@security-alert/sarif-to-comment
Version:
post comment to GitHub issue/pull requests
215 lines • 12.5 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (g && (g = 0, op[0] && (_ = 0)), _) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.run = void 0;
var meow_1 = __importDefault(require("meow"));
var index_1 = require("./index");
var fs = __importStar(require("fs"));
var ALLOWED_SEVERITIES = ["warning", "error", "note", "none"];
var ALLOWED_SEVERITIES_FAILURE = ["warning", "error", "note", "none", "all"];
function run() {
var _this = this;
var cli = (0, meow_1.default)("\n Usage\n $ npx @security-alert/sarif-to-comment <sarif-file-path>\n \n Inputs\n <sarif-file-path> Path to sarif file path\n \n Options\n --dryRun Dry-Run when it is enabled\n --token GitHub Token, or support environment variables - GITHUB_TOKEN=xxx\n --action Authentication mode for the token, defaults to PAT, if set, switches to Github Action\n --ruleDetails Include rule details in the markdown, might be too big for Github's API, defaults to false\n --simple Simplify the output to only give findings grouped by rule, adds helpURI if present\n --severity Filter output issues by their severity level, warning, error, note, none, set flag for each level \n --failon Throw an exit error code 1 if an issue with that level was detected, warning, error, note, none, or all, set flag for each, NOT affected by severity filtering\n --title Specify a comment title for the report, optional\n --no-suppressedResults Don't include suppressed results, that are in SARIF suppressions\n --commentUrl Post to comment URL. e.g. https://github.com/owner/repo/issues/85\n --sarifContentOwner GitHub Owner name of sarif content result. e.g. \"owner\"\n --sarifContentRepo GitHub Repository name of sarif content result. e.g. \"repo\"\n --sarifContentBranch GitHub Repository branch name of sarif content result. e.g. \"master\"\n --sarifContentSourceRoot Base path to sarif scanned source. You can set CodeQL's sourceLocationPrefix as relative value if necessary\n \n Examples\n # DryRun and preview it!\n $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl \"https://github.com/owner/repo/issues/1\" --sarifContentOwner \"owner\" --sarifContentRepo \"repo\" --sarifContentBranch \"master\" \"./codeql_result.sarif\"\n # Post It\n $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl \"https://github.com/owner/repo/issues/1\" --sarifContentOwner \"owner\" --sarifContentRepo \"repo\" --sarifContentBranch \"master\" \"./codeql_result.sarif\"\n # Set base path\n $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl \"https://github.com/owner/another/issues/1\" --sarifContentOwner \"owner\" --sarifContentRepo \"repo\" --sarifContentBranch \"develop\" --sarifContentSourceRoot \"./basepath\" \"./codeql_result.sarif\"\n # use HEAD sha for link\n $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-comment --commentUrl \"https://github.com/owner/another/issues/1\" --sarifContentOwner \"owner\" --sarifContentRepo \"repo\" ---sarifContentBranch `git rev-parse HEAD` \"./codeql_result.sarif\"\n\n", {
flags: {
action: {
type: "boolean",
default: false
},
ruleDetails: {
type: "boolean",
default: false
},
simple: {
type: "boolean",
default: false
},
severity: {
type: "string",
isMultiple: true
},
failon: {
type: "string",
isMultiple: true
},
title: {
type: "string"
},
dryRun: {
type: "boolean"
},
suppressedResults: {
type: "boolean",
default: true
},
token: {
type: "string"
},
commentUrl: {
type: "string",
isRequired: true
},
sarifContentOwner: {
type: "string",
isRequired: true
},
sarifContentRepo: {
type: "string",
isRequired: true
},
sarifContentBranch: {
type: "string",
isRequired: true
},
sarifContentSourceRoot: {
type: "string"
}
},
autoHelp: true,
autoVersion: true
});
var token = process.env.GITHUB_TOKEN || cli.flags.token;
if (!token) {
cli.showHelp(1);
return;
}
if (cli.flags.severity) {
var unknownSeverities = cli.flags.severity.filter(function (s) {
return !ALLOWED_SEVERITIES.includes(s);
});
if (unknownSeverities.length > 0) {
console.log("unrecognized severity defined: ".concat(unknownSeverities.join(","), "\n Allowed values are: ").concat(ALLOWED_SEVERITIES.join(",")));
cli.showHelp(1);
}
}
if (cli.flags.failon) {
var unknownSeverities = cli.flags.failon.filter(function (s) {
return !ALLOWED_SEVERITIES_FAILURE.includes(s);
});
if (unknownSeverities.length > 0) {
console.log("unrecognized severity defined: ".concat(unknownSeverities.join(","), "\n Allowed values are: ").concat(ALLOWED_SEVERITIES_FAILURE.join(",")));
cli.showHelp(1);
}
}
var promises = cli.input.map(function (sarifFilePath) { return __awaiter(_this, void 0, void 0, function () {
var content;
var _a, _b;
return __generator(this, function (_c) {
switch (_c.label) {
case 0:
content = fs.readFileSync(sarifFilePath, "utf-8");
return [4 /*yield*/, (0, index_1.postComment)({
token: token,
dryRun: cli.flags.dryRun,
postingURL: cli.flags.commentUrl,
sarifContent: content,
sarifContentOwner: cli.flags.sarifContentOwner,
sarifContentBranch: cli.flags.sarifContentBranch,
sarifContentRepo: cli.flags.sarifContentRepo,
sarifContentSourceRoot: cli.flags.sarifContentSourceRoot,
ghActionAuthenticationMode: cli.flags.action,
ruleDetails: cli.flags.ruleDetails,
simple: cli.flags.simple,
severity: ((_a = cli.flags.severity) === null || _a === void 0 ? void 0 : _a.length) != 0 ? cli.flags.severity : ALLOWED_SEVERITIES,
failon: ((_b = cli.flags.failon) === null || _b === void 0 ? void 0 : _b.length) != 0 ? cli.flags.failon : false,
suppressedResults: cli.flags.suppressedResults,
title: cli.flags.title
}).then(function (result) {
if (!result) {
return "";
}
return result;
})];
case 1: return [2 /*return*/, _c.sent()];
}
});
}); });
return Promise.all(promises).then(function (commentsResults) {
var postedURLS = commentsResults
.filter(function (c) { return c.posted === true; })
.map(function (c) {
if (c.posted)
return c.commentUrl;
});
var emptyURLReasons = commentsResults
.filter(function (c) { return c.posted === false; })
.map(function (c) {
if (c.posted === false)
return c.reason;
});
if (emptyURLReasons.length > 0) {
console.log("Some comments were not posted, reasons will be included");
}
var shouldFailResults = commentsResults.some(function (result) { return result.shouldFail; });
if (shouldFailResults) {
var errorMessage = postedURLS.concat(emptyURLReasons).join("\n") +
"\nFailing ! An issue with severity " +
cli.flags.failon +
" was found.";
throw new Error(errorMessage);
}
return postedURLS.concat(emptyURLReasons).join("\n");
});
}
exports.run = run;
//# sourceMappingURL=cli.js.map