@security-alert/sarif-to-markdown 1.3.4 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +336 -4
  2. package/lib/sarif-to-markdown.d.ts +24 -7
  3. package/lib/sarif-to-markdown.js +58 -18
  4. package/lib/sarif-to-markdown.js.map +1 -1
  5. package/module/sarif-to-markdown.d.ts +24 -7
  6. package/module/sarif-to-markdown.js +56 -17
  7. package/module/sarif-to-markdown.js.map +1 -1
  8. package/package.json +6 -14
  9. package/CHANGELOG.md +0 -22
  10. package/lib/sarif-formatter.d.ts +0 -24
  11. package/lib/sarif-formatter.js +0 -56
  12. package/lib/sarif-formatter.js.map +0 -1
package/README.md CHANGED
@@ -1,11 +1,11 @@
1
1
  # @security-alert/sarif-to-markdown
2
2
 
3
- Convert SARIF format to body text
3
+ Convert SARIF format to Markdown text.
4
4
 
5
5
  > Supported safari version: v2.1.0
6
6
 
7
7
  - [SARIF output — CodeQL](https://help.semmle.com/codeql/codeql-cli/reference/sarif-overview.html)
8
- - [OASIS Static Analysis Results Interchange Format (SARIF) TC | OASIS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif)
8
+ - [OASIS Static Analysis sarifToMarkdownResult Interchange Format (SARIF) TC | OASIS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif)
9
9
 
10
10
  ## Install
11
11
 
@@ -13,9 +13,341 @@ Install with [npm](https://www.npmjs.com/):
13
13
 
14
14
  npm install @security-alert/sarif-to-markdown
15
15
 
16
- ## Usage
16
+ ## Example
17
17
 
18
- - [ ] Write usage instructions
18
+ **input.sarif:**
19
+
20
+ ```json
21
+ {
22
+ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
23
+ "version": "2.1.0",
24
+ "runs": [
25
+ {
26
+ "tool": {
27
+ "driver": {
28
+ "name": "CodeQL command-line toolchain",
29
+ "organization": "GitHub",
30
+ "semanticVersion": "2.2.4",
31
+ "rules": [
32
+ {
33
+ "id": "js/xss",
34
+ "name": "js/xss",
35
+ "shortDescription": {
36
+ "text": "Client-side cross-site scripting"
37
+ },
38
+ "fullDescription": {
39
+ "text": "Writing user input directly to the DOM allows for a cross-site scripting vulnerability."
40
+ },
41
+ "defaultConfiguration": {
42
+ "level": "error"
43
+ },
44
+ "properties": {
45
+ "tags": [
46
+ "security",
47
+ "external/cwe/cwe-079",
48
+ "external/cwe/cwe-116"
49
+ ],
50
+ "kind": "path-problem",
51
+ "precision": "high",
52
+ "name": "Client-side cross-site scripting",
53
+ "description": "Writing user input directly to the DOM allows for\n a cross-site scripting vulnerability.",
54
+ "id": "js/xss",
55
+ "problem.severity": "error"
56
+ }
57
+ }
58
+ ]
59
+ }
60
+ },
61
+ "artifacts": [
62
+ {
63
+ "location": {
64
+ "uri": "examples/Xss.js",
65
+ "uriBaseId": "%SRCROOT%",
66
+ "index": 0
67
+ }
68
+ }
69
+ ],
70
+ "results": [
71
+ {
72
+ "ruleId": "js/xss",
73
+ "ruleIndex": 0,
74
+ "message": {
75
+ "text": "Cross-site scripting vulnerability due to [user-provided value](1)."
76
+ },
77
+ "locations": [
78
+ {
79
+ "physicalLocation": {
80
+ "artifactLocation": {
81
+ "uri": "examples/Xss.js",
82
+ "uriBaseId": "%SRCROOT%",
83
+ "index": 0
84
+ },
85
+ "region": {
86
+ "startLine": 4,
87
+ "startColumn": 20,
88
+ "endColumn": 56
89
+ }
90
+ }
91
+ }
92
+ ],
93
+ "partialFingerprints": {
94
+ "primaryLocationLineHash": "f10617abe5e779f0:1",
95
+ "primaryLocationStartColumnFingerprint": "15"
96
+ },
97
+ "codeFlows": [
98
+ {
99
+ "threadFlows": [
100
+ {
101
+ "locations": [
102
+ {
103
+ "location": {
104
+ "physicalLocation": {
105
+ "artifactLocation": {
106
+ "uri": "examples/Xss.js",
107
+ "uriBaseId": "%SRCROOT%",
108
+ "index": 0
109
+ },
110
+ "region": {
111
+ "startLine": 2,
112
+ "startColumn": 16,
113
+ "endColumn": 33
114
+ }
115
+ },
116
+ "message": {
117
+ "text": "document.location"
118
+ }
119
+ }
120
+ },
121
+ {
122
+ "location": {
123
+ "physicalLocation": {
124
+ "artifactLocation": {
125
+ "uri": "examples/Xss.js",
126
+ "uriBaseId": "%SRCROOT%",
127
+ "index": 0
128
+ },
129
+ "region": {
130
+ "startLine": 2,
131
+ "startColumn": 16,
132
+ "endColumn": 38
133
+ }
134
+ },
135
+ "message": {
136
+ "text": "documen ... on.href"
137
+ }
138
+ }
139
+ },
140
+ {
141
+ "location": {
142
+ "physicalLocation": {
143
+ "artifactLocation": {
144
+ "uri": "examples/Xss.js",
145
+ "uriBaseId": "%SRCROOT%",
146
+ "index": 0
147
+ },
148
+ "region": {
149
+ "startLine": 2,
150
+ "startColumn": 9,
151
+ "endColumn": 38
152
+ }
153
+ },
154
+ "message": {
155
+ "text": "href"
156
+ }
157
+ }
158
+ },
159
+ {
160
+ "location": {
161
+ "physicalLocation": {
162
+ "artifactLocation": {
163
+ "uri": "examples/Xss.js",
164
+ "uriBaseId": "%SRCROOT%",
165
+ "index": 0
166
+ },
167
+ "region": {
168
+ "startLine": 3,
169
+ "startColumn": 17,
170
+ "endColumn": 21
171
+ }
172
+ },
173
+ "message": {
174
+ "text": "href"
175
+ }
176
+ }
177
+ },
178
+ {
179
+ "location": {
180
+ "physicalLocation": {
181
+ "artifactLocation": {
182
+ "uri": "examples/Xss.js",
183
+ "uriBaseId": "%SRCROOT%",
184
+ "index": 0
185
+ },
186
+ "region": {
187
+ "startLine": 3,
188
+ "startColumn": 17,
189
+ "endColumn": 59
190
+ }
191
+ },
192
+ "message": {
193
+ "text": "href.su ... t=\")+8)"
194
+ }
195
+ }
196
+ },
197
+ {
198
+ "location": {
199
+ "physicalLocation": {
200
+ "artifactLocation": {
201
+ "uri": "examples/Xss.js",
202
+ "uriBaseId": "%SRCROOT%",
203
+ "index": 0
204
+ },
205
+ "region": {
206
+ "startLine": 3,
207
+ "startColumn": 9,
208
+ "endColumn": 59
209
+ }
210
+ },
211
+ "message": {
212
+ "text": "deflt"
213
+ }
214
+ }
215
+ },
216
+ {
217
+ "location": {
218
+ "physicalLocation": {
219
+ "artifactLocation": {
220
+ "uri": "examples/Xss.js",
221
+ "uriBaseId": "%SRCROOT%",
222
+ "index": 0
223
+ },
224
+ "region": {
225
+ "startLine": 4,
226
+ "startColumn": 39,
227
+ "endColumn": 44
228
+ }
229
+ },
230
+ "message": {
231
+ "text": "deflt"
232
+ }
233
+ }
234
+ },
235
+ {
236
+ "location": {
237
+ "physicalLocation": {
238
+ "artifactLocation": {
239
+ "uri": "examples/Xss.js",
240
+ "uriBaseId": "%SRCROOT%",
241
+ "index": 0
242
+ },
243
+ "region": {
244
+ "startLine": 4,
245
+ "startColumn": 20,
246
+ "endColumn": 56
247
+ }
248
+ },
249
+ "message": {
250
+ "text": "\"<OPTIO ... PTION>\""
251
+ }
252
+ }
253
+ }
254
+ ]
255
+ }
256
+ ]
257
+ }
258
+ ],
259
+ "relatedLocations": [
260
+ {
261
+ "id": 1,
262
+ "physicalLocation": {
263
+ "artifactLocation": {
264
+ "uri": "examples/Xss.js",
265
+ "uriBaseId": "%SRCROOT%",
266
+ "index": 0
267
+ },
268
+ "region": {
269
+ "startLine": 2,
270
+ "startColumn": 16,
271
+ "endColumn": 33
272
+ }
273
+ },
274
+ "message": {
275
+ "text": "user-provided value"
276
+ }
277
+ }
278
+ ]
279
+ }
280
+ ],
281
+ "newlineSequences": [
282
+ "\r\n",
283
+ "\n",
284
+ "
",
285
+ "
"
286
+ ],
287
+ "columnKind": "utf16CodeUnits",
288
+ "properties": {
289
+ "semmle.formatSpecifier": "sarifv2.1.0"
290
+ }
291
+ }
292
+ ]
293
+ }
294
+ ```
295
+
296
+ **output.md**
297
+
298
+ ---
299
+
300
+
301
+ ## Rules
302
+ <!-- Rule Info -->
303
+ **js/xss** (severity: **error**)
304
+
305
+ > Client-side cross-site scripting
306
+
307
+ <details><summary>Details</summary>
308
+ <pre>{
309
+ "driver": {
310
+ "name": "CodeQL command-line toolchain",
311
+ "organization": "GitHub",
312
+ "semanticVersion": "2.2.4",
313
+ "rules": [
314
+ {
315
+ "id": "js/xss",
316
+ "name": "js/xss",
317
+ "shortDescription": {
318
+ "text": "Client-side cross-site scripting"
319
+ },
320
+ "fullDescription": {
321
+ "text": "Writing user input directly to the DOM allows for a cross-site scripting vulnerability."
322
+ },
323
+ "defaultConfiguration": {
324
+ "level": "error"
325
+ },
326
+ "properties": {
327
+ "tags": [
328
+ "security",
329
+ "external/cwe/cwe-079",
330
+ "external/cwe/cwe-116"
331
+ ],
332
+ "kind": "path-problem",
333
+ "precision": "high",
334
+ "name": "Client-side cross-site scripting",
335
+ "description": "Writing user input directly to the DOM allows for\n a cross-site scripting vulnerability.",
336
+ "id": "js/xss",
337
+ "problem.severity": "error"
338
+ }
339
+ }
340
+ ]
341
+ }
342
+ }</pre></details>
343
+
344
+ ## Results
345
+
346
+ - **js/xss**: Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
347
+
348
+ https://github.com/owner/repo/blob/master/base/examples/Xss.js#L4
349
+
350
+ ---
19
351
 
20
352
  ## Changelog
21
353
 
package/lib/sarif-to-markdown.d.ts CHANGED
@@ -1,9 +1,12 @@
1
1
  import type { Log } from "sarif";
2
- export declare type sarifFormatterResult = {
3
- title: string;
4
- body: string;
5
- };
6
2
  export declare type sarifFormatterOptions = {
3
+ /**
4
+ * Title of content
5
+ */
6
+ title?: string;
7
+ /**
8
+ * https://github.com
9
+ */
7
10
  githubHost?: string;
8
11
  /**
9
12
  * GitHub Owner
@@ -22,8 +25,22 @@ export declare type sarifFormatterOptions = {
22
25
  * Base path
23
26
  */
24
27
  sourceRoot: string;
28
+ /**
29
+ * Details of the rules in the comment or not, this might make the comment too big for Github
30
+ */
31
+ details?: boolean;
32
+ /**
33
+ * Should the markdown include suppressed findings, defaults to true
34
+ */
35
+ suppressedResults?: boolean;
25
36
  };
26
- export declare const sarifToMarkdown: (options: sarifFormatterOptions) => (sarifLog: Log) => {
27
- title: string;
37
+ declare type sarifToMarkdownResult = {
38
+ title?: string;
28
39
  body: string;
29
- }[];
40
+ /**
41
+ * If the body has not results, `hasMessages` will be `false`
42
+ */
43
+ hasMessages: boolean;
44
+ };
45
+ export declare const sarifToMarkdown: (options: sarifFormatterOptions) => (sarifLog: Log) => sarifToMarkdownResult[];
46
+ export {};
package/lib/sarif-to-markdown.js CHANGED
@@ -19,7 +19,7 @@ function escapeMarkdown(strings) {
19
19
  return strings.reduce(function (result, str, i) {
20
20
  var value = values[i - 1];
21
21
  if (typeof value === "string") {
22
- return result + markdown_escape_1.default(value) + str;
22
+ return result + (0, markdown_escape_1.default)(value) + str;
23
23
  }
24
24
  else {
25
25
  return result + String(value) + str;
@@ -43,14 +43,19 @@ var createCodeURL = function (result, options) {
43
43
  if (!physicalLocation.region) {
44
44
  return [];
45
45
  }
46
- var lineNumber = physicalLocation.region.endLine !== undefined ? "L" + physicalLocation.region.startLine + "-" + physicalLocation.region.endLine : "L" + physicalLocation.region.startLine;
47
- return url_join_1.default(githubHost, options.owner, options.repo, "blob/" + options.branch, options.sourceRoot, physicalLocation.artifactLocation.uri + "#" + lineNumber);
46
+ var lineNumber = physicalLocation.region.endLine !== undefined
47
+ ? "L".concat(physicalLocation.region.startLine, "-").concat(physicalLocation.region.endLine)
48
+ : "L".concat(physicalLocation.region.startLine);
49
+ return (0, url_join_1.default)(githubHost, options.owner, options.repo, "blob/".concat(options.branch), options.sourceRoot, "".concat(physicalLocation.artifactLocation.uri, "#").concat(lineNumber));
48
50
  });
49
51
  };
50
- exports.sarifToMarkdown = function (options) {
52
+ var sarifToMarkdown = function (options) {
53
+ var suppressedResultsFlag = options.suppressedResults !== undefined ? options.suppressedResults : true;
51
54
  return function (sarifLog) {
52
55
  return sarifLog.runs.map(function (run) {
53
- var _a, _b, _c;
56
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j;
57
+ var title = options.title ? "# ".concat(options.title, "\n") : "# Report";
58
+ var toolInfo = "\n## Tool information\n- Name: ".concat((_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.name, "\n- Organization: ").concat((_b = run.tool.driver) === null || _b === void 0 ? void 0 : _b.organization, "\n- Version: ").concat((_c = run.tool.driver) === null || _c === void 0 ? void 0 : _c.semanticVersion, "\n");
54
59
  // # tool section
55
60
  // Rule info
56
61
  // Vulnerability info
@@ -59,30 +64,65 @@ exports.sarifToMarkdown = function (options) {
59
64
  /**
60
65
  * # Rule Info
61
66
  */
62
- var ruleInfo = escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["# ", "\n<!-- Rule Info -->\n", "\n "], ["\\\n# ", "\n<!-- Rule Info -->\n",
63
- "\n "])), run.tool.driver.name, (_b = (_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.rules) === null || _b === void 0 ? void 0 : _b.map(function (rule) {
64
- var _a;
67
+ var ruleInfo = escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["\n## Rules information\n<!-- Rule Info -->\n<details><summary>Rules details</summary>\n\n", "\n "], ["\n## Rules information\n<!-- Rule Info -->\n<details><summary>Rules details</summary>\n\n", "\n "])), (_e = (_d = run.tool.driver) === null || _d === void 0 ? void 0 : _d.rules) === null || _e === void 0 ? void 0 : _e.map(function (rule) {
68
+ var _a, _b;
69
+ var severity = rule.properties ? (_a = rule.properties) === null || _a === void 0 ? void 0 : _a["problem.severity"] : "";
65
70
  // rule description
66
- return "**" + rule.id + "**\n\n> " + ((_a = rule.shortDescription) === null || _a === void 0 ? void 0 : _a.text);
71
+ return "- ".concat(rule.id, " [").concat(severity, "]\n\n> ").concat((_b = rule.shortDescription) === null || _b === void 0 ? void 0 : _b.text);
67
72
  }));
68
- var ruleDetails = "<details><summary>Details</summary>\n<pre>" + JSON.stringify(run.tool, null, 4) + "</pre></details>";
73
+ var ruleDetails = "<details><summary>Details</summary>\n<pre>".concat(JSON.stringify(run.tool, null, 4), "</pre></details>\n");
69
74
  /* Results
70
75
  - rule id
71
76
  - message
72
77
  - vulnerability source location
78
+
79
+ If pass the scan, results is empty array
73
80
  */
74
- var results = "\n## Results\n\n" + ((_c = run.results) === null || _c === void 0 ? void 0 : _c.map(function (result) {
75
- return "- **" + result.ruleId + "**: " + markdown_escape_1.default(result.message.text)
76
- + "\n\n"
77
- + createCodeURL(result, options).join("\n")
78
- + "\n";
79
- }).join("\n")) + "\n";
81
+ var results = run.results && run.results.length > 0
82
+ ? "\n## Results\n\n".concat((_f = run.results) === null || _f === void 0 ? void 0 : _f.map(function (result) {
83
+ return result.suppressions
84
+ ? ""
85
+ : "- **".concat(result.ruleId, "**: ").concat((0, markdown_escape_1.default)(result.message.text)) +
86
+ "\n\n" +
87
+ createCodeURL(result, options).join("\n") +
88
+ "\n";
89
+ }).join("\n"), "\n")
90
+ : "\n## Results\n\nNo Error\n\n";
91
+ // careful, double ternary... first check if we should include suppressedresults (return empty string)
92
+ // then check if there are results, if none, return default string
93
+ var suppressedResultsText = suppressedResultsFlag
94
+ ? run.results && run.results.length > 0
95
+ ? "\n## Suppressed results\n\n".concat((_g = run.results) === null || _g === void 0 ? void 0 : _g.map(function (result) {
96
+ return result.suppressions
97
+ ? "- **".concat(result.ruleId, "**: ").concat((0, markdown_escape_1.default)(result.message.text)) +
98
+ "\n\n" +
99
+ createCodeURL(result, options).join("\n") +
100
+ "\n"
101
+ : "";
102
+ }).join("\n"), "\n")
103
+ : "\n## Results\n\nNo suppressed issues\n\n"
104
+ : "";
105
+ if (options.details) {
106
+ return {
107
+ body: title +
108
+ results +
109
+ "\n" +
110
+ suppressedResultsText +
111
+ "\n" +
112
+ ruleInfo +
113
+ "\n" +
114
+ ruleDetails +
115
+ toolInfo,
116
+ hasMessages: ((_h = run.results) === null || _h === void 0 ? void 0 : _h.length) !== 0
117
+ };
118
+ }
80
119
  return {
81
- title: run.tool.driver.name,
82
- body: ruleInfo + "\n" + ruleDetails + "\n" + results
120
+ body: title + results + "\n" + suppressedResultsText + "\n" + ruleInfo + "\n" + toolInfo,
