@kevinrabun/judges 3.91.0 → 3.93.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +26 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +126 -0
- package/dist/cli.js.map +1 -1
- package/dist/commands/finding-auto-group.d.ts +5 -0
- package/dist/commands/finding-auto-group.d.ts.map +1 -0
- package/dist/commands/finding-auto-group.js +109 -0
- package/dist/commands/finding-auto-group.js.map +1 -0
- package/dist/commands/finding-cross-ref.d.ts +5 -0
- package/dist/commands/finding-cross-ref.d.ts.map +1 -0
- package/dist/commands/finding-cross-ref.js +99 -0
- package/dist/commands/finding-cross-ref.js.map +1 -0
- package/dist/commands/finding-fix-suggest.d.ts +5 -0
- package/dist/commands/finding-fix-suggest.d.ts.map +1 -0
- package/dist/commands/finding-fix-suggest.js +89 -0
- package/dist/commands/finding-fix-suggest.js.map +1 -0
- package/dist/commands/finding-link-graph.d.ts +5 -0
- package/dist/commands/finding-link-graph.d.ts.map +1 -0
- package/dist/commands/finding-link-graph.js +145 -0
- package/dist/commands/finding-link-graph.js.map +1 -0
- package/dist/commands/finding-ownership-map.d.ts +5 -0
- package/dist/commands/finding-ownership-map.d.ts.map +1 -0
- package/dist/commands/finding-ownership-map.js +118 -0
- package/dist/commands/finding-ownership-map.js.map +1 -0
- package/dist/commands/finding-pattern-detect.d.ts +5 -0
- package/dist/commands/finding-pattern-detect.d.ts.map +1 -0
- package/dist/commands/finding-pattern-detect.js +128 -0
- package/dist/commands/finding-pattern-detect.js.map +1 -0
- package/dist/commands/finding-suppression-list.d.ts +5 -0
- package/dist/commands/finding-suppression-list.d.ts.map +1 -0
- package/dist/commands/finding-suppression-list.js +120 -0
- package/dist/commands/finding-suppression-list.js.map +1 -0
- package/dist/commands/review-audit-trail.d.ts +5 -0
- package/dist/commands/review-audit-trail.d.ts.map +1 -0
- package/dist/commands/review-audit-trail.js +97 -0
- package/dist/commands/review-audit-trail.js.map +1 -0
- package/dist/commands/review-ci-gate.d.ts +5 -0
- package/dist/commands/review-ci-gate.d.ts.map +1 -0
- package/dist/commands/review-ci-gate.js +115 -0
- package/dist/commands/review-ci-gate.js.map +1 -0
- package/dist/commands/review-compliance-report.d.ts +5 -0
- package/dist/commands/review-compliance-report.d.ts.map +1 -0
- package/dist/commands/review-compliance-report.js +128 -0
- package/dist/commands/review-compliance-report.js.map +1 -0
- package/dist/commands/review-config-template.d.ts +5 -0
- package/dist/commands/review-config-template.d.ts.map +1 -0
- package/dist/commands/review-config-template.js +113 -0
- package/dist/commands/review-config-template.js.map +1 -0
- package/dist/commands/review-coverage-gap.d.ts +5 -0
- package/dist/commands/review-coverage-gap.d.ts.map +1 -0
- package/dist/commands/review-coverage-gap.js +121 -0
- package/dist/commands/review-coverage-gap.js.map +1 -0
- package/dist/commands/review-feedback-loop.d.ts +5 -0
- package/dist/commands/review-feedback-loop.d.ts.map +1 -0
- package/dist/commands/review-feedback-loop.js +114 -0
- package/dist/commands/review-feedback-loop.js.map +1 -0
- package/dist/commands/review-plugin-status.d.ts +5 -0
- package/dist/commands/review-plugin-status.d.ts.map +1 -0
- package/dist/commands/review-plugin-status.js +54 -0
- package/dist/commands/review-plugin-status.js.map +1 -0
- package/dist/commands/review-progress-track.d.ts +5 -0
- package/dist/commands/review-progress-track.d.ts.map +1 -0
- package/dist/commands/review-progress-track.js +95 -0
- package/dist/commands/review-progress-track.js.map +1 -0
- package/dist/commands/review-report-schedule.d.ts +5 -0
- package/dist/commands/review-report-schedule.d.ts.map +1 -0
- package/dist/commands/review-report-schedule.js +97 -0
- package/dist/commands/review-report-schedule.js.map +1 -0
- package/dist/commands/review-slack-format.d.ts +5 -0
- package/dist/commands/review-slack-format.d.ts.map +1 -0
- package/dist/commands/review-slack-format.js +114 -0
- package/dist/commands/review-slack-format.js.map +1 -0
- package/dist/commands/review-team-stats.d.ts +5 -0
- package/dist/commands/review-team-stats.d.ts.map +1 -0
- package/dist/commands/review-team-stats.js +98 -0
- package/dist/commands/review-team-stats.js.map +1 -0
- package/package.json +1 -1
- package/server.json +2 -2
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-auto-group.d.ts","sourceRoot":"","sources":["../../src/commands/finding-auto-group.ts"],"names":[],"mappings":"AAAA;;GAEG;AAmEH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CA8DxD"}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Finding-auto-group — Auto-group related findings into logical categories.
