refactor: simplify vulnerability aggregation

renovatebot · Feb 21, 2021 · e86bddd · e86bddd
1 parent 5a02743
commit e86bddd
Showing 1 changed file with 16 additions and 14 deletions.
diff --git a/lib/workers/repository/init/vulnerability.ts b/lib/workers/repository/init/vulnerability.ts
@@ -54,6 +54,13 @@ export async function detectVulnerabilityAlerts(
     return input;
   }
   const config = { ...input };
+  const versionings: Record<string, string> = {
+    maven: mavenVersioning.id,
+    npm: npmVersioning.id,
+    nuget: semverVersioning.id,
+    pip_requirements: pep440Versioning.id,
+    rubygems: rubyVersioning.id,
+  };
   const combinedAlerts: CombinedAlert = {};
   for (const alert of alerts) {
     try {
@@ -76,30 +83,25 @@ export async function detectVulnerabilityAlerts(
       };
       const datasource =
         datasourceMapping[alert.securityVulnerability.package.ecosystem];
+      const depName = alert.securityVulnerability.package.name;
+      const fileName = alert.vulnerableManifestPath;
+      const firstPatchedVersion =
+        alert.securityVulnerability.firstPatchedVersion.identifier;
+      const advisory = alert.securityAdvisory;
+      const { vulnerableRequirements } = alert;
       if (!combinedAlerts[datasource]) {
         combinedAlerts[datasource] = {};
       }
-      const depName = alert.securityVulnerability.package.name;
       if (!combinedAlerts[datasource][depName]) {
         combinedAlerts[datasource][depName] = {};
       }
-      const fileName = alert.vulnerableManifestPath;
       if (!combinedAlerts[datasource][depName][fileName]) {
         combinedAlerts[datasource][depName][fileName] = {
           advisories: [],
         };
       }
       const alertDetails = combinedAlerts[datasource][depName][fileName];
-      alertDetails.advisories.push(alert.securityAdvisory);
-      const firstPatchedVersion =
-        alert.securityVulnerability.firstPatchedVersion.identifier;
-      const versionings: Record<string, string> = {
-        maven: mavenVersioning.id,
-        npm: npmVersioning.id,
-        nuget: semverVersioning.id,
-        pip_requirements: pep440Versioning.id,
-        rubygems: rubyVersioning.id,
-      };
+      alertDetails.advisories.push(advisory);
       const version = allVersioning.get(versionings[datasource]);
       if (version.isVersion(firstPatchedVersion)) {
         if (alertDetails.firstPatchedVersion) {
@@ -110,11 +112,11 @@ export async function detectVulnerabilityAlerts(
             )
           ) {
             alertDetails.firstPatchedVersion = firstPatchedVersion;
-            alertDetails.vulnerableRequirements = alert.vulnerableRequirements;
+            alertDetails.vulnerableRequirements = vulnerableRequirements;
           }
         } else {
           alertDetails.firstPatchedVersion = firstPatchedVersion;
-          alertDetails.vulnerableRequirements = alert.vulnerableRequirements;
+          alertDetails.vulnerableRequirements = vulnerableRequirements;
         }
       } else {
         logger.debug('Invalid firstPatchedVersion: ' + firstPatchedVersion);