121
+ hasMessages: ((_j = run.results) === null || _j === void 0 ? void 0 : _j.length) !== 0
83
122
  };
84
123
  });
85
124
  };
86
125
  };
126
+ exports.sarifToMarkdown = sarifToMarkdown;
87
127
  var templateObject_1;
88
128
  //# sourceMappingURL=sarif-to-markdown.js.map
package/lib/sarif-to-markdown.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;;;;;;;AACA,aAAa;AACb,oEAAoC;AAEpC,sDAA+B;AAE/B,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,yBAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;;IACjE,IAAM,UAAU,SAAG,OAAO,CAAC,UAAU,mCAAI,oBAAoB,CAAC;IAC9D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QAClC,OAAO,EAAE,CAAC;KACb;IACD,aAAO,MAAM,CAAC,SAAS,0CAAE,OAAO,CAAC,UAAA,QAAQ;QACrC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAA;QAClD,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE;YACpC,OAAO,EAAE,CAAC;SACb;QACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,SAAI,gBAAgB,CAAC,MAAM,CAAC,OAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAW,CAAC;QACxL,OAAO,kBAAO,CAAC,UAAU,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,EAAE,UAAQ,OAAO,CAAC,MAAQ,EAAE,OAAO,CAAC,UAAU,EAAK,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,SAAI,UAAY,CAAC,CAAC;IACpK,CAAC,EAAE;AAEP,CAAC,CAAA;AA4BY,QAAA,eAAe,GAAG,UAAC,OAA8B;IAC1D,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAA,GAAG;;YACxB,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ;;eAEG;YACH,IAAM,QAAQ,GAAG,cAAc,wGAAA,QACvC,EAAoB,wBAEtB;gBAMW,KACX,KATE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,cAEtB,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAA,IAAI;;gBACd,mBAAmB;gBACnB,OAAO,OAAK,IAAI,CAAC,EAAE,uBAEnC,IAAI,CAAC,gBAAgB,0CAAE,IAAI,CAAE,CAAA;YACjB,CAAC,EAEf,CAAC;YACS,IAAM,WAAW,GAAG,+CACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,qBAAkB,CAAC;YAC/C;;;;cAIE;YACF,IAAM,OAAO,GAAG,4BAG1B,GAAG,CAAC,OAAO,0CAAE,GAAG,CAAC,UAAA,MAAM;gBACT,OAAO,SAAO,MAAM,CAAC,MAAM,YAAO,yBAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAG;sBACzD,MAAM;sBACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;sBACzC,IAAI,CAAA;YACd,CAAC,EAAE,IAAI,CAAC,IAAI,SACvB,CAAA;YACW,OAAO;gBACH,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBAC3B,IAAI,EAAE,QAAQ,GAAG,IAAI,GAAG,WAAW,GAAG,IAAI,GAAG,OAAO;aACvD,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAA;AAEL,CAAC,CAAA"}
1
+ {"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;;;;;;;AACA,aAAa;AACb,oEAAqC;AACrC,sDAA+B;AAE/B,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,IAAA,yBAAM,EAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;;IACjE,IAAM,UAAU,GAAG,MAAA,OAAO,CAAC,UAAU,mCAAI,oBAAoB,CAAC;IAC9D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QAClC,OAAO,EAAE,CAAC;KACb;IACD,OAAO,MAAA,MAAM,CAAC,SAAS,0CAAE,OAAO,CAAC,UAAC,QAAa;QAC3C,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAC;QACnD,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE;YACpC,OAAO,EAAE,CAAC;SACb;QACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,UAAU,GACZ,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS;YACzC,CAAC,CAAC,WAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,cAAI,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAE;YAC5E,CAAC,CAAC,WAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;QAClD,OAAO,IAAA,kBAAO,EACV,UAAU,EACV,OAAO,CAAC,KAAK,EACb,OAAO,CAAC,IAAI,EACZ,eAAQ,OAAO,CAAC,MAAM,CAAE,EACxB,OAAO,CAAC,UAAU,EAClB,UAAG,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,cAAI,UAAU,CAAE,CAC3D,CAAC;IACN,CAAC,CAAC,CAAC;AACP,CAAC,CAAC;AA6CK,IAAM,eAAe,GAAG,UAAC,OAA8B;IAC1D,IAAM,qBAAqB,GAAG,OAAO,CAAC,iBAAiB,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC;IAEzG,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAC,GAAQ;;YAC9B,IAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,YAAK,OAAO,CAAC,KAAK,OAAI,CAAC,CAAC,CAAC,UAAU,CAAC;YAElE,IAAM,QAAQ,GAAG,yCAEnB,MAAA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,IAAI,+BACb,MAAA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,YAAY,0BAClC,MAAA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,eAAe,OAC5C,CAAC;YACU,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ;;eAEG;YACH,IAAM,QAAQ,GAAG,cAAc,qKAAA,2FAKzC,EAMA,KACA,KAPA,MAAA,MAAA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAC,IAAS;;gBACpC,IAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,MAAA,IAAI,CAAC,UAAU,0CAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9E,mBAAmB;gBACnB,OAAO,YAAK,IAAI,CAAC,EAAE,eAAK,QAAQ,oBAEhC,MAAA,IAAI,CAAC,gBAAgB,0CAAE,IAAI,CAAE,CAAC;YAClC,CAAC,CAAC,CACA,CAAC;YACS,IAAM,WAAW,GAAG,oDACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,uBACvC,CAAC;YAEU;;;;;;cAME;YACF,IAAM,OAAO,GACT,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;gBACjC,CAAC,CAAC,0BAGpB,MAAA,GAAG,CAAC,OAAO,0CACP,GAAG,CAAC,UAAC,MAAW;oBACd,OAAO,MAAM,CAAC,YAAY;wBACtB,CAAC,CAAC,EAAE;wBACJ,CAAC,CAAC,cAAO,MAAM,CAAC,MAAM,iBAAO,IAAA,yBAAM,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAE;4BACpD,MAAM;4BACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;4BACzC,IAAI,CAAC;gBACnB,CAAC,EACA,IAAI,CAAC,IAAI,CAAC,OACd;gBACmB,CAAC,CAAC,8BAKrB,CAAC;YAEU,sGAAsG;YACtG,kEAAkE;YAClE,IAAM,qBAAqB,GAAG,qBAAqB;gBAC/C,CAAC,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;oBACnC,CAAC,CAAC,qCAGpB,MAAA,GAAG,CAAC,OAAO,0CACP,GAAG,CAAC,UAAC,MAAW;wBACd,OAAO,MAAM,CAAC,YAAY;4BACtB,CAAC,CAAC,cAAO,MAAM,CAAC,MAAM,iBAAO,IAAA,yBAAM,EAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAE;gCACpD,MAAM;gCACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;gCACzC,IAAI;4BACV,CAAC,CAAC,EAAE,CAAC;oBACb,CAAC,EACA,IAAI,CAAC,IAAI,CAAC,OACd;oBACmB,CAAC,CAAC,0CAKrB;gBACe,CAAC,CAAC,EAAE,CAAC;YAET,IAAI,OAAO,CAAC,OAAO,EAAE;gBACjB,OAAO;oBACH,IAAI,EACA,KAAK;wBACL,OAAO;wBACP,IAAI;wBACJ,qBAAqB;wBACrB,IAAI;wBACJ,QAAQ;wBACR,IAAI;wBACJ,WAAW;wBACX,QAAQ;oBACZ,WAAW,EAAE,CAAA,MAAA,GAAG,CAAC,OAAO,0CAAE,MAAM,MAAK,CAAC;iBACzC,CAAC;aACL;YACD,OAAO;gBACH,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,IAAI,GAAG,qBAAqB,GAAG,IAAI,GAAG,QAAQ,GAAG,IAAI,GAAG,QAAQ;gBACxF,WAAW,EAAE,CAAA,MAAA,GAAG,CAAC,OAAO,0CAAE,MAAM,MAAK,CAAC;aACzC,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC,CAAC;AAnHW,QAAA,eAAe,mBAmH1B"}
package/module/sarif-to-markdown.d.ts CHANGED
@@ -1,9 +1,12 @@
1
1
  import type { Log } from "sarif";
2
- export declare type sarifFormatterResult = {
3
- title: string;
4
- body: string;
5
- };
6
2
  export declare type sarifFormatterOptions = {
3
+ /**
4
+ * Title of content
5
+ */
6
+ title?: string;
7
+ /**
8
+ * https://github.com
9
+ */
7
10
  githubHost?: string;
8
11
  /**
9
12
  * GitHub Owner
@@ -22,8 +25,22 @@ export declare type sarifFormatterOptions = {
22
25
  * Base path
23
26
  */
24
27
  sourceRoot: string;
28
+ /**
29
+ * Details of the rules in the comment or not, this might make the comment too big for Github
30
+ */
31
+ details?: boolean;
32
+ /**
33
+ * Should the markdown include suppressed findings, defaults to true
34
+ */
35
+ suppressedResults?: boolean;
25
36
  };
26
- export declare const sarifToMarkdown: (options: sarifFormatterOptions) => (sarifLog: Log) => {
27
- title: string;
37
+ declare type sarifToMarkdownResult = {
38
+ title?: string;
28
39
  body: string;
29
- }[];
40
+ /**
41
+ * If the body has not results, `hasMessages` will be `false`
42
+ */
43
+ hasMessages: boolean;
44
+ };
45
+ export declare const sarifToMarkdown: (options: sarifFormatterOptions) => (sarifLog: Log) => sarifToMarkdownResult[];
46
+ export {};
package/module/sarif-to-markdown.js CHANGED
@@ -3,7 +3,7 @@ var __makeTemplateObject = (this && this.__makeTemplateObject) || function (cook
3
3
  return cooked;
4
4
  };
5
5
  // @ts-ignore
6
- import escape from 'markdown-escape';
6
+ import escape from "markdown-escape";
7
7
  import urlJoin from "url-join";
8
8
  function escapeMarkdown(strings) {
9
9
  var values = [];
@@ -37,14 +37,19 @@ var createCodeURL = function (result, options) {
37
37
  if (!physicalLocation.region) {
38
38
  return [];
39
39
  }
40
- var lineNumber = physicalLocation.region.endLine !== undefined ? "L" + physicalLocation.region.startLine + "-" + physicalLocation.region.endLine : "L" + physicalLocation.region.startLine;
41
- return urlJoin(githubHost, options.owner, options.repo, "blob/" + options.branch, options.sourceRoot, physicalLocation.artifactLocation.uri + "#" + lineNumber);
40
+ var lineNumber = physicalLocation.region.endLine !== undefined
41
+ ? "L".concat(physicalLocation.region.startLine, "-").concat(physicalLocation.region.endLine)
42
+ : "L".concat(physicalLocation.region.startLine);
43
+ return urlJoin(githubHost, options.owner, options.repo, "blob/".concat(options.branch), options.sourceRoot, "".concat(physicalLocation.artifactLocation.uri, "#").concat(lineNumber));
42
44
  });
43
45
  };
44
46
  export var sarifToMarkdown = function (options) {
47
+ var suppressedResultsFlag = options.suppressedResults !== undefined ? options.suppressedResults : true;
45
48
  return function (sarifLog) {
46
49
  return sarifLog.runs.map(function (run) {
47
- var _a, _b, _c;
50
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j;
51
+ var title = options.title ? "# ".concat(options.title, "\n") : "# Report";
52
+ var toolInfo = "\n## Tool information\n- Name: ".concat((_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.name, "\n- Organization: ").concat((_b = run.tool.driver) === null || _b === void 0 ? void 0 : _b.organization, "\n- Version: ").concat((_c = run.tool.driver) === null || _c === void 0 ? void 0 : _c.semanticVersion, "\n");
48
53
  // # tool section
49
54
  // Rule info
50
55
  // Vulnerability info
@@ -53,27 +58,61 @@ export var sarifToMarkdown = function (options) {
53
58
  /**
54
59
  * # Rule Info
55
60
  */
56
- var ruleInfo = escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["# ", "\n<!-- Rule Info -->\n", "\n "], ["\\\n# ", "\n<!-- Rule Info -->\n",
57
- "\n "])), run.tool.driver.name, (_b = (_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.rules) === null || _b === void 0 ? void 0 : _b.map(function (rule) {
58
- var _a;
61
+ var ruleInfo = escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["\n## Rules information\n<!-- Rule Info -->\n<details><summary>Rules details</summary>\n\n", "\n "], ["\n## Rules information\n<!-- Rule Info -->\n<details><summary>Rules details</summary>\n\n", "\n "])), (_e = (_d = run.tool.driver) === null || _d === void 0 ? void 0 : _d.rules) === null || _e === void 0 ? void 0 : _e.map(function (rule) {
