celogeek/yarn-audit-sonar
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: celogeek:main
Branches Tags
celogeek:main
celogeek:v1.1.1
celogeek:v1.1.0
celogeek:v1.0.0
..
compare: celogeek:v1.0.0
Branches Tags
celogeek:main
celogeek:v1.1.1
celogeek:v1.1.0
celogeek:v1.0.0

No commits in common. "main" and "v1.0.0" have entirely different histories.
main ... v1.0.0

2 changed files with 21 additions and 36 deletions
Show Stats Expand all files Collapse all files

55
index.js
View File

@ -43,17 +43,16 @@ function yarnLockRange(yarnLock, moduleName, version) {
const yarnLock = parseYarnLock(); const yarnLock = parseYarnLock();
const severities = { const severities = {
info: 'LOW', info: 'INFO',
low: 'LOW', low: 'MINOR',
moderate: 'MEDIUM', moderate: 'MINOR',
high: 'MEDIUM', high: 'CRITICAL',
critical: 'HIGH', critical: 'BLOCKER',
}; };
const resolvedIds = new Set(); const resolvedIds = new Set();
const stats = {}; const stats = {};
const rules = [] let firstLine = true;
const issues = []
function processRow(row) { function processRow(row) {
if (!row) return; if (!row) return;
@ -61,57 +60,43 @@ function processRow(row) {
if (type !== 'auditAdvisory') return; if (type !== 'auditAdvisory') return;
const {advisory, resolution} = data; const {advisory, resolution} = data;
if (resolvedIds.has(resolution.id)) return; if (resolvedIds.has(resolution.id)) return;
resolvedIds.add(resolution.id);
const [mainVersion, ...otherVersions] = new Set(advisory.findings.map((f) => f.version)); const [mainVersion, ...otherVersions] = new Set(advisory.findings.map((f) => f.version));
rules.push({
id: resolution.id.toString(),
name: advisory.github_advisory_id || advisory.npm_advisory_id || `rule_${resolution.id.toString()}`,
description: `<h1>${advisory.module_name} ${advisory.vulnerable_versions}</h1>
<h2>${advisory.title || ''}</h2>
Overview: if (!firstLine) {
<pre> process.stdout.write(',');
${advisory.overview || ''} } else {
</pre> firstLine = false;
}
References: process.stdout.write(JSON.stringify({
<pre> engineId: 'yarn-audit',
${advisory.references || ''}
</pre>
`,
cleanCodeAttribute: "TRUSTWORTHY",
engineId: "yarn-audit",
impacts: [{
softwareQuality: "SECURITY",
severity: severities[advisory.severity],
}]
})
issues.push({
ruleId: resolution.id.toString(), ruleId: resolution.id.toString(),
severity: severities[advisory.severity] || 'INFO',
type: 'VULNERABILITY',
efforMinutes: 0, efforMinutes: 0,
primaryLocation: { primaryLocation: {
'message': advisory.title, 'message': advisory.overview,
'filePath': 'yarn.lock', 'filePath': 'yarn.lock',
'textRange': yarnLockRange(yarnLock, advisory.module_name, mainVersion), 'textRange': yarnLockRange(yarnLock, advisory.module_name, mainVersion),
}, },
secondaryLocations: otherVersions.map((version) => { secondaryLocations: otherVersions.map((version) => {
return { return {
'message': advisory.title, 'message': advisory.overview,
'filePath': 'yarn.lock', 'filePath': 'yarn.lock',
'textRange': yarnLockRange(yarnLock, advisory.module_name, version), 'textRange': yarnLockRange(yarnLock, advisory.module_name, version),
}; };
}), }),
}); }));
stats[advisory.severity] = (stats[advisory.severity] || 0) + 1; stats[advisory.severity] = (stats[advisory.severity] || 0) + 1;
} }
process.stdout.write('{"issues":[');
process process
.stdin .stdin
.pipe(split()) .pipe(split())
.on('data', processRow) .on('data', processRow)
.on('end', () => { .on('end', () => {
console.log(JSON.stringify({rules, issues})) process.stdout.write(']}\n');
const out = []; const out = [];
let total = 0; let total = 0;
for(const [k,v] of Object.entries(stats)) { for(const [k,v] of Object.entries(stats)) {

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "yarn-audit-sonar", "name": "yarn-audit-sonar",
"version": "1.1.1", "version": "1.0.0",
"description": "Convert YARN audit to Sonar compatible format", "description": "Convert YARN audit to Sonar compatible format",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {