npm - @fabasoad/sarif-to-slack - Versions diffs - 0.1.1 → 0.2.1 - Mend

@fabasoad/sarif-to-slack 0.1.1 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/.github/ISSUE_TEMPLATE/bug_report.md +1 -1
package/.github/pull_request_template.md +3 -3
package/.github/workflows/linting.yml +14 -0
package/.github/workflows/release.yml +5 -1
package/.github/workflows/send-sarif-to-slack.yml +214 -0
package/.github/workflows/unit-tests.yml +1 -0
package/.pre-commit-config.yaml +3 -3
package/.tool-versions +1 -1
package/CONTRIBUTING.md +1 -1
package/Makefile +10 -3
package/README.md +36 -5
package/biome.json +15 -12
package/dist/Logger.js +17 -6
package/dist/Processors.js +23 -22
package/dist/SarifToSlackService.d.ts.map +1 -1
package/dist/SarifToSlackService.js +6 -7
package/dist/SlackMessageBuilder.js +51 -55
package/dist/index.d.ts +9 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +10 -5
package/dist/model/SarifModelPerRun.d.ts +17 -0
package/dist/model/SarifModelPerRun.d.ts.map +1 -0
package/dist/model/SarifModelPerRun.js +84 -0
package/dist/model/SarifModelPerSarif.d.ts +20 -0
package/dist/model/SarifModelPerSarif.d.ts.map +1 -0
package/dist/model/SarifModelPerSarif.js +97 -0
package/dist/model/types.d.ts +17 -0
package/dist/model/types.d.ts.map +1 -0
package/dist/model/types.js +31 -0
package/dist/sarif-to-slack.d.ts +121 -18
package/dist/tsdoc-metadata.json +1 -1
package/dist/types.d.ts +107 -15
package/dist/types.d.ts.map +1 -1
package/dist/types.js +73 -7
package/dist/utils/SarifUtils.d.ts +5 -0
package/dist/utils/SarifUtils.d.ts.map +1 -0
package/dist/utils/SarifUtils.js +32 -0
package/dist/utils/SortUtils.d.ts +5 -0
package/dist/utils/SortUtils.d.ts.map +1 -0
package/dist/utils/SortUtils.js +8 -0
package/dist/version.d.ts +2 -0
package/dist/version.d.ts.map +1 -0
package/dist/version.js +4 -0
package/etc/sarif-to-slack.api.md +47 -9
package/jest.config.json +4 -4
package/package.json +14 -10
package/scripts/save-version.sh +6 -0
package/src/Logger.ts +22 -17
package/src/Processors.ts +22 -22
package/src/SarifToSlackService.ts +6 -7
package/src/SlackMessageBuilder.ts +85 -68
package/src/index.ts +17 -6
package/src/model/SarifModelPerRun.ts +114 -0
package/src/model/SarifModelPerSarif.ts +116 -0
package/src/model/types.ts +31 -0
package/src/types.ts +113 -15
package/src/utils/SarifUtils.ts +44 -0
package/src/utils/SortUtils.ts +21 -0
package/src/version.ts +3 -0
package/test-data/sarif/codeql-csharp.sarif +1 -0
package/test-data/sarif/codeql-go.sarif +1 -0
package/test-data/sarif/codeql-python.sarif +1 -0
package/test-data/sarif/codeql-ruby.sarif +1 -0
package/test-data/sarif/codeql-typescript.sarif +1 -0
package/test-data/sarif/grype-container.sarif +1774 -0
package/test-data/sarif/runs-1-tools-1-results-0.sarif +18 -0
package/test-data/sarif/runs-2-tools-1-results-0.sarif +30 -0
package/test-data/sarif/runs-2-tools-1.sarif +656 -0
package/test-data/sarif/runs-2-tools-2-results-0.sarif +44 -0
package/test-data/sarif/runs-2-tools-2.sarif +686 -0
package/test-data/sarif/runs-3-tools-2-results-0.sarif +48 -0
package/test-data/sarif/runs-3-tools-2.sarif +278 -0
package/test-data/sarif/snyk-composer.sarif +934 -0
package/test-data/sarif/snyk-container.sarif +313 -0
package/test-data/sarif/snyk-gomodules.sarif +388 -0
package/test-data/sarif/snyk-gradle.sarif +274 -0
package/test-data/sarif/snyk-hex.sarif +66 -0
package/test-data/sarif/snyk-maven.sarif +274 -0
package/test-data/sarif/snyk-npm.sarif +896 -0
package/test-data/sarif/snyk-nuget.sarif +90 -0
package/test-data/sarif/snyk-pip.sarif +66 -0
package/test-data/sarif/snyk-pnpm.sarif +90 -0
package/test-data/sarif/snyk-poetry.sarif +1952 -0
package/test-data/sarif/snyk-rubygems.sarif +440 -0
package/test-data/sarif/snyk-sbt.sarif +178 -0
package/test-data/sarif/snyk-swift.sarif +112 -0
package/test-data/sarif/snyk-yarn.sarif +2900 -0
package/test-data/sarif/trivy-iac.sarif +134 -0
package/test-data/sarif/wiz-container.sarif +30916 -0
package/test-data/sarif/wiz-iac.sarif +558 -0
package/tests/Processors.spec.ts +3 -3
package/tests/integration/SendSarifToSlack.spec.ts +56 -0
package/tsconfig.json +14 -14
package/dist/Logger.js.map +0 -1
package/dist/Processors.js.map +0 -1
package/dist/SarifToSlackService.js.map +0 -1
package/dist/SlackMessageBuilder.js.map +0 -1
package/dist/index.js.map +0 -1
package/dist/types.js.map +0 -1

