From ebe6b8d1435ff3a5d7207e518ad1c18b5da99110 Mon Sep 17 00:00:00 2001
From: John Maguire <john.maguire@creditkudos.com>
Date: Wed, 17 Apr 2019 16:09:34 +0100
Subject: [PATCH] Add test for security_advisory

---
 github/github_test.go                  | 10 +++++
 testdata/github/security-advisory.json | 51 ++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 testdata/github/security-advisory.json

diff --git a/github/github_test.go b/github/github_test.go
index 5ffa98a..b484444 100644
--- a/github/github_test.go
+++ b/github/github_test.go
@@ -453,6 +453,16 @@ func TestWebhooks(t *testing.T) {
 				"X-Hub-Signature": []string{"sha1=df442a8af41edd2d42ccdd997938d1d111b0f94e"},
 			},
 		},
+		{
+			name:     "SecurityAdvisoryEvent",
+			event:    SecurityAdvisoryEvent,
+			typ:      SecurityAdvisoryPayload{},
+			filename: "../testdata/github/security-advisory.json",
+			headers: http.Header{
+				"X-Github-Event": []string{"security_advisory"},
+				"X-Hub-Signature": []string{"sha1=6a71f24fa69f55469843a91dc3a5c3e29714a565"},
+			},
+		},
 		{
 			name:     "StatusEvent",
 			event:    StatusEvent,
diff --git a/testdata/github/security-advisory.json b/testdata/github/security-advisory.json
new file mode 100644
index 0000000..48797d4
--- /dev/null
+++ b/testdata/github/security-advisory.json
@@ -0,0 +1,51 @@
+{
+  "action": "published",
+  "security_advisory": {
+    "ghsa_id": "GHSA-rf4j-j272-fj86",
+    "summary": "Moderate severity vulnerability that affects django",
+    "description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
+    "severity": "moderate",
+    "identifiers": [
+      {
+        "value": "GHSA-rf4j-j272-fj86",
+        "type": "GHSA"
+      },
+      {
+        "value": "CVE-2018-6188",
+        "type": "CVE"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
+      }
+    ],
+    "published_at": "2018-10-03T21:13:54Z",
+    "updated_at": "2018-10-03T21:13:54Z",
+    "withdrawn_at": null,
+    "vulnerabilities": [
+      {
+        "package": {
+          "ecosystem": "pip",
+          "name": "django"
+        },
+        "severity": "moderate",
+        "vulnerable_version_range": ">= 2.0.0, < 2.0.2",
+        "first_patched_version": {
+          "identifier": "2.0.2"
+        }
+      },
+      {
+        "package": {
+          "ecosystem": "pip",
+          "name": "django"
+        },
+        "severity": "moderate",
+        "vulnerable_version_range": ">= 1.11.8, < 1.11.10",
+        "first_patched_version": {
+          "identifier": "1.11.10"
+        }
+      }
+    ]
+  }
+}