := s.client.NewRequest("GET", url, nil) + if err != nil { + return nil, nil, err + } + + var advisories []*RepoSecurityAdvisory + resp, err := s.client.Do(ctx, req, &advisories) + if err != nil { + return nil, resp, err + } + + return advisories, resp, nil +} diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go index e4a6fbd7c1..1d72620950 100644 --- a/github/security_advisories_test.go +++ b/github/security_advisories_test.go @@ -7,7 +7,9 @@ package github import ( "context" + "github.com/google/go-cmp/cmp" "net/http" + "strings" "testing" ) @@ -50,3 +52,127 @@ func TestSecurityAdvisoriesService_RequestCVE(t *testing.T) { return resp, err }) } + +func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg_BadRequest(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/orgs/o/security-advisories", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + + http.Error(w, "Bad Request", 400) + }) + + ctx := context.Background() + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "o", nil) + if err == nil { + t.Errorf("Expected HTTP 400 response") + } + if got, want := resp.Response.StatusCode, http.StatusBadRequest; got != want { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg return status %d, want %d", got, want) + } + if advisories != nil { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg return %+v, want nil", advisories) + } +} + +func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg_NotFound(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/orgs/o/security-advisories", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + + http.NotFound(w, r) + }) + + ctx := context.Background() + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "o", nil) + if err == nil { + t.Errorf("Expected HTTP 404 response") + } + if got, want := resp.Response.StatusCode, http.StatusNotFound; got != want { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg return status %d, want %d", got, want) + } + if advisories != nil { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg return %+v, want nil", advisories) + } +} + +func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg_UnmarshalError(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/orgs/o/security-advisories", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + + w.WriteHeader(http.StatusOK) + w.Write([]byte(`[{"ghsa_id": 12334354}]`)) + }) + + ctx := context.Background() + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "o", nil) + if err == nil { + t.Errorf("Expected unmarshal error") + } else if !strings.Contains(err.Error(), "json: cannot unmarshal number into Go struct field RepoSecurityAdvisory.ghsa_id of type string") { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg returned unexpected error: %v", err) + } + if got, want := resp.Response.StatusCode, http.StatusOK; got != want { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg return status %d, want %d", got, want) + } + if advisories != nil { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg return %+v, want nil", advisories) + } +} + +func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/orgs/o/security-advisories", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + + w.WriteHeader(http.StatusOK) + w.Write([]byte(`[ + { + "ghsa_id": "GHSA-abcd-1234-efgh", + "cve_id": "CVE-2050-00000" + } + ]`)) + }) + + ctx := context.Background() + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "o", nil) + if err != nil { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg returned error: %v, want nil", err) + } + if got, want := resp.Response.StatusCode, http.StatusOK; got != want { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg return status %d, want %d", got, want) + } + + want := []*RepoSecurityAdvisory{ + { + GHSAID: String("GHSA-abcd-1234-efgh"), + CVEID: String("CVE-2050-00000"), + }, + } + if !cmp.Equal(advisories, want) { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg returned %+v, want %+v", advisories, want) + } + + methodName := "ListRepositorySecurityAdvisoriesForOrg" + testBadOptions(t, methodName, func() (err error) { + _, _, err = client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "\n", &ListRepositorySecurityAdvisoriesOptions{ + Sort: "\n", + }) + return err + }) + + testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { + got, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "o", nil) + if got != nil { + t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got) + } + return resp, err + }) +} From bc0f60e7542ae510a50e13fbd4ebeea3740fafe4 Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Sat, 26 Aug 2023 21:12:47 +0530 Subject: [PATCH 02/10] added API to lists security advisories in a repository --- github/security_advisories.go | 24 +++++ github/security_advisories_test.go | 140 ++++++++++++++++++++++++++++- 2 files changed, 163 insertions(+), 1 deletion(-) diff --git a/github/security_advisories.go b/github/security_advisories.go index 2f2ac2a0d3..2753c408f4 100644 --- a/github/security_advisories.go +++ b/github/security_advisories.go @@ -258,3 +258,27 @@ func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx c return advisories, resp, nil } + +// ListRepositorySecurityAdvisories lists the security advisories in a repository. +// +// Github API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories +func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisories(ctx context.Context, owner string, repo string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*RepoSecurityAdvisory, *Response, error) { + url := fmt.Sprintf("repos/%v/%v/security-advisories", owner, repo) + url, err := addOptions(url, opt) + if err != nil { + return nil, nil, err + } + + req, err := s.client.NewRequest("GET", url, nil) + if err != nil { + return nil, nil, err + } + + var advisories []*RepoSecurityAdvisory + resp, err := s.client.Do(ctx, req, &advisories) + if err != nil { + return nil, resp, err + } + + return advisories, resp, nil +} diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go index 1d72620950..3b037b9200 100644 --- a/github/security_advisories_test.go +++ b/github/security_advisories_test.go @@ -83,11 +83,18 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg_NotFou mux.HandleFunc("/orgs/o/security-advisories", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "GET") + query := r.URL.Query() + if query.Get("state") != "draft" { + t.Errorf("ListRepositorySecurityAdvisoriesForOrg returned %+v, want %+v", query.Get("state"), "draft") + } + http.NotFound(w, r) }) ctx := context.Background() - advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "o", nil) + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "o", &ListRepositorySecurityAdvisoriesOptions{ + State: "draft", + }) if err == nil { t.Errorf("Expected HTTP 404 response") } @@ -176,3 +183,134 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg(t *tes return resp, err }) } + +func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisories_BadRequest(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/repos/o/r/security-advisories", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + + http.Error(w, "Bad Request", 400) + }) + + ctx := context.Background() + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisories(ctx, "o", "r", nil) + if err == nil { + t.Errorf("Expected HTTP 400 response") + } + if got, want := resp.Response.StatusCode, http.StatusBadRequest; got != want { + t.Errorf("ListRepositorySecurityAdvisories return status %d, want %d", got, want) + } + if advisories != nil { + t.Errorf("ListRepositorySecurityAdvisories return %+v, want nil", advisories) + } +} + +func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisories_NotFound(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/repos/o/r/security-advisories", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + + query := r.URL.Query() + if query.Get("state") != "draft" { + t.Errorf("ListRepositorySecurityAdvisories returned %+v, want %+v", query.Get("state"), "draft") + } + + http.NotFound(w, r) + }) + + ctx := context.Background() + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisories(ctx, "o", "r", &ListRepositorySecurityAdvisoriesOptions{ + State: "draft", + }) + if err == nil { + t.Errorf("Expected HTTP 404 response") + } + if got, want := resp.Response.StatusCode, http.StatusNotFound; got != want { + t.Errorf("ListRepositorySecurityAdvisories return status %d, want %d", got, want) + } + if advisories != nil { + t.Errorf("ListRepositorySecurityAdvisories return %+v, want nil", advisories) + } +} + +func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisories_UnmarshalError(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/repos/o/r/security-advisories", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + + w.WriteHeader(http.StatusOK) + w.Write([]byte(`[{"ghsa_id": 12334354}]`)) + }) + + ctx := context.Background() + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisories(ctx, "o", "r", nil) + if err == nil { + t.Errorf("Expected unmarshal error") + } else if !strings.Contains(err.Error(), "json: cannot unmarshal number into Go struct field RepoSecurityAdvisory.ghsa_id of type string") { + t.Errorf("ListRepositorySecurityAdvisories returned unexpected error: %v", err) + } + if got, want := resp.Response.StatusCode, http.StatusOK; got != want { + t.Errorf("ListRepositorySecurityAdvisories return status %d, want %d", got, want) + } + if advisories != nil { + t.Errorf("ListRepositorySecurityAdvisories return %+v, want nil", advisories) + } +} + +func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisories(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/repos/o/r/security-advisories", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + + w.WriteHeader(http.StatusOK) + w.Write([]byte(`[ + { + "ghsa_id": "GHSA-abcd-1234-efgh", + "cve_id": "CVE-2050-00000" + } + ]`)) + }) + + ctx := context.Background() + advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisories(ctx, "o", "r", nil) + if err != nil { + t.Errorf("ListRepositorySecurityAdvisories returned error: %v, want nil", err) + } + if got, want := resp.Response.StatusCode, http.StatusOK; got != want { + t.Errorf("ListRepositorySecurityAdvisories return status %d, want %d", got, want) + } + + want := []*RepoSecurityAdvisory{ + { + GHSAID: String("GHSA-abcd-1234-efgh"), + CVEID: String("CVE-2050-00000"), + }, + } + if !cmp.Equal(advisories, want) { + t.Errorf("ListRepositorySecurityAdvisories returned %+v, want %+v", advisories, want) + } + + methodName := "ListRepositorySecurityAdvisories" + testBadOptions(t, methodName, func() (err error) { + _, _, err = client.SecurityAdvisories.ListRepositorySecurityAdvisories(ctx, "\n", "\n", &ListRepositorySecurityAdvisoriesOptions{ + Sort: "\n", + }) + return err + }) + + testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { + got, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisories(ctx, "o", "r", nil) + if got != nil { + t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got) + } + return resp, err + }) +} From a338d64a3cdef32569981242e94edecb7159e66b Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Sun, 27 Aug 2023 22:43:44 +0530 Subject: [PATCH 03/10] fmt test file --- github/security_advisories_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go index 3b037b9200..ac816d5af9 100644 --- a/github/security_advisories_test.go +++ b/github/security_advisories_test.go @@ -7,10 +7,11 @@ package github import ( "context" - "github.com/google/go-cmp/cmp" "net/http" "strings" "testing" + + "github.com/google/go-cmp/cmp" ) func TestSecurityAdvisoriesService_RequestCVE(t *testing.T) { From 8830158dd321001611795289afea1de5ab4cd2a2 Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Sat, 30 Sep 2023 21:38:36 +0530 Subject: [PATCH 04/10] updated structs and fmt --- github/security_advisories.go | 215 ++++++++++++++-------------------- 1 file changed, 85 insertions(+), 130 deletions(-) diff --git a/github/security_advisories.go b/github/security_advisories.go index 2753c408f4..077553a2b8 100644 --- a/github/security_advisories.go +++ b/github/security_advisories.go @@ -12,32 +12,7 @@ import ( type SecurityAdvisoriesService service -// SecurityAdvisoryUser represents a security advisory user -type SecurityAdvisoryUser struct { - Name *string `json:"name,omitempty"` - Email *string `json:"email,omitempty"` - Login *string `json:"login,omitempty"` - ID *int64 `json:"id,omitempty"` - NodeID *string `json:"node_id,omitempty"` - AvatarURL *string `json:"avatar_url,omitempty"` - GravatarID *string `json:"gravatar_id,omitempty"` - URL *string `json:"url,omitempty"` - HTMLURL *string `json:"html_url,omitempty"` - FollowersURL *string `json:"followers_url,omitempty"` - FollowingURL *string `json:"following_url,omitempty"` - GistsURL *string `json:"gists_url,omitempty"` - StarredURL *string `json:"starred_url,omitempty"` - SubscriptionsURL *string `json:"subscriptions_url,omitempty"` - OrganizationsURL *string `json:"organizations_url,omitempty"` - ReposURL *string `json:"repos_url,omitempty"` - EventsURL *string `json:"events_url,omitempty"` - ReceivedEventsURL *string `json:"received_events_url,omitempty"` - Type *string `json:"type,omitempty"` - SiteAdmin *bool `json:"site_admin,omitempty"` - StarredAt *Timestamp `json:"starred_at,omitempty"` -} - -// SecurityAdvisorySubmission represents the Security Advisory Submission +// SecurityAdvisorySubmission represents the Security Advisory Submission. type SecurityAdvisorySubmission struct { // Accepted represents whether a private vulnerability report was accepted by the repository's administrators. Accepted *bool `json:"accepted,omitempty"` @@ -51,29 +26,27 @@ type Vulnerability struct { VulnerableFunctions []string `json:"vulnerable_functions,omitempty"` } -// Credit represents the credit object for a Security Advisory. -type Credit struct { +// RepoAdvisoryCredit represents the credit object for a repository Security Advisory. +type