From ca8e549931f3f0a167d66b4d58d6e2d8c886e837 Mon Sep 17 00:00:00 2001
From: Nate Weller <hello@nateweller.com>
Date: Mon, 6 Jan 2025 13:55:16 -0700
Subject: [PATCH] Combine multiple vulnerabilities for a single extension into
 one vulnerable extension threat

changelog

minor adjustments

changelog

add source to generator

minor adjustments

Add typed params

minor adjustments

use generator for core vulns threat

update tests, minor adjustments

adjust tests

Fix phan issues

add jetpack-redirect dep

fix tests

update lock files

changelog

Update projects/packages/protect-models/changelog/protect-status-combine-vulns-into-extension-threat
---
 ...status-combine-vulns-into-extension-threat |   4 +
 .../packages/protect-models/composer.json     |   3 +-
 .../protect-models/src/class-threat-model.php | 123 +++++++++
 .../src/class-vulnerability-model.php         |  94 +++++++
 .../changelog/combine-vulns-into-threat       |   4 +
 .../src/class-protect-status.php              |  61 +++--
 .../protect-status/tests/php/test-status.php  | 240 +++++++++---------
 .../plugins/backup/changelog/update-lock-file |   4 +
 projects/plugins/backup/composer.lock         |   3 +-
 .../plugins/boost/changelog/update-lock-file  |   4 +
 projects/plugins/boost/composer.lock          |   3 +-
 .../jetpack/changelog/update-lock-file        |   4 +
 projects/plugins/jetpack/composer.lock        |   3 +-
 .../protect/changelog/update-lock-file        |   4 +
 projects/plugins/protect/composer.lock        |   3 +-
 .../plugins/search/changelog/update-lock-file |   4 +
 projects/plugins/search/composer.lock         |   3 +-
 .../plugins/social/changelog/update-lock-file |   4 +
 projects/plugins/social/composer.lock         |   3 +-
 .../starter-plugin/changelog/update-lock-file |   4 +
 projects/plugins/starter-plugin/composer.lock |   3 +-
 .../videopress/changelog/update-lock-file     |   4 +
 projects/plugins/videopress/composer.lock     |   3 +-
 23 files changed, 432 insertions(+), 153 deletions(-)
 create mode 100644 projects/packages/protect-models/changelog/protect-status-combine-vulns-into-extension-threat
 create mode 100644 projects/packages/protect-models/src/class-vulnerability-model.php
 create mode 100644 projects/packages/protect-status/changelog/combine-vulns-into-threat
 create mode 100644 projects/plugins/backup/changelog/update-lock-file
 create mode 100644 projects/plugins/boost/changelog/update-lock-file
 create mode 100644 projects/plugins/jetpack/changelog/update-lock-file
 create mode 100644 projects/plugins/protect/changelog/update-lock-file
 create mode 100644 projects/plugins/search/changelog/update-lock-file
 create mode 100644 projects/plugins/social/changelog/update-lock-file
 create mode 100644 projects/plugins/starter-plugin/changelog/update-lock-file
 create mode 100644 projects/plugins/videopress/changelog/update-lock-file

diff --git a/projects/packages/protect-models/changelog/protect-status-combine-vulns-into-extension-threat b/projects/packages/protect-models/changelog/protect-status-combine-vulns-into-extension-threat
new file mode 100644
index 0000000000000..de7eb71625663
--- /dev/null
+++ b/projects/packages/protect-models/changelog/protect-status-combine-vulns-into-extension-threat
@@ -0,0 +1,4 @@
+Significance: minor
+Type: changed
+
+Combine vulnerabilities for the same extension into single vulnerable extension threats.
diff --git a/projects/packages/protect-models/composer.json b/projects/packages/protect-models/composer.json
index c8a005ad7648c..46ffc30934ab4 100644
--- a/projects/packages/protect-models/composer.json
+++ b/projects/packages/protect-models/composer.json
@@ -4,7 +4,8 @@
 	"type": "jetpack-library",
 	"license": "GPL-2.0-or-later",
 	"require": {
-		"php": ">=7.2"
+		"php": ">=7.2",
+		"automattic/jetpack-redirect": "@dev"
 	},
 	"require-dev": {
 		"yoast/phpunit-polyfills": "^1.1.1",
diff --git a/projects/packages/protect-models/src/class-threat-model.php b/projects/packages/protect-models/src/class-threat-model.php
index bf8add53d530e..c588953468106 100644
--- a/projects/packages/protect-models/src/class-threat-model.php
+++ b/projects/packages/protect-models/src/class-threat-model.php
@@ -119,6 +119,15 @@ class Threat_Model {
 	 */
 	public $extension;
 
+	/**
+	 * The threat's related vulnerabilities.
+	 *
+	 * @since $$next-version$$
+	 *
+	 * @var null|Vulnerability_Model[]
+	 */
+	public $vulnerabilities;
+
 	/**
 	 * Threat Constructor
 	 *
@@ -139,4 +148,118 @@ public function __construct( $threat ) {
 			}
 		}
 	}
+
+	/**
+	 * Get the ID value of the threat based on its related extension and vulnerabilities.
+	 *
+	 * @since $$next-version$$
+	 *
+	 * @param Extension_Model $extension       The extension to get the ID from.
+	 *
+	 * @return string
+	 */
+	private static function get_id_from_vulnerable_extension( Extension_Model $extension ) {
+		return "$extension->type-$extension->slug-$extension->version";
+	}
+
+	/**
+	 * Get the title from a vulnerable extension.
+	 *
+	 * @since $$next-version$$
+	 *
+	 * @param Extension_Model $extension The extension to get the title from.
+	 *
+	 * @return string|null
+	 */
+	private static function get_title_from_vulnerable_extension( Extension_Model $extension ) {
+		$titles = array(
+			'plugins' => sprintf(
+				/* translators: placeholders are the theme name and version number. Example: "Vulnerable theme: Jetpack (version 1.2.3)" */
+				__( 'Vulnerable plugin: %1$s (version %2$s)', 'jetpack-protect-models' ),
+				$extension->name,
+				$extension->version
+			),
+			'themes'  => sprintf(
+				/* translators: placeholders are the theme name and version number. Example: "Vulnerable theme: Jetpack (version 1.2.3)" */
+				__( 'Vulnerable theme: %1$s (version %2$s)', 'jetpack-protect-models' ),
+				$extension->name,
+				$extension->version
+			),
+			'core'    => sprintf(
+				/* translators: placeholder is the version number. Example: "Vulnerable WordPress (version 1.2.3)" */
+				__( 'Vulnerable WordPress (version %s)', 'jetpack-protect-models' ),
+				$extension->version
+			),
+		);
+
+		return $titles[ $extension->type ] ?? null;
+	}
+
+	/**
+	 * Get the description from a vulnerable extension.
+	 *
+	 * @since $$next-version$$
+	 *
+	 * @param Extension_Model $extension The extension to get the description from.
+	 * @param array           $vulnerabilities The vulnerabilities to get the description from.
+	 *
+	 * @return string
+	 */
+	private static function get_description_from_vulnerable_extension( Extension_Model $extension, array $vulnerabilities ) {
+		return sprintf(
+				/* translators: placeholders are the theme name and version number. Example: "The installed version of Jetpack (1.2.3) has a known security vulnerability." */
+			_n( 'The installed version of %1$s (%2$s) has a known security vulnerability.', 'The installed version of %1$s (%2$s) has known security vulnerabilities.', count( $vulnerabilities ), 'jetpack-protect-models' ),
+			$extension->name,
+			$extension->version
+		);
+	}
+
+	/**
+	 * Get the latest fixed_in version from a list of vulnerabilities.
+	 *
+	 * @since $$next-version$$
+	 *
+	 * @param array $vulnerabilities The vulnerabilities to get the fixed_in version from.
+	 *
+	 * @return string|bool|null The latest fixed_in version, or false if any of the vulnerabilities are not fixed.
+	 */
+	private static function get_fixed_in_from_vulnerabilities( array $vulnerabilities ) {
+		$fixed_in = null;
+
+		foreach ( $vulnerabilities as $vulnerability ) {
+			// If any of the vulnerabilities are not fixed, the threat is not fixed.
+			if ( ! $vulnerability->fixed_in ) {
+				break;
+			}
+
+			// Use the latest available fixed_in version.
+			if ( ! $fixed_in || ( $fixed_in && version_compare( $vulnerability->fixed_in, $fixed_in, '>' ) ) ) {
+				$fixed_in = $vulnerability->fixed_in;
+			}
+		}
+
+		return $fixed_in;
+	}
+
+	/**
+	 * Generate a threat from extension vulnerabilities.
+	 *
+	 * @since $$next-version$$
+	 *
+	 * @param Extension_Model       $extension       The extension to generate the threat for.
+	 * @param Vulnerability_Model[] $vulnerabilities The vulnerabilities to generate the threat from.
+	 *
+	 * @return Threat_Model
+	 */
+	public static function generate_from_extension_vulnerabilities( Extension_Model $extension, array $vulnerabilities ) {
+		return new Threat_Model(
+			array(
+				'id'              => self::get_id_from_vulnerable_extension( $extension ),
+				'title'           => self::get_title_from_vulnerable_extension( $extension ),
+				'description'     => self::get_description_from_vulnerable_extension( $extension, $vulnerabilities ),
+				'fixed_in'        => self::get_fixed_in_from_vulnerabilities( $vulnerabilities ),
+				'vulnerabilities' => $vulnerabilities,
+			)
+		);
+	}
 }
diff --git a/projects/packages/protect-models/src/class-vulnerability-model.php b/projects/packages/protect-models/src/class-vulnerability-model.php
new file mode 100644
index 0000000000000..210d5dc1aa74e
--- /dev/null
+++ b/projects/packages/protect-models/src/class-vulnerability-model.php
@@ -0,0 +1,94 @@
+<?php
+/**
+ * Model class for vulnerability data.
+ *
+ * @package automattic/jetpack-protect-models
+ */
+
+namespace Automattic\Jetpack\Protect_Models;
+
+use Automattic\Jetpack\Redirect;
+
+/**
+ * Model class for vulnerability data.
+ */
+class Vulnerability_Model {
+	/**
+	 * Threat ID.
+	 *
+	 * @var null|string
+	 */
+	public $id;
+
+	/**
+	 * Threat Title.
+	 *
+	 * @var null|string
+	 */
+	public $title;
+
+	/**
+	 * Threat Description.
+	 *
+	 * @var null|string
+	 */
+	public $description;
+
+	/**
+	 * The version the threat is fixed in.
+	 *
+	 * @var null|string
+	 */
+	public $fixed_in;
+
+	/**
+	 * The version the threat was introduced.
+	 *
+	 * @var null|string
+	 */
+	public $introduced_in;
+
+	/**
+	 * The type of threat.
+	 *
+	 * @var null|string
+	 */
+	public $type;
+
+	/**
+	 * The source URL for the threat.
+	 *
+	 * @var null|string
+	 */
+	public $source;
+
+	/**
+	 * Threat Constructor
+	 *
+	 * @param array|object $threat Threat data to load into the class instance.
+	 */
+	public function __construct( $threat ) {
+		// Initialize the threat data.
+		foreach ( $threat as $property => $value ) {
+			if ( property_exists( $this, $property ) ) {
+				$this->$property = $value;
+			}
+		}
+
+		// Ensure the source URL is set.
+		$this->get_source();
+	}
+
+	/**
+	 * Get the source URL for the threat.
+	 *
+	 * @return string
+	 */
+	public function get_source() {
+		if ( empty( $this->source ) && $this->id ) {
+			$this->source = Redirect::get_url( 'jetpack-protect-vul-info', array( 'path' => $this->id ) );
+		}
+
+		return $this->source;
+	}
+}
diff --git a/projects/packages/protect-status/changelog/combine-vulns-into-threat b/projects/packages/protect-status/changelog/combine-vulns-into-threat
new file mode 100644
index 0000000000000..b35e964631a8c
--- /dev/null
+++ b/projects/packages/protect-status/changelog/combine-vulns-into-threat
@@ -0,0 +1,4 @@
+Significance: minor
+Type: changed
+
+Combine multiple vulnerability results for the same extension into a single vulnerable extension threat result.
diff --git a/projects/packages/protect-status/src/class-protect-status.php b/projects/packages/protect-status/src/class-protect-status.php
index 6a2aa2e0361eb..d09bf0ca6194c 100644
--- a/projects/packages/protect-status/src/class-protect-status.php
+++ b/projects/packages/protect-status/src/class-protect-status.php
@@ -15,7 +15,7 @@
 use Automattic\Jetpack\Protect_Models\Extension_Model;
 use Automattic\Jetpack\Protect_Models\Status_Model;
 use Automattic\Jetpack\Protect_Models\Threat_Model;
-use Automattic\Jetpack\Redirect;
+use Automattic\Jetpack\Protect_Models\Vulnerability_Model;
 use Automattic\Jetpack\Sync\Functions as Sync_Functions;
 use Jetpack_Options;
 use WP_Error;
@@ -223,21 +223,29 @@ protected static function normalize_extension_data( &$status, $report_data, $ext
 				continue;
 			}
 
-			$extension->checked = true;
+			$extension->checked         = true;
+			$extension_threats[ $slug ] = $extension;
 
-			foreach ( $checked_extension->vulnerabilities as $vulnerability ) {
-				$threat         = new Threat_Model( $vulnerability );
-				$threat->source = isset( $vulnerability->id ) ? Redirect::get_url( 'jetpack-protect-vul-info', array( 'path' => $vulnerability->id ) ) : null;
+			if ( ! empty( $checked_extension->vulnerabilities ) ) {
+				// normalize the vulnerabilities data
+				$vulnerabilities = array_map(
+					function ( $vulnerability ) {
+						return new Vulnerability_Model( $vulnerability );
+					},
+					$checked_extension->vulnerabilities
+				);
+
+				// convert the detected vulnerabilities into a vulnerable extension threat
+				$threat = Threat_Model::generate_from_extension_vulnerabilities( $extension, $vulnerabilities );
 
-				$threat_extension            = clone $extension;
-				$extension_threat            = clone $threat;
-				$extension_threat->extension = null;
+				$threat_extension = clone $extension;
+				$extension_threat = clone $threat;
 
+				$extension_threat->extension           = null;
 				$extension_threats[ $slug ]->threats[] = $extension_threat;
 
 				$threat->extension = $threat_extension;
 				$status->threats[] = $threat;
-
 			}
 		}
 
@@ -282,27 +290,26 @@ protected static function normalize_core_data( &$status, $report_data ) {
 		// If we've made it this far, the core version has been checked.
 		$core->checked = true;
 
-		// Extract threat data from the report.
-		if ( is_array( $report_data->core->vulnerabilities ) ) {
-			foreach ( $report_data->core->vulnerabilities as $vulnerability ) {
-				$threat = new Threat_Model(
-					array(
-						'id'          => $vulnerability->id,
-						'title'       => $vulnerability->title,
-						'fixed_in'    => $vulnerability->fixed_in,
-						'description' => isset( $vulnerability->description ) ? $vulnerability->description : null,
-						'source'      => isset( $vulnerability->id ) ? Redirect::get_url( 'jetpack-protect-vul-info', array( 'path' => $vulnerability->id ) ) : null,
-					)
-				);
+		// Generate a threat from core vulnerabilities.
+		if ( ! empty( $report_data->core->vulnerabilities ) ) {
+			// normalize the vulnerabilities data
+			$vulnerabilities = array_map(
+				function ( $vulnerability ) {
+					return new Vulnerability_Model( $vulnerability );
+				},
+				$report_data->core->vulnerabilities
+			);
 
-				$threat_extension = clone $core;
-				$extension_threat = clone $threat;
+			// convert the detected vulnerabilities into a vulnerable extension threat
+			$threat = Threat_Model::generate_from_extension_vulnerabilities( $core, $vulnerabilities );
 
-				$core->threats[]   = $extension_threat;
-				$threat->extension = $threat_extension;
+			$threat_extension = clone $core;
+			$extension_threat = clone $threat;
 
-				$status->threats[] = $threat;
-			}
+			$core->threats[]   = $extension_threat;
+			$threat->extension = $threat_extension;
+
+			$status->threats[] = $threat;
 		}
 
 		$status->core = $core;
diff --git a/projects/packages/protect-status/tests/php/test-status.php b/projects/packages/protect-status/tests/php/test-status.php
index 728c83f537537..0416524cca1c3 100644
--- a/projects/packages/protect-status/tests/php/test-status.php
+++ b/projects/packages/protect-status/tests/php/test-status.php
@@ -13,6 +13,7 @@
 use Automattic\Jetpack\Protect_Models\Extension_Model;
 use Automattic\Jetpack\Protect_Models\Status_Model;
 use Automattic\Jetpack\Protect_Models\Threat_Model;
+use Automattic\Jetpack\Protect_Models\Vulnerability_Model;
 use Jetpack_Options;
 use WorDBless\BaseTestCase;
 
@@ -103,14 +104,14 @@ public function get_sample_api_response() {
 			'themes'                      => (object) array(
 				'theme-1' => (object) array(
 					'slug'            => 'theme-1',
-					'name'            => 'Sample Theme',
+					'name'            => 'Sample Theme 1',
 					'version'         => '1.0.2',
 					'checked'         => true,
 					'vulnerabilities' => array(
 						(object) array(
 							'id'       => 'test-vuln-1',
 							'title'    => 'Test Vuln 1',
-							'fixed_in' => '2.0.0',
+							'fixed_in' => '1.0.0',
 						),
 					),
 				),
@@ -118,7 +119,7 @@ public function get_sample_api_response() {
 			'plugins'                     => (object) array(
 				'plugin-1' => (object) array(
 					'slug'            => 'plugin-1',
-					'name'            => 'Sample Plugin',
+					'name'            => 'Sample Plugin 1',
 					'version'         => '1.0.2',
 					'checked'         => true,
 					'vulnerabilities' => array(
@@ -131,7 +132,7 @@ public function get_sample_api_response() {
 				),
 				'plugin-2' => (object) array(
 					'slug'            => 'plugin-2',
-					'name'            => 'Sample Plugin',
+					'name'            => 'Sample Plugin 2',
 					'version'         => '1.0.2',
 					'checked'         => true,
 					'vulnerabilities' => array(),
@@ -144,7 +145,7 @@ public function get_sample_api_response() {
 					(object) array(
 						'id'       => 'test-vuln-3',
 						'title'    => 'Test Vuln 3',
-						'fixed_in' => '2.0.0',
+						'fixed_in' => null,
 					),
 				),
 				'name'            => 'WordPress',
@@ -155,11 +156,118 @@ public function get_sample_api_response() {
 	/**
 	 * Get a sample result of Protect_Status::get_status().
 	 *
+	 * @phan-suppress PhanDeprecatedProperty -- Testing backwards compatibility.
+	 *
 	 * @return object
 	 */
 	public function get_sample_status() {
 		global $wp_version;
 
+		$vulnerability_1 = new Vulnerability_Model(
+			array(
+				'id'       => 'test-vuln-1',
+				'title'    => 'Test Vuln 1',
+				'fixed_in' => '1.0.0',
+			)
+		);
+
+		$vulnerability_2 = new Vulnerability_Model(
+			array(
+				'id'       => 'test-vuln-2',
+				'title'    => 'Test Vuln 2',
+				'fixed_in' => '2.0.0',
+			)
+		);
+
+		$vulnerability_3 = new Vulnerability_Model(
+			array(
+				'id'       => 'test-vuln-3',
+				'title'    => 'Test Vuln 3',
+				'fixed_in' => null,
+			)
+		);
+
+		$plugin_1 = new Extension_Model(
+			array(
+				'version' => '1.0.2',
+				'name'    => 'Sample Plugin 1',
+				'checked' => true,
+				'type'    => 'plugins',
+				'slug'    => 'plugin-1',
+			)
+		);
+
+		$theme_1 = new Extension_Model(
+			array(
+				'version' => '1.0.2',
+				'name'    => 'Sample Theme 1',
+				'checked' => true,
+				'type'    => 'themes',
+				'slug'    => 'theme-1',
+			)
+		);
+
+		$core = new Extension_Model(
+			array(
+				'version' => $wp_version,
+				'name'    => 'WordPress',
+				'checked' => true,
+				'type'    => 'core',
+				'slug'    => 'wordpress',
+			)
+		);
+
+		$plugin_1_threat = new Threat_Model(
+			array(
+				'id'              => 'plugins-plugin-1-1.0.2',
+				'title'           => 'Vulnerable plugin: Sample Plugin 1 (version 1.0.2)',
+				'description'     => 'The installed version of Sample Plugin 1 (1.0.2) has a known security vulnerability.',
+				'fixed_in'        => '2.0.0',
+				'source'          => null,
+				'vulnerabilities' => array( $vulnerability_2 ),
+			)
+		);
+
+		$theme_1_threat = new Threat_Model(
+			array(
+				'id'              => 'themes-theme-1-1.0.2',
+				'title'           => 'Vulnerable theme: Sample Theme 1 (version 1.0.2)',
+				'description'     => 'The installed version of Sample Theme 1 (1.0.2) has a known security vulnerability.',
+				'fixed_in'        => '1.0.0',
+				'source'          => null,
+				'vulnerabilities' => array( $vulnerability_1 ),
+			)
+		);
+
+		$core_threat = new Threat_Model(
+			array(
+				'id'              => 'core-wordpress-' . $wp_version,
+				'title'           => 'Vulnerable WordPress (version ' . $wp_version . ')',
+				'description'     => 'The installed version of WordPress (' . $wp_version . ') has a known security vulnerability.',
+				'fixed_in'        => null,
+				'source'          => null,
+				'vulnerabilities' => array( $vulnerability_3 ),
+			)
+		);
+
+		$core_threat_with_extension            = clone $core_threat;
+		$core_threat_with_extension->extension = $core;
+
+		$plugin_1_threat_with_extension            = clone $plugin_1_threat;
+		$plugin_1_threat_with_extension->extension = $plugin_1;
+
+		$theme_1_threat_with_extension            = clone $theme_1_threat;
+		$theme_1_threat_with_extension->extension = $theme_1;
+
+		$plugin_1_with_threats          = clone $plugin_1;
+		$plugin_1_with_threats->threats = array( $plugin_1_threat );
+
+		$theme_1_with_threats          = clone $theme_1;
+		$theme_1_with_threats->threats = array( $theme_1_threat );
+
+		$core_with_threats          = clone $core;
+		$core_with_threats->threats = array( $core_threat );
+
 		return new Status_Model(
 			array(
 				'data_source'         => 'protect_report',
@@ -172,125 +280,23 @@ public function get_sample_status() {
 					new Extension_Model(
 						array(
 							'version' => '1.0.2',
-							'name'    => 'Sample Plugin',
+							'name'    => 'Sample Plugin 2',
 							'checked' => true,
 							'type'    => 'plugins',
 							'threats' => array(),
 							'slug'    => 'plugin-2',
 						)
 					),
-					new Extension_Model(
-						array(
-							'version' => '1.0.2',
-							'name'    => 'Sample Plugin',
-							'checked' => true,
-							'type'    => 'plugins',
-							'threats' => array(
-								new Threat_Model(
-									array(
-										'id'       => 'test-vuln-2',
-										'title'    => 'Test Vuln 2',
-										'fixed_in' => '2.0.0',
-										'source'   => 'https://jetpack.com/redirect/?source=jetpack-protect-vul-info&site=example.org&path=test-vuln-2',
-									)
-								),
-							),
-							'slug'    => 'plugin-1',
-						)
-					),
+					$plugin_1_with_threats,
 				),
 				'themes'              => array(
-					new Extension_Model(
-						array(
-							'version' => '1.0.2',
-							'name'    => 'Sample Theme',
-							'checked' => true,
-							'type'    => 'themes',
-							'threats' => array(
-								new Threat_Model(
-									array(
-										'id'       => 'test-vuln-1',
-										'title'    => 'Test Vuln 1',
-										'fixed_in' => '2.0.0',
-										'source'   => 'https://jetpack.com/redirect/?source=jetpack-protect-vul-info&site=example.org&path=test-vuln-1',
-									)
-								),
-							),
-							'slug'    => 'theme-1',
-						)
-					),
-				),
-				'core'                => new Extension_Model(
-					array(
-						'version' => $wp_version,
-						'threats' => array(
-							new Threat_Model(
-								array(
-									'id'       => 'test-vuln-3',
-									'title'    => 'Test Vuln 3',
-									'fixed_in' => '2.0.0',
-									'source'   => 'https://jetpack.com/redirect/?source=jetpack-protect-vul-info&site=example.org&path=test-vuln-3',
-								)
-							),
-						),
-						'checked' => true,
-						'name'    => 'WordPress',
-						'slug'    => 'wordpress',
-						'type'    => 'core',
-					)
+					$theme_1_with_threats,
 				),
+				'core'                => $core_with_threats,
 				'threats'             => array(
-					new Threat_Model(
-						array(
-							'id'        => 'test-vuln-1',
-							'title'     => 'Test Vuln 1',
-							'fixed_in'  => '2.0.0',
-							'source'    => 'https://jetpack.com/redirect/?source=jetpack-protect-vul-info&site=example.org&path=test-vuln-1',
-							'extension' => new Extension_Model(
-								array(
-									'version' => '1.0.2',
-									'name'    => 'Sample Theme',
-									'checked' => true,
-									'type'    => 'themes',
-									'slug'    => 'theme-1',
-								)
-							),
-						)
-					),
-					new Threat_Model(
-						array(
-							'id'        => 'test-vuln-2',
-							'title'     => 'Test Vuln 2',
-							'fixed_in'  => '2.0.0',
-							'source'    => 'https://jetpack.com/redirect/?source=jetpack-protect-vul-info&site=example.org&path=test-vuln-2',
-							'extension' => new Extension_Model(
-								array(
-									'version' => '1.0.2',
-									'name'    => 'Sample Plugin',
-									'checked' => true,
-									'type'    => 'plugins',
-									'slug'    => 'plugin-1',
-								)
-							),
-						)
-					),
-					new Threat_Model(
-						array(
-							'id'        => 'test-vuln-3',
-							'title'     => 'Test Vuln 3',
-							'fixed_in'  => '2.0.0',
-							'source'    => 'https://jetpack.com/redirect/?source=jetpack-protect-vul-info&site=example.org&path=test-vuln-3',
-							'extension' => new Extension_Model(
-								array(
-									'version' => $wp_version,
-									'name'    => 'WordPress',
-									'checked' => true,
-									'type'    => 'core',
-									'slug'    => 'wordpress',
-								)
-							),
-						)
-					),
+					$theme_1_threat_with_extension,
+					$plugin_1_threat_with_extension,
+					$core_threat_with_extension,
 				),
 			)
 		);
@@ -319,11 +325,11 @@ public function return_sample_response() {
 	public function return_sample_plugins() {
 		return array(
 			'plugin-1' => array(
-				'Name'    => 'Sample Plugin',
+				'Name'    => 'Sample Plugin 1',
 				'Version' => '1.0.2',
 			),
 			'plugin-2' => array(
-				'Name'    => 'Sample Plugin',
+				'Name'    => 'Sample Plugin 2',
 				'Version' => '1.0.2',
 			),
 		);
@@ -337,7 +343,7 @@ public function return_sample_plugins() {
 	public function return_sample_themes() {
 		return array(
 			'theme-1' => array(
-				'Name'    => 'Sample Theme',
+				'Name'    => 'Sample Theme 1',
 				'Version' => '1.0.2',
 			),
 		);
diff --git a/projects/plugins/backup/changelog/update-lock-file b/projects/plugins/backup/changelog/update-lock-file
new file mode 100644
index 0000000000000..b6c4ffc2f7e11
--- /dev/null
+++ b/projects/plugins/backup/changelog/update-lock-file
@@ -0,0 +1,4 @@
+Significance: patch
+Type: changed
+
+Updated composer.lock
diff --git a/projects/plugins/backup/composer.lock b/projects/plugins/backup/composer.lock
index 17bbd5a32a9dd..205adc1d205c6 100644
--- a/projects/plugins/backup/composer.lock
+++ b/projects/plugins/backup/composer.lock
@@ -1504,9 +1504,10 @@
             "dist": {
                 "type": "path",
                 "url": "../../packages/protect-models",
-                "reference": "458fbc6b08d3eab1ea9c3a4096d9b2e7d883cdae"
+                "reference": "2d4b690bdd82203e2361d40761baa4993875a1e1"
             },
             "require": {
+                "automattic/jetpack-redirect": "@dev",
                 "php": ">=7.2"
             },
             "require-dev": {
diff --git a/projects/plugins/boost/changelog/update-lock-file b/projects/plugins/boost/changelog/update-lock-file
new file mode 100644
index 0000000000000..b6c4ffc2f7e11
--- /dev/null
+++ b/projects/plugins/boost/changelog/update-lock-file
@@ -0,0 +1,4 @@
+Significance: patch
+Type: changed
+
+Updated composer.lock
diff --git a/projects/plugins/boost/composer.lock b/projects/plugins/boost/composer.lock
index 927aaeae52c9f..1535827c9c67a 100644
--- a/projects/plugins/boost/composer.lock
+++ b/projects/plugins/boost/composer.lock
@@ -1488,9 +1488,10 @@
             "dist": {
                 "type": "path",
                 "url": "../../packages/protect-models",
-                "reference": "458fbc6b08d3eab1ea9c3a4096d9b2e7d883cdae"
+                "reference": "2d4b690bdd82203e2361d40761baa4993875a1e1"
             },
             "require": {
+                "automattic/jetpack-redirect": "@dev",
                 "php": ">=7.2"
             },
             "require-dev": {
diff --git a/projects/plugins/jetpack/changelog/update-lock-file b/projects/plugins/jetpack/changelog/update-lock-file
new file mode 100644
index 0000000000000..b327150ba8075
--- /dev/null
+++ b/projects/plugins/jetpack/changelog/update-lock-file
@@ -0,0 +1,4 @@
+Significance: patch
+Type: other
+
+Update composer.lock
diff --git a/projects/plugins/jetpack/composer.lock b/projects/plugins/jetpack/composer.lock
index 6a28de5b4b900..e3350d3c0cab0 100644
--- a/projects/plugins/jetpack/composer.lock
+++ b/projects/plugins/jetpack/composer.lock
@@ -2188,9 +2188,10 @@
 			"dist": {
 				"type": "path",
 				"url": "../../packages/protect-models",
-				"reference": "458fbc6b08d3eab1ea9c3a4096d9b2e7d883cdae"
+				"reference": "2d4b690bdd82203e2361d40761baa4993875a1e1"
 			},
 			"require": {
+				"automattic/jetpack-redirect": "@dev",
 				"php": ">=7.2"
 			},
 			"require-dev": {
diff --git a/projects/plugins/protect/changelog/update-lock-file b/projects/plugins/protect/changelog/update-lock-file
new file mode 100644
index 0000000000000..b6c4ffc2f7e11
--- /dev/null
+++ b/projects/plugins/protect/changelog/update-lock-file
@@ -0,0 +1,4 @@
+Significance: patch
+Type: changed
+
+Updated composer.lock
diff --git a/projects/plugins/protect/composer.lock b/projects/plugins/protect/composer.lock
index 0524ad3fe45be..d15fd45a11a93 100644
--- a/projects/plugins/protect/composer.lock
+++ b/projects/plugins/protect/composer.lock
@@ -1414,9 +1414,10 @@
             "dist": {
                 "type": "path",
                 "url": "../../packages/protect-models",
-                "reference": "458fbc6b08d3eab1ea9c3a4096d9b2e7d883cdae"
+                "reference": "2d4b690bdd82203e2361d40761baa4993875a1e1"
             },
             "require": {
+                "automattic/jetpack-redirect": "@dev",
                 "php": ">=7.2"
             },
             "require-dev": {
diff --git a/projects/plugins/search/changelog/update-lock-file b/projects/plugins/search/changelog/update-lock-file
new file mode 100644
index 0000000000000..b6c4ffc2f7e11
--- /dev/null
+++ b/projects/plugins/search/changelog/update-lock-file
@@ -0,0 +1,4 @@
+Significance: patch
+Type: changed
+
+Updated composer.lock
diff --git a/projects/plugins/search/composer.lock b/projects/plugins/search/composer.lock
index f32044e497c6b..49aab3c44bb8e 100644
--- a/projects/plugins/search/composer.lock
+++ b/projects/plugins/search/composer.lock
@@ -1354,9 +1354,10 @@
             "dist": {
                 "type": "path",
                 "url": "../../packages/protect-models",
-                "reference": "458fbc6b08d3eab1ea9c3a4096d9b2e7d883cdae"
+                "reference": "2d4b690bdd82203e2361d40761baa4993875a1e1"
             },
             "require": {
+                "automattic/jetpack-redirect": "@dev",
                 "php": ">=7.2"
             },
             "require-dev": {
diff --git a/projects/plugins/social/changelog/update-lock-file b/projects/plugins/social/changelog/update-lock-file
new file mode 100644
index 0000000000000..b6c4ffc2f7e11
--- /dev/null
+++ b/projects/plugins/social/changelog/update-lock-file
@@ -0,0 +1,4 @@
+Significance: patch
+Type: changed
+
+Updated composer.lock
diff --git a/projects/plugins/social/composer.lock b/projects/plugins/social/composer.lock
index fc6251abb2b38..762fc85f77ed2 100644
--- a/projects/plugins/social/composer.lock
+++ b/projects/plugins/social/composer.lock
@@ -1419,9 +1419,10 @@
 			"dist": {
 				"type": "path",
 				"url": "../../packages/protect-models",
-				"reference": "458fbc6b08d3eab1ea9c3a4096d9b2e7d883cdae"
+				"reference": "2d4b690bdd82203e2361d40761baa4993875a1e1"
 			},
 			"require": {
+				"automattic/jetpack-redirect": "@dev",
 				"php": ">=7.2"
 			},
 			"require-dev": {
diff --git a/projects/plugins/starter-plugin/changelog/update-lock-file b/projects/plugins/starter-plugin/changelog/update-lock-file
new file mode 100644
index 0000000000000..b6c4ffc2f7e11
--- /dev/null
+++ b/projects/plugins/starter-plugin/changelog/update-lock-file
@@ -0,0 +1,4 @@
+Significance: patch
+Type: changed
+
+Updated composer.lock
diff --git a/projects/plugins/starter-plugin/composer.lock b/projects/plugins/starter-plugin/composer.lock
index dbc3bce90162d..08a95677e2de8 100644
--- a/projects/plugins/starter-plugin/composer.lock
+++ b/projects/plugins/starter-plugin/composer.lock
@@ -1354,9 +1354,10 @@
             "dist": {
                 "type": "path",
                 "url": "../../packages/protect-models",
-                "reference": "458fbc6b08d3eab1ea9c3a4096d9b2e7d883cdae"
+                "reference": "2d4b690bdd82203e2361d40761baa4993875a1e1"
             },
             "require": {
+                "automattic/jetpack-redirect": "@dev",
                 "php": ">=7.2"
             },
             "require-dev": {
diff --git a/projects/plugins/videopress/changelog/update-lock-file b/projects/plugins/videopress/changelog/update-lock-file
new file mode 100644
index 0000000000000..b6c4ffc2f7e11
--- /dev/null
+++ b/projects/plugins/videopress/changelog/update-lock-file
@@ -0,0 +1,4 @@
+Significance: patch
+Type: changed
+
+Updated composer.lock
diff --git a/projects/plugins/videopress/composer.lock b/projects/plugins/videopress/composer.lock
index b3a4670190208..a6347be38d14c 100644
--- a/projects/plugins/videopress/composer.lock
+++ b/projects/plugins/videopress/composer.lock
@@ -1354,9 +1354,10 @@
             "dist": {
                 "type": "path",
                 "url": "../../packages/protect-models",
-                "reference": "458fbc6b08d3eab1ea9c3a4096d9b2e7d883cdae"
+                "reference": "2d4b690bdd82203e2361d40761baa4993875a1e1"
             },
             "require": {
+                "automattic/jetpack-redirect": "@dev",
                 "php": ">=7.2"
             },
             "require-dev": {