audit command for adf cli (#5699)

2025-07-24 17:32:15 +00:00 · 2020-05-13 22:13:16 +01:00
parent a8c252db8b
commit 5621dbbb05
6 changed files with 98 additions and 81 deletions
--- a/lib/cli/bin/doc/audit.js
+++ b/lib/cli/bin/doc/audit.js
@@ -1,32 +0,0 @@
 #!/usr/bin/env node
 var shell = require('shelljs');
 var cmd = "npm audit --json";
 var ejs = require('ejs');
 var path = require('path');
 var fs = require('fs');
 var templatePath = path.resolve(__dirname, 'templates', 'auditPage.ejs');
 try {
    var jsonAudit = shell.exec(cmd, {silent:true});
 } catch(err) {
    console.error('error'+ err);
 }
 var packageJson = JSON.parse(fs.readFileSync(path.resolve('./','package.json')));
 ejs.renderFile(templatePath, {
    jsonAudit: JSON.parse(jsonAudit),
    projVersion: packageJson.version,
    projName: packageJson.description
 }, {}, (err, mdText) => {
    if (err) {
        console.log(err);
    } else {
        fs.writeFileSync(`audit-info-${packageJson.version}.md`, mdText);
        console.log(`Wrote Audit`);
    }
 });
--- a/lib/cli/bin/doc/templates/auditPage.ejs
+++ b/lib/cli/bin/doc/templates/auditPage.ejs
@@ -1,31 +0,0 @@
 ---
 Title: Audit info, <%= projName %> <%= projVersion %>
 ---
 # Audit information for <%= projName %>  <%= projVersion %>
 This page lists the npm audit of the project in the version <%= projVersion %>
 ## Risks
 - Critical risk dependencies <%= jsonAudit.metadata.vulnerabilities.critical %>
 - High risk dependencies <%= jsonAudit.metadata.vulnerabilities.high %>
 - Moderate risk dependencies <%= jsonAudit.metadata.vulnerabilities.moderate %>
 - Low risk dependencies <%= jsonAudit.metadata.vulnerabilities.low %>
 Dependencies analyzed <%= jsonAudit.metadata.totalDependencies %>
 ## Libraries
 | Severity | Vulnerable versions | Module |
 | --- | --- | --- |
 <%
 for(var currentAdvisories in jsonAudit.advisories) {
        severity = jsonAudit.advisories[currentAdvisories].severity;
        vulnerable_versions = JSON.stringify(jsonAudit.advisories[currentAdvisories].vulnerable_versions);
        module = jsonAudit.advisories[currentAdvisories].module_name;
 -%>
 |<%= severity %> | <%= vulnerable_versions %> | <%= module %> |
 <% } %>
--- a/lib/cli/package.json
+++ b/lib/cli/package.json
@@ -4,7 +4,6 @@
  "version": "3.8.0",
  "author": "Alfresco Software, Ltd.",
  "bin": {
    "adf-audit": "./bin/doc/audit.js",
    "adf-cli": "./bin/adf-cli",
    "adf": "./bin/adf-cli"
  },
--- a/lib/cli/scripts/audit.ts
+++ b/lib/cli/scripts/audit.ts
@@ -0,0 +1,84 @@
 #!/usr/bin/env node
 /*!
