Refactor Slack diff filtering to use shared selection semantics, facts-aware reachable filtering

Signed-off-by: lelia <lelia@socket.dev>

Author: lelia

socketsecurity/plugins/slack.py

@@ -5,6 +5,11 @@
 from .base import Plugin
 from socketsecurity.core.classes import Diff
 from socketsecurity.core.messages import Messages
+from socketsecurity.core.alert_selection import (
+    clone_diff_with_selected_alerts,
+    filter_alerts_by_reachability,
+    select_diff_alerts,
+)
 from socketsecurity.core.helper.socket_facts_loader import (
     load_socket_facts,
     get_components_with_vulnerabilities,
@@ -68,13 +73,14 @@ def _send_webhook_alerts(self, diff, config: CliConfig):
 
         # Get repo name from config
         repo_name = config.repo or ""
+        diff_alert_source = select_diff_alerts(diff, strict_blocking=config.strict_blocking)
 
         # Handle reachability data if --reach is enabled
         if config.reach:
             self._send_reachability_alerts(valid_webhooks, webhook_configs, repo_name, config, diff)
 
         # Handle diff alerts (if any)
-        if not diff.new_alerts:
+        if not diff_alert_source:
             logger.debug("No new diff alerts to notify via Slack.")
         else:
             # Send to each configured webhook with filtering
@@ -86,7 +92,7 @@ def _send_webhook_alerts(self, diff, config: CliConfig):
                 # Filter alerts based on webhook config
                 # When --reach is used, reachability_alerts_only applies to diff alerts
                 filtered_alerts = self._filter_alerts(
-                    diff.new_alerts, 
+                    diff_alert_source,
                     webhook_config, 
                     repo_name, 
                     config,
@@ -99,13 +105,7 @@ def _send_webhook_alerts(self, diff, config: CliConfig):
                     continue
 
                 # Create a temporary diff object with filtered alerts for message creation
-                filtered_diff = Diff(
-                    new_alerts=filtered_alerts,
-                    diff_url=getattr(diff, "diff_url", ""),
-                    new_packages=getattr(diff, "new_packages", []),
-                    removed_packages=getattr(diff, "removed_packages", []),
-                    packages=getattr(diff, "packages", {})
-                )
+                filtered_diff = clone_diff_with_selected_alerts(diff, filtered_alerts)
 
                 message = self.create_slack_blocks_from_diff(filtered_diff, config)
 
@@ -114,7 +114,7 @@ def _send_webhook_alerts(self, diff, config: CliConfig):
                 if config.enable_debug:
                     logger.debug(f"Slack webhook URL: {url}")
                     logger.debug(f"Slack webhook name: {name}")
-                    logger.debug(f"Total diff alerts: {len(diff.new_alerts)}, Filtered alerts: {len(filtered_alerts)}")
+                    logger.debug(f"Total diff alerts: {len(diff_alert_source)}, Filtered alerts: {len(filtered_alerts)}")
                     logger.debug(f"Message blocks count: {len(message)}")
 
                 response = requests.post(
@@ -153,7 +153,8 @@ def _send_bot_alerts(self, diff, config: CliConfig):
         logger.debug("Alert levels: %s", self.config.get("levels"))
         logger.debug(f"Number of bot_configs: {len(bot_configs)}")
         logger.debug(f"config.reach: {config.reach}")
-        logger.debug(f"len(diff.new_alerts): {len(diff.new_alerts) if diff.new_alerts else 0}")
+        diff_alert_source = select_diff_alerts(diff, strict_blocking=config.strict_blocking)
+        logger.debug(f"len(diff alert source): {len(diff_alert_source) if diff_alert_source else 0}")
 
         # Get repo name from config
         repo_name = config.repo or ""
@@ -163,7 +164,7 @@ def _send_bot_alerts(self, diff, config: CliConfig):
             self._send_bot_reachability_alerts(bot_configs, bot_token, repo_name, config, diff)
 
         # Handle diff alerts (if any)
-        if not diff.new_alerts:
+        if not diff_alert_source:
             logger.debug("No new diff alerts to notify via Slack.")
         else:
             # Send to each configured bot_config with filtering
@@ -178,7 +179,7 @@ def _send_bot_alerts(self, diff, config: CliConfig):
                 # Filter alerts based on bot config
                 # When --reach is used, reachability_alerts_only applies to diff alerts
                 filtered_alerts = self._filter_alerts(
-                    diff.new_alerts, 
+                    diff_alert_source,
                     bot_config, 
                     repo_name, 
                     config,
@@ -191,18 +192,12 @@ def _send_bot_alerts(self, diff, config: CliConfig):
                     continue
 
                 # Create a temporary diff object with filtered alerts for message creation
-                filtered_diff = Diff(
-                    new_alerts=filtered_alerts,
-                    diff_url=getattr(diff, "diff_url", ""),
-                    new_packages=getattr(diff, "new_packages", []),
-                    removed_packages=getattr(diff, "removed_packages", []),
-                    packages=getattr(diff, "packages", {})
-                )
+                filtered_diff = clone_diff_with_selected_alerts(diff, filtered_alerts)
 
                 message = self.create_slack_blocks_from_diff(filtered_diff, config)
 
                 if config.enable_debug:
-                    logger.debug(f"Bot config '{name}': Total diff alerts: {len(diff.new_alerts)}, Filtered alerts: {len(filtered_alerts)}")
+                    logger.debug(f"Bot config '{name}': Total diff alerts: {len(diff_alert_source)}, Filtered alerts: {len(filtered_alerts)}")
                     logger.debug(f"Message blocks count: {len(message)}")
 
                 # Send to each channel in the bot_config
@@ -387,6 +382,18 @@ def _filter_alerts(
                         f"repos={repos_filter}, alert_types={alert_types}, "
                         f"severities={severities}, reachability_only={reachability_only}, "
                         f"apply_reachability_only={apply_reachability_only_filter}")
+
+        reachable_alert_identity_set = None
+        if apply_reachability_only_filter and reachability_only:
+            reachable_alerts = filter_alerts_by_reachability(
+                alerts,
+                "reachable",
+                config.target_path,
+                config.reach_output_file,
+                logger=logger,
+                fallback_to_blocking_for_reachable=True,
+            )
+            reachable_alert_identity_set = {id(a) for a in reachable_alerts}
 
         for alert in alerts:
             # For reachability data, only apply severities filter
@@ -405,9 +412,7 @@ def _filter_alerts(
                 continue
 
             # Filter by reachability_alerts_only (only when --reach is used)
-            if apply_reachability_only_filter and reachability_only:
-                # Only include alerts that have error=True (blocking issues)
-                if not getattr(alert, "error", False):
+            if reachable_alert_identity_set is not None and id(alert) not in reachable_alert_identity_set:
                     continue
 
             # Filter by alert_types (overrides severity, empty list = no filtering)