@security-alert/sarif-to-markdown 1.3.0 → 1.5.0

package/README.md

@@ -1,11 +1,11 @@
 # @security-alert/sarif-to-markdown
 
-Convert SARIF format to body text
+Convert SARIF format to Markdown text.
 
 > Supported safari version: v2.1.0
 
 - [SARIF output — CodeQL](https://help.semmle.com/codeql/codeql-cli/reference/sarif-overview.html)
-- [OASIS Static Analysis Results Interchange Format (SARIF) TC | OASIS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif)
+- [OASIS Static Analysis sarifToMarkdownResult Interchange Format (SARIF) TC | OASIS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif)
 
 ## Install
 
@@ -13,9 +13,341 @@ Install with [npm](https://www.npmjs.com/):
 
     npm install @security-alert/sarif-to-markdown
 
-## Usage
+## Example
 
-- [ ] Write usage instructions
+**input.sarif:**
+
+```json
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "CodeQL command-line toolchain",
+          "organization": "GitHub",
+          "semanticVersion": "2.2.4",
+          "rules": [
+            {
+              "id": "js/xss",
+              "name": "js/xss",
+              "shortDescription": {
+                "text": "Client-side cross-site scripting"
+              },
+              "fullDescription": {
+                "text": "Writing user input directly to the DOM allows for a cross-site scripting vulnerability."
+              },
+              "defaultConfiguration": {
+                "level": "error"
+              },
+              "properties": {
+                "tags": [
+                  "security",
+                  "external/cwe/cwe-079",
+                  "external/cwe/cwe-116"
+                ],
+                "kind": "path-problem",
+                "precision": "high",
+                "name": "Client-side cross-site scripting",
+                "description": "Writing user input directly to the DOM allows for\n              a cross-site scripting vulnerability.",
+                "id": "js/xss",
+                "problem.severity": "error"
+              }
+            }
+          ]
+        }
+      },
+      "artifacts": [
+        {
+          "location": {
+            "uri": "examples/Xss.js",
+            "uriBaseId": "%SRCROOT%",
+            "index": 0
+          }
+        }
+      ],
+      "results": [
+        {
+          "ruleId": "js/xss",
+          "ruleIndex": 0,
+          "message": {
+            "text": "Cross-site scripting vulnerability due to [user-provided value](1)."
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "examples/Xss.js",
+                  "uriBaseId": "%SRCROOT%",
+                  "index": 0
+                },
+                "region": {
+                  "startLine": 4,
+                  "startColumn": 20,
+                  "endColumn": 56
+                }
+              }
+            }
+          ],
+          "partialFingerprints": {
+            "primaryLocationLineHash": "f10617abe5e779f0:1",
+            "primaryLocationStartColumnFingerprint": "15"
+          },
+          "codeFlows": [
+            {
+              "threadFlows": [
+                {
+                  "locations": [
+                    {
+                      "location": {
+                        "physicalLocation": {
+                          "artifactLocation": {
+                            "uri": "examples/Xss.js",
+                            "uriBaseId": "%SRCROOT%",
+                            "index": 0
+                          },
+                          "region": {
+                            "startLine": 2,
+                            "startColumn": 16,
+                            "endColumn": 33
+                          }
+                        },
+                        "message": {
+                          "text": "document.location"
+                        }
+                      }
+                    },
+                    {
+                      "location": {
+                        "physicalLocation": {
+                          "artifactLocation": {
+                            "uri": "examples/Xss.js",
+                            "uriBaseId": "%SRCROOT%",
+                            "index": 0
+                          },
+                          "region": {
+                            "startLine": 2,
+                            "startColumn": 16,
+                            "endColumn": 38
+                          }
+                        },
+                        "message": {
+                          "text": "documen ... on.href"
+                        }
+                      }
+                    },
+                    {
+                      "location": {
+                        "physicalLocation": {
+                          "artifactLocation": {
+                            "uri": "examples/Xss.js",
+                            "uriBaseId": "%SRCROOT%",
+                            "index": 0
+                          },
+                          "region": {
+                            "startLine": 2,
+                            "startColumn": 9,
+                            "endColumn": 38
+                          }
+                        },
+                        "message": {
+                          "text": "href"
+                        }
+                      }
+                    },
+                    {
+                      "location": {
+                        "physicalLocation": {
+                          "artifactLocation": {
+                            "uri": "examples/Xss.js",
+                            "uriBaseId": "%SRCROOT%",
+                            "index": 0
+                          },
+                          "region": {
+                            "startLine": 3,
