From 163dcfc6159d12626e35cbe7ae4789a6e428f96c Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 12:28:19 -0400 Subject: [PATCH 01/20] update to module --- package.json | 1 + src/asoc.js | 4 ++-- src/client.js | 4 ++-- src/main.js | 4 ++-- src/saclientutil.js | 16 ++++++++-------- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/package.json b/package.json index f7b11f0..55c514b 100644 --- a/package.json +++ b/package.json @@ -3,6 +3,7 @@ "version": "1.0.0", "description": "Runs HCL AppScan Static Analyzer.", "main": "main.js", + "type": "module", "scripts": {}, "keywords": [], "author": "", diff --git a/src/asoc.js b/src/asoc.js index 18bfd49..1234fe4 100644 --- a/src/asoc.js +++ b/src/asoc.js @@ -1,5 +1,5 @@ /* -Copyright 2022 HCL America, Inc. +Copyright 2022, 2023 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -const got = require('got'); +import * as got from 'got'; const constants = require('./constants'); const resultProcessor = require('./resultProcessor'); const settings = require('./settings'); diff --git a/src/client.js b/src/client.js index a8848c5..b5e025f 100644 --- a/src/client.js +++ b/src/client.js @@ -14,8 +14,8 @@ See the License for the specific language governing permissions and limitations under the License. */ -const eol = require('eol'); -const shell = require('shelljs'); +import * as eol from 'eol'; +import * as shell from 'shelljs'; const constants = require('./constants'); const saclientutil = require('./saclientutil'); const utils = require('./utils'); diff --git a/src/main.js b/src/main.js index 2fdd23e..c9ebe9e 100644 --- a/src/main.js +++ b/src/main.js @@ -1,5 +1,5 @@ /* -Copyright 2022 HCL America, Inc. +Copyright 2022, 2023 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -const core = require('@actions/core'); +import * as core from '@actions/core'; const constants = require('./constants'); const client = require('./client'); const saclientutil = require('./saclientutil'); diff --git a/src/saclientutil.js b/src/saclientutil.js index abc2515..e69bc0f 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -1,5 +1,5 @@ /* -Copyright 2022 HCL America, Inc. +Copyright 2022, 2023 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,13 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */ -const fs = require('fs'); -const HttpsProxyAgent = require('https-proxy-agent'); -const url = require('url'); -const path = require('path'); -const extract = require('extract-zip'); -const https = require('https'); -const os = require('os'); +import * as fs from 'fs'; +import * as HttpsProxyAgent from 'https-proxy-agent'; +import * as url from 'url'; +import * as path from 'path'; +import * as extract from 'extract-zip'; +import * as https from 'https'; +import * as os from 'os'; const settings = require('./settings'); const utils = require('./utils'); const constants = require('./constants'); From 2fec1563cca861753a9e61fe3117ea94e119ffca Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:05:50 -0400 Subject: [PATCH 02/20] replace require with import --- src/asoc.js | 8 ++--- src/client.js | 6 ++-- src/constants.js | 71 ++++++++++++++++++++++++++++-------------- src/main.js | 10 +++--- src/resultProcessor.js | 4 +-- src/saclientutil.js | 6 ++-- src/settings.js | 4 +-- src/utils.js | 4 +-- 8 files changed, 68 insertions(+), 45 deletions(-) diff --git a/src/asoc.js b/src/asoc.js index 1234fe4..00c19cc 100644 --- a/src/asoc.js +++ b/src/asoc.js @@ -15,10 +15,10 @@ limitations under the License. */ import * as got from 'got'; -const constants = require('./constants'); -const resultProcessor = require('./resultProcessor'); -const settings = require('./settings'); -const utils = require('./utils'); +import * as constants from './constants'; +import * as resultProcessor from './resultProcessor'; +import * as settings from './settings'; +import * as utils from './utils'; let token = null diff --git a/src/client.js b/src/client.js index b5e025f..5722e01 100644 --- a/src/client.js +++ b/src/client.js @@ -16,9 +16,9 @@ limitations under the License. import * as eol from 'eol'; import * as shell from 'shelljs'; -const constants = require('./constants'); -const saclientutil = require('./saclientutil'); -const utils = require('./utils'); +import * as constants from './constants'; +import * as saclientutil from './saclientutil'; +import * as utils from './utils'; let start = null; const timeout_minutes = process.env.INPUT_ANALYSIS_TIMEOUT_MINUTES ? process.env.INPUT_ANALYSIS_TIMEOUT_MINUTES : 30; diff --git a/src/constants.js b/src/constants.js index 3ea7d40..925a198 100644 --- a/src/constants.js +++ b/src/constants.js @@ -1,5 +1,5 @@ /* -Copyright 2022 HCL America, Inc. +Copyright 2022, 2023 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -15,54 +15,77 @@ limitations under the License. */ const CURRENT_VERSION = '1.0.3'; -exports.CURRENT_VERSION = CURRENT_VERSION; +const _CURRENT_VERSION = CURRENT_VERSION; +export { _CURRENT_VERSION as CURRENT_VERSION }; //Service url and endpoints: const SERVICE_URL = 'https://cloud.appscan.com'; -exports.SERVICE_URL = SERVICE_URL; +const _SERVICE_URL = SERVICE_URL; +export { _SERVICE_URL as SERVICE_URL }; const SACLIENT_PATH = '/api/SCX/StaticAnalyzer/SAClientUtil?os='; -exports.SACLIENT_PATH = SACLIENT_PATH; +const _SACLIENT_PATH = SACLIENT_PATH; +export { _SACLIENT_PATH as SACLIENT_PATH }; const API_LOGIN = '/api/V2/Account/ApiKeyLogin'; -exports.API_LOGIN = API_LOGIN; +const _API_LOGIN = API_LOGIN; +export { _API_LOGIN as API_LOGIN }; const API_SCAN_COUNT_BY_SEVERITY = '/api/v2/Issues/CountBySeverity/scan/'; -exports.API_SCAN_COUNT_BY_SEVERITY = API_SCAN_COUNT_BY_SEVERITY; +const _API_SCAN_COUNT_BY_SEVERITY = API_SCAN_COUNT_BY_SEVERITY; +export { _API_SCAN_COUNT_BY_SEVERITY as API_SCAN_COUNT_BY_SEVERITY }; const CLIENT_TYPE = 'github-sast'; -exports.CLIENT_TYPE = CLIENT_TYPE; +const _CLIENT_TYPE = CLIENT_TYPE; +export { _CLIENT_TYPE as CLIENT_TYPE }; //User messages: const DOWNLOADING_CLIENT = 'Downloading the SAClientUtil...'; -exports.DOWNLOADING_CLIENT = DOWNLOADING_CLIENT; +const _DOWNLOADING_CLIENT = DOWNLOADING_CLIENT; +export { _DOWNLOADING_CLIENT as DOWNLOADING_CLIENT }; const GENERATING_IRX = 'Generating irx file...' -exports.GENERATING_IRX = GENERATING_IRX; +const _GENERATING_IRX = GENERATING_IRX; +export { _GENERATING_IRX as GENERATING_IRX }; const AUTHENTICATE_ASOC = 'Authenticating with the ASoC service...'; -exports.AUTHENTICATE_ASOC = AUTHENTICATE_ASOC; +const _AUTHENTICATE_ASOC = AUTHENTICATE_ASOC; +export { _AUTHENTICATE_ASOC as AUTHENTICATE_ASOC }; const SUBMITTING_IRX = 'Submitting the irx for analysis...'; -exports.SUBMITTING_IRX = SUBMITTING_IRX; +const _SUBMITTING_IRX = SUBMITTING_IRX; +export { _SUBMITTING_IRX as SUBMITTING_IRX }; const IRX_SUBMIT_SUCCESS = 'Successfully submitted the irx to the ASoC service.'; -exports.IRX_SUBMIT_SUCCESS = IRX_SUBMIT_SUCCESS; +const _IRX_SUBMIT_SUCCESS = IRX_SUBMIT_SUCCESS; +export { _IRX_SUBMIT_SUCCESS as IRX_SUBMIT_SUCCESS }; const WAIT_FOR_ANALYSIS = 'Waiting for analysis to complete...'; -exports.WAIT_FOR_ANALYSIS = WAIT_FOR_ANALYSIS; +const _WAIT_FOR_ANALYSIS = WAIT_FOR_ANALYSIS; +export { _WAIT_FOR_ANALYSIS as WAIT_FOR_ANALYSIS }; const GETTING_RESULTS = 'Getting results...'; -exports.GETTING_RESULTS = GETTING_RESULTS; +const _GETTING_RESULTS = GETTING_RESULTS; +export { _GETTING_RESULTS as GETTING_RESULTS }; const ANALYSIS_SUCCESS = 'Analysis complete.'; -exports.ANALYSIS_SUCCESS = ANALYSIS_SUCCESS; +const _ANALYSIS_SUCCESS = ANALYSIS_SUCCESS; +export { _ANALYSIS_SUCCESS as ANALYSIS_SUCCESS }; const ANALYSIS_TIMEOUT = 'Timed out waiting for analysis to complete. Review the scan in ASoC to see the results.' -exports.ANALYSIS_TIMEOUT = ANALYSIS_TIMEOUT; +const _ANALYSIS_TIMEOUT = ANALYSIS_TIMEOUT; +export { _ANALYSIS_TIMEOUT as ANALYSIS_TIMEOUT }; const TOTAL_ISSUES = 'Total issues: '; -exports.TOTAL_ISSUES = TOTAL_ISSUES; +const _TOTAL_ISSUES = TOTAL_ISSUES; +export { _TOTAL_ISSUES as TOTAL_ISSUES }; const ISSUES_COLON = ' issues: '; -exports.ISSUES_COLON = ISSUES_COLON; +const _ISSUES_COLON = ISSUES_COLON; +export { _ISSUES_COLON as ISSUES_COLON }; //Error messages: const ERROR_DOWNLOADING_CLIENT = 'An error occurred downloading the SAClientUtil. Status code '; -exports.ERROR_DOWNLOADING_CLIENT = ERROR_DOWNLOADING_CLIENT; +const _ERROR_DOWNLOADING_CLIENT = ERROR_DOWNLOADING_CLIENT; +export { _ERROR_DOWNLOADING_CLIENT as ERROR_DOWNLOADING_CLIENT }; const ERROR_FILE_DOES_NOT_EXIST = 'An error occurred extracting the SAClientUtil. The file does not exist: ' -exports.ERROR_FILE_DOES_NOT_EXIST = ERROR_FILE_DOES_NOT_EXIST; +const _ERROR_FILE_DOES_NOT_EXIST = ERROR_FILE_DOES_NOT_EXIST; +export { _ERROR_FILE_DOES_NOT_EXIST as ERROR_FILE_DOES_NOT_EXIST }; const ERROR_INVALID_APP_ID = 'Invalid application ID.' -exports.ERROR_INVALID_APP_ID = ERROR_INVALID_APP_ID; +const _ERROR_INVALID_APP_ID = ERROR_INVALID_APP_ID; +export { _ERROR_INVALID_APP_ID as ERROR_INVALID_APP_ID }; const ERROR_ANALYSIS_FAILED = 'Analysis failed. Review the scan in ASoC for additional details.' -exports.ERROR_ANALYSIS_FAILED = ERROR_ANALYSIS_FAILED; +const _ERROR_ANALYSIS_FAILED = ERROR_ANALYSIS_FAILED; +export { _ERROR_ANALYSIS_FAILED as ERROR_ANALYSIS_FAILED }; const ERROR_NONCOMPLIANT_ISSUES = 'Failed. Non-compliant issues were found in the scan.'; -exports.ERROR_NONCOMPLIANT_ISSUES = ERROR_NONCOMPLIANT_ISSUES; +const _ERROR_NONCOMPLIANT_ISSUES = ERROR_NONCOMPLIANT_ISSUES; +export { _ERROR_NONCOMPLIANT_ISSUES as ERROR_NONCOMPLIANT_ISSUES }; const ERROR_BAD_SCAN_ID = 'An error occurred submitting the irx for analysis.'; -exports.ERROR_BAD_SCAN_ID = ERROR_BAD_SCAN_ID; +const _ERROR_BAD_SCAN_ID = ERROR_BAD_SCAN_ID; +export { _ERROR_BAD_SCAN_ID as ERROR_BAD_SCAN_ID }; diff --git a/src/main.js b/src/main.js index c9ebe9e..b95953a 100644 --- a/src/main.js +++ b/src/main.js @@ -15,11 +15,11 @@ limitations under the License. */ import * as core from '@actions/core'; -const constants = require('./constants'); -const client = require('./client'); -const saclientutil = require('./saclientutil'); -const asoc = require('./asoc'); -const settings = require('./settings'); +import * as constants from './constants'; +import * as client from './client'; +import * as saclientutil from './saclientutil'; +import * as asoc from './asoc'; +import * as settings from './settings'; core.info(constants.DOWNLOADING_CLIENT); saclientutil.downloadClient() diff --git a/src/resultProcessor.js b/src/resultProcessor.js index 0874f56..97942a3 100644 --- a/src/resultProcessor.js +++ b/src/resultProcessor.js @@ -1,5 +1,5 @@ /* -Copyright 2022 HCL America, Inc. +Copyright 2022, 2023 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -const constants = require('./constants'); +import * as constants from './constants'; const Informational = 0; const Low = 1; diff --git a/src/saclientutil.js b/src/saclientutil.js index e69bc0f..fb48148 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -21,9 +21,9 @@ import * as path from 'path'; import * as extract from 'extract-zip'; import * as https from 'https'; import * as os from 'os'; -const settings = require('./settings'); -const utils = require('./utils'); -const constants = require('./constants'); +import * as settings from './settings'; +import * as utils from './utils'; +import * as constants from './constants'; let parentDir = os.homedir(); let script = utils.getOS() === 'win' ? 'appscan.bat' : 'appscan.sh'; diff --git a/src/settings.js b/src/settings.js index 25ad9bd..e215e01 100644 --- a/src/settings.js +++ b/src/settings.js @@ -1,5 +1,5 @@ /* -Copyright 2022 HCL America, Inc. +Copyright 2022, 2023 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -const constants = require('./constants.js'); +import * as constants from './constants.js'; let serviceUrl = null; diff --git a/src/utils.js b/src/utils.js index 6bec6ef..829a8c5 100644 --- a/src/utils.js +++ b/src/utils.js @@ -1,5 +1,5 @@ /* -Copyright 2022 HCL America, Inc. +Copyright 2022, 2023 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -const constants = require('./constants'); +import * as constants from './constants.js'; let os = null; From b34bb3728e4b2c04461efa1e8cf6fbf969911af1 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:22:53 -0400 Subject: [PATCH 03/20] add file extension to imports --- src/asoc.js | 8 ++++---- src/client.js | 6 +++--- src/main.js | 10 +++++----- src/resultProcessor.js | 2 +- src/saclientutil.js | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/src/asoc.js b/src/asoc.js index 00c19cc..f14f539 100644 --- a/src/asoc.js +++ b/src/asoc.js @@ -15,10 +15,10 @@ limitations under the License. */ import * as got from 'got'; -import * as constants from './constants'; -import * as resultProcessor from './resultProcessor'; -import * as settings from './settings'; -import * as utils from './utils'; +import * as constants from './constants.js'; +import * as resultProcessor from './resultProcessor.js'; +import * as settings from './settings.js'; +import * as utils from './utils.js'; let token = null diff --git a/src/client.js b/src/client.js index 5722e01..e122ffa 100644 --- a/src/client.js +++ b/src/client.js @@ -16,9 +16,9 @@ limitations under the License. import * as eol from 'eol'; import * as shell from 'shelljs'; -import * as constants from './constants'; -import * as saclientutil from './saclientutil'; -import * as utils from './utils'; +import * as constants from './constants.js'; +import * as saclientutil from './saclientutil.js'; +import * as utils from './utils.js'; let start = null; const timeout_minutes = process.env.INPUT_ANALYSIS_TIMEOUT_MINUTES ? process.env.INPUT_ANALYSIS_TIMEOUT_MINUTES : 30; diff --git a/src/main.js b/src/main.js index b95953a..11fb87d 100644 --- a/src/main.js +++ b/src/main.js @@ -15,11 +15,11 @@ limitations under the License. */ import * as core from '@actions/core'; -import * as constants from './constants'; -import * as client from './client'; -import * as saclientutil from './saclientutil'; -import * as asoc from './asoc'; -import * as settings from './settings'; +import * as constants from './constants.js'; +import * as client from './client.js'; +import * as saclientutil from './saclientutil.js'; +import * as asoc from './asoc.js'; +import * as settings from './settings.js'; core.info(constants.DOWNLOADING_CLIENT); saclientutil.downloadClient() diff --git a/src/resultProcessor.js b/src/resultProcessor.js index 97942a3..ac4e427 100644 --- a/src/resultProcessor.js +++ b/src/resultProcessor.js @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -import * as constants from './constants'; +import * as constants from './constants.js'; const Informational = 0; const Low = 1; diff --git a/src/saclientutil.js b/src/saclientutil.js index fb48148..b3c6a23 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -21,9 +21,9 @@ import * as path from 'path'; import * as extract from 'extract-zip'; import * as https from 'https'; import * as os from 'os'; -import * as settings from './settings'; -import * as utils from './utils'; -import * as constants from './constants'; +import * as settings from './settings.js'; +import * as utils from './utils.js'; +import * as constants from './constants.js'; let parentDir = os.homedir(); let script = utils.getOS() === 'win' ? 'appscan.bat' : 'appscan.sh'; From 10d1f18f46d364de3df17cdc337bfe123f27ff88 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:26:49 -0400 Subject: [PATCH 04/20] update export lines --- src/asoc.js | 2 +- src/client.js | 2 +- src/resultProcessor.js | 2 +- src/saclientutil.js | 2 +- src/settings.js | 2 +- src/utils.js | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/asoc.js b/src/asoc.js index f14f539..5379301 100644 --- a/src/asoc.js +++ b/src/asoc.js @@ -85,4 +85,4 @@ function getRequestHeaders() { } } -module.exports = { getScanResults } +export default { getScanResults } diff --git a/src/client.js b/src/client.js index e122ffa..f83f8ad 100644 --- a/src/client.js +++ b/src/client.js @@ -175,4 +175,4 @@ function getScanId(output) { }) } -module.exports = { generateIrx, login, runAnalysis, waitForAnalysis } +export default { generateIrx, login, runAnalysis, waitForAnalysis } diff --git a/src/resultProcessor.js b/src/resultProcessor.js index ac4e427..fc8a777 100644 --- a/src/resultProcessor.js +++ b/src/resultProcessor.js @@ -80,4 +80,4 @@ function getSeverityValue(severity) { return severityValue; } -module.exports = { processResults } +export default { processResults } diff --git a/src/saclientutil.js b/src/saclientutil.js index b3c6a23..babd1ad 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -204,4 +204,4 @@ function getScript() { } } -module.exports = { downloadClient, getScript } +export default { downloadClient, getScript } diff --git a/src/settings.js b/src/settings.js index e215e01..df432d3 100644 --- a/src/settings.js +++ b/src/settings.js @@ -54,4 +54,4 @@ function getScanUrl(scanId) { return `${getServiceUrl()}/main/myapps/${process.env.INPUT_APPLICATION_ID}/scans/${scanId}/scanOverview`; } -module.exports = { getProxyUrl, getProxyPort, getProxyUser, getProxyPwd, getServiceUrl, getScanUrl } +export default { getProxyUrl, getProxyPort, getProxyUser, getProxyPwd, getServiceUrl, getScanUrl } diff --git a/src/utils.js b/src/utils.js index 829a8c5..4341a29 100644 --- a/src/utils.js +++ b/src/utils.js @@ -48,4 +48,4 @@ function getVersion() { return constants.CURRENT_VERSION; } -module.exports = { getOS, sanitizeString, getClientType, getVersion } \ No newline at end of file +export default { getOS, sanitizeString, getClientType, getVersion } \ No newline at end of file From ed595aa3ce872c348e33e1ea7676e58c06546327 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:28:54 -0400 Subject: [PATCH 05/20] update imports --- src/saclientutil.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/saclientutil.js b/src/saclientutil.js index babd1ad..851de80 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -21,9 +21,9 @@ import * as path from 'path'; import * as extract from 'extract-zip'; import * as https from 'https'; import * as os from 'os'; -import * as settings from './settings.js'; -import * as utils from './utils.js'; -import * as constants from './constants.js'; +import settings from './settings.js'; +import utils from './utils.js'; +import constants from './constants.js'; let parentDir = os.homedir(); let script = utils.getOS() === 'win' ? 'appscan.bat' : 'appscan.sh'; From 01ca52eff693a6a6b811a8e2903695c3ca6313ee Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:30:25 -0400 Subject: [PATCH 06/20] update imports --- src/saclientutil.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/saclientutil.js b/src/saclientutil.js index 851de80..a5d7132 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -21,9 +21,9 @@ import * as path from 'path'; import * as extract from 'extract-zip'; import * as https from 'https'; import * as os from 'os'; +import * as constants from './constants.js'; import settings from './settings.js'; import utils from './utils.js'; -import constants from './constants.js'; let parentDir = os.homedir(); let script = utils.getOS() === 'win' ? 'appscan.bat' : 'appscan.sh'; From b87e5b21c605121fcb28c60213258e9862600f31 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:34:57 -0400 Subject: [PATCH 07/20] update import --- src/client.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/client.js b/src/client.js index f83f8ad..f177d01 100644 --- a/src/client.js +++ b/src/client.js @@ -15,7 +15,7 @@ limitations under the License. */ import * as eol from 'eol'; -import * as shell from 'shelljs'; +import shell from 'shelljs'; import * as constants from './constants.js'; import * as saclientutil from './saclientutil.js'; import * as utils from './utils.js'; From 4bba121269602e7ba2d81edbf6ea0a6c01bc3680 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:36:44 -0400 Subject: [PATCH 08/20] update import --- src/client.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/client.js b/src/client.js index f177d01..48fc3b9 100644 --- a/src/client.js +++ b/src/client.js @@ -14,11 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */ -import * as eol from 'eol'; +import eol from 'eol'; import shell from 'shelljs'; -import * as constants from './constants.js'; -import * as saclientutil from './saclientutil.js'; -import * as utils from './utils.js'; +import constants from './constants.js'; +import saclientutil from './saclientutil.js'; +import utils from './utils.js'; let start = null; const timeout_minutes = process.env.INPUT_ANALYSIS_TIMEOUT_MINUTES ? process.env.INPUT_ANALYSIS_TIMEOUT_MINUTES : 30; From 81d15f4280a345479b858dc5ea2ea364d388cace Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:37:41 -0400 Subject: [PATCH 09/20] update import --- src/client.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/client.js b/src/client.js index 48fc3b9..d7664dc 100644 --- a/src/client.js +++ b/src/client.js @@ -16,7 +16,7 @@ limitations under the License. import eol from 'eol'; import shell from 'shelljs'; -import constants from './constants.js'; +import * as constants from './constants.js'; import saclientutil from './saclientutil.js'; import utils from './utils.js'; From f5f2f595ce33ee490fcc713b380c974ccc5e30dc Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:43:13 -0400 Subject: [PATCH 10/20] update import --- src/asoc.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/asoc.js b/src/asoc.js index 5379301..910f0ba 100644 --- a/src/asoc.js +++ b/src/asoc.js @@ -14,11 +14,11 @@ See the License for the specific language governing permissions and limitations under the License. */ -import * as got from 'got'; +import got from 'got'; import * as constants from './constants.js'; -import * as resultProcessor from './resultProcessor.js'; -import * as settings from './settings.js'; -import * as utils from './utils.js'; +import resultProcessor from './resultProcessor.js'; +import settings from './settings.js'; +import utils from './utils.js'; let token = null From 3f200e8e1fabae03adc30534ce31d5874284c0cd Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:44:48 -0400 Subject: [PATCH 11/20] update import --- src/main.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main.js b/src/main.js index 11fb87d..bc0ea81 100644 --- a/src/main.js +++ b/src/main.js @@ -14,12 +14,12 @@ See the License for the specific language governing permissions and limitations under the License. */ -import * as core from '@actions/core'; +import core from '@actions/core'; import * as constants from './constants.js'; -import * as client from './client.js'; -import * as saclientutil from './saclientutil.js'; -import * as asoc from './asoc.js'; -import * as settings from './settings.js'; +import client from './client.js'; +import saclientutil from './saclientutil.js'; +import asoc from './asoc.js'; +import settings from './settings.js'; core.info(constants.DOWNLOADING_CLIENT); saclientutil.downloadClient() From 0a14ef7968a4357d2dcbb75e39b6388a1315988b Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:48:07 -0400 Subject: [PATCH 12/20] fix variable declaration --- src/settings.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/settings.js b/src/settings.js index df432d3..04e83e9 100644 --- a/src/settings.js +++ b/src/settings.js @@ -41,7 +41,7 @@ function getServiceUrl() { } else { serviceUrl = constants.SERVICE_URL; - asoc_key = process.env.INPUT_ASOC_KEY; + let asoc_key = process.env.INPUT_ASOC_KEY; if(asoc_key && asoc_key.startsWith('eu-central')) { serviceUrl += '/eu'; } From 147c5463104f6994f910e91904a9060c6a0f84f5 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 13:51:05 -0400 Subject: [PATCH 13/20] update import --- src/saclientutil.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/saclientutil.js b/src/saclientutil.js index a5d7132..f02efd1 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -18,7 +18,7 @@ import * as fs from 'fs'; import * as HttpsProxyAgent from 'https-proxy-agent'; import * as url from 'url'; import * as path from 'path'; -import * as extract from 'extract-zip'; +import extract from 'extract-zip'; import * as https from 'https'; import * as os from 'os'; import * as constants from './constants.js'; From db97d631e32f7f9e94cbe30fab55c2ddb773c681 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 14:01:02 -0400 Subject: [PATCH 14/20] update imports --- src/client.js | 2 +- src/saclientutil.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/client.js b/src/client.js index d7664dc..3906081 100644 --- a/src/client.js +++ b/src/client.js @@ -15,7 +15,7 @@ limitations under the License. */ import eol from 'eol'; -import shell from 'shelljs'; +import * as shell from 'shelljs'; import * as constants from './constants.js'; import saclientutil from './saclientutil.js'; import utils from './utils.js'; diff --git a/src/saclientutil.js b/src/saclientutil.js index f02efd1..834c4c0 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -15,7 +15,7 @@ limitations under the License. */ import * as fs from 'fs'; -import * as HttpsProxyAgent from 'https-proxy-agent'; +import HttpsProxyAgent from 'https-proxy-agent'; import * as url from 'url'; import * as path from 'path'; import extract from 'extract-zip'; From 23be52eb055cc02ad8085fb0a7bf9efdb02a445a Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 14:02:42 -0400 Subject: [PATCH 15/20] update import --- src/client.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/client.js b/src/client.js index 3906081..d7664dc 100644 --- a/src/client.js +++ b/src/client.js @@ -15,7 +15,7 @@ limitations under the License. */ import eol from 'eol'; -import * as shell from 'shelljs'; +import shell from 'shelljs'; import * as constants from './constants.js'; import saclientutil from './saclientutil.js'; import utils from './utils.js'; From 26eb38f536ca207fe023fea024f7cbe20d6c7e07 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 16:31:30 -0400 Subject: [PATCH 16/20] updates --- src/client.js | 21 +++++++++++++-------- src/saclientutil.js | 35 +++++++++++++++++++++++------------ 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/src/client.js b/src/client.js index d7664dc..5e25183 100644 --- a/src/client.js +++ b/src/client.js @@ -133,14 +133,19 @@ function executeCommand(args) { args += " -acceptssl"; } - let script = saclientutil.getScript(); - let result = shell.exec(`${script} ${args}`); - if(result.code === 0) { - resolve(result.stdout); - } - else { - reject(result.stderr); - } + saclientutil.getScript() + .then((script) => { + let result = shell.exec(`${script} ${args}`); + if(result.code === 0) { + resolve(result.stdout); + } + else { + reject(result.stderr); + } + }) + .catch((error) => { + reject(error); + }) }); } diff --git a/src/saclientutil.js b/src/saclientutil.js index 834c4c0..26b1831 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -25,8 +25,14 @@ import * as constants from './constants.js'; import settings from './settings.js'; import utils from './utils.js'; -let parentDir = os.homedir(); -let script = utils.getOS() === 'win' ? 'appscan.bat' : 'appscan.sh'; +let parentDir = path.join(os.homedir(), '.appscan'); +if(!fs.existsSync(parentDir)) { + fs.mkdirSync(parentDir); +} + +let scriptName = utils.getOS() === 'win' ? 'appscan.bat' : 'appscan.sh'; +let clientDir = getClientDir(); +let script = clientDir ? path.join(clientDir, 'bin', scriptName) : undefined; function downloadClient() { return new Promise((resolve, reject) => { @@ -45,7 +51,7 @@ function downloadClient() { zip.on('close', () => { extractClient(zipFile) .then(() => { - script = path.join(getClientDir(), 'bin', script); + script = path.join(getClientDir(), 'bin', scriptName); if(fs.existsSync(script)) { resolve(script); } @@ -193,15 +199,20 @@ function compareVersions(oldVersion, newVersion) { } function getScript() { - if(!fs.existsSync(script)) { - downloadClient() - .then(() => { - return script; - }) - } - else { - return script; - } + return new Promise((resolve, reject) => { + if(!fs.existsSync(script)) { + downloadClient() + .then(() => { + resolve(script); + }) + .catch((error) => { + reject(error); + }) + } + else { + resolve(script); + } + }) } export default { downloadClient, getScript } From 73e2499ad68ee8a5c096e41cc9506093a3049d39 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 16:43:23 -0400 Subject: [PATCH 17/20] updates --- src/saclientutil.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/saclientutil.js b/src/saclientutil.js index 26b1831..225d0be 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -93,13 +93,13 @@ function extractClient(zipFile) { return; } - extract(zipFile, {dir: path.dirname(zipFile)}, (err) => { - if(err) { - reject(err); - } else { - resolve(); - } - }); + extract(zipFile, {dir: path.dirname(zipFile)}) + .then(() => { + resolve(); + }) + .catch((error) => { + reject(error); + }) }); } From 327e1593d865d722426cc030e0c1179fada0b099 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 12 Oct 2023 16:45:59 -0400 Subject: [PATCH 18/20] updates --- src/saclientutil.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/saclientutil.js b/src/saclientutil.js index 225d0be..b3a3c2b 100644 --- a/src/saclientutil.js +++ b/src/saclientutil.js @@ -83,6 +83,9 @@ function downloadClient() { reject(e); }); }) + .catch((error) => { + reject(error); + }) }); } From 41fa3d9e2083c9cf00c4ce9da17d39958e1303cf Mon Sep 17 00:00:00 2001 From: mattmurp Date: Wed, 25 Oct 2023 14:19:16 -0400 Subject: [PATCH 19/20] Make acceptssl option a boolean --- action.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/action.yaml b/action.yaml index e315f6d..6c7b63b 100644 --- a/action.yaml +++ b/action.yaml @@ -14,8 +14,10 @@ inputs: description: 'The url of the AppScan service.' required: false acceptssl: - description: 'Allow connections with invalid/untrusted certificate.' + description: 'Allow connections to a service with an untrusted certificate. Recommended for testing purposes only.' required: false + type: boolean + default: false application_id: description: 'The application id where your scan will appear.' required: true From b20baa15c73dd044b4771592397e0a1f7b767413 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 26 Oct 2023 12:29:17 -0400 Subject: [PATCH 20/20] clean up constants --- src/constants.js | 66 ++++++++++++++++-------------------------------- 1 file changed, 22 insertions(+), 44 deletions(-) diff --git a/src/constants.js b/src/constants.js index 925a198..e5dd96e 100644 --- a/src/constants.js +++ b/src/constants.js @@ -19,73 +19,51 @@ const _CURRENT_VERSION = CURRENT_VERSION; export { _CURRENT_VERSION as CURRENT_VERSION }; //Service url and endpoints: -const SERVICE_URL = 'https://cloud.appscan.com'; -const _SERVICE_URL = SERVICE_URL; +const _SERVICE_URL = 'https://cloud.appscan.com'; export { _SERVICE_URL as SERVICE_URL }; -const SACLIENT_PATH = '/api/SCX/StaticAnalyzer/SAClientUtil?os='; -const _SACLIENT_PATH = SACLIENT_PATH; +const _SACLIENT_PATH = '/api/SCX/StaticAnalyzer/SAClientUtil?os='; export { _SACLIENT_PATH as SACLIENT_PATH }; -const API_LOGIN = '/api/V2/Account/ApiKeyLogin'; -const _API_LOGIN = API_LOGIN; +const _API_LOGIN = '/api/V2/Account/ApiKeyLogin'; export { _API_LOGIN as API_LOGIN }; -const API_SCAN_COUNT_BY_SEVERITY = '/api/v2/Issues/CountBySeverity/scan/'; -const _API_SCAN_COUNT_BY_SEVERITY = API_SCAN_COUNT_BY_SEVERITY; +const _API_SCAN_COUNT_BY_SEVERITY = '/api/v2/Issues/CountBySeverity/scan/'; export { _API_SCAN_COUNT_BY_SEVERITY as API_SCAN_COUNT_BY_SEVERITY }; -const CLIENT_TYPE = 'github-sast'; -const _CLIENT_TYPE = CLIENT_TYPE; +const _CLIENT_TYPE = 'github-sast'; export { _CLIENT_TYPE as CLIENT_TYPE }; //User messages: -const DOWNLOADING_CLIENT = 'Downloading the SAClientUtil...'; -const _DOWNLOADING_CLIENT = DOWNLOADING_CLIENT; +const _DOWNLOADING_CLIENT = 'Downloading the SAClientUtil...'; export { _DOWNLOADING_CLIENT as DOWNLOADING_CLIENT }; -const GENERATING_IRX = 'Generating irx file...' -const _GENERATING_IRX = GENERATING_IRX; +const _GENERATING_IRX = 'Generating irx file...'; export { _GENERATING_IRX as GENERATING_IRX }; -const AUTHENTICATE_ASOC = 'Authenticating with the ASoC service...'; -const _AUTHENTICATE_ASOC = AUTHENTICATE_ASOC; +const _AUTHENTICATE_ASOC = 'Authenticating with the ASoC service...'; export { _AUTHENTICATE_ASOC as AUTHENTICATE_ASOC }; -const SUBMITTING_IRX = 'Submitting the irx for analysis...'; -const _SUBMITTING_IRX = SUBMITTING_IRX; +const _SUBMITTING_IRX = 'Submitting the irx for analysis...'; export { _SUBMITTING_IRX as SUBMITTING_IRX }; -const IRX_SUBMIT_SUCCESS = 'Successfully submitted the irx to the ASoC service.'; -const _IRX_SUBMIT_SUCCESS = IRX_SUBMIT_SUCCESS; +const _IRX_SUBMIT_SUCCESS = 'Successfully submitted the irx to the ASoC service.'; export { _IRX_SUBMIT_SUCCESS as IRX_SUBMIT_SUCCESS }; -const WAIT_FOR_ANALYSIS = 'Waiting for analysis to complete...'; -const _WAIT_FOR_ANALYSIS = WAIT_FOR_ANALYSIS; +const _WAIT_FOR_ANALYSIS = 'Waiting for analysis to complete...'; export { _WAIT_FOR_ANALYSIS as WAIT_FOR_ANALYSIS }; -const GETTING_RESULTS = 'Getting results...'; -const _GETTING_RESULTS = GETTING_RESULTS; +const _GETTING_RESULTS = 'Getting results...'; export { _GETTING_RESULTS as GETTING_RESULTS }; -const ANALYSIS_SUCCESS = 'Analysis complete.'; -const _ANALYSIS_SUCCESS = ANALYSIS_SUCCESS; +const _ANALYSIS_SUCCESS = 'Analysis complete.'; export { _ANALYSIS_SUCCESS as ANALYSIS_SUCCESS }; -const ANALYSIS_TIMEOUT = 'Timed out waiting for analysis to complete. Review the scan in ASoC to see the results.' -const _ANALYSIS_TIMEOUT = ANALYSIS_TIMEOUT; +const _ANALYSIS_TIMEOUT = 'Timed out waiting for analysis to complete. Review the scan in ASoC to see the results.' export { _ANALYSIS_TIMEOUT as ANALYSIS_TIMEOUT }; -const TOTAL_ISSUES = 'Total issues: '; -const _TOTAL_ISSUES = TOTAL_ISSUES; +const _TOTAL_ISSUES = 'Total issues: '; export { _TOTAL_ISSUES as TOTAL_ISSUES }; -const ISSUES_COLON = ' issues: '; -const _ISSUES_COLON = ISSUES_COLON; +const _ISSUES_COLON = ' issues: '; export { _ISSUES_COLON as ISSUES_COLON }; //Error messages: -const ERROR_DOWNLOADING_CLIENT = 'An error occurred downloading the SAClientUtil. Status code '; -const _ERROR_DOWNLOADING_CLIENT = ERROR_DOWNLOADING_CLIENT; +const _ERROR_DOWNLOADING_CLIENT = 'An error occurred downloading the SAClientUtil. Status code '; export { _ERROR_DOWNLOADING_CLIENT as ERROR_DOWNLOADING_CLIENT }; -const ERROR_FILE_DOES_NOT_EXIST = 'An error occurred extracting the SAClientUtil. The file does not exist: ' -const _ERROR_FILE_DOES_NOT_EXIST = ERROR_FILE_DOES_NOT_EXIST; +const _ERROR_FILE_DOES_NOT_EXIST = 'An error occurred extracting the SAClientUtil. The file does not exist: ' export { _ERROR_FILE_DOES_NOT_EXIST as ERROR_FILE_DOES_NOT_EXIST }; -const ERROR_INVALID_APP_ID = 'Invalid application ID.' -const _ERROR_INVALID_APP_ID = ERROR_INVALID_APP_ID; +const _ERROR_INVALID_APP_ID = 'Invalid application ID.' export { _ERROR_INVALID_APP_ID as ERROR_INVALID_APP_ID }; -const ERROR_ANALYSIS_FAILED = 'Analysis failed. Review the scan in ASoC for additional details.' -const _ERROR_ANALYSIS_FAILED = ERROR_ANALYSIS_FAILED; +const _ERROR_ANALYSIS_FAILED = 'Analysis failed. Review the scan in ASoC for additional details.' export { _ERROR_ANALYSIS_FAILED as ERROR_ANALYSIS_FAILED }; -const ERROR_NONCOMPLIANT_ISSUES = 'Failed. Non-compliant issues were found in the scan.'; -const _ERROR_NONCOMPLIANT_ISSUES = ERROR_NONCOMPLIANT_ISSUES; +const _ERROR_NONCOMPLIANT_ISSUES = 'Failed. Non-compliant issues were found in the scan.'; export { _ERROR_NONCOMPLIANT_ISSUES as ERROR_NONCOMPLIANT_ISSUES }; -const ERROR_BAD_SCAN_ID = 'An error occurred submitting the irx for analysis.'; -const _ERROR_BAD_SCAN_ID = ERROR_BAD_SCAN_ID; +const _ERROR_BAD_SCAN_ID = 'An error occurred submitting the irx for analysis.'; export { _ERROR_BAD_SCAN_ID as ERROR_BAD_SCAN_ID };