|
|
3
|
+
*/
|
|
4
|
+
import { readFileSync, existsSync } from "fs";
|
|
5
|
+
// ─── Analysis ───────────────────────────────────────────────────────────────
|
|
6
|
+
const CATEGORY_PATTERNS = [
|
|
7
|
+
{ name: "Security", keywords: ["auth", "inject", "xss", "csrf", "vuln", "secret", "crypt", "sanitiz"] },
|
|
8
|
+
{ name: "Performance", keywords: ["perf", "optim", "cache", "memory", "leak", "slow", "latency"] },
|
|
9
|
+
{ name: "Reliability", keywords: ["error", "exception", "null", "undefined", "crash", "race"] },
|
|
10
|
+
{ name: "Style", keywords: ["naming", "format", "indent", "whitespace", "convention", "lint"] },
|
|
11
|
+
{ name: "Complexity", keywords: ["complex", "cyclomatic", "nesting", "depth", "refactor"] },
|
|
12
|
+
{ name: "API", keywords: ["api", "endpoint", "route", "request", "response", "rest", "graphql"] },
|
|
13
|
+
{ name: "Data", keywords: ["data", "schema", "valid", "type", "model", "serial"] },
|
|
14
|
+
];
|
|
15
|
+
function categorize(ruleId, title) {
|
|
16
|
+
const combined = `${ruleId} ${title}`.toLowerCase();
|
|
17
|
+
for (const cat of CATEGORY_PATTERNS) {
|
|
18
|
+
if (cat.keywords.some((kw) => combined.includes(kw))) {
|
|
19
|
+
return cat.name;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
return "Other";
|
|
23
|
+
}
|
|
24
|
+
function groupFindings(verdict) {
|
|
25
|
+
const groups = new Map();
|
|
26
|
+
for (const f of verdict.findings) {
|
|
27
|
+
const category = categorize(f.ruleId, f.title);
|
|
28
|
+
const existing = groups.get(category);
|
|
29
|
+
if (existing) {
|
|
30
|
+
existing.count++;
|
|
31
|
+
const sev = (f.severity || "medium").toLowerCase();
|
|
32
|
+
existing.sevBreakdown[sev] = (existing.sevBreakdown[sev] || 0) + 1;
|
|
33
|
+
if (!existing.ruleIds.includes(f.ruleId))
|
|
34
|
+
existing.ruleIds.push(f.ruleId);
|
|
35
|
+
if (existing.titles.length < 5)
|
|
36
|
+
existing.titles.push(f.title);
|
|
37
|
+
}
|
|
38
|
+
else {
|
|
39
|
+
const sev = (f.severity || "medium").toLowerCase();
|
|
40
|
+
groups.set(category, {
|
|
41
|
+
category,
|
|
42
|
+
count: 1,
|
|
43
|
+
sevBreakdown: { [sev]: 1 },
|
|
44
|
+
ruleIds: [f.ruleId],
|
|
45
|
+
titles: [f.title],
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
return [...groups.values()].sort((a, b) => b.count - a.count);
|
|
50
|
+
}
|
|
51
|
+
// ─── CLI ────────────────────────────────────────────────────────────────────
|
|
52
|
+
export function runFindingAutoGroup(argv) {
|
|
53
|
+
const fileIdx = argv.indexOf("--file");
|
|
54
|
+
const formatIdx = argv.indexOf("--format");
|
|
55
|
+
const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : undefined;
|
|
56
|
+
const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
|
|
57
|
+
if (argv.includes("--help") || argv.includes("-h")) {
|
|
58
|
+
console.log(`
|
|
59
|
+
judges finding-auto-group — Auto-group findings into categories
|
|
60
|
+
|
|
61
|
+
Usage:
|
|
62
|
+
judges finding-auto-group --file <verdict.json> [--format table|json]
|
|
63
|
+
|
|
64
|
+
Options:
|
|
65
|
+
--file <path> Path to verdict JSON file (required)
|
|
66
|
+
--format <fmt> Output format: table (default), json
|
|
67
|
+
--help, -h Show this help
|
|
68
|
+
`);
|
|
69
|
+
return;
|
|
70
|
+
}
|
|
71
|
+
if (!filePath) {
|
|
72
|
+
console.error("Error: --file required");
|
|
73
|
+
process.exitCode = 1;
|
|
74
|
+
return;
|
|
75
|
+
}
|
|
76
|
+
if (!existsSync(filePath)) {
|
|
77
|
+
console.error(`Error: not found: ${filePath}`);
|
|
78
|
+
process.exitCode = 1;
|
|
79
|
+
return;
|
|
80
|
+
}
|
|
81
|
+
let verdict;
|
|
82
|
+
try {
|
|
83
|
+
verdict = JSON.parse(readFileSync(filePath, "utf-8"));
|
|
84
|
+
}
|
|
85
|
+
catch {
|
|
86
|
+
console.error("Error: invalid JSON");
|
|
87
|
+
process.exitCode = 1;
|
|
88
|
+
return;
|
|
89
|
+
}
|
|
90
|
+
const groups = groupFindings(verdict);
|
|
91
|
+
if (format === "json") {
|
|
92
|
+
console.log(JSON.stringify(groups, null, 2));
|
|
93
|
+
return;
|
|
94
|
+
}
|
|
95
|
+
console.log(`\nFinding Groups (${groups.length} categories)`);
|
|
96
|
+
console.log("═".repeat(70));
|
|
97
|
+
console.log(`${"Category".padEnd(16)} ${"Count".padEnd(8)} ${"Severities".padEnd(26)} Rules`);
|
|
98
|
+
console.log("─".repeat(70));
|
|
99
|
+
for (const g of groups) {
|
|
100
|
+
const sevStr = Object.entries(g.sevBreakdown)
|
|
101
|
+
.map(([s, c]) => `${s}:${c}`)
|
|
102
|
+
.join(", ");
|
|
103
|
+
const sevDisplay = sevStr.length > 24 ? sevStr.slice(0, 24) + "…" : sevStr;