+                            "startColumn": 17,
+                            "endColumn": 21
+                          }
+                        },
+                        "message": {
+                          "text": "href"
+                        }
+                      }
+                    },
+                    {
+                      "location": {
+                        "physicalLocation": {
+                          "artifactLocation": {
+                            "uri": "examples/Xss.js",
+                            "uriBaseId": "%SRCROOT%",
+                            "index": 0
+                          },
+                          "region": {
+                            "startLine": 3,
+                            "startColumn": 17,
+                            "endColumn": 59
+                          }
+                        },
+                        "message": {
+                          "text": "href.su ... t=\")+8)"
+                        }
+                      }
+                    },
+                    {
+                      "location": {
+                        "physicalLocation": {
+                          "artifactLocation": {
+                            "uri": "examples/Xss.js",
+                            "uriBaseId": "%SRCROOT%",
+                            "index": 0
+                          },
+                          "region": {
+                            "startLine": 3,
+                            "startColumn": 9,
+                            "endColumn": 59
+                          }
+                        },
+                        "message": {
+                          "text": "deflt"
+                        }
+                      }
+                    },
+                    {
+                      "location": {
+                        "physicalLocation": {
+                          "artifactLocation": {
+                            "uri": "examples/Xss.js",
+                            "uriBaseId": "%SRCROOT%",
+                            "index": 0
+                          },
+                          "region": {
+                            "startLine": 4,
+                            "startColumn": 39,
+                            "endColumn": 44
+                          }
+                        },
+                        "message": {
+                          "text": "deflt"
+                        }
+                      }
+                    },
+                    {
+                      "location": {
+                        "physicalLocation": {
+                          "artifactLocation": {
+                            "uri": "examples/Xss.js",
+                            "uriBaseId": "%SRCROOT%",
+                            "index": 0
+                          },
+                          "region": {
+                            "startLine": 4,
+                            "startColumn": 20,
+                            "endColumn": 56
+                          }
+                        },
+                        "message": {
+                          "text": "\"<OPTIO ... PTION>\""
+                        }
+                      }
+                    }
+                  ]
+                }
+              ]
+            }
+          ],
+          "relatedLocations": [
+            {
+              "id": 1,
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "examples/Xss.js",
+                  "uriBaseId": "%SRCROOT%",
+                  "index": 0
+                },
+                "region": {
+                  "startLine": 2,
+                  "startColumn": 16,
+                  "endColumn": 33
+                }
+              },
+              "message": {
+                "text": "user-provided value"
+              }
+            }
+          ]
+        }
+      ],
+      "newlineSequences": [
+        "\r\n",
+        "\n",
+        "
",
+        "
"
+      ],
+      "columnKind": "utf16CodeUnits",
+      "properties": {
+        "semmle.formatSpecifier": "sarifv2.1.0"
+      }
+    }
+  ]
+}
+```
+
+**output.md**
+
+---
+
+
+## Rules
+<!-- Rule Info -->
+**js/xss** (severity: **error**)
+
+> Client-side cross-site scripting
+ 
+<details><summary>Details</summary>
+<pre>{
+    "driver": {
+        "name": "CodeQL command-line toolchain",
+        "organization": "GitHub",
+        "semanticVersion": "2.2.4",
+        "rules": [
+            {
+                "id": "js/xss",
+                "name": "js/xss",
+                "shortDescription": {
+                    "text": "Client-side cross-site scripting"
+                },
+                "fullDescription": {
+                    "text": "Writing user input directly to the DOM allows for a cross-site scripting vulnerability."
+                },
+                "defaultConfiguration": {
+                    "level": "error"
+                },
+                "properties": {
+                    "tags": [
+                        "security",
+                        "external/cwe/cwe-079",
+                        "external/cwe/cwe-116"
+                    ],
+                    "kind": "path-problem",
+                    "precision": "high",
+                    "name": "Client-side cross-site scripting",
+                    "description": "Writing user input directly to the DOM allows for\n              a cross-site scripting vulnerability.",
+                    "id": "js/xss",
+                    "problem.severity": "error"
+                }
+            }
+        ]
+    }
+}</pre></details>
+
+## Results
+
+- **js/xss**: Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
+
+https://github.com/owner/repo/blob/master/base/examples/Xss.js#L4
+
+---
 
