@atomist/sdm/lib/pack/node/inspection/npmAudit.js

Atomist Software Delivery Machine SDK

"use strict";
/*
 * Copyright © 2020 Atomist, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
Object.defineProperty(exports, "__esModule", { value: true });
exports.NpmAuditAutoInspectRegistration = exports.npmAuditInspection = exports.runNpmAuditOnProject = exports.mapNpmAuditResultsToReviewComments = exports.npmAuditReviewCategory = void 0;
const LocalProject_1 = require("@atomist/automation-client/lib/project/local/LocalProject");
const logger_1 = require("@atomist/automation-client/lib/util/logger");
const slack_messages_1 = require("@atomist/slack-messages");
const _ = require("lodash");
const child_process_1 = require("../../../api-helper/misc/child_process");
const npmAuditAutofix_1 = require("../autofix/npmAuditAutofix");
const nodePushTests_1 = require("../pushtest/nodePushTests");
exports.npmAuditReviewCategory = "npm audit";
function npmAuditReviewComment(detail, rule, severity = "info") {
    return {
        category: exports.npmAuditReviewCategory,
        detail,
        severity,
        subcategory: rule,
    };
}
function mapNpmAuditResultsToReviewComments(npmAuditOutput) {
    let results;
    try {
        results = JSON.parse(npmAuditOutput);
    }
    catch (e) {
        logger_1.logger.error(`Failed to parse npm audit output '${npmAuditOutput}': ${e.message}`);
        return [];
    }
    return _.map(results.advisories, v => {
        const rule = `${v.module_name}:${v.vulnerable_versions}`;
        let details = `[${v.title}](${v.url})`;
        if (!!v.recommendation) {
            details = `${details} ${slack_messages_1.italic(v.recommendation.trim())}`;
        }
        if (!!v.cves && v.cves.length > 0) {
            details = `${details} - ` + v.cves.map(c => `[${c}](https://nvd.nist.gov/vuln/detail/${c})`).join(" ");
        }
        if (!!v.findings && v.findings.length > 0) {
            const findings = v.findings.map(f => `\n  - ${slack_messages_1.codeLine(`${v.module_name}:${f.version}`)}: ${(f.paths || [])
                .map(p => `\n    - ${slack_messages_1.codeLine(p)}`)
                .join("")}`);
            details = `${details} ${findings.join("")}`;
        }
        let severity;
        switch (v.severity) {
            case "info":
            case "low":
                severity = "info";
                break;
            case "moderate":
                severity = "warn";
                break;
            case "high":
            case "critical":
                severity = "error";
                break;
        }
        return npmAuditReviewComment(details, rule, severity);
    });
}
exports.mapNpmAuditResultsToReviewComments = mapNpmAuditResultsToReviewComments;
function runNpmAuditOnProject(options = npmAuditAutofix_1.DefaultNpmAuditOptions) {
    return async (p) => {
        const review = { repoId: p.id, comments: [] };
        if (!LocalProject_1.isLocalProject(p)) {
            logger_1.logger.error(`Project ${p.name} is not a local project`);
            return review;
        }
        const cwd = p.baseDir;
        const args = ["audit", "--json"];
        if (options.packageLockOnly === true) {
            args.push("--package-lock-only");
        }
        try {
            const npmAuditResult = await child_process_1.spawnPromise("npm", args, { cwd });
            if (npmAuditResult.stderr) {
                logger_1.logger.debug(`npm audit standard error from ${p.name}: ${npmAuditResult.stderr}`);
            }
            const comments = mapNpmAuditResultsToReviewComments(npmAuditResult.stdout);
            review.comments.push(...comments);
        }
        catch (e) {
            logger_1.logger.error(`Failed to run npm audit: ${e.message}`);
        }
        return review;
    };
}
exports.runNpmAuditOnProject = runNpmAuditOnProject;
/**
 * Provide a code inspection that runs `npm audit` and returns a
 * ProjectReview.
 */
function npmAuditInspection(options = npmAuditAutofix_1.DefaultNpmAuditOptions) {
    return {
        name: "NpmAuditInspection",
        description: "Run npm audit on project",
        inspection: runNpmAuditOnProject(options),
        intent: "npm audit",
    };
}
exports.npmAuditInspection = npmAuditInspection;
/**
 * Provide an auto inspect registration that runs `npm audit` and
 * returns a ProjectReview.
 */
exports.NpmAuditAutoInspectRegistration = {
    name: "NpmAuditAutoInspection",
    inspection: runNpmAuditOnProject(),
    pushTest: nodePushTests_1.IsNode,
};
//# sourceMappingURL=npmAudit.js.map