|
|
104
|
+
const ruleStr = g.ruleIds.slice(0, 3).join(", ");
|
|
105
|
+
console.log(`${g.category.padEnd(16)} ${String(g.count).padEnd(8)} ${sevDisplay.padEnd(26)} ${ruleStr}`);
|
|
106
|
+
}
|
|
107
|
+
console.log("═".repeat(70));
|
|
108
|
+
}
|
|
109
|
+
//# sourceMappingURL=finding-auto-group.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-auto-group.js","sourceRoot":"","sources":["../../src/commands/finding-auto-group.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAa9C,+EAA+E;AAE/E,MAAM,iBAAiB,GAAgD;IACrE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE;IACvG,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE;IAClG,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE;IAC/F,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE;IAC/F,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE;IAC3F,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE;IACjG,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE;CACnF,CAAC;AAEF,SAAS,UAAU,CAAC,MAAc,EAAE,KAAa;IAC/C,MAAM,QAAQ,GAAG,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC;IACpD,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;QACpC,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACrD,OAAO,GAAG,CAAC,IAAI,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,aAAa,CAAC,OAAwB;IAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAwB,CAAC;IAE/C,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEtC,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACnE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;gBAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC1E,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;gBAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACnB,QAAQ;gBACR,KAAK,EAAE,CAAC;gBACR,YAAY,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAC1B,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;gBACnB,MAAM,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,mBAAmB,CAAC,IAAc;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE9D,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;CAUf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,MAAM,cAAc,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC9F,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;aAC5B,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;QAC3E,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC;IAC3G,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-cross-ref.d.ts","sourceRoot":"","sources":["../../src/commands/finding-cross-ref.ts"],"names":[],"mappings":"AAAA;;GAEG;AA4CH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CA8EvD"}
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Finding-cross-ref — Cross-reference findings across multiple reviews.
|
|
3
|
+
*/
|
|
4
|
+
import { readFileSync, existsSync, readdirSync } from "fs";
|
|
5
|
+
// ─── Analysis ───────────────────────────────────────────────────────────────
|
|
6
|
+
function crossReference(verdicts) {
|
|
7
|
+
const ruleMap = new Map();
|
|
8
|
+
for (const { name, verdict } of verdicts) {
|
|
9
|
+
for (const f of verdict.findings) {
|
|
10
|
+
const existing = ruleMap.get(f.ruleId);
|
|
11
|
+
if (existing) {
|
|
12
|
+
existing.files.add(name);
|
|
13
|
+
}
|
|
14
|
+
else {
|
|
15
|
+
ruleMap.set(f.ruleId, { title: f.title, files: new Set([name]) });
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
return [...ruleMap.entries()]
|
|
20
|
+
.map(([ruleId, data]) => ({
|
|
21
|
+
ruleId,
|
|
22
|
+
title: data.title,
|
|
23
|
+
occurrences: data.files.size,
|
|
24
|
+
files: [...data.files],
|
|
25
|
+
persistent: data.files.size === verdicts.length,
|
|
26
|
+
}))
|
|
27
|
+
.sort((a, b) => b.occurrences - a.occurrences);
|
|
28
|
+
}
|
|
29
|
+
// ─── CLI ────────────────────────────────────────────────────────────────────
|
|
30
|
+
export function runFindingCrossRef(argv) {
|
|
31
|
+
const dirIdx = argv.indexOf("--dir");
|
|
32
|
+
const formatIdx = argv.indexOf("--format");
|
|
33
|
+
const persistentOnly = argv.includes("--persistent");
|
|
34
|
+
const dirPath = dirIdx >= 0 ? argv[dirIdx + 1] : undefined;
|
|
35
|
+
const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
|
|
36
|
+
if (argv.includes("--help") || argv.includes("-h")) {
|
|
37
|
+
console.log(`
|
|
38
|
+
judges finding-cross-ref — Cross-reference findings across reviews
|
|
39
|
+
|
|
40
|
+
Usage:
|
|
41
|
+
judges finding-cross-ref --dir <verdicts-dir> [--persistent]
|
|
42
|
+
[--format table|json]
|
|
43
|
+
|
|
44
|
+
Options:
|
|
45
|
+
--dir <path> Directory of verdict JSON files (required)
|
|
46
|
+
--persistent Show only findings present in all reviews
|
|
47
|
+
--format <fmt> Output format: table (default), json
|
|
48
|
+
--help, -h Show this help
|
|
49
|
+
`);
|
|
50
|
+
return;
|
|
51
|
+
}
|
|
52
|
+
if (!dirPath) {
|
|
53
|
+
console.error("Error: --dir required");
|
|
54
|
+
process.exitCode = 1;
|
|
55
|
+
return;
|
|
56
|
+
}
|
|
57
|
+
if (!existsSync(dirPath)) {
|
|
58
|
+
console.error(`Error: not found: ${dirPath}`);
|
|
59
|
+
process.exitCode = 1;
|
|
60
|
+
return;
|
|
61
|
+
}
|
|
62
|
+
const files = readdirSync(dirPath).filter((f) => f.endsWith(".json"));
|
|
63
|
+
const verdicts = [];
|
|
64
|
+
for (const file of files) {
|
|
65
|
+
try {
|
|
66
|
+
verdicts.push({
|
|
67
|
+
name: file,
|
|
68
|
+
verdict: JSON.parse(readFileSync(`${dirPath}/${file}`, "utf-8")),
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
catch {
|
|
72
|
+
// skip
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
if (verdicts.length === 0) {
|
|
76
|
+
console.error("Error: no valid verdict files found");
|
|
77
|
+
process.exitCode = 1;
|
|
78
|
+
return;
|
|
79
|
+
}
|
|
80
|
+
let refs = crossReference(verdicts);
|
|
81
|
+
if (persistentOnly) {
|
|
82
|
+
refs = refs.filter((r) => r.persistent);
|
|
83
|
+
}
|
|
84
|
+
if (format === "json") {
|
|
85
|
+
console.log(JSON.stringify(refs, null, 2));
|
|
86
|
+
return;
|
|
87
|
+
}
|
|
88
|
+
console.log(`\nCross-Reference (${refs.length} rules across ${verdicts.length} reviews)`);
|
|
89
|
+
console.log("═".repeat(70));
|
|
90
|
+
console.log(`${"Rule".padEnd(22)} ${"Occurrences".padEnd(14)} ${"Persistent".padEnd(12)} Title`);
|
|
91
|
+
console.log("─".repeat(70));
|
|
92
|
+
for (const r of refs.slice(0, 20)) {
|
|
93
|
+
const rule = r.ruleId.length > 20 ? r.ruleId.slice(0, 20) + "…" : r.ruleId;
|
|
94
|
+
const title = r.title.length > 20 ? r.title.slice(0, 20) + "…" : r.title;
|
|
95
|
+
console.log(`${rule.padEnd(22)} ${String(r.occurrences).padEnd(14)} ${(r.persistent ? "yes" : "no").padEnd(12)} ${title}`);
|
|
96
|
+
}
|
|
97
|
+
console.log("═".repeat(70));
|
|
98
|
+
}
|
|
99
|
+
//# sourceMappingURL=finding-cross-ref.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-cross-ref.js","sourceRoot":"","sources":["../../src/commands/finding-cross-ref.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAa3D,+EAA+E;AAE/E,SAAS,cAAc,CAAC,QAA2D;IACjF,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiD,CAAC;IAEzE,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,QAAQ,EAAE,CAAC;QACzC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACxB,MAAM;QACN,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;QAC5B,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;QACtB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,MAAM;KAChD,CAAC,CAAC;SACF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC;AACnD,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,kBAAkB,CAAC,IAAc;IAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3D,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE9D,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;CAYf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,KAAK,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAI,WAAW,CAAC,OAAO,CAAyB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/F,MAAM,QAAQ,GAAsD,EAAE,CAAC;IAEvE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,IAAI;gBACV,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,OAAO,IAAI,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC;aACjE,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACrD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,IAAI,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,CAAC,MAAM,iBAAiB,QAAQ,CAAC,MAAM,WAAW,CAAC,CAAC;IAC1F,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;IACjG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAC3E,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACzE,OAAO,CAAC,GAAG,CACT,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAC9G,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-fix-suggest.d.ts","sourceRoot":"","sources":["../../src/commands/finding-fix-suggest.ts"],"names":[],"mappings":"AAAA;;GAEG;AAyCH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAoEzD"}
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Finding-fix-suggest — Suggest fixes based on finding patterns.
|
|
3
|
+
*/
|
|
4
|
+
import { readFileSync, existsSync } from "fs";
|
|
5
|
+
// ─── Analysis ───────────────────────────────────────────────────────────────
|
|
6
|
+
function suggestFixes(verdict) {
|
|
7
|
+
return verdict.findings.map((f) => {
|
|
8
|
+
let suggestion = f.recommendation;
|
|
9
|
+
if (f.patch !== undefined && f.patch !== null) {
|
|
10
|
+
suggestion = `Apply patch: ${String(f.patch).slice(0, 100)}${String(f.patch).length > 100 ? "…" : ""}`;
|
|
11
|
+
}
|
|
12
|
+
else if (f.suggestedFix) {
|
|
13
|
+
suggestion = f.suggestedFix;
|
|
14
|
+
}
|
|
15
|
+
return {
|
|
16
|
+
ruleId: f.ruleId,
|
|
17
|
+
title: f.title,
|
|
18
|
+
severity: (f.severity || "medium").toLowerCase(),
|
|
19
|
+
hasPatch: f.patch !== undefined && f.patch !== null,
|
|
20
|
+
suggestion,
|
|
21
|
+
lineNumbers: f.lineNumbers || [],
|
|
22
|
+
};
|
|
23
|
+
});
|
|
24
|
+
}
|
|
25
|
+
// ─── CLI ────────────────────────────────────────────────────────────────────
|
|
26
|
+
export function runFindingFixSuggest(argv) {
|
|
27
|
+
const fileIdx = argv.indexOf("--file");
|
|
28
|
+
const formatIdx = argv.indexOf("--format");
|
|
29
|
+
const sevIdx = argv.indexOf("--severity");
|
|
30
|
+
const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : undefined;
|
|
31
|
+
const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
|
|
32
|
+
const sevFilter = sevIdx >= 0 ? argv[sevIdx + 1] : undefined;
|
|
33
|
+
if (argv.includes("--help") || argv.includes("-h")) {
|
|
34
|
+
console.log(`
|
|
35
|
+
judges finding-fix-suggest — Suggest fixes for findings
|
|
36
|
+
|
|
37
|
+
Usage:
|
|
38
|
+
judges finding-fix-suggest --file <verdict.json> [--severity <level>]
|
|
39
|
+
[--format table|json]
|
|
40
|
+
|
|
41
|
+
Options:
|
|
42
|
+
--file <path> Path to verdict JSON file (required)
|
|
43
|
+
--severity <level> Filter by severity level
|
|
44
|
+
--format <fmt> Output format: table (default), json
|
|
45
|
+
--help, -h Show this help
|
|
46
|
+
`);
|
|
47
|
+
return;
|
|
48
|
+
}
|
|
49
|
+
if (!filePath) {
|
|
50
|
+
console.error("Error: --file required");
|
|
51
|
+
process.exitCode = 1;
|
|
52
|
+
return;
|
|
53
|
+
}
|
|
54
|
+
if (!existsSync(filePath)) {
|
|
55
|
+
console.error(`Error: not found: ${filePath}`);
|
|
56
|
+
process.exitCode = 1;
|
|
57
|
+
return;
|
|
58
|
+
}
|
|
59
|
+
let verdict;
|
|
60
|
+
try {
|
|
61
|
+
verdict = JSON.parse(readFileSync(filePath, "utf-8"));
|
|
62
|
+
}
|
|
63
|
+
catch {
|
|
64
|
+
console.error("Error: invalid JSON");
|
|
65
|
+
process.exitCode = 1;
|
|
66
|
+
return;
|
|
67
|
+
}
|
|
68
|
+
let suggestions = suggestFixes(verdict);
|
|
69
|
+
if (sevFilter) {
|
|
70
|
+
suggestions = suggestions.filter((s) => s.severity === sevFilter.toLowerCase());
|
|
71
|
+
}
|
|
72
|
+
if (format === "json") {
|
|
73
|
+
console.log(JSON.stringify(suggestions, null, 2));
|
|
74
|
+
return;
|
|
75
|
+
}
|
|
76
|
+
console.log(`\nFix Suggestions (${suggestions.length})`);
|
|
77
|
+
console.log("═".repeat(75));
|
|
78
|
+
for (const s of suggestions) {
|
|
79
|
+
const lines = s.lineNumbers.length > 0 ? `L${s.lineNumbers[0]}` : "—";
|
|
80
|
+
const patch = s.hasPatch ? " [has patch]" : "";
|
|
81
|
+
console.log(` [${s.severity.toUpperCase()}] ${s.ruleId} at ${lines}${patch}`);
|
|
82
|
+
console.log(` ${s.title}`);
|
|
83
|
+
const suggDisplay = s.suggestion.length > 70 ? s.suggestion.slice(0, 70) + "…" : s.suggestion;
|
|
84
|
+
console.log(` → ${suggDisplay}`);
|
|
85
|
+
console.log("");
|
|
86
|
+
}
|
|
87
|
+
console.log("═".repeat(75));
|
|
88
|
+
}
|
|
89
|
+
//# sourceMappingURL=finding-fix-suggest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-fix-suggest.js","sourceRoot":"","sources":["../../src/commands/finding-fix-suggest.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAc9C,+EAA+E;AAE/E,SAAS,YAAY,CAAC,OAAwB;IAC5C,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAChC,IAAI,UAAU,GAAG,CAAC,CAAC,cAAc,CAAC;QAElC,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YAC9C,UAAU,GAAG,gBAAgB,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACzG,CAAC;aAAM,IAAI,CAAC,CAAC,YAAY,EAAE,CAAC;YAC1B,UAAU,GAAG,CAAC,CAAC,YAAY,CAAC;QAC9B,CAAC;QAED,OAAO;YACL,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAC,WAAW,EAAE;YAChD,QAAQ,EAAE,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI;YACnD,UAAU;YACV,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,EAAE;SACjC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,oBAAoB,CAAC,IAAc;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAC9D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE7D,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;CAYf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,SAAS,EAAE,CAAC;QACd,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAClD,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QACtE,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,MAAM,OAAO,KAAK,GAAG,KAAK,EAAE,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;QAC9F,OAAO,CAAC,GAAG,CAAC,SAAS,WAAW,EAAE,CAAC,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-link-graph.d.ts","sourceRoot":"","sources":["../../src/commands/finding-link-graph.ts"],"names":[],"mappings":"AAAA;;GAEG;AAgHH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAmExD"}
|
|
@@ -0,0 +1,145 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Finding-link-graph — Build a graph of related findings by rule co-occurrence.
|
|
3
|
+
*/
|
|
4
|
+
import { readFileSync, existsSync } from "fs";
|
|
5
|
+
// ─── Analysis ───────────────────────────────────────────────────────────────
|
|
6
|
+
function buildGraph(verdict) {
|
|
7
|
+
const nodes = new Map();
|
|
8
|
+
const edges = [];
|
|
9
|
+
// Build nodes
|
|
10
|
+
for (const f of verdict.findings) {
|
|
11
|
+
if (!nodes.has(f.ruleId)) {
|
|
12
|
+
nodes.set(f.ruleId, {
|
|
13
|
+
ruleId: f.ruleId,
|
|
14
|
+
title: f.title,
|
|
15
|
+
severity: (f.severity || "medium").toLowerCase(),
|
|
16
|
+
connections: 0,
|
|
17
|
+
});
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
// Build edges based on proximity
|
|
21
|
+
const findings = verdict.findings;
|
|
22
|
+
for (let i = 0; i < findings.length; i++) {
|
|
23
|
+
for (let j = i + 1; j < findings.length; j++) {
|
|
24
|
+
const a = findings[i];
|
|
25
|
+
const b = findings[j];
|
|
26
|
+
if (a.ruleId === b.ruleId)
|
|
27
|
+
continue;
|
|
28
|
+
const aLines = a.lineNumbers || [];
|
|
29
|
+
const bLines = b.lineNumbers || [];
|
|
30
|
+
if (aLines.length > 0 && bLines.length > 0) {
|
|
31
|
+
const minDist = Math.min(...aLines.flatMap((al) => bLines.map((bl) => Math.abs(al - bl))));
|
|
32
|
+
if (minDist <= 10) {
|
|
33
|
+
const existingEdge = edges.find((e) => (e.from === a.ruleId && e.to === b.ruleId) || (e.from === b.ruleId && e.to === a.ruleId));
|
|
34
|
+
if (existingEdge) {
|
|
35
|
+
existingEdge.weight++;
|
|
36
|
+
}
|
|
37
|
+
else {
|
|
38
|
+
edges.push({
|
|
39
|
+
from: a.ruleId,
|
|
40
|
+
to: b.ruleId,
|
|
41
|
+
weight: 1,
|
|
42
|
+
relationship: minDist <= 3 ? "adjacent" : "nearby",
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
// Update connection counts
|
|
50
|
+
for (const e of edges) {
|
|
51
|
+
const fromNode = nodes.get(e.from);
|
|
52
|
+
const toNode = nodes.get(e.to);
|
|
53
|
+
if (fromNode)
|
|
54
|
+
fromNode.connections++;
|
|
55
|
+
if (toNode)
|
|
56
|
+
toNode.connections++;
|
|
57
|
+
}
|
|
58
|
+
// Simple clustering by connected components
|
|
59
|
+
const clusters = [];
|
|
60
|
+
const visited = new Set();
|
|
61
|
+
for (const nodeId of nodes.keys()) {
|
|
62
|
+
if (visited.has(nodeId))
|
|
63
|
+
continue;
|
|
64
|
+
const cluster = [];
|
|
65
|
+
const stack = [nodeId];
|
|
66
|
+
while (stack.length > 0) {
|
|
67
|
+
const current = stack.pop();
|
|
68
|
+
if (visited.has(current))
|
|
69
|
+
continue;
|
|
70
|
+
visited.add(current);
|
|
71
|
+
cluster.push(current);
|
|
72
|
+
for (const e of edges) {
|
|
73
|
+
if (e.from === current && !visited.has(e.to))
|
|
74
|
+
stack.push(e.to);
|
|
75
|
+
if (e.to === current && !visited.has(e.from))
|
|
76
|
+
stack.push(e.from);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
clusters.push(cluster);
|
|
80
|
+
}
|
|
81
|
+
return { nodes: [...nodes.values()], edges, clusters };
|
|
82
|
+
}
|
|
83
|
+
// ─── CLI ────────────────────────────────────────────────────────────────────
|
|
84
|
+
export function runFindingLinkGraph(argv) {
|
|
85
|
+
const fileIdx = argv.indexOf("--file");
|
|
86
|
+
const formatIdx = argv.indexOf("--format");
|
|
87
|
+
const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : undefined;
|
|
88
|
+
const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
|
|
89
|
+
if (argv.includes("--help") || argv.includes("-h")) {
|
|
90
|
+
console.log(`
|
|
91
|
+
judges finding-link-graph — Build finding relationship graph
|
|
92
|
+
|
|
93
|
+
Usage:
|
|
94
|
+
judges finding-link-graph --file <verdict.json> [--format table|json]
|
|
95
|
+
|
|
96
|
+
Options:
|
|
97
|
+
--file <path> Path to verdict JSON file (required)
|
|
98
|
+
--format <fmt> Output format: table (default), json
|
|
99
|
+
--help, -h Show this help
|
|
100
|
+
`);
|
|
101
|
+
return;
|
|
102
|
+
}
|
|
103
|
+
if (!filePath) {
|
|
104
|
+
console.error("Error: --file required");
|
|
105
|
+
process.exitCode = 1;
|
|
106
|
+
return;
|
|
107
|
+
}
|
|
108
|
+
if (!existsSync(filePath)) {
|
|
109
|
+
console.error(`Error: not found: ${filePath}`);
|
|
110
|
+
process.exitCode = 1;
|
|
111
|
+
return;
|
|
112
|