 ## Changelog
 

package/lib/sarif-to-markdown.d.ts

@@ -1,9 +1,12 @@
 import type { Log } from "sarif";
-export declare type sarifFormatterResult = {
-    title: string;
-    body: string;
-};
 export declare type sarifFormatterOptions = {
+    /**
+     * Title of content
+     */
+    title?: string;
+    /**
+     * https://github.com
+     */
     githubHost?: string;
     /**
      * GitHub Owner
@@ -23,7 +26,13 @@ export declare type sarifFormatterOptions = {
      */
     sourceRoot: string;
 };
-export declare const sarifToMarkdown: (options: sarifFormatterOptions) => (sarifLog: Log) => {
-    title: string;
+declare type sarifToMarkdownResult = {
+    title?: string;
     body: string;
-}[];
+    /**
+     * If the body has not results, `hasMessages` will be `false`
+     */
+    hasMessages: boolean;
+};
+export declare const sarifToMarkdown: (options: sarifFormatterOptions) => (sarifLog: Log) => sarifToMarkdownResult[];
+export {};

package/lib/sarif-to-markdown.js

@@ -44,13 +44,15 @@ var createCodeURL = function (result, options) {
             return [];
         }
         var lineNumber = physicalLocation.region.endLine !== undefined ? "L" + physicalLocation.region.startLine + "-" + physicalLocation.region.endLine : "L" + physicalLocation.region.startLine;
-        return url_join_1.default(githubHost, options.owner, options.repo, "tree/" + options.branch, options.sourceRoot, physicalLocation.artifactLocation.uri + "#" + lineNumber);
+        return url_join_1.default(githubHost, options.owner, options.repo, "blob/" + options.branch, options.sourceRoot, physicalLocation.artifactLocation.uri + "#" + lineNumber);
     });
 };
 exports.sarifToMarkdown = function (options) {
     return function (sarifLog) {
         return sarifLog.runs.map(function (run) {
-            var _a, _b, _c;
+            var _a, _b, _c, _d, _e, _f, _g;
+            var title = options.title ? "# " + options.title + "\n" : "# Report";
+            var toolInfo = "\n## Tool information\n- Name: " + ((_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.name) + "\n- Organization: " + ((_b = run.tool.driver) === null || _b === void 0 ? void 0 : _b.organization) + "\n- Version: " + ((_c = run.tool.driver) === null || _c === void 0 ? void 0 : _c.semanticVersion) + "\n";
             // # tool section
             // Rule info
             // Vulnerability info
@@ -59,27 +61,31 @@ exports.sarifToMarkdown = function (options) {
             /**
              * # Rule Info
              */
-            var ruleInfo = escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["# ", "\n<!-- Rule Info -->\n", "\n "], ["\\\n# ", "\n<!-- Rule Info -->\n",
-                "\n "])), run.tool.driver.name, (_b = (_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.rules) === null || _b === void 0 ? void 0 : _b.map(function (rule) {
-                var _a;
+            var ruleInfo = escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["\n## Rules information\n<!-- Rule Info -->\n<details><summary>Rules details</summary>\n\n", "\n "], ["\n## Rules information\n<!-- Rule Info -->\n<details><summary>Rules details</summary>\n\n",
+                "\n "])), (_e = (_d = run.tool.driver) === null || _d === void 0 ? void 0 : _d.rules) === null || _e === void 0 ? void 0 : _e.map(function (rule) {
+                var _a, _b;
+                var severity = rule.properties ? (_a = rule.properties) === null || _a === void 0 ? void 0 : _a["problem.severity"] : "";
                 // rule description
-                return "**" + rule.id + "**\n\n> " + ((_a = rule.shortDescription) === null || _a === void 0 ? void 0 : _a.text);
+                return "- " + rule.id + " [" + severity + "]\n\n> " + ((_b = rule.shortDescription) === null || _b === void 0 ? void 0 : _b.text);
             }));
-            var ruleDetails = "<details><summary>Details</summary>\n<pre>" + JSON.stringify(run.tool, null, 4) + "</pre></details>";
+            var ruleDetails = "<details><summary>Details</summary>\n<pre>" + JSON.stringify(run.tool, null, 4) + "</pre></details>\n";
             /* Results
             - rule id
             - message
             - vulnerability source location
+
+            If pass the scan, results is empty array
             */
-            var results = "\n## Results\n\n" + ((_c = run.results) === null || _c === void 0 ? void 0 : _c.map(function (result) {
+            var results = run.results && run.results.length > 0 ? "\n## Results\n\n" + ((_f = run.results) === null || _f === void 0 ? void 0 : _f.map(function (result) {
                 return "- **" + result.ruleId + "**: " + markdown_escape_1.default(result.message.text)
                     + "\n\n"
                     + createCodeURL(result, options).join("\n")
                     + "\n";
-            }).join("\n")) + "\n";
+            }).join("\n")) + "\n"
+                : "\n## Results\n\nNo Error\n\n";
             return {
-                title: run.tool.driver.name,
-                body: ruleInfo + "\n" + ruleDetails + "\n" + results
+                body: title + results + "\n" + ruleInfo + "\n" + ruleDetails + toolInfo,
+                hasMessages: ((_g = run.results) === null || _g === void 0 ? void 0 : _g.length) !== 0
             };
         });
     };

package/lib/sarif-to-markdown.js.map

@@ -1 +1 @@
-{"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;;;;;;;AACA,aAAa;AACb,oEAAoC;AAEpC,sDAA+B;AAE/B,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,yBAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;;IACjE,IAAM,UAAU,SAAG,OAAO,CAAC,UAAU,mCAAI,oBAAoB,CAAC;IAC9D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QAClC,OAAO,EAAE,CAAC;KACb;IACD,aAAO,MAAM,CAAC,SAAS,0CAAE,OAAO,CAAC,UAAA,QAAQ;QACrC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAA;QAClD,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE;YACpC,OAAO,EAAE,CAAC;SACb;QACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,SAAI,gBAAgB,CAAC,MAAM,CAAC,OAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAW,CAAC;QACxL,OAAO,kBAAO,CAAC,UAAU,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,EAAE,UAAQ,OAAO,CAAC,MAAQ,EAAE,OAAO,CAAC,UAAU,EAAK,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,SAAI,UAAY,CAAC,CAAC;IACpK,CAAC,EAAE;AAEP,CAAC,CAAA;AA4BY,QAAA,eAAe,GAAG,UAAC,OAA8B;IAC1D,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAA,GAAG;;YACxB,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ;;eAEG;YACH,IAAM,QAAQ,GAAG,cAAc,wGAAA,QACvC,EAAoB,wBAEtB;gBAMW,KACX,KATE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,cAEtB,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAA,IAAI;;gBACd,mBAAmB;gBACnB,OAAO,OAAK,IAAI,CAAC,EAAE,uBAEnC,IAAI,CAAC,gBAAgB,0CAAE,IAAI,CAAE,CAAA;YACjB,CAAC,EAEf,CAAC;YACS,IAAM,WAAW,GAAG,+CACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,qBAAkB,CAAC;YAC/C;;;;cAIE;YACF,IAAM,OAAO,GAAG,4BAG1B,GAAG,CAAC,OAAO,0CAAE,GAAG,CAAC,UAAA,MAAM;gBACT,OAAO,SAAO,MAAM,CAAC,MAAM,YAAO,yBAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAG;sBACzD,MAAM;sBACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;sBACzC,IAAI,CAAA;YACd,CAAC,EAAE,IAAI,CAAC,IAAI,SACvB,CAAA;YACW,OAAO;gBACH,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBAC3B,IAAI,EAAE,QAAQ,GAAG,IAAI,GAAG,WAAW,GAAG,IAAI,GAAG,OAAO;aACvD,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAA;AAEL,CAAC,CAAA"}
