codeslick-cli 1.0.4 → 1.1.0

package/src/reporters/cli-reporter.ts

@@ -16,6 +16,8 @@
 
 import chalk from 'chalk';
 import Table from 'cli-table3';
+import { writeFileSync } from 'fs';
+import { join } from 'path';
 import type { FileScanResult } from '../scanner/local-scanner';
 import type { SecurityVulnerability } from '../../../../src/lib/analyzers/types';
 
@@ -100,17 +102,28 @@ export function printSummaryTable(results: FileScanResult[]): void {
 /**
  * Print detailed vulnerabilities for a file
  */
-export function printFileVulnerabilities(result: FileScanResult): void {
+export function printFileVulnerabilities(result: FileScanResult, showAll = false): void {
   const vulnerabilities = result.result.security?.vulnerabilities || [];
 
   if (vulnerabilities.length === 0) {
     return;
   }
 
+  // Filter to only HIGH and CRITICAL by default (unless showAll is true)
+  const importantVulns = showAll
+    ? vulnerabilities
+    : vulnerabilities.filter((v: SecurityVulnerability) =>
+        v.severity.toLowerCase() === 'critical' || v.severity.toLowerCase() === 'high'
+      );
+
+  if (importantVulns.length === 0) {
+    return; // Skip file if no important vulnerabilities
+  }
+
   console.log('');
   console.log(chalk.bold(`📄 ${result.relativePath}`) + chalk.gray(` (${result.language})`));
 
-  vulnerabilities.forEach((vuln: SecurityVulnerability, index: number) => {
+  importantVulns.forEach((vuln: SecurityVulnerability) => {
     const colorFn = getSeverityColor(vuln.severity);
     const symbol = getSeveritySymbol(vuln.severity);
 
@@ -141,8 +154,10 @@ export function printFileVulnerabilities(result: FileScanResult): void {
 
 /**
  * Print all scan results with details
+ * @param results - Scan results
+ * @param verbose - If true, show all severities; if false, only HIGH and CRITICAL
  */
-export function printDetailedResults(results: FileScanResult[]): void {
+export function printDetailedResults(results: FileScanResult[], verbose = false): void {
   console.log('');
   console.log(chalk.bold.underline('Detailed Results'));
 
@@ -157,9 +172,21 @@ export function printDetailedResults(results: FileScanResult[]): void {
     return;
   }
 
+  // Count total issues by severity
+  const totalMedium = results.reduce((sum, r) => sum + r.medium, 0);
+  const totalLow = results.reduce((sum, r) => sum + r.low, 0);
+
   resultsWithIssues.forEach((result) => {
-    printFileVulnerabilities(result);
+    printFileVulnerabilities(result, verbose);
   });
+
+  // Show note about hidden issues if not verbose
+  if (!verbose && (totalMedium > 0 || totalLow > 0)) {
+    console.log('');
+    console.log(chalk.gray('─'.repeat(50)));
+    console.log(chalk.gray(`  Also found: ${totalMedium} MEDIUM, ${totalLow} LOW issues`));
+    console.log(chalk.gray(`  Use ${chalk.white('--verbose')} to see all issues`));
+  }
 }
 
 /**
@@ -251,6 +278,201 @@ export function printCommitAllowed(): void {
   console.log('');
 }
 
