From 2a9ef4c09a9639b760c09916f99f17a28e2a71c0 Mon Sep 17 00:00:00 2001 From: salemxd Date: Wed, 13 Mar 2024 11:21:52 +0100 Subject: [PATCH 01/14] added CodeQl Service --- src/sasttools/CodeQLService.ts | 68 ++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 src/sasttools/CodeQLService.ts diff --git a/src/sasttools/CodeQLService.ts b/src/sasttools/CodeQLService.ts new file mode 100644 index 00000000..8bb86bab --- /dev/null +++ b/src/sasttools/CodeQLService.ts @@ -0,0 +1,68 @@ +import * as core from '@actions/core'; +import * as github from '@actions/github'; +import { Octokit } from '@octokit/rest'; + +export class DependabotService { + public static async setDependabotFindings(): Promise { + try{ + const { owner, repo }: { owner: string; repo: string } = github.context.repo; + const token: string = core.getInput('PAT-token'); + + const octokit = new Octokit({ + auth: token, + }); + + // https://www.npmjs.com/package/octokit#pagination + const iterator = octokit.paginate.iterator(octokit.codeScanning.listAlertsForRepo, { + owner: owner, + repo: repo, + per_page: 100, + state: 'open', + }); + + let sastNumberOfSeverity1: number = 0; + let sastNumberOfSeverity2: number = 0 + let sastNumberOfSeverity3: number = 0; + let sastNumberOfSeverity4: number = 0; + + for await (const { data: alerts } of iterator) { + for (const alert of alerts) { + switch (alert.rule.severity) { + case 'warning': + sastNumberOfSeverity1++; + break; + case 'note': + sastNumberOfSeverity2++; + break; + case 'error': + sastNumberOfSeverity3++; + break; + case 'none': + sastNumberOfSeverity4++ + break; + default: + break; + } + } + } + + console.log('sastNumberOfSeverityWarning: ' + sastNumberOfSeverity1); + console.log('sastNumberOfSeverityNote: ' + sastNumberOfSeverity2); + console.log('sastNumberOfSeverityError: ' + sastNumberOfSeverity3); + console.log('sastNumberOfSeverityNone: ' + sastNumberOfSeverity4); + + core.exportVariable('SASTnumberOfSeverity1', sastNumberOfSeverity1); + core.exportVariable('SASTnumberOfSeverity2', sastNumberOfSeverity2); + core.exportVariable('SASTnumberOfSeverity3', sastNumberOfSeverity3); + core.exportVariable('SASTnumberOfSeverity4', sastNumberOfSeverity4); + } + catch(error){ + core.warning('Could not set CodeQL severities'); + core.exportVariable('SASTnumberOfSeverity1', 0); + core.exportVariable('SASTnumberOfSeverity2', 0); + core.exportVariable('SASTnumberOfSeverity3', 0); + core.exportVariable('SASTnumberOfSeverity4', 0); + } + + } +} \ No newline at end of file From 4c2580be24e8aea69e8c0729d34668e632fd4bf8 Mon Sep 17 00:00:00 2001 From: salemxd Date: Thu, 14 Mar 2024 10:43:09 +0100 Subject: [PATCH 02/14] added control to sast service --- src/sasttools/CodeQLService.ts | 47 +++++++++++++++++----------------- src/sasttools/SastService.ts | 25 +++++++++++------- 2 files changed, 40 insertions(+), 32 deletions(-) diff --git a/src/sasttools/CodeQLService.ts b/src/sasttools/CodeQLService.ts index 8bb86bab..5804aec6 100644 --- a/src/sasttools/CodeQLService.ts +++ b/src/sasttools/CodeQLService.ts @@ -2,8 +2,8 @@ import * as core from '@actions/core'; import * as github from '@actions/github'; import { Octokit } from '@octokit/rest'; -export class DependabotService { - public static async setDependabotFindings(): Promise { +export class CodeQLService { + public static async setCodeQLFindings(): Promise { try{ const { owner, repo }: { owner: string; repo: string } = github.context.repo; const token: string = core.getInput('PAT-token'); @@ -18,27 +18,28 @@ export class DependabotService { repo: repo, per_page: 100, state: 'open', + tool_name: "CodeQL" }); - let sastNumberOfSeverity1: number = 0; - let sastNumberOfSeverity2: number = 0 - let sastNumberOfSeverity3: number = 0; - let sastNumberOfSeverity4: number = 0; + let SASTNumberOfSeverity1: number = 0; + let SASTNumberOfSeverity2: number = 0 + let SASTNumberOfSeverity3: number = 0; + let SASTNumberOfSeverity4: number = 0; for await (const { data: alerts } of iterator) { for (const alert of alerts) { - switch (alert.rule.severity) { - case 'warning': - sastNumberOfSeverity1++; + switch (alert.rule.security_severity_level) { + case 'low': + SASTNumberOfSeverity1++; break; - case 'note': - sastNumberOfSeverity2++; + case 'medium': + SASTNumberOfSeverity2++; break; - case 'error': - sastNumberOfSeverity3++; + case 'high': + SASTNumberOfSeverity3++; break; - case 'none': - sastNumberOfSeverity4++ + case 'critical': + SASTNumberOfSeverity4++ break; default: break; @@ -46,15 +47,15 @@ export class DependabotService { } } - console.log('sastNumberOfSeverityWarning: ' + sastNumberOfSeverity1); - console.log('sastNumberOfSeverityNote: ' + sastNumberOfSeverity2); - console.log('sastNumberOfSeverityError: ' + sastNumberOfSeverity3); - console.log('sastNumberOfSeverityNone: ' + sastNumberOfSeverity4); + console.log('sastNumberOfSeveritylow: ' + SASTNumberOfSeverity1); + console.log('sastNumberOfSeverityMedium: ' + SASTNumberOfSeverity2); + console.log('sastNumberOfSeverityHigh: ' + SASTNumberOfSeverity3); + console.log('sastNumberOfSeverityCritical: ' + SASTNumberOfSeverity4); - core.exportVariable('SASTnumberOfSeverity1', sastNumberOfSeverity1); - core.exportVariable('SASTnumberOfSeverity2', sastNumberOfSeverity2); - core.exportVariable('SASTnumberOfSeverity3', sastNumberOfSeverity3); - core.exportVariable('SASTnumberOfSeverity4', sastNumberOfSeverity4); + core.exportVariable('SASTnumberOfSeverity1', SASTNumberOfSeverity1); + core.exportVariable('SASTnumberOfSeverity2', SASTNumberOfSeverity2); + core.exportVariable('SASTnumberOfSeverity3', SASTNumberOfSeverity3); + core.exportVariable('SASTnumberOfSeverity4', SASTNumberOfSeverity4); } catch(error){ core.warning('Could not set CodeQL severities'); diff --git a/src/sasttools/SastService.ts b/src/sasttools/SastService.ts index a17c4c7f..31c6cce9 100644 --- a/src/sasttools/SastService.ts +++ b/src/sasttools/SastService.ts @@ -1,18 +1,25 @@ import * as core from '@actions/core'; +import { CodeQLService } from './CodeQLService'; export class SastService { public static async getStateOfSastTool(sastTool: { nameOfTool: string }): Promise { + console.log('\n Running SAST control'); + let sast = sastTool.nameOfTool; if (process.env.sastTool) { - console.log(`SAST Tool: ${process.env.sastTool}`); - core.exportVariable('sastTool', process.env.sastTool); - } else { - if (!sastTool.nameOfTool || sastTool.nameOfTool === 'name-of-tool') { - core.warning('SAST Tool is not set!'); - return; - } - console.log(`SAST Tool: ${sastTool.nameOfTool}`); - core.exportVariable('sastTool', sastTool.nameOfTool); + sast = process.env.sastTool; + } + console.log(`SAST Tool: ${process.env.sastTool}`); + core.exportVariable('sastTool', process.env.sastTool); + + if (!sast || sast === '' || sast === 'name-of-tool') { + core.warning('SAST Tool is not set!'); + return; + } + + if (sast.toLowerCase() === 'codeql') { + CodeQLService.setCodeQLFindings() } } + } From 4026f0ad7c172e4f61cd22dcf7477a3113817d2e Mon Sep 17 00:00:00 2001 From: salemxd Date: Thu, 14 Mar 2024 13:29:52 +0100 Subject: [PATCH 03/14] fixed bug --- src/sasttools/SastService.