mirror of
https://github.com/imjasonh/govulncheck-action
synced 2026-07-18 14:45:18 +00:00
build: migrate to ESM and esbuild
Updates the project to use ESM modules and replaces ncc with esbuild. This fixes build failures caused by newer @actions/core versions which use strict ESM exports that ncc cannot resolve. Also updates tests to use ESM and dependency injection. Signed-off-by: Jason Hall <imjasonh@gmail.com>
This commit is contained in:
parent
a6757f0e87
commit
c4a3cd53b0
17 changed files with 22935 additions and 28919 deletions
|
|
@ -2,11 +2,11 @@ class VulnerabilityParser {
|
|||
parse(output) {
|
||||
const vulnerabilities = [];
|
||||
const osvDetails = {};
|
||||
|
||||
|
||||
// Try to parse as JSON Lines first (one JSON object per line)
|
||||
const lines = output.split('\n').filter(line => line.trim());
|
||||
const lines = output.split('\n').filter((line) => line.trim());
|
||||
console.log(`Parsing ${lines.length} lines of govulncheck output`);
|
||||
|
||||
|
||||
// Try to parse each line as JSON first (JSON lines format)
|
||||
let foundValidData = false;
|
||||
for (const line of lines) {
|
||||
|
|
@ -25,13 +25,13 @@ class VulnerabilityParser {
|
|||
// Skip non-JSON lines
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!foundValidData) {
|
||||
// Parse as multi-line JSON objects
|
||||
// Split by lines that start with '{' at the beginning
|
||||
const jsonObjects = output.split(/\n(?=\{)/).filter(chunk => chunk.trim());
|
||||
const jsonObjects = output.split(/\n(?=\{)/).filter((chunk) => chunk.trim());
|
||||
console.log(`Found ${jsonObjects.length} JSON objects`);
|
||||
|
||||
|
||||
for (const jsonStr of jsonObjects) {
|
||||
try {
|
||||
const json = JSON.parse(jsonStr);
|
||||
|
|
@ -47,40 +47,40 @@ class VulnerabilityParser {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Attach OSV details to vulnerabilities
|
||||
for (const vuln of vulnerabilities) {
|
||||
if (vuln.finding.osv && osvDetails[vuln.finding.osv]) {
|
||||
vuln.osvDetails = osvDetails[vuln.finding.osv];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
console.log(`Parsed ${vulnerabilities.length} vulnerabilities`);
|
||||
return vulnerabilities;
|
||||
}
|
||||
|
||||
extractUniqueModules(vulnerabilities) {
|
||||
const modules = new Set();
|
||||
|
||||
|
||||
for (const vuln of vulnerabilities) {
|
||||
const finding = vuln.finding;
|
||||
if (finding.trace && finding.trace.length > 0 && finding.trace[0].module) {
|
||||
modules.add(finding.trace[0].module);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return Array.from(modules);
|
||||
}
|
||||
|
||||
extractCallSites(vulnerabilities) {
|
||||
const callSites = [];
|
||||
|
||||
|
||||
for (const vuln of vulnerabilities) {
|
||||
const finding = vuln.finding;
|
||||
if (finding.trace && finding.trace.length > 0) {
|
||||
// The first frame in the trace is the vulnerable function
|
||||
const vulnerableFunction = finding.trace[0].function || 'unknown function';
|
||||
|
||||
|
||||
// Look for frames that represent our code (not the vulnerable library)
|
||||
for (let i = 1; i < finding.trace.length; i++) {
|
||||
const frame = finding.trace[i];
|
||||
|
|
@ -93,15 +93,15 @@ class VulnerabilityParser {
|
|||
vulnerableFunction: vulnerableFunction,
|
||||
osv: finding.osv || null,
|
||||
osvDetails: vuln.osvDetails || null,
|
||||
fixedVersion: finding.fixed_version || null
|
||||
fixedVersion: finding.fixed_version || null,
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return callSites;
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = VulnerabilityParser;
|
||||
export default VulnerabilityParser;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue