Merge pull request #3 from github/main

Merge pull request #217 from eternalsakura/master

Author: fengjixuchui

.github/actions/check/check-replication.js

@@ -11,11 +11,13 @@ const run = async (): Promise<void> => {
         core.setFailed(`Internal error. Cannot access the internal repo ${internalRepo}. Aborting`)
         return
     } else {
+        core.debug(`Retrieved ${internalIssues?.length} internal issues`)
         const externalIssues = await getIssueList(github.context.repo.owner, github.context.repo.repo, process.env['GITHUB_TOKEN'], true, true)
         if(!externalIssues) {
             core.setFailed(`Internal error when retrieving all issues.`)
             return
         }
+        core.debug(`Retrieved ${externalIssues?.length} external issues`)
         let failed = false
         externalIssues.forEach( issue => {
             const ref = internalIssueAlreadyCreated(issue?.html_url, internalIssues)

.github/actions/check/check-replication.ts

@@ -15,29 +15,35 @@ export const getIssueList = async (owner: string, repo: string, token: string |
         const octokit = new github.GitHub(token)
         const issueState: Issue_state = open? 'open' : 'all'
         // const labelFilter: string = replicate.BOUNTY_LABELS.join(',')
-        const issues = await octokit.issues.listForRepo({
-            owner, 
-            repo,
-            state: issueState,
-            per_page: per_page? per_page : 100 // TODO: implement proper pagination
-            // labels: labelFilter -- Does not work properly
-        })
-
-        issues.data.forEach(issue => {
-            const bountyLabel = checkBountyLabels? issue.labels.some(label => {
-                return replicate.BOUNTY_LABELS.includes(label.name as replicate.BountyType)
-            }) : undefined
-            if(!checkBountyLabels || bountyLabel){
-                let item: Issue_info = {
-                    title: issue.title,
-                    author: issue.user?.login,
-                    body: issue.body? issue.body : '',
-                    number: issue.number,
-                    html_url: issue.html_url
+        const issuesPerPage = per_page? per_page : 50
+        let pageNb = 0
+        do {
+            const issues = await octokit.issues.listForRepo({
+                owner, 
+                repo,
+                state: issueState,
+                per_page: issuesPerPage,
+                page: pageNb
+                // labels: labelFilter -- Does not work properly
+            })
+    
+            issues.data.forEach(issue => {
+                const bountyLabel = checkBountyLabels? issue.labels.some(label => {
+                    return replicate.BOUNTY_LABELS.includes(label.name as replicate.BountyType)
+                }) : undefined
+                if(!checkBountyLabels || bountyLabel){
+                    let item: Issue_info = {
+                        title: issue.title,
+                        author: issue.user?.login,
+                        body: issue.body? issue.body : '',
+                        number: issue.number,
+                        html_url: issue.html_url
+                    }
+                    result.push(item)
                 }
-                result.push(item)
-            }
-        });
+            });
+            pageNb = (issues.data.length < issuesPerPage)? -1 : pageNb + 1
+        } while (pageNb >= 0)
         return result
     } catch(error) {
         core.debug(error.message)

.github/actions/replicate/issues.js

@@ -10,6 +10,10 @@ export type Issue = {title: string, body: string, labels: string[], bountyType:
 type GitHubIssue = { [key: string]: any, number: number, html_url?: string | undefined, body?: string | undefined}
 
 const COMMENT_TASK_LIST_AFO = `## Task List
+
+- **If this is your first time in this process, have a look at that [5 min video](https://drive.google.com/drive/folders/1Jq6UfqP3CRF9Iafde86_IPAQPfdgH5rR)**
+- **Visit the [documented process](https://github.com/github/pe-security-lab/blob/master/docs/bug_bounty.md)**
+
 - [ ] CodeQL Initial assessment - In case of rejection, please record your decision in the comment below:
   - [ ] Acceptance
   - [ ] Generate result set and post the URL in the comment
@@ -40,6 +44,10 @@ const COMMENT_TASK_LIST: CommentMap = {
 }
 
 const COMMENT_SCORING = `## Scoring
+
+- **Visit the [scoring guidelines](https://github.com/github/pe-security-lab/blob/master/docs/bug_bounty.md)**
+- **Accepted values are: 0 (= NA), or 1 (minimal) to 5 (maximal). Any other value will throw an error**
+
 | Criterion | Score|
 |--- | --- |
 | Vulnerability Impact | | 

.github/actions/replicate/issues.ts

@@ -1,4 +1,4 @@
-name: 'Bounty issue replication workflow'
+name: 'Bounty issue manual replication check'
 on: workflow_dispatch
 
 jobs:

.github/actions/replicate/replicate.js

@@ -1,4 +1,4 @@
-name: 'Bounty issue replication workflow'
+name: 'Bounty issue replication check'
 on: 
   schedule: 
     - cron: '0 17 * * *'

.github/actions/replicate/replicate.ts

@@ -11,7 +11,7 @@ class StrongBinding extends ClassTemplateInstantiation {
   }
 
   Type getBindingType() {
-    result = this.getTemplateArgument(0).stripType()
+    result = this.getTemplateArgument(0).(Type).stripType()
   }
 }
 
@@ -21,7 +21,7 @@ class Binding extends ClassTemplateInstantiation {
   }
 
   Type getBindingType() {
-    result = this.getTemplateArgument(0).stripType()
+    result = this.getTemplateArgument(0).(Type).stripType()
   }
 }
 
@@ -32,7 +32,7 @@ class MojoReceiver extends ClassTemplateInstantiation {
   }
 
   Type getBindingType() {
-    result = this.getTemplateArgument(0).stripType()
+    result = this.getTemplateArgument(0).(Type).stripType()
   }
 }
 

.github/workflows/check-replication-manual.yml

@@ -104,7 +104,6 @@ predicate reach(Function f, Function g) {
       else
         overrides*(g, gc.getTarget())
       |
-      g = gc.getTarget() and
       gc.getEnclosingFunction() = f
     ) or
     exists(CallbackSinks sink | sink.getEnclosingCallable() = f and