1 | #!/user/bin/node
|
2 | const Common = require('./common.js');
|
3 | const Vcs = require('./vcs.js');
|
4 | const Files = require('./file.js');
|
5 | const Transport = require('./transport.js');
|
6 |
|
7 | const ArgumentParser = require('argparse').ArgumentParser;
|
8 | const Path = require('path');
|
9 |
|
10 | const parser = new ArgumentParser({
|
11 | version: '1.0.4',
|
12 | addHelp:true,
|
13 | description: 'NPM security plugin'
|
14 | });
|
15 | parser.addArgument(
|
16 | [ '-t', '--token' ],
|
17 | {
|
18 | help: 'Token used to identify report provider.'
|
19 | }
|
20 | );
|
21 | parser.addArgument(
|
22 | [ '-o', '--output_path' ],
|
23 | {
|
24 | help: 'Output file absolute path [optional]'
|
25 | }
|
26 | );
|
27 | parser.addArgument(
|
28 | [ '-p', '--port' ],
|
29 | {
|
30 | help: 'Port to be used to transport report to reshift (443 by default) [optional]'
|
31 | }
|
32 | );
|
33 | parser.addArgument(
|
34 | [ '-u', '--host' ],
|
35 | {
|
36 | help: 'Host to be used to transport report to (\'reshift.softwaresecured.com\' by default) [optional]'
|
37 | }
|
38 | );
|
39 | const args = parser.parseArgs();
|
40 |
|
41 |
|
42 |
|
43 |
|
44 |
|
45 |
|
46 |
|
47 |
|
48 | function runAudit(root_path){
|
49 | var data = Common.systemSync('ls', root_path);
|
50 | if (data.includes('package.json')) {
|
51 |
|
52 | if (! data.includes('package-lock.json')){
|
53 | console.log('INFO - Creating locks for dependency checker.');
|
54 | Common.systemSync('npm i --package-lock-only', root_path);
|
55 | }
|
56 | console.log(Common.systemSync('npm audit --json', root_path));
|
57 | return Common.systemSync('npm audit --json', root_path);
|
58 | }
|
59 | else{
|
60 | console.log('INFO - Unable to locate base package information, are you sure package.json included?');
|
61 | return null;
|
62 | }
|
63 | };
|
64 |
|
65 |
|
66 |
|
67 |
|
68 |
|
69 |
|
70 |
|
71 |
|
72 |
|
73 | function processResult(data, start, root_path){
|
74 |
|
75 | var host_name = Common.systemSync('hostname')
|
76 | var raw_data = JSON.parse(data);
|
77 |
|
78 |
|
79 | var root_json = {};
|
80 | Files.walkDir(root_path, root_json);
|
81 | var is_git = Files.isGit(root_json);
|
82 |
|
83 |
|
84 | var git_hash = null, proj_name = null, blame_inf = null, git_url = null;
|
85 | if (is_git){
|
86 | git_hash = Vcs.getHash(root_path);
|
87 | proj_name = Vcs.getProject(root_path);
|
88 | blame_inf = Vcs.getBlame(root_path);
|
89 | git_url = Vcs.getURL(root_path);
|
90 | }
|
91 |
|
92 |
|
93 | var package = Files.loadPackage(root_path + '/package.json');
|
94 | var dep_lists = Files.getDependencyList(package);
|
95 | var blm_lists = Vcs.parseBlm(blame_inf, dep_lists);
|
96 |
|
97 | var status = 0;
|
98 |
|
99 | var bundle = {}, date_time = {}, project = {}, project_meta = {}, vcs_info = {};
|
100 | bundle['Date'] = date_time;
|
101 | date_time['Start'] = start;
|
102 | bundle['Machine Name'] = host_name;
|
103 | bundle['Project'] = project;
|
104 | project['Dependency Report'] = raw_data;
|
105 | project['Project Meta'] = project_meta;
|
106 | project_meta['Project Name'] = proj_name;
|
107 | project_meta['Dependencies'] = dep_lists;
|
108 | project_meta['Absolute pth'] = root_path;
|
109 | project_meta['Exit Code'] = status;
|
110 | project_meta['VCS Info'] = vcs_info;
|
111 | project_meta['File Info'] = root_json;
|
112 | project_meta['Root'] = '.';
|
113 | vcs_info['Git Url'] = git_url;
|
114 | vcs_info['Git Hash'] = git_hash;
|
115 | vcs_info['blm_lists'] = blm_lists;
|
116 |
|
117 | return bundle;
|
118 | }
|
119 |
|
120 |
|
121 |
|
122 |
|
123 |
|
124 |
|
125 |
|
126 |
|
127 |
|
128 |
|
129 | function main(token, isSend = true){
|
130 | if (args['token'] == null){
|
131 | console.log('INFO - System exit since no token provided.');
|
132 | console.log('INFO - Use \'-h\' argument to see help.')
|
133 | return null;
|
134 | }
|
135 |
|
136 | var root_path = Files.correctRoot(Files.getCWD());
|
137 | console.log("INFO - Verifying token.")
|
138 |
|
139 | var token = args['token'];
|
140 | var start = new Date().getUTCDate();
|
141 | var data = runAudit(root_path);
|
142 |
|
143 | console.log("INFO - Creating dependency report.")
|
144 |
|
145 | if (data == null){
|
146 | console.log('INFO - System exit since no project found.');
|
147 | return null;
|
148 | };
|
149 |
|
150 | result = processResult(data, start, root_path);
|
151 |
|
152 | var end = new Date().getUTCDate();
|
153 | result['Date']['End'] = end;
|
154 |
|
155 | if (args['output_path'] == null){
|
156 | Transport.sendResult(token, result, args['host'], args['port'])
|
157 | return null;
|
158 | }
|
159 | else{
|
160 | Files.saveResult(args['output_path'], result)
|
161 | return result;
|
162 | }
|
163 | };
|
164 |
|
165 |
|
166 | main(null, false);
|