audit command for adf cli (#5699)

lib/cli/bin/doc/audit.js

@@ -1,32 +0,0 @@
-#!/usr/bin/env node
-
-var shell = require('shelljs');
-var cmd = "npm audit --json";
-var ejs = require('ejs');
-var path = require('path');
-var fs = require('fs');
-
-var templatePath = path.resolve(__dirname, 'templates', 'auditPage.ejs');
-
-
-try {
-    var jsonAudit = shell.exec(cmd, {silent:true});
-} catch(err) {
-    console.error('error'+ err);
-}
-
-var packageJson = JSON.parse(fs.readFileSync(path.resolve('./','package.json')));
-
-ejs.renderFile(templatePath, {
-    jsonAudit: JSON.parse(jsonAudit),
-    projVersion: packageJson.version,
-    projName: packageJson.description
-}, {}, (err, mdText) => {
-    if (err) {
-        console.log(err);
-    } else {
-        fs.writeFileSync(`audit-info-${packageJson.version}.md`, mdText);
-        console.log(`Wrote Audit`);
-    }
-});
-

lib/cli/bin/doc/templates/auditPage.ejs

@@ -1,31 +0,0 @@
----
-Title: Audit info, <%= projName %> <%= projVersion %>
----
-
-# Audit information for <%= projName %>  <%= projVersion %>
-
-This page lists the npm audit of the project in the version <%= projVersion %>
-
-## Risks
-
-- Critical risk dependencies <%= jsonAudit.metadata.vulnerabilities.critical %>
-- High risk dependencies <%= jsonAudit.metadata.vulnerabilities.high %>
-- Moderate risk dependencies <%= jsonAudit.metadata.vulnerabilities.moderate %>
-- Low risk dependencies <%= jsonAudit.metadata.vulnerabilities.low %>
-
-Dependencies analyzed <%= jsonAudit.metadata.totalDependencies %>
-
-## Libraries
-
-
-| Severity | Vulnerable versions | Module |
-| --- | --- | --- |
-<%
-for(var currentAdvisories in jsonAudit.advisories) {
-
-        severity = jsonAudit.advisories[currentAdvisories].severity;
-        vulnerable_versions = JSON.stringify(jsonAudit.advisories[currentAdvisories].vulnerable_versions);
-        module = jsonAudit.advisories[currentAdvisories].module_name;
--%>
-|<%= severity %> | <%= vulnerable_versions %> | <%= module %> |
-<% } %>

lib/cli/package.json

@@ -4,7 +4,6 @@
   "version": "3.8.0",
   "author": "Alfresco Software, Ltd.",
   "bin": {
-    "adf-audit": "./bin/doc/audit.js",
     "adf-cli": "./bin/adf-cli",
     "adf": "./bin/adf-cli"
   },

lib/cli/scripts/audit.ts

@@ -0,0 +1,84 @@
+#!/usr/bin/env node
+
+/*!
+ * @license
+ * Copyright 2019 Alfresco Software, Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import * as shell from 'shelljs';
+import * as ejs from 'ejs';
+import * as path from 'path';
+import * as fs from 'fs';
+import * as program from 'commander';
+
+export default function main(_args: string[], workingDir: string) {
+    program
+        .description('Generate an audit report')
+        .usage('audit [options]')
+        .option('-p, --package <path>', 'Path to package file (default: package.json in working directory)')
+        .option('-d, --outDir <dir>', 'Ouput directory (default: working directory)')
+        .parse(process.argv);
+
+    if (process.argv.includes('-h') || process.argv.includes('--help')) {
+        program.outputHelp();
+        return;
+    }
+
+    let packagePath = path.resolve(workingDir, 'package.json');
+
+    if (program.package) {
+        packagePath = path.resolve(program.package);
+    }
+
+    if (!fs.existsSync(packagePath)) {
+        console.error('The package.json file was not found');
+        process.exit(1);
+    }
+
+    const templatePath = path.resolve(__dirname, '../templates/auditPage.ejs');
+    if (!fs.existsSync(templatePath)) {
+        console.error(`Cannot find the report template: ${templatePath}`);
+        process.exit(1);
+    }
+
+    return new Promise((resolve, reject) => {
+        // tslint:disable-next-line: no-console
+        console.log(`Running audit on ${packagePath}`);
+
+        const packageJson = JSON.parse(fs.readFileSync(packagePath).toString());
+        const cmd = 'npm audit --json';
+        const jsonAudit = JSON.parse(shell.exec(cmd, { silent: true }));
+
+        ejs.renderFile(templatePath, {
+            jsonAudit,
+            projVersion: packageJson.version,
+            projName: packageJson.name
+        }, {}, (err: any, mdText: string) => {
+            if (err) {
+                console.error(err);
+                reject(1);
+            } else {
+                const outputPath = path.resolve(program.outDir || workingDir);
+                const outputFile = path.join(outputPath, `audit-info-${packageJson.version}.md`);
+
+                fs.writeFileSync(outputFile, mdText);
+
+                // tslint:disable-next-line: no-console
+                console.log(`Report saved as ${outputFile}`);
+                resolve(0);
+            }
+        });
+    });
+}

