Skip to content
Permalink
Browse files

add missing severity and confidence for NodeIntegrationJSCheck.js, fi…

…x csv escaping
  • Loading branch information...
phosphore committed May 23, 2019
1 parent 04016b3 commit 84316b10ad081194a0f01a1b3cef70a21eefe92b
Showing with 11 additions and 7 deletions.
  1. +2 −0 src/finder/checks/AtomicChecks/NodeIntegrationJSCheck.js
  2. +3 −3 src/runner.js
  3. +6 −4 src/util/file.js
@@ -64,6 +64,8 @@ export default class NodeIntegrationJSCheck {
column: node.key.loc.start.column,
id: this.id,
description: this.description,
severity: severity.INFORMATIONAL,
confidence: confidence.FIRM,
manualReview: isIdentifier
});
}
@@ -85,9 +85,6 @@ export default async function run(input, output, isSarif, customScan, severitySe
}
}

if (output)
writeIssues(output, issues, isSarif);

progress.stop();
}
finally {
@@ -119,6 +116,9 @@ export default async function run(input, output, isSarif, customScan, severitySe
]);
}

if (output)
writeIssues(output, issues, isSarif);

if (rows.length > 0) {
table.push(...rows);
console.log(table.toString());
@@ -103,8 +103,10 @@ export function writeIssues(filename, result, isSarif){
result.forEach(issue => {
issues += [
issue.id,
escapeCsv(issue.severity.name),
escapeCsv(issue.confidence.name),
escapeCsv(issue.file),
`${issue.location.line}:${issue.location.column}`,
escapeCsv(`${issue.location.line}:${issue.location.column}`),
escapeCsv(issue.sample),
escapeCsv(issue.description),
`https://github.com/doyensec/electronegativity/wiki/${issue.id}`
@@ -118,12 +120,12 @@ export function writeIssues(filename, result, isSarif){
});
}

function escapeCsv(string) {
return '"' + string.replace(/"/g, '""') + '"';
function escapeCsv(val) {
return val != null ? '"' + val.replace(/"/g, '""') + '"' : "N/A";
}

export function writeCsvHeader(filename){
let header = `issue, filename, location, sample, description, url${os.EOL}`;
let header = `issue, severity, confidence, filename, location, sample, description, url${os.EOL}`;

fs.writeFile(filename, header, (err) => {
if(err) throw err;

0 comments on commit 84316b1

Please sign in to comment.
You can’t perform that action at this time.