From 493ae3dfa147006fb8d399540b78e695721d90d7 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Fri, 8 Mar 2024 15:52:57 +0000 Subject: [PATCH 01/30] update main --- src/main.js | 59 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 53 insertions(+), 6 deletions(-) diff --git a/src/main.js b/src/main.js index ef5fb35..841745a 100644 --- a/src/main.js +++ b/src/main.js @@ -5,11 +5,13 @@ const github = require("@actions/github"); const io = require("@actions/io"); const filepath = require('path'); const fs = require("fs"); +const yaml = require('js-yaml'); +const { parse } = require('hcl-parser'); +const toml = require('@iarna/toml'); function readJSON(filename) { - const rawdata = fs.readFileSync(filename); - const parsedJSON = JSON.parse(rawdata.toString()); - return parsedJSON; + const rawData = fs.readFileSync(filename); + return JSON.parse(rawData.toString()); } function cleanupOutput(resultsJSONFile, outputFormats) { @@ -18,7 +20,17 @@ function cleanupOutput(resultsJSONFile, outputFormats) { } } -function processOutputPath(output) { +async function processOutputPath(output, configPath) { + let resultsFileName = ''; + if (configPath !== '') { + [config_type, content] = await fileAnalyzer(configPath); + + if (config_type !== '') { + output = content["output-path"] || output; + resultsFileName = content["output-name"] || ''; + } + } + if (output === '') { return { path: "./", @@ -28,10 +40,45 @@ function processOutputPath(output) { return { path: output, - resultsJSONFile: filepath.join(output, "/results.json") + resultsJSONFile: resultsFileName || filepath.join(output, "/results.json") } } +async function fileAnalyzer(filePath) { + const fileContent = await fs.promises.readFile(filePath, 'utf8'); + let temp = {}; + + // Attempt to parse as JSON + try { + temp = JSON.parse(fileContent); + return ['json', temp]; + } catch (jsonErr) {} + + // Attempt to parse as YAML + try { + temp = yaml.safeLoad(fileContent); + return ['yaml', temp]; + } catch (yamlErr) {} + + // Attempt to parse as TOML + try { + temp = toml.parse(fileContent); + return ['toml', temp]; + } catch (tomlErr) {} + + // Attempt to parse as HCL + try { + const parsed = parse(fileContent); + if (parsed.body && parsed.body.length > 0) { + temp = parsed.body[0]; + return ['hcl', temp]; + } + } catch (hclErr) {} + + console.log(`Error analyzing file: Invalid configuration file format`); + return ['', {}]; +} + function setWorkflowStatus(statusCode) { console.log(`KICS scan status code: ${statusCode}`); @@ -52,7 +99,7 @@ async function main() { let enableJobsSummary = process.env.INPUT_ENABLE_JOBS_SUMMARY; const commentsWithQueries = process.env.INPUT_COMMENTS_WITH_QUERIES; const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(','); - const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH); + const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH); const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE From 0ca0adbdeb13d97e24126e53a5b61602929f7c09 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Fri, 8 Mar 2024 15:53:25 +0000 Subject: [PATCH 02/30] update main --- package-lock.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/package-lock.json b/package-lock.json index a6131cf..e9a63aa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -94,14 +94,6 @@ "undici": "^5.25.4" } }, - "node_modules/@actions/tool-cache/node_modules/semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", - "bin": { - "semver": "bin/semver.js" - } - }, "node_modules/@actions/tool-cache/node_modules/uuid": { "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", @@ -300,6 +292,14 @@ "node": ">=10.13.0" } }, + "node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "bin": { + "semver": "bin/semver.js" + } + }, "node_modules/tr46": { "version": "0.0.3", "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", @@ -431,11 +431,6 @@ "undici": "^5.25.4" } }, - "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" - }, "uuid": { "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", @@ -597,6 +592,11 @@ "integrity": "sha512-9fbDAXSBcc6Bs1mZrDYb3XKzDLm4EXXL9sC1LqKP5rZkT6KRr/rf9amVUcODVXgguK/isJz0d0hP72WeaKWsvA==", "dev": true }, + "semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" + }, "tr46": { "version": "0.0.3", "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", From dcba25549ddf8c8a4576d3020069ea267ae184f6 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Fri, 8 Mar 2024 16:12:06 +0000 Subject: [PATCH 03/30] add missing packages --- package-lock.json | 52 +++++++++++++++++++++++++++++++++++++++++++++++ package.json | 7 +++++-- 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index e9a63aa..7d4e383 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,6 +14,9 @@ "@actions/github": "^5.0.0", "@actions/io": "^1.1.1", "@actions/tool-cache": "^2.0.1", + "@iarna/toml": "^2.2.5", + "hcl-parser": "^0.1.1", + "js-yaml": "^4.1.0", "moment": "^2.29.4", "uuid": "^8.3.2" }, @@ -111,6 +114,11 @@ "node": ">=14" } }, + "node_modules/@iarna/toml": { + "version": "2.2.5", + "resolved": "https://registry.npmjs.org/@iarna/toml/-/toml-2.2.5.tgz", + "integrity": "sha512-trnsAYxU3xnS1gPHPyU961coFyLkh4gAD/0zQ5mymY4yOZ+CYvsPqUbOFSw0aDM4y0tV7tiFxL/1XfXPNC6IPg==" + }, "node_modules/@octokit/auth-token": { "version": "2.5.0", "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz", @@ -227,6 +235,11 @@ "ncc": "dist/ncc/cli.js" } }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, "node_modules/before-after-hook": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.2.tgz", @@ -237,6 +250,11 @@ "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" }, + "node_modules/hcl-parser": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/hcl-parser/-/hcl-parser-0.1.1.tgz", + "integrity": "sha512-14aEh09F3MXJLgCrWsVHKem7oK8HFnnYkgRkgPfv6qBPoay290UN6hIxcy5PkeATt5BZa/AKAbPboiipglPqow==" + }, "node_modules/is-plain-object": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", @@ -245,6 +263,17 @@ "node": ">=0.10.0" } }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, "node_modules/moment": { "version": "2.29.4", "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.4.tgz", @@ -443,6 +472,11 @@ "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.0.tgz", "integrity": "sha512-+KpH+QxZU7O4675t3mnkQKcZZg56u+K/Ct2K+N2AZYNVK8kyeo/bI18tI8aPm3tvNNRyTWfj6s5tnGNlcbQRsA==" }, + "@iarna/toml": { + "version": "2.2.5", + "resolved": "https://registry.npmjs.org/@iarna/toml/-/toml-2.2.5.tgz", + "integrity": "sha512-trnsAYxU3xnS1gPHPyU961coFyLkh4gAD/0zQ5mymY4yOZ+CYvsPqUbOFSw0aDM4y0tV7tiFxL/1XfXPNC6IPg==" + }, "@octokit/auth-token": { "version": "2.5.0", "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz", @@ -550,6 +584,11 @@ "integrity": "sha512-S4cL7Taa9yb5qbv+6wLgiKVZ03Qfkc4jGRuiUQMQ8HGBD5pcNRnHeYM33zBvJE4/zJGjJJ8GScB+WmTsn9mORw==", "dev": true }, + "argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, "before-after-hook": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.2.tgz", @@ -560,11 +599,24 @@ "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" }, + "hcl-parser": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/hcl-parser/-/hcl-parser-0.1.1.tgz", + "integrity": "sha512-14aEh09F3MXJLgCrWsVHKem7oK8HFnnYkgRkgPfv6qBPoay290UN6hIxcy5PkeATt5BZa/AKAbPboiipglPqow==" + }, "is-plain-object": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==" }, + "js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "requires": { + "argparse": "^2.0.1" + } + }, "moment": { "version": "2.29.4", "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.4.tgz", diff --git a/package.json b/package.json index 7b04ac0..2724340 100644 --- a/package.json +++ b/package.json @@ -24,12 +24,15 @@ "@actions/github": "^5.0.0", "@actions/io": "^1.1.1", "@actions/tool-cache": "^2.0.1", + "@iarna/toml": "^2.2.5", + "hcl-parser": "^0.1.1", + "js-yaml": "^4.1.0", "moment": "^2.29.4", "uuid": "^8.3.2" }, "devDependencies": { + "@types/uuid": "^8.3.4", "@vercel/ncc": "^0.36.1", - "prettier": "^2.4.1", - "@types/uuid": "^8.3.4" + "prettier": "^2.4.1" } } From a5bdc0eb5c9ad87750d7fad9c27b840204f14799 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 15:07:14 +0000 Subject: [PATCH 04/30] update config parsing --- src/main.js | 84 ++++++++++++++++++++++++++-------------- test/configs/hcl/config | 8 ++++ test/configs/json/config | 13 +++++++ test/configs/toml/config | 8 ++++ test/configs/yaml/config | 13 +++++++ 5 files changed, 96 insertions(+), 30 deletions(-) create mode 100644 test/configs/hcl/config create mode 100644 test/configs/json/config create mode 100644 test/configs/toml/config create mode 100644 test/configs/yaml/config diff --git a/src/main.js b/src/main.js index 841745a..f6544dc 100644 --- a/src/main.js +++ b/src/main.js @@ -6,7 +6,7 @@ const io = require("@actions/io"); const filepath = require('path'); const fs = require("fs"); const yaml = require('js-yaml'); -const { parse } = require('hcl-parser'); +var HCL = require("js-hcl-parser") const toml = require('@iarna/toml'); function readJSON(filename) { @@ -22,7 +22,8 @@ function cleanupOutput(resultsJSONFile, outputFormats) { async function processOutputPath(output, configPath) { let resultsFileName = ''; - if (configPath !== '') { + if (configPath !== '' ) { + [config_type, content] = await fileAnalyzer(configPath); if (config_type !== '') { @@ -38,45 +39,68 @@ async function processOutputPath(output, configPath) { } } + if (resultsFileName === '') { + resultsFileName = filepath.join(output, "/results.json") + } else { + resultsFileName = filepath.join(output, resultsFileName); + } + return { path: output, - resultsJSONFile: resultsFileName || filepath.join(output, "/results.json") + resultsJSONFile: resultsFileName } } +function readFileContent(filePath) { + try { + const stats = fs.statSync(filePath); // Use fs.statSync to get file stats synchronously + if (!stats.isFile()) { + throw new Error('Provided path is not a file.'); + } + const data = fs.readFileSync(filePath, 'utf8'); // Use fs.readFileSync to read file content synchronously + return data; + } catch (error) { + console.error('Error reading file:', error); + return ''; // Return empty string or handle the error as needed + } +} async function fileAnalyzer(filePath) { - const fileContent = await fs.promises.readFile(filePath, 'utf8'); + const fileContent = await readFileContent(filePath); let temp = {}; + if (fileContent === '') { + console.log('Error analyzing file: Empty file content'); + return ['', {}]; + } // Attempt to parse as JSON try { - temp = JSON.parse(fileContent); - return ['json', temp]; - } catch (jsonErr) {} - - // Attempt to parse as YAML - try { - temp = yaml.safeLoad(fileContent); - return ['yaml', temp]; - } catch (yamlErr) {} - - // Attempt to parse as TOML - try { - temp = toml.parse(fileContent); - return ['toml', temp]; - } catch (tomlErr) {} - - // Attempt to parse as HCL - try { - const parsed = parse(fileContent); - if (parsed.body && parsed.body.length > 0) { - temp = parsed.body[0]; - return ['hcl', temp]; + const jsonData = JSON.parse(fileContent); + return ['json', jsonData]; + } catch (jsonError) { + // Attempt to parse as HCL + try { + const parsed = HCL.parse(fileContent); + const jsonData = JSON.parse(parsed); + return ['hcl', jsonData]; + } catch (hclErr) { + console.log(`Error analyzing file: ${hclErr}`); + // Attempt to parse as TOML + try { + temp = toml.parse(fileContent); + return ['toml', temp]; + } catch (tomlErr) { + // Attempt to parse as YAML + try { + temp = yaml.load(fileContent); + return ['yaml', temp]; + } catch (yamlErr) { + console.log(`Error analyzing file: ${yamlErr}`); + console.log(`Error analyzing file: Invalid configuration file format`); + return ['', {}]; + } + } } - } catch (hclErr) {} - - console.log(`Error analyzing file: Invalid configuration file format`); - return ['', {}]; + } } function setWorkflowStatus(statusCode) { diff --git a/test/configs/hcl/config b/test/configs/hcl/config new file mode 100644 index 0000000..ec41c09 --- /dev/null +++ b/test/configs/hcl/config @@ -0,0 +1,8 @@ +"path" = "assets/iac_samples" +"verbose" = true +"log-file" = true +"type" = "Dockerfile,Kubernetes" +"queries-path" = "assets/queries" +"exclude-paths" = ["foo/", "bar/"] +"output-path" = "results" +"output-name" = "res.json" \ No newline at end of file diff --git a/test/configs/json/config b/test/configs/json/config new file mode 100644 index 0000000..191ed20 --- /dev/null +++ b/test/configs/json/config @@ -0,0 +1,13 @@ +{ + "path": "assets/iac_samples", + "verbose": true, + "log-file": true, + "type": "Dockerfile,Kubernetes", + "queries-path": "assets/queries", + "exclude-paths": [ + "foo/", + "bar/" + ], + "output-path": "results", + "output-name": "res.json" +} \ No newline at end of file diff --git a/test/configs/toml/config b/test/configs/toml/config new file mode 100644 index 0000000..a069953 --- /dev/null +++ b/test/configs/toml/config @@ -0,0 +1,8 @@ +path = "assets/iac_samples" +verbose = true +log-file = true +type = "Dockerfile,Kubernetes" +queries-path = "assets/queries" +exclude-paths = [ "foo/", "bar/" ] +output-path = "results" +output-name = "res.json" \ No newline at end of file diff --git a/test/configs/yaml/config b/test/configs/yaml/config new file mode 100644 index 0000000..49b9fcb --- /dev/null +++ b/test/configs/yaml/config @@ -0,0 +1,13 @@ +--- +path: assets/iac_samples +verbose: true +log-file: true +type: + - Dockerfile + - Kubernetes +queries-path: assets/queries +exclude-paths: + - foo/ + - bar/ +output-path: results +output-name: res.json \ No newline at end of file From 243572c71225da72691d51d934498aa3fc6a9c4a Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 15:31:42 +0000 Subject: [PATCH 05/30] update config parsing --- package-lock.json | 22 ++++++++++++++++++++++ package.json | 2 ++ src/main.js | 2 +- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index 7d4e383..06587e4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,6 +16,8 @@ "@actions/tool-cache": "^2.0.1", "@iarna/toml": "^2.2.5", "hcl-parser": "^0.1.1", + "hcl2-parser": "^1.0.3", + "js-hcl-parser": "^1.0.1", "js-yaml": "^4.1.0", "moment": "^2.29.4", "uuid": "^8.3.2" @@ -255,6 +257,11 @@ "resolved": "https://registry.npmjs.org/hcl-parser/-/hcl-parser-0.1.1.tgz", "integrity": "sha512-14aEh09F3MXJLgCrWsVHKem7oK8HFnnYkgRkgPfv6qBPoay290UN6hIxcy5PkeATt5BZa/AKAbPboiipglPqow==" }, + "node_modules/hcl2-parser": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/hcl2-parser/-/hcl2-parser-1.0.3.tgz", + "integrity": "sha512-NQUm/BFF+2nrBfeqDhhsy4DxxiLHgkeE3FywtjFiXnjSUaio3w4Tz1MQ3vGJBUhyArzOXJ24pO7JwE5LAn7Ncg==" + }, "node_modules/is-plain-object": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", @@ -263,6 +270,11 @@ "node": ">=0.10.0" } }, + "node_modules/js-hcl-parser": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/js-hcl-parser/-/js-hcl-parser-1.0.1.tgz", + "integrity": "sha512-fCs/gex31g5FYiXItz6UJBJpKnQoRE7+B3yVv6YqPKce9/k/a0QlJXjoicfvt8jGLy8CHKJ641RXe93xSZCM7A==" + }, "node_modules/js-yaml": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", @@ -604,11 +616,21 @@ "resolved": "https://registry.npmjs.org/hcl-parser/-/hcl-parser-0.1.1.tgz", "integrity": "sha512-14aEh09F3MXJLgCrWsVHKem7oK8HFnnYkgRkgPfv6qBPoay290UN6hIxcy5PkeATt5BZa/AKAbPboiipglPqow==" }, + "hcl2-parser": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/hcl2-parser/-/hcl2-parser-1.0.3.tgz", + "integrity": "sha512-NQUm/BFF+2nrBfeqDhhsy4DxxiLHgkeE3FywtjFiXnjSUaio3w4Tz1MQ3vGJBUhyArzOXJ24pO7JwE5LAn7Ncg==" + }, "is-plain-object": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==" }, + "js-hcl-parser": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/js-hcl-parser/-/js-hcl-parser-1.0.1.tgz", + "integrity": "sha512-fCs/gex31g5FYiXItz6UJBJpKnQoRE7+B3yVv6YqPKce9/k/a0QlJXjoicfvt8jGLy8CHKJ641RXe93xSZCM7A==" + }, "js-yaml": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", diff --git a/package.json b/package.json index 2724340..66c2405 100644 --- a/package.json +++ b/package.json @@ -26,6 +26,8 @@ "@actions/tool-cache": "^2.0.1", "@iarna/toml": "^2.2.5", "hcl-parser": "^0.1.1", + "hcl2-parser": "^1.0.3", + "js-hcl-parser": "^1.0.1", "js-yaml": "^4.1.0", "moment": "^2.29.4", "uuid": "^8.3.2" diff --git a/src/main.js b/src/main.js index f6544dc..822b5fa 100644 --- a/src/main.js +++ b/src/main.js @@ -6,7 +6,7 @@ const io = require("@actions/io"); const filepath = require('path'); const fs = require("fs"); const yaml = require('js-yaml'); -var HCL = require("js-hcl-parser") +const HCL = require("js-hcl-parser") const toml = require('@iarna/toml'); function readJSON(filename) { From 62cbbeb4b1559e9bec657d4fa708d74e7414c64e Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 15:41:04 +0000 Subject: [PATCH 06/30] update config parsing --- src/main.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main.js b/src/main.js index 822b5fa..11ff87c 100644 --- a/src/main.js +++ b/src/main.js @@ -53,11 +53,12 @@ async function processOutputPath(output, configPath) { function readFileContent(filePath) { try { - const stats = fs.statSync(filePath); // Use fs.statSync to get file stats synchronously + // read file content + const stats = fs.statSync('./'+filePath); // Use fs.statSync to get file stats synchronously if (!stats.isFile()) { throw new Error('Provided path is not a file.'); } - const data = fs.readFileSync(filePath, 'utf8'); // Use fs.readFileSync to read file content synchronously + const data = fs.readFileSync('./'+filePath, 'utf8'); // Use fs.readFileSync to read file content synchronously return data; } catch (error) { console.error('Error reading file:', error); From 2987e8e208622e74a281693253999495b8e07069 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 15:56:20 +0000 Subject: [PATCH 07/30] update config parsing --- src/main.