@atomist/sdm-pack-node
Version:
Extension pack for an Atomist SDM to work with Node.js projects
116 lines • 4.92 kB
JavaScript
;
/*
* Copyright © 2019 Atomist, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
const automation_client_1 = require("@atomist/automation-client");
const sdm_1 = require("@atomist/sdm");
const slack_messages_1 = require("@atomist/slack-messages");
const _ = require("lodash");
const npmAuditAutofix_1 = require("../autofix/npmAuditAutofix");
exports.npmAuditReviewCategory = "npm audit";
function npmAuditReviewComment(detail, rule, severity = "info") {
return {
category: exports.npmAuditReviewCategory,
detail,
severity,
subcategory: rule,
};
}
function mapNpmAuditResultsToReviewComments(npmAuditOutput) {
let results;
try {
results = JSON.parse(npmAuditOutput);
}
catch (e) {
automation_client_1.logger.error(`Failed to parse npm audit output '${npmAuditOutput}': ${e.message}`);
return [];
}
return _.map(results.advisories, v => {
const rule = `${v.module_name}:${v.vulnerable_versions}`;
let details = `[${v.title}](${v.url})`;
if (!!v.recommendation) {
details = `${details} ${slack_messages_1.italic(v.recommendation.trim())}`;
}
if (!!v.cves && v.cves.length > 0) {
details = `${details} - ${v.cves.map(c => `[${c}](https://nvd.nist.gov/vuln/detail/${c})`).join(" ")}`;
}
if (!!v.findings && v.findings.length > 0) {
const findings = v.findings.map(f => `\n - ${slack_messages_1.codeLine(`${v.module_name}:${f.version}`)}: ${(f.paths || []).map(p => `\n - ${slack_messages_1.codeLine(p)}`).join("")}`);
details = `${details} ${findings.join("")}`;
}
let severity;
switch (v.severity) {
case "info":
case "low":
severity = "info";
break;
case "moderate":
severity = "warn";
break;
case "high":
case "critical":
severity = "error";
break;
}
return npmAuditReviewComment(details, rule, severity);
});
}
exports.mapNpmAuditResultsToReviewComments = mapNpmAuditResultsToReviewComments;
function runNpmAuditOnProject(options = npmAuditAutofix_1.DefaultNpmAuditOptions) {
return (p) => __awaiter(this, void 0, void 0, function* () {
const review = { repoId: p.id, comments: [] };
if (!automation_client_1.isLocalProject(p)) {
automation_client_1.logger.error(`Project ${p.name} is not a local project`);
return review;
}
const cwd = p.baseDir;
const args = ["audit", "--json"];
if (options.packageLockOnly === true) {
args.push("--package-lock-only");
}
try {
const npmAuditResult = yield sdm_1.spawnPromise("npm", args, { cwd });
if (npmAuditResult.stderr) {
automation_client_1.logger.debug(`npm audit standard error from ${p.name}: ${npmAuditResult.stderr}`);
}
const comments = mapNpmAuditResultsToReviewComments(npmAuditResult.stdout);
review.comments.push(...comments);
}
catch (e) {
automation_client_1.logger.error(`Failed to run npm audit: ${e.message}`);
}
return review;
});
}
exports.runNpmAuditOnProject = runNpmAuditOnProject;
function npmAuditInspection(options = npmAuditAutofix_1.DefaultNpmAuditOptions) {
return {
name: "NpmAuditInspection",
description: "Run npm audit on project",
inspection: runNpmAuditOnProject(options),
intent: "npm audit",
};
}
exports.npmAuditInspection = npmAuditInspection;
//# sourceMappingURL=npmAudit.js.map