@fabasoad/sarif-to-slack 0.2.3 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/security.yml +1 -0
- package/.github/workflows/send-sarif-to-slack.yml +7 -1
- package/dist/SarifToSlackService.d.ts.map +1 -1
- package/dist/SarifToSlackService.js +3 -1
- package/dist/SlackMessageBuilder.js +2 -2
- package/dist/System.d.ts +4 -0
- package/dist/System.d.ts.map +1 -0
- package/dist/System.js +8 -0
- package/dist/index.cjs +31 -9
- package/dist/metadata.d.ts +2 -0
- package/dist/metadata.d.ts.map +1 -0
- package/dist/metadata.js +11 -0
- package/dist/utils/SarifUtils.js +29 -9
- package/jest.config.json +1 -1
- package/package.json +4 -4
- package/scripts/save-metadata.sh +13 -0
- package/src/SarifToSlackService.ts +3 -1
- package/src/SlackMessageBuilder.ts +1 -1
- package/src/System.ts +9 -0
- package/src/metadata.ts +10 -0
- package/src/utils/SarifUtils.ts +35 -10
- package/test-data/sarif/runs-1-extensions-1-results-0.sarif +24 -0
- package/test-data/sarif/runs-1-extensions-1.sarif +79 -0
- package/tests/integration/SendSarifToSlack.spec.ts +1 -1
- package/dist/version.d.ts +0 -2
- package/dist/version.d.ts.map +0 -1
- package/dist/version.js +0 -11
- package/scripts/save-version.sh +0 -13
- package/src/version.ts +0 -10
|
@@ -34,6 +34,8 @@ on: # yamllint disable-line rule:truthy
|
|
|
34
34
|
- "Trivy IaC (Error: 1, Note: 1)"
|
|
35
35
|
- "Wiz Container (Error: 12, Warning: 369, Note: 191)"
|
|
36
36
|
- "Wiz IaC (Warning: 5, Note: 5)"
|
|
37
|
+
- "Runs: 1, Extensions: 1, Results: 0"
|
|
38
|
+
- "Runs: 1, Extensions: 1, Results > 0"
|
|
37
39
|
- "Runs: 1, Tools: 1, Results: 0"
|
|
38
40
|
- "Runs: 2, Tools: 1, Results > 0"
|
|
39
41
|
- "Runs: 2, Tools: 1, Results: 0"
|
|
@@ -172,6 +174,10 @@ jobs:
|
|
|
172
174
|
value="wiz-container.sarif"
|
|
173
175
|
elif [ "${INPUT_SARIF}" = "Wiz IaC (Warning: 5, Note: 5)" ]; then
|
|
174
176
|
value="wiz-iac.sarif"
|
|
177
|
+
elif [ "${INPUT_SARIF}" = "Runs: 1, Extensions: 1, Results: 0" ]; then
|
|
178
|
+
value="runs-1-extensions-1-results-0.sarif"
|
|
179
|
+
elif [ "${INPUT_SARIF}" = "Runs: 1, Extensions: 1, Results > 0" ]; then
|
|
180
|
+
value="runs-1-extensions-1.sarif"
|
|
175
181
|
elif [ "${INPUT_SARIF}" = "Runs: 1, Tools: 1, Results: 0" ]; then
|
|
176
182
|
value="runs-1-tools-1-results-0.sarif"
|
|
177
183
|
elif [ "${INPUT_SARIF}" = "Runs: 2, Tools: 1, Results > 0" ]; then
|
|
@@ -203,7 +209,7 @@ jobs:
|
|
|
203
209
|
SARIF_TO_SLACK_USERNAME: "${{ inputs.username }}"
|
|
204
210
|
SARIF_TO_SLACK_ICON_URL: "https://cdn-icons-png.flaticon.com/512/9070/9070006.png"
|
|
205
211
|
SARIF_TO_SLACK_COLOR: "${{ inputs.color }}"
|
|
206
|
-
|
|
212
|
+
SARIF_TO_SLACK_SARIF_PATH: "./test-data/sarif/${{ steps.sarif-file.outputs.value }}"
|
|
207
213
|
SARIF_TO_SLACK_LOG_LEVEL: "${{ inputs.log-level }}"
|
|
208
214
|
SARIF_TO_SLACK_HEADER: "${{ inputs.header }}"
|
|
209
215
|
SARIF_TO_SLACK_FOOTER: "${{ inputs.footer }}"
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SarifToSlackService.d.ts","sourceRoot":"","sources":["../src/SarifToSlackService.ts"],"names":[],"mappings":"AAIA,OAAO,EAEL,0BAA0B,EAC1B,YAAY,EACb,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"SarifToSlackService.d.ts","sourceRoot":"","sources":["../src/SarifToSlackService.ts"],"names":[],"mappings":"AAIA,OAAO,EAEL,0BAA0B,EAC1B,YAAY,EACb,MAAM,SAAS,CAAA;AA6ChB;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA4B;IAE3D,OAAO;IAIP;;;;OAIG;IACH,IAAW,aAAa,IAAI,WAAW,CAAC,MAAM,EAAE,YAAY,CAAC,CAE5D;IAED;;;;;;OAMG;WACiB,MAAM,CAAC,IAAI,EAAE,0BAA0B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS1F;;;;;OAKG;IACU,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAMrC;;;;;;OAMG;IACU,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAQpD"}
|
|
@@ -2,6 +2,7 @@ import { promises as fs } from 'fs';
|
|
|
2
2
|
import Logger from './Logger';
|
|
3
3
|
import { processColor, processSarifPath } from './Processors';
|
|
4
4
|
import { SlackMessageBuilder } from './SlackMessageBuilder';
|
|
5
|
+
import System from './System';
|
|
5
6
|
/**
|
|
6
7
|
* The main function to initialize a list of {@link SlackMessage} objects based
|
|
7
8
|
* on the given SARIF file(s).
|
|
@@ -67,6 +68,7 @@ export class SarifToSlackService {
|
|
|
67
68
|
*/
|
|
68
69
|
static async create(opts) {
|
|
69
70
|
Logger.initialize(opts.log);
|
|
71
|
+
System.initialize();
|
|
70
72
|
const instance = new SarifToSlackService();
|
|
71
73
|
const map = await initialize(opts);
|
|
72
74
|
map.forEach((val, key) => instance._slackMessages.set(key, val));
|
|
@@ -99,4 +101,4 @@ export class SarifToSlackService {
|
|
|
99
101
|
Logger.info(`Message sent for ${sarifPath} file. Status:`, text);
|
|
100
102
|
}
|
|
101
103
|
}
|
|
102
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
104
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2FyaWZUb1NsYWNrU2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9TYXJpZlRvU2xhY2tTZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxRQUFRLElBQUksRUFBRSxFQUFFLE1BQU0sSUFBSSxDQUFBO0FBQ25DLE9BQU8sTUFBTSxNQUFNLFVBQVUsQ0FBQTtBQUM3QixPQUFPLEVBQUUsWUFBWSxFQUFFLGdCQUFnQixFQUFFLE1BQU0sY0FBYyxDQUFBO0FBQzdELE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLHVCQUF1QixDQUFBO0FBTTNELE9BQU8sTUFBTSxNQUFNLFVBQVUsQ0FBQTtBQUU3Qjs7Ozs7OztHQU9HO0FBQ0gsS0FBSyxVQUFVLFVBQVUsQ0FBQyxJQUFnQztJQUN4RCxNQUFNLGFBQWEsR0FBRyxJQUFJLEdBQUcsRUFBd0IsQ0FBQztJQUN0RCxNQUFNLFVBQVUsR0FBYSxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUE7SUFDN0QsSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1FBQzVCLE1BQU0sSUFBSSxLQUFLLENBQUMsOENBQThDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFBO0lBQ2pGLENBQUM7SUFFRCxLQUFLLE1BQU0sU0FBUyxJQUFJLFVBQVUsRUFBRSxDQUFDO1FBQ25DLE1BQU0sVUFBVSxHQUFXLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLEVBQUUsTUFBTSxDQUFDLENBQUE7UUFFL0QsTUFBTSxjQUFjLEdBQUcsSUFBSSxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFO1lBQzlELFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsS0FBSyxFQUFFLFlBQVksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDO1lBQy9CLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBYTtZQUN6QyxNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU07U0FDcEIsQ0FBQyxDQUFBO1FBQ0YsSUFBSSxJQUFJLENBQUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ3pCLGNBQWMsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsQ0FBQTtRQUMvQyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ3pCLGNBQWMsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQTtRQUNsRSxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsS0FBSyxFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ3hCLGNBQWMsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxLQUFLLENBQUMsQ0FBQTtRQUM3QyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsR0FBRyxFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ3RCLGNBQWMsQ0FBQyxPQUFPLEVBQUUsQ0FBQTtRQUMxQixDQUFDO1FBQ0QsYUFBYSxDQUFDLEdBQUcsQ0FBQyxTQUFTLEVBQUUsY0FBYyxDQUFDLENBQUE7SUFDOUMsQ0FBQztJQUNELE9BQU8sYUFBYSxDQUFDO0FBQ3ZCLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxNQUFNLE9BQU8sbUJBQW1CO0lBQ2IsY0FBYyxDQUE0QjtJQUUzRDtRQUNFLElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSxHQUFHLEVBQXdCLENBQUM7SUFDeEQsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxJQUFXLGFBQWE7UUFDdEIsT0FBTyxJQUFJLENBQUMsY0FBYyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxNQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFnQztRQUN6RCxNQUFNLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUMzQixNQUFNLENBQUMsVUFBVSxFQUFFLENBQUE7UUFDbkIsTUFBTSxRQUFRLEdBQXdCLElBQUksbUJBQW1CLEVBQUUsQ0FBQTtRQUMvRCxNQUFNLEdBQUcsR0FBOEIsTUFBTSxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUE7UUFDN0QsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQWlCLEVBQUUsR0FBVyxFQUFFLEVBQUUsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQTtRQUN0RixPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSSxLQUFLLENBQUMsT0FBTztRQUNsQixLQUFLLE1BQU0sU0FBUyxJQUFJLElBQUksQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQztZQUNuRCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDN0IsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxLQUFLLENBQUMsSUFBSSxDQUFDLFNBQWlCO1FBQ2pDLE1BQU0sT0FBTyxHQUE2QixJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQTtRQUM1RSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixNQUFNLElBQUksS0FBSyxDQUFDLGtEQUFrRCxTQUFTLEdBQUcsQ0FBQyxDQUFBO1FBQ2pGLENBQUM7UUFDRCxNQUFNLElBQUksR0FBVyxNQUFNLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQTtRQUN6QyxNQUFNLENBQUMsSUFBSSxDQUFDLG9CQUFvQixTQUFTLGdCQUFnQixFQUFFLElBQUksQ0FBQyxDQUFBO0lBQ2xFLENBQUM7Q0FDRiJ9
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { IncomingWebhook } from '@slack/webhook';
|
|
2
2
|
import { CalculateResultsBy, FooterType, GroupResultsBy } from './types';
|
|
3
|
-
import { LIB_VERSION } from './
|
|
3
|
+
import { LIB_VERSION } from './metadata';
|
|
4
4
|
import { SarifModelPerSarif } from './model/SarifModelPerSarif';
|
|
5
5
|
/**
|
|
6
6
|
* Class for building and sending Slack messages based on SARIF logs.
|
|
@@ -136,4 +136,4 @@ export class SlackMessageBuilder {
|
|
|
136
136
|
return summaries.join('\n\n');
|
|
137
137
|
}
|
|
138
138
|
}
|
|
139
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
139
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2xhY2tNZXNzYWdlQnVpbGRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9TbGFja01lc3NhZ2VCdWlsZGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUdBLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQTtBQUVoRCxPQUFPLEVBQ0wsa0JBQWtCLEVBQ2xCLFVBQVUsRUFDVixjQUFjLEVBSWYsTUFBTSxTQUFTLENBQUE7QUFDaEIsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLFlBQVksQ0FBQTtBQUN4QyxPQUFPLEVBRUwsa0JBQWtCLEVBQ25CLE1BQU0sNEJBQTRCLENBQUM7QUFlcEM7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLG1CQUFtQjtJQUNiLE9BQU8sQ0FBaUI7SUFDeEIsZUFBZSxDQUFRO0lBQ3ZCLEtBQUssQ0FBUztJQUNkLGtCQUFrQixDQUFvQjtJQUN0QyxNQUFNLENBQW9CO0lBQ25DLE1BQU0sQ0FBYztJQUVwQixNQUFNLENBQWU7SUFDckIsS0FBSyxDQUFTO0lBQ2QsS0FBSyxDQUFTO0lBRU4sS0FBSyxDQUFVO0lBRS9CLFlBQVksR0FBVyxFQUFFLElBQWdDO1FBQ3ZELElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxlQUFlLENBQUMsR0FBRyxFQUFFO1lBQ3RDLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUSxJQUFJLGVBQWU7WUFDMUMsUUFBUSxFQUFFLElBQUksQ0FBQyxPQUFPO1NBQ3ZCLENBQUMsQ0FBQTtRQUNGLElBQUksQ0FBQyxlQUFlLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsSUFBSSxvQkFBb0IsQ0FBQTtRQUM1RSxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUE7UUFDdkIsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFBO1FBQ3ZCLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLGtCQUFrQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQTtRQUM1RCxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLElBQUk7WUFDM0IsT0FBTyxFQUFFLGNBQWMsQ0FBQyxRQUFRO1lBQ2hDLFdBQVcsRUFBRSxrQkFBa0IsQ0FBQyxLQUFLO1NBQ3RDLENBQUE7SUFDSCxDQUFDO0lBRUQsVUFBVSxDQUFDLE1BQWU7UUFDeEIsSUFBSSxDQUFDLE1BQU0sR0FBRztZQUNaLElBQUksRUFBRSxRQUFRO1lBQ2QsSUFBSSxFQUFFO2dCQUNKLElBQUksRUFBRSxZQUFZO2dCQUNsQixJQUFJLEVBQUUsTUFBTSxJQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsaUJBQWlCLElBQUksZUFBZTthQUNqRTtTQUNGLENBQUE7SUFDSCxDQUFDO0lBRUQsU0FBUyxDQUFDLEtBQWM7UUFDdEIsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLElBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUE7SUFDaEQsQ0FBQztJQUVELE9BQU87UUFDTCxJQUFJLENBQUMsS0FBSyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFBO0lBQ3hDLENBQUM7SUFFRCxVQUFVLENBQUMsSUFBYSxFQUFFLElBQWlCO1FBQ3pDLE1BQU0sUUFBUSxHQUFHLHlCQUF5QixDQUFBO1FBQzFDLE1BQU0sT0FBTyxHQUFlLElBQUk7WUFDOUIsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLElBQUksSUFBSSxVQUFVLENBQUMsU0FBUyxFQUFFLElBQUksRUFBRTtZQUM5QyxDQUFDLENBQUMsRUFBRSxJQUFJLEVBQUUsVUFBVSxDQUFDLFFBQVEsRUFBRSxJQUFJLEVBQUUsaUJBQWlCLElBQUksQ0FBQyxlQUFlLElBQUksUUFBUSxLQUFLLFFBQVEsSUFBSSxXQUFXLEdBQUcsRUFBRSxDQUFBO1FBQ3pILElBQUksQ0FBQyxNQUFNLEdBQUc7WUFDWixJQUFJLEVBQUUsU0FBUztZQUNmLFFBQVEsRUFBRSxDQUFDLE9BQU8sQ0FBQztTQUNwQixDQUFBO0lBQ0gsQ0FBQztJQUVELEtBQUssQ0FBQyxJQUFJO1FBQ1IsTUFBTSxNQUFNLEdBQWUsRUFBRSxDQUFBO1FBQzdCLElBQUksSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hCLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFBO1FBQzFCLENBQUM7UUFDRCxNQUFNLENBQUMsSUFBSSxDQUFDO1lBQ1YsSUFBSSxFQUFFLFNBQVM7WUFDZixJQUFJLEVBQUU7Z0JBQ0osSUFBSSxFQUFFLFFBQVE7Z0JBQ2QsSUFBSSxFQUFFLElBQUksQ0FBQyxTQUFTLEVBQUU7YUFDdkI7U0FDRixDQUFDLENBQUE7UUFDRixJQUFJLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNoQixNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQTtRQUMxQixDQUFDO1FBQ0QsTUFBTSxFQUFFLElBQUksRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUM7WUFDdkMsV0FBVyxFQUFFLENBQUMsRUFBRSxLQUFLLEVBQUUsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUUsQ0FBQztTQUM3QyxDQUFDLENBQUE7UUFDRixPQUFPLElBQUksQ0FBQTtJQUNiLENBQUM7SUFFTyxTQUFTO1FBQ2YsTUFBTSxJQUFJLEdBQWEsRUFBRSxDQUFBO1FBQ3pCLElBQUksSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2YsTUFBTSxRQUFRLEdBQUcsR0FBRyxJQUFJLENBQUMsZUFBZSxJQUFJLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQTtZQUN4RCxJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixRQUFRLElBQUksSUFBSSxDQUFDLEtBQUssSUFBSSxDQUFDLENBQUE7UUFDekQsQ0FBQztRQUNELElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLENBQUE7UUFDaEMsSUFBSSxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDZixJQUFJLE9BQU8sR0FBVyxNQUFNLENBQUE7WUFDNUIsSUFBSSxPQUFPLENBQUMsR0FBRyxDQUFDLGlCQUFpQixFQUFFLENBQUM7Z0JBQ2xDLE9BQU8sSUFBSSxJQUFJLElBQUksQ0FBQyxlQUFlLElBQUksT0FBTyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsaUJBQWlCLElBQUksQ0FBQyxLQUFLLEtBQUssSUFBSSxDQUFDLEtBQUssR0FBRyxDQUFBO1lBQ25ILENBQUM7aUJBQU0sQ0FBQztnQkFDTixPQUFPLElBQUksSUFBSSxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUE7WUFDN0IsQ0FBQztZQUNELElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUE7UUFDcEIsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQTtJQUMxQixDQUFDO0lBRU8sa0JBQWtCLENBQ3hCLEdBQTJELEVBQzNELGtCQUE4QyxDQUFDLE1BQWMsRUFBVSxFQUFFLENBQUMsTUFBTTtRQUVoRixNQUFNLEtBQUssR0FBRyxJQUFJLEtBQUssRUFBVSxDQUFBO1FBQ2pDLEtBQUssTUFBTSxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsSUFBSSxHQUFHLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztZQUN6QyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxNQUFNLEtBQUssRUFBRSxDQUFDLENBQUE7UUFDbEMsQ0FBQztRQUNELE9BQU8sZUFBZSxDQUNwQixLQUFLLENBQUMsTUFBTSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsaUJBQWlCLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQ3pELENBQUE7SUFDSCxDQUFDO0lBRU8sY0FBYztRQUNwQixNQUFNLFNBQVMsR0FBRyxJQUFJLEtBQUssRUFBVSxDQUFBO1FBQ3JDLFFBQVEsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUM1QixLQUFLLGNBQWMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDO2dCQUM3QixNQUFNLHFCQUFxQixHQUN6QixJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsS0FBSyxrQkFBa0IsQ0FBQyxLQUFLO29CQUNsRCxDQUFDLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLGdDQUFnQyxFQUFFO29CQUM1RCxDQUFDLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLG1DQUFtQyxFQUFFLENBQUE7Z0JBQ25FLEtBQUssTUFBTSxDQUFDLFFBQVEsRUFBRSxHQUFHLENBQUMsSUFBSSxxQkFBcUIsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO29CQUM5RCxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FDcEMsR0FBRyxFQUNILENBQUMsTUFBYyxFQUFVLEVBQUUsQ0FBQyxJQUFJLFFBQVEsTUFBTSxNQUFNLEVBQUUsQ0FDdkQsQ0FBQyxDQUFBO2dCQUNKLENBQUM7Z0JBQ0QsTUFBSztZQUNQLENBQUM7WUFDRCxLQUFLLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUN4QixNQUFNLGdCQUFnQixHQUNwQixJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsS0FBSyxrQkFBa0IsQ0FBQyxLQUFLO29CQUNsRCxDQUFDLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLDJCQUEyQixFQUFFO29CQUN2RCxDQUFDLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLDhCQUE4QixFQUFFLENBQUE7Z0JBQzlELEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztvQkFDakQsTUFBTSxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsR0FBRyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsQ0FBQTtvQkFDOUMsU0FBUyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQ3BDLElBQUksRUFDSixDQUFDLE1BQWMsRUFBVSxFQUFFLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxRQUFRLFFBQVEsTUFBTSxNQUFNLEVBQUUsQ0FDekUsQ0FBQyxDQUFBO2dCQUNKLENBQUM7Z0JBQ0QsTUFBSztZQUNQLENBQUM7WUFDRCxPQUFPLENBQUMsQ0FBQyxDQUFDO2dCQUNSLE1BQU0sU0FBUyxHQUNiLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxLQUFLLGtCQUFrQixDQUFDLEtBQUs7b0JBQ2xELENBQUMsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsNkJBQTZCLEVBQUU7b0JBQ3pELENBQUMsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsZ0NBQWdDLEVBQUUsQ0FBQTtnQkFDaEUsTUFBTSxTQUFTLEdBQWdCLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxhQUFhLEVBQUUsQ0FBQTtnQkFDdEUsU0FBUyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQ3BDLFNBQVMsRUFDVCxDQUFDLE1BQWMsRUFBVSxFQUFFLENBQUMsSUFBSSxLQUFLLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxNQUFNLEVBQUUsQ0FDakYsQ0FBQyxDQUFBO2dCQUNGLE1BQUs7WUFDUCxDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sU0FBUyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQTtJQUMvQixDQUFDO0NBQ0YifQ==
|
package/dist/System.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"System.d.ts","sourceRoot":"","sources":["../src/System.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,OAAO,OAAO,MAAM;WAEX,UAAU,IAAI,IAAI;CAGjC"}
|
package/dist/System.js
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { LIB_VERSION } from './metadata';
|
|
2
|
+
import Logger from './Logger';
|
|
3
|
+
export default class System {
|
|
4
|
+
static initialize() {
|
|
5
|
+
Logger.info(`Version: ${LIB_VERSION}`);
|
|
6
|
+
}
|
|
7
|
+
}
|
|
8
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU3lzdGVtLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL1N5c3RlbS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sWUFBWSxDQUFBO0FBQ3hDLE9BQU8sTUFBTSxNQUFNLFVBQVUsQ0FBQTtBQUU3QixNQUFNLENBQUMsT0FBTyxPQUFPLE1BQU07SUFFbEIsTUFBTSxDQUFDLFVBQVU7UUFDdEIsTUFBTSxDQUFDLElBQUksQ0FBQyxZQUFZLFdBQVcsRUFBRSxDQUFDLENBQUE7SUFDeEMsQ0FBQztDQUNGIn0=
|
package/dist/index.cjs
CHANGED
|
@@ -148,32 +148,46 @@ function processSarifPath(sarifPath) {
|
|
|
148
148
|
// src/SlackMessageBuilder.ts
|
|
149
149
|
var import_webhook = require("@slack/webhook");
|
|
150
150
|
|
|
151
|
-
// src/
|
|
152
|
-
var LIB_VERSION = "0.2.
|
|
151
|
+
// src/metadata.ts
|
|
152
|
+
var LIB_VERSION = "0.2.5";
|
|
153
153
|
|
|
154
154
|
// src/model/SarifModelPerSarif.ts
|
|
155
155
|
var import_immutable2 = require("immutable");
|
|
156
156
|
|
|
157
157
|
// src/utils/SarifUtils.ts
|
|
158
|
+
function findToolComponentByResult(run, result) {
|
|
159
|
+
let tool;
|
|
160
|
+
if (result.rule?.toolComponent?.index != null) {
|
|
161
|
+
tool = run.tool.extensions?.[result.rule.toolComponent.index];
|
|
162
|
+
}
|
|
163
|
+
if (!tool) {
|
|
164
|
+
tool = run.tool.driver;
|
|
165
|
+
}
|
|
166
|
+
return tool;
|
|
167
|
+
}
|
|
158
168
|
function findRuleByResult(run, result) {
|
|
159
169
|
const ruleData = {};
|
|
160
170
|
if (result.rule) {
|
|
161
|
-
if (result.rule?.index) {
|
|
171
|
+
if (result.rule?.index != null) {
|
|
162
172
|
ruleData.index = result.rule.index;
|
|
163
173
|
}
|
|
164
174
|
if (result.rule?.id) {
|
|
165
175
|
ruleData.id = result.rule.id;
|
|
166
176
|
}
|
|
167
177
|
}
|
|
168
|
-
if (
|
|
178
|
+
if (ruleData.index == null && result.ruleIndex != null) {
|
|
169
179
|
ruleData.index = result.ruleIndex;
|
|
170
180
|
}
|
|
171
|
-
if (ruleData.
|
|
172
|
-
|
|
181
|
+
if (!ruleData.id && result.ruleId) {
|
|
182
|
+
ruleData.id = result.ruleId;
|
|
183
|
+
}
|
|
184
|
+
const tool = findToolComponentByResult(run, result);
|
|
185
|
+
if (ruleData.index != null && tool?.rules && ruleData.index < tool.rules.length) {
|
|
186
|
+
return tool.rules[ruleData.index];
|
|
173
187
|
}
|
|
174
|
-
if (
|
|
175
|
-
return
|
|
176
|
-
(r) => r.id ===
|
|
188
|
+
if (ruleData.id && tool?.rules) {
|
|
189
|
+
return tool.rules.find(
|
|
190
|
+
(r) => r.id === ruleData.id
|
|
177
191
|
);
|
|
178
192
|
}
|
|
179
193
|
return void 0;
|
|
@@ -533,6 +547,13 @@ ${result}`
|
|
|
533
547
|
}
|
|
534
548
|
};
|
|
535
549
|
|
|
550
|
+
// src/System.ts
|
|
551
|
+
var System = class {
|
|
552
|
+
static initialize() {
|
|
553
|
+
Logger.info(`Version: ${LIB_VERSION}`);
|
|
554
|
+
}
|
|
555
|
+
};
|
|
556
|
+
|
|
536
557
|
// src/SarifToSlackService.ts
|
|
537
558
|
async function initialize(opts) {
|
|
538
559
|
const slackMessages = /* @__PURE__ */ new Map();
|
|
@@ -587,6 +608,7 @@ var SarifToSlackService = class _SarifToSlackService {
|
|
|
587
608
|
*/
|
|
588
609
|
static async create(opts) {
|
|
589
610
|
Logger.initialize(opts.log);
|
|
611
|
+
System.initialize();
|
|
590
612
|
const instance = new _SarifToSlackService();
|
|
591
613
|
const map = await initialize(opts);
|
|
592
614
|
map.forEach((val, key) => instance._slackMessages.set(key, val));
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../src/metadata.ts"],"names":[],"mappings":""}
|
package/dist/metadata.js
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* These values are used for the default footer in Slack message and in logging.
|
|
3
|
+
*
|
|
4
|
+
* @privateRemarks
|
|
5
|
+
* This file is autogenerated by scripts/save-metadata.sh
|
|
6
|
+
* Do not edit it manually!
|
|
7
|
+
*
|
|
8
|
+
* @internal
|
|
9
|
+
*/
|
|
10
|
+
export const LIB_VERSION = '0.2.5';
|
|
11
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWV0YWRhdGEuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvbWV0YWRhdGEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFNLENBQUMsTUFBTSxXQUFXLEdBQUcsT0FBTyxDQUFBIn0=
|
package/dist/utils/SarifUtils.js
CHANGED
|
@@ -1,3 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This function finds the respective tool for the given result.
|
|
3
|
+
* @param run An instance of {@link Run} object.
|
|
4
|
+
* @param result An instance of {@link Result} object.
|
|
5
|
+
* @private
|
|
6
|
+
*/
|
|
7
|
+
function findToolComponentByResult(run, result) {
|
|
8
|
+
let tool;
|
|
9
|
+
if (result.rule?.toolComponent?.index != null) {
|
|
10
|
+
tool = run.tool.extensions?.[result.rule.toolComponent.index];
|
|
11
|
+
}
|
|
12
|
+
if (!tool) {
|
|
13
|
+
tool = run.tool.driver;
|
|
14
|
+
}
|
|
15
|
+
return tool;
|
|
16
|
+
}
|
|
1
17
|
/**
|
|
2
18
|
* This function tries to find the respective rule for the given result.
|
|
3
19
|
* @param run An instance of {@link Run} object.
|
|
@@ -7,24 +23,28 @@
|
|
|
7
23
|
export function findRuleByResult(run, result) {
|
|
8
24
|
const ruleData = {};
|
|
9
25
|
if (result.rule) {
|
|
10
|
-
if (result.rule?.index) {
|
|
26
|
+
if (result.rule?.index != null) {
|
|
11
27
|
ruleData.index = result.rule.index;
|
|
12
28
|
}
|
|
13
29
|
if (result.rule?.id) {
|
|
14
30
|
ruleData.id = result.rule.id;
|
|
15
31
|
}
|
|
16
32
|
}
|
|
17
|
-
if (
|
|
33
|
+
if (ruleData.index == null && result.ruleIndex != null) {
|
|
18
34
|
ruleData.index = result.ruleIndex;
|
|
19
35
|
}
|
|
20
|
-
if (ruleData.
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
36
|
+
if (!ruleData.id && result.ruleId) {
|
|
37
|
+
ruleData.id = result.ruleId;
|
|
38
|
+
}
|
|
39
|
+
const tool = findToolComponentByResult(run, result);
|
|
40
|
+
if (ruleData.index != null
|
|
41
|
+
&& tool?.rules
|
|
42
|
+
&& ruleData.index < tool.rules.length) {
|
|
43
|
+
return tool.rules[ruleData.index];
|
|
24
44
|
}
|
|
25
45
|
// If failed to find rule by index then try to find by ruleId
|
|
26
|
-
if (
|
|
27
|
-
return
|
|
46
|
+
if (ruleData.id && tool?.rules) {
|
|
47
|
+
return tool.rules.find((r) => r.id === ruleData.id);
|
|
28
48
|
}
|
|
29
49
|
return undefined;
|
|
30
50
|
}
|
|
@@ -43,4 +63,4 @@ export function tryGetRulePropertyByResult(run, result, propertyName) {
|
|
|
43
63
|
}
|
|
44
64
|
return undefined;
|
|
45
65
|
}
|
|
46
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
66
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2FyaWZVdGlscy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy91dGlscy9TYXJpZlV0aWxzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBOzs7OztHQUtHO0FBQ0gsU0FBUyx5QkFBeUIsQ0FBQyxHQUFRLEVBQUUsTUFBYztJQUN6RCxJQUFJLElBQStCLENBQUE7SUFDbkMsSUFBSSxNQUFNLENBQUMsSUFBSSxFQUFFLGFBQWEsRUFBRSxLQUFLLElBQUksSUFBSSxFQUFFLENBQUM7UUFDOUMsSUFBSSxHQUFHLEdBQUcsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDL0QsQ0FBQztJQUVELElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNWLElBQUksR0FBRyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQTtJQUN4QixDQUFDO0lBRUQsT0FBTyxJQUFJLENBQUE7QUFDYixDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxNQUFNLFVBQVUsZ0JBQWdCLENBQUMsR0FBUSxFQUFFLE1BQWM7SUFDdkQsTUFBTSxRQUFRLEdBQW9DLEVBQUUsQ0FBQTtJQUVwRCxJQUFJLE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNoQixJQUFJLE1BQU0sQ0FBQyxJQUFJLEVBQUUsS0FBSyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQy9CLFFBQVEsQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUE7UUFDcEMsQ0FBQztRQUNELElBQUksTUFBTSxDQUFDLElBQUksRUFBRSxFQUFFLEVBQUUsQ0FBQztZQUNwQixRQUFRLENBQUMsRUFBRSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFBO1FBQzlCLENBQUM7SUFDSCxDQUFDO0lBRUQsSUFBSSxRQUFRLENBQUMsS0FBSyxJQUFJLElBQUksSUFBSSxNQUFNLENBQUMsU0FBUyxJQUFJLElBQUksRUFBRSxDQUFDO1FBQ3ZELFFBQVEsQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDLFNBQVMsQ0FBQTtJQUNuQyxDQUFDO0lBRUQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLElBQUksTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ2xDLFFBQVEsQ0FBQyxFQUFFLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQTtJQUM3QixDQUFDO0lBRUQsTUFBTSxJQUFJLEdBQWtCLHlCQUF5QixDQUFDLEdBQUcsRUFBRSxNQUFNLENBQUMsQ0FBQTtJQUVsRSxJQUFJLFFBQVEsQ0FBQyxLQUFLLElBQUksSUFBSTtXQUNyQixJQUFJLEVBQUUsS0FBSztXQUNYLFFBQVEsQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUN4QyxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFBO0lBQ25DLENBQUM7SUFFRCw2REFBNkQ7SUFDN0QsSUFBSSxRQUFRLENBQUMsRUFBRSxJQUFJLElBQUksRUFBRSxLQUFLLEVBQUUsQ0FBQztRQUMvQixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUNwQixDQUFDLENBQXNCLEVBQVcsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLEtBQUssUUFBUSxDQUFDLEVBQUUsQ0FDMUQsQ0FBQTtJQUNILENBQUM7SUFFRCxPQUFPLFNBQVMsQ0FBQTtBQUNsQixDQUFDO0FBUUQ7Ozs7Ozs7R0FPRztBQUNILE1BQU0sVUFBVSwwQkFBMEIsQ0FBSSxHQUFRLEVBQUUsTUFBYyxFQUFFLFlBQTBCO0lBQ2hHLE1BQU0sSUFBSSxHQUFvQyxnQkFBZ0IsQ0FBQyxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUE7SUFDM0UsSUFBSSxJQUFJLElBQUksSUFBSSxDQUFDLFVBQVUsSUFBSSxZQUFZLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQy9ELE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQU0sQ0FBQTtJQUMzQyxDQUFDO0lBRUQsT0FBTyxTQUFTLENBQUE7QUFDbEIsQ0FBQyJ9
|
package/jest.config.json
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fabasoad/sarif-to-slack",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.5",
|
|
4
4
|
"description": "TypeScript library to send results of SARIF file to Slack webhook URL.",
|
|
5
5
|
"main": "dist/index.cjs",
|
|
6
6
|
"module": "dist/index.js",
|
|
@@ -12,10 +12,10 @@
|
|
|
12
12
|
"test:integration": "jest --config=jest.config.json --testNamePattern=integration",
|
|
13
13
|
"clean": "rm -rf coverage && rm -rf temp",
|
|
14
14
|
"clean:unsafe": "rm -f package-lock.json && rm -rf node_modules && rm -rf dist && rm -rf lib",
|
|
15
|
-
"prebuild": "./scripts/save-
|
|
15
|
+
"prebuild": "./scripts/save-metadata.sh",
|
|
16
16
|
"build": "./scripts/build.sh",
|
|
17
17
|
"prepublishOnly": "npm run build",
|
|
18
|
-
"preinstall": "./scripts/save-
|
|
18
|
+
"preinstall": "./scripts/save-metadata.sh",
|
|
19
19
|
"version:patch": "npm version patch --commit-hooks --git-tag-version --message 'chore: bump to version %s'",
|
|
20
20
|
"version:minor": "npm version minor --commit-hooks --git-tag-version --message 'chore: bump to version %s'",
|
|
21
21
|
"version:major": "npm version major --commit-hooks --git-tag-version --message 'chore: bump to version %s'",
|
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
"tslog": "4.9.3"
|
|
49
49
|
},
|
|
50
50
|
"devDependencies": {
|
|
51
|
-
"@biomejs/biome": "2.1.
|
|
51
|
+
"@biomejs/biome": "2.1.3",
|
|
52
52
|
"@microsoft/api-documenter": "7.26.30",
|
|
53
53
|
"@microsoft/api-extractor": "7.52.9",
|
|
54
54
|
"@types/jest": "30.0.0",
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
#!/usr/bin/env sh
|
|
2
|
+
|
|
3
|
+
version=$(jq -r '.version' package.json)
|
|
4
|
+
echo "/**" > src/metadata.ts
|
|
5
|
+
echo " * These values are used for the default footer in Slack message and in logging." >> src/metadata.ts
|
|
6
|
+
echo " *" >> src/metadata.ts
|
|
7
|
+
echo " * @privateRemarks" >> src/metadata.ts
|
|
8
|
+
echo " * This file is autogenerated by scripts/save-metadata.sh" >> src/metadata.ts
|
|
9
|
+
echo " * Do not edit it manually!" >> src/metadata.ts
|
|
10
|
+
echo " *" >> src/metadata.ts
|
|
11
|
+
echo " * @internal" >> src/metadata.ts
|
|
12
|
+
echo " */" >> src/metadata.ts
|
|
13
|
+
echo "export const LIB_VERSION = '${version}'" >> src/metadata.ts
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { promises as fs } from 'fs'
|
|
1
|
+
import { promises as fs } from 'fs'
|
|
2
2
|
import Logger from './Logger'
|
|
3
3
|
import { processColor, processSarifPath } from './Processors'
|
|
4
4
|
import { SlackMessageBuilder } from './SlackMessageBuilder'
|
|
@@ -7,6 +7,7 @@ import {
|
|
|
7
7
|
SarifToSlackServiceOptions,
|
|
8
8
|
SlackMessage
|
|
9
9
|
} from './types'
|
|
10
|
+
import System from './System'
|
|
10
11
|
|
|
11
12
|
/**
|
|
12
13
|
* The main function to initialize a list of {@link SlackMessage} objects based
|
|
@@ -79,6 +80,7 @@ export class SarifToSlackService {
|
|
|
79
80
|
*/
|
|
80
81
|
public static async create(opts: SarifToSlackServiceOptions): Promise<SarifToSlackService> {
|
|
81
82
|
Logger.initialize(opts.log)
|
|
83
|
+
System.initialize()
|
|
82
84
|
const instance: SarifToSlackService = new SarifToSlackService()
|
|
83
85
|
const map: Map<string, SlackMessage> = await initialize(opts)
|
|
84
86
|
map.forEach((val: SlackMessage, key: string) => instance._slackMessages.set(key, val))
|
package/src/System.ts
ADDED
package/src/metadata.ts
ADDED
package/src/utils/SarifUtils.ts
CHANGED
|
@@ -1,4 +1,23 @@
|
|
|
1
|
-
import type { ReportingDescriptor, Result, Run } from "sarif";
|
|
1
|
+
import type { ReportingDescriptor, Result, Run, ToolComponent } from "sarif";
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* This function finds the respective tool for the given result.
|
|
5
|
+
* @param run An instance of {@link Run} object.
|
|
6
|
+
* @param result An instance of {@link Result} object.
|
|
7
|
+
* @private
|
|
8
|
+
*/
|
|
9
|
+
function findToolComponentByResult(run: Run, result: Result): ToolComponent {
|
|
10
|
+
let tool: ToolComponent | undefined
|
|
11
|
+
if (result.rule?.toolComponent?.index != null) {
|
|
12
|
+
tool = run.tool.extensions?.[result.rule.toolComponent.index]
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
if (!tool) {
|
|
16
|
+
tool = run.tool.driver
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
return tool
|
|
20
|
+
}
|
|
2
21
|
|
|
3
22
|
/**
|
|
4
23
|
* This function tries to find the respective rule for the given result.
|
|
@@ -10,7 +29,7 @@ export function findRuleByResult(run: Run, result: Result): ReportingDescriptor
|
|
|
10
29
|
const ruleData: { id?: string, index?: number } = {}
|
|
11
30
|
|
|
12
31
|
if (result.rule) {
|
|
13
|
-
if (result.rule?.index) {
|
|
32
|
+
if (result.rule?.index != null) {
|
|
14
33
|
ruleData.index = result.rule.index
|
|
15
34
|
}
|
|
16
35
|
if (result.rule?.id) {
|
|
@@ -18,20 +37,26 @@ export function findRuleByResult(run: Run, result: Result): ReportingDescriptor
|
|
|
18
37
|
}
|
|
19
38
|
}
|
|
20
39
|
|
|
21
|
-
if (
|
|
40
|
+
if (ruleData.index == null && result.ruleIndex != null) {
|
|
22
41
|
ruleData.index = result.ruleIndex
|
|
23
42
|
}
|
|
24
43
|
|
|
25
|
-
if (ruleData.
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
44
|
+
if (!ruleData.id && result.ruleId) {
|
|
45
|
+
ruleData.id = result.ruleId
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
const tool: ToolComponent = findToolComponentByResult(run, result)
|
|
49
|
+
|
|
50
|
+
if (ruleData.index != null
|
|
51
|
+
&& tool?.rules
|
|
52
|
+
&& ruleData.index < tool.rules.length) {
|
|
53
|
+
return tool.rules[ruleData.index]
|
|
29
54
|
}
|
|
30
55
|
|
|
31
56
|
// If failed to find rule by index then try to find by ruleId
|
|
32
|
-
if (
|
|
33
|
-
return
|
|
34
|
-
(r: ReportingDescriptor): boolean => r.id ===
|
|
57
|
+
if (ruleData.id && tool?.rules) {
|
|
58
|
+
return tool.rules.find(
|
|
59
|
+
(r: ReportingDescriptor): boolean => r.id === ruleData.id
|
|
35
60
|
)
|
|
36
61
|
}
|
|
37
62
|
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
|
|
3
|
+
"version": "2.1.0",
|
|
4
|
+
"runs": [
|
|
5
|
+
{
|
|
6
|
+
"tool": {
|
|
7
|
+
"driver": {
|
|
8
|
+
"language": "en-US",
|
|
9
|
+
"name": "Snyk Open Source"
|
|
10
|
+
},
|
|
11
|
+
"extensions": [
|
|
12
|
+
{
|
|
13
|
+
"name": "Snyk Open Source Extension",
|
|
14
|
+
"properties": {
|
|
15
|
+
"artifactsScanned": 6
|
|
16
|
+
},
|
|
17
|
+
"rules": []
|
|
18
|
+
}
|
|
19
|
+
]
|
|
20
|
+
},
|
|
21
|
+
"results": []
|
|
22
|
+
}
|
|
23
|
+
]
|
|
24
|
+
}
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
|
|
3
|
+
"version": "2.1.0",
|
|
4
|
+
"runs": [
|
|
5
|
+
{
|
|
6
|
+
"tool": {
|
|
7
|
+
"driver": {
|
|
8
|
+
"language": "en-US",
|
|
9
|
+
"name": "Snyk Open Source"
|
|
10
|
+
},
|
|
11
|
+
"extensions": [
|
|
12
|
+
{
|
|
13
|
+
"name": "Snyk Open Source Extension",
|
|
14
|
+
"properties": {
|
|
15
|
+
"artifactsScanned": 6
|
|
16
|
+
},
|
|
17
|
+
"rules": [
|
|
18
|
+
{
|
|
19
|
+
"id": "SNYK-HEX-PAGINATOR-1086684",
|
|
20
|
+
"shortDescription": {
|
|
21
|
+
"text": "Critical severity - Remote Code Execution (RCE) vulnerability in paginator"
|
|
22
|
+
},
|
|
23
|
+
"fullDescription": {
|
|
24
|
+
"text": "(CVE-2020-15150) paginator@0.6.0"
|
|
25
|
+
},
|
|
26
|
+
"help": {
|
|
27
|
+
"text": "",
|
|
28
|
+
"markdown": "* Package Manager: hex\n* Vulnerable module: paginator\n* Introduced through: carafe@0.1.0 and paginator@0.6.0\n### Detailed paths\n* _Introduced through_: carafe@0.1.0 › paginator@0.6.0\n# Overview\n[paginator](https://hex.pm/packages/paginator) is a package that enables cursor-based pagination for Elixir Ecto.\n\nAffected versions of this package are vulnerable to Remote Code Execution (RCE) via `paginate()` function when untrusted input is passed from a remote user.\r\n\r\n# PoC\r\n```\r\ndefp rce_start_xcalc() do\r\n exploit = fn _, _ -> System.cmd(\"xcalc\", []); {:cont, []} end\r\n payload =\r\n exploit\r\n |> :erlang.term_to_binary()\r\n |> Base.url_encode64()\r\nend\r\n```\n# Remediation\nUpgrade `paginator` to version 1.0.0 or higher.\n# References\n- [GitHub PR](https://github.com/duffelhq/paginator/commit/bf45e92602e517c75aea0465efc35cd661d9ebf8)\n- [Research Blog Post](https://www.alphabot.com/security/blog/2020/elixir/Remote-code-execution-vulnerability-in-Elixir-based-Paginator-project.html)\n"
|
|
29
|
+
},
|
|
30
|
+
"properties": {
|
|
31
|
+
"tags": [
|
|
32
|
+
"security",
|
|
33
|
+
"CWE-94",
|
|
34
|
+
"hex"
|
|
35
|
+
],
|
|
36
|
+
"cvssv3_baseScore": 9.8,
|
|
37
|
+
"security-severity": "9.8"
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
]
|
|
41
|
+
}
|
|
42
|
+
]
|
|
43
|
+
},
|
|
44
|
+
"results": [
|
|
45
|
+
{
|
|
46
|
+
"rule": {
|
|
47
|
+
"id": "SNYK-HEX-PAGINATOR-1086684",
|
|
48
|
+
"index": 0,
|
|
49
|
+
"toolComponent": {
|
|
50
|
+
"index": 0
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
"ruleId": "SNYK-HEX-PAGINATOR-1086684",
|
|
54
|
+
"level": "error",
|
|
55
|
+
"message": {
|
|
56
|
+
"text": "This file introduces a vulnerable paginator package with a critical severity vulnerability."
|
|
57
|
+
},
|
|
58
|
+
"locations": [
|
|
59
|
+
{
|
|
60
|
+
"physicalLocation": {
|
|
61
|
+
"artifactLocation": {
|
|
62
|
+
"uri": "mix.exs"
|
|
63
|
+
},
|
|
64
|
+
"region": {
|
|
65
|
+
"startLine": 1
|
|
66
|
+
}
|
|
67
|
+
},
|
|
68
|
+
"logicalLocations": [
|
|
69
|
+
{
|
|
70
|
+
"fullyQualifiedName": "paginator@0.6.0"
|
|
71
|
+
}
|
|
72
|
+
]
|
|
73
|
+
}
|
|
74
|
+
]
|
|
75
|
+
}
|
|
76
|
+
]
|
|
77
|
+
}
|
|
78
|
+
]
|
|
79
|
+
}
|
|
@@ -51,7 +51,7 @@ describe('(integration): SendSarifToSlack', () => {
|
|
|
51
51
|
username: process.env.SARIF_TO_SLACK_USERNAME,
|
|
52
52
|
iconUrl: process.env.SARIF_TO_SLACK_ICON_URL,
|
|
53
53
|
color: process.env.SARIF_TO_SLACK_COLOR,
|
|
54
|
-
sarifPath:
|
|
54
|
+
sarifPath: process.env.SARIF_TO_SLACK_SARIF_PATH as string,
|
|
55
55
|
log: {
|
|
56
56
|
level: processLogLevel(process.env.SARIF_TO_SLACK_LOG_LEVEL),
|
|
57
57
|
},
|
package/dist/version.d.ts
DELETED
package/dist/version.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":""}
|
package/dist/version.js
DELETED
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* This value is used for the default footer in Slack message.
|
|
3
|
-
*
|
|
4
|
-
* @privateRemarks
|
|
5
|
-
* This file is autogenerated by scripts/save-version.sh
|
|
6
|
-
* Do not edit it manually!
|
|
7
|
-
*
|
|
8
|
-
* @internal
|
|
9
|
-
*/
|
|
10
|
-
export const LIB_VERSION = '0.2.3';
|
|
11
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmVyc2lvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy92ZXJzaW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7OztHQVFHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sV0FBVyxHQUFHLE9BQU8sQ0FBQSJ9
|
package/scripts/save-version.sh
DELETED
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env sh
|
|
2
|
-
|
|
3
|
-
version=$(jq -r '.version' package.json)
|
|
4
|
-
echo "/**" > src/version.ts
|
|
5
|
-
echo " * This value is used for the default footer in Slack message." >> src/version.ts
|
|
6
|
-
echo " *" >> src/version.ts
|
|
7
|
-
echo " * @privateRemarks" >> src/version.ts
|
|
8
|
-
echo " * This file is autogenerated by scripts/save-version.sh" >> src/version.ts
|
|
9
|
-
echo " * Do not edit it manually!" >> src/version.ts
|
|
10
|
-
echo " *" >> src/version.ts
|
|
11
|
-
echo " * @internal" >> src/version.ts
|
|
12
|
-
echo " */" >> src/version.ts
|
|
13
|
-
echo "export const LIB_VERSION = '${version}'" >> src/version.ts
|
package/src/version.ts
DELETED