Scan: ensure that a database threat looks correct (#103748)

* Scan: ensure that a database threat looks correct

* threat-item/utils.ts: properly detect the new shape of database threat metadata

* Database threat: match with what we say in the emails

Author: macbre

client/components/jetpack/threat-description/index.tsx

@@ -18,8 +18,11 @@ export interface Props {
 	diff?: string;
 	rows?: Record< string, unknown >;
 	table?: string;
+	primaryKeyColumn?: string;
+	value?: string;
 	filename?: string;
 	isFixable: boolean;
+	details?: Record< string, unknown >;
 }
 
 class ThreatDescription extends PureComponent< Props > {
@@ -67,12 +70,18 @@ class ThreatDescription extends PureComponent< Props > {
 	}
 
 	renderDatabaseRows(): ReactNode | null {
-		const { rows, table } = this.props;
-		if ( ! rows || ! table ) {
+		const { table, details, primaryKeyColumn, value } = this.props;
+		if ( ! table || ! details ) {
 			return null;
 		}
 
-		const content = Object.values( rows ).map( ( row ) => JSON.stringify( row ) + '\n' );
+		const row = {
+			table,
+			primary_key_column: primaryKeyColumn,
+			primary_key_value: value,
+			details,
+		};
+		const content = JSON.stringify( row, null, ' \t' ) + '\n';
 
 		return (
 			<>

client/components/jetpack/threat-item-header/index.tsx

@@ -65,6 +65,14 @@ const getThreatMessage = ( threat: Threat ) => {
 
 		case 'database':
 			if ( ! threat.rows ) {
+				if ( threat.table !== undefined ) {
+					return translate( 'The database table %(table)s contains malicious code', {
+						args: {
+							table: threat.table,
+						},
+					} );
+				}
+
 				return translate( 'Database threat' );
 			}
 			return translate(

client/components/jetpack/threat-item/index.tsx

@@ -180,8 +180,11 @@ const ThreatItem: React.FC< Props > = ( {
 				diff={ threat.diff }
 				rows={ threat.rows }
 				table={ threat.table }
+				primaryKeyColumn={ threat.primaryKeyColumn }
+				value={ threat.value }
 				filename={ threat.filename }
 				isFixable={ isFixable }
+				details={ threat.details }
 			/>
 
 			<div className="threat-item__buttons">

client/components/jetpack/threat-item/types.tsx

@@ -32,11 +32,14 @@ export interface BaseThreat {
 	extension?: Extension;
 	rows?: Record< string, unknown >;
 	table?: string;
+	primaryKeyColumn?: string;
+	value?: string;
 	diff?: string;
 	context?: Record< string, unknown >;
 	severity: number;
 	source?: string;
 	version?: string;
+	details?: Record< string, unknown >;
 }
 
 export interface FixableThreat extends BaseThreat {

client/components/jetpack/threat-item/utils.ts

@@ -105,6 +105,10 @@ export function getThreatType( threat: Threat ): ThreatType {
 		return 'database';
 	}
 
+	if ( threat.table !== undefined ) {
+		return 'database';
+	}
+
 	if ( 'Suspicious.Links' === threat.signature ) {
 		return 'database';
 	}
@@ -136,6 +140,20 @@ export const getThreatVulnerability = ( threat: Threat ): string | TranslateResu
 			return translate( 'Vulnerability found in a theme' );
 
 		case 'database':
+			if ( threat.signature !== undefined ) {
+				return translate( 'Thread found: %(signature)s', {
+					args: {
+						signature: threat.signature,
+					},
+				} );
+			}
+			if ( threat.table !== undefined ) {
+				return translate( 'The database table %(table)s contains malicious code', {
+					args: {
+						table: threat.table,
+					},
+				} );
+			}
 			return 'Vulnerability found in a database table';
 
 		case 'none':

client/state/data-layer/wpcom/sites/scan/index.js

@@ -29,6 +29,9 @@ export const formatScanThreat = ( threat ) => ( {
 	rows: threat.rows,
 	diff: threat.diff,
 	table: threat.table,
+	primaryKeyColumn: threat.pk_column,
+	value: threat.value,
+	details: threat.details,
 	context: threat.context,
 	severity: threat.severity,
 	source: threat.source,