nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

filter vulnerabilities by audit_level (#55)

Browse Source 
* filter vulnerabilities by audit_level

* update README.md

* fix test cases

* restrict audit_level value

* update dist/index.js
This commit is contained in:
Naoki Oketani
2020-03-21 07:08:53 +09:00
committed by GitHub
parent 4d8769971b
commit ad3449ef9c
8 changed files with 38 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -22,6 +22,7 @@ If vulnerabilities are found by `npm audit`, Action triggered by push, schedule
|Parameter|Required|Default Value|Description| |Parameter|Required|Default Value|Description|
|:--:|:--:|:--:|:--| |:--:|:--:|:--:|:--|
|audit_level|false|low|The value of `--audit-level` flag|
|issue_assignees|false|N/A|Issue assignees (separated by commma)| |issue_assignees|false|N/A|Issue assignees (separated by commma)|
|issue_labels|false|N/A|Issue labels (separated by commma)| |issue_labels|false|N/A|Issue labels (separated by commma)|
|issue_title|false|npm audit found vulnerabilities|Issue title| |issue_title|false|npm audit found vulnerabilities|Issue title|
@@ -56,6 +57,7 @@ jobs:
run: npm ci run: npm ci
- uses: oke-py/npm-audit-action@v1.2.0 - uses: oke-py/npm-audit-action@v1.2.0
with: with:
audit_level: moderate
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
issue_assignees: oke-py issue_assignees: oke-py
issue_labels: vulnerability,test issue_labels: vulnerability,test

10
__tests__/audit.test.ts
View File

@@ -30,7 +30,7 @@ describe('run', () => {
} }
}) })
audit.run() audit.run('low')
expect(audit.foundVulnerability()).toBeTruthy() expect(audit.foundVulnerability()).toBeTruthy()
}) })
@@ -51,7 +51,7 @@ describe('run', () => {
} }
}) })
audit.run() audit.run('low')
expect(audit.foundVulnerability()).toBeFalsy() expect(audit.foundVulnerability()).toBeFalsy()
}) })
@@ -69,7 +69,7 @@ describe('run', () => {
}) })
expect.assertions(1) expect.assertions(1)
const r = audit.run() const r = audit.run('low')
const e = new Error('Something is wrong') const e = new Error('Something is wrong')
await expect(r).rejects.toEqual(e) await expect(r).rejects.toEqual(e)
}) })
@@ -88,7 +88,7 @@ describe('run', () => {
}) })
expect.assertions(1) expect.assertions(1)
const r = audit.run() const r = audit.run('low')
const e = new Error('the subprocess terminated due to a signal.') const e = new Error('the subprocess terminated due to a signal.')
await expect(r).rejects.toEqual(e) await expect(r).rejects.toEqual(e)
}) })
@@ -107,7 +107,7 @@ describe('run', () => {
}) })
expect.assertions(1) expect.assertions(1)
const r = audit.run() const r = audit.run('low')
const e = new Error('Something is wrong') const e = new Error('Something is wrong')
await expect(r).rejects.toEqual(e) await expect(r).rejects.toEqual(e)
}) })

5
__tests__/main.test.ts
View File

@@ -14,6 +14,7 @@ describe('run', () => {
mocked(Audit).mockClear() mocked(Audit).mockClear()
mocked(pr).createComment.mockClear() mocked(pr).createComment.mockClear()
process.env.INPUT_AUDIT_LEVEL = 'low'
process.env.INPUT_GITHUB_CONTEXT = process.env.INPUT_GITHUB_CONTEXT =
'{ "event_name": "pull_request", "event": { "number": 100} }' '{ "event_name": "pull_request", "event": { "number": 100} }'
process.env.INPUT_GITHUB_TOKEN = '***' process.env.INPUT_GITHUB_TOKEN = '***'
@@ -27,7 +28,7 @@ describe('run', () => {
path.join(__dirname, 'testdata/audit/success.txt') path.join(__dirname, 'testdata/audit/success.txt')
), ),
status: 0, status: 0,
run: (): Promise<void> => { run: (auditLevel: string): Promise<void> => {
return Promise.resolve(void 0) return Promise.resolve(void 0)
}, },
foundVulnerability: (): boolean => { foundVulnerability: (): boolean => {
@@ -60,7 +61,7 @@ describe('run', () => {
path.join(__dirname, 'testdata/audit/error.txt') path.join(__dirname, 'testdata/audit/error.txt')
), ),
status: 1, status: 1,
run: (): Promise<void> => { run: (auditLevel: string): Promise<void> => {
return Promise.resolve(void 0) return Promise.resolve(void 0)
}, },
foundVulnerability: (): boolean => { foundVulnerability: (): boolean => {