+
}
|
|
113
|
+
let verdict;
|
|
114
|
+
try {
|
|
115
|
+
verdict = JSON.parse(readFileSync(filePath, "utf-8"));
|
|
116
|
+
}
|
|
117
|
+
catch {
|
|
118
|
+
console.error("Error: invalid JSON");
|
|
119
|
+
process.exitCode = 1;
|
|
120
|
+
return;
|
|
121
|
+
}
|
|
122
|
+
const graph = buildGraph(verdict);
|
|
123
|
+
if (format === "json") {
|
|
124
|
+
console.log(JSON.stringify(graph, null, 2));
|
|
125
|
+
return;
|
|
126
|
+
}
|
|
127
|
+
console.log(`\nFinding Link Graph`);
|
|
128
|
+
console.log("═".repeat(65));
|
|
129
|
+
console.log(` Nodes: ${graph.nodes.length} | Edges: ${graph.edges.length} | Clusters: ${graph.clusters.length}`);
|
|
130
|
+
console.log("─".repeat(65));
|
|
131
|
+
if (graph.edges.length > 0) {
|
|
132
|
+
console.log(`\n Connections:`);
|
|
133
|
+
for (const e of graph.edges.slice(0, 15)) {
|
|
134
|
+
console.log(` ${e.from} ─[${e.relationship}]─ ${e.to} (weight: ${e.weight})`);
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
if (graph.clusters.length > 0) {
|
|
138
|
+
console.log(`\n Clusters:`);
|
|
139
|
+
for (let i = 0; i < Math.min(graph.clusters.length, 10); i++) {
|
|
140
|
+
console.log(` ${i + 1}. ${graph.clusters[i].join(", ")}`);
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
console.log("═".repeat(65));
|
|
144
|
+
}
|
|
145
|
+
//# sourceMappingURL=finding-link-graph.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-link-graph.js","sourceRoot":"","sources":["../../src/commands/finding-link-graph.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAyB9C,+EAA+E;AAE/E,SAAS,UAAU,CAAC,OAAwB;IAC1C,MAAM,KAAK,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC3C,MAAM,KAAK,GAAgB,EAAE,CAAC;IAE9B,cAAc;IACd,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE;gBAClB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAC,WAAW,EAAE;gBAChD,WAAW,EAAE,CAAC;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;gBAAE,SAAS;YAEpC,MAAM,MAAM,GAAG,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;YAEnC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;gBAE3F,IAAI,OAAO,IAAI,EAAE,EAAE,CAAC;oBAClB,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAChG,CAAC;oBACF,IAAI,YAAY,EAAE,CAAC;wBACjB,YAAY,CAAC,MAAM,EAAE,CAAC;oBACxB,CAAC;yBAAM,CAAC;wBACN,KAAK,CAAC,IAAI,CAAC;4BACT,IAAI,EAAE,CAAC,CAAC,MAAM;4BACd,EAAE,EAAE,CAAC,CAAC,MAAM;4BACZ,MAAM,EAAE,CAAC;4BACT,YAAY,EAAE,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;yBACnD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/B,IAAI,QAAQ;YAAE,QAAQ,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,MAAM;YAAE,MAAM,CAAC,WAAW,EAAE,CAAC;IACnC,CAAC;IAED,4CAA4C;IAC5C,MAAM,QAAQ,GAAe,EAAE,CAAC;IAChC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAClC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAClC,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,EAAG,CAAC;YAC7B,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YACnC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACtB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;oBAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC/D,IAAI,CAAC,CAAC,EAAE,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;oBAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACzD,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,mBAAmB,CAAC,IAAc;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE9D,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;CAUf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAElC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,CAAC,KAAK,CAAC,MAAM,eAAe,KAAK,CAAC,KAAK,CAAC,MAAM,kBAAkB,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACtH,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,YAAY,MAAM,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7D,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-ownership-map.d.ts","sourceRoot":"","sources":["../../src/commands/finding-ownership-map.ts"],"names":[],"mappings":"AAAA;;GAEG;AA8EH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAkE3D"}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Finding-ownership-map — Map findings to code owners.
