From 4bed975c78f8b3e91e728ffb67e715b583b0cef5 Mon Sep 17 00:00:00 2001
From: Vincent Bachelier <vincent@ogury.co>
Date: Tue, 1 Nov 2022 09:27:51 +0100
Subject: [PATCH] parse

---
 .gitignore   |  1 +
 index.js     | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 package.json | 19 ++++++++++++++++
 3 files changed, 84 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 index.js
 create mode 100644 package.json

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3c3629e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/index.js b/index.js
new file mode 100755
index 0000000..19d185c
--- /dev/null
+++ b/index.js
@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+
+async function readAudit() {
+  const chunks = []
+  const stdin = process.stdin
+
+  stdin.resume()
+  stdin.setEncoding('utf-8')
+  stdin.on('data', (chunk) => {
+    chunks.push(chunk)
+  })
+
+  return new Promise((resolve, reject) => {
+    stdin.on('end', () => {
+      resolve(JSON.parse(chunks.join('')))
+    });
+    stdin.on('error', () => {
+      reject(Error('error during read'))
+    })
+    stdin.on('timeout', () => {
+      reject(Error('timout during read'))
+    })
+  })
+}
+
+
+const severities = {
+  info: 'INFO',
+  low: 'MINOR',
+  moderate: 'MINOR',
+  high: 'CRITICAL',
+  critical: 'BLOCKER',
+};
+
+
+async function main() {
+  const pnpmAudit = await readAudit()
+  const issues = []
+  for (const advice of Object.values(pnpmAudit.advisories || [])) {
+    issues.push({
+      "engineId": "pnpm-audit",
+      "ruleId": advice.id,
+      "severity": severities[advice.severity],
+      "type": "VULNERABILITY",
+      "efforMinutes": 0,
+      "primaryLocation": {
+        "message": `${advice.module_name} ${advice.vulnerable_versions}
+${advice.title || ''}
+
+Overview:
+${advice.overview || ''}
+
+References:
+${advice.references || ''}
+`,
+        "filePath": "pnpm-lock.yaml",
+      },
+      "secondaryLocations": []
+    })
+  }
+  console.log(JSON.stringify({ issues }, null, 2))
+}
+
+main()
\ No newline at end of file
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..68deb0a
--- /dev/null
+++ b/package.json
@@ -0,0 +1,19 @@
+{
+  "name": "pnpm-audit-sonar",
+  "version": "1.0.0",
+  "description": "Convert PNPM audit to Sonar compatible format",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://git.celogeek.com/celogeek/pnpm-audit-sonar.git"
+  },
+  "bin": {
+    "pnpm-audit-sonar": "index.js"
+  },
+  "author": "Celogeek",
+  "license": "ISC",
+  "dependencies": {}
+}
\ No newline at end of file