4
action.yml
View File

@@ -2,6 +2,10 @@ name: 'npm audit action'
description: 'run npm audit' description: 'run npm audit'
author: 'Naoki Oketani <okepy.naoki@gmail.com>' author: 'Naoki Oketani <okepy.naoki@gmail.com>'
inputs: inputs:
audit_level:
description: 'The value of `--audit-level` flag'
default: low
required: false
github_context: github_context:
description: 'The `github` context' description: 'The `github` context'
default: ${{ toJson(github) }} default: ${{ toJson(github) }}

11
dist/index.js vendored
View File

@@ -1120,10 +1120,10 @@ class Audit {
this.stdout = ''; this.stdout = '';
this.status = null; this.status = null;
} }
run() { run(auditLevel) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
try { try {
const result = child_process_1.spawnSync('npm', ['audit'], { const result = child_process_1.spawnSync('npm', ['audit', '--audit-level', auditLevel], {
encoding: 'utf-8' encoding: 'utf-8'
}); });
if (result.error) { if (result.error) {
@@ -3053,9 +3053,14 @@ const pr = __importStar(__webpack_require__(665));
function run() { function run() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
try { try {
// get audit-level
const auditLevel = core.getInput('audit_level', { required: true });
if (!['critical', 'high', 'moderate', 'low'].includes(auditLevel)) {
throw new Error('Invalid input: audit_level');
}
// run `npm audit` // run `npm audit`
const audit = new audit_1.Audit(); const audit = new audit_1.Audit();
audit.run(); audit.run(auditLevel);
core.info(audit.stdout); core.info(audit.stdout);
if (audit.foundVulnerability()) { if (audit.foundVulnerability()) {
// vulnerabilities are found // vulnerabilities are found

2
package.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "npm-audit-action", "name": "npm-audit-action",
"version": "1.2.0", "version": "1.3.0",
"private": true, "private": true,
"description": "GitHub Action to run `npm audit`", "description": "GitHub Action to run `npm audit`",
"main": "lib/main.js", "main": "lib/main.js",

12
src/audit.ts
View File

@@ -5,11 +5,15 @@ export class Audit {
stdout = '' stdout = ''
private status: number | null = null private status: number | null = null
public async run(): Promise<void> { public async run(auditLevel: string): Promise<void> {
try { try {
const result: SpawnSyncReturns<string> = spawnSync('npm', ['audit'], { const result: SpawnSyncReturns<string> = spawnSync(
encoding: 'utf-8' 'npm',
}) ['audit', '--audit-level', auditLevel],
{
encoding: 'utf-8'
}
)
if (result.error) { if (result.error) {
throw result.error throw result.error

8
src/main.ts
View File

@@ -8,9 +8,15 @@ import * as pr from './pr'
export async function run(): Promise<void> { export async function run(): Promise<void> {
try { try {
// get audit-level
const auditLevel = core.getInput('audit_level', {required: true})
if (!['critical', 'high', 'moderate', 'low'].includes(auditLevel)) {
throw new Error('Invalid input: audit_level')
}
// run `npm audit` // run `npm audit`
const audit = new Audit() const audit = new Audit()
audit.run() audit.run(auditLevel)
core.info(audit.stdout) core.info(audit.stdout)
if (audit.foundVulnerability()) { if (audit.foundVulnerability()) {