UNPKG

@security-alert/sarif-to-comment

Version:

post comment to GitHub issue/pull requests

github.com/security-alert/security-alert/tree/master/packages/sarif-to-comment/

security-alert/security-alert

116 lines 7.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __generator = (this && this.__generator) || function (thisArg, body) { var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while (g && (g = 0, op[0] && (_ = 0)), _) try { if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [op[0] & 2, t.value]; switch (op[0]) { case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [0]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } }; Object.defineProperty(exports, "__esModule", { value: true }); exports.postComment = void 0; var sarif_to_markdown_1 = require("@security-alert/sarif-to-markdown"); var issue_comment_1 = require("./issue-comment"); function postComment(options) { var _a, _b, _c; return __awaiter(this, void 0, void 0, function () { var dryRun, owner, repo, branch, issuePattern, matchObj, content, postingOwner, postingRepo, postingNumber, results, resultsHasMessage, shouldFail, body, url; return __generator(this, function (_d) { switch (_d.label) { case 0: dryRun = options.dryRun !== undefined ? options.dryRun : false; owner = options.sarifContentOwner; repo = options.sarifContentRepo; branch = options.sarifContentBranch; issuePattern = /^https:\/\/github.com\/(?<owner>[0-9a-zA-Z-_.]+)\/(?<repo>[0-9a-zA-Z-_.]+)\/(issues|pull)\/(?<issueNumber>[0-9]+)/; matchObj = issuePattern.exec(options.postingURL); content = JSON.parse(options.sarifContent); if (!matchObj || !matchObj.groups) { throw new Error("Should set security alert url.\n" + "\n" + "Example: https://github.com/owner/reponame/network/alert/package-lock.json/axios/open"); } if (((_b = (_a = content === null || content === void 0 ? void 0 : content.runs) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.results.length) === 0) { return [2 /*return*/, { posted: false, reason: "There are no results in this SARIF run 0, exiting without a comment !", shouldFail: false }]; } postingOwner = matchObj.groups.owner; postingRepo = matchObj.groups.repo; postingNumber = Number(matchObj.groups.issueNumber); results = (0, sarif_to_markdown_1.sarifToMarkdown)({ title: options.title, owner: owner, repo: repo, branch: branch, sourceRoot: (_c = options.sarifContentSourceRoot) !== null && _c !== void 0 ? _c : "", details: options.ruleDetails, suppressedResults: options.suppressedResults, simple: options.simple, severities: options.severity, failOn: options.failon })(JSON.parse(options.sarifContent)); resultsHasMessage = results.filter(function (result) { return result.hasMessages; }); shouldFail = results.some(function (result) { return result.shouldFail; }); body = resultsHasMessage .map(function (result) { return result.body; }) .join("\n\n"); if (!dryRun) return [3 /*break*/, 1]; if (resultsHasMessage.length === 0) { console.log("It will not post, because the markdown is empty"); } console.log("DryRun results:\nowner: ".concat(owner, "\nrepo: ").concat(repo, "\nissue: ").concat(options.postingURL, "\ntitle: ").concat(options.title, "\nbody: ").concat(body, "\n")); return [2 /*return*/, { posted: false, reason: "This is a dry run", shouldFail: shouldFail }]; case 1: if (resultsHasMessage.length === 0) { return [2 /*return*/, { posted: false, reason: "Markdown extracted from SARIF was empty", shouldFail: false }]; } return [4 /*yield*/, (0, issue_comment_1.issueComment)({ owner: postingOwner, repo: postingRepo, issue_number: postingNumber, body: body, token: options.token, ghActionAuthentication: options.ghActionAuthenticationMode })]; case 2: url = _d.sent(); return [2 /*return*/, { posted: true, commentUrl: url.html_url.toString(), shouldFail: shouldFail }]; } }); }); } exports.postComment = postComment; //# sourceMappingURL=index.js.map