"Fossies" - the Fresh Open Source Software Archive

Member "cli-1.1280.1/src/lib/formatters/sarif-output.ts" (20 Feb 2024, 2374 Bytes) of package /linux/misc/snyk-cli-1.1280.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) TypeScript source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 import * as sarif from 'sarif';
    2 import * as upperFirst from 'lodash.upperfirst';
    3 import { AnnotatedIssue, TestResult } from '../snyk-test/legacy';
    4 import { SEVERITY } from '../snyk-test/legacy';
    5 import { getResults } from './get-sarif-result';
    6 
    7 export function createSarifOutputForContainers(
    8   testResults: TestResult[],
    9 ): sarif.Log {
   10   const sarifRes: sarif.Log = {
   11     $schema:
   12       'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
   13     version: '2.1.0',
   14     runs: [],
   15   };
   16 
   17   testResults.forEach((testResult) => {
   18     sarifRes.runs.push({
   19       tool: getTool(testResult),
   20       results: getResults(testResult),
   21     });
   22   });
   23 
   24   return sarifRes;
   25 }
   26 
   27 export function getIssueLevel(
   28   severity: SEVERITY | 'none',
   29 ): sarif.ReportingConfiguration.level {
   30   return severity === SEVERITY.HIGH || severity === SEVERITY.CRITICAL
   31     ? 'error'
   32     : 'warning';
   33 }
   34 
   35 export function getTool(testResult): sarif.Tool {
   36   const tool: sarif.Tool = {
   37     driver: {
   38       name: 'Snyk Container',
   39       properties: {
   40         artifactsScanned: testResult.dependencyCount,
   41       },
   42       rules: [],
   43     },
   44   };
   45 
   46   if (!testResult.vulnerabilities) {
   47     return tool;
   48   }
   49 
   50   const pushedIds = {};
   51   tool.driver.rules = testResult.vulnerabilities
   52     .map((vuln: AnnotatedIssue) => {
   53       if (pushedIds[vuln.id]) {
   54         return;
   55       }
   56       const level = getIssueLevel(vuln.severity);
   57       const cve = vuln.identifiers?.CVE?.join();
   58       pushedIds[vuln.id] = true;
   59       return {
   60         id: vuln.id,
   61         shortDescription: {
   62           text: `${upperFirst(vuln.severity)} severity - ${
   63             vuln.title
   64           } vulnerability in ${vuln.packageName}`,
   65         },
   66         fullDescription: {
   67           text: cve
   68             ? `(${cve}) ${vuln.name}@${vuln.version}`
   69             : `${vuln.name}@${vuln.version}`,
   70         },
   71         help: {
   72           text: '',
   73           markdown: vuln.description,
   74         },
   75         defaultConfiguration: {
   76           level: level,
   77         },
   78         properties: {
   79           tags: [
   80             'security',
   81             ...(vuln.identifiers?.CWE || []),
   82             // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
   83             testResult.packageManager!,
   84           ],
   85           cvssv3_baseScore: vuln.cvssScore,
   86         },
   87       };
   88     })
   89     .filter(Boolean);
   90   return tool;
   91 }