diff --git a/lib/cli/bin/doc/audit.js b/lib/cli/bin/doc/audit.js deleted file mode 100755 index 7a0eef1fd4..0000000000 --- a/lib/cli/bin/doc/audit.js +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env node - -var shell = require('shelljs'); -var cmd = "npm audit --json"; -var ejs = require('ejs'); -var path = require('path'); -var fs = require('fs'); - -var templatePath = path.resolve(__dirname, 'templates', 'auditPage.ejs'); - - -try { - var jsonAudit = shell.exec(cmd, {silent:true}); -} catch(err) { - console.error('error'+ err); -} - -var packageJson = JSON.parse(fs.readFileSync(path.resolve('./','package.json'))); - -ejs.renderFile(templatePath, { - jsonAudit: JSON.parse(jsonAudit), - projVersion: packageJson.version, - projName: packageJson.description -}, {}, (err, mdText) => { - if (err) { - console.log(err); - } else { - fs.writeFileSync(`audit-info-${packageJson.version}.md`, mdText); - console.log(`Wrote Audit`); - } -}); - diff --git a/lib/cli/bin/doc/templates/auditPage.ejs b/lib/cli/bin/doc/templates/auditPage.ejs deleted file mode 100644 index 5ef6f2992b..0000000000 --- a/lib/cli/bin/doc/templates/auditPage.ejs +++ /dev/null @@ -1,31 +0,0 @@ ---- -Title: Audit info, <%= projName %> <%= projVersion %> ---- - -# Audit information for <%= projName %> <%= projVersion %> - -This page lists the npm audit of the project in the version <%= projVersion %> - -## Risks - -- Critical risk dependencies <%= jsonAudit.metadata.vulnerabilities.critical %> -- High risk dependencies <%= jsonAudit.metadata.vulnerabilities.high %> -- Moderate risk dependencies <%= jsonAudit.metadata.vulnerabilities.moderate %> -- Low risk dependencies <%= jsonAudit.metadata.vulnerabilities.low %> - -Dependencies analyzed <%= jsonAudit.metadata.totalDependencies %> - -## Libraries - - -| Severity | Vulnerable versions | Module | -| --- | --- | --- | -<% -for(var currentAdvisories in jsonAudit.advisories) { - - severity = jsonAudit.advisories[currentAdvisories].severity; - vulnerable_versions = JSON.stringify(jsonAudit.advisories[currentAdvisories].vulnerable_versions); - module = jsonAudit.advisories[currentAdvisories].module_name; --%> -|<%= severity %> | <%= vulnerable_versions %> | <%= module %> | -<% } %> diff --git a/lib/cli/package.json b/lib/cli/package.json index 3e49648f8e..4033385e0d 100644 --- a/lib/cli/package.json +++ b/lib/cli/package.json @@ -4,7 +4,6 @@ "version": "3.8.0", "author": "Alfresco Software, Ltd.", "bin": { - "adf-audit": "./bin/doc/audit.js", "adf-cli": "./bin/adf-cli", "adf": "./bin/adf-cli" }, diff --git a/lib/cli/scripts/audit.ts b/lib/cli/scripts/audit.ts new file mode 100644 index 0000000000..50390df628 --- /dev/null +++ b/lib/cli/scripts/audit.ts @@ -0,0 +1,84 @@ +#!/usr/bin/env node + +/*! + * @license + * Copyright 2019 Alfresco Software, Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import * as shell from 'shelljs'; +import * as ejs from 'ejs'; +import * as path from 'path'; +import * as fs from 'fs'; +import * as program from 'commander'; + +export default function main(_args: string[], workingDir: string) { + program + .description('Generate an audit report') + .usage('audit [options]') + .option('-p, --package ', 'Path to package file (default: package.json in working directory)') + .option('-d, --outDir ', 'Ouput directory (default: working directory)') + .parse(process.argv); + + if (process.argv.includes('-h') || process.argv.includes('--help')) { + program.outputHelp(); + return; + } + + let packagePath = path.resolve(workingDir, 'package.json'); + + if (program.package) { + packagePath = path.resolve(program.package); + } + + if (!fs.existsSync(packagePath)) { + console.error('The package.json file was not found'); + process.exit(1); + } + + const templatePath = path.resolve(__dirname, '../templates/auditPage.ejs'); + if (!fs.existsSync(templatePath)) { + console.error(`Cannot find the report template: ${templatePath}`); + process.exit(1); + } + + return new Promise((resolve, reject) => { + // tslint:disable-next-line: no-console + console.log(`Running audit on ${packagePath}`); + + const packageJson = JSON.parse(fs.readFileSync(packagePath).toString()); + const cmd = 'npm audit --json'; + const jsonAudit = JSON.parse(shell.exec(cmd, { silent: true })); + + ejs.renderFile(templatePath, { + jsonAudit, + projVersion: packageJson.version, + projName: packageJson.name + }, {}, (err: any, mdText: string) => { + if (err) { + console.error(err); + reject(1); + } else { + const outputPath = path.resolve(program.outDir || workingDir); + const outputFile = path.join(outputPath, `audit-info-${packageJson.version}.md`); + + fs.writeFileSync(outputFile, mdText); + + // tslint:disable-next-line: no-console + console.log(`Report saved as ${outputFile}`); + resolve(0); + } + }); + }); +} diff --git a/lib/cli/scripts/licenses.ts b/lib/cli/scripts/licenses.ts index bf91701723..644bfdb589 100644 --- a/lib/cli/scripts/licenses.ts +++ b/lib/cli/scripts/licenses.ts @@ -1,5 +1,4 @@ #!/usr/bin/env node -/// types.d.ts /*! * @license @@ -98,13 +97,13 @@ export default function main(_args: string[], workingDir: string) { } if (!fs.existsSync(packagePath)) { - console.error('Package.json not found'); + console.error('The package.json file was not found'); process.exit(1); } const templatePath = path.resolve(__dirname, '../templates/licensePage.ejs'); if (!fs.existsSync(templatePath)) { - console.error(`Cannot find licence template: ${templatePath}`); + console.error(`Cannot find the report template: ${templatePath}`); process.exit(1); } diff --git a/lib/cli/templates/auditPage.ejs b/lib/cli/templates/auditPage.ejs index 5ef6f2992b..c3d818cd2c 100644 --- a/lib/cli/templates/auditPage.ejs +++ b/lib/cli/templates/auditPage.ejs @@ -2,30 +2,28 @@ Title: Audit info, <%= projName %> <%= projVersion %> --- -# Audit information for <%= projName %> <%= projVersion %> +# Audit information for <%= projName %> <%= projVersion %> -This page lists the npm audit of the project in the version <%= projVersion %> +This page lists the security audit of the dependencies this project depends on. ## Risks -- Critical risk dependencies <%= jsonAudit.metadata.vulnerabilities.critical %> -- High risk dependencies <%= jsonAudit.metadata.vulnerabilities.high %> -- Moderate risk dependencies <%= jsonAudit.metadata.vulnerabilities.moderate %> -- Low risk dependencies <%= jsonAudit.metadata.vulnerabilities.low %> +- Critical risk: <%= jsonAudit.metadata.vulnerabilities.critical %> +- High risk: <%= jsonAudit.metadata.vulnerabilities.high %> +- Moderate risk: <%= jsonAudit.metadata.vulnerabilities.moderate %> +- Low risk: <%= jsonAudit.metadata.vulnerabilities.low %> -Dependencies analyzed <%= jsonAudit.metadata.totalDependencies %> +Dependencies analyzed: <%= jsonAudit.metadata.totalDependencies %> ## Libraries - -| Severity | Vulnerable versions | Module | +| Severity | Module | Vulnerable versions | | --- | --- | --- | <% for(var currentAdvisories in jsonAudit.advisories) { - - severity = jsonAudit.advisories[currentAdvisories].severity; - vulnerable_versions = JSON.stringify(jsonAudit.advisories[currentAdvisories].vulnerable_versions); - module = jsonAudit.advisories[currentAdvisories].module_name; + severity = jsonAudit.advisories[currentAdvisories].severity; + vulnerable_versions = JSON.stringify(jsonAudit.advisories[currentAdvisories].vulnerable_versions); + module = jsonAudit.advisories[currentAdvisories].module_name; -%> -|<%= severity %> | <%= vulnerable_versions %> | <%= module %> | +|<%= severity %> | <%= module %> | <%= vulnerable_versions %> | <% } %>