1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-08 08:45:48 +00:00
govulncheck-action/run-local.js
Jason Hall b288fc77b2
Fix parser to handle multi-line JSON format and add local testing
This commit fixes the parser to handle both JSON lines and multi-line JSON
formats from govulncheck, and adds tools for local testing:

- Updated parser to detect and handle both JSON lines and pretty-printed JSON
- Added logic to skip govulncheck installation if already present
- Created run-local.js for testing the action locally without GitHub Actions
- Added test:local npm script for easy local testing
- Changed example to use a version of golang.org/x/net with known vulnerabilities

The parser now correctly identifies 14 vulnerabilities in the example,
including ones that trace to the html.Parse call in main.go.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-07 00:14:39 -04:00

81 lines
No EOL
2.4 KiB
JavaScript
Executable file

#!/usr/bin/env node
// Standalone script to run govulncheck locally
const GovulncheckRunner = require('./lib/govulncheck');
const VulnerabilityParser = require('./lib/parser');
const AnnotationCreator = require('./lib/annotator');
// Mock core for local testing
const mockCore = {
info: (message) => console.log(`[INFO] ${message}`),
warning: (message, properties) => {
console.log(`[WARNING] ${message}`);
if (properties) {
console.log(` Annotation:`, JSON.stringify(properties, null, 2));
}
}
};
async function runLocal() {
const workingDirectory = process.argv[2] || './example';
console.log(`Running govulncheck in ${workingDirectory}...`);
const govulncheck = new GovulncheckRunner();
const parser = new VulnerabilityParser();
const annotator = new AnnotationCreator(mockCore);
try {
// Change to working directory
if (workingDirectory !== '.') {
console.log(`Changing to directory: ${workingDirectory}`);
process.chdir(workingDirectory);
}
// Install/check govulncheck
console.log('Checking govulncheck installation...');
await govulncheck.install();
// Run govulncheck
console.log('Running govulncheck...');
const { output, errorOutput } = await govulncheck.run();
if (errorOutput) {
console.log(`[STDERR] ${errorOutput}`);
}
// Show raw output length
console.log(`[INFO] Raw output length: ${output.length} characters`);
// Parse results
const vulnerabilities = parser.parse(output);
// Create annotations
await annotator.createAnnotations(vulnerabilities, parser, '.');
// Summary
console.log('\n=== SUMMARY ===');
console.log(`Total vulnerabilities found: ${vulnerabilities.length}`);
if (vulnerabilities.length > 0) {
console.log('\nVulnerabilities:');
vulnerabilities.forEach((v, i) => {
console.log(`\n${i + 1}. ${v.finding?.osv || 'Unknown'}`);
if (v.finding?.trace) {
console.log(' Trace:');
v.finding.trace.forEach((t, j) => {
console.log(` ${j + 1}. ${t.module || t.package || 'unknown'} - ${t.function || 'unknown function'}`);
if (t.position) {
console.log(` at ${t.position.filename}:${t.position.line}`);
}
});
}
});
}
} catch (error) {
console.error('Error:', error.message);
process.exit(1);
}
}
runLocal();