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sasttools/SastService.ts b/src/sasttools/SastService.ts index 31c6cce9..5b69db52 100644 --- a/src/sasttools/SastService.ts +++ b/src/sasttools/SastService.ts @@ -9,7 +9,7 @@ export class SastService { if (process.env.sastTool) { sast = process.env.sastTool; } - console.log(`SAST Tool: ${process.env.sastTool}`); + console.log(`SAST Tool: ${sast}`); core.exportVariable('sastTool', process.env.sastTool); if (!sast || sast === '' || sast === 'name-of-tool') { From 9919dc9f8a3d276be123fcd93ae743e4c18dbf6f Mon Sep 17 00:00:00 2001 From: salemxd Date: Thu, 14 Mar 2024 13:30:52 +0100 Subject: [PATCH 04/14] fixed bug --- src/sasttools/SastService.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sasttools/SastService.ts b/src/sasttools/SastService.ts index 5b69db52..bc3438ce 100644 --- a/src/sasttools/SastService.ts +++ b/src/sasttools/SastService.ts @@ -10,7 +10,7 @@ export class SastService { sast = process.env.sastTool; } console.log(`SAST Tool: ${sast}`); - core.exportVariable('sastTool', process.env.sastTool); + core.exportVariable('sastTool', sast); if (!sast || sast === '' || sast === 'name-of-tool') { core.warning('SAST Tool is not set!'); From d307062963561d3ace52e44f1c9401830b9deaf2 Mon Sep 17 00:00:00 2001 From: hampus-andersson-op Date: Fri, 15 Mar 2024 16:25:09 +0100 Subject: [PATCH 05/14] Format file --- src/sasttools/SastService.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/sasttools/SastService.ts b/src/sasttools/SastService.ts index bc3438ce..a72f447c 100644 --- a/src/sasttools/SastService.ts +++ b/src/sasttools/SastService.ts @@ -3,7 +3,6 @@ import { CodeQLService } from './CodeQLService'; export class SastService { public static async getStateOfSastTool(sastTool: { nameOfTool: string }): Promise { - console.log('\n Running SAST control'); let sast = sastTool.nameOfTool; if (process.env.sastTool) { @@ -18,8 +17,7 @@ export class SastService { } if (sast.toLowerCase() === 'codeql') { - CodeQLService.setCodeQLFindings() + CodeQLService.setCodeQLFindings(); } } - } From 5bbb9a350290ba11424775174ee83878b74cba63 Mon Sep 17 00:00:00 2001 From: hampus-andersson-op Date: Fri, 15 Mar 2024 16:25:41 +0100 Subject: [PATCH 06/14] Add enum for GitHub severity level --- src/sasttools/CodeQLService.ts | 93 ++++++++++++++-------------- src/scatools/DependabotService.ts | 9 +-- src/types/GithubToolSeverityLevel.ts | 8 +++ 3 files changed, 59 insertions(+), 51 deletions(-) create mode 100644 src/types/GithubToolSeverityLevel.ts diff --git a/src/sasttools/CodeQLService.ts b/src/sasttools/CodeQLService.ts index 5804aec6..9933c9de 100644 --- a/src/sasttools/CodeQLService.ts +++ b/src/sasttools/CodeQLService.ts @@ -1,69 +1,68 @@ import * as core from '@actions/core'; import * as github from '@actions/github'; import { Octokit } from '@octokit/rest'; +import GITHUB_TOOL_SEVERITY_LEVEL from '../types/GithubToolSeverityLevel'; export class CodeQLService { public static async setCodeQLFindings(): Promise { - try{ - const { owner, repo }: { owner: string; repo: string } = github.context.repo; - const token: string = core.getInput('PAT-token'); + try { + const { owner, repo }: { owner: string; repo: string } = github.context.repo; + const token: string = core.getInput('PAT-token'); - const octokit = new Octokit({ + const octokit = new Octokit({ auth: token, - }); + }); - // https://www.npmjs.com/package/octokit#pagination - const iterator = octokit.paginate.iterator(octokit.codeScanning.listAlertsForRepo, { + // https://www.npmjs.com/package/octokit#pagination + const iterator = octokit.paginate.iterator(octokit.codeScanning.listAlertsForRepo, { owner: owner, repo: repo, per_page: 100, state: 'open', - tool_name: "CodeQL" - }); + tool_name: 'CodeQL', + }); - let SASTNumberOfSeverity1: number = 0; - let SASTNumberOfSeverity2: number = 0 - let SASTNumberOfSeverity3: number = 0; - let SASTNumberOfSeverity4: number = 0; + let SASTNumberOfSeverity1: number = 0; + let SASTNumberOfSeverity2: number = 0; + let SASTNumberOfSeverity3: number = 0; + let SASTNumberOfSeverity4: number = 0; - for await (const { data: alerts } of iterator) { + for await (const { data: alerts } of iterator) { for (const alert of alerts) { - switch (alert.rule.security_severity_level) { - case 'low': - SASTNumberOfSeverity1++; - break; - case 'medium': - SASTNumberOfSeverity2++; - break; - case 'high': - SASTNumberOfSeverity3++; - break; - case 'critical': - SASTNumberOfSeverity4++ - break; + switch (alert.rule.security_severity_level) { + case GITHUB_TOOL_SEVERITY_LEVEL.LOW: + SASTNumberOfSeverity1++; + break; + case GITHUB_TOOL_SEVERITY_LEVEL.MEDIUM: + SASTNumberOfSeverity2++; + break; + case GITHUB_TOOL_SEVERITY_LEVEL.HIGH: + SASTNumberOfSeverity3++; + break; + case GITHUB_TOOL_SEVERITY_LEVEL.CRITICAL: + SASTNumberOfSeverity4++; + break; default: - break; - } - } + break; + } } + } - console.log('sastNumberOfSeveritylow: ' + SASTNumberOfSeverity1); - console.log('sastNumberOfSeverityMedium: ' + SASTNumberOfSeverity2); - console.log('sastNumberOfSeverityHigh: ' + SASTNumberOfSeverity3); - console.log('sastNumberOfSeverityCritical: ' + SASTNumberOfSeverity4); + console.log('sastNumberOfSeveritylow: ' + SASTNumberOfSeverity1); + console.log('sastNumberOfSeverityMedium: ' + SASTNumberOfSeverity2); + console.log('sastNumberOfSeverityHigh: ' + SASTNumberOfSeverity3); + console.log('sastNumberOfSeverityCritical: ' + SASTNumberOfSeverity4); - core.exportVariable('SASTnumberOfSeverity1', SASTNumberOfSeverity1); - core.exportVariable('SASTnumberOfSeverity2', SASTNumberOfSeverity2); - core.exportVariable('SASTnumberOfSeverity3', SASTNumberOfSeverity3); - core.exportVariable('SASTnumberOfSeverity4', SASTNumberOfSeverity4); - } - catch(error){ - core.warning('Could not set CodeQL severities'); - core.exportVariable('SASTnumberOfSeverity1', 0); - core.exportVariable('SASTnumberOfSeverity2', 0); - core.exportVariable('SASTnumberOfSeverity3', 0); - core.exportVariable('SASTnumberOfSeverity4', 0); + core.exportVariable('SASTnumberOfSeverity1', SASTNumberOfSeverity1); + core.exportVariable('SASTnumberOfSeverity2', SASTNumberOfSeverity2); + core.exportVariable('SASTnumberOfSeverity3', SASTNumberOfSeverity3); + core.exportVariable('SASTnumberOfSeverity4', SASTNumberOfSeverity4); + } catch (error) { + core.warning('Could not set CodeQL severities'); + core.exportVariable('SASTnumberOfSeverity1', 0); + core.exportVariable('SASTnumberOfSeverity2', 0); + core.exportVariable('SASTnumberOfSeverity3', 0); + core.exportVariable('SASTnumberOfSeverity4', 0); } - } -} \ No newline at end of file +} diff --git a/src/scatools/DependabotService.ts b/src/scatools/DependabotService.ts index 5ed1e172..930bf10b 100644 --- a/src/scatools/DependabotService.ts +++ b/src/scatools/DependabotService.ts @@ -1,6 +1,7 @@ import * as core from '@actions/core'; import * as github from '@actions/github'; import { Octokit } from '@octokit/rest'; +import GITHUB_TOOL_SEVERITY_LEVEL from '../types/GithubToolSeverityLevel'; export class DependabotService { public static async setDependabotFindings(): Promise { @@ -28,16 +29,16 @@ export class DependabotService { for await (const { data: alerts } of iterator) { for (const alert of alerts) { switch (alert.security_vulnerability.severity) { - case 'low': + case GITHUB_TOOL_SEVERITY_LEVEL.LOW: scaNumberOfSeverity1++; break; - case 'medium': + case GITHUB_TOOL_SEVERITY_LEVEL.MEDIUM: scaNumberOfSeverity2++; break; - case 'high': + case GITHUB_TOOL_SEVERITY_LEVEL.HIGH: scaNumberOfSeverity3++; break; - case 'critical': + case GITHUB_TOOL_SEVERITY_LEVEL.CRITICAL: scaNumberOfSeverity4++; break; } diff --git a/src/types/GithubToolSeverityLevel.ts b/src/types/GithubToolSeverityLevel.ts new file mode 100644 index 00000000..9a85a592 --- /dev/null +++ b/src/types/GithubToolSeverityLevel.ts @@ -0,0 +1,8 @@ +enum GITHUB_TOOL_SEVERITY_LEVEL { + LOW = 'low', + MEDIUM = 'medium', + HIGH = 'high', + CRITICAL = 'critical', +} + +export default GITHUB_TOOL_SEVERITY_LEVEL; From 194f9bf5a3d7b51caa519b9948b281c640092fdd Mon Sep 17 00:00:00 2001 From: hampus-andersson-op Date: Mon, 18 Mar 2024 14:18:31 +0100 Subject: [PATCH 07/14] Add error logging --- src/branchprotection/BranchProtectionService.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/branchprotection/BranchProtectionService.ts b/src/branchprotection/BranchProtectionService.ts index 5d904d45..93b3809e 100644 --- a/src/branchprotection/BranchProtectionService.ts +++ b/src/branchprotection/BranchProtectionService.ts @@ -34,7 +34,8 @@ export class BranchProtectionService { core.exportVariable('numberOfReviewers', numberOfReviewers); } catch (error) { core.warning('Error getting branch protection!'); - console.log('Error:', error.message); + console.log('ERROR STATUS:', error.status); + console.log(error); if (error.status === 403) { core.exportVariable('numberOfReviewers', 0); } From fb8a0882f3d415631d5ae710e444c889485df5ad Mon Sep 17 00:00:00 2001 From: salemxd Date: Mon, 18 Mar 2024 14:34:48 +0100 Subject: [PATCH 08/14] changed a faulty status code --- src/branchprotection/BranchProtectionService.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/branchprotection/BranchProtectionService.ts b/src/branchprotection/BranchProtectionService.ts index 93b3809e..bfbc6c91 100644 --- a/src/branchprotection/BranchProtectionService.ts +++ b/src/branchprotection/BranchProtectionService.ts @@ -36,7 +36,7 @@ export class BranchProtectionService { core.warning('Error getting branch protection!'); console.log('ERROR STATUS:', error.status); console.log(error); - if (error.status === 403) { + if (error.status === 404) { core.exportVariable('numberOfReviewers', 0); } } From d0107c35f61c613cc15e2fe145e00bc5517ecdb8 Mon Sep 17 00:00:00 2001 From: salemxd Date: Mon, 18 Mar 2024 14:36:18 +0100 Subject: [PATCH 09/14] fixed test --- tests/branchprotection.