Lerer · Lerer · Feb 23, 2021 · Feb 23, 2021 · Feb 23, 2021 · Feb 23, 2021
diff --git a/.github/workflows/build-and-scan.yml b/.github/workflows/build-and-scan.yml
@@ -29,7 +29,7 @@ jobs:
       run: java -Dpipeline.debug=true -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --file "target/verademo.war" --fail_on_severity="Very High, High,Medium" -jo true
     - name: Convert pipeline scan output to SARIF format
       id: convert
-      uses: Lerer/veracode-pipeline-scan-results-to-sarif-1@fix-normalize
+      uses: Veracode/veracode-pipeline-scan-results-to-sarif@v0.1.6
       with:
         pipeline-results-json: results.json
         output-results-sarif: veracode-results.sarif

diff --git a/.github/workflows/pipeline-to-pr-comment.yml b/.github/workflows/pipeline-to-pr-comment.yml
@@ -28,14 +28,15 @@ jobs:
     - name: Run Pipeline Scanner
       id: pipeline-scan
       continue-on-error: true
-      run: java -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --so true --file "./target/verademo.war" --fail_on_severity="Very High, High"
+      run: java -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" -so true --file "./target/verademo.war" --fail_on_severity="Very High, High"
     - id: get-comment-body
+      if: ${{ github.head_ref != '' }}
       run: |
         body=$(cat results.txt)
-        body="${body//'%'/'%25'}"
-        body="${body//$'\n'/'%0A'}"
-        body="${body//$'\r'/'%0D'}" 
-        echo ::set-output name=body::$body
+        body="${body//$'===\n---'/'===\n<details><summary>details</summary><p>\n---'}"
+        body="${body//$'---\n\n==='/'---\n</p></details>\n==='}"
+        body="${body//$'\n'/'<br>'}"
+        echo "::set-output name=body1::$body"
     - uses: actions/github-script@v3
       with:
         github-token: ${{secrets.GITHUB_TOKEN}}
@@ -44,5 +45,5 @@ jobs:
             issue_number: context.issue.number,
             owner: context.repo.owner,
             repo: context.repo.repo,
-            body: ${{ steps.get-comment-body.outputs.body }}
+            body: "${{ steps.get-comment-body.outputs.body1 }}"
           })
diff --git a/src/main/java/com/veracode/verademo/controller/ToolsController.java b/src/main/java/com/veracode/verademo/controller/ToolsController.java
@@ -91,6 +91,15 @@ private String fortune(String fortuneFile)
 				proc = Runtime.getRuntime().exec(cmd);
 			}
 			/* END BAD CODE */
+
+			/* ANOTHER BAD CODE */
+			if (System.getProperty("os.name").startsWith("Windows")) {
+				proc = Runtime.getRuntime().exec(new String[] { "cmd.exe", "/c", cmd });
+			}
+			else {
+				proc = Runtime.getRuntime().exec(cmd);
+			}
+			/* END ANOTHER BAD CODE */
 
 			InputStreamReader isr = new InputStreamReader(proc.getInputStream());
 			BufferedReader br = new BufferedReader(isr);