feat: progress on javascript action
This commit is contained in:
Rogério Peixoto
88
src/commenter.js
Normal file
88
src/commenter.js
Normal file
@@ -0,0 +1,88 @@
|
||||
const fs = require("fs");
|
||||
const moment = require('moment')
|
||||
|
||||
const kicsLogo = "https://user-images.githubusercontent.com/75368139/136991766-a4e5bc8b-63db-48f7-9384-740e9f15c9f6.png"
|
||||
const severityOrder = ["HIGH", "MEDIUM", "LOW", "INFO", "TRACE"];
|
||||
const severityIcons = {
|
||||
"HIGH": "https://user-images.githubusercontent.com/23239410/92157087-97285600-ee32-11ea-988f-0aca12c4c126.png",
|
||||
"MEDIUM": "https://user-images.githubusercontent.com/23239410/92157093-98598300-ee32-11ea-83d7-af52251a011b.png",
|
||||
"LOW": "https://user-images.githubusercontent.com/23239410/92157091-98598300-ee32-11ea-8498-19bd7d62019b.png",
|
||||
"INFO": "https://user-images.githubusercontent.com/23239410/92157090-97c0ec80-ee32-11ea-9b2e-aa6b32b03d54.png",
|
||||
"TRACE": "https://user-images.githubusercontent.com/23239410/92157090-97c0ec80-ee32-11ea-9b2e-aa6b32b03d54.png"
|
||||
}
|
||||
|
||||
|
||||
function readJSON(filename) {
|
||||
const rawdata = fs.readFileSync(filename);
|
||||
const parsedJSON = JSON.parse(rawdata.toString());
|
||||
return parsedJSON;
|
||||
}
|
||||
|
||||
function createComment(results) {
|
||||
let message = "![kics-logo](" + kicsLogo + ")\n";
|
||||
|
||||
message += "---";
|
||||
message += `\n**KICS version: ${results['kics_version']}**\n`
|
||||
message += "\n**Total Results: " + results['total_counter'] + "**\n\n";
|
||||
message += "| | Category | Results |\n";
|
||||
message += "| --- |--- | --- |\n";
|
||||
let severityCounters = results['severity_counters']
|
||||
for (let severity of severityOrder) {
|
||||
if (severity in severityCounters) {
|
||||
message += "| ![" + severity + "](" + severityIcons[severity] + ") |" + severity.toUpperCase() + " | " + severityCounters[severity.toUpperCase()] + " |\n";
|
||||
}
|
||||
}
|
||||
|
||||
message += "\n**Scan Metrics**\n\n";
|
||||
message += "| Metric | Values |\n";
|
||||
message += "| --- | --- |\n";
|
||||
message += "| Files scanned | " + results['files_scanned'] + "\n";
|
||||
message += "| Files parsed | " + results['files_parsed'] + "\n";
|
||||
message += "| Files failed to scan | " + results['files_failed_to_scan'] + "\n";
|
||||
message += "| Total queries | " + results['queries_total'] + "\n";
|
||||
message += "| Queries failed to execute | " + results['queries_failed_to_execute'] + "\n";
|
||||
|
||||
let executionTime = moment(results['end']).diff(moment(results['start']), 'seconds');
|
||||
|
||||
message += "| Execution time | " + executionTime + "s\n";
|
||||
|
||||
return message;
|
||||
}
|
||||
|
||||
async function postPRComment(repo, prNumber) {
|
||||
const githubToken = core.getInput("token");
|
||||
const octokit = github.getOctokit(githubToken);
|
||||
const results = readJSON("results.json");
|
||||
const message = createComment(results);
|
||||
console.log(message);
|
||||
|
||||
const { data: comments } = await octokit.rest.issues.listComments({
|
||||
...repo,
|
||||
issue_number: prNumber,
|
||||
});
|
||||
|
||||
const comment = comments.find((comment) => {
|
||||
return (
|
||||
comment.user.login === "github-actions[bot]" &&
|
||||
comment.body.startsWith("![kics-logo](" + kicsLogo + ")\n")
|
||||
);
|
||||
});
|
||||
|
||||
if (comment) {
|
||||
await octokit.rest.issues.updateComment({
|
||||
...repo,
|
||||
comment_id: comment.id,
|
||||
body: message
|
||||
});
|
||||
} else {
|
||||
await octokit.rest.issues.createComment({
|
||||
...repo,
|
||||
issue_number: prNumber,
|
||||
body: message
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
postPRComment
|
||||
};
|
||||
128
src/install.js
Normal file
128
src/install.js
Normal file
@@ -0,0 +1,128 @@
|
||||
const https = require('https')
|
||||
const filepath = require('path');
|
||||
const tc = require('@actions/tool-cache');
|
||||
//const releaseDownloader = require('@fohlen/github-release-downloader');
|
||||
const os = require('os');
|
||||
//const decompress = require('decompress');
|
||||
//const decompressTargz = require('decompress-targz');
|
||||
|
||||
function getVersion(version) {
|
||||
let path = ''
|
||||
if (version == "latest") {
|
||||
path = '/repos/checkmarx/kics/releases/latest'
|
||||
} else {
|
||||
path = '/repos/checkmarx/kics/releases/tags/' + version
|
||||
}
|
||||
const options = {
|
||||
hostname: 'api.github.com',
|
||||
port: 443,
|
||||
path: path,
|
||||
headers: {
|
||||
'User-Agent': 'node.js'
|
||||
},
|
||||
method: 'GET'
|
||||
}
|
||||
return new Promise((resolve, reject) => {
|
||||
const req = https.get(options, (resp) => {
|
||||
console.log(`${options.method} https://${options.hostname}${options.path} ${resp.statusCode}`)
|
||||
let rawData = '';
|
||||
resp.on('data', (d) => {
|
||||
rawData += d;
|
||||
});
|
||||
resp.on('end', () => {
|
||||
try {
|
||||
const parsedData = JSON.parse(rawData);
|
||||
resolve(parsedData);
|
||||
} catch (e) {
|
||||
reject(e);
|
||||
}
|
||||
});
|
||||
})
|
||||
|
||||
req.on('error', (error) => {
|
||||
reject(error);
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
function getReleaseInfo(release) {
|
||||
const assets = release.assets || [];
|
||||
const os = process.platform;
|
||||
const arch = process.arch;
|
||||
let targetAsset;
|
||||
switch (os) {
|
||||
case 'darwin':
|
||||
targetAsset = assets.filter((asset) => asset.name.indexOf('darwin') !== -1 && asset.name.indexOf(arch) !== -1)[0];
|
||||
break;
|
||||
case 'linux':
|
||||
targetAsset = assets.filter((asset) => asset.name.indexOf('linux') !== -1 && asset.name.indexOf(arch) !== -1)[0];
|
||||
break;
|
||||
case 'win32':
|
||||
targetAsset = assets.filter((asset) => asset.name.indexOf('windows') !== -1 && asset.name.indexOf(arch) !== -1)[0];
|
||||
break;
|
||||
default:
|
||||
targetAsset = { size: 0, browser_download_url: '' };
|
||||
}
|
||||
return { size: targetAsset.size, browser_download_url: targetAsset.browser_download_url, version: targetAsset.name };
|
||||
}
|
||||
|
||||
// async function downloadReleaseFile(releaseAsset) {
|
||||
// const dest = os.homedir();
|
||||
// const releaseURL = releaseAsset.browser_download_url;
|
||||
|
||||
// console.log("Downloading", releaseURL);
|
||||
// const baseName = releaseURL.substr(releaseURL.lastIndexOf("/") + 1);
|
||||
// return releaseDownloader.downloadAsset(releaseURL, baseName, dest, () => {
|
||||
// process.stdout.write(".");
|
||||
// });
|
||||
// }
|
||||
|
||||
// function decompressRelease(path) {
|
||||
// const dest = os.homedir();
|
||||
// return decompress(path, filepath.join(dest, 'kics'), {
|
||||
// plugins: [
|
||||
// decompressTargz()
|
||||
// ]
|
||||
// });
|
||||
// }
|
||||
|
||||
// function getExecutableName() {
|
||||
// const os = process.platform;
|
||||
// switch (os) {
|
||||
// case 'darwin':
|
||||
// case 'linux':
|
||||
// return 'kics';
|
||||
// case 'win32':
|
||||
// return 'kics.exe';
|
||||
// default:
|
||||
// return 'kics';
|
||||
// }
|
||||
// }
|
||||
|
||||
async function installKICS(kicsVersion) {
|
||||
let release = {};
|
||||
if (!kicsVersion || kicsVersion == "latest") {
|
||||
release = await getVersion("latest");
|
||||
} else {
|
||||
release = await getVersion(kicsVersion);
|
||||
}
|
||||
const releaseInfo = getReleaseInfo(release)
|
||||
|
||||
const kicsDownloadPath = await tc.downloadTool(releaseInfo.browser_download_url);
|
||||
const kicsExtractedFolder = await tc.extractTar(kicsDownloadPath, filepath.join(os.homedir(), 'kics', releaseInfo.version));
|
||||
const cachedPath = await tc.cacheDir(kicsExtractedFolder, 'kics', releaseInfo.version);
|
||||
core.addPath(cachedPath);
|
||||
|
||||
// const releasePath = await downloadReleaseFile(releaseAsset, "./")
|
||||
// console.log('\nDownloaded KICS release', releasePath);
