@security-alert/sarif-to-issue
Version:
Create an issue from SARIF file
96 lines • 4.97 kB
JavaScript
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.run = void 0;
var meow_1 = __importDefault(require("meow"));
var index_1 = require("./index");
var fs_1 = __importDefault(require("fs"));
function run() {
var cli = (0, meow_1.default)("\n Usage\n $ npx @security-alert/sarif-to-issue <sarif-file-path>\n \n Inputs\n <sarif-file-path> Path to sarif file path\n \n Options\n --dryRun Dry-Run when it is enabled\n --token [Required] GitHub Token, or support environment variables - GITHUB_TOKEN=xxx\n --owner [Required] Github repository owner for creating issue. e.g.) \"azu\"\n --repo [Required] Github repository name for creating issue. e.g.) \"security-alert\"\n --title [Required] GitHub issue title. e.g.) \"Security Notice\"\n --assignees Assignee user name of the issue. names are separated by ,(comma)\n --labels Label names of the issue. labels are separated by ,(comma) \n --sarifContentOwner [Required] GitHub Owner name of sarif content result. e.g. \"owner\"\n --sarifContentRepo [Required] GitHub Repository name of sarif content result. e.g. \"repo\"\n --sarifContentBranch [Required] GitHub Repository branch name of sarif content result. e.g. \"master\"\n --sarifContentSourceRoot Base path to sarif scanned source. You can set CodeQL's sourceLocationPrefix as relative value if necessary\n \n Examples\n # Create an issue to azu/codeql-scan-example from \"./test/fixtures/xss.sarif\" file\n $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-issue --title \"Example Issue\" --owner azu --repo codeql-scan-example --sarifContentOwner azu --sarifContentRepo codeql-scan-example --sarifContentBranch master ./test/fixtures/xss.sarif\n # Create an issue to azu/example-repo with \"security\" labels\n $ GITHUB_TOKEN=xxx npx @security-alert/sarif-to-issue output.sarif --title \"Example Issue\" --owner azu --repo codeql-scan-example --sarifContentOwner azu --sarifContentRepo codeql-scan-example --sarifContentBranch master ./test/fixtures/xss.sarif --labels \"security\" \n\n", {
flags: {
dryRun: {
type: "boolean"
},
token: {
type: "string"
},
title: {
type: "string",
isRequired: true
},
owner: {
type: "string",
isRequired: true
},
repo: {
type: "string",
isRequired: true
},
assignees: {
type: "string"
},
labels: {
type: "string"
},
sarifContentOwner: {
type: "string",
isRequired: true
},
sarifContentRepo: {
type: "string",
isRequired: true
},
sarifContentBranch: {
type: "string",
isRequired: true
},
sarifContentSourceRoot: {
type: "string"
}
},
autoHelp: true,
autoVersion: true
});
var token = process.env.GITHUB_TOKEN || cli.flags.token;
if (!token) {
cli.showHelp(1);
return;
}
var arrayOption = function (flags) {
if (!flags) {
return [];
}
return flags.split(",").map(function (flag) { return flag.trim(); });
};
var promises = cli.input.map(function (sarifFilePath) {
var content = fs_1.default.readFileSync(sarifFilePath, "utf-8");
return (0, index_1.createIssueFromSarif)({
token: token,
dryRun: cli.flags.dryRun,
issue: {
title: cli.flags.title,
owner: cli.flags.owner,
repo: cli.flags.repo,
labels: arrayOption(cli.flags.labels),
assignees: arrayOption(cli.flags.assignees)
},
sarifContent: content,
sarifContentOwner: cli.flags.sarifContentOwner,
sarifContentBranch: cli.flags.sarifContentBranch,
sarifContentRepo: cli.flags.sarifContentRepo,
sarifContentSourceRoot: cli.flags.sarifContentSourceRoot
}).then(function (result) {
if (!result) {
return "";
}
return result.html_url;
});
});
return Promise.all(promises).then(function (issuesURL) {
return issuesURL.join("\n");
});
}
exports.run = run;
//# sourceMappingURL=cli.js.map