Merge pull request #4526 from bbc/add-scanning

Add scanning to Psammead
BBC-archive · Aug 17, 2021 · f0b7e2c · f0b7e2c
2 parents edf708f + 4f98e69
commit f0b7e2c
Show file tree

Hide file tree

Showing 14 changed files with 1,018 additions and 2 deletions.
diff --git a/packages/utilities/exposure-scanning/CHANGELOG.md b/packages/utilities/exposure-scanning/CHANGELOG.md
@@ -0,0 +1,7 @@
+# Exposure Scanning Changelog
+
+<!-- prettier-ignore -->
+| Version | Description |
+|---------|-------------|
+| 0.1.0-alpha.1 | [PR#4526](https://github.com/bbc/psammead/pull/4526) Initialise package |
+
diff --git a/packages/utilities/exposure-scanning/README.md b/packages/utilities/exposure-scanning/README.md
@@ -0,0 +1,50 @@
+# ⛔️ This is an alpha component ⛔️
+
+This component is currently tagged as alpha and is not suitable for production use.
+# exposure-scanning - [![Known Vulnerabilities](https://snyk.io/test/github/bbc/psammead/badge.svg?targetFile=packages%2Futilities%2Fexposure-scanning%2Fpackage.json)](https://snyk.io/test/github/bbc/psammead?targetFile=packages%2Futilities%2Fexposure-scanning%2Fpackage.json) [![Dependency Status](https://david-dm.org/bbc/psammead.svg?path=packages/utilities/exposure-scanning)](https://david-dm.org/bbc/psammead?path=packages/utilities/exposure-scanning) [![peerDependencies Status](https://david-dm.org/bbc/psammead/peer-status.svg?path=packages/utilities/exposure-scanning)](https://david-dm.org/bbc/psammead?path=packages/utilities/exposure-scanning&type=peer) [![GitHub license](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/bbc/psammead/blob/latest/LICENSE) [![npm version](https://img.shields.io/npm/v/@bbc/exposure-scanning.svg)](https://www.npmjs.com/package/@bbc/exposure-scanning) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/bbc/psammead/blob/latest/CONTRIBUTING.md)
+
+This package provides a utility to scan and patch issues and pull requests for content that matches a given regular expression.
+
+
+## Installation
+
+```jsx
+npm install @bbc/exposure-scanning --save
+```
+
+## Usage
+
+The script can be imported and executed like so:
+
+```jsx
+// /scripts/scan-exposures/index.jsx
+import scanExposures from '@bbc/exposure-scanning';
+
+(async () => {
+  await scanExposures();
+})();
+```
+
+Then, this can be executed in the command line:
+
+```sh
+./scripts/scan-exposures psammead -pr 1234 "foo|bar"
+```
+
+The command line arguments are as follows:
+ - repository (psammead in the example)
+ - content type (-pr or -issue)
+ - id (of the issue or pull request)
+ - regex ("foo|bar" in the example)
+
+## Contributing
+
+Psammead is completely open source. We are grateful for any contributions, whether they be new components, bug fixes or general improvements. Please see our primary contributing guide which can be found at [the root of the Psammead respository](https://github.com/bbc/psammead/blob/latest/CONTRIBUTING.md).
+
+### [Code of Conduct](https://github.com/bbc/psammead/blob/latest/CODE_OF_CONDUCT.md)
+
+We welcome feedback and help on this work. By participating in this project, you agree to abide by the [code of conduct](https://github.com/bbc/psammead/blob/latest/CODE_OF_CONDUCT.md). Please take a moment to read it.
+
+### License
+
+Psammead is [Apache 2.0 licensed](https://github.com/bbc/psammead/blob/latest/LICENSE).