RepoAdvisoryCredit struct { Login *string `json:"login,omitempty"` Type *string `json:"type,omitempty"` } -// CreditDetailed represents a credit given to a user for a repository Security Advisory. -type CreditDetailed struct { - User *SecurityAdvisoryUser `json:"user,omitempty"` - Type *string `json:"type,omitempty"` - State *string `json:"state,omitempty"` +// RepoAdvisoryCreditDetailed represents a credit given to a user for a repository Security Advisory. +type RepoAdvisoryCreditDetailed struct { + User *User `json:"user,omitempty"` + Type *string `json:"type,omitempty"` + State *string `json:"state,omitempty"` } -// Permissions represent a team's permissions +// Permissions represent a team's permissions. type Permissions struct { - Pull *bool `json:"pull,omitempty"` + TeamPermissionsFrom Triage *bool `json:"triage,omitempty"` - Push *bool `json:"push,omitempty"` Maintain *bool `json:"maintain,omitempty"` - Admin *bool `json:"admin,omitempty"` } -// TeamParent represents a team's parent team +// TeamParent represents a team's parent team. type TeamParent struct { ID *int64 `json:"id,omitempty"` NodeID *string `json:"node_id,omitempty"` @@ -90,105 +63,87 @@ type TeamParent struct { LDAPDN *string `json:"ldap_dn,omitempty"` } -// CollaboratingTeam represents a team that collaborate on the advisory. -type CollaboratingTeam struct { - ID *int64 `json:"id,omitempty"` - NodeID *string `json:"node_id,omitempty"` - Name *string `json:"name,omitempty"` - Slug *string `json:"slug,omitempty"` - Description *string `json:"description,omitempty"` - Privacy *string `json:"privacy,omitempty"` - NotificationSetting *string `json:"notification_setting,omitempty"` - Permission *string `json:"permission,omitempty"` - Permissions Permissions `json:"permissions,omitempty"` - URL *string `json:"url,omitempty"` - HTMLURL *string `json:"html_url,omitempty"` - MembersURL *string `json:"members_url,omitempty"` - RepositoriesURL *string `json:"repositories_url,omitempty"` - Parent *TeamParent `json:"parent,omitempty"` -} - // PrivateFork represents a temporary private fork of the advisory's repository for collaborating on a fix. type PrivateFork struct { - ID *int64 `json:"id,omitempty"` - NodeID *string `json:"node_id,omitempty"` - Name *string `json:"name,omitempty"` - FullName *string `json:"full_name,omitempty"` - Owner *SecurityAdvisoryUser `json:"owner,omitempty"` - Private *bool `json:"private,omitempty"` - HTMLURL *string `json:"html_url,omitempty"` - Description *string `json:"description,omitempty"` - Fork *bool `json:"fork,omitempty"` - URL *string `json:"url,omitempty"` - ArchiveURL *string `json:"archive_url,omitempty"` - AssigneesURL *string `json:"assignees_url,omitempty"` - BlobsURL *string `json:"blobs_url,omitempty"` - BranchesURL *string `json:"branches_url,omitempty"` - CollaboratorsURL *string `json:"collaborators_url,omitempty"` - CommentsURL *string `json:"comments_url,omitempty"` - CommitsURL *string `json:"commits_url,omitempty"` - CompareURL *string `json:"compare_url,omitempty"` - ContentsURL *string `json:"contents_url,omitempty"` - ContributorsURL *string `json:"contributors_url,omitempty"` - DeploymentsURL *string `json:"deployments_url,omitempty"` - DownloadsURL *string `json:"downloads_url,omitempty"` - EventsURL *string `json:"events_url,omitempty"` - ForksURL *string `json:"forks_url,omitempty"` - GitCommitsURL *string `json:"git_commits_url,omitempty"` - GitRefsURL *string `json:"git_refs_url,omitempty"` - GitTagsURL *string `json:"git_tags_url,omitempty"` - IssueCommentURL *string `json:"issue_comment_url,omitempty"` - IssueEventsURL *string `json:"issue_events_url,omitempty"` - IssuesURL *string `json:"issues_url,omitempty"` - KeysURL *string `json:"keys_url,omitempty"` - LabelsURL *string `json:"labels_url,omitempty"` - LanguagesURL *string `json:"languages_url,omitempty"` - MergesURL *string `json:"merges_url,omitempty"` - MilestonesURL *string `json:"milestones_url,omitempty"` - NotificationsURL *string `json:"notifications_url,omitempty"` - PullsURL *string `json:"pulls_url,omitempty"` - ReleasesURL *string `json:"releases_url,omitempty"` - StargazersURL *string `json:"stargazers_url,omitempty"` - StatusesURL *string `json:"statuses_url,omitempty"` - SubscribersURL *string `json:"subscribers_url,omitempty"` - SubscriptionURL *string `json:"subscription_url,omitempty"` - TagsURL *string `json:"tags_url,omitempty"` - TeamsURL *string `json:"teams_url,omitempty"` - TreesURL *string `json:"trees_url,omitempty"` - HooksURL *string `json:"hooks_url,omitempty"` + ID *int64 `json:"id,omitempty"` + NodeID *string `json:"node_id,omitempty"` + Name *string `json:"name,omitempty"` + FullName *string `json:"full_name,omitempty"` + Owner *User `json:"owner,omitempty"` + Private *bool `json:"private,omitempty"` + HTMLURL *string `json:"html_url,omitempty"` + Description *string `json:"description,omitempty"` + Fork *bool `json:"fork,omitempty"` + URL *string `json:"url,omitempty"` + ArchiveURL *string `json:"archive_url,omitempty"` + AssigneesURL *string `json:"assignees_url,omitempty"` + BlobsURL *string `json:"blobs_url,omitempty"` + BranchesURL *string `json:"branches_url,omitempty"` + CollaboratorsURL *string `json:"collaborators_url,omitempty"` + CommentsURL *string `json:"comments_url,omitempty"` + CommitsURL *string `json:"commits_url,omitempty"` + CompareURL *string `json:"compare_url,omitempty"` + ContentsURL *string `json:"contents_url,omitempty"` + ContributorsURL *string `json:"contributors_url,omitempty"` + DeploymentsURL *string `json:"deployments_url,omitempty"` + DownloadsURL *string `json:"downloads_url,omitempty"` + EventsURL *string `json:"events_url,omitempty"` + ForksURL *string `json:"forks_url,omitempty"` + GitCommitsURL *string `json:"git_commits_url,omitempty"` + GitRefsURL *string `json:"git_refs_url,omitempty"` + GitTagsURL *string `json:"git_tags_url,omitempty"` + IssueCommentURL *string `json:"issue_comment_url,omitempty"` + IssueEventsURL *string `json:"issue_events_url,omitempty"` + IssuesURL *string `json:"issues_url,omitempty"` + KeysURL *string `json:"keys_url,omitempty"` + LabelsURL *string `json:"labels_url,omitempty"` + LanguagesURL *string `json:"languages_url,omitempty"` + MergesURL *string `json:"merges_url,omitempty"` + MilestonesURL *string `json:"milestones_url,omitempty"` + NotificationsURL *string `json:"notifications_url,omitempty"` + PullsURL *string `json:"pulls_url,omitempty"` + ReleasesURL *string `json:"releases_url,omitempty"` + StargazersURL *string `json:"stargazers_url,omitempty"` + StatusesURL *string `json:"statuses_url,omitempty"` + SubscribersURL *string `json:"subscribers_url,omitempty"` + SubscriptionURL *string `json:"subscription_url,omitempty"` + TagsURL *string `json:"tags_url,omitempty"` + TeamsURL *string `json:"teams_url,omitempty"` + TreesURL *string `json:"trees_url,omitempty"` + HooksURL *string `json:"hooks_url,omitempty"` } // RepoSecurityAdvisory represents a repository security advisory. type RepoSecurityAdvisory struct { - GHSAID *string `json:"ghsa_id,omitempty"` - CVEID *string `json:"cve_id,omitempty"` - URL *string `json:"url,omitempty"` - HTMLURL *string `json:"html_url,omitempty"` - Summary *string `json:"summary,omitempty"` - Description *string `json:"description,omitempty"` - Severity *string `json:"severity,omitempty"` - Author *SecurityAdvisoryUser `json:"author,omitempty"` - Publisher *SecurityAdvisoryUser `json:"publisher,omitempty"` - Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` - State *string `json:"state,omitempty"` - CreatedAt *Timestamp `json:"created_at,omitempty"` - UpdatedAt *Timestamp `json:"updated_at,omitempty"` - PublishedAt *Timestamp `json:"published_at,omitempty"` - ClosedAt *Timestamp `json:"closed_at,omitempty"` - WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` - Submission *SecurityAdvisorySubmission `json:"submission,omitempty"` - Vulnerabilities []*Vulnerability `json:"vulnerabilities,omitempty"` - CVSs *AdvisoryCVSs `json:"cvss,omitempty"` - CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` - CWEIDs []string `json:"cwe_ids,omitempty"` - Credits []*Credit `json:"credits,omitempty"` - CreditsDetailed []*CreditDetailed `json:"credits_detailed,omitempty"` - CollaboratingUsers []*SecurityAdvisoryUser `json:"collaborating_users,omitempty"` - CollaboratingTeams []*CollaboratingTeam `json:"collaborating_teams,omitempty"` - PrivateFork *PrivateFork `json:"private_fork,omitempty"` + GHSAID *string `json:"ghsa_id,omitempty"` + CVEID *string `json:"cve_id,omitempty"` + URL *string `json:"url,omitempty"` + HTMLURL *string `json:"html_url,omitempty"` + Summary *string `json:"summary,omitempty"` + Description *string `json:"description,omitempty"` + Severity *string `json:"severity,omitempty"` + Author *User `json:"author,omitempty"` + Publisher *User `json:"publisher,omitempty"` + Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` + State *string `json:"state,omitempty"` + CreatedAt *Timestamp `json:"created_at,omitempty"` + UpdatedAt *Timestamp `json:"updated_at,omitempty"` + PublishedAt *Timestamp `json:"published_at,omitempty"` + ClosedAt *Timestamp `json:"closed_at,omitempty"` + WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` + Submission *SecurityAdvisorySubmission `json:"submission,omitempty"` + Vulnerabilities []*Vulnerability `json:"vulnerabilities,omitempty"` + CVSs *AdvisoryCVSs `json:"cvss,omitempty"` + CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` + CWEIDs []string `json:"cwe_ids,omitempty"` + Credits []*RepoAdvisoryCredit `json:"credits,omitempty"` + CreditsDetailed []*RepoAdvisoryCreditDetailed `json:"credits_detailed,omitempty"` + CollaboratingUsers []*User `json:"collaborating_users,omitempty"` + CollaboratingTeams []*Team `json:"collaborating_teams,omitempty"` + PrivateFork *PrivateFork `json:"private_fork,omitempty"` } -// ListRepositorySecurityAdvisoriesOptions specifies the optional parameters to lists the repository security advisories +// ListRepositorySecurityAdvisoriesOptions specifies the optional parameters to lists the repository security advisories. type ListRepositorySecurityAdvisoriesOptions struct { // Direction in which to sort advisories. Possible values are: asc, desc. // Default is "asc". @@ -207,7 +162,7 @@ type ListRepositorySecurityAdvisoriesOptions struct { // For paginated result sets, the number of advisories to include per page. PerPage int `url:"per_page,omitempty"` - // State filters advisories based on their state. Possible values are: triage, draft, published, closed + // State filters advisories based on their state. Possible values are: triage, draft, published, closed. State string `url:"state,omitempty"` } From 3c72dec678b439599d07b4622fb8e596b081c5df Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Mon, 2 Oct 2023 10:39:13 +0530 Subject: [PATCH 05/10] updated and reuse existing structs --- github/event_types.go | 45 ++++++++---- github/security_advisories.go | 128 +++------------------------------- 2 files changed, 42 insertions(+), 131 deletions(-) diff --git a/github/event_types.go b/github/event_types.go index 1a403da9b9..dcbc22fc98 100644 --- a/github/event_types.go +++ b/github/event_types.go @@ -1610,18 +1610,33 @@ type WorkflowRunEvent struct { // // GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory type SecurityAdvisory struct { - CVSS *AdvisoryCVSS `json:"cvss,omitempty"` - CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` - GHSAID *string `json:"ghsa_id,omitempty"` - Summary *string `json:"summary,omitempty"` - Description *string `json:"description,omitempty"` - Severity *string `json:"severity,omitempty"` - Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` - References []*AdvisoryReference `json:"references,omitempty"` - PublishedAt *Timestamp `json:"published_at,omitempty"` - UpdatedAt *Timestamp `json:"updated_at,omitempty"` - WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` - Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"` + CVSS *AdvisoryCVSS `json:"cvss,omitempty"` + CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` + GHSAID *string `json:"ghsa_id,omitempty"` + Summary *string `json:"summary,omitempty"` + Description *string `json:"description,omitempty"` + Severity *string `json:"severity,omitempty"` + Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` + References []*AdvisoryReference `json:"references,omitempty"` + PublishedAt *Timestamp `json:"published_at,omitempty"` + UpdatedAt *Timestamp `json:"updated_at,omitempty"` + WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` + Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"` + CVEID *string `json:"cve_id,omitempty"` + URL *string `json:"url,omitempty"` + HTMLURL *string `json:"html_url,omitempty"` + Author *User `json:"author,omitempty"` + Publisher *User `json:"publisher,omitempty"` + State *string `json:"state,omitempty"` + CreatedAt *Timestamp `json:"created_at,omitempty"` + ClosedAt *Timestamp `json:"closed_at,omitempty"` + Submission *SecurityAdvisorySubmission `json:"submission,omitempty"` + CWEIDs []string `json:"cwe_ids,omitempty"` + Credits []*RepoAdvisoryCredit `json:"credits,omitempty"` + CreditsDetailed []*RepoAdvisoryCreditDetailed `json:"credits_detailed,omitempty"` + CollaboratingUsers []*User `json:"collaborating_users,omitempty"` + CollaboratingTeams []*Team `json:"collaborating_teams,omitempty"` + PrivateFork *Repository `json:"private_fork,omitempty"` } // AdvisoryIdentifier represents the identifier for a Security Advisory. @@ -1641,6 +1656,12 @@ type AdvisoryVulnerability struct { Severity *string `json:"severity,omitempty"` VulnerableVersionRange *string `json:"vulnerable_version_range,omitempty"` FirstPatchedVersion *FirstPatchedVersion `json:"first_patched_version,omitempty"` + + // PatchedVersions and VulnerableFunctions are used in the following APIs: + // - https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories-for-an-organization + // - https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories + PatchedVersions *string `json:"patched_versions,omitempty"` + VulnerableFunctions []string `json:"vulnerable_functions,omitempty"` } // VulnerabilityPackage represents the package object for an Advisory Vulnerability. diff --git a/github/security_advisories.go b/github/security_advisories.go index 077553a2b8..c791881a90 100644 --- a/github/security_advisories.go +++ b/github/security_advisories.go @@ -18,14 +18,6 @@ type SecurityAdvisorySubmission struct { Accepted *bool `json:"accepted,omitempty"` } -// Vulnerability represents the vulnerability object for a Security Advisory. -type Vulnerability struct { - Package *VulnerabilityPackage `json:"package,omitempty"` - VulnerableVersionRange *string `json:"vulnerable_version_range,omitempty"` - PatchedVersions *string `json:"patched_versions,omitempty"` - VulnerableFunctions []string `json:"vulnerable_functions,omitempty"` -} - // RepoAdvisoryCredit represents the credit object for a repository Security Advisory. type RepoAdvisoryCredit struct { Login *string `json:"login,omitempty"` @@ -41,110 +33,17 @@ type RepoAdvisoryCreditDetailed struct { // Permissions represent a team's permissions. type Permissions struct { - TeamPermissionsFrom + Admin *bool `json:"admin,omitempty"` + Pull *bool `json:"pull,omitempty"` + Push *bool `json:"push,omitempty"` Triage *bool `json:"triage,omitempty"` Maintain *bool `json:"maintain,omitempty"` } -// TeamParent represents a team's parent team. -type TeamParent struct { - ID *int64 `json:"id,omitempty"` - NodeID *string `json:"node_id,omitempty"` - URL *string `json:"url,omitempty"` - MembersURL *string `json:"members_url,omitempty"` - Name *string `json:"name,omitempty"` - Description *string `json:"description,omitempty"` - Permission *string `json:"permission,omitempty"` - Privacy *string `json:"privacy,omitempty"` - NotificationSetting *string `json:"notification_setting,omitempty"` - HTMLURL *string `json:"html_url,omitempty"` - RepositoriesURL *string `json:"repositories_url,omitempty"` - Slug *string `json:"slug,omitempty"` - LDAPDN *string `json:"ldap_dn,omitempty"` -} - -// PrivateFork represents a temporary private fork of the advisory's repository for collaborating on a fix. -type PrivateFork struct { - ID *int64 `json:"id,omitempty"` - NodeID *string `json:"node_id,omitempty"` - Name *string `json:"name,omitempty"` - FullName *string `json:"full_name,omitempty"` - Owner *User `json:"owner,omitempty"` - Private *bool `json:"private,omitempty"` - HTMLURL *string `json:"html_url,omitempty"` - Description *string `json:"description,omitempty"` - Fork *bool `json:"fork,omitempty"` - URL *string `json:"url,omitempty"` - ArchiveURL *string `json:"archive_url,omitempty"` - AssigneesURL *string `json:"assignees_url,omitempty"` - BlobsURL *string `json:"blobs_url,omitempty"` - BranchesURL *string `json:"branches_url,omitempty"` - CollaboratorsURL *string `json:"collaborators_url,omitempty"` - CommentsURL *string `json:"comments_url,omitempty"` - CommitsURL *string `json:"commits_url,omitempty"` - CompareURL *string `json:"compare_url,omitempty"` - ContentsURL *string `json:"contents_url,omitempty"` - ContributorsURL *string `json:"contributors_url,omitempty"` - DeploymentsURL *string `json:"deployments_url,omitempty"` - DownloadsURL *string `json:"downloads_url,omitempty"` - EventsURL *string `json:"events_url,omitempty"` - ForksURL *string `json:"forks_url,omitempty"` - GitCommitsURL *string `json:"git_commits_url,omitempty"` - GitRefsURL *string `json:"git_refs_url,omitempty"` - GitTagsURL *string `json:"git_tags_url,omitempty"` - IssueCommentURL *string `json:"issue_comment_url,omitempty"` - IssueEventsURL *string `json:"issue_events_url,omitempty"` - IssuesURL *string `json:"issues_url,omitempty"` - KeysURL *string `json:"keys_url,omitempty"` - LabelsURL *string `json:"labels_url,omitempty"` - LanguagesURL *string `json:"languages_url,omitempty"` - MergesURL *string `json:"merges_url,omitempty"` - MilestonesURL *string `json:"milestones_url,omitempty"` - NotificationsURL *string `json:"notifications_url,omitempty"` - PullsURL *string `json:"pulls_url,omitempty"` - ReleasesURL *string `json:"releases_url,omitempty"` - StargazersURL *string `json:"stargazers_url,omitempty"` - StatusesURL *string `json:"statuses_url,omitempty"` - SubscribersURL *string `json:"subscribers_url,omitempty"` - SubscriptionURL *string `json:"subscription_url,omitempty"` - TagsURL *string `json:"tags_url,omitempty"` - TeamsURL *string `json:"teams_url,omitempty"` - TreesURL *string `json:"trees_url,omitempty"` - HooksURL *string `json:"hooks_url,omitempty"` -} - -// RepoSecurityAdvisory represents a repository security advisory. -type RepoSecurityAdvisory struct { - GHSAID *string `json:"ghsa_id,omitempty"` - CVEID *string `json:"cve_id,omitempty"` - URL *string `json:"url,omitempty"` - HTMLURL *string `json:"html_url,omitempty"` - Summary *string `json:"summary,omitempty"` - Description *string `json:"description,omitempty"` - Severity *string `json:"severity,omitempty"` - Author *User `json:"author,omitempty"` - Publisher *User `json:"publisher,omitempty"` - Identifiers []*AdvisoryIdentifier `json:"identifiers,omitempty"` - State *string `json:"state,omitempty"` - CreatedAt *Timestamp `json:"created_at,omitempty"` - UpdatedAt *Timestamp `json:"updated_at,omitempty"` - PublishedAt *Timestamp `json:"published_at,omitempty"` - ClosedAt *Timestamp `json:"closed_at,omitempty"` - WithdrawnAt *Timestamp `json:"withdrawn_at,omitempty"` - Submission *SecurityAdvisorySubmission `json:"submission,omitempty"` - Vulnerabilities []*Vulnerability `json:"vulnerabilities,omitempty"` - CVSs *AdvisoryCVSs `json:"cvss,omitempty"` - CWEs []*AdvisoryCWEs `json:"cwes,omitempty"` - CWEIDs []string `json:"cwe_ids,omitempty"` - Credits []*RepoAdvisoryCredit `json:"credits,omitempty"` - CreditsDetailed []*RepoAdvisoryCreditDetailed `json:"credits_detailed,omitempty"` - CollaboratingUsers []*User `json:"collaborating_users,omitempty"` - CollaboratingTeams []*Team `json:"collaborating_teams,omitempty"` - PrivateFork *PrivateFork `json:"private_fork,omitempty"` -} - // ListRepositorySecurityAdvisoriesOptions specifies the optional parameters to lists the repository security advisories. type ListRepositorySecurityAdvisoriesOptions struct { + ListCursorOptions + // Direction in which to sort advisories. Possible values are: asc, desc. // Default is "asc". Direction string `url:"direction,omitempty"` @@ -153,15 +52,6 @@ type ListRepositorySecurityAdvisoriesOptions struct { // and published. Default value is "created". Sort string `url:"sort,omitempty"` - // A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. - Before string `url:"before,omitempty"` - - // A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. - After string `url:"after,omitempty"` - - // For paginated result sets, the number of advisories to include per page. - PerPage int `url:"per_page,omitempty"` - // State filters advisories based on their state. Possible values are: triage, draft, published, closed. State string `url:"state,omitempty"` } @@ -193,7 +83,7 @@ func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, // ListRepositorySecurityAdvisoriesForOrg lists the repository security advisories for an organization. // // Github API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories-for-an-organization -func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx context.Context, org string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*RepoSecurityAdvisory, *Response, error) { +func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx context.Context, org string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) { url := fmt.Sprintf("orgs/%v/security-advisories", org) url, err := addOptions(url, opt) if err != nil { @@ -205,7 +95,7 @@ func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx c return nil, nil, err } - var advisories []*RepoSecurityAdvisory + var advisories []*SecurityAdvisory resp, err := s.client.Do(ctx, req, &advisories) if err != nil { return nil, resp, err @@ -217,7 +107,7 @@ func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx c // ListRepositorySecurityAdvisories lists the security advisories in a repository. // // Github API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories -func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisories(ctx context.Context, owner string, repo string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*RepoSecurityAdvisory, *Response, error) { +func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisories(ctx context.Context, owner string, repo string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) { url := fmt.Sprintf("repos/%v/%v/security-advisories", owner, repo) url, err := addOptions(url, opt) if err != nil { @@ -229,7 +119,7 @@ func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisories(ctx context return nil, nil, err } - var advisories []*RepoSecurityAdvisory + var advisories []*SecurityAdvisory resp, err := s.client.Do(ctx, req, &advisories) if err != nil { return nil, resp, err From 835aaa2e34ba2b55934161f5af95292f7161717c Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Mon, 2 Oct 2023 20:40:15 +0530 Subject: [PATCH 06/10] fix test case --- github/security_advisories_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go index ac816d5af9..175a6091ec 100644 --- a/github/security_advisories_test.go +++ b/github/security_advisories_test.go @@ -158,7 +158,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg(t *tes t.Errorf("ListRepositorySecurityAdvisoriesForOrg return status %d, want %d", got, want) } - want := []*RepoSecurityAdvisory{ + want := []*SecurityAdvisory{ { GHSAID: String("GHSA-abcd-1234-efgh"), CVEID: String("CVE-2050-00000"), @@ -289,7 +289,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisories(t *testing.T t.Errorf("ListRepositorySecurityAdvisories return status %d, want %d", got, want) } - want := []*RepoSecurityAdvisory{ + want := []*SecurityAdvisory{ { GHSAID: String("GHSA-abcd-1234-efgh"), CVEID: String("CVE-2050-00000"), From 110c448f086354dbb09d730bfee44faf4c05a0b3 Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Mon, 2 Oct 2023 20:45:16 +0530 Subject: [PATCH 07/10] fixed comments --- github/security_advisories.go | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/github/security_advisories.go b/github/security_advisories.go index c791881a90..681d0cd4bd 100644 --- a/github/security_advisories.go +++ b/github/security_advisories.go @@ -31,16 +31,7 @@ type RepoAdvisoryCreditDetailed struct { State *string `json:"state,omitempty"` } -// Permissions represent a team's permissions. -type Permissions struct { - Admin *bool `json:"admin,omitempty"` - Pull *bool `json:"pull,omitempty"` - Push *bool `json:"push,omitempty"` - Triage *bool `json:"triage,omitempty"` - Maintain *bool `json:"maintain,omitempty"` -} - -// ListRepositorySecurityAdvisoriesOptions specifies the optional parameters to lists the repository security advisories. +// ListRepositorySecurityAdvisoriesOptions specifies the optional parameters to list the repository security advisories. type ListRepositorySecurityAdvisoriesOptions struct { ListCursorOptions @@ -82,7 +73,7 @@ func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, // ListRepositorySecurityAdvisoriesForOrg lists the repository security advisories for an organization. // -// Github API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories-for-an-organization +// GitHub API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories-for-an-organization func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx context.Context, org string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) { url := fmt.Sprintf("orgs/%v/security-advisories", org) url, err := addOptions(url, opt) @@ -106,8 +97,8 @@ func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisoriesForOrg(ctx c // ListRepositorySecurityAdvisories lists the security advisories in a repository. // -// Github API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories -func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisories(ctx context.Context, owner string, repo string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) { +// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/security-advisories/repository-advisories?apiVersion=2022-11-28#list-repository-security-advisories +func (s *SecurityAdvisoriesService) ListRepositorySecurityAdvisories(ctx context.Context, owner, repo string, opt *ListRepositorySecurityAdvisoriesOptions) ([]*SecurityAdvisory, *Response, error) { url := fmt.Sprintf("repos/%v/%v/security-advisories", owner, repo) url, err := addOptions(url, opt) if err != nil { From 8322f1543d3534a49b541bfc9d3d4d98830ededc Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Mon, 2 Oct 2023 22:56:47 +0530 Subject: [PATCH 08/10] updated test file --- github/security_advisories_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go index 175a6091ec..2358c20380 100644 --- a/github/security_advisories_test.go +++ b/github/security_advisories_test.go @@ -122,7 +122,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg_Unmars advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisoriesForOrg(ctx, "o", nil) if err == nil { t.Errorf("Expected unmarshal error") - } else if !strings.Contains(err.Error(), "json: cannot unmarshal number into Go struct field RepoSecurityAdvisory.ghsa_id of type string") { + } else if !strings.Contains(err.Error(), "json: cannot unmarshal number into Go struct field SecurityAdvisory.ghsa_id of type string") { t.Errorf("ListRepositorySecurityAdvisoriesForOrg returned unexpected error: %v", err) } if got, want := resp.Response.StatusCode, http.StatusOK; got != want { @@ -144,7 +144,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg(t *tes w.Write([]byte(`[ { "ghsa_id": "GHSA-abcd-1234-efgh", - "cve_id": "CVE-2050-00000" + "cve_id": "CVE-2050-00000", } ]`)) }) @@ -253,7 +253,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisories_UnmarshalErr advisories, resp, err := client.SecurityAdvisories.ListRepositorySecurityAdvisories(ctx, "o", "r", nil) if err == nil { t.Errorf("Expected unmarshal error") - } else if !strings.Contains(err.Error(), "json: cannot unmarshal number into Go struct field RepoSecurityAdvisory.ghsa_id of type string") { + } else if !strings.Contains(err.Error(), "json: cannot unmarshal number into Go struct field SecurityAdvisory.ghsa_id of type string") { t.Errorf("ListRepositorySecurityAdvisories returned unexpected error: %v", err) } if got, want := resp.Response.StatusCode, http.StatusOK; got != want { From 8f14e490c578c983922e8a52e4ff3bc24fba5d4b Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Tue, 3 Oct 2023 13:55:38 +0530 Subject: [PATCH 09/10] fix test cases --- github/security_advisories_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go index 2358c20380..061c0aeb83 100644 --- a/github/security_advisories_test.go +++ b/github/security_advisories_test.go @@ -144,8 +144,8 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg(t *tes w.Write([]byte(`[ { "ghsa_id": "GHSA-abcd-1234-efgh", - "cve_id": "CVE-2050-00000", - } + "cve_id": "CVE-2050-00000" + } ]`)) }) From 460fd8a8af58c2943460f9941362afb1e7034da7 Mon Sep 17 00:00:00 2001 From: Anish Rajan Date: Wed, 4 Oct 2023 09:28:04 +0530 Subject: [PATCH 10/10] go generate and fix lint errors --- github/github-accessors.go | 136 +++++++++++++++++++++++++ github/github-accessors_test.go | 155 +++++++++++++++++++++++++++++ github/security_advisories_test.go | 8 +- 3 files changed, 295 insertions(+), 4 deletions(-) diff --git a/github/github-accessors.go b/github/github-accessors.go index b305bfc644..673aa318be 100644 --- a/github/github-accessors.go +++ b/github/github-accessors.go @@ -438,6 +438,14 @@ func (a *AdvisoryVulnerability) GetPackage() *VulnerabilityPackage { return a.Package } +// GetPatchedVersions returns the PatchedVersions field if it's non-nil, zero value otherwise. +func (a *AdvisoryVulnerability) GetPatchedVersions() string { + if a == nil || a.PatchedVersions == nil { + return "" + } + return *a.PatchedVersions +} + // GetSeverity returns the Severity field if it's non-nil, zero value otherwise. func (a *AdvisoryVulnerability) GetSeverity() string { if a == nil || a.Severity == nil { @@ -17686,6 +17694,46 @@ func (r *RenameOrgResponse) GetURL() string { return *r.URL } +// GetLogin returns the Login field if it's non-nil, zero value otherwise. +func (r *RepoAdvisoryCredit) GetLogin() string { + if r == nil || r.Login == nil { + return "" + } + return *r.Login +} + +// GetType returns the Type field if it's non-nil, zero value otherwise. +func (r *RepoAdvisoryCredit) GetType() string { + if r == nil || r.Type == nil { + return "" + } + return *r.Type +} + +// GetState returns the State field if it's non-nil, zero value otherwise. +func (r *RepoAdvisoryCreditDetailed) GetState() string { + if r == nil || r.State == nil { + return "" + } + return *r.State +} + +// GetType returns the Type field if it's non-nil, zero value otherwise. +func (r *RepoAdvisoryCreditDetailed) GetType() string { + if r == nil || r.Type == nil { + return "" + } + return *r.Type +} + +// GetUser returns the User field. +func (r *RepoAdvisoryCreditDetailed) GetUser() *User { + if r == nil { + return nil + } + return r.User +} + // GetDownloadLocation returns the DownloadLocation field if it's non-nil, zero value otherwise. func (r *RepoDependencies) GetDownloadLocation() string { if r == nil || r.DownloadLocation == nil { @@ -21006,6 +21054,38 @@ func (s *SecretScanningPushProtection) GetStatus() string { return *s.Status } +// GetAuthor returns the Author field. +func (s *SecurityAdvisory) GetAuthor() *User { + if s == nil { + return nil + } + return s.Author +} + +// GetClosedAt returns the ClosedAt field if it's non-nil, zero value otherwise. +func (s *SecurityAdvisory) GetClosedAt() Timestamp { + if s == nil || s.ClosedAt == nil { + return Timestamp{} + } + return *s.ClosedAt +} + +// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise. +func (s *SecurityAdvisory) GetCreatedAt() Timestamp { + if s == nil || s.CreatedAt == nil { + return Timestamp{} + } + return *s.CreatedAt +} + +// GetCVEID returns the CVEID field if it's non-nil, zero value otherwise. +func (s *SecurityAdvisory) GetCVEID() string { + if s == nil || s.CVEID == nil { + return "" + } + return *s.CVEID +} + // GetCVSS returns the CVSS field. func (s *SecurityAdvisory) GetCVSS() *AdvisoryCVSS { if s == nil { @@ -21030,6 +21110,22 @@ func (s *SecurityAdvisory) GetGHSAID() string { return *s.GHSAID } +// GetHTMLURL returns the HTMLURL field if it's non-nil, zero value otherwise. +func (s *SecurityAdvisory) GetHTMLURL() string { + if s == nil || s.HTMLURL == nil { + return "" + } + return *s.HTMLURL +} + +// GetPrivateFork returns the PrivateFork field. +func (s *SecurityAdvisory) GetPrivateFork() *Repository { + if s == nil { + return nil + } + return s.PrivateFork +} + // GetPublishedAt returns the PublishedAt field if it's non-nil, zero value otherwise. func (s *SecurityAdvisory) GetPublishedAt() Timestamp { if s == nil || s.PublishedAt == nil { @@ -21038,6 +21134,14 @@ func (s *SecurityAdvisory) GetPublishedAt() Timestamp { return *s.PublishedAt } +// GetPublisher returns the Publisher field. +func (s *SecurityAdvisory) GetPublisher() *User { + if s == nil { + return nil + } + return s.Publisher +} + // GetSeverity returns the Severity field if it's non-nil, zero value otherwise. func (s *SecurityAdvisory) GetSeverity() string { if s == nil || s.Severity == nil { @@ -21046,6 +21150,22 @@ func (s *SecurityAdvisory) GetSeverity() string { return *s.Severity } +// GetState returns the State field if it's non-nil, zero value otherwise. +func (s *SecurityAdvisory) GetState() string { + if s == nil || s.State == nil { + return "" + } + return *s.State +} + +// GetSubmission returns the Submission field. +func (s *SecurityAdvisory) GetSubmission() *SecurityAdvisorySubmission { + if s == nil { + return nil + } + return s.Submission +} + // GetSummary returns the Summary field if it's non-nil, zero value otherwise. func (s *SecurityAdvisory) GetSummary() string { if s == nil || s.Summary == nil { @@ -21062,6 +21182,14 @@ func (s *SecurityAdvisory) GetUpdatedAt() Timestamp { return *s.UpdatedAt } +// GetURL returns the URL field if it's non-nil, zero value otherwise. +func (s *SecurityAdvisory) GetURL() string { + if s == nil || s.URL == nil { + return "" + } + return *s.URL +} + // GetWithdrawnAt returns the WithdrawnAt field if it's non-nil, zero value otherwise. func (s *SecurityAdvisory) GetWithdrawnAt() Timestamp { if s == nil || s.WithdrawnAt == nil { @@ -21126,6 +21254,14 @@ func (s *SecurityAdvisoryEvent) GetSender() *User { return