Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SonaType small report for ci cd
var http = require('http');
var fs = require('fs');
const { exit } = require('process');
const filename = "./bom.json"
function getReadableFileSizeString(fileSizeInBytes) {
var i = -1;
var byteUnits = [' kB', ' MB', ' GB', ' TB', 'PB', 'EB', 'ZB', 'YB'];
do {
fileSizeInBytes = fileSizeInBytes / 1024;
i++;
} while (fileSizeInBytes > 1024);
return Math.max(fileSizeInBytes, 0.1).toFixed(1) + byteUnits[i];
};
function processFile() {
console.log("* Download bom finished");
var stats = fs.statSync(filename)
var fileSizeInBytes = stats["size"]
console.log("* Download Filesize: " + getReadableFileSizeString(fileSizeInBytes))
const data = JSON.parse(fs.readFileSync(filename,{encoding:"utf8"}))
const max_diff = 60 * 2 ;
const diff_sec = ((new Date()).getTime() - data.timestamp) / 1000;
console.log("* Timestamp (ms): " + data.timestamp)
console.log("* Max diff allowd 2m (" + max_diff + " s), actual: " + diff_sec)
reportBOM(data);
}
function reportSecurity(data, minRisk, maxRisk) {
const results = data.raw.components.filter((e)=>{
if (!e.componentIdentifier)
return false
const sAlerts = e.securityData.securityIssues.map(
se=>se.severity
) || [0]
const maxFound = sAlerts.reduce((max, val) => max > val ? max : val, sAlerts[0])
/*
if (e.displayName == "IronPython.StdLib 2.7.8-beta1") {
console.log(sAlerts);
console.log(maxFound);
} */
return maxFound >= minRisk && maxFound < maxRisk;
}) || [];
if (results.length > 0) {
console.log("* Found " + results.length + " with risk in " + JSON.stringify([minRisk,maxRisk]))
results.forEach((e,i)=>{
console.log(
"\t[" + i + "] " + e.displayName +
"\n\t\t - " + e.securityData.securityIssues
.sort((a,b)=>a.severity<b.severity?1:-1)
.map(e=>e.reference + ", " + e.severity)
.join("\n\t\t - ")
)
})
} else {
console.log("* No security problems risk in " + JSON.stringify([minRisk,maxRisk]))
}
return results.length;
}
function reportBOM(data) {
console.log("\n")
console.log("Report High:\n==============")
const highRisk = reportSecurity(data,8,11);
console.log("Report WARN:\n==============")
const medRisk = reportSecurity(data,7,8);
console.log("Report LOW:\n==============")
const lowRisk = reportSecurity(data,1,7);
if (highRisk > 0) {
console.log("Found high risk, exiting error")
exit(1)
}
}
processFile();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment