codeslick-cli 1.2.2 → 1.2.4

package/src/reporters/cli-reporter.ts

@@ -731,3 +731,135 @@ export function printBriefSummary(
   console.log(chalk.gray(`  Open: code ${reportPath}`));
   console.log('');
 }
+
+/**
+ * Print test execution start
+ * Winter Roadmap WR2: Test Execution Integration
+ */
+export function printTestStart(command: string): void {
+  console.log('');
+  console.log(chalk.bold('Running Tests'));
+  console.log(chalk.gray('─'.repeat(50)));
+  console.log(chalk.gray(`  Command: ${command}`));
+  console.log('');
+}
+
+/**
+ * Print test execution results
+ * Winter Roadmap WR2: Test Execution Integration
+ */
+export function printTestResult(result: {
+  success: boolean;
+  exitCode: number;
+  duration: number;
+  stdout: string;
+  stderr: string;
+  command: string;
+  timedOut: boolean;
+}): void {
+  console.log('');
+  console.log(chalk.bold('Test Results') + chalk.gray(` (${(result.duration / 1000).toFixed(1)}s)`));
+  console.log(chalk.gray('─'.repeat(50)));
+
+  if (result.timedOut) {
+    console.log('');
+    console.log(chalk.red.bold('  ✖ TIMEOUT'));
+    console.log(chalk.red(`  Tests exceeded timeout and were terminated`));
+    console.log('');
+    return;
+  }
+
+  if (result.success) {
+    console.log('');
+    console.log(chalk.green.bold('  ✓ PASSED'));
+    console.log(chalk.green(`  All tests passed successfully`));
+    console.log('');
+
+    // Try to extract test count from output
+    const testInfo = extractTestInfo(result.stdout + result.stderr);
+    if (testInfo) {
+      console.log(chalk.gray(`  Tests run: ${testInfo.total}`));
+      console.log(chalk.gray(`  Passed: ${testInfo.passed}`));
+      if (testInfo.failed > 0) {
+        console.log(chalk.gray(`  Failed: ${testInfo.failed}`));
+      }
+      console.log('');
+    }
+  } else {
+    console.log('');
+    console.log(chalk.red.bold('  ✖ FAILED'));
+    console.log(chalk.red(`  Tests failed with exit code ${result.exitCode}`));
+    console.log('');
+
+    // Try to extract test count from output
+    const testInfo = extractTestInfo(result.stdout + result.stderr);
+    if (testInfo) {
+      console.log(chalk.gray(`  Tests run: ${testInfo.total}`));
+      console.log(chalk.green(`  Passed: ${testInfo.passed}`));
+      console.log(chalk.red(`  Failed: ${testInfo.failed}`));
+      console.log('');
+    }
+
+    // Show stderr if available (first 500 chars)
+    if (result.stderr && result.stderr.length > 0) {
+      const errorPreview = result.stderr.substring(0, 500);
+      console.log(chalk.gray('  Error output (first 500 chars):'));
+      console.log(chalk.gray('  ' + errorPreview.replace(/\n/g, '\n  ')));
+      if (result.stderr.length > 500) {
+        console.log(chalk.gray('  ...'));
+      }
+      console.log('');
+    }
+  }
+}
+
+/**
+ * Extract test count information from test output
+ */
+function extractTestInfo(output: string): { total: number; passed: number; failed: number } | null {
+  // Jest/Vitest format: "Tests: 5 passed, 5 total"
+  const jestMatch = output.match(/Tests:\s+(\d+)\s+passed(?:,\s+(\d+)\s+failed)?.*?(\d+)\s+total/i);
+  if (jestMatch) {
+    return {
+      passed: parseInt(jestMatch[1]),
+      failed: parseInt(jestMatch[2] || '0'),
+      total: parseInt(jestMatch[3]),
+    };
+  }
+
+  // Pytest format: "10 passed in 2.5s" or "5 passed, 2 failed in 1.2s"
+  const pytestMatch = output.match(/(\d+)\s+passed(?:,\s+(\d+)\s+failed)?/i);
+  if (pytestMatch) {
+    const passed = parseInt(pytestMatch[1]);
+    const failed = parseInt(pytestMatch[2] || '0');
+    return {
+      passed,
+      failed,
+      total: passed + failed,
+    };
+  }
+
+  // Go test format: "ok" or "FAIL"
+  const goMatch = output.match(/ok.*?(\d+)\s+tests?/i);
+  if (goMatch) {
+    return {
+      passed: parseInt(goMatch[1]),
+      failed: 0,
+      total: parseInt(goMatch[1]),
+    };
+  }
+
+  // Maven format: "Tests run: 10, Failures: 2, Errors: 0"
+  const mavenMatch = output.match(/Tests run:\s+(\d+),\s+Failures:\s+(\d+)/i);
+  if (mavenMatch) {
+    const total = parseInt(mavenMatch[1]);
+    const failed = parseInt(mavenMatch[2]);
+    return {
+      passed: total - failed,
+      failed,
+      total,
+    };
+  }
+
+  return null;
+}

package/src/utils/test-runner.ts

@@ -0,0 +1,249 @@
+/**
+ * Test Runner - Execute User Test Suite
+ *
+ * Runs user's existing test suite (npm test, pytest, go test, etc.)
+ * to verify that security scans or fixes don't break functionality.
+ *
+ * Features:
+ * - Detect test command automatically (package.json, pytest, go test)
+ * - Custom test command support
+ * - Timeout handling
+ * - Exit code interpretation
+ * - Test output capture
+ *
+ * Winter Roadmap WR2: Test Execution Integration
+ */
+
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { existsSync, readFileSync } from 'fs';
+import { resolve } from 'path';
+
+const execAsync = promisify(exec);
+
+/**
+ * Test execution result
+ */
+export interface TestResult {
+  success: boolean;
+  exitCode: number;
+  duration: number; // milliseconds
+  stdout: string;
+  stderr: string;
+  command: string;
+  timedOut: boolean;
+}
+
+/**
+ * Auto-detect test command from project files
+ *
+ * Detection order:
+ * 1. package.json "test" script (npm test)
+ * 2. pytest.ini or setup.py (pytest)
+ * 3. go.mod (go test ./...)
+ * 4. pom.xml (mvn test)
+ *
+ * @param cwd - Current working directory
+ * @returns Detected test command or null
+ */
+export function detectTestCommand(cwd: string = process.cwd()): string | null {
+  // 1. Check for package.json with test script
+  const packageJsonPath = resolve(cwd, 'package.json');
+  if (existsSync(packageJsonPath)) {
+    try {
+      const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'));
+      if (packageJson.scripts?.test) {
+        return 'npm test';
+      }
+    } catch (error) {
+      // Invalid package.json, continue
+    }
+  }
+
+  // 2. Check for Python test setup
+  if (existsSync(resolve(cwd, 'pytest.ini')) ||
+      existsSync(resolve(cwd, 'setup.py')) ||
+      existsSync(resolve(cwd, 'pyproject.toml'))) {
+    return 'pytest';
+  }
+
+  // 3. Check for Go modules
+  if (existsSync(resolve(cwd, 'go.mod'))) {
+    return 'go test ./...';
+  }
+
+  // 4. Check for Maven/Java
+  if (existsSync(resolve(cwd, 'pom.xml'))) {
+    return 'mvn test';
+  }
+
+  // 5. Check for Gradle/Java
+  if (existsSync(resolve(cwd, 'build.gradle')) ||
+      existsSync(resolve(cwd, 'build.gradle.kts'))) {
+    return './gradlew test';
+  }
+
+  return null;
+}
+
+/**
+ * Run user's test suite
+ *
+ * @param command - Test command to execute (auto-detected if not provided)
+ * @param options - Execution options
+ * @returns Test execution result
+ *
+ * @example
+ * const result = await runTests('npm test', { timeout: 60000 });
+ * if (!result.success) {
+ *   console.error('Tests failed:', result.stderr);
+ * }
+ */
+export async function runTests(
+  command?: string,
+  options: {
+    cwd?: string;
+    timeout?: number; // milliseconds
+    verbose?: boolean;
+  } = {}
+): Promise<TestResult> {
+  const cwd = options.cwd || process.cwd();
+  const timeout = options.timeout || 300000; // Default: 5 minutes
+
+  // Auto-detect test command if not provided
+  const testCommand = command || detectTestCommand(cwd);
+
+  if (!testCommand) {
+    throw new Error('No test command found. Specify one using --test-command or add it to .codeslick.json');
+  }
+
+  const startTime = Date.now();
+  let timedOut = false;
+
+  try {
+    const { stdout, stderr } = await execAsync(testCommand, {
+      cwd,
+      timeout,
+      maxBuffer: 10 * 1024 * 1024, // 10MB buffer for large test output
+      env: {
+        ...process.env,