+/**
+ * Print summary table grouped by language
+ * Shows files scanned, issues found, and critical count per language
+ */
+export function printLanguageSummary(results: FileScanResult[]): void {
+  // Group results by language
+  const byLanguage = new Map<string, { files: number; issues: number; critical: number; high: number; medium: number; low: number }>();
+
+  for (const result of results) {
+    const lang = result.language;
+    const existing = byLanguage.get(lang) || { files: 0, issues: 0, critical: 0, high: 0, medium: 0, low: 0 };
+    existing.files++;
+    existing.critical += result.critical;
+    existing.high += result.high;
+    existing.medium += result.medium;
+    existing.low += result.low;
+    existing.issues += result.critical + result.high + result.medium + result.low;
+    byLanguage.set(lang, existing);
+  }
+
+  if (byLanguage.size === 0) {
+    return;
+  }
+
+  console.log('');
+  console.log(chalk.bold('Language Breakdown'));
+  console.log(chalk.gray('─'.repeat(50)));
+
+  const table = new Table({
+    head: [
+      chalk.bold('Language'),
+      chalk.bold('Files'),
+      chalk.bold('Issues'),
+      chalk.bold.red('Critical'),
+      chalk.bold.red('High'),
+      chalk.bold.yellow('Medium')
+    ],
+    colWidths: [14, 8, 10, 10, 8, 9],
+    style: {
+      head: [],
+      border: ['gray'],
+    },
+  });
+
+  // Sort by critical count (highest first)
+  const sorted = Array.from(byLanguage.entries()).sort((a, b) => b[1].critical - a[1].critical);
+
+  for (const [lang, stats] of sorted) {
+    const langDisplay = lang.charAt(0).toUpperCase() + lang.slice(1);
+    table.push([
+      chalk.white(langDisplay),
+      chalk.white(stats.files.toString()),
+      stats.issues > 0 ? chalk.yellow(stats.issues.toString()) : chalk.gray('0'),
+      stats.critical > 0 ? chalk.red.bold(stats.critical.toString()) : chalk.gray('0'),
+      stats.high > 0 ? chalk.red(stats.high.toString()) : chalk.gray('0'),
+      stats.medium > 0 ? chalk.yellow(stats.medium.toString()) : chalk.gray('0')
+    ]);
+  }
+
+  console.log(table.toString());
+}
+
+/**
+ * Print unsupported/skipped files summary
+ * Groups by extension and shows counts
+ */
+export function printUnsupportedFiles(skippedFiles: string[]): void {
+  if (skippedFiles.length === 0) {
+    return;
+  }
+
+  // Group by extension
+  const byExtension = new Map<string, number>();
+
+  for (const file of skippedFiles) {
+    const ext = file.includes('.') ? '.' + file.split('.').pop()?.toLowerCase() : '(no ext)';
+    byExtension.set(ext, (byExtension.get(ext) || 0) + 1);
+  }
+
+  console.log('');
+  console.log(chalk.bold('Skipped Files') + chalk.gray(` (${skippedFiles.length} total)`));
+  console.log(chalk.gray('─'.repeat(50)));
+
+  // Sort by count (highest first)
+  const sorted = Array.from(byExtension.entries()).sort((a, b) => b[1] - a[1]);
+
+  // Show top 5 extensions
+  const top5 = sorted.slice(0, 5);
+  for (const [ext, count] of top5) {
+    const description = getExtensionDescription(ext);
+    console.log(chalk.gray(`  ${ext.padEnd(10)} ${count.toString().padStart(4)} files`) + chalk.gray.dim(` (${description})`));
+  }
+
+  if (sorted.length > 5) {
+    const remaining = sorted.slice(5).reduce((sum, [, count]) => sum + count, 0);
+    console.log(chalk.gray(`  ...        ${remaining.toString().padStart(4)} files (other)`));
+  }
+
+  console.log('');
+  console.log(chalk.gray.dim('  Supported: .js, .jsx, .ts, .tsx, .py, .java'));
+}
+
+/**
+ * Get description for file extension
+ */
+function getExtensionDescription(ext: string): string {
+  const descriptions: Record<string, string> = {
+    '.md': 'documentation',
+    '.json': 'config',
+    '.css': 'styles',
+    '.scss': 'styles',
+    '.html': 'markup',
+    '.yml': 'config',
+    '.yaml': 'config',
+    '.lock': 'lockfile',
+    '.svg': 'image',
+    '.png': 'image',
+    '.jpg': 'image',
+    '.gif': 'image',
+    '.txt': 'text',
+    '.sh': 'shell script',
+    '.env': 'environment',
+    '.gitignore': 'git config',
+    '(no ext)': 'no extension',
+  };
+  return descriptions[ext] || 'other';
+}
+
+/**
+ * Print Top 10 most critical issues
+ * Shows the highest priority issues that should be fixed first
+ */
+export function printTop10Critical(results: FileScanResult[]): void {
+  // Collect all vulnerabilities with file info
+  const allVulns: Array<{ file: string; vuln: SecurityVulnerability }> = [];
+
+  for (const result of results) {
+    const vulns = result.result.security?.vulnerabilities || [];
+    for (const vuln of vulns) {
+      allVulns.push({ file: result.relativePath, vuln });
+    }
+  }
+
+  if (allVulns.length === 0) {
+    return;
+  }
+
+  // Sort by severity (critical > high > medium > low) then by CVSS score
+  const severityOrder: Record<string, number> = { critical: 0, high: 1, medium: 2, low: 3 };
+  allVulns.sort((a, b) => {
+    const severityDiff = (severityOrder[a.vuln.severity.toLowerCase()] || 4) - (severityOrder[b.vuln.severity.toLowerCase()] || 4);
+    if (severityDiff !== 0) return severityDiff;
+    return (b.vuln.cvssScore || 0) - (a.vuln.cvssScore || 0);
+  });
+
+  // Take top 10
+  const top10 = allVulns.slice(0, 10);
+
+  console.log('');
+  console.log(chalk.bold('Top 10 Critical Issues') + chalk.gray(' (Fix These First)'));
+  console.log(chalk.gray('─'.repeat(50)));
+
+  top10.forEach((item, index) => {
+    const colorFn = getSeverityColor(item.vuln.severity);
+    const symbol = getSeveritySymbol(item.vuln.severity);
+    const cvss = item.vuln.cvssScore ? chalk.gray(` CVSS ${item.vuln.cvssScore}`) : '';
+
+    console.log('');
+    console.log(
+      chalk.white.bold(`${(index + 1).toString().padStart(2)}.`) +
+      ` ${colorFn(symbol)} ${colorFn(item.vuln.severity.toUpperCase())}` +
+      cvss
+    );
+    console.log(chalk.cyan(`    ${item.file}:${item.vuln.line}`));
+    console.log(chalk.white(`    ${truncateMessage(item.vuln.message, 60)}`));
+
+    if (item.vuln.suggestion) {
+      console.log(chalk.green(`    Fix: ${truncateMessage(item.vuln.suggestion, 55)}`));
+    }
+  });
+
+  if (allVulns.length > 10) {
+    console.log('');
+    console.log(chalk.gray(`  ... and ${allVulns.length - 10} more issues`));
+  }
+}
+
+/**
+ * Truncate message to max length
+ */
+function truncateMessage(message: string, maxLength: number): string {
+  if (message.length <= maxLength) return message;
+  return message.substring(0, maxLength - 3) + '...';
+}
+
 /**
  * Output results as JSON
  */
@@ -280,3 +502,226 @@ export function printJSONResults(results: FileScanResult[]): void {
 
   console.log(JSON.stringify(output, null, 2));
 }
+
+/**
+ * Generate Markdown report file
+ * Returns the path to the generated report
+ */
+export function generateMarkdownReport(
+  results: FileScanResult[],
+  skippedFiles: string[],
+  duration: number
+): string {
+  const now = new Date();
+  const timestamp = now.toISOString().replace(/[:.]/g, '-').slice(0, 19);
+  const filename = `codeslick-report-${timestamp}.md`;
+  const filepath = join(process.cwd(), filename);
+
+  // Calculate totals
+  const totalFiles = results.length;
+  const totalCritical = results.reduce((sum, r) => sum + r.critical, 0);
+  const totalHigh = results.reduce((sum, r) => sum + r.high, 0);
+  const totalMedium = results.reduce((sum, r) => sum + r.medium, 0);
+  const totalLow = results.reduce((sum, r) => sum + r.low, 0);
+  const totalVulns = totalCritical + totalHigh + totalMedium + totalLow;
+  const filesWithIssues = results.filter(r => r.critical + r.high + r.medium + r.low > 0).length;
+
+  // Group by language
+  const byLanguage = new Map<string, { files: number; critical: number; high: number; medium: number; low: number }>();
+  for (const result of results) {
+    const lang = result.language;
+    const existing = byLanguage.get(lang) || { files: 0, critical: 0, high: 0, medium: 0, low: 0 };
+    existing.files++;
+    existing.critical += result.critical;
+    existing.high += result.high;
+    existing.medium += result.medium;
+    existing.low += result.low;
+    byLanguage.set(lang, existing);
+  }
+
+  // Collect all vulnerabilities for Top 10
+  const allVulns: Array<{ file: string; line: number; vuln: SecurityVulnerability }> = [];
+  for (const result of results) {
+    const vulns = result.result.security?.vulnerabilities || [];
+    for (const vuln of vulns) {
+      allVulns.push({ file: result.relativePath, line: vuln.line || 0, vuln });
+    }
+  }
+
+  // Sort by severity
+  const severityOrder: Record<string, number> = { critical: 0, high: 1, medium: 2, low: 3 };
+  allVulns.sort((a, b) => {
+    const diff = (severityOrder[a.vuln.severity.toLowerCase()] || 4) - (severityOrder[b.vuln.severity.toLowerCase()] || 4);
+    if (diff !== 0) return diff;
+    return (b.vuln.cvssScore || 0) - (a.vuln.cvssScore || 0);
+  });
+
+  // Build markdown content
+  let md = `# CodeSlick Security Report
+
+**Date:** ${now.toLocaleDateString()} ${now.toLocaleTimeString()}
+**Repository:** ${process.cwd()}
+**Scan Duration:** ${(duration / 1000).toFixed(1)}s
+
+---
+
+## Summary
+
+| Metric | Count |
+|--------|-------|
+| Files Scanned | ${totalFiles} |
+| Files with Issues | ${filesWithIssues} |
+| Total Vulnerabilities | ${totalVulns} |
+| **CRITICAL** | ${totalCritical} |
+| **HIGH** | ${totalHigh} |
+| MEDIUM | ${totalMedium} |
+| LOW | ${totalLow} |
+
+---
+
+## By Language
+
+| Language | Files | Critical | High | Medium | Low |
+|----------|-------|----------|------|--------|-----|
+`;
+
+  // Add language rows
+  const sortedLangs = Array.from(byLanguage.entries()).sort((a, b) => b[1].critical - a[1].critical);
+  for (const [lang, stats] of sortedLangs) {
+    md += `| ${lang.charAt(0).toUpperCase() + lang.slice(1)} | ${stats.files} | ${stats.critical} | ${stats.high} | ${stats.medium} | ${stats.low} |\n`;
+  }
+
+  // Top 10 Critical Issues
+  md += `
+---
+
+## Top 10 Critical Issues (Fix These First)
+
+`;
+
+  const top10 = allVulns.slice(0, 10);
+  if (top10.length === 0) {
+    md += `No critical issues found.\n`;
+  } else {
+    for (let i = 0; i < top10.length; i++) {
+      const item = top10[i];
+      const cvss = item.vuln.cvssScore ? ` (CVSS ${item.vuln.cvssScore})` : '';
+      md += `### ${i + 1}. ${item.vuln.severity.toUpperCase()}${cvss}
+
+**File:** \`${item.file}:${item.line}\`
+
+**Issue:** ${item.vuln.message}
+
+`;
+      if (item.vuln.suggestion) {
+        md += `**Fix:** ${item.vuln.suggestion}\n\n`;
+      }
+      if (item.vuln.owasp && item.vuln.owasp !== 'N/A') {
+        md += `**OWASP:** ${item.vuln.owasp}\n\n`;
+      }
+    }
+  }
+
+  if (allVulns.length > 10) {
+    md += `\n*...and ${allVulns.length - 10} more issues*\n`;
+  }
+
+  // Skipped files
+  if (skippedFiles.length > 0) {
+    const byExt = new Map<string, number>();
+    for (const file of skippedFiles) {
+      const ext = file.includes('.') ? '.' + file.split('.').pop()?.toLowerCase() : '(no ext)';
+      byExt.set(ext, (byExt.get(ext) || 0) + 1);
+    }
+
+    md += `
+---
+
+## Skipped Files (${skippedFiles.length} total)
+
+| Extension | Count |
+|-----------|-------|
+`;
+    const sortedExts = Array.from(byExt.entries()).sort((a, b) => b[1] - a[1]);
+    for (const [ext, count] of sortedExts.slice(0, 10)) {
+      md += `| ${ext} | ${count} |\n`;
+    }
+
+    md += `\n*Supported: .js, .jsx, .ts, .tsx, .py, .java*\n`;
+  }
+
+  // Files with issues (detailed)
+  const filesWithProblems = results.filter(r => r.critical + r.high + r.medium + r.low > 0);
+  if (filesWithProblems.length > 0) {
+    md += `
+---
+
+## Files with Issues (${filesWithProblems.length} files)
+
+<details>
+<summary>Click to expand full file list</summary>
+
+| File | Critical | High | Medium | Low |
+|------|----------|------|--------|-----|
+`;
+    // Sort by critical count
+    filesWithProblems.sort((a, b) => b.critical - a.critical || b.high - a.high);
+    for (const f of filesWithProblems) {
+      md += `| ${f.relativePath} | ${f.critical} | ${f.high} | ${f.medium} | ${f.low} |\n`;
+    }
+    md += `\n</details>\n`;
+  }
+
+  // Footer
+  md += `
+---
+
+*Generated by [CodeSlick](https://codeslick.dev) Security Scanner*
+`;
+
+  // Write file
+  writeFileSync(filepath, md, 'utf-8');
+
+  return filename;
+}
+
+/**
+ * Print brief summary for screen (when report is generated)
+ */
+export function printBriefSummary(
+  results: FileScanResult[],
+  reportPath: string,
+  duration: number
+): void {
+  const totalCritical = results.reduce((sum, r) => sum + r.critical, 0);
+  const totalHigh = results.reduce((sum, r) => sum + r.high, 0);
+  const totalMedium = results.reduce((sum, r) => sum + r.medium, 0);
+  const totalLow = results.reduce((sum, r) => sum + r.low, 0);
+  const totalVulns = totalCritical + totalHigh + totalMedium + totalLow;
+
+  console.log('');
+  console.log(chalk.bold('Scan Complete') + chalk.gray(` (${(duration / 1000).toFixed(1)}s)`));
+  console.log(chalk.gray('─'.repeat(50)));
+  console.log('');
+  console.log(`  Files scanned:  ${chalk.white(results.length.toString())}`);
+  console.log(`  Vulnerabilities: ${totalVulns > 0 ? chalk.red(totalVulns.toString()) : chalk.green('0')}`);
+  console.log('');
+
+  if (totalCritical > 0) {
+    console.log(chalk.red.bold(`  ✖ ${totalCritical} CRITICAL`));
+  }
+  if (totalHigh > 0) {
+    console.log(chalk.red(`  ⚠ ${totalHigh} HIGH`));
+  }
+  if (totalMedium > 0) {
+    console.log(chalk.yellow(`  ◆ ${totalMedium} MEDIUM`));
+  }
+  if (totalLow > 0) {
+    console.log(chalk.blue(`  ○ ${totalLow} LOW`));
+  }
+
+  console.log('');
+  console.log(chalk.green.bold(`  Report: ${reportPath}`));
+  console.log(chalk.gray(`  Open: code ${reportPath}`));
+  console.log('');
+}