UNPKG

@security-alert/sarif-to-comment

Version:

post comment to GitHub issue/pull requests

github.com/security-alert/security-alert/tree/master/packages/sarif-to-comment/

security-alert/security-alert

21 lines 14.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); var index_1 = require("./index"); var content = "{\n \"$schema\" : \"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json\",\n \"version\" : \"2.1.0\",\n \"runs\" : [ {\n \"tool\" : {\n \"driver\" : {\n \"name\" : \"CodeQL command-line toolchain\",\n \"organization\" : \"GitHub\",\n \"semanticVersion\" : \"2.2.4\",\n \"rules\" : [ {\n \"id\" : \"js/xss\",\n \"name\" : \"js/xss\",\n \"shortDescription\" : {\n \"text\" : \"Client-side cross-site scripting\"\n },\n \"fullDescription\" : {\n \"text\" : \"Writing user input directly to the DOM allows for a cross-site scripting vulnerability.\"\n },\n \"defaultConfiguration\" : {\n \"level\" : \"error\"\n },\n \"properties\" : {\n \"tags\" : [ \"security\", \"external/cwe/cwe-079\", \"external/cwe/cwe-116\" ],\n \"kind\" : \"path-problem\",\n \"precision\" : \"high\",\n \"name\" : \"Client-side cross-site scripting\",\n \"description\" : \"Writing user input directly to the DOM allows for\\n a cross-site scripting vulnerability.\",\n \"id\" : \"js/xss\",\n \"problem.severity\" : \"error\"\n }\n } ]\n }\n },\n \"artifacts\" : [ {\n \"location\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n }\n }, {\n \"location\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n }\n } ],\n \"results\" : [ {\n \"ruleId\" : \"js/xss\",\n \"ruleIndex\" : 0,\n \"message\" : {\n \"text\" : \"Cross-site scripting vulnerability due to [user-provided value](1).\"\n },\n \"locations\" : [ {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 4,\n \"startColumn\" : 20,\n \"endColumn\" : 56\n }\n }\n } ],\n \"partialFingerprints\" : {\n \"primaryLocationLineHash\" : \"f10617abe5e779f0:1\",\n \"primaryLocationStartColumnFingerprint\" : \"15\"\n },\n \"codeFlows\" : [ {\n \"threadFlows\" : [ {\n \"locations\" : [ {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 2,\n \"startColumn\" : 16,\n \"endColumn\" : 33\n }\n },\n \"message\" : {\n \"text\" : \"document.location\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 2,\n \"startColumn\" : 16,\n \"endColumn\" : 38\n }\n },\n \"message\" : {\n \"text\" : \"documen ... on.href\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 2,\n \"startColumn\" : 9,\n \"endColumn\" : 38\n }\n },\n \"message\" : {\n \"text\" : \"href\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 3,\n \"startColumn\" : 17,\n \"endColumn\" : 21\n }\n },\n \"message\" : {\n \"text\" : \"href\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 3,\n \"startColumn\" : 17,\n \"endColumn\" : 59\n }\n },\n \"message\" : {\n \"text\" : \"href.su ... t=\\\")+8)\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 3,\n \"startColumn\" : 9,\n \"endColumn\" : 59\n }\n },\n \"message\" : {\n \"text\" : \"deflt\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 4,\n \"startColumn\" : 39,\n \"endColumn\" : 44\n }\n },\n \"message\" : {\n \"text\" : \"deflt\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 4,\n \"startColumn\" : 20,\n \"endColumn\" : 56\n }\n },\n \"message\" : {\n \"text\" : \"\\\"<OPTIO ... PTION>\\\"\"\n }\n }\n } ]\n } ]\n } ],\n \"relatedLocations\" : [ {\n \"id\" : 1,\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 0\n },\n \"region\" : {\n \"startLine\" : 2,\n \"startColumn\" : 16,\n \"endColumn\" : 33\n }\n },\n \"message\" : {\n \"text\" : \"user-provided value\"\n }\n } ]\n }, {\n \"ruleId\" : \"js/xss\",\n \"ruleIndex\" : 0,\n \"message\" : {\n \"text\" : \"Cross-site scripting vulnerability due to [user-provided value](1).\"\n },\n \"locations\" : [ {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 4,\n \"startColumn\" : 20,\n \"endColumn\" : 56\n }\n }\n } ],\n \"partialFingerprints\" : {\n \"primaryLocationLineHash\" : \"f10617abe5e779f0:1\",\n \"primaryLocationStartColumnFingerprint\" : \"15\"\n },\n \"codeFlows\" : [ {\n \"threadFlows\" : [ {\n \"locations\" : [ {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 2,\n \"startColumn\" : 16,\n \"endColumn\" : 33\n }\n },\n \"message\" : {\n \"text\" : \"document.location\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 2,\n \"startColumn\" : 16,\n \"endColumn\" : 38\n }\n },\n \"message\" : {\n \"text\" : \"documen ... on.href\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 2,\n \"startColumn\" : 9,\n \"endColumn\" : 38\n }\n },\n \"message\" : {\n \"text\" : \"href\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 3,\n \"startColumn\" : 17,\n \"endColumn\" : 21\n }\n },\n \"message\" : {\n \"text\" : \"href\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 3,\n \"startColumn\" : 17,\n \"endColumn\" : 59\n }\n },\n \"message\" : {\n \"text\" : \"href.su ... t=\\\")+8)\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 3,\n \"startColumn\" : 9,\n \"endColumn\" : 59\n }\n },\n \"message\" : {\n \"text\" : \"deflt\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 4,\n \"startColumn\" : 39,\n \"endColumn\" : 44\n }\n },\n \"message\" : {\n \"text\" : \"deflt\"\n }\n }\n }, {\n \"location\" : {\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 4,\n \"startColumn\" : 20,\n \"endColumn\" : 56\n }\n },\n \"message\" : {\n \"text\" : \"\\\"<OPTIO ... PTION>\\\"\"\n }\n }\n } ]\n } ]\n } ],\n \"relatedLocations\" : [ {\n \"id\" : 1,\n \"physicalLocation\" : {\n \"artifactLocation\" : {\n \"uri\" : \"examples/Xss2.js\",\n \"uriBaseId\" : \"%SRCROOT%\",\n \"index\" : 1\n },\n \"region\" : {\n \"startLine\" : 2,\n \"startColumn\" : 16,\n \"endColumn\" : 33\n }\n },\n \"message\" : {\n \"text\" : \"user-provided value\"\n }\n } ]\n } ],\n \"newlineSequences\" : [ \"\\r\\n\", \"\\n\", \"\u2028\", \"\u2029\" ],\n \"columnKind\" : \"utf16CodeUnits\",\n \"properties\" : {\n \"semmle.formatSpecifier\" : \"sarifv2.1.0\"\n }\n } ]\n}"; (0, index_1.postComment)({ postingURL: "https://github.com/azu/codeql-scan-example/issues/1", sarifContentOwner: "azu", sarifContentRepo: "codeql-scan-example", sarifContentBranch: "356bd49080c765cf1d81c97e20e9c045cad28352", sarifContent: content, token: process.env.GITHUB_TOKEN, dryRun: false }).then(function (res) { if (res.posted) { console.log(res === null || res === void 0 ? void 0 : res.commentUrl); } else { console.log(res === null || res === void 0 ? void 0 : res.reason); } }); //# sourceMappingURL=example.js.map