mirror of
https://github.com/imjasonh/govulncheck-action
synced 2026-07-08 08:45:48 +00:00
This commit fixes the parser to handle both JSON lines and multi-line JSON formats from govulncheck, and adds tools for local testing: - Updated parser to detect and handle both JSON lines and pretty-printed JSON - Added logic to skip govulncheck installation if already present - Created run-local.js for testing the action locally without GitHub Actions - Added test:local npm script for easy local testing - Changed example to use a version of golang.org/x/net with known vulnerabilities The parser now correctly identifies 14 vulnerabilities in the example, including ones that trace to the html.Parse call in main.go. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
81 lines
No EOL
2.4 KiB
JavaScript
Executable file
81 lines
No EOL
2.4 KiB
JavaScript
Executable file
#!/usr/bin/env node
|
|
|
|
// Standalone script to run govulncheck locally
|
|
const GovulncheckRunner = require('./lib/govulncheck');
|
|
const VulnerabilityParser = require('./lib/parser');
|
|
const AnnotationCreator = require('./lib/annotator');
|
|
|
|
// Mock core for local testing
|
|
const mockCore = {
|
|
info: (message) => console.log(`[INFO] ${message}`),
|
|
warning: (message, properties) => {
|
|
console.log(`[WARNING] ${message}`);
|
|
if (properties) {
|
|
console.log(` Annotation:`, JSON.stringify(properties, null, 2));
|
|
}
|
|
}
|
|
};
|
|
|
|
async function runLocal() {
|
|
const workingDirectory = process.argv[2] || './example';
|
|
console.log(`Running govulncheck in ${workingDirectory}...`);
|
|
|
|
const govulncheck = new GovulncheckRunner();
|
|
const parser = new VulnerabilityParser();
|
|
const annotator = new AnnotationCreator(mockCore);
|
|
|
|
try {
|
|
// Change to working directory
|
|
if (workingDirectory !== '.') {
|
|
console.log(`Changing to directory: ${workingDirectory}`);
|
|
process.chdir(workingDirectory);
|
|
}
|
|
|
|
// Install/check govulncheck
|
|
console.log('Checking govulncheck installation...');
|
|
await govulncheck.install();
|
|
|
|
// Run govulncheck
|
|
console.log('Running govulncheck...');
|
|
const { output, errorOutput } = await govulncheck.run();
|
|
|
|
if (errorOutput) {
|
|
console.log(`[STDERR] ${errorOutput}`);
|
|
}
|
|
|
|
// Show raw output length
|
|
console.log(`[INFO] Raw output length: ${output.length} characters`);
|
|
|
|
// Parse results
|
|
const vulnerabilities = parser.parse(output);
|
|
|
|
// Create annotations
|
|
await annotator.createAnnotations(vulnerabilities, parser, '.');
|
|
|
|
// Summary
|
|
console.log('\n=== SUMMARY ===');
|
|
console.log(`Total vulnerabilities found: ${vulnerabilities.length}`);
|
|
|
|
if (vulnerabilities.length > 0) {
|
|
console.log('\nVulnerabilities:');
|
|
vulnerabilities.forEach((v, i) => {
|
|
console.log(`\n${i + 1}. ${v.finding?.osv || 'Unknown'}`);
|
|
if (v.finding?.trace) {
|
|
console.log(' Trace:');
|
|
v.finding.trace.forEach((t, j) => {
|
|
console.log(` ${j + 1}. ${t.module || t.package || 'unknown'} - ${t.function || 'unknown function'}`);
|
|
if (t.position) {
|
|
console.log(` at ${t.position.filename}:${t.position.line}`);
|
|
}
|
|
});
|
|
}
|
|
});
|
|
}
|
|
|
|
} catch (error) {
|
|
console.error('Error:', error.message);
|
|
process.exit(1);
|
|
}
|
|
}
|
|
|
|
runLocal(); |