+{"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;;;;;;;AACA,aAAa;AACb,oEAAoC;AACpC,sDAA+B;AAE/B,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,yBAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;;IACjE,IAAM,UAAU,SAAG,OAAO,CAAC,UAAU,mCAAI,oBAAoB,CAAC;IAC9D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QAClC,OAAO,EAAE,CAAC;KACb;IACD,aAAO,MAAM,CAAC,SAAS,0CAAE,OAAO,CAAC,UAAA,QAAQ;QACrC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAA;QAClD,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE;YACpC,OAAO,EAAE,CAAC;SACb;QACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,SAAI,gBAAgB,CAAC,MAAM,CAAC,OAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAW,CAAC;QACxL,OAAO,kBAAO,CAAC,UAAU,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,EAAE,UAAQ,OAAO,CAAC,MAAQ,EAAE,OAAO,CAAC,UAAU,EAAK,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,SAAI,UAAY,CAAC,CAAC;IACpK,CAAC,EAAE;AAEP,CAAC,CAAA;AAuCY,QAAA,eAAe,GAAG,UAAC,OAA8B;IAC1D,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAA,GAAG;;YACxB,IAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAK,OAAO,CAAC,KAAK,OAAI,CAAC,CAAC,CAAC,UAAU,CAAC;YAElE,IAAM,QAAQ,GAAG,2CAEnB,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,IAAI,kCACb,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,YAAY,6BAClC,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,eAAe,QAC5C,CAAA;YACW,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ;;eAEG;YACH,IAAM,QAAQ,GAAG,cAAc,qKAAA,2FAKzC;gBAOW,KACX,iBARA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAA,IAAI;;gBACd,IAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,OAAC,IAAI,CAAC,UAAU,0CAAG,kBAAkB,EAAE,CAAC,CAAC,EAAE,CAAA;gBAC7E,mBAAmB;gBACnB,OAAO,OAAK,IAAI,CAAC,EAAE,UAAK,QAAQ,sBAEhD,IAAI,CAAC,gBAAgB,0CAAE,IAAI,CAAE,CAAA;YACjB,CAAC,EAEf,CAAC;YACS,IAAM,WAAW,GAAG,+CACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,uBACvC,CAAC;YAEU;;;;;;cAME;YACF,IAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,4BAGlE,GAAG,CAAC,OAAO,0CAAE,GAAG,CAAC,UAAA,MAAM;gBACL,OAAO,SAAO,MAAM,CAAC,MAAM,YAAO,yBAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAG;sBACzD,MAAM;sBACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;sBACzC,IAAI,CAAA;YACd,CAAC,EAAE,IAAI,CAAC,IAAI,SAC3B;gBACe,CAAC,CAAC,8BAKjB,CAAA;YACW,OAAO;gBACH,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,IAAI,GAAG,QAAQ,GAAE,IAAI,GAAG,WAAW,GAAG,QAAQ;gBACtE,WAAW,EAAE,OAAA,GAAG,CAAC,OAAO,0CAAE,MAAM,MAAK,CAAC;aACzC,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAA;AAEL,CAAC,CAAA"}

package/module/sarif-to-markdown.d.ts

@@ -1,9 +1,12 @@
 import type { Log } from "sarif";
-export declare type sarifFormatterResult = {
-    title: string;
-    body: string;
-};
 export declare type sarifFormatterOptions = {
+    /**
+     * Title of content
+     */
+    title?: string;
+    /**
+     * https://github.com
+     */
     githubHost?: string;
     /**
      * GitHub Owner
@@ -23,7 +26,13 @@ export declare type sarifFormatterOptions = {
      */
     sourceRoot: string;
 };
-export declare const sarifToMarkdown: (options: sarifFormatterOptions) => (sarifLog: Log) => {
-    title: string;
+declare type sarifToMarkdownResult = {
+    title?: string;
     body: string;
-}[];
+    /**
+     * If the body has not results, `hasMessages` will be `false`
+     */
+    hasMessages: boolean;
+};
+export declare const sarifToMarkdown: (options: sarifFormatterOptions) => (sarifLog: Log) => sarifToMarkdownResult[];
+export {};

package/module/sarif-to-markdown.js

@@ -38,13 +38,15 @@ var createCodeURL = function (result, options) {
             return [];
         }
         var lineNumber = physicalLocation.region.endLine !== undefined ? "L" + physicalLocation.region.startLine + "-" + physicalLocation.region.endLine : "L" + physicalLocation.region.startLine;
-        return urlJoin(githubHost, options.owner, options.repo, "tree/" + options.branch, options.sourceRoot, physicalLocation.artifactLocation.uri + "#" + lineNumber);
+        return urlJoin(githubHost, options.owner, options.repo, "blob/" + options.branch, options.sourceRoot, physicalLocation.artifactLocation.uri + "#" + lineNumber);
     });
 };
 export var sarifToMarkdown = function (options) {
     return function (sarifLog) {
         return sarifLog.runs.map(function (run) {
-            var _a, _b, _c;
+            var _a, _b, _c, _d, _e, _f, _g;
+            var title = options.title ? "# " + options.title + "\n" : "# Report";
+            var toolInfo = "\n## Tool information\n- Name: " + ((_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.name) + "\n- Organization: " + ((_b = run.tool.driver) === null || _b === void 0 ? void 0 : _b.organization) + "\n- Version: " + ((_c = run.tool.driver) === null || _c === void 0 ? void 0 : _c.semanticVersion) + "\n";
             // # tool section
             // Rule info
             // Vulnerability info
@@ -53,27 +55,31 @@ export var sarifToMarkdown = function (options) {
             /**
              * # Rule Info
              */
-            var ruleInfo = escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["# ", "\n<!-- Rule Info -->\n", "\n "], ["\\\n# ", "\n<!-- Rule Info -->\n",
-                "\n "])), run.tool.driver.name, (_b = (_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.rules) === null || _b === void 0 ? void 0 : _b.map(function (rule) {
-                var _a;
+            var ruleInfo = escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["\n## Rules information\n<!-- Rule Info -->\n<details><summary>Rules details</summary>\n\n", "\n "], ["\n## Rules information\n<!-- Rule Info -->\n<details><summary>Rules details</summary>\n\n",
+                "\n "])), (_e = (_d = run.tool.driver) === null || _d === void 0 ? void 0 : _d.rules) === null || _e === void 0 ? void 0 : _e.map(function (rule) {
+                var _a, _b;
+                var severity = rule.properties ? (_a = rule.properties) === null || _a === void 0 ? void 0 : _a["problem.severity"] : "";
                 // rule description
-                return "**" + rule.id + "**\n\n> " + ((_a = rule.shortDescription) === null || _a === void 0 ? void 0 : _a.text);
+                return "- " + rule.id + " [" + severity + "]\n\n> " + ((_b = rule.shortDescription) === null || _b === void 0 ? void 0 : _b.text);
             }));
-            var ruleDetails = "<details><summary>Details</summary>\n<pre>" + JSON.stringify(run.tool, null, 4) + "</pre></details>";
+            var ruleDetails = "<details><summary>Details</summary>\n<pre>" + JSON.stringify(run.tool, null, 4) + "</pre></details>\n";
             /* Results
             - rule id
             - message
             - vulnerability source location
+
+            If pass the scan, results is empty array
             */
-            var results = "\n## Results\n\n" + ((_c = run.results) === null || _c === void 0 ? void 0 : _c.map(function (result) {
+            var results = run.results && run.results.length > 0 ? "\n## Results\n\n" + ((_f = run.results) === null || _f === void 0 ? void 0 : _f.map(function (result) {
                 return "- **" + result.ruleId + "**: " + escape(result.message.text)
                     + "\n\n"
                     + createCodeURL(result, options).join("\n")
                     + "\n";
-            }).join("\n")) + "\n";
+            }).join("\n")) + "\n"
+                : "\n## Results\n\nNo Error\n\n";
             return {
-                title: run.tool.driver.name,
-                body: ruleInfo + "\n" + ruleDetails + "\n" + results
+                body: title + results + "\n" + ruleInfo + "\n" + ruleDetails + toolInfo,
+                hasMessages: ((_g = run.results) === null || _g === void 0 ? void 0 : _g.length) !== 0
             };
         });
     };

package/module/sarif-to-markdown.js.map

@@ -1 +1 @@
-{"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;AACA,aAAa;AACb,OAAO,MAAM,MAAM,iBAAiB,CAAA;AAEpC,OAAO,OAAO,MAAM,UAAU,CAAC;AAE/B,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;;IACjE,IAAM,UAAU,SAAG,OAAO,CAAC,UAAU,mCAAI,oBAAoB,CAAC;IAC9D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QAClC,OAAO,EAAE,CAAC;KACb;IACD,aAAO,MAAM,CAAC,SAAS,0CAAE,OAAO,CAAC,UAAA,QAAQ;QACrC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAA;QAClD,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE;YACpC,OAAO,EAAE,CAAC;SACb;QACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,SAAI,gBAAgB,CAAC,MAAM,CAAC,OAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAW,CAAC;QACxL,OAAO,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,EAAE,UAAQ,OAAO,CAAC,MAAQ,EAAE,OAAO,CAAC,UAAU,EAAK,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,SAAI,UAAY,CAAC,CAAC;IACpK,CAAC,EAAE;AAEP,CAAC,CAAA;AA4BD,MAAM,CAAC,IAAM,eAAe,GAAG,UAAC,OAA8B;IAC1D,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAA,GAAG;;YACxB,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ;;eAEG;YACH,IAAM,QAAQ,GAAG,cAAc,wGAAA,QACvC,EAAoB,wBAEtB;gBAMW,KACX,KATE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,cAEtB,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAA,IAAI;;gBACd,mBAAmB;gBACnB,OAAO,OAAK,IAAI,CAAC,EAAE,uBAEnC,IAAI,CAAC,gBAAgB,0CAAE,IAAI,CAAE,CAAA;YACjB,CAAC,EAEf,CAAC;YACS,IAAM,WAAW,GAAG,+CACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,qBAAkB,CAAC;YAC/C;;;;cAIE;YACF,IAAM,OAAO,GAAG,4BAG1B,GAAG,CAAC,OAAO,0CAAE,GAAG,CAAC,UAAA,MAAM;gBACT,OAAO,SAAO,MAAM,CAAC,MAAM,YAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAG;sBACzD,MAAM;sBACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;sBACzC,IAAI,CAAA;YACd,CAAC,EAAE,IAAI,CAAC,IAAI,SACvB,CAAA;YACW,OAAO;gBACH,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBAC3B,IAAI,EAAE,QAAQ,GAAG,IAAI,GAAG,WAAW,GAAG,IAAI,GAAG,OAAO;aACvD,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAA;AAEL,CAAC,CAAA"}
+{"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;AACA,aAAa;AACb,OAAO,MAAM,MAAM,iBAAiB,CAAA;AACpC,OAAO,OAAO,MAAM,UAAU,CAAC;AAE/B,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;;IACjE,IAAM,UAAU,SAAG,OAAO,CAAC,UAAU,mCAAI,oBAAoB,CAAC;IAC9D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QAClC,OAAO,EAAE,CAAC;KACb;IACD,aAAO,MAAM,CAAC,SAAS,0CAAE,OAAO,CAAC,UAAA,QAAQ;QACrC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAA;QAClD,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE;YACpC,OAAO,EAAE,CAAC;SACb;QACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,SAAI,gBAAgB,CAAC,MAAM,CAAC,OAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAW,CAAC;QACxL,OAAO,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,EAAE,UAAQ,OAAO,CAAC,MAAQ,EAAE,OAAO,CAAC,UAAU,EAAK,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,SAAI,UAAY,CAAC,CAAC;IACpK,CAAC,EAAE;AAEP,CAAC,CAAA;AAuCD,MAAM,CAAC,IAAM,eAAe,GAAG,UAAC,OAA8B;IAC1D,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAA,GAAG;;YACxB,IAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAK,OAAO,CAAC,KAAK,OAAI,CAAC,CAAC,CAAC,UAAU,CAAC;YAElE,IAAM,QAAQ,GAAG,2CAEnB,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,IAAI,kCACb,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,YAAY,6BAClC,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,eAAe,QAC5C,CAAA;YACW,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ;;eAEG;YACH,IAAM,QAAQ,GAAG,cAAc,qKAAA,2FAKzC;gBAOW,KACX,iBARA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAA,IAAI;;gBACd,IAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,OAAC,IAAI,CAAC,UAAU,0CAAG,kBAAkB,EAAE,CAAC,CAAC,EAAE,CAAA;gBAC7E,mBAAmB;gBACnB,OAAO,OAAK,IAAI,CAAC,EAAE,UAAK,QAAQ,sBAEhD,IAAI,CAAC,gBAAgB,0CAAE,IAAI,CAAE,CAAA;YACjB,CAAC,EAEf,CAAC;YACS,IAAM,WAAW,GAAG,+CACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,uBACvC,CAAC;YAEU;;;;;;cAME;YACF,IAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,4BAGlE,GAAG,CAAC,OAAO,0CAAE,GAAG,CAAC,UAAA,MAAM;gBACL,OAAO,SAAO,MAAM,CAAC,MAAM,YAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAG;sBACzD,MAAM;sBACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;sBACzC,IAAI,CAAA;YACd,CAAC,EAAE,IAAI,CAAC,IAAI,SAC3B;gBACe,CAAC,CAAC,8BAKjB,CAAA;YACW,OAAO;gBACH,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,IAAI,GAAG,QAAQ,GAAE,IAAI,GAAG,WAAW,GAAG,QAAQ;gBACtE,WAAW,EAAE,OAAA,GAAG,CAAC,OAAO,0CAAE,MAAM,MAAK,CAAC;aACzC,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAA;AAEL,CAAC,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@security-alert/sarif-to-markdown",
-  "version": "1.3.0",
+  "version": "1.5.0",
   "description": "Convert Sarif format to body text",
   "keywords": [
     "sarif",
@@ -64,5 +64,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "3b0a7359c897f348bb7595dd74e1d6376201c395"
+  "gitHead": "0d5db77172579ca1726adc001e941f4bd294dbac"
 }

package/CHANGELOG.md

@@ -1,11 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file.
-See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
-
-# [1.3.0](https://github.com/azu/security-alert/compare/v1.2.0...v1.3.0) (2020-08-04)
-
-
-### Features
-
-* add sarif packages ([c0831cd](https://github.com/azu/security-alert/commit/c0831cd1834e1f84ed721500cbe8db9523edc4eb))