s.Sender } +// GetAccepted returns the Accepted field if it's non-nil, zero value otherwise. +func (s *SecurityAdvisorySubmission) GetAccepted() bool { + if s == nil || s.Accepted == nil { + return false + } + return *s.Accepted +} + // GetAdvancedSecurity returns the AdvancedSecurity field. func (s *SecurityAndAnalysis) GetAdvancedSecurity() *AdvancedSecurity { if s == nil { diff --git a/github/github-accessors_test.go b/github/github-accessors_test.go index 962e5e8f73..88906c8a7b 100644 --- a/github/github-accessors_test.go +++ b/github/github-accessors_test.go @@ -503,6 +503,16 @@ func TestAdvisoryVulnerability_GetPackage(tt *testing.T) { a.GetPackage() } +func TestAdvisoryVulnerability_GetPatchedVersions(tt *testing.T) { + var zeroValue string + a := &AdvisoryVulnerability{PatchedVersions: &zeroValue} + a.GetPatchedVersions() + a = &AdvisoryVulnerability{} + a.GetPatchedVersions() + a = nil + a.GetPatchedVersions() +} + func TestAdvisoryVulnerability_GetSeverity(tt *testing.T) { var zeroValue string a := &AdvisoryVulnerability{Severity: &zeroValue} @@ -20539,6 +20549,53 @@ func TestRenameOrgResponse_GetURL(tt *testing.T) { r.GetURL() } +func TestRepoAdvisoryCredit_GetLogin(tt *testing.T) { + var zeroValue string + r := &RepoAdvisoryCredit{Login: &zeroValue} + r.GetLogin() + r = &RepoAdvisoryCredit{} + r.GetLogin() + r = nil + r.GetLogin() +} + +func TestRepoAdvisoryCredit_GetType(tt *testing.T) { + var zeroValue string + r := &RepoAdvisoryCredit{Type: &zeroValue} + r.GetType() + r = &RepoAdvisoryCredit{} + r.GetType() + r = nil + r.GetType() +} + +func TestRepoAdvisoryCreditDetailed_GetState(tt *testing.T) { + var zeroValue string + r := &RepoAdvisoryCreditDetailed{State: &zeroValue} + r.GetState() + r = &RepoAdvisoryCreditDetailed{} + r.GetState() + r = nil + r.GetState() +} + +func TestRepoAdvisoryCreditDetailed_GetType(tt *testing.T) { + var zeroValue string + r := &RepoAdvisoryCreditDetailed{Type: &zeroValue} + r.GetType() + r = &RepoAdvisoryCreditDetailed{} + r.GetType() + r = nil + r.GetType() +} + +func TestRepoAdvisoryCreditDetailed_GetUser(tt *testing.T) { + r := &RepoAdvisoryCreditDetailed{} + r.GetUser() + r = nil + r.GetUser() +} + func TestRepoDependencies_GetDownloadLocation(tt *testing.T) { var zeroValue string r := &RepoDependencies{DownloadLocation: &zeroValue} @@ -24500,6 +24557,43 @@ func TestSecretScanningPushProtection_GetStatus(tt *testing.T) { s.GetStatus() } +func TestSecurityAdvisory_GetAuthor(tt *testing.T) { + s := &SecurityAdvisory{} + s.GetAuthor() + s = nil + s.GetAuthor() +} + +func TestSecurityAdvisory_GetClosedAt(tt *testing.T) { + var zeroValue Timestamp + s := &SecurityAdvisory{ClosedAt: &zeroValue} + s.GetClosedAt() + s = &SecurityAdvisory{} + s.GetClosedAt() + s = nil + s.GetClosedAt() +} + +func TestSecurityAdvisory_GetCreatedAt(tt *testing.T) { + var zeroValue Timestamp + s := &SecurityAdvisory{CreatedAt: &zeroValue} + s.GetCreatedAt() + s = &SecurityAdvisory{} + s.GetCreatedAt() + s = nil + s.GetCreatedAt() +} + +func TestSecurityAdvisory_GetCVEID(tt *testing.T) { + var zeroValue string + s := &SecurityAdvisory{CVEID: &zeroValue} + s.GetCVEID() + s = &SecurityAdvisory{} + s.GetCVEID() + s = nil + s.GetCVEID() +} + func TestSecurityAdvisory_GetCVSS(tt *testing.T) { s := &SecurityAdvisory{} s.GetCVSS() @@ -24527,6 +24621,23 @@ func TestSecurityAdvisory_GetGHSAID(tt *testing.T) { s.GetGHSAID() } +func TestSecurityAdvisory_GetHTMLURL(tt *testing.T) { + var zeroValue string + s := &SecurityAdvisory{HTMLURL: &zeroValue} + s.GetHTMLURL() + s = &SecurityAdvisory{} + s.GetHTMLURL() + s = nil + s.GetHTMLURL() +} + +func TestSecurityAdvisory_GetPrivateFork(tt *testing.T) { + s := &SecurityAdvisory{} + s.GetPrivateFork() + s = nil + s.GetPrivateFork() +} + func TestSecurityAdvisory_GetPublishedAt(tt *testing.T) { var zeroValue Timestamp s := &SecurityAdvisory{PublishedAt: &zeroValue} @@ -24537,6 +24648,13 @@ func TestSecurityAdvisory_GetPublishedAt(tt *testing.T) { s.GetPublishedAt() } +func TestSecurityAdvisory_GetPublisher(tt *testing.T) { + s := &SecurityAdvisory{} + s.GetPublisher() + s = nil + s.GetPublisher() +} + func TestSecurityAdvisory_GetSeverity(tt *testing.T) { var zeroValue string s := &SecurityAdvisory{Severity: &zeroValue} @@ -24547,6 +24665,23 @@ func TestSecurityAdvisory_GetSeverity(tt *testing.T) { s.GetSeverity() } +func TestSecurityAdvisory_GetState(tt *testing.T) { + var zeroValue string + s := &SecurityAdvisory{State: &zeroValue} + s.GetState() + s = &SecurityAdvisory{} + s.GetState() + s = nil + s.GetState() +} + +func TestSecurityAdvisory_GetSubmission(tt *testing.T) { + s := &SecurityAdvisory{} + s.GetSubmission() + s = nil + s.GetSubmission() +} + func TestSecurityAdvisory_GetSummary(tt *testing.T) { var zeroValue string s := &SecurityAdvisory{Summary: &zeroValue} @@ -24567,6 +24702,16 @@ func TestSecurityAdvisory_GetUpdatedAt(tt *testing.T) { s.GetUpdatedAt() } +func TestSecurityAdvisory_GetURL(tt *testing.T) { + var zeroValue string + s := &SecurityAdvisory{URL: &zeroValue} + s.GetURL() + s = &SecurityAdvisory{} + s.GetURL() + s = nil + s.GetURL() +} + func TestSecurityAdvisory_GetWithdrawnAt(tt *testing.T) { var zeroValue Timestamp s := &SecurityAdvisory{WithdrawnAt: &zeroValue} @@ -24629,6 +24774,16 @@ func TestSecurityAdvisoryEvent_GetSender(tt *testing.T) { s.GetSender() } +func TestSecurityAdvisorySubmission_GetAccepted(tt *testing.T) { + var zeroValue bool + s := &SecurityAdvisorySubmission{Accepted: &zeroValue} + s.GetAccepted() + s = &SecurityAdvisorySubmission{} + s.GetAccepted() + s = nil + s.GetAccepted() +} + func TestSecurityAndAnalysis_GetAdvancedSecurity(tt *testing.T) { s := &SecurityAndAnalysis{} s.GetAdvancedSecurity() diff --git a/github/security_advisories_test.go b/github/security_advisories_test.go index 061c0aeb83..5476ef6138 100644 --- a/github/security_advisories_test.go +++ b/github/security_advisories_test.go @@ -115,7 +115,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg_Unmars testMethod(t, r, "GET") w.WriteHeader(http.StatusOK) - w.Write([]byte(`[{"ghsa_id": 12334354}]`)) + assertWrite(t, w, []byte(`[{"ghsa_id": 12334354}]`)) }) ctx := context.Background() @@ -141,7 +141,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisoriesForOrg(t *tes testMethod(t, r, "GET") w.WriteHeader(http.StatusOK) - w.Write([]byte(`[ + assertWrite(t, w, []byte(`[ { "ghsa_id": "GHSA-abcd-1234-efgh", "cve_id": "CVE-2050-00000" @@ -246,7 +246,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisories_UnmarshalErr testMethod(t, r, "GET") w.WriteHeader(http.StatusOK) - w.Write([]byte(`[{"ghsa_id": 12334354}]`)) + assertWrite(t, w, []byte(`[{"ghsa_id": 12334354}]`)) }) ctx := context.Background() @@ -272,7 +272,7 @@ func TestSecurityAdvisoriesService_ListRepositorySecurityAdvisories(t *testing.T testMethod(t, r, "GET") w.WriteHeader(http.StatusOK) - w.Write([]byte(`[ + assertWrite(t, w, []byte(`[ { "ghsa_id": "GHSA-abcd-1234-efgh", "cve_id": "CVE-2050-00000"