lib/cli/scripts/licenses.ts

@@ -1,5 +1,4 @@
 #!/usr/bin/env node
-/// <reference> types.d.ts
 
 /*!
  * @license
@@ -98,13 +97,13 @@ export default function main(_args: string[], workingDir: string) {
     }
 
     if (!fs.existsSync(packagePath)) {
-        console.error('Package.json not found');
+        console.error('The package.json file was not found');
         process.exit(1);
     }
 
     const templatePath = path.resolve(__dirname, '../templates/licensePage.ejs');
     if (!fs.existsSync(templatePath)) {
-        console.error(`Cannot find licence template: ${templatePath}`);
+        console.error(`Cannot find the report template: ${templatePath}`);
         process.exit(1);
     }
 

lib/cli/templates/auditPage.ejs

@@ -2,30 +2,28 @@
 Title: Audit info, <%= projName %> <%= projVersion %>
 ---
 
-# Audit information for <%= projName %>  <%= projVersion %>
+# Audit information for <%= projName %> <%= projVersion %>
 
-This page lists the npm audit of the project in the version <%= projVersion %>
+This page lists the security audit of the dependencies this project depends on.
 
 ## Risks
 
-- Critical risk dependencies <%= jsonAudit.metadata.vulnerabilities.critical %>
-- High risk dependencies <%= jsonAudit.metadata.vulnerabilities.high %>
-- Moderate risk dependencies <%= jsonAudit.metadata.vulnerabilities.moderate %>
-- Low risk dependencies <%= jsonAudit.metadata.vulnerabilities.low %>
+- Critical risk: <%= jsonAudit.metadata.vulnerabilities.critical %>
+- High risk: <%= jsonAudit.metadata.vulnerabilities.high %>
+- Moderate risk: <%= jsonAudit.metadata.vulnerabilities.moderate %>
+- Low risk: <%= jsonAudit.metadata.vulnerabilities.low %>
 
-Dependencies analyzed <%= jsonAudit.metadata.totalDependencies %>
+Dependencies analyzed: <%= jsonAudit.metadata.totalDependencies %>
 
 ## Libraries
 
-
-| Severity | Vulnerable versions | Module |
+| Severity | Module | Vulnerable versions |
 | --- | --- | --- |
 <%
 for(var currentAdvisories in jsonAudit.advisories) {
-
-        severity = jsonAudit.advisories[currentAdvisories].severity;
-        vulnerable_versions = JSON.stringify(jsonAudit.advisories[currentAdvisories].vulnerable_versions);
-        module = jsonAudit.advisories[currentAdvisories].module_name;
+    severity = jsonAudit.advisories[currentAdvisories].severity;
+    vulnerable_versions = JSON.stringify(jsonAudit.advisories[currentAdvisories].vulnerable_versions);
+    module = jsonAudit.advisories[currentAdvisories].module_name;
 -%>
-|<%= severity %> | <%= vulnerable_versions %> | <%= module %> |
+|<%= severity %> | <%= module %> | <%= vulnerable_versions %> |
 <% } %>