 * @license
 * Copyright 2019 Alfresco Software, Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import * as shell from 'shelljs';
 import * as ejs from 'ejs';
 import * as path from 'path';
 import * as fs from 'fs';
 import * as program from 'commander';
 export default function main(_args: string[], workingDir: string) {
    program
        .description('Generate an audit report')
        .usage('audit [options]')
        .option('-p, --package <path>', 'Path to package file (default: package.json in working directory)')
        .option('-d, --outDir <dir>', 'Ouput directory (default: working directory)')
        .parse(process.argv);
    if (process.argv.includes('-h') || process.argv.includes('--help')) {
        program.outputHelp();
        return;
    }
    let packagePath = path.resolve(workingDir, 'package.json');
    if (program.package) {
        packagePath = path.resolve(program.package);
    }
    if (!fs.existsSync(packagePath)) {
        console.error('The package.json file was not found');
        process.exit(1);
    }
    const templatePath = path.resolve(__dirname, '../templates/auditPage.ejs');
    if (!fs.existsSync(templatePath)) {
        console.error(`Cannot find the report template: ${templatePath}`);
        process.exit(1);
    }
    return new Promise((resolve, reject) => {
        // tslint:disable-next-line: no-console
        console.log(`Running audit on ${packagePath}`);
        const packageJson = JSON.parse(fs.readFileSync(packagePath).toString());
        const cmd = 'npm audit --json';
        const jsonAudit = JSON.parse(shell.exec(cmd, { silent: true }));
        ejs.renderFile(templatePath, {
            jsonAudit,
            projVersion: packageJson.version,
            projName: packageJson.name
        }, {}, (err: any, mdText: string) => {
            if (err) {
                console.error(err);
                reject(1);
            } else {
                const outputPath = path.resolve(program.outDir || workingDir);
                const outputFile = path.join(outputPath, `audit-info-${packageJson.version}.md`);
                fs.writeFileSync(outputFile, mdText);
                // tslint:disable-next-line: no-console
                console.log(`Report saved as ${outputFile}`);
                resolve(0);
            }
        });
    });
 }
--- a/lib/cli/scripts/licenses.ts
+++ b/lib/cli/scripts/licenses.ts
@@ -1,5 +1,4 @@
 #!/usr/bin/env node
 /// <reference> types.d.ts
 /*!
 * @license
@@ -98,13 +97,13 @@ export default function main(_args: string[], workingDir: string) {
    }
    if (!fs.existsSync(packagePath)) {
-        console.error('Package.json not found');
+        console.error('The package.json file was not found');
        process.exit(1);
    }
    const templatePath = path.resolve(__dirname, '../templates/licensePage.ejs');
    if (!fs.existsSync(templatePath)) {
-        console.error(`Cannot find licence template: ${templatePath}`);
+        console.error(`Cannot find the report template: ${templatePath}`);
        process.exit(1);
    }
--- a/lib/cli/templates/auditPage.ejs
+++ b/lib/cli/templates/auditPage.ejs
@@ -4,28 +4,26 @@ Title: Audit info, <%= projName %> <%= projVersion %>
 # Audit information for <%= projName %> <%= projVersion %>
-This page lists the npm audit of the project in the version <%= projVersion %>
+This page lists the security audit of the dependencies this project depends on.
 ## Risks
- Critical risk dependencies <%= jsonAudit.metadata.vulnerabilities.critical %>
+- Critical risk: <%= jsonAudit.metadata.vulnerabilities.critical %>
- High risk dependencies <%= jsonAudit.metadata.vulnerabilities.high %>
+- High risk: <%= jsonAudit.metadata.vulnerabilities.high %>
- Moderate risk dependencies <%= jsonAudit.metadata.vulnerabilities.moderate %>
+- Moderate risk: <%= jsonAudit.metadata.vulnerabilities.moderate %>
- Low risk dependencies <%= jsonAudit.metadata.vulnerabilities.low %>
+- Low risk: <%= jsonAudit.metadata.vulnerabilities.low %>
-Dependencies analyzed <%= jsonAudit.metadata.totalDependencies %>
+Dependencies analyzed: <%= jsonAudit.metadata.totalDependencies %>
 ## Libraries
-
+| Severity | Module | Vulnerable versions |
 | Severity | Vulnerable versions | Module |
 | --- | --- | --- |
 <%
 for(var currentAdvisories in jsonAudit.advisories) {
    severity = jsonAudit.advisories[currentAdvisories].severity;
    vulnerable_versions = JSON.stringify(jsonAudit.advisories[currentAdvisories].vulnerable_versions);
    module = jsonAudit.advisories[currentAdvisories].module_name;
 -%>
-|<%= severity %> | <%= vulnerable_versions %> | <%= module %> |
+|<%= severity %> | <%= module %> | <%= vulnerable_versions %> |
 <% } %>