Skip to content

@W-11267130@: violation messages use <br> instead of \n in html #724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 16, 2022
Merged

@W-11267130@: violation messages use <br> instead of \n in html #724

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b135d4d
@d/W-11267130@: violation messages use <br> instead of \n in html
gkjung Jun 15, 2022
a4c5e19
newline change only applies when flag used
gkjung Jun 15, 2022
9b3a269
added test for html verbose-violations message format
gkjung Jun 16, 2022
182afac
feedback from PR
gkjung Jun 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion src/lib/DefaultRuleManager.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {Controller} from '../Controller';
import globby = require('globby');
import path = require('path');
import {uxEvents, EVENTS} from './ScannerEvents';
import {CUSTOM_CONFIG} from '../Constants';

Messages.importMessagesDirectory(__dirname);
const messages = Messages.loadMessages('@salesforce/sfdx-scanner', 'DefaultRuleManager');
Expand Down Expand Up @@ -127,7 +128,7 @@ export class DefaultRuleManager implements RuleManager {
psResults.forEach(r => results = results.concat(r));
this.logger.trace(`Received rule violations: ${JSON.stringify(results)}`);
this.logger.trace(`Recombining results into requested format ${runOptions.format}`);
return await RuleResultRecombinator.recombineAndReformatResults(results, runOptions.format, executedEngines);
return await RuleResultRecombinator.recombineAndReformatResults(results, runOptions.format, executedEngines, engineOptions.has(CUSTOM_CONFIG.VerboseViolations));
} catch (e) {
const message: string = e instanceof Error ? e.message : e as string;
throw new SfdxError(message);
Expand Down
10 changes: 5 additions & 5 deletions src/lib/formatter/RuleResultRecombinator.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import {SfdxError} from '@salesforce/core';
import * as path from 'path';
import {EngineExecutionSummary, RecombinedData, RecombinedRuleResults, RuleResult, RuleViolation} from '../../types';
import {DfaEngineFilters} from '../../Constants';
import {DfaEngineFilters, ENGINE} from '../../Constants';
import {OUTPUT_FORMAT} from '../RuleManager';
import * as wrap from 'word-wrap';
import {FileHandler} from '../util/FileHandler';
Expand Down Expand Up @@ -37,15 +37,15 @@ type DfaTableRow = BaseTableRow & {

export class RuleResultRecombinator {

public static async recombineAndReformatResults(results: RuleResult[], format: OUTPUT_FORMAT, executedEngines: Set<string>): Promise<RecombinedRuleResults> {
public static async recombineAndReformatResults(results: RuleResult[], format: OUTPUT_FORMAT, executedEngines: Set<string>, verboseViolations = false): Promise<RecombinedRuleResults> {
// We need to change the results we were given into the desired final format.
let formattedResults: string | {columns; rows} = null;
switch (format) {
case OUTPUT_FORMAT.CSV:
formattedResults = await this.constructCsv(results, executedEngines);
break;
case OUTPUT_FORMAT.HTML:
formattedResults = await this.constructHtml(results, executedEngines);
formattedResults = await this.constructHtml(results, executedEngines, verboseViolations);
break;
case OUTPUT_FORMAT.JSON:
formattedResults = this.constructJson(results);
Expand Down Expand Up @@ -351,7 +351,7 @@ URL: ${url}`;
return JSON.stringify(results.filter(r => r.violations.length > 0));
}

private static async constructHtml(results: RuleResult[], executedEngines: Set<string>): Promise<string> {
private static async constructHtml(results: RuleResult[], executedEngines: Set<string>, verboseViolations = false): Promise<string> {
// If the results were just an empty string, we can return it.
if (results.length === 0) {
return '';
Expand All @@ -373,7 +373,7 @@ URL: ${url}`;
ruleName: v.ruleName,
category: v.category,
url: v.url,
message: v.message,
message: verboseViolations && result.engine === ENGINE.RETIRE_JS ? v.message.replace(/\n/g, '<br>') : v.message, // <br> used for line breaks in html
line: v.line,
column: v.column,
endLine: v.endLine || null,
Expand Down
25 changes: 25 additions & 0 deletions test/lib/formatter/RuleResultRecombinator.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,22 @@ const allFakeDfaRuleResultsNormalized: RuleResult[] = [
}
];

const retireJsVerboseViolations: RuleResult[] = [
{
engine: 'retire-js',
fileName: sampleFile1,
violations: [{
"line": 1,
"column": 1,
"severity": 2,
"message": "jquery 3.1.0 has known vulnerabilities:\nseverity: medium; summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; CVE: CVE-2019-11358; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\nseverity: medium; summary: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS; CVE: CVE-2020-11022; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\nseverity: medium; summary: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS; CVE: CVE-2020-11023; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"ruleName": "insecure-bundled-dependencies",
"category": "Insecure Dependencies",
}]
}
];


function isString(x: string | {columns; rows}): x is string {
return typeof x === 'string';
}
Expand Down Expand Up @@ -1268,5 +1284,14 @@ describe('RuleResultRecombinator', () => {
expect(problemNumber).to.equal(6, 'Problem Number Index');
});
});

describe('Output Format: HTML', () => {
it ('Using --verbose-violations', async () => {
const results = (await RuleResultRecombinator.recombineAndReformatResults(retireJsVerboseViolations, OUTPUT_FORMAT.HTML, new Set(['retire-js']), true)).results as string;
const violationString = results.split("const violations = [")[1].split("];\n")[0];
const violation: RuleViolation = JSON.parse(violationString as string);
expect(violation.message).to.equal("jquery 3.1.0 has known vulnerabilities:<br>severity: medium; summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; CVE: CVE-2019-11358; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b<br>severity: medium; summary: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS; CVE: CVE-2020-11022; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/<br>severity: medium; summary: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS; CVE: CVE-2020-11023; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/");
});
});
});
});