supamend/dist/reporters/json.js

Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
    var ownKeys = function(o) {
        ownKeys = Object.getOwnPropertyNames || function (o) {
            var ar = [];
            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
            return ar;
        };
        return ownKeys(o);
    };
    return function (mod) {
        if (mod && mod.__esModule) return mod;
        var result = {};
        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
        __setModuleDefault(result, mod);
        return result;
    };
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.JsonReporter = void 0;
const fs = __importStar(require("fs-extra"));
const path = __importStar(require("path"));
const errors_1 = require("../core/errors");
class JsonReporter {
    constructor() {
        this.name = 'json';
        this.description = 'Output scan results to JSON file';
        this.version = '1.0.0';
    }
    async init(config) {
        // No initialization needed for file output
    }
    async report(results, options) {
        const outputPath = options?.output || 'supamend-results.json';
        // Validate output path to prevent path traversal
        if (outputPath.includes('..')) {
            throw new Error('Invalid output path');
        }
        try {
            // Ensure output directory exists
            const outputDir = path.dirname(outputPath);
            if (outputDir !== '.') {
                await fs.ensureDir(outputDir);
            }
            const summary = this.generateSummary(results);
            const uniqueFiles = [...new Set(results.map(r => r.file).filter(Boolean))];
            const report = {
                metadata: {
                    timestamp: new Date().toISOString(),
                    scanId: `scan-${Date.now()}`,
                    version: this.version,
                    repository: options?.repo || 'unknown'
                },
                summary: {
                    totalIssues: results.length,
                    filesAffected: uniqueFiles.length,
                    ...summary
                },
                issues: results.map(result => ({
                    ...result,
                    timestamp: result.timestamp?.toISOString() || new Date().toISOString()
                })),
                files: uniqueFiles.map(file => ({
                    path: file,
                    issueCount: results.filter(r => r.file === file).length,
                    severities: results
                        .filter(r => r.file === file)
                        .reduce((acc, r) => {
                        acc[r.severity] = (acc[r.severity] || 0) + 1;
                        return acc;
                    }, {})
                }))
            };
            // Write with timeout
            const writePromise = fs.writeFile(outputPath, JSON.stringify(report, null, 2), 'utf8');
            const timeoutPromise = new Promise((_, reject) => {
                setTimeout(() => reject(new Error('Write operation timed out')), 30000); // 30 seconds
            });
            await Promise.race([writePromise, timeoutPromise]);
            console.log(`Results written to ${outputPath}`);
        }
        catch (error) {
            const reporterError = error instanceof Error ? error : new Error(String(error));
            throw new errors_1.ReporterError(`Failed to write JSON report: ${reporterError.message}`, this.name, {
                recoverable: true,
                retryable: this.isRetryableError(reporterError),
                cause: reporterError,
                context: { operation: 'report', file: outputPath }
            });
        }
    }
    async isAvailable() {
        return true; // Always available
    }
    generateSummary(results) {
        // Single pass optimization
        const summary = results.reduce((acc, result) => {
            acc.severity[result.severity] = (acc.severity[result.severity] || 0) + 1;
            acc.scanners[result.scanner] = (acc.scanners[result.scanner] || 0) + 1;
            acc.types[result.type] = (acc.types[result.type] || 0) + 1;
            return acc;
        }, {
            severity: {},
            scanners: {},
            types: {}
        });
        return summary;
    }
    /**
     * Check if an error is retryable
     */
    isRetryableError(error) {
        const retryablePatterns = [
            'timeout',
            'network',
            'connection',
            'temporary',
            'resource temporarily unavailable',
            'disk full',
            'no space left'
        ];
        return retryablePatterns.some(pattern => error.message.toLowerCase().includes(pattern));
    }
}
exports.JsonReporter = JsonReporter;
exports.default = new JsonReporter();
//# sourceMappingURL=json.js.map