diff --git a/packages/utilities/exposure-scanning/args/index.js b/packages/utilities/exposure-scanning/args/index.js
@@ -0,0 +1,47 @@
+const isValidId = id => {
+  try {
+    return !Number.isNaN(id) && Number.isInteger(parseFloat(id));
+  } catch {
+    return false;
+  }
+};
+
+const isValidRegex = regex => {
+  try {
+    RegExp(regex);
+  } catch {
+    return false;
+  }
+  return regex !== '';
+};
+
+const parseArgs = argv => {
+  if (argv.length !== 6) {
+    throw new Error(
+      'Incorrect number of args.\nUsage: node path/to/exposure-scanning <repo> <-pr/-issue> <id> <regex>',
+    );
+  }
+
+  const repo = argv[2];
+  const flag = argv[3]; // -pr or -issue
+  const id = argv[4];
+  const regexString = argv[5];
+
+  if (!isValidRegex(regexString)) {
+    throw new Error('Invalid regex argument given.');
+  }
+
+  if (!isValidId(id)) {
+    throw new Error('Invalid issue/pr id.');
+  }
+
+  const isValidFlag = ['-pr', 'issue'].includes(flag);
+
+  if (!isValidFlag) {
+    throw new Error('Invalid flag argument given.');
+  }
+
+  return { repo, flag, id, regexString };
+};
+
+export default parseArgs;
diff --git a/packages/utilities/exposure-scanning/args/index.test.js b/packages/utilities/exposure-scanning/args/index.test.js
@@ -0,0 +1,54 @@
+import parseArgs from '.';
+
+describe('Parsing arguments', () => {
+  it('should return an object containing the repo, flag, id and regex string', () => {
+    expect(
+      parseArgs(['node', 'scan.js', 'simorgh', '-pr', '1234', 'regex']),
+    ).toEqual({
+      repo: 'simorgh',
+      flag: '-pr',
+      id: '1234',
+      regexString: 'regex',
+    });
+  });
+
+  it('should throw an error without logging args if the number of args given is incorrect', () => {
+    expect(() =>
+      parseArgs(['node', 'scan.js', 'simorgh', '-pr', '1234', 're[g]ex', '-u']),
+    ).toThrow(
+      'Incorrect number of args.\nUsage: node path/to/exposure-scanning <repo> <-pr/-issue> <id> <regex>',
+    );
+  });
+
+  it('should throw an error without logging args if an invalid id is given', () => {
+    expect(() =>
+      parseArgs([
+        'node',
+        'scan.js',
+        'psammead',
+        '-issue',
+        'add-topic-tags',
+        'regex',
+      ]),
+    ).toThrow('Invalid issue/pr id');
+  });
+
+  it('should throw an error without logging args if an invalid regex is given', () => {
+    expect(() =>
+      parseArgs(['node', 'scan.js', 'psammead', '-issue', '12341234', '']),
+    ).toThrow('Invalid regex argument given.');
+  });
+
+  it('should throw an error without logging args if an invalid flag is given', () => {
+    expect(() =>
+      parseArgs([
+        'node',
+        'scan.js',
+        'psammead',
+        '-not-an-issue',
+        '12341234',
+        'regex',
+      ]),
+    ).toThrow('Invalid flag argument given.');
+  });
+});
diff --git a/packages/utilities/exposure-scanning/fetch/index.js b/packages/utilities/exposure-scanning/fetch/index.js
@@ -0,0 +1,73 @@
+let octokit;
+
+(async () => {
+  if (process.env.GITHUB_ACTION && process.env.GITHUB_TOKEN) {
+    const { Octokit } = await import('@octokit/action');
+    octokit = new Octokit();
+  } else {
+    const { Octokit } = await import('@octokit/rest');
+    octokit = new Octokit();
+  }
+})();
+
+const fetchPrBody = async reqBody => {
+  const {
+    data: { body },
+  } = await octokit.request('GET /repos/{owner}/{repo}/pulls/{id}', reqBody);
+  return body;
+};
+
+const fetchComments = async reqBody => {
+  const { data } = await octokit.request(
+    'GET /repos/{owner}/{repo}/issues/{id}/comments',
+    reqBody,
+  );
+  return data.map(({ id, body }) => ({
+    id,
+    body,
+  }));
+};
+
+const fetchReviewComments = async reqBody => {
+  const { data } = await octokit.request(
+    'GET /repos/{owner}/{repo}/pulls/{id}/comments',
+    reqBody,
+  );
+  return data.map(({ id, body }) => ({
+    id,
+    body,
+  }));
+};
+
+const fetchIssueBody = async reqBody => {
+  const {
+    data: { body },
+  } = await octokit.request('GET /repos/{owner}/{repo}/issues/{id}', reqBody);
+  return body;
+};
+
+export const fetchPr = async reqBody => {
+  const [body, comments, reviewComments] = await Promise.all([
+    fetchPrBody(reqBody),