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main.js b/src/main.js index 11ff87c..3985558 100644 --- a/src/main.js +++ b/src/main.js @@ -54,11 +54,11 @@ async function processOutputPath(output, configPath) { function readFileContent(filePath) { try { // read file content - const stats = fs.statSync('./'+filePath); // Use fs.statSync to get file stats synchronously + const stats = fs.statSync("./".concat(filePath)); // Use fs.statSync to get file stats synchronously if (!stats.isFile()) { throw new Error('Provided path is not a file.'); } - const data = fs.readFileSync('./'+filePath, 'utf8'); // Use fs.readFileSync to read file content synchronously + const data = fs.readFileSync("./".concat(filePath), 'utf8'); // Use fs.readFileSync to read file content synchronously return data; } catch (error) { console.error('Error reading file:', error); From 096f76574d693fb7221fb22083d0bca816c35bf8 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 16:28:03 +0000 Subject: [PATCH 08/30] update config parsing --- entrypoint.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/entrypoint.sh b/entrypoint.sh index 7f606bd..918072e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -86,6 +86,9 @@ cp -r "${CP_PATH}" "/app/" cd /app +# echo dirs +ls -la + # install and run nodejs apk add --update nodejs npm npm ci From 9228d58a104fccac1d0a839bb59d5bb2f3029daa Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 16:35:26 +0000 Subject: [PATCH 09/30] update config parsing --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 918072e..772d9d3 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -84,7 +84,7 @@ export KICS_EXIT_CODE=$? cp -r "${CP_PATH}" "/app/" -cd /app +tree /app # echo dirs ls -la From 8c29debc2b68b41b7be5f3b843d532eddaf336c4 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 16:56:06 +0000 Subject: [PATCH 10/30] update config parsing --- entrypoint.sh | 5 ++--- src/main.js | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 772d9d3..240f84a 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -84,10 +84,9 @@ export KICS_EXIT_CODE=$? cp -r "${CP_PATH}" "/app/" -tree /app +cd /app -# echo dirs -ls -la +# ec # install and run nodejs apk add --update nodejs npm diff --git a/src/main.js b/src/main.js index 3985558..06093c6 100644 --- a/src/main.js +++ b/src/main.js @@ -54,11 +54,11 @@ async function processOutputPath(output, configPath) { function readFileContent(filePath) { try { // read file content - const stats = fs.statSync("./".concat(filePath)); // Use fs.statSync to get file stats synchronously + const stats = fs.statSync( process.env.GITHUB_WOKSPACE+ "/"+filePath); // Use fs.statSync to get file stats synchronously if (!stats.isFile()) { throw new Error('Provided path is not a file.'); } - const data = fs.readFileSync("./".concat(filePath), 'utf8'); // Use fs.readFileSync to read file content synchronously + const data = fs.readFileSync(process.env.GITHUB_WOKSPACE+ "/"+filePath, 'utf8'); // Use fs.readFileSync to read file content synchronously return data; } catch (error) { console.error('Error reading file:', error); From 703fbdbdfb52b1dba86e8882365d849397b55789 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 17:29:29 +0000 Subject: [PATCH 11/30] update config parsing --- src/main.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main.js b/src/main.js index 06093c6..fc10983 100644 --- a/src/main.js +++ b/src/main.js @@ -54,11 +54,11 @@ async function processOutputPath(output, configPath) { function readFileContent(filePath) { try { // read file content - const stats = fs.statSync( process.env.GITHUB_WOKSPACE+ "/"+filePath); // Use fs.statSync to get file stats synchronously + const stats = fs.statSync( process.env.GITHUB_WORKSPACE+ "/"+filePath); // Use fs.statSync to get file stats synchronously if (!stats.isFile()) { throw new Error('Provided path is not a file.'); } - const data = fs.readFileSync(process.env.GITHUB_WOKSPACE+ "/"+filePath, 'utf8'); // Use fs.readFileSync to read file content synchronously + const data = fs.readFileSync(process.env.GITHUB_WORKSPACE+ "/"+filePath, 'utf8'); // Use fs.readFileSync to read file content synchronously return data; } catch (error) { console.error('Error reading file:', error); From c661cc0387dd58b8233b4283dadf8e68b4327d6b Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 17:36:17 +0000 Subject: [PATCH 12/30] update config parsing --- src/main.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main.js b/src/main.js index fc10983..5f69d7b 100644 --- a/src/main.js +++ b/src/main.js @@ -127,6 +127,9 @@ async function main() { const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH); const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE + const configPath = process.env.GITHUB_WORKSPACE + + console.log("PATH do workspace: ", configPath) try { const octokit = github.getOctokit(githubToken); From 53d253003a379438ef1ab5f450ed50b44ffc4884 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 17:56:43 +0000 Subject: [PATCH 13/30] update config parsing --- src/main.js | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/src/main.js b/src/main.js index 5f69d7b..c6ffce7 100644 --- a/src/main.js +++ b/src/main.js @@ -20,11 +20,11 @@ function cleanupOutput(resultsJSONFile, outputFormats) { } } -async function processOutputPath(output, configPath) { +async function processOutputPath(output, configPath, workspace) { let resultsFileName = ''; if (configPath !== '' ) { - [config_type, content] = await fileAnalyzer(configPath); + [config_type, content] = await fileAnalyzer(configPath, workspace); if (config_type !== '') { output = content["output-path"] || output; @@ -51,22 +51,23 @@ async function processOutputPath(output, configPath) { } } -function readFileContent(filePath) { +function readFileContent(filePath, workspace) { try { // read file content - const stats = fs.statSync( process.env.GITHUB_WORKSPACE+ "/"+filePath); // Use fs.statSync to get file stats synchronously + + const stats = fs.statSync( filePath.join(workspace, filePath)); // Use fs.statSync to get file stats synchronously if (!stats.isFile()) { throw new Error('Provided path is not a file.'); } - const data = fs.readFileSync(process.env.GITHUB_WORKSPACE+ "/"+filePath, 'utf8'); // Use fs.readFileSync to read file content synchronously + const data = fs.readFileSync(filePath.join(workspace, filePath), 'utf8'); // Use fs.readFileSync to read file content synchronously return data; } catch (error) { console.error('Error reading file:', error); return ''; // Return empty string or handle the error as needed } } -async function fileAnalyzer(filePath) { - const fileContent = await readFileContent(filePath); +async function fileAnalyzer(filePath, workspace) { + const fileContent = await readFileContent(filePath, workspace); let temp = {}; if (fileContent === '') { @@ -124,12 +125,9 @@ async function main() { let enableJobsSummary = process.env.INPUT_ENABLE_JOBS_SUMMARY; const commentsWithQueries = process.env.INPUT_COMMENTS_WITH_QUERIES; const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(','); - const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH); + const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH, process.env.GITHUB_WORKSPACE); const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE - const configPath = process.env.GITHUB_WORKSPACE - - console.log("PATH do workspace: ", configPath) try { const octokit = github.getOctokit(githubToken); From 523957277a37e221b712b1edf51bc3ff57865df7 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 18:00:22 +0000 Subject: [PATCH 14/30] update config parsing --- entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/entrypoint.sh b/entrypoint.sh index 240f84a..d9d3698 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -80,6 +80,8 @@ echo "${DATETIME} - INF : about to scan directory $INPUT_PATH" echo "${DATETIME} - INF : kics command kics $INPUT_PARAM $OUTPUT_PATH_PARAM $OUTPUT_FORMATS_PARAM $PLATFORM_TYPE_PARAM $PAYLOAD_PATH_PARAM $CONFIG_PATH_PARAM $EXCLUDE_PATHS_PARAM $EXCLUDE_CATEGORIES_PARAM $EXCLUDE_RESULTS_PARAM $EXCLUDE_SEVERITIES_PARAM $EXCLUDE_QUERIES_PARAM $EXCLUDE_GITIGNORE $QUERIES_PARAM $VERBOSE_PARAM $IGNORE_ON_EXIT_PARAM $FAIL_ON_PARAM $TIMEOUT_PARAM $PROFILING_PARAM $BOM_PARAM $INCLUDE_QUERIES_PARAM $DISABLE_SECRETS_PARAM $DISABLE_FULL_DESCRIPTIONS_PARAM $LIBRARIES_PATH_PARAM $SECRETS_REGEXES_PATH_PARAM $CLOUD_PROVIDER" /app/bin/kics scan --no-progress $INPUT_PARAM $OUTPUT_PATH_PARAM $OUTPUT_FORMATS_PARAM $PLATFORM_TYPE_PARAM $PAYLOAD_PATH_PARAM $CONFIG_PATH_PARAM $EXCLUDE_PATHS_PARAM $EXCLUDE_CATEGORIES_PARAM $EXCLUDE_RESULTS_PARAM $EXCLUDE_SEVERITIES_PARAM $EXCLUDE_QUERIES_PARAM $EXCLUDE_GITIGNORE $QUERIES_PARAM $VERBOSE_PARAM $IGNORE_ON_EXIT_PARAM $FAIL_ON_PARAM $TIMEOUT_PARAM $PROFILING_PARAM $BOM_PARAM $INCLUDE_QUERIES_PARAM $DISABLE_SECRETS_PARAM $DISABLE_FULL_DESCRIPTIONS_PARAM $LIBRARIES_PATH_PARAM $SECRETS_REGEXES_PATH_PARAM $CLOUD_PROVIDER +echo "${DATETIME} - INF : In DIR: $GITHUB_WORKSPACE" + export KICS_EXIT_CODE=$? cp -r "${CP_PATH}" "/app/" From d1034799dc8765c41054846ced213f1b3ba2adbb Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 18:11:57 +0000 Subject: [PATCH 15/30] update config parsing --- src/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.js b/src/main.js index c6ffce7..50e51c4 100644 --- a/src/main.js +++ b/src/main.js @@ -125,7 +125,7 @@ async function main() { let enableJobsSummary = process.env.INPUT_ENABLE_JOBS_SUMMARY; const commentsWithQueries = process.env.INPUT_COMMENTS_WITH_QUERIES; const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(','); - const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH, process.env.GITHUB_WORKSPACE); + const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH, "/github/workspace"); const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE From 25bae9cdfe031820477c5e644693fee88bfe8c4e Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 18:15:31 +0000 Subject: [PATCH 16/30] update config parsing --- src/main.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main.js b/src/main.js index 50e51c4..1149041 100644 --- a/src/main.js +++ b/src/main.js @@ -55,11 +55,11 @@ function readFileContent(filePath, workspace) { try { // read file content - const stats = fs.statSync( filePath.join(workspace, filePath)); // Use fs.statSync to get file stats synchronously + const stats = fs.statSync( filepath.join(workspace, filePath)); // Use fs.statSync to get file stats synchronously if (!stats.isFile()) { throw new Error('Provided path is not a file.'); } - const data = fs.readFileSync(filePath.join(workspace, filePath), 'utf8'); // Use fs.readFileSync to read file content synchronously + const data = fs.readFileSync(filepath.join(workspace, filePath), 'utf8'); // Use fs.readFileSync to read file content synchronously return data; } catch (error) { console.error('Error reading file:', error); From f37baf7e28d91509781375dbecdfd4c708c22407 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 18:55:02 +0000 Subject: [PATCH 17/30] update config parsing --- src/main.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/main.js b/src/main.js index 1149041..4f0013e 100644 --- a/src/main.js +++ b/src/main.js @@ -25,7 +25,7 @@ async function processOutputPath(output, configPath, workspace) { if (configPath !== '' ) { [config_type, content] = await fileAnalyzer(configPath, workspace); - + console.log(`Config type: ${config_type}`); if (config_type !== '') { output = content["output-path"] || output; resultsFileName = content["output-name"] || ''; @@ -54,12 +54,14 @@ async function processOutputPath(output, configPath, workspace) { function readFileContent(filePath, workspace) { try { // read file content - - const stats = fs.statSync( filepath.join(workspace, filePath)); // Use fs.statSync to get file stats synchronously + console.log(`Reading file: ${filePath}`); + console.log(`Workspace: ${workspace}`); + const path = filepath.join(workspace, filePath); + const stats = fs.statSync( path); // Use fs.statSync to get file stats synchronously if (!stats.isFile()) { throw new Error('Provided path is not a file.'); } - const data = fs.readFileSync(filepath.join(workspace, filePath), 'utf8'); // Use fs.readFileSync to read file content synchronously + const data = fs.readFileSync(path, 'utf8'); // Use fs.readFileSync to read file content synchronously return data; } catch (error) { console.error('Error reading file:', error); @@ -125,6 +127,8 @@ async function main() { let enableJobsSummary = process.env.INPUT_ENABLE_JOBS_SUMMARY; const commentsWithQueries = process.env.INPUT_COMMENTS_WITH_QUERIES; const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(','); + console.log("Output Path: ", process.env.INPUT_OUTPUT_PATH) + console.log("Config Path: ", process.env.INPUT_CONFIG_PATH) const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH, "/github/workspace"); const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE From 8c905f57c5646346eda9b8774126c304b1c71db3 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 19:00:56 +0000 Subject: [PATCH 18/30] update config parsing --- src/main.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main.js b/src/main.js index 4f0013e..fa8873e 100644 --- a/src/main.js +++ b/src/main.js @@ -133,6 +133,7 @@ async function main() { const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE + console.log("Output Path: ", outputPath); try { const octokit = github.getOctokit(githubToken); let context = {}; From ecd9603e720c0077d07602e5cffa0c6578e4ec71 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Mon, 11 Mar 2024 19:08:19 +0000 Subject: [PATCH 19/30] update config parsing --- src/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.js b/src/main.js index fa8873e..b63c342 100644 --- a/src/main.js +++ b/src/main.js @@ -129,7 +129,7 @@ async function main() { const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(','); console.log("Output Path: ", process.env.INPUT_OUTPUT_PATH) console.log("Config Path: ", process.env.INPUT_CONFIG_PATH) - const outputPath = processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH, "/github/workspace"); + const outputPath = await processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH, "/github/workspace"); const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE From 2db4dc2205e253887f62619e29a4cd930470c1e0 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 09:25:17 +0000 Subject: [PATCH 20/30] update config parsing --- src/main.js | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/main.js b/src/main.js index b63c342..2905000 100644 --- a/src/main.js +++ b/src/main.js @@ -26,7 +26,14 @@ async function processOutputPath(output, configPath, workspace) { [config_type, content] = await fileAnalyzer(configPath, workspace); console.log(`Config type: ${config_type}`); + console.log(`Config content: ${content}`); + if (config_type !== '') { + if ( content["output-path"] !== undefined && content["output-path"] !== '' ) { + if (!filepath.startsWith('/') && !filepath.startsWith('./') && !filepath.startsWith('../')) { + content["output-path"] = "/github/workspace" + content["output-path"]; + } + } output = content["output-path"] || output; resultsFileName = content["output-name"] || ''; } @@ -57,7 +64,7 @@ function readFileContent(filePath, workspace) { console.log(`Reading file: ${filePath}`); console.log(`Workspace: ${workspace}`); const path = filepath.join(workspace, filePath); - const stats = fs.statSync( path); // Use fs.statSync to get file stats synchronously + const stats = fs.statSync(path); // Use fs.statSync to get file stats synchronously if (!stats.isFile()) { throw new Error('Provided path is not a file.'); } @@ -76,29 +83,24 @@ async function fileAnalyzer(filePath, workspace) { console.log('Error analyzing file: Empty file content'); return ['', {}]; } - // Attempt to parse as JSON + try { const jsonData = JSON.parse(fileContent); return ['json', jsonData]; } catch (jsonError) { - // Attempt to parse as HCL try { const parsed = HCL.parse(fileContent); const jsonData = JSON.parse(parsed); return ['hcl', jsonData]; } catch (hclErr) { - console.log(`Error analyzing file: ${hclErr}`); - // Attempt to parse as TOML try { temp = toml.parse(fileContent); return ['toml', temp]; } catch (tomlErr) { - // Attempt to parse as YAML try { temp = yaml.load(fileContent); return ['yaml', temp]; } catch (yamlErr) { - console.log(`Error analyzing file: ${yamlErr}`); console.log(`Error analyzing file: Invalid configuration file format`); return ['', {}]; } From 26f7422a6081892c6a08351caacfe6ec2ad185a1 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 09:29:45 +0000 Subject: [PATCH 21/30] update config parsing --- src/main.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main.js b/src/main.js index 2905000..6d38ead 100644 --- a/src/main.js +++ b/src/main.js @@ -30,7 +30,8 @@ async function processOutputPath(output, configPath, workspace) { if (config_type !== '') { if ( content["output-path"] !== undefined && content["output-path"] !== '' ) { - if (!filepath.startsWith('/') && !filepath.startsWith('./') && !filepath.startsWith('../')) { + const filePath = content["output-path"] + if (!filePath.startsWith('/') && !filePath.startsWith('./') && !filePath.startsWith('../')) { content["output-path"] = "/github/workspace" + content["output-path"]; } } From b6aeac00fb3aa7f145733f0198a429f6549e4be0 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 09:33:16 +0000 Subject: [PATCH 22/30] update config parsing --- src/main.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main.js b/src/main.js index 6d38ead..3615c88 100644 --- a/src/main.js +++ b/src/main.js @@ -26,9 +26,10 @@ async function processOutputPath(output, configPath, workspace) { [config_type, content] = await fileAnalyzer(configPath, workspace); console.log(`Config type: ${config_type}`); - console.log(`Config content: ${content}`); if (config_type !== '') { + console.log(`Config content: ${JSON.stringify(content)}`); + console.log(`Output path: ${content["output-path"]}`); if ( content["output-path"] !== undefined && content["output-path"] !== '' ) { const filePath = content["output-path"] if (!filePath.startsWith('/') && !filePath.startsWith('./') && !filePath.startsWith('../')) { From b1e0c2e776dcd52ccaa874469d86cff4e090d389 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 09:36:20 +0000 Subject: [PATCH 23/30] update config parsing --- src/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.js b/src/main.js index 3615c88..11a8e1b 100644 --- a/src/main.js +++ b/src/main.js @@ -33,7 +33,7 @@ async function processOutputPath(output, configPath, workspace) { if ( content["output-path"] !== undefined && content["output-path"] !== '' ) { const filePath = content["output-path"] if (!filePath.startsWith('/') && !filePath.startsWith('./') && !filePath.startsWith('../')) { - content["output-path"] = "/github/workspace" + content["output-path"]; + content["output-path"] = "/github/workspace/" + content["output-path"]; } } output = content["output-path"] || output; From 7693a775035f52391cc14a67b9ff3aa087ebb868 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 09:41:51 +0000 Subject: [PATCH 24/30] update config parsing --- src/main.js | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/src/main.js b/src/main.js index 11a8e1b..e91cca1 100644 --- a/src/main.js +++ b/src/main.js @@ -28,15 +28,6 @@ async function processOutputPath(output, configPath, workspace) { console.log(`Config type: ${config_type}`); if (config_type !== '') { - console.log(`Config content: ${JSON.stringify(content)}`); - console.log(`Output path: ${content["output-path"]}`); - if ( content["output-path"] !== undefined && content["output-path"] !== '' ) { - const filePath = content["output-path"] - if (!filePath.startsWith('/') && !filePath.startsWith('./') && !filePath.startsWith('../')) { - content["output-path"] = "/github/workspace/" + content["output-path"]; - } - } - output = content["output-path"] || output; resultsFileName = content["output-name"] || ''; } } @@ -131,8 +122,6 @@ async function main() { let enableJobsSummary = process.env.INPUT_ENABLE_JOBS_SUMMARY; const commentsWithQueries = process.env.INPUT_COMMENTS_WITH_QUERIES; const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(','); - console.log("Output Path: ", process.env.INPUT_OUTPUT_PATH) - console.log("Config Path: ", process.env.INPUT_CONFIG_PATH) const outputPath = await processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH, "/github/workspace"); const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE From e92201345ef1720546c3ddbb076870eb9ef4a157 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 09:49:09 +0000 Subject: [PATCH 25/30] update config parsing --- src/main.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/main.js b/src/main.js index e91cca1..bb70f32 100644 --- a/src/main.js +++ b/src/main.js @@ -33,10 +33,7 @@ async function processOutputPath(output, configPath, workspace) { } if (output === '') { - return { - path: "./", - resultsJSONFile: "./results.json" - } + output = "./"; } if (resultsFileName === '') { From 3a377e33d3ed3320ada1929f7c290207d64949b6 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 09:52:46 +0000 Subject: [PATCH 26/30] update config parsing --- src/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.js b/src/main.js index bb70f32..459c921 100644 --- a/src/main.js +++ b/src/main.js @@ -39,7 +39,7 @@ async function processOutputPath(output, configPath, workspace) { if (resultsFileName === '') { resultsFileName = filepath.join(output, "/results.json") } else { - resultsFileName = filepath.join(output, resultsFileName); + resultsFileName = filepath.join(workspace, resultsFileName); } return { From 3aa84fc7b0f54985283b28746c6157f716453511 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 09:59:54 +0000 Subject: [PATCH 27/30] remove test configs --- test/configs/hcl/config | 8 -------- test/configs/json/config | 13 ------------- test/configs/toml/config | 8 -------- test/configs/yaml/config | 13 ------------- 4 files changed, 42 deletions(-) delete mode 100644 test/configs/hcl/config delete mode 100644 test/configs/json/config delete mode 100644 test/configs/toml/config delete mode 100644 test/configs/yaml/config diff --git a/test/configs/hcl/config b/test/configs/hcl/config deleted file mode 100644 index ec41c09..0000000 --- a/test/configs/hcl/config +++ /dev/null @@ -1,8 +0,0 @@ -"path" = "assets/iac_samples" -"verbose" = true -"log-file" = true -"type" = "Dockerfile,Kubernetes" -"queries-path" = "assets/queries" -"exclude-paths" = ["foo/", "bar/"] -"output-path" = "results" -"output-name" = "res.json" \ No newline at end of file diff --git a/test/configs/json/config b/test/configs/json/config deleted file mode 100644 index 191ed20..0000000 --- a/test/configs/json/config +++ /dev/null @@ -1,13 +0,0 @@ -{ - "path": "assets/iac_samples", - "verbose": true, - "log-file": true, - "type": "Dockerfile,Kubernetes", - "queries-path": "assets/queries", - "exclude-paths": [ - "foo/", - "bar/" - ], - "output-path": "results", - "output-name": "res.json" -} \ No newline at end of file diff --git a/test/configs/toml/config