Different task list for the bug slayer

Author: xcorail

.github/actions/replicate/__tests__/replicate.test.js

@@ -74,6 +74,7 @@ This is the issue body second line
 const TEST_GENERATED_ISSUE: replicate.Issue = {
   title: '[All For One] Issue Title',
   labels: ['All For One','not-a-bounty-label'],
+  bountyType: 'All For One',
   body: `Original external [issue](https://github.com/test_owner/test_repo/issues/1)
 
 Sumitted by [ghsecuritylab](https://github.com/ghsecuritylab)

.github/actions/replicate/__tests__/replicate.test.ts

@@ -25,7 +25,7 @@ export const getIssueList = async (owner: string, repo: string, token: string |
 
         issues.data.forEach(issue => {
             const bountyLabel = checkBountyLabels? issue.labels.some(label => {
-                return replicate.BOUNTY_LABELS.includes(label.name)
+                return replicate.BOUNTY_LABELS.includes(label.name as replicate.BountyType)
             }) : undefined
             if(!checkBountyLabels || bountyLabel){
                 let item: Issue_info = {

.github/actions/replicate/issues.ts

@@ -3,9 +3,12 @@ import * as github from '@actions/github'
 import { WebhookPayload } from '@actions/github/lib/interfaces'
 import { getIssueList, internalIssueAlreadyCreated, isUserAlreadyParticipant } from './issues'
 
-export type Issue = {title: string, body: string, labels: string[]}
-export const BOUNTY_LABELS: string[] = ['All For One', 'The Bug Slayer']
-const COMMENT_TASK_LIST = `## Task List
+export const BOUNTY_LABELS = ['All For One', 'The Bug Slayer'] as const
+export type BountyType = typeof BOUNTY_LABELS[number]
+type CommentMap = {[K in BountyType]: string}
+export type Issue = {title: string, body: string, labels: string[], bountyType: BountyType}
+
+const COMMENT_TASK_LIST_AFO = `## Task List
 - [ ] Initial assessment - Please record your decision in the comment below
   - [ ] CodeQL
   - [ ] Security Lab
@@ -21,6 +24,20 @@ const COMMENT_TASK_LIST = `## Task List
 - [ ] Bounty Payment
 `
 
+const COMMENT_TASK_LIST_BS = `## Task List
+- [ ] Initial assessment from Security Lab
+- [ ] Security Lab assessment:
+  - [ ] Confirm the CVE 
+  - [ ] Assess the Vulnerability Impact, the Vulnerability Scope
+  - [ ] Get the CodeQL scores (False Positive ratio, Code Maturity and the Documentation) from the previous query rating
+  - [ ] PR is merged? Finalize the score
+- [ ] Bounty Payment`
+
+const COMMENT_TASK_LIST: CommentMap = {
+    'All For One': COMMENT_TASK_LIST_AFO,
+    'The Bug Slayer': COMMENT_TASK_LIST_BS
+}
+
 const COMMENT_SCORING = `## Scoring
 | Criterion | Score|
 |--- | --- |
@@ -40,7 +57,7 @@ const COMMENT_FIRST_SUBMISSION = `## :tada: First submission for this user :tada
 
 export const generateInternalIssueContentFromPayload = async (payload: WebhookPayload): Promise<Issue | undefined> => {
     const issue = payload.issue
-    let result: Issue = {title: "none", body: "none", labels: []}
+    let result: Issue = {title: 'none', body: 'none', labels: [], bountyType: 'All For One'}
     let bountyIssue: boolean = false
     let bountyType = ''
 
@@ -103,7 +120,7 @@ export const createInternalIssue = async (payload: WebhookPayload, issue: Issue)
             owner,
             repo,
             issue_number: internal_ref,
-            body: COMMENT_TASK_LIST,
+            body: COMMENT_TASK_LIST[issue.bountyType],
         })
         core.debug(`comment created ${issueCommentResponse1.data.url}`)