+    fetchComments(reqBody),
+    fetchReviewComments(reqBody),
+  ]);
+
+  return {
+    body,
+    comments,
+    reviewComments,
+  };
+};
+
+export const fetchIssue = async reqBody => {
+  const [body, comments] = await Promise.all([
+    fetchIssueBody(reqBody),
+    fetchComments(reqBody),
+  ]);
+
+  return {
+    body,
+    comments,
+  };
+};
diff --git a/packages/utilities/exposure-scanning/fetch/index.test.js b/packages/utilities/exposure-scanning/fetch/index.test.js
@@ -0,0 +1,111 @@
+const { Headers, Response } = jest.requireActual('node-fetch');
+
+const mockHeaders = new Headers({ 'Content-Type': 'application/json' });
+
+const ResponseInit = {
+  url: 'hello',
+  headers: mockHeaders,
+  status: 200,
+};
+
+const mockPrBodyRes = new Response(
+  JSON.stringify({
+    title: 'PR Title',
+    body: 'PR Body',
+  }),
+  ResponseInit,
+);
+
+const mockPrCommentsRes = new Response(
+  JSON.stringify([
+    { id: 1, body: 'Added translations' },
+    { id: 2, body: 'Nice work, LGTM!' },
+  ]),
+  ResponseInit,
+);
+
+const mockPrReviewCommentsRes = new Response(
+  JSON.stringify([{ id: 3, body: 'Smashed it!' }]),
+  ResponseInit,
+);
+
+const mockIssueBodyRes = new Response(
+  JSON.stringify({
+    title: 'Issue Title',
+    body: 'Issue Body',
+  }),
+  ResponseInit,
+);
+
+const mockIssueCommentsRes = new Response(
+  JSON.stringify([
+    { id: 4, body: 'Closing this' },
+    { id: 5, body: 'Nice issue' },
+  ]),
+  ResponseInit,
+);
+
+const prBodyEndpoint = 'https://api.github.com/repos/bbc/simorgh/pulls/9188';
+const prCommentsEndpoint =
+  'https://api.github.com/repos/bbc/simorgh/issues/9188/comments';
+const prReviewCommentsEndpoint =
+  'https://api.github.com/repos/bbc/simorgh/pulls/9188/comments';
+const issueBodyEndpoint =
+  'https://api.github.com/repos/bbc/psammead/issues/4512';
+const issueCommentsEndpoint =
+  'https://api.github.com/repos/bbc/psammead/issues/4512/comments';
+
+jest.mock('node-fetch', () => ({
+  default: async url =>
+    ({
+      [prBodyEndpoint]: mockPrBodyRes,
+      [prCommentsEndpoint]: mockPrCommentsRes,
+      [prReviewCommentsEndpoint]: mockPrReviewCommentsRes,
+      [issueBodyEndpoint]: mockIssueBodyRes,
+      [issueCommentsEndpoint]: mockIssueCommentsRes,
+    }[url]),
+}));
+
+const { fetchPr, fetchIssue } = require('.');
+
+afterEach(() => {
+  jest.resetAllMocks();
+  jest.restoreAllMocks();
+});
+
+describe('Fetching from the GitHub API', () => {
+  it('should call the correct GitHub API endpoints and construct a pr object', async () => {
+    const reqBody = {
+      owner: 'bbc',
+      repo: 'simorgh',
+      id: '9188',
+    };
+
+    const pr = await fetchPr(reqBody);
+    expect(pr).toEqual({
+      body: 'PR Body',
+      comments: [
+        { id: 1, body: 'Added translations' },
+        { id: 2, body: 'Nice work, LGTM!' },
+      ],
+      reviewComments: [{ id: 3, body: 'Smashed it!' }],
+    });
+  });
+
+  it('should call the correct GitHub API endpoints and construct an issue object', async () => {
+    const reqBody = {
+      owner: 'bbc',
+      repo: 'psammead',
+      id: '4512',
+    };
+
+    const issue = await fetchIssue(reqBody);
+    expect(issue).toEqual({
+      body: 'Issue Body',
+      comments: [
+        { id: 4, body: 'Closing this' },
+        { id: 5, body: 'Nice issue' },
+      ],
+    });
+  });
+});
diff --git a/packages/utilities/exposure-scanning/package.json b/packages/utilities/exposure-scanning/package.json
@@ -0,0 +1,29 @@
+{
+  "name": "@bbc/exposure-scanning",
+  "version": "0.1.0-alpha.1",
+  "description": "A utility that scans PRs or issues for exposures.",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bbc/psammead/tree/latest/packages/utilities/exposure-scanning"
+  },
+  "author": {
+    "name": "Psammead Maintainers",
+    "email": "[email protected]"
+  },
+  "license": "Apache-2.0",
+  "bugs": {
+    "url": "https://github.com/bbc/psammead/issues"
+  },
+  "homepage": "https://github.com/bbc/psammead/blob/latest/packages/utilities/exposure-scanning",
+  "dependencies": {
+    "@octokit/action": "3.13.0",
+    "@octokit/rest": "18.8.0"
+  },
+  "keywords": [
+    "bbc",
+    "utilities",
+    "exposure",
+    "scanning"
+  ],
+  "tag": "alpha"
+}