package/test-data/sarif/snyk-swift.sarif ADDED Viewed

@@ -0,0 +1,112 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Snyk Open Source",
+          "properties": {
+            "artifactsScanned": 21
+          },
+          "rules": [
+            {
+              "id": "SNYK-SWIFT-VAPORVAPOR-5950373",
+              "shortDescription": {
+                "text": "Medium severity - Improper Handling of Exceptional Conditions vulnerability in github.com/vapor/vapor"
+              },
+              "fullDescription": {
+                "text": "(CVE-2023-44386) github.com/vapor/vapor@4.83.2"
+              },
+              "help": {
+                "text": "",
+                "markdown": "* Package Manager: swift\n* Vulnerable module: github.com/vapor/vapor\n* Introduced through: MyProject@unspecified and github.com/vapor/vapor@4.83.2\n### Detailed paths\n* _Introduced through_: MyProject@unspecified › github.com/vapor/vapor@4.83.2\n# Overview\n[vapor/vapor](https://github.com/vapor/vapor) is an a server-side Swift HTTP web framework.\n\nAffected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to the incorrect handling of `HTTP 1.x` request parsing errors, an attacker can trigger a precondition failure in `swift-nio` by misusing the API, causing an immediate termination of the server process.\n# Remediation\nUpgrade `vapor/vapor` to version 4.84.2 or higher.\n# References\n- [GitHub Commit](https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3)\n- [GitHub Release](https://github.com/vapor/vapor/releases/tag/4.84.2)\n"
+              },
+              "properties": {
+                "tags": [
+                  "security",
+                  "CWE-231",
+                  "swift"
+                ],
+                "cvssv3_baseScore": 5.3,
+                "security-severity": "5.3"
+              }
+            },
+            {
+              "id": "SNYK-SWIFT-VAPORVAPOR-6143589",
+              "shortDescription": {
+                "text": "Medium severity - Integer Overflow or Wraparound vulnerability in github.com/vapor/vapor"
+              },
+              "fullDescription": {
+                "text": "(CVE-2024-21631) github.com/vapor/vapor@4.83.2"
+              },
+              "help": {
+                "text": "",
+                "markdown": "* Package Manager: swift\n* Vulnerable module: github.com/vapor/vapor\n* Introduced through: MyProject@unspecified and github.com/vapor/vapor@4.83.2\n### Detailed paths\n* _Introduced through_: MyProject@unspecified › github.com/vapor/vapor@4.83.2\n# Overview\n[vapor/vapor](https://github.com/vapor/vapor) is an a server-side Swift HTTP web framework.\n\nAffected versions of this package are vulnerable to Integer Overflow or Wraparound in the `vapor_urlparser_parse` function. An attacker can spoof the host by padding the port number with zeros, causing an integer overflow when the URL authority is parsed.\n# Remediation\nUpgrade `vapor/vapor` to version 4.90.0 or higher.\n# References\n- [GitHub Commit](https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70)\n"
+              },
+              "properties": {
+                "tags": [
+                  "security",
+                  "CWE-1104",
+                  "swift"
+                ],
+                "cvssv3_baseScore": 6.5,
+                "security-severity": "6.5"
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "SNYK-SWIFT-VAPORVAPOR-5950373",
+          "level": "warning",
+          "message": {
+            "text": "This file introduces a vulnerable github.com/vapor/vapor package with a medium severity vulnerability."
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "./Package.swift"
+                },
+                "region": {
+                  "startLine": 1
+                }
+              },
+              "logicalLocations": [
+                {
+                  "fullyQualifiedName": "github.com/vapor/vapor@4.83.2"
+                }
+              ]
+            }
+          ]
+        },
+        {
+          "ruleId": "SNYK-SWIFT-VAPORVAPOR-6143589",
+          "level": "warning",
+          "message": {
+            "text": "This file introduces a vulnerable github.com/vapor/vapor package with a medium severity vulnerability."
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "./Package.swift"
+                },
+                "region": {
+                  "startLine": 1
+                }
+              },
+              "logicalLocations": [
+                {
+                  "fullyQualifiedName": "github.com/vapor/vapor@4.83.2"
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}