1.1.1

fix engine
1.1.0
2024-04-02 19:04:33 +02:00 · 2024-04-02 19:04:22 +02:00 · 2024-04-02 19:01:46 +02:00 · 2024-04-02 19:01:15 +02:00
2 changed files with 36 additions and 21 deletions
--- a/index.js
+++ b/index.js
@ -43,16 +43,17 @@ function yarnLockRange(yarnLock, moduleName, version) {
 const yarnLock = parseYarnLock();
 const severities = {
-  info: 'INFO',
+  info: 'LOW',
-  low: 'MINOR',
+  low: 'LOW',
-  moderate: 'MINOR',
+  moderate: 'MEDIUM',
-  high: 'CRITICAL',
+  high: 'MEDIUM',
-  critical: 'BLOCKER',
+  critical: 'HIGH',
 };
 const resolvedIds = new Set();
 const stats = {};
-let firstLine = true;
+const rules = []
 const issues = []
 function processRow(row) {
  if (!row) return;
@ -60,43 +61,57 @@ function processRow(row) {
  if (type !== 'auditAdvisory') return;
  const {advisory, resolution} = data;
  if (resolvedIds.has(resolution.id)) return;
  resolvedIds.add(resolution.id);
  const [mainVersion, ...otherVersions] = new Set(advisory.findings.map((f) => f.version));
  rules.push({
    id: resolution.id.toString(),
    name: advisory.github_advisory_id || advisory.npm_advisory_id || `rule_${resolution.id.toString()}`,
    description: `<h1>${advisory.module_name} ${advisory.vulnerable_versions}</h1>
 <h2>${advisory.title || ''}</h2>
-  if (!firstLine) {
+Overview:
-    process.stdout.write(',');
+<pre>
-  } else {
+${advisory.overview || ''}
-    firstLine = false;
+</pre>
-  }
+
-  process.stdout.write(JSON.stringify({
+References:
-    engineId: 'yarn-audit',
+<pre>
 ${advisory.references || ''}
 </pre>
 `,
    cleanCodeAttribute: "TRUSTWORTHY",
    engineId: "yarn-audit",
    impacts: [{
      softwareQuality: "SECURITY",
      severity: severities[advisory.severity],
    }]
  })
  issues.push({
    ruleId: resolution.id.toString(),
    severity: severities[advisory.severity] || 'INFO',
    type: 'VULNERABILITY',
    efforMinutes: 0,
    primaryLocation: {
-      'message': advisory.overview,
+      'message': advisory.title,
      'filePath': 'yarn.lock',
      'textRange': yarnLockRange(yarnLock, advisory.module_name, mainVersion),
    },
    secondaryLocations: otherVersions.map((version) => {
      return {
-        'message': advisory.overview,
+        'message': advisory.title,
        'filePath': 'yarn.lock',
        'textRange': yarnLockRange(yarnLock, advisory.module_name, version),
      };
    }),
-  }));
+  });
  stats[advisory.severity] = (stats[advisory.severity] || 0) + 1;
 }
 process.stdout.write('{"issues":[');
 process
  .stdin
  .pipe(split())
  .on('data', processRow)
  .on('end', () => {
-    process.stdout.write(']}\n');
+    console.log(JSON.stringify({rules, issues}))
    const out = [];
    let total = 0;
    for(const [k,v] of Object.entries(stats)) {
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "yarn-audit-sonar",
-  "version": "1.0.0",
+  "version": "1.1.1",
  "description": "Convert YARN audit to Sonar compatible format",
  "main": "index.js",
  "scripts": {
Author	SHA1	Message	Date
celogeek	090c63dcdf	1.1.1	2024-04-02 19:04:33 +02:00
celogeek	61f4224e16	fix engine	2024-04-02 19:04:22 +02:00
celogeek	9ea77de186	1.1.0	2024-04-02 19:01:46 +02:00
celogeek	a5c88c92c9	update format to use clean code	2024-04-02 19:01:15 +02:00