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/branchprotection.test.ts b/tests/branchprotection.test.ts index 5dc9c189..6e6c801c 100644 --- a/tests/branchprotection.test.ts +++ b/tests/branchprotection.test.ts @@ -60,12 +60,12 @@ describe('BranchProtectionService', () => { expect(warningStub.called).to.be.true; expect(exportVariableStub.calledWith('numberOfReviewers', 0)).to.be.true; }); - it('should call warning and set numberOfReviewers to 0 when github repo is private (status = 403)', async () => { + it('should call warning and set numberOfReviewers to 0 when github repo is private (status = 404)', async () => { getOctokitStub.returns({ rest: { repos: { getBranchProtection: sinon.stub().rejects({ - status: 403, + status: 404, message: 'Forbidden', }), }, From 970bb06b8a68ddcefb065230ddbda86b4a51fb7d Mon Sep 17 00:00:00 2001 From: hampus-andersson-op Date: Mon, 18 Mar 2024 14:46:28 +0100 Subject: [PATCH 10/14] Add explanation to branch protection control --- src/branchprotection/BranchProtectionService.ts | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/branchprotection/BranchProtectionService.ts b/src/branchprotection/BranchProtectionService.ts index bfbc6c91..746d2ce9 100644 --- a/src/branchprotection/BranchProtectionService.ts +++ b/src/branchprotection/BranchProtectionService.ts @@ -33,11 +33,14 @@ export class BranchProtectionService { core.exportVariable('numberOfReviewers', numberOfReviewers); } catch (error) { - core.warning('Error getting branch protection!'); - console.log('ERROR STATUS:', error.status); - console.log(error); + // Status code '404' means 'Branch not protected' if (error.status === 404) { + console.log('Branch protection is not enabled for this repository'); core.exportVariable('numberOfReviewers', 0); + } else { + core.warning('Error getting branch protection!'); + console.log('ERROR STATUS:', error.status); + console.log(error); } } } From b6ecf3e3fd2c9725e4b2aab00e6aff550ea46c36 Mon Sep 17 00:00:00 2001 From: hampus-andersson-op Date: Mon, 18 Mar 2024 14:50:46 +0100 Subject: [PATCH 11/14] Fix tests --- tests/branchprotection.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/branchprotection.test.ts b/tests/branchprotection.test.ts index 6e6c801c..7bf7b5cf 100644 --- a/tests/branchprotection.test.ts +++ b/tests/branchprotection.test.ts @@ -66,14 +66,14 @@ describe('BranchProtectionService', () => { repos: { getBranchProtection: sinon.stub().rejects({ status: 404, - message: 'Forbidden', + message: 'Branch not protected', }), }, }, }); await BranchProtectionService.getStateOfBranchProtection(); - expect(warningStub.called).to.be.true; + expect(warningStub.called).to.be.false; expect(exportVariableStub.calledWith('numberOfReviewers', 0)).to.be.true; }); }); From 2185295246d4cdfaabef40e0d97367b86bfcc2c4 Mon Sep 17 00:00:00 2001 From: hampus-andersson-op Date: Fri, 22 Mar 2024 11:37:37 +0100 Subject: [PATCH 12/14] Fix linting --- src/sasttools/CodeQLService.ts | 37 +++++++++++++++++----------------- src/sasttools/SastService.ts | 2 +- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/src/sasttools/CodeQLService.ts b/src/sasttools/CodeQLService.ts index 9933c9de..f9b3be95 100644 --- a/src/sasttools/CodeQLService.ts +++ b/src/sasttools/CodeQLService.ts @@ -2,6 +2,7 @@ import * as core from '@actions/core'; import * as github from '@actions/github'; import { Octokit } from '@octokit/rest'; import GITHUB_TOOL_SEVERITY_LEVEL from '../types/GithubToolSeverityLevel'; +import { OctokitResponse } from '@octokit/types'; export class CodeQLService { public static async setCodeQLFindings(): Promise { @@ -9,12 +10,12 @@ export class CodeQLService { const { owner, repo }: { owner: string; repo: string } = github.context.repo; const token: string = core.getInput('PAT-token'); - const octokit = new Octokit({ + const octokit: Octokit = new Octokit({ auth: token, }); // https://www.npmjs.com/package/octokit#pagination - const iterator = octokit.paginate.iterator(octokit.codeScanning.listAlertsForRepo, { + const iterator: AsyncIterableIterator> = octokit.paginate.iterator(octokit.codeScanning.listAlertsForRepo, { owner: owner, repo: repo, per_page: 100, @@ -22,25 +23,25 @@ export class CodeQLService { tool_name: 'CodeQL', }); - let SASTNumberOfSeverity1: number = 0; - let SASTNumberOfSeverity2: number = 0; - let SASTNumberOfSeverity3: number = 0; - let SASTNumberOfSeverity4: number = 0; + let sastNumberOfSeverity1: number = 0; + let sastNumberOfSeverity2: number = 0; + let sastNumberOfSeverity3: number = 0; + let sastNumberOfSeverity4: number = 0; for await (const { data: alerts } of iterator) { for (const alert of alerts) { switch (alert.rule.security_severity_level) { case GITHUB_TOOL_SEVERITY_LEVEL.LOW: - SASTNumberOfSeverity1++; + sastNumberOfSeverity1++; break; case GITHUB_TOOL_SEVERITY_LEVEL.MEDIUM: - SASTNumberOfSeverity2++; + sastNumberOfSeverity2++; break; case GITHUB_TOOL_SEVERITY_LEVEL.HIGH: - SASTNumberOfSeverity3++; + sastNumberOfSeverity3++; break; case GITHUB_TOOL_SEVERITY_LEVEL.CRITICAL: - SASTNumberOfSeverity4++; + sastNumberOfSeverity4++; break; default: break; @@ -48,15 +49,15 @@ export class CodeQLService { } } - console.log('sastNumberOfSeveritylow: ' + SASTNumberOfSeverity1); - console.log('sastNumberOfSeverityMedium: ' + SASTNumberOfSeverity2); - console.log('sastNumberOfSeverityHigh: ' + SASTNumberOfSeverity3); - console.log('sastNumberOfSeverityCritical: ' + SASTNumberOfSeverity4); + console.log('SASTNumberOfSeveritylow: ' + sastNumberOfSeverity1); + console.log('SASTNumberOfSeverityMedium: ' + sastNumberOfSeverity2); + console.log('SASTNumberOfSeverityHigh: ' + sastNumberOfSeverity3); + console.log('SASTNumberOfSeverityCritical: ' + sastNumberOfSeverity4); - core.exportVariable('SASTnumberOfSeverity1', SASTNumberOfSeverity1); - core.exportVariable('SASTnumberOfSeverity2', SASTNumberOfSeverity2); - core.exportVariable('SASTnumberOfSeverity3', SASTNumberOfSeverity3); - core.exportVariable('SASTnumberOfSeverity4', SASTNumberOfSeverity4); + core.exportVariable('SASTnumberOfSeverity1', sastNumberOfSeverity1); + core.exportVariable('SASTnumberOfSeverity2', sastNumberOfSeverity2); + core.exportVariable('SASTnumberOfSeverity3', sastNumberOfSeverity3); + core.exportVariable('SASTnumberOfSeverity4', sastNumberOfSeverity4); } catch (error) { core.warning('Could not set CodeQL severities'); core.exportVariable('SASTnumberOfSeverity1', 0); diff --git a/src/sasttools/SastService.ts b/src/sasttools/SastService.ts index a72f447c..f1388adc 100644 --- a/src/sasttools/SastService.ts +++ b/src/sasttools/SastService.ts @@ -4,7 +4,7 @@ import { CodeQLService } from './CodeQLService'; export class SastService { public static async getStateOfSastTool(sastTool: { nameOfTool: string }): Promise { console.log('\n Running SAST control'); - let sast = sastTool.nameOfTool; + let sast: string = sastTool.nameOfTool; if (process.env.sastTool) { sast = process.env.sastTool; } From 668d0e470b4be904a68730cb115e3cb367956161 Mon Sep 17 00:00:00 2001 From: hampus-andersson-op Date: Fri, 22 Mar 2024 11:39:19 +0100 Subject: [PATCH 13/14] Format file --- src/sasttools/CodeQLService.ts | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/sasttools/CodeQLService.ts b/src/sasttools/CodeQLService.ts index f9b3be95..c2cc4e5e 100644 --- a/src/sasttools/CodeQLService.ts +++ b/src/sasttools/CodeQLService.ts @@ -15,13 +15,16 @@ export class CodeQLService { }); // https://www.npmjs.com/package/octokit#pagination - const iterator: AsyncIterableIterator> = octokit.paginate.iterator(octokit.codeScanning.listAlertsForRepo, { - owner: owner, - repo: repo, - per_page: 100, - state: 'open', - tool_name: 'CodeQL', - }); + const iterator: AsyncIterableIterator> = octokit.paginate.iterator( + octokit.codeScanning.listAlertsForRepo, + { + owner: owner, + repo: repo, + per_page: 100, + state: 'open', + tool_name: 'CodeQL', + } + ); let sastNumberOfSeverity1: number = 0; let sastNumberOfSeverity2: number = 0; From 9d12e77643df1d9ff388ea8f5d3f2ed09b4a82ed Mon Sep 17 00:00:00 2001 From: hampus-andersson-op Date: Fri, 22 Mar 2024 15:29:52 +0100 Subject: [PATCH 14/14] Add types for CodeQL and Dependabot responses --- src/sasttools/CodeQLService.ts | 14 ++++++++------ src/scatools/DependabotService.ts | 14 ++++++++------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/sasttools/CodeQLService.ts b/src/sasttools/CodeQLService.ts index c2cc4e5e..46425fea 100644 --- a/src/sasttools/CodeQLService.ts +++ b/src/sasttools/CodeQLService.ts @@ -2,7 +2,7 @@ import * as core from '@actions/core'; import * as github from '@actions/github'; import { Octokit } from '@octokit/rest'; import GITHUB_TOOL_SEVERITY_LEVEL from '../types/GithubToolSeverityLevel'; -import { OctokitResponse } from '@octokit/types'; +import { GetResponseDataTypeFromEndpointMethod, OctokitResponse } from '@octokit/types'; export class CodeQLService { public static async setCodeQLFindings(): Promise { @@ -14,17 +14,19 @@ export class CodeQLService { auth: token, }); + type CodeScanningAlertsForRepoResponseDataType = GetResponseDataTypeFromEndpointMethod< + typeof octokit.codeScanning.listAlertsForRepo + >; + // https://www.npmjs.com/package/octokit#pagination - const iterator: AsyncIterableIterator> = octokit.paginate.iterator( - octokit.codeScanning.listAlertsForRepo, - { + const iterator: AsyncIterableIterator> = + octokit.paginate.iterator(octokit.codeScanning.listAlertsForRepo, { owner: owner, repo: repo, per_page: 100, state: 'open', tool_name: 'CodeQL', - } - ); + }); let sastNumberOfSeverity1: number = 0; let sastNumberOfSeverity2: number = 0; diff --git a/src/scatools/DependabotService.ts b/src/scatools/DependabotService.ts index a2cbc27f..97ae8f37 100644 --- a/src/scatools/DependabotService.ts +++ b/src/scatools/DependabotService.ts @@ -2,7 +2,7 @@ import * as core from '@actions/core'; import * as github from '@actions/github'; import { Octokit } from '@octokit/rest'; import GITHUB_TOOL_SEVERITY_LEVEL from '../types/GithubToolSeverityLevel'; -import { OctokitResponse } from '@octokit/types'; +import { GetResponseDataTypeFromEndpointMethod, OctokitResponse } from '@octokit/types'; export class DependabotService { public static async setDependabotFindings(): Promise { @@ -14,16 +14,18 @@ export class DependabotService { auth: token, }); + type DependabotAlertsForRepoResponseDataType = GetResponseDataTypeFromEndpointMethod< + typeof octokit.dependabot.listAlertsForRepo + >; + // https://www.npmjs.com/package/octokit#pagination - const iterator: AsyncIterableIterator> = octokit.paginate.iterator( - octokit.dependabot.listAlertsForRepo, - { + const iterator: AsyncIterableIterator> = + octokit.paginate.iterator(octokit.dependabot.listAlertsForRepo, { owner: owner, repo: repo, per_page: 100, state: 'open', - } - ); + }); let scaNumberOfSeverity1: number = 0; let scaNumberOfSeverity2: number = 0;