HPCE/kics-github-action
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

adding annotations feature

Browse Source 
Signed-off-by: Rogério Peixoto <rogerio.peixoto@checkmarx.com>
This commit is contained in:
Rogério Peixoto
2021-10-18 14:22:24 +01:00
parent 5bfac87c6a
commit d809a88b60
4 changed files with 116 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
dist/index.js vendored
View File

@ -17799,6 +17799,50 @@ function wrappy (fn, cb) {
} }
/***/ }),
/***/ 9362:
/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
const core = __nccwpck_require__(2186);
function extractAnnotations(results) {
let annotations = [];
for (i in results.queries) {
let query = results.queries[i];
for (j in query.files) {
let file = query.files[j];
annotations.push({
file: file['file_name'],
startLine: file['line'],
endLine: file['line'],
severity: query['severity'],
queryName: query['query_name'],
description: query['description'],
});
}
}
return annotations;
}
function annotateChangesWithResults(results) {
const annotations = extractAnnotations(results);
annotations.forEach(annotation => {
core.warning(annotation.description, {
title: `[${annotation.severity}] ${annotation.queryName}`,
startLine: annotation.startLine,
endLine: annotation.endLine,
file: annotation.file,
});
});
}
module.exports = {
annotateChangesWithResults
}
/***/ }), /***/ }),
/***/ 3571: /***/ 3571:
@ -18060,7 +18104,7 @@ function addKICSCmdArgs(cmdArgs) {
} }
} }
async function scanWithKICS(enableComments) { async function scanWithKICS() {
let resultsJSONFile; let resultsJSONFile;
if (!kicsInput.path.value) { if (!kicsInput.path.value) {
@ -18070,18 +18114,17 @@ async function scanWithKICS(enableComments) {
let cmdArgs = []; let cmdArgs = [];
addKICSCmdArgs(cmdArgs); addKICSCmdArgs(cmdArgs);
// making sure results.json is always created when PR comments are enabled // making sure results.json is always created
if (enableComments) { if (!cmdArgs.find(arg => arg == '--output-path')) {
if (!cmdArgs.find(arg => arg == '--output-path')) { cmdArgs.push('--output-path');
cmdArgs.push('--output-path'); cmdArgs.push('./');
cmdArgs.push('./'); resultsJSONFile = './results.json';
resultsJSONFile = './results.json'; } else {
} else { let resultsDir = core.getInput('output_path');
let resultsDir = core.getInput('output_path'); resultsJSONFile = filepath.join(resultsDir, '/results.json');
resultsJSONFile = filepath.join(resultsDir, '/results.json');
}
addJSONReportFormat(cmdArgs);
} }
addJSONReportFormat(cmdArgs);
exitCode = await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`, [], { ignoreReturnCode: true }); exitCode = await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`, [], { ignoreReturnCode: true });
return { return {
statusCode: exitCode, statusCode: exitCode,
@ -18311,6 +18354,7 @@ var __webpack_exports__ = {};
const install = __nccwpck_require__(1430); const install = __nccwpck_require__(1430);
const commenter = __nccwpck_require__(3571); const commenter = __nccwpck_require__(3571);
const scanner = __nccwpck_require__(3157); const scanner = __nccwpck_require__(3157);
const annotator = __nccwpck_require__(9362);
const core = __nccwpck_require__(2186); const core = __nccwpck_require__(2186);
const github = __nccwpck_require__(5438); const github = __nccwpck_require__(5438);
@ -18385,7 +18429,6 @@ async function main() {
try { try {
const githubToken = core.getInput("token"); const githubToken = core.getInput("token");
const octokit = github.getOctokit(githubToken); const octokit = github.getOctokit(githubToken);
let enableComments = core.getInput('enable_comments').toLocaleLowerCase() === "true";
let context = {}; let context = {};
let repo = ''; let repo = '';
let prNumber = ''; let prNumber = '';
@ -18401,12 +18444,14 @@ async function main() {
} }
await install.installKICS(); await install.installKICS();
const scanResults = await scanner.scanWithKICS(enableComments); const scanResults = await scanner.scanWithKICS();
if (enableComments) { const parsedResults = readJSON(scanResults.resultsJSONFile);
let parsedResults = readJSON(scanResults.resultsJSONFile); if (core.getInput('enable_comments').toLocaleLowerCase() === "true") {
await commenter.postPRComment(parsedResults, repo, prNumber, octokit); await commenter.postPRComment(parsedResults, repo, prNumber, octokit);
} }
annotator.annotateChangesWithResults(parsedResults);
cleanupOutput(scanResults.resultsJSONFile); cleanupOutput(scanResults.resultsJSONFile);
setWorkflowStatus(scanResults.statusCode); setWorkflowStatus(scanResults.statusCode);
} catch (e) { } catch (e) {

38
src/annotator.js Normal file
View File

@ -0,0 +1,38 @@
const core = require("@actions/core");
function extractAnnotations(results) {
let annotations = [];
for (i in results.queries) {
let query = results.queries[i];
for (j in query.files) {
let file = query.files[j];
annotations.push({
file: file['file_name'],
startLine: file['line'],
endLine: file['line'],
severity: query['severity'],
queryName: query['query_name'],
description: query['description'],
});
}
}
return annotations;
}
function annotateChangesWithResults(results) {
const annotations = extractAnnotations(results);
annotations.forEach(annotation => {
core.warning(annotation.description, {
title: `[${annotation.severity}] ${annotation.queryName}`,
startLine: annotation.startLine,
endLine: annotation.endLine,
file: annotation.file,
});
});
}
module.exports = {
annotateChangesWithResults
}

10
src/main.js
View File

@ -1,6 +1,7 @@
const install = require("./install"); const install = require("./install");
const commenter = require("./commenter"); const commenter = require("./commenter");
const scanner = require("./scanner"); const scanner = require("./scanner");
const annotator = require("./annotator");
const core = require("@actions/core"); const core = require("@actions/core");
const github = require("@actions/github"); const github = require("@actions/github");
@ -75,7 +76,6 @@ async function main() {
try { try {
const githubToken = core.getInput("token"); const githubToken = core.getInput("token");
const octokit = github.getOctokit(githubToken); const octokit = github.getOctokit(githubToken);
let enableComments = core.getInput('enable_comments').toLocaleLowerCase() === "true";
let context = {}; let context = {};
let repo = ''; let repo = '';
let prNumber = ''; let prNumber = '';
@ -91,12 +91,14 @@ async function main() {
} }
await install.installKICS(); await install.installKICS();
const scanResults = await scanner.scanWithKICS(enableComments); const scanResults = await scanner.scanWithKICS();
if (enableComments) { const parsedResults = readJSON(scanResults.resultsJSONFile);
let parsedResults = readJSON(scanResults.resultsJSONFile); if (core.getInput('enable_comments').toLocaleLowerCase() === "true") {
await commenter.postPRComment(parsedResults, repo, prNumber, octokit); await commenter.postPRComment(parsedResults, repo, prNumber, octokit);
} }
annotator.annotateChangesWithResults(parsedResults);
cleanupOutput(scanResults.resultsJSONFile); cleanupOutput(scanResults.resultsJSONFile);
setWorkflowStatus(scanResults.statusCode); setWorkflowStatus(scanResults.statusCode);
} catch (e) { } catch (e) {

23
src/scanner.js
View File

@ -68,7 +68,7 @@ function addKICSCmdArgs(cmdArgs) {
} }
} }
async function scanWithKICS(enableComments) { async function scanWithKICS() {
let resultsJSONFile; let resultsJSONFile;
if (!kicsInput.path.value) { if (!kicsInput.path.value) {
@ -78,18 +78,17 @@ async function scanWithKICS(enableComments) {
let cmdArgs = []; let cmdArgs = [];
addKICSCmdArgs(cmdArgs); addKICSCmdArgs(cmdArgs);
// making sure results.json is always created when PR comments are enabled // making sure results.json is always created
if (enableComments) { if (!cmdArgs.find(arg => arg == '--output-path')) {
if (!cmdArgs.find(arg => arg == '--output-path')) { cmdArgs.push('--output-path');
cmdArgs.push('--output-path'); cmdArgs.push('./');
cmdArgs.push('./'); resultsJSONFile = './results.json';
resultsJSONFile = './results.json'; } else {
} else { let resultsDir = core.getInput('output_path');
let resultsDir = core.getInput('output_path'); resultsJSONFile = filepath.join(resultsDir, '/results.json');
resultsJSONFile = filepath.join(resultsDir, '/results.json');
}
addJSONReportFormat(cmdArgs);
} }
addJSONReportFormat(cmdArgs);
exitCode = await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`, [], { ignoreReturnCode: true }); exitCode = await exec.exec(`${kicsBinary} scan --no-progress ${cmdArgs.join(" ")}`, [], { ignoreReturnCode: true });
return { return {
statusCode: exitCode, statusCode: exitCode,