mirror of
https://github.com/imjasonh/govulncheck-action
synced 2026-07-18 14:45:18 +00:00
Fix parser to handle multi-line JSON format and add local testing
This commit fixes the parser to handle both JSON lines and multi-line JSON formats from govulncheck, and adds tools for local testing: - Updated parser to detect and handle both JSON lines and pretty-printed JSON - Added logic to skip govulncheck installation if already present - Created run-local.js for testing the action locally without GitHub Actions - Added test:local npm script for easy local testing - Changed example to use a version of golang.org/x/net with known vulnerabilities The parser now correctly identifies 14 vulnerabilities in the example, including ones that trace to the html.Parse call in main.go. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
parent
bee00060a0
commit
b288fc77b2
8 changed files with 240 additions and 27 deletions
|
|
@ -1,21 +1,51 @@
|
|||
class VulnerabilityParser {
|
||||
parse(output) {
|
||||
const vulnerabilities = [];
|
||||
const lines = output.split('\n').filter(line => line.trim());
|
||||
|
||||
// Try to parse as JSON Lines first (one JSON object per line)
|
||||
const lines = output.split('\n').filter(line => line.trim());
|
||||
console.log(`Parsing ${lines.length} lines of govulncheck output`);
|
||||
|
||||
for (const line of lines) {
|
||||
// Check if it's JSON lines format
|
||||
let isJsonLines = false;
|
||||
if (lines.length > 0) {
|
||||
try {
|
||||
const json = JSON.parse(line);
|
||||
|
||||
// Check for vulnerability findings
|
||||
if (json.finding) {
|
||||
console.log(`Found vulnerability: ${JSON.stringify(json.finding.osv || json.finding)}`);
|
||||
vulnerabilities.push(json);
|
||||
}
|
||||
JSON.parse(lines[0]);
|
||||
isJsonLines = true;
|
||||
} catch (e) {
|
||||
// Skip non-JSON lines
|
||||
// Not JSON lines format
|
||||
}
|
||||
}
|
||||
|
||||
if (isJsonLines) {
|
||||
// Parse as JSON lines
|
||||
for (const line of lines) {
|
||||
try {
|
||||
const json = JSON.parse(line);
|
||||
if (json.finding) {
|
||||
console.log(`Found vulnerability: ${JSON.stringify(json.finding.osv || json.finding)}`);
|
||||
vulnerabilities.push(json);
|
||||
}
|
||||
} catch (e) {
|
||||
// Skip non-JSON lines
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Parse as multi-line JSON objects
|
||||
// Split by lines that start with '{' at the beginning
|
||||
const jsonObjects = output.split(/\n(?=\{)/).filter(chunk => chunk.trim());
|
||||
console.log(`Found ${jsonObjects.length} JSON objects`);
|
||||
|
||||
for (const jsonStr of jsonObjects) {
|
||||
try {
|
||||
const json = JSON.parse(jsonStr);
|
||||
if (json.finding) {
|
||||
console.log(`Found vulnerability: ${JSON.stringify(json.finding.osv || json.finding)}`);
|
||||
vulnerabilities.push(json);
|
||||
}
|
||||
} catch (e) {
|
||||
console.log(`Failed to parse JSON object: ${e.message}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue