@fabasoad/sarif-to-slack 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/release.yml +3 -1
- package/.github/workflows/send-sarif-to-slack.yml +214 -0
- package/.pre-commit-config.yaml +3 -3
- package/.tool-versions +1 -1
- package/Makefile +9 -2
- package/README.md +1 -1
- package/dist/Logger.js +15 -6
- package/dist/Processors.js +2 -32
- package/dist/SarifToSlackService.d.ts.map +1 -1
- package/dist/SarifToSlackService.js +13 -6
- package/dist/SlackMessageBuilder.js +46 -52
- package/dist/index.d.ts +7 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +7 -3
- package/dist/model/SarifModelPerRun.d.ts +2 -0
- package/dist/model/SarifModelPerRun.d.ts.map +1 -0
- package/dist/model/SarifModelPerRun.js +90 -0
- package/dist/model/SarifModelPerSarif.d.ts +2 -0
- package/dist/model/SarifModelPerSarif.d.ts.map +1 -0
- package/dist/model/SarifModelPerSarif.js +102 -0
- package/dist/model/types.d.ts +2 -0
- package/dist/model/types.d.ts.map +1 -0
- package/dist/model/types.js +49 -0
- package/dist/sarif-to-slack.d.ts +96 -12
- package/dist/tsdoc-metadata.json +1 -1
- package/dist/types.d.ts +87 -11
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +66 -9
- package/dist/utils/SarifUtils.d.ts +2 -0
- package/dist/utils/SarifUtils.d.ts.map +1 -0
- package/dist/utils/SarifUtils.js +46 -0
- package/dist/utils/SortUtils.d.ts +2 -0
- package/dist/utils/SortUtils.d.ts.map +1 -0
- package/dist/utils/SortUtils.js +20 -0
- package/dist/version.d.ts +1 -1
- package/dist/version.d.ts.map +1 -1
- package/dist/version.js +11 -4
- package/etc/sarif-to-slack.api.md +32 -7
- package/jest.config.json +4 -4
- package/package.json +9 -7
- package/scripts/save-version.sh +9 -2
- package/src/Logger.ts +20 -17
- package/src/Processors.ts +1 -33
- package/src/SarifToSlackService.ts +13 -6
- package/src/SlackMessageBuilder.ts +78 -63
- package/src/index.ts +16 -6
- package/src/model/SarifModelPerRun.ts +120 -0
- package/src/model/SarifModelPerSarif.ts +126 -0
- package/src/model/types.ts +50 -0
- package/src/types.ts +91 -11
- package/src/utils/SarifUtils.ts +62 -0
- package/src/utils/SortUtils.ts +33 -0
- package/src/version.ts +10 -3
- package/test-data/sarif/codeql-csharp.sarif +1 -0
- package/test-data/sarif/codeql-go.sarif +1 -0
- package/test-data/sarif/codeql-python.sarif +1 -0
- package/test-data/sarif/codeql-ruby.sarif +1 -0
- package/test-data/sarif/codeql-typescript.sarif +1 -0
- package/test-data/sarif/grype-container.sarif +1774 -0
- package/test-data/sarif/runs-1-tools-1-results-0.sarif +18 -0
- package/test-data/sarif/runs-2-tools-1-results-0.sarif +30 -0
- package/test-data/sarif/runs-2-tools-1.sarif +656 -0
- package/test-data/sarif/runs-2-tools-2-results-0.sarif +44 -0
- package/test-data/sarif/runs-2-tools-2.sarif +686 -0
- package/test-data/sarif/runs-3-tools-2-results-0.sarif +48 -0
- package/test-data/sarif/runs-3-tools-2.sarif +278 -0
- package/test-data/sarif/snyk-composer.sarif +934 -0
- package/test-data/sarif/snyk-container.sarif +313 -0
- package/test-data/sarif/snyk-gomodules.sarif +388 -0
- package/test-data/sarif/snyk-gradle.sarif +274 -0
- package/test-data/sarif/snyk-hex.sarif +66 -0
- package/test-data/sarif/snyk-maven.sarif +274 -0
- package/test-data/sarif/snyk-npm.sarif +896 -0
- package/test-data/sarif/snyk-nuget.sarif +90 -0
- package/test-data/sarif/snyk-pip.sarif +66 -0
- package/test-data/sarif/snyk-pnpm.sarif +90 -0
- package/test-data/sarif/snyk-poetry.sarif +1952 -0
- package/test-data/sarif/snyk-rubygems.sarif +440 -0
- package/test-data/sarif/snyk-sbt.sarif +178 -0
- package/test-data/sarif/snyk-swift.sarif +112 -0
- package/test-data/sarif/snyk-yarn.sarif +2900 -0
- package/test-data/sarif/trivy-iac.sarif +134 -0
- package/test-data/sarif/wiz-container.sarif +30916 -0
- package/test-data/sarif/wiz-iac.sarif +558 -0
- package/tests/Processors.spec.ts +3 -42
- package/tests/integration/SendSarifToSlack.spec.ts +80 -0
package/dist/index.js
CHANGED
|
@@ -13,7 +13,11 @@
|
|
|
13
13
|
* const service = await SarifToSlackService.create({
|
|
14
14
|
* webhookUrl: 'https://hooks.slack.com/services/your/webhook/url',
|
|
15
15
|
* sarifPath: 'path/to/your/sarif/file.sarif',
|
|
16
|
-
*
|
|
16
|
+
* log: {
|
|
17
|
+
* level: LogLevel.Info,
|
|
18
|
+
* template: '[{{logLevelName}}] [{{name}}] {{dateIsoStr}} ',
|
|
19
|
+
* colored: false,
|
|
20
|
+
* },
|
|
17
21
|
* username: 'SARIF Bot',
|
|
18
22
|
* iconUrl: 'https://example.com/icon.png',
|
|
19
23
|
* color: '#36a64f',
|
|
@@ -42,5 +46,5 @@
|
|
|
42
46
|
* @packageDocumentation
|
|
43
47
|
*/
|
|
44
48
|
export { SarifToSlackService } from './SarifToSlackService';
|
|
45
|
-
export { FooterType,
|
|
46
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
49
|
+
export { CalculateResultsBy, FooterType, GroupResultsBy, LogLevel } from './types';
|
|
50
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsMEZBQTBGO0FBRTFGOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0E2Q0c7QUFDSCxPQUFPLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQTtBQUMzRCxPQUFPLEVBQ0wsa0JBQWtCLEVBQ2xCLFVBQVUsRUFDVixjQUFjLEVBQ2QsUUFBUSxFQUVULE1BQU0sU0FBUyxDQUFBIn0=
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SarifModelPerRun.d.ts","sourceRoot":"","sources":["../../src/model/SarifModelPerRun.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
import { tryGetRulePropertyByResult } from '../utils/SarifUtils';
|
|
2
|
+
import { SecurityLevel, SecuritySeverity } from './types';
|
|
3
|
+
import Logger from '../Logger';
|
|
4
|
+
import { Map as ImmutableMap } from 'immutable';
|
|
5
|
+
import { sortSecurityLevelMap, sortSecuritySeverityMap } from '../utils/SortUtils';
|
|
6
|
+
/**
|
|
7
|
+
* This class keeps information about results per run. It has 2 hash maps:
|
|
8
|
+
* - severity to number: the amount of results for each severity
|
|
9
|
+
* - level to number: the amount of results for each level
|
|
10
|
+
* @internal
|
|
11
|
+
*/
|
|
12
|
+
export class SarifModelPerRun {
|
|
13
|
+
toolName;
|
|
14
|
+
_securitySeverityMap;
|
|
15
|
+
_securityLevelMap;
|
|
16
|
+
constructor(run) {
|
|
17
|
+
this.toolName = run.tool.driver.name;
|
|
18
|
+
this._securitySeverityMap = ImmutableMap().asMutable();
|
|
19
|
+
this._securityLevelMap = ImmutableMap().asMutable();
|
|
20
|
+
this.buildSecuritySeverityMap(run);
|
|
21
|
+
this.buildSecurityLevelMap(run);
|
|
22
|
+
}
|
|
23
|
+
identifySecuritySeverity(score) {
|
|
24
|
+
if (score === undefined) {
|
|
25
|
+
return SecuritySeverity.Unknown;
|
|
26
|
+
}
|
|
27
|
+
if (score >= 9 && score <= 10) {
|
|
28
|
+
return SecuritySeverity.Critical;
|
|
29
|
+
}
|
|
30
|
+
if (score >= 7) {
|
|
31
|
+
return SecuritySeverity.High;
|
|
32
|
+
}
|
|
33
|
+
if (score >= 4) {
|
|
34
|
+
return SecuritySeverity.Medium;
|
|
35
|
+
}
|
|
36
|
+
if (score >= 0.1) {
|
|
37
|
+
return SecuritySeverity.Low;
|
|
38
|
+
}
|
|
39
|
+
if (score == 0) {
|
|
40
|
+
return SecuritySeverity.None;
|
|
41
|
+
}
|
|
42
|
+
Logger.warn(`Unsupported "${score}" security severity. Saving as "Unknown".`);
|
|
43
|
+
return SecuritySeverity.Unknown;
|
|
44
|
+
}
|
|
45
|
+
identifySecurityLevel(level) {
|
|
46
|
+
if (level === undefined) {
|
|
47
|
+
return SecurityLevel.Unknown;
|
|
48
|
+
}
|
|
49
|
+
if (level.toLowerCase() === 'error') {
|
|
50
|
+
return SecurityLevel.Error;
|
|
51
|
+
}
|
|
52
|
+
if (level.toLowerCase() === 'warning') {
|
|
53
|
+
return SecurityLevel.Warning;
|
|
54
|
+
}
|
|
55
|
+
if (level.toLowerCase() === 'note') {
|
|
56
|
+
return SecurityLevel.Note;
|
|
57
|
+
}
|
|
58
|
+
Logger.warn(`Unsupported ${level} security level. Saving as "Unknown".`);
|
|
59
|
+
return SecurityLevel.Unknown;
|
|
60
|
+
}
|
|
61
|
+
buildSecuritySeverityMap(run) {
|
|
62
|
+
const results = run.results ?? [];
|
|
63
|
+
for (const result of results) {
|
|
64
|
+
const severity = this.identifySecuritySeverity(tryGetRulePropertyByResult(run, result, 'security-severity'));
|
|
65
|
+
const count = this._securitySeverityMap.get(severity) || 0;
|
|
66
|
+
this._securitySeverityMap.set(severity, count + 1);
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
tryGetSecurityLevel(run, result) {
|
|
70
|
+
if (result.level) {
|
|
71
|
+
return result.level;
|
|
72
|
+
}
|
|
73
|
+
return tryGetRulePropertyByResult(run, result, 'problem.severity');
|
|
74
|
+
}
|
|
75
|
+
buildSecurityLevelMap(run) {
|
|
76
|
+
const results = run.results ?? [];
|
|
77
|
+
for (const result of results) {
|
|
78
|
+
const level = this.identifySecurityLevel(this.tryGetSecurityLevel(run, result));
|
|
79
|
+
const count = this._securityLevelMap.get(level) || 0;
|
|
80
|
+
this._securityLevelMap.set(level, count + 1);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
get securitySeverityMap() {
|
|
84
|
+
return sortSecuritySeverityMap(this._securitySeverityMap);
|
|
85
|
+
}
|
|
86
|
+
get securityLevelMap() {
|
|
87
|
+
return sortSecurityLevelMap(this._securityLevelMap);
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2FyaWZNb2RlbFBlclJ1bi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tb2RlbC9TYXJpZk1vZGVsUGVyUnVuLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSwwQkFBMEIsRUFBRSxNQUFNLHFCQUFxQixDQUFBO0FBQ2hFLE9BQU8sRUFBRSxhQUFhLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxTQUFTLENBQUE7QUFDekQsT0FBTyxNQUFNLE1BQU0sV0FBVyxDQUFBO0FBQzlCLE9BQU8sRUFBRSxHQUFHLElBQUksWUFBWSxFQUFFLE1BQU0sV0FBVyxDQUFBO0FBQy9DLE9BQU8sRUFDTCxvQkFBb0IsRUFDcEIsdUJBQXVCLEVBQ3hCLE1BQU0sb0JBQW9CLENBQUM7QUFFNUI7Ozs7O0dBS0c7QUFDSCxNQUFNLE9BQU8sZ0JBQWdCO0lBQ1gsUUFBUSxDQUFRO0lBRWYsb0JBQW9CLENBQXdDO0lBQzVELGlCQUFpQixDQUFxQztJQUV2RSxZQUFZLEdBQVE7UUFDbEIsSUFBSSxDQUFDLFFBQVEsR0FBRyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUE7UUFFcEMsSUFBSSxDQUFDLG9CQUFvQixHQUFHLFlBQVksRUFBNEIsQ0FBQyxTQUFTLEVBQUUsQ0FBQTtRQUNoRixJQUFJLENBQUMsaUJBQWlCLEdBQUcsWUFBWSxFQUF5QixDQUFDLFNBQVMsRUFBRSxDQUFBO1FBRTFFLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUNsQyxJQUFJLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLENBQUE7SUFDakMsQ0FBQztJQUVPLHdCQUF3QixDQUFDLEtBQWM7UUFDN0MsSUFBSSxLQUFLLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDeEIsT0FBTyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUE7UUFDakMsQ0FBQztRQUVELElBQUksS0FBSyxJQUFJLENBQUMsSUFBSSxLQUFLLElBQUksRUFBRSxFQUFFLENBQUM7WUFDOUIsT0FBTyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUE7UUFDbEMsQ0FBQztRQUVELElBQUksS0FBSyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQ2YsT0FBTyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUE7UUFDOUIsQ0FBQztRQUVELElBQUksS0FBSyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQ2YsT0FBTyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUE7UUFDaEMsQ0FBQztRQUVELElBQUksS0FBSyxJQUFJLEdBQUcsRUFBRSxDQUFDO1lBQ2pCLE9BQU8sZ0JBQWdCLENBQUMsR0FBRyxDQUFBO1FBQzdCLENBQUM7UUFFRCxJQUFJLEtBQUssSUFBSSxDQUFDLEVBQUUsQ0FBQztZQUNmLE9BQU8sZ0JBQWdCLENBQUMsSUFBSSxDQUFBO1FBQzlCLENBQUM7UUFFRCxNQUFNLENBQUMsSUFBSSxDQUFDLGdCQUFnQixLQUFLLDJDQUEyQyxDQUFDLENBQUE7UUFDN0UsT0FBTyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUE7SUFDakMsQ0FBQztJQUVPLHFCQUFxQixDQUFDLEtBQWM7UUFDMUMsSUFBSSxLQUFLLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDeEIsT0FBTyxhQUFhLENBQUMsT0FBTyxDQUFBO1FBQzlCLENBQUM7UUFFRCxJQUFJLEtBQUssQ0FBQyxXQUFXLEVBQUUsS0FBSyxPQUFPLEVBQUUsQ0FBQztZQUNwQyxPQUFPLGFBQWEsQ0FBQyxLQUFLLENBQUE7UUFDNUIsQ0FBQztRQUVELElBQUksS0FBSyxDQUFDLFdBQVcsRUFBRSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3RDLE9BQU8sYUFBYSxDQUFDLE9BQU8sQ0FBQTtRQUM5QixDQUFDO1FBRUQsSUFBSSxLQUFLLENBQUMsV0FBVyxFQUFFLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDbkMsT0FBTyxhQUFhLENBQUMsSUFBSSxDQUFBO1FBQzNCLENBQUM7UUFFRCxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsS0FBSyx1Q0FBdUMsQ0FBQyxDQUFBO1FBQ3hFLE9BQU8sYUFBYSxDQUFDLE9BQU8sQ0FBQTtJQUM5QixDQUFDO0lBRU8sd0JBQXdCLENBQUMsR0FBUTtRQUN2QyxNQUFNLE9BQU8sR0FBYSxHQUFHLENBQUMsT0FBTyxJQUFJLEVBQUUsQ0FBQTtRQUMzQyxLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQzdCLE1BQU0sUUFBUSxHQUFxQixJQUFJLENBQUMsd0JBQXdCLENBQzlELDBCQUEwQixDQUFDLEdBQUcsRUFBRSxNQUFNLEVBQUUsbUJBQW1CLENBQUMsQ0FDN0QsQ0FBQTtZQUNELE1BQU0sS0FBSyxHQUFXLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFBO1lBQ2xFLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLEtBQUssR0FBRyxDQUFDLENBQUMsQ0FBQTtRQUNwRCxDQUFDO0lBQ0gsQ0FBQztJQUVPLG1CQUFtQixDQUFDLEdBQVEsRUFBRSxNQUFjO1FBQ2xELElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2pCLE9BQU8sTUFBTSxDQUFDLEtBQUssQ0FBQTtRQUNyQixDQUFDO1FBRUQsT0FBTywwQkFBMEIsQ0FBQyxHQUFHLEVBQUUsTUFBTSxFQUFFLGtCQUFrQixDQUFDLENBQUE7SUFDcEUsQ0FBQztJQUVPLHFCQUFxQixDQUFDLEdBQVE7UUFDcEMsTUFBTSxPQUFPLEdBQWEsR0FBRyxDQUFDLE9BQU8sSUFBSSxFQUFFLENBQUE7UUFDM0MsS0FBSyxNQUFNLE1BQU0sSUFBSSxPQUFPLEVBQUUsQ0FBQztZQUM3QixNQUFNLEtBQUssR0FBa0IsSUFBSSxDQUFDLHFCQUFxQixDQUNyRCxJQUFJLENBQUMsbUJBQW1CLENBQUMsR0FBRyxFQUFFLE1BQU0sQ0FBQyxDQUN0QyxDQUFBO1lBQ0QsTUFBTSxLQUFLLEdBQVcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUE7WUFDNUQsSUFBSSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsS0FBSyxHQUFHLENBQUMsQ0FBQyxDQUFBO1FBQzlDLENBQUM7SUFDSCxDQUFDO0lBRUQsSUFBVyxtQkFBbUI7UUFDNUIsT0FBTyx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsb0JBQW9CLENBQUMsQ0FBQTtJQUMzRCxDQUFDO0lBRUQsSUFBVyxnQkFBZ0I7UUFDekIsT0FBTyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsQ0FBQTtJQUNyRCxDQUFDO0NBQ0YifQ==
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SarifModelPerSarif.d.ts","sourceRoot":"","sources":["../../src/model/SarifModelPerSarif.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
import { Map as ImmutableMap } from 'immutable';
|
|
2
|
+
import { SarifModelPerRun } from './SarifModelPerRun';
|
|
3
|
+
import { sortSecurityLevelMap, sortSecuritySeverityMap } from '../utils/SortUtils';
|
|
4
|
+
/**
|
|
5
|
+
* This class is used to group results by different fields, such as grouping by
|
|
6
|
+
* tool name, runs, etc.
|
|
7
|
+
* @internal
|
|
8
|
+
*/
|
|
9
|
+
export class SarifModelPerSarif {
|
|
10
|
+
sarifModelPerRunList;
|
|
11
|
+
constructor(sarif) {
|
|
12
|
+
this.sarifModelPerRunList = new Array();
|
|
13
|
+
this.buildRunsList(sarif);
|
|
14
|
+
}
|
|
15
|
+
buildRunsList(sarif) {
|
|
16
|
+
for (const run of sarif.runs) {
|
|
17
|
+
this.sarifModelPerRunList.push(new SarifModelPerRun(run));
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
groupByToolNameWithSecurityLevel() {
|
|
21
|
+
const result = new Map();
|
|
22
|
+
for (const sarifModelPerRun of this.sarifModelPerRunList) {
|
|
23
|
+
if (!result.has(sarifModelPerRun.toolName)) {
|
|
24
|
+
result.set(sarifModelPerRun.toolName, ImmutableMap().asMutable());
|
|
25
|
+
}
|
|
26
|
+
for (const [k, v] of sarifModelPerRun.securityLevelMap.entries()) {
|
|
27
|
+
const count = result.get(sarifModelPerRun.toolName)?.get(k) || 0;
|
|
28
|
+
result.get(sarifModelPerRun.toolName)?.set(k, count + v);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
// Sort
|
|
32
|
+
for (const [k, v] of result) {
|
|
33
|
+
result.set(k, sortSecurityLevelMap(v));
|
|
34
|
+
}
|
|
35
|
+
return result;
|
|
36
|
+
}
|
|
37
|
+
groupByRunWithSecurityLevel() {
|
|
38
|
+
const result = new Array();
|
|
39
|
+
for (const sarifModelPerRun of this.sarifModelPerRunList) {
|
|
40
|
+
result.push({
|
|
41
|
+
toolName: sarifModelPerRun.toolName,
|
|
42
|
+
data: sarifModelPerRun.securityLevelMap,
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
return result;
|
|
46
|
+
}
|
|
47
|
+
groupByTotalWithSecurityLevel() {
|
|
48
|
+
const result = ImmutableMap().asMutable();
|
|
49
|
+
for (const sarifModelPerRun of this.sarifModelPerRunList) {
|
|
50
|
+
for (const [k, v] of sarifModelPerRun.securityLevelMap.entries()) {
|
|
51
|
+
const count = result.get(k) || 0;
|
|
52
|
+
result.set(k, count + v);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
return sortSecurityLevelMap(result);
|
|
56
|
+
}
|
|
57
|
+
groupByToolNameWithSecuritySeverity() {
|
|
58
|
+
const result = new Map();
|
|
59
|
+
for (const sarifModelPerRun of this.sarifModelPerRunList) {
|
|
60
|
+
if (!result.has(sarifModelPerRun.toolName)) {
|
|
61
|
+
result.set(sarifModelPerRun.toolName, ImmutableMap().asMutable());
|
|
62
|
+
}
|
|
63
|
+
for (const [k, v] of sarifModelPerRun.securitySeverityMap.entries()) {
|
|
64
|
+
const count = result.get(sarifModelPerRun.toolName)?.get(k) || 0;
|
|
65
|
+
result.get(sarifModelPerRun.toolName)?.set(k, count + v);
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
// Sort
|
|
69
|
+
for (const [k, v] of result.entries()) {
|
|
70
|
+
result.set(k, sortSecuritySeverityMap(v));
|
|
71
|
+
}
|
|
72
|
+
return result;
|
|
73
|
+
}
|
|
74
|
+
groupByRunWithSecuritySeverity() {
|
|
75
|
+
const result = new Array();
|
|
76
|
+
for (const sarifModelPerRun of this.sarifModelPerRunList) {
|
|
77
|
+
result.push({
|
|
78
|
+
toolName: sarifModelPerRun.toolName,
|
|
79
|
+
data: sarifModelPerRun.securitySeverityMap,
|
|
80
|
+
});
|
|
81
|
+
}
|
|
82
|
+
return result;
|
|
83
|
+
}
|
|
84
|
+
groupByTotalWithSecuritySeverity() {
|
|
85
|
+
const result = ImmutableMap().asMutable();
|
|
86
|
+
for (const sarifModelPerRun of this.sarifModelPerRunList) {
|
|
87
|
+
for (const [k, v] of sarifModelPerRun.securitySeverityMap.entries()) {
|
|
88
|
+
const count = result.get(k) || 0;
|
|
89
|
+
result.set(k, count + v);
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
return sortSecuritySeverityMap(result);
|
|
93
|
+
}
|
|
94
|
+
listToolNames() {
|
|
95
|
+
const toolNames = new Set();
|
|
96
|
+
for (const sarifModelPerRun of this.sarifModelPerRunList) {
|
|
97
|
+
toolNames.add(sarifModelPerRun.toolName);
|
|
98
|
+
}
|
|
99
|
+
return toolNames;
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2FyaWZNb2RlbFBlclNhcmlmLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL21vZGVsL1NhcmlmTW9kZWxQZXJTYXJpZi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEVBQUUsR0FBRyxJQUFJLFlBQVksRUFBRSxNQUFNLFdBQVcsQ0FBQTtBQUMvQyxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQTtBQUVyRCxPQUFPLEVBQ0wsb0JBQW9CLEVBQ3BCLHVCQUF1QixFQUN4QixNQUFNLG9CQUFvQixDQUFDO0FBWTVCOzs7O0dBSUc7QUFDSCxNQUFNLE9BQU8sa0JBQWtCO0lBQ1osb0JBQW9CLENBQTBCO0lBRS9ELFlBQVksS0FBZTtRQUN6QixJQUFJLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxLQUFLLEVBQW9CLENBQUE7UUFDekQsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUMzQixDQUFDO0lBRU8sYUFBYSxDQUFDLEtBQWU7UUFDbkMsS0FBSyxNQUFNLEdBQUcsSUFBSSxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDN0IsSUFBSSxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxJQUFJLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUE7UUFDM0QsQ0FBQztJQUNILENBQUM7SUFFTSxnQ0FBZ0M7UUFDckMsTUFBTSxNQUFNLEdBQUcsSUFBSSxHQUFHLEVBQStDLENBQUE7UUFDckUsS0FBSyxNQUFNLGdCQUFnQixJQUFJLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQ3pELElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7Z0JBQzNDLE1BQU0sQ0FBQyxHQUFHLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLFlBQVksRUFBeUIsQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFBO1lBQzFGLENBQUM7WUFDRCxLQUFLLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksZ0JBQWdCLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztnQkFDakUsTUFBTSxLQUFLLEdBQVcsTUFBTSxDQUFDLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFBO2dCQUN4RSxNQUFNLENBQUMsR0FBRyxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxFQUFFLEdBQUcsQ0FBQyxDQUFDLEVBQUUsS0FBSyxHQUFHLENBQUMsQ0FBQyxDQUFBO1lBQzFELENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTztRQUNQLEtBQUssTUFBTSxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUM1QixNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxvQkFBb0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO1FBQ3hDLENBQUM7UUFDRCxPQUFPLE1BQU0sQ0FBQTtJQUNmLENBQUM7SUFFTSwyQkFBMkI7UUFDaEMsTUFBTSxNQUFNLEdBQUcsSUFBSSxLQUFLLEVBQW1DLENBQUE7UUFDM0QsS0FBSyxNQUFNLGdCQUFnQixJQUFJLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQ3pELE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ1YsUUFBUSxFQUFFLGdCQUFnQixDQUFDLFFBQVE7Z0JBQ25DLElBQUksRUFBRSxnQkFBZ0IsQ0FBQyxnQkFBZ0I7YUFDeEMsQ0FBQyxDQUFBO1FBQ0osQ0FBQztRQUNELE9BQU8sTUFBTSxDQUFBO0lBQ2YsQ0FBQztJQUVNLDZCQUE2QjtRQUNsQyxNQUFNLE1BQU0sR0FBRyxZQUFZLEVBQXlCLENBQUMsU0FBUyxFQUFFLENBQUE7UUFDaEUsS0FBSyxNQUFNLGdCQUFnQixJQUFJLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQ3pELEtBQUssTUFBTSxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsSUFBSSxnQkFBZ0IsQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO2dCQUNqRSxNQUFNLEtBQUssR0FBVyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQTtnQkFDeEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsS0FBSyxHQUFHLENBQUMsQ0FBQyxDQUFBO1lBQzFCLENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxvQkFBb0IsQ0FBQyxNQUFNLENBQUMsQ0FBQTtJQUNyQyxDQUFDO0lBRU0sbUNBQW1DO1FBQ3hDLE1BQU0sTUFBTSxHQUFHLElBQUksR0FBRyxFQUFrRCxDQUFBO1FBQ3hFLEtBQUssTUFBTSxnQkFBZ0IsSUFBSSxJQUFJLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztZQUN6RCxJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO2dCQUMzQyxNQUFNLENBQUMsR0FBRyxDQUFDLGdCQUFnQixDQUFDLFFBQVEsRUFBRSxZQUFZLEVBQTRCLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQTtZQUM3RixDQUFDO1lBQ0QsS0FBSyxNQUFNLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxJQUFJLGdCQUFnQixDQUFDLG1CQUFtQixDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7Z0JBQ3BFLE1BQU0sS0FBSyxHQUFXLE1BQU0sQ0FBQyxHQUFHLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQTtnQkFDeEUsTUFBTSxDQUFDLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsRUFBRSxHQUFHLENBQUMsQ0FBQyxFQUFFLEtBQUssR0FBRyxDQUFDLENBQUMsQ0FBQTtZQUMxRCxDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU87UUFDUCxLQUFLLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksTUFBTSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDdEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsdUJBQXVCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtRQUMzQyxDQUFDO1FBQ0QsT0FBTyxNQUFNLENBQUE7SUFDZixDQUFDO0lBRU0sOEJBQThCO1FBQ25DLE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxFQUFzQyxDQUFBO1FBQzlELEtBQUssTUFBTSxnQkFBZ0IsSUFBSSxJQUFJLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztZQUN6RCxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNWLFFBQVEsRUFBRSxnQkFBZ0IsQ0FBQyxRQUFRO2dCQUNuQyxJQUFJLEVBQUUsZ0JBQWdCLENBQUMsbUJBQW1CO2FBQzNDLENBQUMsQ0FBQTtRQUNKLENBQUM7UUFDRCxPQUFPLE1BQU0sQ0FBQTtJQUNmLENBQUM7SUFFTSxnQ0FBZ0M7UUFDckMsTUFBTSxNQUFNLEdBQUcsWUFBWSxFQUE0QixDQUFDLFNBQVMsRUFBRSxDQUFBO1FBQ25FLEtBQUssTUFBTSxnQkFBZ0IsSUFBSSxJQUFJLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztZQUN6RCxLQUFLLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksZ0JBQWdCLENBQUMsbUJBQW1CLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztnQkFDcEUsTUFBTSxLQUFLLEdBQVcsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUE7Z0JBQ3hDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEtBQUssR0FBRyxDQUFDLENBQUMsQ0FBQTtZQUMxQixDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sdUJBQXVCLENBQUMsTUFBTSxDQUFDLENBQUE7SUFDeEMsQ0FBQztJQUVNLGFBQWE7UUFDbEIsTUFBTSxTQUFTLEdBQUcsSUFBSSxHQUFHLEVBQVUsQ0FBQTtRQUNuQyxLQUFLLE1BQU0sZ0JBQWdCLElBQUksSUFBSSxDQUFDLG9CQUFvQixFQUFFLENBQUM7WUFDekQsU0FBUyxDQUFDLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsQ0FBQTtRQUMxQyxDQUFDO1FBQ0QsT0FBTyxTQUFTLENBQUE7SUFDbEIsQ0FBQztDQUNGIn0=
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/model/types.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Enum of security severity.
|
|
3
|
+
* @internal
|
|
4
|
+
*/
|
|
5
|
+
export var SecuritySeverity;
|
|
6
|
+
(function (SecuritySeverity) {
|
|
7
|
+
SecuritySeverity["Unknown"] = "Unknown";
|
|
8
|
+
SecuritySeverity["None"] = "None";
|
|
9
|
+
SecuritySeverity["Low"] = "Low";
|
|
10
|
+
SecuritySeverity["Medium"] = "Medium";
|
|
11
|
+
SecuritySeverity["High"] = "High";
|
|
12
|
+
SecuritySeverity["Critical"] = "Critical";
|
|
13
|
+
})(SecuritySeverity || (SecuritySeverity = {}));
|
|
14
|
+
/**
|
|
15
|
+
* Ordering of security severity values. It is used for sorting purposes, so that
|
|
16
|
+
* Slack message shows issues in the correct order.
|
|
17
|
+
* @internal
|
|
18
|
+
*/
|
|
19
|
+
export const SecuritySeverityOrder = [
|
|
20
|
+
SecuritySeverity.Critical,
|
|
21
|
+
SecuritySeverity.High,
|
|
22
|
+
SecuritySeverity.Medium,
|
|
23
|
+
SecuritySeverity.Low,
|
|
24
|
+
SecuritySeverity.None,
|
|
25
|
+
SecuritySeverity.Unknown
|
|
26
|
+
];
|
|
27
|
+
/**
|
|
28
|
+
* Enum of security level.
|
|
29
|
+
* @internal
|
|
30
|
+
*/
|
|
31
|
+
export var SecurityLevel;
|
|
32
|
+
(function (SecurityLevel) {
|
|
33
|
+
SecurityLevel["Unknown"] = "Unknown";
|
|
34
|
+
SecurityLevel["Note"] = "Note";
|
|
35
|
+
SecurityLevel["Warning"] = "Warning";
|
|
36
|
+
SecurityLevel["Error"] = "Error";
|
|
37
|
+
})(SecurityLevel || (SecurityLevel = {}));
|
|
38
|
+
/**
|
|
39
|
+
* Ordering of security level values. It is used for sorting purposes, so that
|
|
40
|
+
* Slack message shows issues in the correct order.
|
|
41
|
+
* @internal
|
|
42
|
+
*/
|
|
43
|
+
export const SecurityLevelOrder = [
|
|
44
|
+
SecurityLevel.Error,
|
|
45
|
+
SecurityLevel.Warning,
|
|
46
|
+
SecurityLevel.Note,
|
|
47
|
+
SecurityLevel.Unknown
|
|
48
|
+
];
|
|
49
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbW9kZWwvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7OztHQUdHO0FBQ0gsTUFBTSxDQUFOLElBQVksZ0JBT1g7QUFQRCxXQUFZLGdCQUFnQjtJQUMxQix1Q0FBbUIsQ0FBQTtJQUNuQixpQ0FBYSxDQUFBO0lBQ2IsK0JBQVcsQ0FBQTtJQUNYLHFDQUFpQixDQUFBO0lBQ2pCLGlDQUFhLENBQUE7SUFDYix5Q0FBcUIsQ0FBQTtBQUN2QixDQUFDLEVBUFcsZ0JBQWdCLEtBQWhCLGdCQUFnQixRQU8zQjtBQUVEOzs7O0dBSUc7QUFDSCxNQUFNLENBQUMsTUFBTSxxQkFBcUIsR0FBdUI7SUFDdkQsZ0JBQWdCLENBQUMsUUFBUTtJQUN6QixnQkFBZ0IsQ0FBQyxJQUFJO0lBQ3JCLGdCQUFnQixDQUFDLE1BQU07SUFDdkIsZ0JBQWdCLENBQUMsR0FBRztJQUNwQixnQkFBZ0IsQ0FBQyxJQUFJO0lBQ3JCLGdCQUFnQixDQUFDLE9BQU87Q0FDekIsQ0FBQTtBQUVEOzs7R0FHRztBQUNILE1BQU0sQ0FBTixJQUFZLGFBS1g7QUFMRCxXQUFZLGFBQWE7SUFDdkIsb0NBQW1CLENBQUE7SUFDbkIsOEJBQWEsQ0FBQTtJQUNiLG9DQUFtQixDQUFBO0lBQ25CLGdDQUFlLENBQUE7QUFDakIsQ0FBQyxFQUxXLGFBQWEsS0FBYixhQUFhLFFBS3hCO0FBR0Q7Ozs7R0FJRztBQUNILE1BQU0sQ0FBQyxNQUFNLGtCQUFrQixHQUFvQjtJQUNqRCxhQUFhLENBQUMsS0FBSztJQUNuQixhQUFhLENBQUMsT0FBTztJQUNyQixhQUFhLENBQUMsSUFBSTtJQUNsQixhQUFhLENBQUMsT0FBTztDQUN0QixDQUFBIn0=
|
package/dist/sarif-to-slack.d.ts
CHANGED
|
@@ -12,7 +12,11 @@
|
|
|
12
12
|
* const service = await SarifToSlackService.create({
|
|
13
13
|
* webhookUrl: 'https://hooks.slack.com/services/your/webhook/url',
|
|
14
14
|
* sarifPath: 'path/to/your/sarif/file.sarif',
|
|
15
|
-
*
|
|
15
|
+
* log: {
|
|
16
|
+
* level: LogLevel.Info,
|
|
17
|
+
* template: '[{{logLevelName}}] [{{name}}] {{dateIsoStr}} ',
|
|
18
|
+
* colored: false,
|
|
19
|
+
* },
|
|
16
20
|
* username: 'SARIF Bot',
|
|
17
21
|
* iconUrl: 'https://example.com/icon.png',
|
|
18
22
|
* color: '#36a64f',
|
|
@@ -43,6 +47,29 @@
|
|
|
43
47
|
|
|
44
48
|
import type { Log } from 'sarif';
|
|
45
49
|
|
|
50
|
+
/**
|
|
51
|
+
* Enum representing how to calculate results.
|
|
52
|
+
* @public
|
|
53
|
+
*/
|
|
54
|
+
export declare enum CalculateResultsBy {
|
|
55
|
+
/**
|
|
56
|
+
* Calculates results by the security level of the findings: Error, Warning,
|
|
57
|
+
* Note and Unknown. At first, it tries to get the security level from runs[].results[].level
|
|
58
|
+
* property. If it is not defined, it tries to get the security level from the
|
|
59
|
+
* respective rule of each result, using the rules[].properties['problem.severity']
|
|
60
|
+
* property.
|
|
61
|
+
*/
|
|
62
|
+
Level = 0,
|
|
63
|
+
/**
|
|
64
|
+
* Calculates results by the security severity of the findings: Critical, High,
|
|
65
|
+
* Medium, Low, None and Unknown. it tries to get the security severity from the
|
|
66
|
+
* respective rule of each result, using the rules[].properties['security-severity']
|
|
67
|
+
* property. This property contains CVSS score, which is then mapped to the
|
|
68
|
+
* security severity value.
|
|
69
|
+
*/
|
|
70
|
+
Severity = 1
|
|
71
|
+
}
|
|
72
|
+
|
|
46
73
|
/**
|
|
47
74
|
* Options for the footer of a Slack message. "type" is ignored if "value" is
|
|
48
75
|
* not defined.
|
|
@@ -57,8 +84,36 @@ export declare type FooterOptions = IncludeAwareWithValueOptions & {
|
|
|
57
84
|
* @public
|
|
58
85
|
*/
|
|
59
86
|
export declare enum FooterType {
|
|
60
|
-
|
|
61
|
-
|
|
87
|
+
/**
|
|
88
|
+
* Represents a plain text footer. Text is not formatted and appears as-is.
|
|
89
|
+
*/
|
|
90
|
+
PlainText = "plain_text",
|
|
91
|
+
/**
|
|
92
|
+
* Represents a footer with Markdown formatting. Text can include formatting
|
|
93
|
+
* such as bold, italics, and links.
|
|
94
|
+
*/
|
|
95
|
+
Markdown = "mrkdwn"
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
/**
|
|
99
|
+
* Enum representing how to group results.
|
|
100
|
+
* @public
|
|
101
|
+
*/
|
|
102
|
+
export declare enum GroupResultsBy {
|
|
103
|
+
/**
|
|
104
|
+
* Groups results by the tool name. Particularly, groups by the runs[].tool.driver.name
|
|
105
|
+
* property from the SARIF file(s).
|
|
106
|
+
*/
|
|
107
|
+
ToolName = 0,
|
|
108
|
+
/**
|
|
109
|
+
* Groups results by the run. It provides the result from each run individually.
|
|
110
|
+
*/
|
|
111
|
+
Run = 1,
|
|
112
|
+
/**
|
|
113
|
+
* Does not group results. It provides the result from all the runs from all
|
|
114
|
+
* the provided SARIF files.
|
|
115
|
+
*/
|
|
116
|
+
Total = 2
|
|
62
117
|
}
|
|
63
118
|
|
|
64
119
|
/**
|
|
@@ -85,7 +140,8 @@ export declare type IncludeAwareWithValueOptions = IncludeAwareOptions & {
|
|
|
85
140
|
*/
|
|
86
141
|
export declare enum LogLevel {
|
|
87
142
|
/**
|
|
88
|
-
* Represents the most verbose logging level, typically used for detailed
|
|
143
|
+
* Represents the most verbose logging level, typically used for detailed
|
|
144
|
+
* debugging information.
|
|
89
145
|
*/
|
|
90
146
|
Silly = 0,
|
|
91
147
|
/**
|
|
@@ -93,32 +149,59 @@ export declare enum LogLevel {
|
|
|
93
149
|
*/
|
|
94
150
|
Trace = 1,
|
|
95
151
|
/**
|
|
96
|
-
* Represents a logging level for debugging information that is less verbose
|
|
152
|
+
* Represents a logging level for debugging information that is less verbose
|
|
153
|
+
* than silly.
|
|
97
154
|
*/
|
|
98
155
|
Debug = 2,
|
|
99
156
|
/**
|
|
100
|
-
* Represents a logging level for general informational messages that highlight
|
|
157
|
+
* Represents a logging level for general informational messages that highlight
|
|
158
|
+
* the progress of the application.
|
|
101
159
|
*/
|
|
102
160
|
Info = 3,
|
|
103
161
|
/**
|
|
104
|
-
* Represents a logging level for potentially harmful situations that require
|
|
162
|
+
* Represents a logging level for potentially harmful situations that require
|
|
163
|
+
* attention.
|
|
105
164
|
*/
|
|
106
165
|
Warning = 4,
|
|
107
166
|
/**
|
|
108
|
-
* Represents a logging level for error conditions that do not require immediate
|
|
167
|
+
* Represents a logging level for error conditions that do not require immediate
|
|
168
|
+
* action but should be noted.
|
|
109
169
|
*/
|
|
110
170
|
Error = 5,
|
|
111
171
|
/**
|
|
112
|
-
* Represents a logging level for critical errors that require immediate attention
|
|
172
|
+
* Represents a logging level for critical errors that require immediate attention
|
|
173
|
+
* and may cause the application to terminate.
|
|
113
174
|
*/
|
|
114
175
|
Fatal = 6
|
|
115
176
|
}
|
|
116
177
|
|
|
178
|
+
/**
|
|
179
|
+
* Options for logging.
|
|
180
|
+
* @public
|
|
181
|
+
*/
|
|
182
|
+
export declare type LogOptions = {
|
|
183
|
+
level?: LogLevel;
|
|
184
|
+
/**
|
|
185
|
+
* More details here: https://github.com/fullstack-build/tslog?tab=readme-ov-file#pretty-templates-and-styles-color-settings
|
|
186
|
+
*/
|
|
187
|
+
template?: string;
|
|
188
|
+
colored?: boolean;
|
|
189
|
+
};
|
|
190
|
+
|
|
117
191
|
/**
|
|
118
192
|
* Type representing a SARIF log.
|
|
119
193
|
* @public
|
|
120
194
|
*/
|
|
121
|
-
export declare type
|
|
195
|
+
export declare type SarifLog = Log;
|
|
196
|
+
|
|
197
|
+
/**
|
|
198
|
+
* Options for how to output the results in the Slack message.
|
|
199
|
+
* @public
|
|
200
|
+
*/
|
|
201
|
+
export declare type SarifToSlackOutput = {
|
|
202
|
+
groupBy?: GroupResultsBy;
|
|
203
|
+
calculateBy?: CalculateResultsBy;
|
|
204
|
+
};
|
|
122
205
|
|
|
123
206
|
/**
|
|
124
207
|
* Service to convert SARIF files to Slack messages and send them.
|
|
@@ -168,11 +251,12 @@ export declare type SarifToSlackServiceOptions = {
|
|
|
168
251
|
username?: string;
|
|
169
252
|
iconUrl?: string;
|
|
170
253
|
color?: string;
|
|
171
|
-
|
|
254
|
+
log?: LogOptions;
|
|
172
255
|
header?: IncludeAwareWithValueOptions;
|
|
173
256
|
footer?: FooterOptions;
|
|
174
257
|
actor?: IncludeAwareWithValueOptions;
|
|
175
258
|
run?: IncludeAwareOptions;
|
|
259
|
+
output?: SarifToSlackOutput;
|
|
176
260
|
};
|
|
177
261
|
|
|
178
262
|
/**
|
|
@@ -188,7 +272,7 @@ export declare interface SlackMessage {
|
|
|
188
272
|
/**
|
|
189
273
|
* The SARIF log associated with this Slack message.
|
|
190
274
|
*/
|
|
191
|
-
sarif:
|
|
275
|
+
sarif: SarifLog;
|
|
192
276
|
}
|
|
193
277
|
|
|
194
278
|
export { }
|
package/dist/tsdoc-metadata.json
CHANGED
package/dist/types.d.ts
CHANGED
|
@@ -3,7 +3,7 @@ import type { Log } from 'sarif';
|
|
|
3
3
|
* Type representing a SARIF log.
|
|
4
4
|
* @public
|
|
5
5
|
*/
|
|
6
|
-
export type
|
|
6
|
+
export type SarifLog = Log;
|
|
7
7
|
/**
|
|
8
8
|
* Interface for a Slack message that can be sent.
|
|
9
9
|
* @public
|
|
@@ -17,7 +17,7 @@ export interface SlackMessage {
|
|
|
17
17
|
/**
|
|
18
18
|
* The SARIF log associated with this Slack message.
|
|
19
19
|
*/
|
|
20
|
-
sarif:
|
|
20
|
+
sarif: SarifLog;
|
|
21
21
|
}
|
|
22
22
|
/**
|
|
23
23
|
* Enum representing log levels for the service.
|
|
@@ -25,7 +25,8 @@ export interface SlackMessage {
|
|
|
25
25
|
*/
|
|
26
26
|
export declare enum LogLevel {
|
|
27
27
|
/**
|
|
28
|
-
* Represents the most verbose logging level, typically used for detailed
|
|
28
|
+
* Represents the most verbose logging level, typically used for detailed
|
|
29
|
+
* debugging information.
|
|
29
30
|
*/
|
|
30
31
|
Silly = 0,
|
|
31
32
|
/**
|
|
@@ -33,23 +34,28 @@ export declare enum LogLevel {
|
|
|
33
34
|
*/
|
|
34
35
|
Trace = 1,
|
|
35
36
|
/**
|
|
36
|
-
* Represents a logging level for debugging information that is less verbose
|
|
37
|
+
* Represents a logging level for debugging information that is less verbose
|
|
38
|
+
* than silly.
|
|
37
39
|
*/
|
|
38
40
|
Debug = 2,
|
|
39
41
|
/**
|
|
40
|
-
* Represents a logging level for general informational messages that highlight
|
|
42
|
+
* Represents a logging level for general informational messages that highlight
|
|
43
|
+
* the progress of the application.
|
|
41
44
|
*/
|
|
42
45
|
Info = 3,
|
|
43
46
|
/**
|
|
44
|
-
* Represents a logging level for potentially harmful situations that require
|
|
47
|
+
* Represents a logging level for potentially harmful situations that require
|
|
48
|
+
* attention.
|
|
45
49
|
*/
|
|
46
50
|
Warning = 4,
|
|
47
51
|
/**
|
|
48
|
-
* Represents a logging level for error conditions that do not require immediate
|
|
52
|
+
* Represents a logging level for error conditions that do not require immediate
|
|
53
|
+
* action but should be noted.
|
|
49
54
|
*/
|
|
50
55
|
Error = 5,
|
|
51
56
|
/**
|
|
52
|
-
* Represents a logging level for critical errors that require immediate attention
|
|
57
|
+
* Represents a logging level for critical errors that require immediate attention
|
|
58
|
+
* and may cause the application to terminate.
|
|
53
59
|
*/
|
|
54
60
|
Fatal = 6
|
|
55
61
|
}
|
|
@@ -74,8 +80,15 @@ export type IncludeAwareWithValueOptions = IncludeAwareOptions & {
|
|
|
74
80
|
* @public
|
|
75
81
|
*/
|
|
76
82
|
export declare enum FooterType {
|
|
77
|
-
|
|
78
|
-
|
|
83
|
+
/**
|
|
84
|
+
* Represents a plain text footer. Text is not formatted and appears as-is.
|
|
85
|
+
*/
|
|
86
|
+
PlainText = "plain_text",
|
|
87
|
+
/**
|
|
88
|
+
* Represents a footer with Markdown formatting. Text can include formatting
|
|
89
|
+
* such as bold, italics, and links.
|
|
90
|
+
*/
|
|
91
|
+
Markdown = "mrkdwn"
|
|
79
92
|
}
|
|
80
93
|
/**
|
|
81
94
|
* Options for the footer of a Slack message. "type" is ignored if "value" is
|
|
@@ -85,6 +98,68 @@ export declare enum FooterType {
|
|
|
85
98
|
export type FooterOptions = IncludeAwareWithValueOptions & {
|
|
86
99
|
type?: FooterType;
|
|
87
100
|
};
|
|
101
|
+
/**
|
|
102
|
+
* Enum representing how to group results.
|
|
103
|
+
* @public
|
|
104
|
+
*/
|
|
105
|
+
export declare enum GroupResultsBy {
|
|
106
|
+
/**
|
|
107
|
+
* Groups results by the tool name. Particularly, groups by the runs[].tool.driver.name
|
|
108
|
+
* property from the SARIF file(s).
|
|
109
|
+
*/
|
|
110
|
+
ToolName = 0,
|
|
111
|
+
/**
|
|
112
|
+
* Groups results by the run. It provides the result from each run individually.
|
|
113
|
+
*/
|
|
114
|
+
Run = 1,
|
|
115
|
+
/**
|
|
116
|
+
* Does not group results. It provides the result from all the runs from all
|
|
117
|
+
* the provided SARIF files.
|
|
118
|
+
*/
|
|
119
|
+
Total = 2
|
|
120
|
+
}
|
|
121
|
+
/**
|
|
122
|
+
* Enum representing how to calculate results.
|
|
123
|
+
* @public
|
|
124
|
+
*/
|
|
125
|
+
export declare enum CalculateResultsBy {
|
|
126
|
+
/**
|
|
127
|
+
* Calculates results by the security level of the findings: Error, Warning,
|
|
128
|
+
* Note and Unknown. At first, it tries to get the security level from runs[].results[].level
|
|
129
|
+
* property. If it is not defined, it tries to get the security level from the
|
|
130
|
+
* respective rule of each result, using the rules[].properties['problem.severity']
|
|
131
|
+
* property.
|
|
132
|
+
*/
|
|
133
|
+
Level = 0,
|
|
134
|
+
/**
|
|
135
|
+
* Calculates results by the security severity of the findings: Critical, High,
|
|
136
|
+
* Medium, Low, None and Unknown. it tries to get the security severity from the
|
|
137
|
+
* respective rule of each result, using the rules[].properties['security-severity']
|
|
138
|
+
* property. This property contains CVSS score, which is then mapped to the
|
|
139
|
+
* security severity value.
|
|
140
|
+
*/
|
|
141
|
+
Severity = 1
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Options for how to output the results in the Slack message.
|
|
145
|
+
* @public
|
|
146
|
+
*/
|
|
147
|
+
export type SarifToSlackOutput = {
|
|
148
|
+
groupBy?: GroupResultsBy;
|
|
149
|
+
calculateBy?: CalculateResultsBy;
|
|
150
|
+
};
|
|
151
|
+
/**
|
|
152
|
+
* Options for logging.
|
|
153
|
+
* @public
|
|
154
|
+
*/
|
|
155
|
+
export type LogOptions = {
|
|
156
|
+
level?: LogLevel;
|
|
157
|
+
/**
|
|
158
|
+
* More details here: https://github.com/fullstack-build/tslog?tab=readme-ov-file#pretty-templates-and-styles-color-settings
|
|
159
|
+
*/
|
|
160
|
+
template?: string;
|
|
161
|
+
colored?: boolean;
|
|
162
|
+
};
|
|
88
163
|
/**
|
|
89
164
|
* Options for the SarifToSlackService.
|
|
90
165
|
* @public
|
|
@@ -95,10 +170,11 @@ export type SarifToSlackServiceOptions = {
|
|
|
95
170
|
username?: string;
|
|
96
171
|
iconUrl?: string;
|
|
97
172
|
color?: string;
|
|
98
|
-
|
|
173
|
+
log?: LogOptions;
|
|
99
174
|
header?: IncludeAwareWithValueOptions;
|
|
100
175
|
footer?: FooterOptions;
|
|
101
176
|
actor?: IncludeAwareWithValueOptions;
|
|
102
177
|
run?: IncludeAwareOptions;
|
|
178
|
+
output?: SarifToSlackOutput;
|
|
103
179
|
};
|
|
104
180
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,OAAO,CAAA;AAEhC;;;GAGG;AACH,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,OAAO,CAAA;AAEhC;;;GAGG;AACH,MAAM,MAAM,QAAQ,GAAG,GAAG,CAAA;AAE1B;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,IAAI,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;IAC3B;;OAEG;IACH,KAAK,EAAE,QAAQ,CAAA;CAChB;AAED;;;GAGG;AACH,oBAAY,QAAQ;IAClB;;;OAGG;IACH,KAAK,IAAI;IACT;;OAEG;IACH,KAAK,IAAI;IACT;;;OAGG;IACH,KAAK,IAAI;IACT;;;OAGG;IACH,IAAI,IAAI;IACR;;;OAGG;IACH,OAAO,IAAI;IACX;;;OAGG;IACH,KAAK,IAAI;IACT;;;OAGG;IACH,KAAK,IAAI;CACV;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,4BAA4B,GAAG,mBAAmB,GAAG;IAC/D,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED;;;GAGG;AACH,oBAAY,UAAU;IACpB;;OAEG;IACH,SAAS,eAAe;IACxB;;;OAGG;IACH,QAAQ,WAAW;CACpB;AAED;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,4BAA4B,GAAG;IACzD,IAAI,CAAC,EAAE,UAAU,CAAA;CAClB,CAAA;AAED;;;GAGG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,QAAQ,IAAI;IACZ;;OAEG;IACH,GAAG,IAAI;IACP;;;OAGG;IACH,KAAK,IAAI;CACV;AAED;;;GAGG;AACH,oBAAY,kBAAkB;IAC5B;;;;;;OAMG;IACH,KAAK,IAAI;IACT;;;;;;OAMG;IACH,QAAQ,IAAI;CACb;AAED;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,WAAW,CAAC,EAAE,kBAAkB,CAAC;CAClC,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,KAAK,CAAC,EAAE,QAAQ,CAAC;IACjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,0BAA0B,GAAG;IAEvC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,UAAU,CAAC;IACjB,MAAM,CAAC,EAAE,4BAA4B,CAAC;IACtC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,KAAK,CAAC,EAAE,4BAA4B,CAAC;IACrC,GAAG,CAAC,EAAE,mBAAmB,CAAC;IAC1B,MAAM,CAAC,EAAE,kBAAkB,CAAC;CAC7B,CAAA"}
|