|
|
3
|
+
*/
|
|
4
|
+
import { readFileSync, existsSync } from "fs";
|
|
5
|
+
// ─── Analysis ───────────────────────────────────────────────────────────────
|
|
6
|
+
function parseCodeowners(path) {
|
|
7
|
+
if (!existsSync(path))
|
|
8
|
+
return [];
|
|
9
|
+
const content = readFileSync(path, "utf-8");
|
|
10
|
+
const mappings = [];
|
|
11
|
+
for (const line of content.split("\n")) {
|
|
12
|
+
const trimmed = line.trim();
|
|
13
|
+
if (trimmed.startsWith("#") || trimmed.length === 0)
|
|
14
|
+
continue;
|
|
15
|
+
const parts = trimmed.split(/\s+/);
|
|
16
|
+
if (parts.length >= 2) {
|
|
17
|
+
mappings.push({ pattern: parts[0], owner: parts[1] });
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
return mappings;
|
|
21
|
+
}
|
|
22
|
+
function mapOwnership(verdict, owners) {
|
|
23
|
+
const ownerMap = new Map();
|
|
24
|
+
const defaultOwner = "unassigned";
|
|
25
|
+
for (const f of verdict.findings) {
|
|
26
|
+
// Use ruleId prefix as a rough domain-to-owner mapping
|
|
27
|
+
let assignedOwner = defaultOwner;
|
|
28
|
+
const rulePrefix = f.ruleId.split("-")[0];
|
|
29
|
+
for (const o of owners) {
|
|
30
|
+
if (o.pattern.includes(rulePrefix) || f.ruleId.includes(o.pattern.replace("*", ""))) {
|
|
31
|
+
assignedOwner = o.owner;
|
|
32
|
+
break;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
const existing = ownerMap.get(assignedOwner);
|
|
36
|
+
const sev = (f.severity || "medium").toLowerCase();
|
|
37
|
+
if (existing) {
|
|
38
|
+
existing.findingCount++;
|
|
39
|
+
if (sev === "critical")
|
|
40
|
+
existing.criticalCount++;
|
|
41
|
+
if (sev === "high")
|
|
42
|
+
existing.highCount++;
|
|
43
|
+
if (!existing.ruleIds.includes(f.ruleId))
|
|
44
|
+
existing.ruleIds.push(f.ruleId);
|
|
45
|
+
}
|
|
46
|
+
else {
|
|
47
|
+
ownerMap.set(assignedOwner, {
|
|
48
|
+
owner: assignedOwner,
|
|
49
|
+
findingCount: 1,
|
|
50
|
+
criticalCount: sev === "critical" ? 1 : 0,
|
|
51
|
+
highCount: sev === "high" ? 1 : 0,
|
|
52
|
+
ruleIds: [f.ruleId],
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
return [...ownerMap.values()].sort((a, b) => b.findingCount - a.findingCount);
|
|
57
|
+
}
|
|
58
|
+
// ─── CLI ────────────────────────────────────────────────────────────────────
|
|
59
|
+
export function runFindingOwnershipMap(argv) {
|
|
60
|
+
const fileIdx = argv.indexOf("--file");
|
|
61
|
+
const ownersIdx = argv.indexOf("--codeowners");
|
|
62
|
+
const formatIdx = argv.indexOf("--format");
|
|
63
|
+
const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : undefined;
|
|
64
|
+
const ownersPath = ownersIdx >= 0 ? argv[ownersIdx + 1] : "CODEOWNERS";
|
|
65
|
+
const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
|
|
66
|
+
if (argv.includes("--help") || argv.includes("-h")) {
|
|
67
|
+
console.log(`
|
|
68
|
+
judges finding-ownership-map — Map findings to code owners
|
|
69
|
+
|
|
70
|
+
Usage:
|
|
71
|
+
judges finding-ownership-map --file <verdict.json> [--codeowners <path>]
|
|
72
|
+
[--format table|json]
|
|
73
|
+
|
|
74
|
+
Options:
|
|
75
|
+
--file <path> Path to verdict JSON file (required)
|
|
76
|
+
--codeowners <path> Path to CODEOWNERS file (default: CODEOWNERS)
|
|
77
|
+
--format <fmt> Output format: table (default), json
|
|
78
|
+
--help, -h Show this help
|
|
79
|
+
`);
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
82
|
+
if (!filePath) {
|
|
83
|
+
console.error("Error: --file required");
|
|
84
|
+
process.exitCode = 1;
|
|
85
|
+
return;
|
|
86
|
+
}
|
|
87
|
+
if (!existsSync(filePath)) {
|
|
88
|
+
console.error(`Error: not found: ${filePath}`);
|
|
89
|
+
process.exitCode = 1;
|
|
90
|
+
return;
|
|
91
|
+
}
|
|
92
|
+
let verdict;
|
|
93
|
+
try {
|
|
94
|
+
verdict = JSON.parse(readFileSync(filePath, "utf-8"));
|
|
95
|
+
}
|
|
96
|
+
catch {
|
|
97
|
+
console.error("Error: invalid JSON");
|
|
98
|
+
process.exitCode = 1;
|
|
99
|
+
return;
|
|
100
|
+
}
|
|
101
|
+
const owners = parseCodeowners(ownersPath);
|
|
102
|
+
const entries = mapOwnership(verdict, owners);
|
|
103
|
+
if (format === "json") {
|
|
104
|
+
console.log(JSON.stringify(entries, null, 2));
|
|
105
|
+
return;
|
|
106
|
+
}
|
|
107
|
+
console.log(`\nOwnership Map (${entries.length} owners)`);
|
|
108
|
+
console.log("═".repeat(65));
|
|
109
|
+
console.log(`${"Owner".padEnd(22)} ${"Findings".padEnd(10)} ${"Critical".padEnd(10)} ${"High".padEnd(8)} Rules`);
|
|
110
|
+
console.log("─".repeat(65));
|
|
111
|
+
for (const e of entries) {
|
|
112
|
+
const owner = e.owner.length > 20 ? e.owner.slice(0, 20) + "…" : e.owner;
|
|
113
|
+
const ruleStr = e.ruleIds.slice(0, 3).join(", ");
|
|
114
|
+
console.log(`${owner.padEnd(22)} ${String(e.findingCount).padEnd(10)} ${String(e.criticalCount).padEnd(10)} ${String(e.highCount).padEnd(8)} ${ruleStr}`);
|
|
115
|
+
}
|
|
116
|
+
console.log("═".repeat(65));
|
|
117
|
+
}
|
|
118
|
+
//# sourceMappingURL=finding-ownership-map.js.map
|