Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the ability to filter report #79

Merged
merged 16 commits into from Mar 4, 2019
@@ -1,3 +1,3 @@
/node_modules/

test/fixtures/*/node_modules

This comment has been minimized.

Copy link
@Fishrock123

Fishrock123 Feb 28, 2019

Contributor

The tests won't work with this on a fresh install...

I intentionally put placeholders there to not have to do actual installs. Maybe we can find a smaller module that is has failures?

This comment has been minimized.

Copy link
@Raynos

Raynos Feb 28, 2019

Author Contributor

i verified that the package-lock.json is sufficient for the tests to work; node_modules should be optional.

.DS_Store
@@ -27,6 +27,8 @@ async function main () {
dir: 'd',
github: 'g',
google: 'G',
compliance: 'c',
security: 's',
help: 'h',
json: 'j',
long: 'l',
@@ -103,7 +103,7 @@ async function report (argv, _dir) {

pkgScores = moduleSort(pkgScores)

if (!json && !output && !long) shortReport(pkgScores, dir)
if (!json && !output && !long) shortReport(pkgScores, dir, argv)
if (long) longReport(pkgScores, dir)
if (json) jsonReport(pkgScores)
if (output) outputReport(pkgScores, output)
@@ -126,6 +126,8 @@ function optionsList () {
{${COLORS.light1} ncm} {${COLORS.yellow} report}
{${COLORS.light1} ncm} {${COLORS.yellow} report} {${COLORS.teal} <directory>}
{${COLORS.teal} -l, --long} {white Expanded output with module list}
{${COLORS.teal} -c --compliance} {white Expanded output with compliance failures}
{${COLORS.teal} -s --security} {white Expanded output with security failures}
{${COLORS.teal} -j, --json} {white Output report as JSON}
{${COLORS.teal} -o, --output <filepath>} {white Write JSON report to file}
`.trim()
@@ -102,6 +102,12 @@ function formatError (message, err) {
} else {
message = util.format(message, err)
}
} else if (err) {
This conversation was marked as resolved by juliangruber

This comment has been minimized.

Copy link
@juliangruber

juliangruber Feb 28, 2019

Member

this conditional could be refactored by adding an early return if (!err)

This comment has been minimized.

Copy link
@Raynos

Raynos Feb 28, 2019

Author Contributor

no can do. theres a line below that we need.

This comment has been minimized.

Copy link
@Fishrock123

Fishrock123 Feb 28, 2019

Contributor

Why not just set NCM_DEV=true?

This comment has been minimized.

Copy link
@Raynos

Raynos Feb 28, 2019

Author Contributor

thats a bad user experience for our customers. the error message has critical information.

For example report fails with "report did not work" but with the error message it says "report did not work; please run npm install"

Clearly that second message should always be printed.

if (err.code) {
message = util.format(message, err.code, err.message)
} else {
message = util.format(message, err.message)
}
}
return line('‼︎', chalk`{${COLORS.red} ${message}}`, COLORS.red)
}
@@ -5,8 +5,18 @@ module.exports = shortReport
const summary = require('./summary')
const { moduleList } = require('./util')

function shortReport (report, dir) {
function shortReport (report, dir, argv) {
summary(report, dir)

moduleList(report.slice(0, 5), 'Top 5: Highest Risk Modules')
const filterCompliance = argv ? !!argv.compliance : false

This comment has been minimized.

Copy link
@juliangruber

juliangruber Feb 28, 2019

Member

are those not boolean by default? also, can be refactored to

Suggested change
const filterCompliance = argv ? !!argv.compliance : false
const filterCompliance = argv && argv.compliance

(this isn't go :P)

This comment has been minimized.

Copy link
@Raynos

Raynos Feb 28, 2019

Author Contributor

they are only booleans if we tell minimist to parse them as booleans.

I'd rather cast untrusted user input then have weird types later on.

const filterSecurity = argv ? !!argv.security : false

if (filterCompliance || filterSecurity) {
moduleList(report, null, {
filterCompliance: filterCompliance,
filterSecurity: filterSecurity
})
} else {
moduleList(report.slice(0, 5), 'Top 5: Highest Risk Modules')
}
}
@@ -81,11 +81,54 @@ async function outputReport (report, dir) {
}
}

function moduleList (report, title) {
function filterReport (report, options) {
const out = []

if (!options.filterCompliance && !options.filterSecurity) {
return report
}

if (options.filterCompliance) {
for (const pkg of report) {
const hasComplianceFailure = pkg.scores.some(
s => s.group === 'compliance' && !s.pass
)
if (hasComplianceFailure) {
out.push(pkg)
}
}
}

if (options.filterSecurity) {
for (const pkg of report) {
if (!pkg.failures) {
continue
}
const hasSecurityFailure = pkg.failures.some(
f => f.group === 'security' && f.severity !== 'NONE'
)
if (hasSecurityFailure) {
out.push(pkg)
}
}
}

return out
}

function moduleList (report, title, options) {
L(divider(W[0] + W[1] + W[2] + W[3] + 7, ''))
L(chalk`{${COLORS.light1} ${title}}`)
L(divider(W[0] + W[1] + W[2] + W[3] + 7))

report = moduleSort(report)
if (options) {
report = filterReport(report, options)
if (report.length === 0) {
return
}
}

/* Module List */
L(chalk`{${COLORS.light1} Module Name${' '.repeat(W[0] - 9)}Risk${' '.repeat(W[1] - 3)}License${' '.repeat(W[2] - 6)}Security}`)
L(chalk`{${COLORS.light1} ┌──${''.repeat(W[0])}${''.repeat(W[1])}${''.repeat(W[2])}${''.repeat(W[3])}┐}`)
@@ -206,6 +249,8 @@ function shortVulnerabilityList (report) {
L(chalk` {${COLORS.orange} H} ${netSecurity.HIGH} high severity`)
L(chalk` {${COLORS.yellow} M} ${netSecurity.MEDIUM} medium severity`)
L(chalk` {${COLORS.light1} L} ${netSecurity.LOW} low severity`)

return vulnerabilityCount
}

function moduleSort (report) {

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
@@ -38,6 +38,8 @@ Usage:
ncm report
ncm report <directory>
-l, --long Expanded output with module list
-c --compliance Expanded output with compliance failures
-s --security Expanded output with security failures
-j, --json Output report as JSON
-o, --output <filepath> Write JSON report to file
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.