Merge pull request #76 from v4lproik/add-repository-vulnerability-alert

Add repository vulnerability alert event

Author: Dean Karn

github/github.go

@@ -28,43 +28,44 @@ type Event string
 
 // GitHub hook types
 const (
-	CheckRunEvent                 Event = "check_run"
-	CheckSuiteEvent               Event = "check_suite"
-	CommitCommentEvent            Event = "commit_comment"
-	CreateEvent                   Event = "create"
-	DeleteEvent                   Event = "delete"
-	DeploymentEvent               Event = "deployment"
-	DeploymentStatusEvent         Event = "deployment_status"
-	ForkEvent                     Event = "fork"
-	GollumEvent                   Event = "gollum"
-	InstallationEvent             Event = "installation"
-	InstallationRepositoriesEvent Event = "installation_repositories"
-	IntegrationInstallationEvent  Event = "integration_installation"
-	IssueCommentEvent             Event = "issue_comment"
-	IssuesEvent                   Event = "issues"
-	LabelEvent                    Event = "label"
-	MemberEvent                   Event = "member"
-	MembershipEvent               Event = "membership"
-	MilestoneEvent                Event = "milestone"
-	OrganizationEvent             Event = "organization"
-	OrgBlockEvent                 Event = "org_block"
-	PageBuildEvent                Event = "page_build"
-	PingEvent                     Event = "ping"
-	ProjectCardEvent              Event = "project_card"
-	ProjectColumnEvent            Event = "project_column"
-	ProjectEvent                  Event = "project"
-	PublicEvent                   Event = "public"
-	PullRequestEvent              Event = "pull_request"
-	PullRequestReviewEvent        Event = "pull_request_review"
-	PullRequestReviewCommentEvent Event = "pull_request_review_comment"
-	PushEvent                     Event = "push"
-	ReleaseEvent                  Event = "release"
-	RepositoryEvent               Event = "repository"
-	SecurityAdvisoryEvent         Event = "security_advisory"
-	StatusEvent                   Event = "status"
-	TeamEvent                     Event = "team"
-	TeamAddEvent                  Event = "team_add"
-	WatchEvent                    Event = "watch"
+	CheckRunEvent                     Event = "check_run"
+	CheckSuiteEvent                   Event = "check_suite"
+	CommitCommentEvent                Event = "commit_comment"
+	CreateEvent                       Event = "create"
+	DeleteEvent                       Event = "delete"
+	DeploymentEvent                   Event = "deployment"
+	DeploymentStatusEvent             Event = "deployment_status"
+	ForkEvent                         Event = "fork"
+	GollumEvent                       Event = "gollum"
+	InstallationEvent                 Event = "installation"
+	InstallationRepositoriesEvent     Event = "installation_repositories"
+	IntegrationInstallationEvent      Event = "integration_installation"
+	IssueCommentEvent                 Event = "issue_comment"
+	IssuesEvent                       Event = "issues"
+	LabelEvent                        Event = "label"
+	MemberEvent                       Event = "member"
+	MembershipEvent                   Event = "membership"
+	MilestoneEvent                    Event = "milestone"
+	OrganizationEvent                 Event = "organization"
+	OrgBlockEvent                     Event = "org_block"
+	PageBuildEvent                    Event = "page_build"
+	PingEvent                         Event = "ping"
+	ProjectCardEvent                  Event = "project_card"
+	ProjectColumnEvent                Event = "project_column"
+	ProjectEvent                      Event = "project"
+	PublicEvent                       Event = "public"
+	PullRequestEvent                  Event = "pull_request"
+	PullRequestReviewEvent            Event = "pull_request_review"
+	PullRequestReviewCommentEvent     Event = "pull_request_review_comment"
+	PushEvent                         Event = "push"
+	ReleaseEvent                      Event = "release"
+	RepositoryEvent                   Event = "repository"
+	RepositoryVulnerabilityAlertEvent Event = "repository_vulnerability_alert"
+	SecurityAdvisoryEvent             Event = "security_advisory"
+	StatusEvent                       Event = "status"
+	TeamEvent                         Event = "team"
+	TeamAddEvent                      Event = "team_add"
+	WatchEvent                        Event = "watch"
 )
 
 // EventSubtype defines a GitHub Hook Event subtype
@@ -289,6 +290,10 @@ func (hook Webhook) Parse(r *http.Request, events ...Event) (interface{}, error)
 		var pl RepositoryPayload
 		err = json.Unmarshal([]byte(payload), &pl)
 		return pl, err
+	case RepositoryVulnerabilityAlertEvent:
+		var pl RepositoryVulnerabilityAlertPayload
+		err = json.Unmarshal([]byte(payload), &pl)
+		return pl, err
 	case SecurityAdvisoryEvent:
 		var pl SecurityAdvisoryPayload
 		err = json.Unmarshal([]byte(payload), &pl)

github/github_test.go

@@ -453,13 +453,23 @@ func TestWebhooks(t *testing.T) {
 				"X-Hub-Signature": []string{"sha1=df442a8af41edd2d42ccdd997938d1d111b0f94e"},
 			},
 		},
+		{
+			name:     "RepositoryVulnerabilityAlertEvent",
+			event:    RepositoryVulnerabilityAlertEvent,
+			typ:      RepositoryVulnerabilityAlertPayload{},
+			filename: "../testdata/github/repository-vulnerability-alert.json",
+			headers: http.Header{
+				"X-Github-Event":  []string{"repository_vulnerability_alert"},
+				"X-Hub-Signature": []string{"sha1=c42c0649e7e06413bcd756763edbab48dff400db"},
+			},
+		},
 		{
 			name:     "SecurityAdvisoryEvent",
 			event:    SecurityAdvisoryEvent,
 			typ:      SecurityAdvisoryPayload{},
 			filename: "../testdata/github/security-advisory.json",
 			headers: http.Header{
-				"X-Github-Event": []string{"security_advisory"},
+				"X-Github-Event":  []string{"security_advisory"},
 				"X-Hub-Signature": []string{"sha1=6a71f24fa69f55469843a91dc3a5c3e29714a565"},
 			},
 		},

github/payload.go

@@ -5260,6 +5260,40 @@ type RepositoryPayload struct {
 	} `json:"sender"`
 }
 
+// RepositoryVulnerabilityAlertEvent contains the information for GitHub's repository_vulnerability_alert hook event.
+type RepositoryVulnerabilityAlertPayload struct {
+	Action string `json:"action"`
+	Alert  struct {
+		ID                  int64  `json:"id"`
+		Summary             string `json:"summary"`
+		AffectedRange       string `json:"affected_range"`
+		AffectedPackageName string `json:"affected_package_name"`
+		ExternalReference   string `json:"external_reference"`
+		ExternalIdentifier  string `json:"external_identifier"`
+		FixedIn             string `json:"fixed_in"`
+		Dismisser           struct {
+			Login             string `json:"login"`
+			ID                int64  `json:"id"`
+			NodeID            string `json:"node_id"`
+			AvatarURL         string `json:"avatar_url"`
+			GravatarID        string `json:"gravatar_id"`
+			URL               string `json:"url"`
+			HTMLURL           string `json:"html_url"`
+			FollowersURL      string `json:"followers_url"`
+			FollowingURL      string `json:"following_url"`
+			GistsURL          string `json:"gists_url"`
+			StarredURL        string `json:"starred_url"`
+			SubscriptionsURL  string `json:"subscriptions_url"`
+			OrganizationsURL  string `json:"organizations_url"`
+			ReposURL          string `json:"repos_url"`
+			EventsURL         string `json:"events_url"`
+			ReceivedEventsURL string `json:"received_events_url"`
+			Type              string `json:"type"`
+			SiteAdmin         bool   `json:"site_admin"`
+		} `json:"dismisser"`
+	} `json:"alert"`
+}
+
 // SecurityAdvisoryPayload contains the information for GitHub's security_advisory hook event.
 type SecurityAdvisoryPayload struct {
 	Action           string `json:"action"`

testdata/github/repository-vulnerability-alert.json

@@ -0,0 +1,33 @@
+{
+  "action": "dismiss",
+  "alert": {
+    "id": 7649605,
+    "affected_range": "0.2.0",
+    "affected_package_name": "many_versioned_gem",
+    "external_reference": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728",
+    "external_identifier": "CVE-2018-3728",
+    "fixed_in": "0.2.5",
+    "dismisser": {
+      "login":"octocat",
+      "id":1,
+      "node_id": "MDQ6VXNlcjIxMDMxMDY3",
+      "avatar_url":"https://github.com/images/error/octocat_happy.gif",
+      "gravatar_id":"",
+      "url":"https://api.github.com/users/octocat",
+      "html_url":"https://github.com/octocat",
+      "followers_url":"https://api.github.com/users/octocat/followers",
+      "following_url":"https://api.github.com/users/octocat/following{/other_user}",
+      "gists_url":"https://api.github.com/users/octocat/gists{/gist_id}",
+      "starred_url":"https://api.github.com/users/octocat/starred{/owner}{/repo}",
+      "subscriptions_url":"https://api.github.com/users/octocat/subscriptions",
+      "organizations_url":"https://api.github.com/users/octocat/orgs",
+      "repos_url":"https://api.github.com/users/octocat/repos",
+      "events_url":"https://api.github.com/users/octocat/events{/privacy}",
+      "received_events_url":"https://api.github.com/users/octocat/received_events",
+      "type":"User",
+      "site_admin":true
+    },
+    "dismiss_reason": "No bandwidth to fix this",
+    "dismissed_at": "2017-10-25T00:00:00+00:00"
+  }
+}