Merge pull request #173 from GeekMasher/depbot-alerts2

Fix CWE issues with advisories and Dependabot GraphQL issue

Author: GeekMasher

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "ghastoolkit"
-version = "0.11.0"
+version = "0.11.1"
 authors = [{ name = "GeekMasher" }]
 description = "GitHub Advanced Security Python Toolkit"
 readme = "README.md"

src/ghastoolkit/__init__.py

@@ -2,7 +2,7 @@
 __name__ = "ghastoolkit"
 __title__ = "GHAS Toolkit"
 
-__version__ = "0.11.0"
+__version__ = "0.11.1"
 
 __description__ = "GitHub Advanced Security Python Toolkit"
 __summary__ = """\

src/ghastoolkit/octokit/dependabot.py

@@ -105,11 +105,14 @@ def getAlertsGraphQL(self) -> list[DependencyAlert]:
                 "GetDependencyAlerts",
                 options={"owner": self.repository.owner, "repo": self.repository.repo},
             )
-            alerts = (
-                data.get("data", {})
-                .get("repository", {})
-                .get("vulnerabilityAlerts", {})
-            )
+            repo = data.get("data", {}).get("repository", {})
+            if not repo:
+                logger.error(f"Failed to get GraphQL repository")
+                logger.error(
+                    "This could be due to a lack of permissions or access token"
+                )
+                raise Exception(f"Failed to get GraphQL repository alerts")
+            alerts = repo.get("vulnerabilityAlerts", {})
 
             for alert in alerts.get("edges", []):
                 data = alert.get("node", {})

src/ghastoolkit/octokit/octokit.py

@@ -175,7 +175,7 @@ def get(
         self,
         path: str,
         parameters: dict = {},
-        expected: int = 200,
+        expected: Optional[int] = 200,
         authenticated: bool = False,
         display_errors: bool = True,
     ) -> Union[dict, list[dict]]:
@@ -210,7 +210,7 @@ def get(
             response = self.session.get(url, params=params)
             response_json = response.json()
 
-            if response.status_code != expected:
+            if expected and response.status_code != expected:
                 if display_errors:
                     logger.error(f"Error code from server :: {response.status_code}")
                     logger.error(f"Content :: {response_json}")

src/ghastoolkit/supplychain/advisories.py

@@ -160,6 +160,15 @@ def __post_init__(self):
         self.ghsa_id = self.ghsa_id.lower()
         self.severity = self.severity.lower()
 
+        # cwes checking and processing
+        cwes = []
+        for cwe in self.cwes:
+            if isinstance(cwe, dict):
+                cwes.append(cwe.get("cwe_id"))
+            else:
+                cwes.append(cwe)
+        self.cwes = cwes
+
     @staticmethod
     def load(path: str) -> "Advisory":
         """Load Advisory from path using GitHub Advisory Spec."""

tests/test_advisories.py

@@ -33,6 +33,13 @@ def test_advisory_check(self):
         alert = self.advisories.check(dep)
         self.assertEquals(alert, [ad])
 
+    def test_advisory_cwes(self):
+        ad = Advisory("rand", "high", cwes=["CWE-1234"])
+        self.assertEquals(ad.cwes, ["CWE-1234"])
+
+        ad = Advisory("rand", "high", cwes=[{"cwe_id": "CWE-1234"}])
+        self.assertEquals(ad.cwes, ["CWE-1234"])
+
     def test_affect_check(self):
         dep = Dependency("ghastoolkit", "com.geekmasher", "0.8", "maven")
         affect = AdvisoryAffect(