|
||||
// const files = await decompressRelease(releasePath);
|
||||
// console.log('\nDecompressed KICS release', files.map(f => f.path));
|
||||
|
||||
// const kicsPath = filepath.join(os.homedir(), 'kics', getExecutableName());
|
||||
// console.log('\nInstalling KICS to', kicsPath);
|
||||
return kicsPath;
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
installKICS
|
||||
}
|
||||
29
src/main.js
Normal file
29
src/main.js
Normal file
@@ -0,0 +1,29 @@
|
||||
const install = require("./install");
|
||||
const commenter = require("./commenter");
|
||||
const scanner = require("./scanner");
|
||||
const core = require("@actions/core");
|
||||
|
||||
const actionInputs = {
|
||||
kics_version: { value: core.getInput('kics_version') },
|
||||
enable_pr_comments: { value: core.getInput('enable_pr_comments') },
|
||||
}
|
||||
|
||||
async function main() {
|
||||
console.log("Running KICS action...");
|
||||
try {
|
||||
// const context = github.context;
|
||||
// const repository = context.repo;
|
||||
// const pullRequestNumber = context.payload.pull_request.number;
|
||||
const kicsPath = await install.installKICS(actionInputs.kics_version.value);
|
||||
console.log("KICS installed at: " + kicsPath);
|
||||
//await scanner.scanWithKICS(kicsPath);
|
||||
// if (actionInputs.enable_pr_comments.value === "true") {
|
||||
// await commenter.commentOnPullRequest(repository, pullRequestNumber);
|
||||
// }
|
||||
} catch (e) {
|
||||
console.error(e);
|
||||
core.setFailed(e.message);
|
||||
}
|
||||
}
|
||||
|
||||
main();
|
||||
38
src/scanner.js
Normal file
38
src/scanner.js
Normal file
@@ -0,0 +1,38 @@
|
||||
const exec = require('@actions/exec');
|
||||
|
||||
const core = require("@actions/core");
|
||||
|
||||
const kicsInputs = {
|
||||
path: { flag: '--path', value: core.getInput('path') },
|
||||
ignore_on_exit: { flag: '--ignore-on-exit', value: core.getInput('ignore_on_exit') },
|
||||
fail_on: { flag: '--fail-on', value: core.getInput('fail_on') },
|
||||
timeout: { flag: '--timeout', value: core.getInput('timeout') },
|
||||
profiling: { flag: '--profiling', value: core.getInput('profiling') },
|
||||
config_path: { flag: '--config', value: core.getInput('config_path') },
|
||||
payload_path: { flag: '--payload-path', value: core.getInput('payload_path') },
|
||||
exclude_paths: { flag: '--exclude-paths', value: core.getInput('exclude_paths') },
|
||||
exclude_queries: { flag: '--exclude-queries', value: core.getInput('exclude_queries') },
|
||||
exclude_categories: { flag: '--exclude-categories', value: core.getInput('exclude_categories') },
|
||||
exclude_results: { flag: '--exclude-results', value: core.getInput('exclude_results') },
|
||||
output_formats: { flag: '--report-formats', value: core.getInput('output_formats') },
|
||||
output_path: { flag: '--output-path', value: core.getInput('output_path') },
|
||||
queries: { flag: '--queries-path', value: core.getInput('queries') },
|
||||
verbose: { flag: '--verbose', value: core.getInput('verbose') },
|
||||
secrets_regexes_path: { flag: '--secrets-regexes-path', value: core.getInput('secrets_regexes_path') },
|
||||
libraries_path: { flag: '--libraries-path', value: core.getInput('libraries-path') },
|
||||
disable_secrets: { flag: '--disable-secrets', value: core.getInput('disable_secrets') },
|
||||
disable_full_descriptions: { flag: '--disable-full-descriptions', value: core.getInput('disable_full_descriptions') },
|
||||
types: { flag: '--types', value: core.getInput('types') },
|
||||
bom: { flag: '--bom', value: core.getInput('bom') },
|
||||
};
|
||||
|
||||
async function scanWithKICS(kicsPath) {
|
||||
let statusCode = 0;
|
||||
if (kicsInputs.config_path.value) {
|
||||
statusCode = await exec.exec(`${kicsPath} scan ${kicsInputs.config_path.flag} ${kicsInputs.config_path.value}`);
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
scanWithKICS
|
||||
};
|
||||
Reference in New Issue
Block a user