fixed is new alert logic

GetJobber · Feb 8, 2023 · dbdb84f · dbdb84f
1 parent 30a4ae0
commit dbdb84f
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -16,3 +16,6 @@
 1.4.0
  Added Slack notifications on new Dependabot issues
  Added equations to handle notes for non-CVEs
+
+1.4.1
+ Fixed to use created_at date for finding new alerts
diff --git a/lib/library_version_analysis/check_version_status.rb b/lib/library_version_analysis/check_version_status.rb
@@ -16,7 +16,7 @@ module LibraryVersionAnalysis
  :minor,
  :patch,
  :age,
- :dependabot_published_at,
+ :dependabot_created_at,
  :dependabot_permalink,
  keyword_init: true
  )
@@ -178,8 +178,7 @@ def notify(results)
 
  results.each do |hash_line|
  line = hash_line[1]
-
- if (!line.dependabot_published_at.nil? && line.dependabot_published_at > recent_time )
+ if (!line.dependabot_created_at.nil? && line.dependabot_created_at > recent_time )
  message = ":warning: NEW Dependabot alert! :warning:\n\nPackage: #{hash_line[0]}\n#{line.cvss}\n\nOwned by #{line.owner}\n#{line.dependabot_permalink}"
  SlackNotify.notify(message, "security-alerts")
  end

diff --git a/lib/library_version_analysis/github.rb b/lib/library_version_analysis/github.rb
@@ -81,7 +81,6 @@ def get_dependabot_findings(parsed_results, meta_data, github_name, ecosystem)
 
  alerts.each do |_, alert|
  package = alert[:package]
-
  cvss = "#{alert[:severity]} #{alert[:identifiers]}"
  if parsed_results.has_key?(package)
  parsed_results[package].cvss = cvss
@@ -93,13 +92,14 @@ def get_dependabot_findings(parsed_results, meta_data, github_name, ecosystem)
  patch: 0,
  age: 0,
  cvss: cvss,
- dependabot_published_at: Time.parse(alert[:published_at]),
- dependabot_permalink: alert[:permalink]
  )
 
  parsed_results[package] = vv
  end
 
+ parsed_results[package].dependabot_created_at = Time.parse(alert[:created_at])
+ parsed_results[package].dependabot_permalink = alert[:permalink]
+
  meta_data.total_cvss = meta_data.total_cvss + 1
  end
  end
@@ -132,7 +132,7 @@ def add_results(alerts, results, target_ecosystem)
  package: alert.security_vulnerability.package.name,
  identifiers: alert.security_vulnerability.advisory.identifiers.map(&:value),
  severity: alert.security_vulnerability.severity,
- published_at: alert.security_vulnerability.advisory.published_at,
+ created_at: alert.created_at,
  permalink: alert.security_vulnerability.advisory.permalink
  }
  end

diff --git a/lib/library_version_analysis/version.rb b/lib/library_version_analysis/version.rb
@@ -1,3 +1,3 @@
 module LibraryVersionAnalysis
- VERSION = "1.4.0".freeze
+ VERSION = "1.4.1".freeze
 end