b/test/configs/toml/config deleted file mode 100644 index a069953..0000000 --- a/test/configs/toml/config +++ /dev/null @@ -1,8 +0,0 @@ -path = "assets/iac_samples" -verbose = true -log-file = true -type = "Dockerfile,Kubernetes" -queries-path = "assets/queries" -exclude-paths = [ "foo/", "bar/" ] -output-path = "results" -output-name = "res.json" \ No newline at end of file diff --git a/test/configs/yaml/config b/test/configs/yaml/config deleted file mode 100644 index 49b9fcb..0000000 --- a/test/configs/yaml/config +++ /dev/null @@ -1,13 +0,0 @@ ---- -path: assets/iac_samples -verbose: true -log-file: true -type: - - Dockerfile - - Kubernetes -queries-path: assets/queries -exclude-paths: - - foo/ - - bar/ -output-path: results -output-name: res.json \ No newline at end of file From c2a286ab1c02155ede7bfc32b6e123c61e741437 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 10:07:14 +0000 Subject: [PATCH 28/30] reset entrypoint --- entrypoint.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index d9d3698..6608a66 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -80,7 +80,6 @@ echo "${DATETIME} - INF : about to scan directory $INPUT_PATH" echo "${DATETIME} - INF : kics command kics $INPUT_PARAM $OUTPUT_PATH_PARAM $OUTPUT_FORMATS_PARAM $PLATFORM_TYPE_PARAM $PAYLOAD_PATH_PARAM $CONFIG_PATH_PARAM $EXCLUDE_PATHS_PARAM $EXCLUDE_CATEGORIES_PARAM $EXCLUDE_RESULTS_PARAM $EXCLUDE_SEVERITIES_PARAM $EXCLUDE_QUERIES_PARAM $EXCLUDE_GITIGNORE $QUERIES_PARAM $VERBOSE_PARAM $IGNORE_ON_EXIT_PARAM $FAIL_ON_PARAM $TIMEOUT_PARAM $PROFILING_PARAM $BOM_PARAM $INCLUDE_QUERIES_PARAM $DISABLE_SECRETS_PARAM $DISABLE_FULL_DESCRIPTIONS_PARAM $LIBRARIES_PATH_PARAM $SECRETS_REGEXES_PATH_PARAM $CLOUD_PROVIDER" /app/bin/kics scan --no-progress $INPUT_PARAM $OUTPUT_PATH_PARAM $OUTPUT_FORMATS_PARAM $PLATFORM_TYPE_PARAM $PAYLOAD_PATH_PARAM $CONFIG_PATH_PARAM $EXCLUDE_PATHS_PARAM $EXCLUDE_CATEGORIES_PARAM $EXCLUDE_RESULTS_PARAM $EXCLUDE_SEVERITIES_PARAM $EXCLUDE_QUERIES_PARAM $EXCLUDE_GITIGNORE $QUERIES_PARAM $VERBOSE_PARAM $IGNORE_ON_EXIT_PARAM $FAIL_ON_PARAM $TIMEOUT_PARAM $PROFILING_PARAM $BOM_PARAM $INCLUDE_QUERIES_PARAM $DISABLE_SECRETS_PARAM $DISABLE_FULL_DESCRIPTIONS_PARAM $LIBRARIES_PATH_PARAM $SECRETS_REGEXES_PATH_PARAM $CLOUD_PROVIDER -echo "${DATETIME} - INF : In DIR: $GITHUB_WORKSPACE" export KICS_EXIT_CODE=$? @@ -88,8 +87,6 @@ cp -r "${CP_PATH}" "/app/" cd /app -# ec - # install and run nodejs apk add --update nodejs npm npm ci From eb074742c12b42feffd894a6061cb3e626ce5328 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 12 Mar 2024 10:20:44 +0000 Subject: [PATCH 29/30] reset entrypoint --- entrypoint.sh | 1 - src/main.js | 5 +++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 6608a66..7f606bd 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -80,7 +80,6 @@ echo "${DATETIME} - INF : about to scan directory $INPUT_PATH" echo "${DATETIME} - INF : kics command kics $INPUT_PARAM $OUTPUT_PATH_PARAM $OUTPUT_FORMATS_PARAM $PLATFORM_TYPE_PARAM $PAYLOAD_PATH_PARAM $CONFIG_PATH_PARAM $EXCLUDE_PATHS_PARAM $EXCLUDE_CATEGORIES_PARAM $EXCLUDE_RESULTS_PARAM $EXCLUDE_SEVERITIES_PARAM $EXCLUDE_QUERIES_PARAM $EXCLUDE_GITIGNORE $QUERIES_PARAM $VERBOSE_PARAM $IGNORE_ON_EXIT_PARAM $FAIL_ON_PARAM $TIMEOUT_PARAM $PROFILING_PARAM $BOM_PARAM $INCLUDE_QUERIES_PARAM $DISABLE_SECRETS_PARAM $DISABLE_FULL_DESCRIPTIONS_PARAM $LIBRARIES_PATH_PARAM $SECRETS_REGEXES_PATH_PARAM $CLOUD_PROVIDER" /app/bin/kics scan --no-progress $INPUT_PARAM $OUTPUT_PATH_PARAM $OUTPUT_FORMATS_PARAM $PLATFORM_TYPE_PARAM $PAYLOAD_PATH_PARAM $CONFIG_PATH_PARAM $EXCLUDE_PATHS_PARAM $EXCLUDE_CATEGORIES_PARAM $EXCLUDE_RESULTS_PARAM $EXCLUDE_SEVERITIES_PARAM $EXCLUDE_QUERIES_PARAM $EXCLUDE_GITIGNORE $QUERIES_PARAM $VERBOSE_PARAM $IGNORE_ON_EXIT_PARAM $FAIL_ON_PARAM $TIMEOUT_PARAM $PROFILING_PARAM $BOM_PARAM $INCLUDE_QUERIES_PARAM $DISABLE_SECRETS_PARAM $DISABLE_FULL_DESCRIPTIONS_PARAM $LIBRARIES_PATH_PARAM $SECRETS_REGEXES_PATH_PARAM $CLOUD_PROVIDER - export KICS_EXIT_CODE=$? cp -r "${CP_PATH}" "/app/" diff --git a/src/main.js b/src/main.js index 459c921..9bcf7ea 100644 --- a/src/main.js +++ b/src/main.js @@ -20,7 +20,8 @@ function cleanupOutput(resultsJSONFile, outputFormats) { } } -async function processOutputPath(output, configPath, workspace) { +async function processOutputPath(output, configPath) { + const workspace = "/github/workspace" let resultsFileName = ''; if (configPath !== '' ) { @@ -119,7 +120,7 @@ async function main() { let enableJobsSummary = process.env.INPUT_ENABLE_JOBS_SUMMARY; const commentsWithQueries = process.env.INPUT_COMMENTS_WITH_QUERIES; const excludedColumnsForCommentsWithQueries = process.env.INPUT_EXCLUDED_COLUMNS_FOR_COMMENTS_WITH_QUERIES.split(','); - const outputPath = await processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH, "/github/workspace"); + const outputPath = await processOutputPath(process.env.INPUT_OUTPUT_PATH, process.env.INPUT_CONFIG_PATH); const outputFormats = process.env.INPUT_OUTPUT_FORMATS; const exitCode = process.env.KICS_EXIT_CODE From 0fe772ce852c52b03c97e25a5006685126c4a94b Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Wed, 13 Mar 2024 12:17:30 +0000 Subject: [PATCH 30/30] add case for no extension --- src/main.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main.js b/src/main.js index 9bcf7ea..762ae42 100644 --- a/src/main.js +++ b/src/main.js @@ -26,10 +26,15 @@ async function processOutputPath(output, configPath) { if (configPath !== '' ) { [config_type, content] = await fileAnalyzer(configPath, workspace); - console.log(`Config type: ${config_type}`); if (config_type !== '') { resultsFileName = content["output-name"] || ''; + if (resultsFileName !== '') { + // if the output file name does not have an extension, add .json + if (!resultsFileName.includes('.')) { + resultsFileName = resultsFileName + ".json"; + } + } } }