Surface Deprecated and Archived packages in PR

Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
mindersec · May 13, 2024 · 318c4dd · 318c4dd
1 parent 2dd7c7e
commit 318c4dd
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 3 deletions.
diff --git a/internal/engine/eval/trusty/actions.go b/internal/engine/eval/trusty/actions.go
@@ -53,6 +53,12 @@ Minder analyzed the dependencies introduced in this pull request and detected th
 
 ### 📦 Dependency: [{{ .PackageName }}]({{ .TrustyURL }})
 
+{{ if .Archived }}
+⚠️ __Archived Package:__ This package is marked as deprecated. Proceed with caution!
+{{ end }}
+{{ if .Deprecated }}
+⚠️ __Deprecated Package:__ This package is marked as archived. Proceed with caution!
+{{ end }}
 #### Trusty Score: {{ .Score }}
 {{ if .ScoreComponents }}
 <details>
@@ -114,6 +120,8 @@ type maliciousTemplateData struct {
 
 type templatePackage struct {
 	templatePackageData
+	Deprecated      bool
+	Archived        bool
 	ScoreComponents []templateScoreComponent
 	Alternatives    []templateAlternative
 }
@@ -236,6 +244,8 @@ func (sph *summaryPrHandler) generateSummary() (string, error) {
 
 			lowScorePackages[alternative.Dependency.Name] = templatePackage{
 				templatePackageData: packageData,
+				Deprecated:          alternative.trustyReply.PackageData.Deprecated,
+				Archived:            alternative.trustyReply.PackageData.Archived,
 				ScoreComponents:     scoreComp,
 				Alternatives:        []templateAlternative{},
 			}

diff --git a/internal/engine/eval/trusty/trusty.go b/internal/engine/eval/trusty/trusty.go
@@ -112,6 +112,7 @@ func (e *Evaluator) Eval(ctx context.Context, pol map[string]any, res *engif.Res
 	}
 
 	if err := submitSummary(ctx, prSummaryHandler); err != nil {
+		logger.Err(err).Msgf("Failed Generating PR Summary: %s", err.Error())
 		return fmt.Errorf("submitting pull request summary: %w", err)
 	}
 

diff --git a/internal/engine/eval/trusty/trusty_rest_handler.go b/internal/engine/eval/trusty/trusty_rest_handler.go
@@ -76,7 +76,9 @@ type Reply struct {
 		Packages []Alternative `json:"packages"`
 	} `json:"alternatives"`
 	PackageData struct {
-		Malicious *MaliciousData `json:"malicious"`
+		Archived   bool           `json:"archived"`
+		Deprecated bool           `json:"is_deprecated"`
+		Malicious  *MaliciousData `json:"malicious"`
 	} `json:"package_data"`
 }
 

diff --git a/internal/engine/eval/trusty/trusty_test.go b/internal/engine/eval/trusty/trusty_test.go
@@ -55,8 +55,12 @@ func TestBuildEvalResult(t *testing.T) {
 							Score: &sg,
 						},
 						PackageData: struct {
-							Malicious *MaliciousData `json:"malicious"`
+							Archived   bool           `json:"archived"`
+							Deprecated bool           `json:"is_deprecated"`
+							Malicious  *MaliciousData `json:"malicious"`
 						}{
+							Archived:   false,
+							Deprecated: false,
 							Malicious: &MaliciousData{
 								Summary:   "malicuous",
 								Published: &now,
@@ -113,8 +117,12 @@ func TestBuildEvalResult(t *testing.T) {
 							Score: &sg,
 						},
 						PackageData: struct {
-							Malicious *MaliciousData `json:"malicious"`
+							Archived   bool           `json:"archived"`
+							Deprecated bool           `json:"is_deprecated"`
+							Malicious  *MaliciousData `json:"malicious"`
 						}{
+							Archived:   false,
+							Deprecated: false,
 							Malicious: &MaliciousData{
 								Summary:   "malicuous",
 								Published: &now,
-Original file line number
+Diff line change
@@ Expand Up @@
     	}
     	if err := submitSummary(ctx, prSummaryHandler); err != nil {
+    		logger.Err(err).Msgf("Failed Generating PR Summary: %s", err.Error())
     		return fmt.Errorf("submitting pull request summary: %w", err)
     	}
@@ Expand Down @@