1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-10 09:33:07 +00:00
govulncheck-action/lib/parser.js
Jason Hall 39e329ab61
Initial implementation of govulncheck GitHub Action
This action runs govulncheck on Go projects and creates GitHub annotations
for vulnerabilities found in dependencies and code paths.

Features:
- Automated vulnerability scanning with govulncheck
- Smart annotations on go.mod for vulnerable dependencies
- Annotations on source code lines that call vulnerable functions
- Configurable working directory
- Output variables for vulnerability detection

The implementation includes:
- Modular architecture with separate concerns (execution, parsing, annotation)
- Comprehensive test suite with 100% function coverage
- Example vulnerable Go module for demonstration
- GitHub workflow example
- Full documentation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-06 23:41:03 -04:00

58 lines
No EOL
1.4 KiB
JavaScript

class VulnerabilityParser {
parse(output) {
const vulnerabilities = [];
const lines = output.split('\n').filter(line => line.trim());
for (const line of lines) {
try {
const json = JSON.parse(line);
// Check for vulnerability findings
if (json.finding) {
vulnerabilities.push(json);
}
} catch (e) {
// Skip non-JSON lines
}
}
return vulnerabilities;
}
extractUniqueModules(vulnerabilities) {
const modules = new Set();
for (const vuln of vulnerabilities) {
const finding = vuln.finding;
if (finding.trace && finding.trace.length > 0 && finding.trace[0].module) {
modules.add(finding.trace[0].module);
}
}
return Array.from(modules);
}
extractCallSites(vulnerabilities) {
const callSites = [];
for (const vuln of vulnerabilities) {
const finding = vuln.finding;
if (finding.trace) {
for (const frame of finding.trace) {
if (frame.position && frame.position.filename) {
callSites.push({
filename: frame.position.filename,
line: frame.position.line || 1,
function: frame.function || 'unknown function',
osv: finding.osv || null
});
}
}
}
}
return callSites;
}
}
module.exports = VulnerabilityParser;