From b741f669d0e74bbea6252f0f00e5c246441b29bb Mon Sep 17 00:00:00 2001 From: Liliana Kastilio Date: Wed, 21 Aug 2019 15:48:43 +0100 Subject: [PATCH] feat: sort all vulns by severity before display --- .../remediation-based-format-issues.ts | 18 ++++++++++++++++-- src/cli/commands/test/index.ts | 6 +----- src/lib/snyk-test/common.ts | 16 ++++++++++++---- src/lib/snyk-test/legacy.ts | 15 ++++++++------- src/lib/types.ts | 3 ++- 5 files changed, 39 insertions(+), 19 deletions(-) diff --git a/src/cli/commands/test/formatters/remediation-based-format-issues.ts b/src/cli/commands/test/formatters/remediation-based-format-issues.ts index 4ad0ee9eab..46f2986bd3 100644 --- a/src/cli/commands/test/formatters/remediation-based-format-issues.ts +++ b/src/cli/commands/test/formatters/remediation-based-format-issues.ts @@ -4,6 +4,7 @@ import * as config from '../../../../lib/config'; import { TestOptions } from '../../../../lib/types'; import { RemediationResult, PatchRemediation, DependencyUpdates, IssueData, SEVERITY, GroupedVuln } from '../../../../lib/snyk-test/legacy'; +import { SEVERITIES } from '../../../../lib/snyk-test/common'; interface BasicVulnInfo { title: string; @@ -56,6 +57,10 @@ export function formatIssuesWithRemediation( return results; } +export function getSeverityValue(severity: SEVERITY): number { + return SEVERITIES.find((s) => s.verboseName === severity)!.value; +} + function constructPatchesText( patches: { [name: string]: PatchRemediation; @@ -69,6 +74,7 @@ function constructPatchesText( return []; } const patchedTextArray = [chalk.bold.green('\nPatchable issues:')]; + for (const id of Object.keys(patches)) { // todo: add vulnToPatch package name const packageAtVersion = `${basicVulnInfo[id].name}@${basicVulnInfo[id].version}`; @@ -104,6 +110,7 @@ function constructUpgradesText( const upgradeText = `\n Upgrade ${chalk.bold.whiteBright(upgrade)} to ${chalk.bold.whiteBright(upgradeDepTo)} to fix\n`; const thisUpgradeFixes = vulnIds + .sort((a, b) => getSeverityValue(basicVulnInfo[a].severity) - getSeverityValue(basicVulnInfo[b].severity)) .map((id) => formatIssue( id, basicVulnInfo[id].title, @@ -125,9 +132,16 @@ function constructUnfixableText(unresolved: IssueData[]) { const extraInfo = issue.fixedIn && issue.fixedIn.length ? `\n This issue was fixed in versions: ${chalk.bold(issue.fixedIn.join(', '))}` : '\n No upgrade or patch available'; - const packageNameAtVersion = chalk.bold.whiteBright(`\n ${issue.packageName}@${issue.version}\n`); + const packageNameAtVersion = chalk.bold + .whiteBright(`\n ${issue.packageName}@${issue.version}\n`); unfixableIssuesTextArray - .push(packageNameAtVersion + formatIssue(issue.id, issue.title, issue.severity, issue.isNew) + `${extraInfo}`); + .push(packageNameAtVersion + + formatIssue( + issue.id, + issue.title, + issue.severity, + issue.isNew) + `${extraInfo}`, + ); } return unfixableIssuesTextArray; diff --git a/src/cli/commands/test/index.ts b/src/cli/commands/test/index.ts index 15b4a1c0ec..24d594c705 100644 --- a/src/cli/commands/test/index.ts +++ b/src/cli/commands/test/index.ts @@ -14,7 +14,7 @@ import { MethodArgs } from '../../args'; import { LegacyVulnApiResult, SEVERITY, GroupedVuln, VulnMetaData } from '../../../lib/snyk-test/legacy'; import { formatIssues } from './formatters/legacy-format-issue'; import { WIZARD_SUPPORTED_PACKAGE_MANAGERS } from '../../../lib/package-managers'; -import { formatIssuesWithRemediation } from './formatters/remediation-based-format-issues'; +import { formatIssuesWithRemediation, getSeverityValue } from './formatters/remediation-based-format-issues'; const debug = Debug('snyk'); const SEPARATOR = '\n-------------------------------------------------------\n'; @@ -451,10 +451,6 @@ function validateSeverityThreshold(severityThreshold) { .indexOf(severityThreshold) > -1; } -function getSeverityValue(severity) { - return SEVERITIES.find((severityObj) => severityObj.verboseName === severity)!.value; -} - // This is all a copy from Registry snapshots/index function isVulnFixable(vuln) { return vuln.isUpgradable || vuln.isPatchable; diff --git a/src/lib/snyk-test/common.ts b/src/lib/snyk-test/common.ts index 92d33ea6db..eb20c35ad1 100644 --- a/src/lib/snyk-test/common.ts +++ b/src/lib/snyk-test/common.ts @@ -20,17 +20,25 @@ export function assembleQueryString(options) { return Object.keys(qs).length !== 0 ? qs : null; } -export const SEVERITIES = [ +enum SEVERITY { + LOW = 'low', + MEDIUM = 'medium', + HIGH = 'high', +} +export const SEVERITIES: Array<{ + verboseName: SEVERITY, + value: number, +}> = [ { - verboseName: 'low', + verboseName: SEVERITY.LOW, value: 1, }, { - verboseName: 'medium', + verboseName: SEVERITY.MEDIUM, value: 2, }, { - verboseName: 'high', + verboseName: SEVERITY.HIGH, value: 3, }, ]; diff --git a/src/lib/snyk-test/legacy.ts b/src/lib/snyk-test/legacy.ts index 4179134260..30b0684432 100644 --- a/src/lib/snyk-test/legacy.ts +++ b/src/lib/snyk-test/legacy.ts @@ -1,6 +1,7 @@ import * as _ from 'lodash'; import * as depGraphLib from '@snyk/dep-graph'; import { SupportedPackageManagers } from '../package-managers'; +import { SEVERITIES } from './common'; interface Pkg { name: string; @@ -219,7 +220,7 @@ function convertTestDepGraphResultToLegacy( res: TestDepGraphResponse, depGraph: depGraphLib.DepGraph, packageManager: string, - severityThreshold?: string): LegacyVulnApiResult { + severityThreshold?: SEVERITY): LegacyVulnApiResult { const result = res.result; @@ -290,7 +291,7 @@ function convertTestDepGraphResultToLegacy( const meta = res.meta || {}; - severityThreshold = (severityThreshold === 'low') ? undefined : severityThreshold; + severityThreshold = (severityThreshold === SEVERITY.LOW) ? undefined : severityThreshold; const legacyRes: LegacyVulnApiResult = { vulnerabilities: vulns, @@ -335,15 +336,15 @@ function toLegacyPkgId(pkg: Pkg) { return `${pkg.name}@${pkg.version || '*'}`; } -function getSummary(vulns: object[], severityThreshold?: string): string { +function getSummary(vulns: object[], severityThreshold?: SEVERITY): string { const count = vulns.length; let countText = '' + count; const severityFilters: string[] = []; - - const SEVERITIES = ['low', 'medium', 'high']; - + const severitiesArray = SEVERITIES.map((s) => s.verboseName); if (severityThreshold) { - SEVERITIES.slice(SEVERITIES.indexOf(severityThreshold)).forEach((sev) => { + severitiesArray + .slice(severitiesArray.indexOf(severityThreshold)) + .forEach((sev) => { severityFilters.push(sev); }); } diff --git a/src/lib/types.ts b/src/lib/types.ts index 503f9514e2..5559db6bc2 100644 --- a/src/lib/types.ts +++ b/src/lib/types.ts @@ -1,5 +1,6 @@ import { SupportedPackageManagers } from './package-managers'; import { legacyCommon as legacyApi } from '@snyk/cli-interface'; +import { SEVERITY } from './snyk-test/legacy'; export interface PluginMetadata { name: string; @@ -49,7 +50,7 @@ export interface Options { packageManager: SupportedPackageManagers; advertiseSubprojectsCount?: number; subProjectNames?: string[]; - severityThreshold?: string; + severityThreshold?: SEVERITY; dev?: boolean; 'print-deps'?: boolean; }