62
+ var _a, _b;
63
+ var severity = rule.properties ? (_a = rule.properties) === null || _a === void 0 ? void 0 : _a["problem.severity"] : "";
59
64
  // rule description
60
- return "**" + rule.id + "**\n\n> " + ((_a = rule.shortDescription) === null || _a === void 0 ? void 0 : _a.text);
65
+ return "- ".concat(rule.id, " [").concat(severity, "]\n\n> ").concat((_b = rule.shortDescription) === null || _b === void 0 ? void 0 : _b.text);
61
66
  }));
62
- var ruleDetails = "<details><summary>Details</summary>\n<pre>" + JSON.stringify(run.tool, null, 4) + "</pre></details>";
67
+ var ruleDetails = "<details><summary>Details</summary>\n<pre>".concat(JSON.stringify(run.tool, null, 4), "</pre></details>\n");
63
68
  /* Results
64
69
  - rule id
65
70
  - message
66
71
  - vulnerability source location
72
+
73
+ If pass the scan, results is empty array
67
74
  */
68
- var results = "\n## Results\n\n" + ((_c = run.results) === null || _c === void 0 ? void 0 : _c.map(function (result) {
69
- return "- **" + result.ruleId + "**: " + escape(result.message.text)
70
- + "\n\n"
71
- + createCodeURL(result, options).join("\n")
72
- + "\n";
73
- }).join("\n")) + "\n";
75
+ var results = run.results && run.results.length > 0
76
+ ? "\n## Results\n\n".concat((_f = run.results) === null || _f === void 0 ? void 0 : _f.map(function (result) {
77
+ return result.suppressions
78
+ ? ""
79
+ : "- **".concat(result.ruleId, "**: ").concat(escape(result.message.text)) +
80
+ "\n\n" +
81
+ createCodeURL(result, options).join("\n") +
82
+ "\n";
83
+ }).join("\n"), "\n")
84
+ : "\n## Results\n\nNo Error\n\n";
85
+ // careful, double ternary... first check if we should include suppressedresults (return empty string)
86
+ // then check if there are results, if none, return default string
87
+ var suppressedResultsText = suppressedResultsFlag
88
+ ? run.results && run.results.length > 0
89
+ ? "\n## Suppressed results\n\n".concat((_g = run.results) === null || _g === void 0 ? void 0 : _g.map(function (result) {
90
+ return result.suppressions
91
+ ? "- **".concat(result.ruleId, "**: ").concat(escape(result.message.text)) +
92
+ "\n\n" +
93
+ createCodeURL(result, options).join("\n") +
94
+ "\n"
95
+ : "";
96
+ }).join("\n"), "\n")
97
+ : "\n## Results\n\nNo suppressed issues\n\n"
98
+ : "";
99
+ if (options.details) {
100
+ return {
101
+ body: title +
102
+ results +
103
+ "\n" +
104
+ suppressedResultsText +
105
+ "\n" +
106
+ ruleInfo +
107
+ "\n" +
108
+ ruleDetails +
109
+ toolInfo,
110
+ hasMessages: ((_h = run.results) === null || _h === void 0 ? void 0 : _h.length) !== 0
111
+ };
112
+ }
74
113
  return {
75
- title: run.tool.driver.name,
76
- body: ruleInfo + "\n" + ruleDetails + "\n" + results
114
+ body: title + results + "\n" + suppressedResultsText + "\n" + ruleInfo + "\n" + toolInfo,
115
+ hasMessages: ((_j = run.results) === null || _j === void 0 ? void 0 : _j.length) !== 0
77
116
  };
78
117
  });
79
118
  };
package/module/sarif-to-markdown.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;AACA,aAAa;AACb,OAAO,MAAM,MAAM,iBAAiB,CAAA;AAEpC,OAAO,OAAO,MAAM,UAAU,CAAC;AAE/B,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;;IACjE,IAAM,UAAU,SAAG,OAAO,CAAC,UAAU,mCAAI,oBAAoB,CAAC;IAC9D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QAClC,OAAO,EAAE,CAAC;KACb;IACD,aAAO,MAAM,CAAC,SAAS,0CAAE,OAAO,CAAC,UAAA,QAAQ;QACrC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAA;QAClD,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE;YACpC,OAAO,EAAE,CAAC;SACb;QACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,SAAI,gBAAgB,CAAC,MAAM,CAAC,OAAS,CAAC,CAAC,CAAC,MAAI,gBAAgB,CAAC,MAAM,CAAC,SAAW,CAAC;QACxL,OAAO,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,EAAE,UAAQ,OAAO,CAAC,MAAQ,EAAE,OAAO,CAAC,UAAU,EAAK,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,SAAI,UAAY,CAAC,CAAC;IACpK,CAAC,EAAE;AAEP,CAAC,CAAA;AA4BD,MAAM,CAAC,IAAM,eAAe,GAAG,UAAC,OAA8B;IAC1D,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAA,GAAG;;YACxB,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ;;eAEG;YACH,IAAM,QAAQ,GAAG,cAAc,wGAAA,QACvC,EAAoB,wBAEtB;gBAMW,KACX,KATE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,cAEtB,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAA,IAAI;;gBACd,mBAAmB;gBACnB,OAAO,OAAK,IAAI,CAAC,EAAE,uBAEnC,IAAI,CAAC,gBAAgB,0CAAE,IAAI,CAAE,CAAA;YACjB,CAAC,EAEf,CAAC;YACS,IAAM,WAAW,GAAG,+CACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,qBAAkB,CAAC;YAC/C;;;;cAIE;YACF,IAAM,OAAO,GAAG,4BAG1B,GAAG,CAAC,OAAO,0CAAE,GAAG,CAAC,UAAA,MAAM;gBACT,OAAO,SAAO,MAAM,CAAC,MAAM,YAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAG;sBACzD,MAAM;sBACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;sBACzC,IAAI,CAAA;YACd,CAAC,EAAE,IAAI,CAAC,IAAI,SACvB,CAAA;YACW,OAAO;gBACH,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI;gBAC3B,IAAI,EAAE,QAAQ,GAAG,IAAI,GAAG,WAAW,GAAG,IAAI,GAAG,OAAO;aACvD,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAA;AAEL,CAAC,CAAA"}
1
+ {"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;AACA,aAAa;AACb,OAAO,MAAM,MAAM,iBAAiB,CAAC;AACrC,OAAO,OAAO,MAAM,UAAU,CAAC;AAE/B,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;;IACjE,IAAM,UAAU,GAAG,MAAA,OAAO,CAAC,UAAU,mCAAI,oBAAoB,CAAC;IAC9D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;QAClC,OAAO,EAAE,CAAC;KACb;IACD,OAAO,MAAA,MAAM,CAAC,SAAS,0CAAE,OAAO,CAAC,UAAC,QAAa;QAC3C,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE;YAC5B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAC;QACnD,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE;YACpC,OAAO,EAAE,CAAC;SACb;QACD,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;YAC1B,OAAO,EAAE,CAAC;SACb;QACD,IAAM,UAAU,GACZ,gBAAgB,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS;YACzC,CAAC,CAAC,WAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,cAAI,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAE;YAC5E,CAAC,CAAC,WAAI,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;QAClD,OAAO,OAAO,CACV,UAAU,EACV,OAAO,CAAC,KAAK,EACb,OAAO,CAAC,IAAI,EACZ,eAAQ,OAAO,CAAC,MAAM,CAAE,EACxB,OAAO,CAAC,UAAU,EAClB,UAAG,gBAAgB,CAAC,gBAAgB,CAAC,GAAG,cAAI,UAAU,CAAE,CAC3D,CAAC;IACN,CAAC,CAAC,CAAC;AACP,CAAC,CAAC;AA6CF,MAAM,CAAC,IAAM,eAAe,GAAG,UAAC,OAA8B;IAC1D,IAAM,qBAAqB,GAAG,OAAO,CAAC,iBAAiB,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC;IAEzG,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAC,GAAQ;;YAC9B,IAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,YAAK,OAAO,CAAC,KAAK,OAAI,CAAC,CAAC,CAAC,UAAU,CAAC;YAElE,IAAM,QAAQ,GAAG,yCAEnB,MAAA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,IAAI,+BACb,MAAA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,YAAY,0BAClC,MAAA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,eAAe,OAC5C,CAAC;YACU,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ;;eAEG;YACH,IAAM,QAAQ,GAAG,cAAc,qKAAA,2FAKzC,EAMA,KACA,KAPA,MAAA,MAAA,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAC,IAAS;;gBACpC,IAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,MAAA,IAAI,CAAC,UAAU,0CAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9E,mBAAmB;gBACnB,OAAO,YAAK,IAAI,CAAC,EAAE,eAAK,QAAQ,oBAEhC,MAAA,IAAI,CAAC,gBAAgB,0CAAE,IAAI,CAAE,CAAC;YAClC,CAAC,CAAC,CACA,CAAC;YACS,IAAM,WAAW,GAAG,oDACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,uBACvC,CAAC;YAEU;;;;;;cAME;YACF,IAAM,OAAO,GACT,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;gBACjC,CAAC,CAAC,0BAGpB,MAAA,GAAG,CAAC,OAAO,0CACP,GAAG,CAAC,UAAC,MAAW;oBACd,OAAO,MAAM,CAAC,YAAY;wBACtB,CAAC,CAAC,EAAE;wBACJ,CAAC,CAAC,cAAO,MAAM,CAAC,MAAM,iBAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAE;4BACpD,MAAM;4BACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;4BACzC,IAAI,CAAC;gBACnB,CAAC,EACA,IAAI,CAAC,IAAI,CAAC,OACd;gBACmB,CAAC,CAAC,8BAKrB,CAAC;YAEU,sGAAsG;YACtG,kEAAkE;YAClE,IAAM,qBAAqB,GAAG,qBAAqB;gBAC/C,CAAC,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;oBACnC,CAAC,CAAC,qCAGpB,MAAA,GAAG,CAAC,OAAO,0CACP,GAAG,CAAC,UAAC,MAAW;wBACd,OAAO,MAAM,CAAC,YAAY;4BACtB,CAAC,CAAC,cAAO,MAAM,CAAC,MAAM,iBAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAE;gCACpD,MAAM;gCACN,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;gCACzC,IAAI;4BACV,CAAC,CAAC,EAAE,CAAC;oBACb,CAAC,EACA,IAAI,CAAC,IAAI,CAAC,OACd;oBACmB,CAAC,CAAC,0CAKrB;gBACe,CAAC,CAAC,EAAE,CAAC;YAET,IAAI,OAAO,CAAC,OAAO,EAAE;gBACjB,OAAO;oBACH,IAAI,EACA,KAAK;wBACL,OAAO;wBACP,IAAI;wBACJ,qBAAqB;wBACrB,IAAI;wBACJ,QAAQ;wBACR,IAAI;wBACJ,WAAW;wBACX,QAAQ;oBACZ,WAAW,EAAE,CAAA,MAAA,GAAG,CAAC,OAAO,0CAAE,MAAM,MAAK,CAAC;iBACzC,CAAC;aACL;YACD,OAAO;gBACH,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,IAAI,GAAG,qBAAqB,GAAG,IAAI,GAAG,QAAQ,GAAG,IAAI,GAAG,QAAQ;gBACxF,WAAW,EAAE,CAAA,MAAA,GAAG,CAAC,OAAO,0CAAE,MAAM,MAAK,CAAC;aACzC,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@security-alert/sarif-to-markdown",
3
- "version": "1.3.4",
3
+ "version": "1.6.0",
4
4
  "description": "Convert Sarif format to body text",
5
5
  "keywords": [
6
6
  "sarif",
@@ -33,18 +33,11 @@
33
33
  "scripts": {
34
34
  "build": "tsc -p . && tsc --project ./tsconfig.module.json",
35
35
  "clean": "rimraf lib/ module/",
36
- "prettier": "prettier --write \"**/*.{js,jsx,ts,tsx,css}\"",
37
36
  "prepublish": "npm run --if-present build",
38
37
  "test": "mocha \"test/**/*.ts\"",
39
38
  "updateSnapshot": "UPDATE_SNAPSHOT=1 npm test",
40
39
  "watch": "tsc -p . --watch"
41
40
  },
42
- "prettier": {
43
- "printWidth": 120,
44
- "singleQuote": false,
45
- "tabWidth": 4,
46
- "trailingComma": "none"
47
- },
48
41
  "dependencies": {
49
42
  "@types/sarif": "^2.1.2",
50
43
  "markdown-escape": "^1.1.0",
@@ -54,15 +47,14 @@
54
47
  "@types/mocha": "^8.0.1",
55
48
  "@types/node": "^14.0.27",
56
49
  "@types/url-join": "^4.0.0",
57
- "mocha": "^8.1.0",
58
- "prettier": "^2.0.5",
50
+ "mocha": "^9.2.2",
59
51
  "rimraf": "^3.0.2",
60
- "ts-node": "^8.10.2",
61
- "ts-node-test-register": "^8.0.1",
62
- "typescript": "^3.9.7"
52
+ "ts-node": "^10.7.0",
53
+ "ts-node-test-register": "^10.0.0",
54
+ "typescript": "^4.6.3"
63
55
  },
64
56
  "publishConfig": {
65
57
  "access": "public"
66
58
  },
67
- "gitHead": "1b7d374ed6b5e108046b45575bf17aee7b32fcc1"
59
+ "gitHead": "6788f5c379dc9daa8cfeb6556d1cce93401df21e"
68
60
  }
package/CHANGELOG.md DELETED
@@ -1,22 +0,0 @@
1
- # Change Log
2
-
3
- All notable changes to this project will be documented in this file.
4
- See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
-
6
- ## [1.3.4](https://github.com/azu/security-alert/compare/v1.3.3...v1.3.4) (2020-08-04)
7
-
8
-
9
- ### Bug Fixes
10
-
11
- * **sarif-to-markdown:** use blob ([8dfb3f3](https://github.com/azu/security-alert/commit/8dfb3f3c4df65d408d977feea01ce5fee32242d9))
12
-
13
-
14
-
15
-
16
-
17
- # [1.3.0](https://github.com/azu/security-alert/compare/v1.2.0...v1.3.0) (2020-08-04)
18
-
19
-
20
- ### Features
21
-
22
- * add sarif packages ([c0831cd](https://github.com/azu/security-alert/commit/c0831cd1834e1f84ed721500cbe8db9523edc4eb))
package/lib/sarif-formatter.d.ts DELETED
@@ -1,24 +0,0 @@
1
- import type { Log } from "sarif";
2
- export declare type sarifFormatterResult = {
3
- title: string;
4
- body: string;
5
- };
6
- export declare type sarifFormatterOptions = {
7
- githubHost?: string;
8
- /**
9
- * GitHub Owner
10
- */
11
- owner: string;
12
- /**
13
- * GitHub Repo
14
- */
15
- repo: string;
16
- /**
17
- * Base path
18
- */
19
- sourceRoot: string;
20
- };
21
- export declare const sarifFormatter: (options: sarifFormatterOptions) => (sarifLog: Log) => {
22
- title: string;
23
- body: string;
24
- }[];
package/lib/sarif-formatter.js DELETED
@@ -1,56 +0,0 @@
1
- "use strict";
2
- var __makeTemplateObject = (this && this.__makeTemplateObject) || function (cooked, raw) {
3
- if (Object.defineProperty) { Object.defineProperty(cooked, "raw", { value: raw }); } else { cooked.raw = raw; }
4
- return cooked;
5
- };
6
- var __importDefault = (this && this.__importDefault) || function (mod) {
7
- return (mod && mod.__esModule) ? mod : { "default": mod };
8
- };
9
- Object.defineProperty(exports, "__esModule", { value: true });
10
- exports.sarifFormatter = void 0;
11
- // @ts-ignore
12
- var markdown_escape_1 = __importDefault(require("markdown-escape"));
13
- function escapeMarkdown(strings) {
14
- var values = [];
15
- for (var _i = 1; _i < arguments.length; _i++) {
16
- values[_i - 1] = arguments[_i];
17
- }
18
- return strings.reduce(function (result, str, i) {
19
- var value = values[i - 1];
20
- if (typeof value === "string") {
21
- return result + markdown_escape_1.default(value) + str;
22
- }
23
- else {
24
- return result + String(value) + str;
25
- }
26
- });
27
- }
28
- var createCodeURL = function (result, options) {
29
- return options.githubHost + "/" + ;
30
- };
31
- exports.sarifFormatter = function (options) {
32
- return function (sarifLog) {
33
- return sarifLog.runs.map(function (run) {
34
- var _a, _b, _c;
35
- // # tool section
36
- // Rule info
37
- // Vulnerability info
38
- // ## Results
39
- // Result(s)
40
- var rule = escapeMarkdown(templateObject_2 || (templateObject_2 = __makeTemplateObject(["# ", "\n<!-- Rule Info -->\n", "\n \n<details><summary>Details</summary>\n<pre>", "</pre></details>\n\n<!-- Results \n\n- rule id\n- message\n- vulnerability location\n\n-->\n\n", "\n"], ["\\\n# ", "\n<!-- Rule Info -->\n",
41
- "\n \n<details><summary>Details</summary>\n<pre>", "</pre></details>\n\n<!-- Results \n\n- rule id\n- message\n- vulnerability location\n\n-->\n\n",
42
- "\n"])), run.tool.driver.name, (_b = (_a = run.tool.driver) === null || _a === void 0 ? void 0 : _a.rules) === null || _b === void 0 ? void 0 : _b.map(function (rule) {
43
- // rule description
44
- return "**" + rule.id + "**\n\n> " + rule.shortDescription;
45
- }), JSON.stringify(run.tool, null, 4), (_c = run.results) === null || _c === void 0 ? void 0 : _c.map(function (result) {
46
- return escapeMarkdown(templateObject_1 || (templateObject_1 = __makeTemplateObject(["**", "**: ", "\n\n\n"], ["**", "**: ", "\n\n\n"])), result.ruleId, result.message);
47
- }));
48
- return {
49
- title: "",
50
- body: ""
51
- };
52
- });
53
- };
54
- };
55
- var templateObject_1, templateObject_2;
56
- //# sourceMappingURL=sarif-to-markdown.js.map
package/lib/sarif-formatter.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../src/sarif-to-markdown.ts"],"names":[],"mappings":";;;;;;;;;;AACA,aAAa;AACb,oEAAoC;AAGpC,SAAS,cAAc,CAAC,OAA6B;IAAE,gBAAgB;SAAhB,UAAgB,EAAhB,qBAAgB,EAAhB,IAAgB;QAAhB,+BAAgB;;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACjC,IAAM,KAAK,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC3B,OAAO,MAAM,GAAG,yBAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;aAAM;YACH,OAAO,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;SACvC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,IAAM,aAAa,GAAG,UAAC,MAAc,EAAE,OAA8B;IACjE,OAAU,OAAO,CAAC,UAAU,SAAM,CAAA;AAEtC,CAAC,CAAA;AAsBY,QAAA,cAAc,GAAG,UAAC,OAA8B;IACzD,OAAO,UAAC,QAAa;QACjB,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,UAAA,GAAG;;YACxB,iBAAiB;YACjB,YAAY;YACZ,qBAAqB;YACrB,aAAa;YACb,YAAY;YACZ,IAAM,IAAI,GAAG,cAAc,4PAAA,QACnC,EAAoB,wBAEtB;gBAMW,iDAGN,EAAiC,gGAUtC;gBAKY,IACb,KA3BG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,cAEtB,GAAG,CAAC,IAAI,CAAC,MAAM,0CAAE,KAAK,0CAAE,GAAG,CAAC,UAAA,IAAI;gBACd,mBAAmB;gBACnB,OAAO,OAAK,IAAI,CAAC,EAAE,gBAEnC,IAAI,CAAC,gBAAkB,CAAA;YACX,CAAC,GAIV,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,QAUtC,GAAG,CAAC,OAAO,0CAAE,GAAG,CAAC,UAAA,MAAM;gBACT,OAAO,cAAc,yFAAA,IAAK,EAAa,MAAO,EAAc,QAG3E,KAHyC,MAAM,CAAC,MAAM,EAAO,MAAM,CAAC,OAAO,EAG3E;YACW,CAAC,EACZ,CAAA;YAGW,OAAO;gBACH,KAAK,EAAE,EAAE;gBACT,IAAI,EAAE,EAAE;aACX,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAA;AAEL,CAAC,CAAA"}