refactor(vulnerabilities): rename fetchVulnerabilities to appendVulne…

…rabilityPackageRules (#21468)
renovatebot · Apr 12, 2023 · 9d28710 · 9d28710
1 parent 9b481c4
commit 9d28710
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 26 deletions.
diff --git a/lib/workers/repository/process/extract-update.spec.ts b/lib/workers/repository/process/extract-update.spec.ts
@@ -116,9 +116,9 @@ describe('workers/repository/process/extract-update', () => {
         suppressNotifications: ['deprecationWarningIssues'],
         osvVulnerabilityAlerts: true,
       };
-      const fetchVulnerabilitiesMock = jest.fn();
+      const appendVulnerabilityPackageRulesMock = jest.fn();
       createVulnerabilitiesMock.mockResolvedValueOnce({
-        fetchVulnerabilities: fetchVulnerabilitiesMock,
+        appendVulnerabilityPackageRules: appendVulnerabilityPackageRulesMock,
       });
       repositoryCache.getCache.mockReturnValueOnce({ scan: {} });
       git.checkoutBranch.mockResolvedValueOnce('123test');
@@ -127,7 +127,7 @@ describe('workers/repository/process/extract-update', () => {
       await lookup(config, packageFiles);
 
       expect(createVulnerabilitiesMock).toHaveBeenCalledOnce();
-      expect(fetchVulnerabilitiesMock).toHaveBeenCalledOnce();
+      expect(appendVulnerabilityPackageRulesMock).toHaveBeenCalledOnce();
     });
 
     it('handles exception when fetching vulnerabilities', async () => {

diff --git a/lib/workers/repository/process/extract-update.ts b/lib/workers/repository/process/extract-update.ts
@@ -175,7 +175,10 @@ async function fetchVulnerabilities(
   if (config.osvVulnerabilityAlerts) {
     try {
       const vulnerabilities = await Vulnerabilities.create();
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
     } catch (err) {
       logger.warn({ err }, 'Unable to read vulnerability information');
     }

diff --git a/lib/workers/repository/process/vulnerabilities.spec.ts b/lib/workers/repository/process/vulnerabilities.spec.ts
@@ -80,7 +80,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         ],
       };
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.trace).toHaveBeenCalledWith(
         'Cannot map datasource docker to OSV ecosystem'
       );
@@ -97,7 +100,10 @@ describe('workers/repository/process/vulnerabilities', () => {
       };
       getVulnerabilitiesMock.mockResolvedValueOnce([]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.trace).toHaveBeenCalledWith(
         'No vulnerabilities found in OSV database for lodash'
       );
@@ -121,7 +127,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(config.packageRules).toHaveLength(0);
     });
 
@@ -143,7 +152,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.trace).toHaveBeenCalledWith(
         'Skipping withdrawn vulnerability GHSA-x5rq-j2xg-h7qm'
       );
@@ -167,7 +179,10 @@ describe('workers/repository/process/vulnerabilities', () => {
       };
       getVulnerabilitiesMock.mockResolvedValueOnce([lodashVulnerability]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.debug).toHaveBeenCalledWith(
         'Skipping vulnerability lookup for package lodash due to unsupported version #4.17.11'
       );
@@ -191,7 +206,10 @@ describe('workers/repository/process/vulnerabilities', () => {
       };
       getVulnerabilitiesMock.mockRejectedValueOnce(err);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.warn).toHaveBeenCalledWith(
         { err },
         'Error fetching vulnerability information for lodash'
@@ -236,7 +254,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.debug).toHaveBeenCalledWith(
         { event },
         'Skipping OSV event with invalid version'
@@ -266,7 +287,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(config.packageRules).toHaveLength(0);
     });
 
@@ -294,7 +318,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.info).toHaveBeenCalledWith(
         'No fixed version available for vulnerability GHSA-xxxx-yyyy-zzzz in fake 4.17.11'
       );
@@ -333,7 +360,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.info).toHaveBeenCalledWith(
         'No fixed version available for vulnerability GHSA-xxxx-yyyy-zzzz in fake 1.5.1'
       );
@@ -379,7 +409,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.debug).toHaveBeenCalledWith(
         'Vulnerability GO-2022-0187 affects stdlib 1.7.5'
       );
@@ -454,7 +487,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(config.packageRules).toHaveLength(1);
       expect(config.packageRules).toMatchObject([
         {
@@ -513,7 +549,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(config.packageRules).toHaveLength(2);
       expect(config.packageRules).toMatchObject([
         {
@@ -546,7 +585,10 @@ describe('workers/repository/process/vulnerabilities', () => {
       };
       getVulnerabilitiesMock.mockResolvedValueOnce([lodashVulnerability]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(config.packageRules).toHaveLength(0);
     });
 
@@ -607,7 +649,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
 
       expect(config.packageRules).toHaveLength(1);
       expect(config.packageRules).toMatchObject([
@@ -686,7 +731,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
 
       expect(config.packageRules).toHaveLength(2);
       expect(config.packageRules).toMatchObject([
@@ -740,7 +788,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(logger.logger.debug).not.toHaveBeenCalledWith(
         'OSV advisory GHSA-xxxx-yyyy-zzzz lists quokka 1.2.3 as vulnerable'
       );
@@ -784,7 +835,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
       expect(config.packageRules).toHaveLength(1);
       expect(config.packageRules).toMatchObject([
         {
@@ -859,7 +913,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
 
       expect(logger.logger.debug).toHaveBeenCalledWith(
         'Error processing CVSS vector some-invalid-score'
@@ -921,7 +978,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
 
       expect(config.packageRules).toHaveLength(1);
       expect(config.packageRules).toMatchObject([
@@ -1003,7 +1063,10 @@ describe('workers/repository/process/vulnerabilities', () => {
         },
       ]);
 
-      await vulnerabilities.fetchVulnerabilities(config, packageFiles);
+      await vulnerabilities.appendVulnerabilityPackageRules(
+        config,
+        packageFiles
+      );
 
       expect(config.packageRules).toHaveLength(1);
       expect(config.packageRules).toMatchObject([

diff --git a/lib/workers/repository/process/vulnerabilities.ts b/lib/workers/repository/process/vulnerabilities.ts
@@ -50,7 +50,7 @@ export class Vulnerabilities {
     return instance;
   }
 
-  async fetchVulnerabilities(
+  async appendVulnerabilityPackageRules(
     config: RenovateConfig,
     packageFiles: Record<string, PackageFile[]>
   ): Promise<void> {