HPCE/kics-github-action
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

progress on javascript action

Browse Source 
Signed-off-by: Rogério Peixoto <rogerio.peixoto@checkmarx.com>
This commit is contained in:
Rogério Peixoto
2021-10-18 09:53:18 +01:00
parent 740815773b
commit 77c7ea32c6
7 changed files with 77 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/test_action.yaml vendored
View File

@ -16,10 +16,9 @@ jobs:
path: test/samples/positive1.tf,test/samples/positive2.tf
token: ${{ secrets.GITHUB_TOKEN }}
timeout: 60
verbose: true
output_path: myoutput/
# output_path: myoutput/
output_formats: sarif
ignore_on_exit: errors
ignore_on_exit: results
enable_comments: true
- run: ls -la && ls -la myoutput
if: always()

7
action.yml
View File

@ -2,10 +2,9 @@
name: "KICS Github Action"
description: "Run KICS scan against IaC projects"
inputs:
kics_version:
required: false
default: "latest"
description: "KICS version to use (defaults to latest)"
token:
required: true
description: "Github token"
enable_comments:
required: false
default: false

50
dist/index.js vendored
View File

@ -18017,14 +18017,15 @@ const kicsInput = {
bom: { value_type: "bool", flag: '--bom', value: core.getInput('bom') },
};
async function scanWithKICS(enableComments) {
let resultsFile;
if (!kicsInput.path.value) {
core.error('Path to scan is not set');
core.setFailed('Path to scan is not set');
function addJSONReportFormat(cmdArgs) {
const outputFormats = core.getInput('output_formats');
if (outputFormats.toLowerCase().indexOf('json') == -1) {
cmdArgs.push('--report-formats');
cmdArgs.push('json');
}
let cmdArgs = [];
}
function addKICSCmdArgs(cmdArgs) {
for (let input in kicsInput) {
if (kicsInput[input].value_type === 'string') {
if (kicsInput[input].value) {
@ -18054,27 +18055,34 @@ async function scanWithKICS(enableComments) {
}
}
}
}
async function scanWithKICS(enableComments) {
let resultsJSONFile;
if (!kicsInput.path.value) {
core.error('Path to scan is not set');
core.setFailed('Path to scan is not set');
}
let cmdArgs = [];
addKICSCmdArgs(cmdArgs);
// making sure results.json is always created when PR comments are enabled
if (enableComments) {
if (!cmdArgs.find(arg => arg == '--output-path')) {
cmdArgs.push('--output-path');
cmdArgs.push('./');
resultsFile = './results.json';
resultsJSONFile = './results.json';
} else {
const outputFormats = core.getInput('output_formats');
if (outputFormats.toLowerCase().indexOf('json') == -1) {
cmdArgs.push('--report-formats');
cmdArgs.push('json');
}
let resultsDir = core.getInput('output_path');
resultsFile = filepath.join(resultsDir, '/results.json');
resultsJSONFile = filepath.join(resultsDir, '/results.json');
}
addJSONReportFormat(cmdArgs);
}
exitCode = await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`, [], { ignoreReturnCode: true });
return {
statusCode: exitCode,
resultsFile: resultsFile
resultsJSONFile: resultsJSONFile
};
}
@ -18082,7 +18090,6 @@ module.exports = {
scanWithKICS
};
/***/ }),
/***/ 2877:
@ -18304,6 +18311,7 @@ const scanner = __nccwpck_require__(3157);
const core = __nccwpck_require__(2186);
const github = __nccwpck_require__(5438);
const io = __nccwpck_require__(7436);
const fs = __nccwpck_require__(5747);
@ -18367,6 +18375,13 @@ function readJSON(filename) {
return parsedJSON;
}
function cleanupOutput(resultsJSONFile) {
const outputFormats = core.getInput('output_formats');
if (!outputFormats.toLowerCase().includes('json') || core.getInput('output_path') === '') {
io.rmRF(resultsJSONFile);
}
}
async function main() {
console.log("Running KICS action...");
try {
@ -18390,10 +18405,11 @@ async function main() {
await install.installKICS();
const scanResults = await scanner.scanWithKICS(enableComments);
if (enableComments) {
let parsedResults = readJSON(scanResults.resultsFile);
let parsedResults = readJSON(scanResults.resultsJSONFile);
await commenter.postPRComment(parsedResults, repo, prNumber, octokit);
}
cleanupOutput(scanResults.resultsJSONFile);
setWorkflowStatus(scanResults.statusCode);
} catch (e) {
console.error(e);

3
package-lock.json generated
View File

@ -12,6 +12,7 @@
"@actions/core": "^1.6.0",
"@actions/exec": "^1.1.0",
"@actions/github": "^5.0.0",
"@actions/io": "^1.1.1",
"@actions/tool-cache": "^1.7.1",
"moment": "^2.29.1"
},
@ -539,4 +540,4 @@
"integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
}
}
}
}

3
package.json
View File

@ -22,6 +22,7 @@
"@actions/core": "^1.6.0",
"@actions/exec": "^1.1.0",
"@actions/github": "^5.0.0",
"@actions/io": "^1.1.1",
"@actions/tool-cache": "^1.7.1",
"moment": "^2.29.1"
},
@ -29,4 +30,4 @@
"@vercel/ncc": "^0.31.1",
"prettier": "^2.4.1"
}
}
}

18
src/main.js
View File

@ -4,14 +4,10 @@ const scanner = require("./scanner");
const core = require("@actions/core");
const github = require("@actions/github");
const io = require("@actions/io");
const fs = require("fs");
const actionInputs = {
kics_version: { value: core.getInput('kics_version') },
enable_comments: { value: core.getInput('enable_comments') },
}
const exitStatus = {
results: {
codes: {
@ -67,12 +63,19 @@ function readJSON(filename) {
return parsedJSON;
}
function cleanupOutput(resultsJSONFile) {
const outputFormats = core.getInput('output_formats');
if (!outputFormats.toLowerCase().includes('json') || core.getInput('output_path') === '') {
io.rmRF(resultsJSONFile);
}
}
async function main() {
console.log("Running KICS action...");
try {
const githubToken = core.getInput("token");
const octokit = github.getOctokit(githubToken);
let enableComments = actionInputs.enable_comments.value.toLocaleLowerCase() === "true";
let enableComments = core.getInput('enable_comments').toLocaleLowerCase() === "true";
let context = {};
let repo = '';
let prNumber = '';
@ -90,10 +93,11 @@ async function main() {
await install.installKICS();
const scanResults = await scanner.scanWithKICS(enableComments);
if (enableComments) {
let parsedResults = readJSON(scanResults.resultsFile);
let parsedResults = readJSON(scanResults.resultsJSONFile);
await commenter.postPRComment(parsedResults, repo, prNumber, octokit);
}
cleanupOutput(scanResults.resultsJSONFile);
setWorkflowStatus(scanResults.statusCode);
} catch (e) {
console.error(e);

40
src/scanner.js
View File

@ -28,14 +28,15 @@ const kicsInput = {
bom: { value_type: "bool", flag: '--bom', value: core.getInput('bom') },
};
async function scanWithKICS(enableComments) {
let resultsFile;
if (!kicsInput.path.value) {
core.error('Path to scan is not set');
core.setFailed('Path to scan is not set');
function addJSONReportFormat(cmdArgs) {
const outputFormats = core.getInput('output_formats');
if (outputFormats.toLowerCase().indexOf('json') == -1) {
cmdArgs.push('--report-formats');
cmdArgs.push('json');
}
let cmdArgs = [];
}
function addKICSCmdArgs(cmdArgs) {
for (let input in kicsInput) {
if (kicsInput[input].value_type === 'string') {
if (kicsInput[input].value) {
@ -65,30 +66,37 @@ async function scanWithKICS(enableComments) {
}
}
}
}
async function scanWithKICS(enableComments) {
let resultsJSONFile;
if (!kicsInput.path.value) {
core.error('Path to scan is not set');
core.setFailed('Path to scan is not set');
}
let cmdArgs = [];
addKICSCmdArgs(cmdArgs);
// making sure results.json is always created when PR comments are enabled
if (enableComments) {
if (!cmdArgs.find(arg => arg == '--output-path')) {
cmdArgs.push('--output-path');
cmdArgs.push('./');
resultsFile = './results.json';
resultsJSONFile = './results.json';
} else {
const outputFormats = core.getInput('output_formats');
if (outputFormats.toLowerCase().indexOf('json') == -1) {
cmdArgs.push('--report-formats');
cmdArgs.push('json');
}
let resultsDir = core.getInput('output_path');
resultsFile = filepath.join(resultsDir, '/results.json');
resultsJSONFile = filepath.join(resultsDir, '/results.json');
}
addJSONReportFormat(cmdArgs);
}
exitCode = await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`, [], { ignoreReturnCode: true });
return {
statusCode: exitCode,
resultsFile: resultsFile
resultsJSONFile: resultsJSONFile
};
}
module.exports = {
scanWithKICS
};
};