+        // Disable test coverage to speed up execution (optional)
+        NODE_ENV: process.env.NODE_ENV || 'test',
+      },
+    });
+
+    const duration = Date.now() - startTime;
+
+    return {
+      success: true,
+      exitCode: 0,
+      duration,
+      stdout: stdout.trim(),
+      stderr: stderr.trim(),
+      command: testCommand,
+      timedOut: false,
+    };
+  } catch (error: any) {
+    const duration = Date.now() - startTime;
+
+    // Check if timeout occurred
+    if (error.killed && error.signal === 'SIGTERM') {
+      timedOut = true;
+    }
+
+    return {
+      success: false,
+      exitCode: error.code || 1,
+      duration,
+      stdout: error.stdout?.trim() || '',
+      stderr: error.stderr?.trim() || '',
+      command: testCommand,
+      timedOut,
+    };
+  }
+}
+
+/**
+ * Format test duration for display
+ *
+ * @param duration - Duration in milliseconds
+ * @returns Formatted duration string (e.g., "2.5s", "1m 30s")
+ */
+export function formatDuration(duration: number): string {
+  if (duration < 1000) {
+    return `${duration}ms`;
+  }
+
+  if (duration < 60000) {
+    return `${(duration / 1000).toFixed(1)}s`;
+  }
+
+  const minutes = Math.floor(duration / 60000);
+  const seconds = Math.floor((duration % 60000) / 1000);
+  return `${minutes}m ${seconds}s`;
+}
+
+/**
+ * Parse test output to extract test count information
+ *
+ * Supports common test framework output formats:
+ * - Jest/Vitest: "Tests: 10 passed, 10 total"
+ * - Pytest: "10 passed in 2.5s"
+ * - Go: "ok 10 tests"
+ * - Maven: "Tests run: 10, Failures: 0"
+ *
+ * @param output - Test stdout/stderr
+ * @param framework - Test framework (auto-detected if not provided)
+ * @returns Parsed test statistics or null
+ */
+export function parseTestOutput(output: string, framework?: string): {
+  passed: number;
+  failed: number;
+  total: number;
+} | null {
+  // Jest/Vitest format: "Tests: 5 passed, 5 total"
+  const jestMatch = output.match(/Tests:\s+(\d+)\s+passed(?:,\s+(\d+)\s+failed)?.*?(\d+)\s+total/i);
+  if (jestMatch) {
+    return {
+      passed: parseInt(jestMatch[1]),
+      failed: parseInt(jestMatch[2] || '0'),
+      total: parseInt(jestMatch[3]),
+    };
+  }
+
+  // Pytest format: "10 passed in 2.5s" or "5 passed, 2 failed in 1.2s"
+  const pytestMatch = output.match(/(\d+)\s+passed(?:,\s+(\d+)\s+failed)?/i);
+  if (pytestMatch) {
+    const passed = parseInt(pytestMatch[1]);
+    const failed = parseInt(pytestMatch[2] || '0');
+    return {
+      passed,
+      failed,
+      total: passed + failed,
+    };
+  }
+
+  // Go test format: "ok" or "FAIL"
+  const goMatch = output.match(/ok.*?(\d+)\s+tests?/i);
+  if (goMatch) {
+    return {
+      passed: parseInt(goMatch[1]),
+      failed: 0,
+      total: parseInt(goMatch[1]),
+    };
+  }
+
+  // Maven format: "Tests run: 10, Failures: 2, Errors: 0"
+  const mavenMatch = output.match(/Tests run:\s+(\d+),\s+Failures:\s+(\d+)/i);
+  if (mavenMatch) {
+    const total = parseInt(mavenMatch[1]);
+    const failed = parseInt(mavenMatch[2]);
+    return {
+      passed: total - failed,
+      failed,
+      total,
+    };
+  }
+
+  return null;
+}

package/src/utils/threshold-handler.ts

@@ -0,0 +1,99 @@
+/**
+ * CLI Threshold Handler - WR2 Integration
+ *
+ * Integrates the comprehensive threshold evaluation system (WR2) into CLI scans.
+ * Provides advanced threshold checking beyond simple severity filtering.
+ *
+ * Features:
+ * - Critical/High vulnerability blocking
+ * - Maximum vulnerability count limits
+ * - EPSS score thresholds
+ * - Glob pattern exemptions
+ * - Custom failure messages
+ *
+ * Winter Roadmap WR2: Pass/Fail Thresholds
+ */
+
+import type { FileScanResult } from '../scanner/local-scanner';
+import {
+  evaluateThresholds,
+  formatCLIOutput,
+  type ThresholdConfig,
+  type ThresholdResult,
+} from '../../../../src/lib/security/threshold-evaluator';
+import type { AggregatedResults, FileAnalysis } from '../../../../src/lib/github/types';
+
+/**
+ * Convert CLI scan results to AggregatedResults format
+ *
+ * The threshold evaluator expects AggregatedResults (used by GitHub App),
+ * but CLI uses FileScanResult. This function bridges the gap.
+ */
+export function convertToAggregatedResults(results: FileScanResult[]): AggregatedResults {
+  // Calculate totals
+  const totalVulnerabilities = results.reduce(
+    (sum, r) => sum + r.critical + r.high + r.medium + r.low,
+    0
+  );
+
+  const criticalCount = results.reduce((sum, r) => sum + r.critical, 0);
+  const highCount = results.reduce((sum, r) => sum + r.high, 0);
+  const mediumCount = results.reduce((sum, r) => sum + r.medium, 0);
+  const lowCount = results.reduce((sum, r) => sum + r.low, 0);
+
+  // Convert FileScanResult[] to FileAnalysis[]
+  const fileResults: FileAnalysis[] = results.map((result) => ({
+    filename: result.relativePath,
+    language: result.language,
+    vulnerabilities: result.result.security?.vulnerabilities || [],
+    criticalCount: result.critical,
+    highCount: result.high,
+    mediumCount: result.medium,
+    lowCount: result.low,
+    syntaxErrors: result.result.syntax?.lineErrors?.length || 0,
+    syntaxErrorCount: result.result.syntax?.lineErrors?.filter((e: any) => e.severity === 'error').length || 0,
+    syntaxWarningCount: result.result.syntax?.lineErrors?.filter((e: any) => e.severity === 'warning').length || 0,
+    syntaxInfoCount: result.result.syntax?.lineErrors?.filter((e: any) => e.severity === 'info').length || 0,
+  }));
+
+  return {
+    filesAnalyzed: results.length,
+    totalVulnerabilities,
+    criticalCount,
+    highCount,
+    mediumCount,
+    lowCount,
+    syntaxErrors: fileResults.reduce((sum, f) => sum + f.syntaxErrors, 0),
+    syntaxErrorCount: fileResults.reduce((sum, f) => sum + f.syntaxErrorCount, 0),
+    syntaxWarningCount: fileResults.reduce((sum, f) => sum + f.syntaxWarningCount, 0),
+    syntaxInfoCount: fileResults.reduce((sum, f) => sum + f.syntaxInfoCount, 0),
+    fileResults,
+    analyzedAt: new Date(),
+    prUrl: '', // Not applicable for CLI scans
+  };
+}
+
+/**
+ * Evaluate thresholds for CLI scan results
+ *
+ * @param results - CLI scan results
+ * @param config - Threshold configuration
+ * @returns Threshold evaluation result
+ */
+export function evaluateCLIThresholds(
+  results: FileScanResult[],
+  config: ThresholdConfig
+): ThresholdResult {
+  const aggregatedResults = convertToAggregatedResults(results);
+  return evaluateThresholds(aggregatedResults, config);
+}
+
+/**
+ * Print threshold evaluation result to CLI
+ *
+ * @param result - Threshold evaluation result
+ */
+export function printThresholdResult(result: ThresholdResult): void {
+  const output = formatCLIOutput(result);
+  console.log(output);
+}