Created
October 7, 2020 01:25
-
-
Save yonixw/f26cb15ab378777db359cbd2d49277fd to your computer and use it in GitHub Desktop.
SonaType small report for ci cd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var http = require('http'); | |
var fs = require('fs'); | |
const { exit } = require('process'); | |
const filename = "./bom.json" | |
function getReadableFileSizeString(fileSizeInBytes) { | |
var i = -1; | |
var byteUnits = [' kB', ' MB', ' GB', ' TB', 'PB', 'EB', 'ZB', 'YB']; | |
do { | |
fileSizeInBytes = fileSizeInBytes / 1024; | |
i++; | |
} while (fileSizeInBytes > 1024); | |
return Math.max(fileSizeInBytes, 0.1).toFixed(1) + byteUnits[i]; | |
}; | |
function processFile() { | |
console.log("* Download bom finished"); | |
var stats = fs.statSync(filename) | |
var fileSizeInBytes = stats["size"] | |
console.log("* Download Filesize: " + getReadableFileSizeString(fileSizeInBytes)) | |
const data = JSON.parse(fs.readFileSync(filename,{encoding:"utf8"})) | |
const max_diff = 60 * 2 ; | |
const diff_sec = ((new Date()).getTime() - data.timestamp) / 1000; | |
console.log("* Timestamp (ms): " + data.timestamp) | |
console.log("* Max diff allowd 2m (" + max_diff + " s), actual: " + diff_sec) | |
reportBOM(data); | |
} | |
function reportSecurity(data, minRisk, maxRisk) { | |
const results = data.raw.components.filter((e)=>{ | |
if (!e.componentIdentifier) | |
return false | |
const sAlerts = e.securityData.securityIssues.map( | |
se=>se.severity | |
) || [0] | |
const maxFound = sAlerts.reduce((max, val) => max > val ? max : val, sAlerts[0]) | |
/* | |
if (e.displayName == "IronPython.StdLib 2.7.8-beta1") { | |
console.log(sAlerts); | |
console.log(maxFound); | |
} */ | |
return maxFound >= minRisk && maxFound < maxRisk; | |
}) || []; | |
if (results.length > 0) { | |
console.log("* Found " + results.length + " with risk in " + JSON.stringify([minRisk,maxRisk])) | |
results.forEach((e,i)=>{ | |
console.log( | |
"\t[" + i + "] " + e.displayName + | |
"\n\t\t - " + e.securityData.securityIssues | |
.sort((a,b)=>a.severity<b.severity?1:-1) | |
.map(e=>e.reference + ", " + e.severity) | |
.join("\n\t\t - ") | |
) | |
}) | |
} else { | |
console.log("* No security problems risk in " + JSON.stringify([minRisk,maxRisk])) | |
} | |
return results.length; | |
} | |
function reportBOM(data) { | |
console.log("\n") | |
console.log("Report High:\n==============") | |
const highRisk = reportSecurity(data,8,11); | |
console.log("Report WARN:\n==============") | |
const medRisk = reportSecurity(data,7,8); | |
console.log("Report LOW:\n==============") | |
const lowRisk = reportSecurity(data,1,7); | |
if (highRisk > 0) { | |
console.log("Found high risk, exiting error") | |
exit(1) | |
} | |
} | |
processFile(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment