Update to module

action.yaml

@@ -14,8 +14,10 @@ inputs:
     description: 'The url of the AppScan service.'
     required: false
   acceptssl:
-    description: 'Allow connections with invalid/untrusted certificate.'
+    description: 'Allow connections to a service with an untrusted certificate. Recommended for testing purposes only.'
     required: false
+    type: boolean
+    default: false
   application_id:
     description: 'The application id where your scan will appear.'
     required: true

package.json

@@ -3,6 +3,7 @@
   "version": "1.0.0",
   "description": "Runs HCL AppScan Static Analyzer.",
   "main": "main.js",
+  "type": "module",
   "scripts": {},
   "keywords": [],
   "author": "",

src/asoc.js

@@ -1,5 +1,5 @@
 /*
-Copyright 2022 HCL America, Inc.
+Copyright 2022, 2023 HCL America, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,11 +14,11 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-const got = require('got');
-const constants = require('./constants');
-const resultProcessor = require('./resultProcessor');
-const settings = require('./settings');
-const utils = require('./utils');
+import got from 'got';
+import * as constants from './constants.js';
+import resultProcessor from './resultProcessor.js';
+import settings from './settings.js';
+import utils from './utils.js';
 
 let token = null
 
@@ -85,4 +85,4 @@ function getRequestHeaders() {
     }
 }
 
-module.exports = { getScanResults }
+export default { getScanResults }

src/client.js

@@ -14,11 +14,11 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-const eol = require('eol');
-const shell = require('shelljs');
-const constants = require('./constants');
-const saclientutil = require('./saclientutil');
-const utils = require('./utils');
+import eol from 'eol';
+import shell from 'shelljs';
+import * as constants  from './constants.js';
+import saclientutil from './saclientutil.js';
+import utils from './utils.js';
 
 let start = null;
 const timeout_minutes = process.env.INPUT_ANALYSIS_TIMEOUT_MINUTES ? process.env.INPUT_ANALYSIS_TIMEOUT_MINUTES : 30;
@@ -133,14 +133,19 @@ function executeCommand(args) {
             args += " -acceptssl";
         }
 
-        let script = saclientutil.getScript();
-        let result = shell.exec(`${script} ${args}`);
-        if(result.code === 0) {
-            resolve(result.stdout);
-         }
-         else {
-            reject(result.stderr);
-         }
+        saclientutil.getScript()
+        .then((script) => {
+            let result = shell.exec(`${script} ${args}`);
+            if(result.code === 0) {
+                resolve(result.stdout);
+            }
+            else {
+                reject(result.stderr);
+            }
+        })
+        .catch((error) => {
+            reject(error);
+        })
     });
 }
 
@@ -175,4 +180,4 @@ function getScanId(output) {
     })
 }
 
-module.exports = { generateIrx, login, runAnalysis, waitForAnalysis }
+export default { generateIrx, login, runAnalysis, waitForAnalysis }

src/constants.js

@@ -1,5 +1,5 @@
 /*
-Copyright 2022 HCL America, Inc.
+Copyright 2022, 2023 HCL America, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -15,54 +15,55 @@ limitations under the License.
 */
 
 const CURRENT_VERSION = '1.0.3';
-exports.CURRENT_VERSION = CURRENT_VERSION;
+const _CURRENT_VERSION = CURRENT_VERSION;
+export { _CURRENT_VERSION as CURRENT_VERSION };
 
 //Service url and endpoints:
-const SERVICE_URL = 'https://cloud.appscan.com';
-exports.SERVICE_URL = SERVICE_URL;
-const SACLIENT_PATH = '/api/SCX/StaticAnalyzer/SAClientUtil?os=';
-exports.SACLIENT_PATH = SACLIENT_PATH;
-const API_LOGIN = '/api/V2/Account/ApiKeyLogin';
-exports.API_LOGIN = API_LOGIN;
-const API_SCAN_COUNT_BY_SEVERITY = '/api/v2/Issues/CountBySeverity/scan/';
-exports.API_SCAN_COUNT_BY_SEVERITY = API_SCAN_COUNT_BY_SEVERITY;
-const CLIENT_TYPE = 'github-sast';
-exports.CLIENT_TYPE = CLIENT_TYPE;
+const _SERVICE_URL = 'https://cloud.appscan.com';
+export { _SERVICE_URL as SERVICE_URL };
+const _SACLIENT_PATH = '/api/SCX/StaticAnalyzer/SAClientUtil?os=';
+export { _SACLIENT_PATH as SACLIENT_PATH };
+const _API_LOGIN = '/api/V2/Account/ApiKeyLogin';
+export { _API_LOGIN as API_LOGIN };
+const _API_SCAN_COUNT_BY_SEVERITY = '/api/v2/Issues/CountBySeverity/scan/';
+export { _API_SCAN_COUNT_BY_SEVERITY as API_SCAN_COUNT_BY_SEVERITY };
+const _CLIENT_TYPE = 'github-sast';
+export { _CLIENT_TYPE as CLIENT_TYPE };
 
 //User messages:
-const DOWNLOADING_CLIENT = 'Downloading the SAClientUtil...';
-exports.DOWNLOADING_CLIENT = DOWNLOADING_CLIENT;
-const GENERATING_IRX = 'Generating irx file...'
-exports.GENERATING_IRX = GENERATING_IRX;
-const AUTHENTICATE_ASOC = 'Authenticating with the ASoC service...';
-exports.AUTHENTICATE_ASOC = AUTHENTICATE_ASOC;
-const SUBMITTING_IRX = 'Submitting the irx for analysis...';
-exports.SUBMITTING_IRX = SUBMITTING_IRX;
-const IRX_SUBMIT_SUCCESS = 'Successfully submitted the irx to the ASoC service.';
-exports.IRX_SUBMIT_SUCCESS = IRX_SUBMIT_SUCCESS;
-const WAIT_FOR_ANALYSIS = 'Waiting for analysis to complete...';
-exports.WAIT_FOR_ANALYSIS = WAIT_FOR_ANALYSIS;
-const GETTING_RESULTS = 'Getting results...';
-exports.GETTING_RESULTS = GETTING_RESULTS;
-const ANALYSIS_SUCCESS = 'Analysis complete.';
-exports.ANALYSIS_SUCCESS = ANALYSIS_SUCCESS;
-const ANALYSIS_TIMEOUT = 'Timed out waiting for analysis to complete. Review the scan in ASoC to see the results.'
-exports.ANALYSIS_TIMEOUT = ANALYSIS_TIMEOUT;
-const TOTAL_ISSUES = 'Total issues: ';
-exports.TOTAL_ISSUES = TOTAL_ISSUES;
-const ISSUES_COLON = ' issues: ';
-exports.ISSUES_COLON = ISSUES_COLON;
+const _DOWNLOADING_CLIENT = 'Downloading the SAClientUtil...';
+export { _DOWNLOADING_CLIENT as DOWNLOADING_CLIENT };
+const _GENERATING_IRX = 'Generating irx file...';
+export { _GENERATING_IRX as GENERATING_IRX };
+const _AUTHENTICATE_ASOC = 'Authenticating with the ASoC service...';
+export { _AUTHENTICATE_ASOC as AUTHENTICATE_ASOC };
+const _SUBMITTING_IRX = 'Submitting the irx for analysis...';
+export { _SUBMITTING_IRX as SUBMITTING_IRX };
+const _IRX_SUBMIT_SUCCESS = 'Successfully submitted the irx to the ASoC service.';
+export { _IRX_SUBMIT_SUCCESS as IRX_SUBMIT_SUCCESS };
+const _WAIT_FOR_ANALYSIS = 'Waiting for analysis to complete...';
+export { _WAIT_FOR_ANALYSIS as WAIT_FOR_ANALYSIS };
+const _GETTING_RESULTS = 'Getting results...';
+export { _GETTING_RESULTS as GETTING_RESULTS };
+const _ANALYSIS_SUCCESS = 'Analysis complete.';
+export { _ANALYSIS_SUCCESS as ANALYSIS_SUCCESS };
+const _ANALYSIS_TIMEOUT = 'Timed out waiting for analysis to complete. Review the scan in ASoC to see the results.'
+export { _ANALYSIS_TIMEOUT as ANALYSIS_TIMEOUT };
+const _TOTAL_ISSUES = 'Total issues: ';
+export { _TOTAL_ISSUES as TOTAL_ISSUES };
+const _ISSUES_COLON = ' issues: ';
+export { _ISSUES_COLON as ISSUES_COLON };
 
 //Error messages:
-const ERROR_DOWNLOADING_CLIENT = 'An error occurred downloading the SAClientUtil. Status code ';
-exports.ERROR_DOWNLOADING_CLIENT = ERROR_DOWNLOADING_CLIENT;
-const ERROR_FILE_DOES_NOT_EXIST = 'An error occurred extracting the SAClientUtil. The file does not exist: '
-exports.ERROR_FILE_DOES_NOT_EXIST = ERROR_FILE_DOES_NOT_EXIST;
-const ERROR_INVALID_APP_ID = 'Invalid application ID.'
-exports.ERROR_INVALID_APP_ID = ERROR_INVALID_APP_ID;
-const ERROR_ANALYSIS_FAILED = 'Analysis failed. Review the scan in ASoC for additional details.'
-exports.ERROR_ANALYSIS_FAILED = ERROR_ANALYSIS_FAILED;
-const ERROR_NONCOMPLIANT_ISSUES = 'Failed. Non-compliant issues were found in the scan.';
-exports.ERROR_NONCOMPLIANT_ISSUES = ERROR_NONCOMPLIANT_ISSUES;
-const ERROR_BAD_SCAN_ID = 'An error occurred submitting the irx for analysis.';
-exports.ERROR_BAD_SCAN_ID = ERROR_BAD_SCAN_ID;
+const _ERROR_DOWNLOADING_CLIENT = 'An error occurred downloading the SAClientUtil. Status code ';
+export { _ERROR_DOWNLOADING_CLIENT as ERROR_DOWNLOADING_CLIENT };
+const _ERROR_FILE_DOES_NOT_EXIST = 'An error occurred extracting the SAClientUtil. The file does not exist: '
+export { _ERROR_FILE_DOES_NOT_EXIST as ERROR_FILE_DOES_NOT_EXIST };
+const _ERROR_INVALID_APP_ID = 'Invalid application ID.'
+export { _ERROR_INVALID_APP_ID as ERROR_INVALID_APP_ID };
+const _ERROR_ANALYSIS_FAILED = 'Analysis failed. Review the scan in ASoC for additional details.'
+export { _ERROR_ANALYSIS_FAILED as ERROR_ANALYSIS_FAILED };
+const _ERROR_NONCOMPLIANT_ISSUES = 'Failed. Non-compliant issues were found in the scan.';
+export { _ERROR_NONCOMPLIANT_ISSUES as ERROR_NONCOMPLIANT_ISSUES };
+const _ERROR_BAD_SCAN_ID = 'An error occurred submitting the irx for analysis.';
+export { _ERROR_BAD_SCAN_ID as ERROR_BAD_SCAN_ID };

src/main.js

@@ -1,5 +1,5 @@
 /*
-Copyright 2022 HCL America, Inc.
+Copyright 2022, 2023 HCL America, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,12 +14,12 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-const core = require('@actions/core');
-const constants = require('./constants');
-const client = require('./client');
-const saclientutil = require('./saclientutil');
-const asoc = require('./asoc');
-const settings = require('./settings');
+import core from '@actions/core';
+import * as constants from './constants.js';
+import client from './client.js';
+import saclientutil from './saclientutil.js';
+import asoc from './asoc.js';
+import settings from './settings.js';
 
 core.info(constants.DOWNLOADING_CLIENT);
 saclientutil.downloadClient()

src/resultProcessor.js

@@ -1,5 +1,5 @@
 /*
-Copyright 2022 HCL America, Inc.
+Copyright 2022, 2023 HCL America, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-const constants = require('./constants');
+import * as constants from './constants.js';
 
 const Informational = 0;
 const Low = 1;
@@ -80,4 +80,4 @@ function getSeverityValue(severity) {
     return severityValue;
 }
 
-module.exports = { processResults }
+export default { processResults }

src/saclientutil.js

@@ -1,5 +1,5 @@
 /*
-Copyright 2022 HCL America, Inc.
+Copyright 2022, 2023 HCL America, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,19 +14,25 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-const fs =  require('fs');
-const HttpsProxyAgent = require('https-proxy-agent');
-const url = require('url');
-const path = require('path');
-const extract = require('extract-zip');
-const https = require('https');
-const os = require('os');
-const settings = require('./settings');
-const utils = require('./utils');
-const constants = require('./constants');
+import * as fs from 'fs';
+import HttpsProxyAgent from 'https-proxy-agent';
+import * as url from 'url';
+import * as path from 'path';
+import extract from 'extract-zip';
+import * as https from 'https';
+import * as os from 'os';
+import * as constants from './constants.js';
+import settings from './settings.js';
+import utils from './utils.js';
+
+let parentDir = path.join(os.homedir(), '.appscan');
+if(!fs.existsSync(parentDir)) {
+    fs.mkdirSync(parentDir);
+}
 
-let parentDir = os.homedir();
-let script = utils.getOS() === 'win' ? 'appscan.bat' : 'appscan.sh';
+let scriptName = utils.getOS() === 'win' ? 'appscan.bat' : 'appscan.sh';
+let clientDir = getClientDir();
+let script = clientDir ? path.join(clientDir, 'bin', scriptName) : undefined;
 
 function downloadClient() {
     return new Promise((resolve, reject) => {
@@ -45,7 +51,7 @@ function downloadClient() {
         zip.on('close', () => {
             extractClient(zipFile)
                 .then(() => {
-                    script = path.join(getClientDir(), 'bin', script);
+                    script = path.join(getClientDir(), 'bin', scriptName);
                     if(fs.existsSync(script)) {
                         resolve(script);
                     }
@@ -77,6 +83,9 @@ function downloadClient() {
                 reject(e);
             });
         })
+        .catch((error) => {
+            reject(error);
+        })
     });
 }
 
@@ -87,13 +96,13 @@ function extractClient(zipFile) {
             return;
         }
 
-        extract(zipFile, {dir: path.dirname(zipFile)}, (err) => {
-            if(err) {
-                reject(err);
-            } else {
-                resolve();
-            }
-        });
+        extract(zipFile, {dir: path.dirname(zipFile)})
+        .then(() => {
+            resolve();
+        })
+        .catch((error) => {
+            reject(error);
+        })
     });
 }
 
@@ -193,15 +202,20 @@ function compareVersions(oldVersion, newVersion) {
 }
 
 function getScript() {
-    if(!fs.existsSync(script)) {
-        downloadClient()
-        .then(() => {
-            return script;
-        })
-    }
-    else {
-        return script;
-    }
+    return new Promise((resolve, reject) => {
+        if(!fs.existsSync(script)) {
+            downloadClient()
+            .then(() => {
+                resolve(script);
+            })
+            .catch((error) => {
+                reject(error);
+            })
+        }
+        else {
+            resolve(script);
+        }
+    })
 }
 
-module.exports = { downloadClient, getScript }
+export default { downloadClient, getScript }