[trivy] Modify a method to validate trivy option

homoluctus · homoluctus · commit 8bbdc8414d41 · 2019-12-07T07:16:53.000+09:00
diff --git a/dist/index.js b/dist/index.js
@@ -6588,14 +6588,15 @@ function run() {
             };
             const downloader = new trivy_1.Downloader();
             const trivyCmdPath = yield downloader.download(trivyVersion);
-            const result = trivy_1.Trivy.scan(trivyCmdPath, image, trivyOption);
+            const trivy = new trivy_1.Trivy();
+            const result = trivy.scan(trivyCmdPath, image, trivyOption);
             if (!issueFlag) {
                 core.info(`Not create a issue because issue parameter is false.
         Vulnerabilities:
         ${result}`);
                 return;
             }
-            const issueContent = trivy_1.Trivy.parse(result);
+            const issueContent = trivy.parse(result);
             if (issueContent === '') {
                 core.info('Vulnerabilities were not found.\nYour maintenance looks good 👍');
                 return;
@@ -13315,8 +13316,8 @@ Downloader.trivyRepository = {
     repo: 'trivy',
 };
 class Trivy {
-    static scan(trivyPath, image, option) {
-        Trivy.validateOption(option);
+    scan(trivyPath, image, option) {
+        this.validateOption(option);
         const args = [
             '--severity',
             option.severity,
@@ -13345,7 +13346,7 @@ class Trivy {
       erorr: ${result.error}
     `);
     }
-    static parse(vulnerabilities) {
+    parse(vulnerabilities) {
         let issueContent = '';
         for (const vuln of vulnerabilities) {
             if (vuln.Vulnerabilities === null)
@@ -13368,23 +13369,36 @@ class Trivy {
         }
         return issueContent;
     }
-    static validateOption(option) {
+    validateOption(option) {
+        this.validateSeverity(option.severity.split(','));
+        this.validateVulnType(option.vulnType.split(','));
+    }
+    validateSeverity(severities) {
         const allowedSeverities = /UNKNOWN|LOW|MEDIUM|HIGH|CRITICAL/;
-        const allowedVulnTypes = /os|library/;
-        for (const severity of option.severity.split(',')) {
-            if (!allowedSeverities.test(severity)) {
-                throw new Error(`severity option error: ${severity} is unknown severity`);
-            }
+        if (!validateArrayOption(allowedSeverities, severities)) {
+            throw new Error(`Trivy option error: ${severities.join(',')} is unknown severity.
+        Trivy supports UNKNOWN, LOW, MEDIUM, HIGH and CRITICAL.`);
         }
-        for (const vulnType of option.vulnType.split(',')) {
-            if (!allowedVulnTypes.test(vulnType)) {
-                throw new Error(`vuln-type option error: ${vulnType} is unknown vuln-type`);
-            }
+        return true;
+    }
+    validateVulnType(vulnTypes) {
+        const allowedVulnTypes = /os|library/;
+        if (!validateArrayOption(allowedVulnTypes, vulnTypes)) {
+            throw new Error(`Trivy option error: ${vulnTypes.join(',')} is unknown vuln-type.
+        Trivy supports os and library.`);
         }
         return true;
     }
 }
 exports.Trivy = Trivy;
+function validateArrayOption(allowedValue, options) {
+    for (const option of options) {
+        if (!allowedValue.test(option)) {
+            return false;
+        }
+    }
+    return true;
+}
 
 
 /***/ }),
diff --git a/src/index.ts b/src/index.ts
@@ -30,7 +30,9 @@ async function run() {
 
     const downloader = new Downloader();
     const trivyCmdPath: string = await downloader.download(trivyVersion);
-    const result: Vulnerability[] | string = Trivy.scan(
+
+    const trivy = new Trivy();
+    const result: Vulnerability[] | string = trivy.scan(
       trivyCmdPath,
       image,
       trivyOption
@@ -45,7 +47,7 @@ async function run() {
       return;
     }
 
-    const issueContent: string = Trivy.parse(result as Vulnerability[]);
+    const issueContent: string = trivy.parse(result as Vulnerability[]);
 
     if (issueContent === '') {
       core.info(
diff --git a/src/trivy.ts b/src/trivy.ts
@@ -6,6 +6,7 @@ import fetch, { Response } from 'node-fetch';
 import { spawnSync, SpawnSyncReturns } from 'child_process';
 
 import { TrivyOption, Vulnerability } from './interface';
+import { defaultCoreCipherList } from 'constants';
 
 interface Repository {
   owner: string;
@@ -119,12 +120,12 @@ export class Downloader {
 }
 
 export class Trivy {
-  static scan(
+  public scan(
     trivyPath: string,
     image: string,
     option: TrivyOption
   ): Vulnerability[] | string {
-    Trivy.validateOption(option);
+    this.validateOption(option);
 
     const args: string[] = [
       '--severity',
@@ -159,7 +160,7 @@ export class Trivy {
     `);
   }
 
-  static parse(vulnerabilities: Vulnerability[]): string {
+  public parse(vulnerabilities: Vulnerability[]): string {
     let issueContent: string = '';
 
     for (const vuln of vulnerabilities) {
@@ -187,26 +188,39 @@ export class Trivy {
     return issueContent;
   }
 
-  static validateOption(option: TrivyOption): boolean {
-    const allowedSeverities = /UNKNOWN|LOW|MEDIUM|HIGH|CRITICAL/;
-    const allowedVulnTypes = /os|library/;
+  private validateOption(option: TrivyOption): void {
+    this.validateSeverity(option.severity.split(','));
+    this.validateVulnType(option.vulnType.split(','));
+  }
 
-    for (const severity of option.severity.split(',')) {
-      if (!allowedSeverities.test(severity)) {
-        throw new Error(
-          `severity option error: ${severity} is unknown severity`
-        );
-      }
+  private validateSeverity(severities: string[]): boolean {
+    const allowedSeverities = /UNKNOWN|LOW|MEDIUM|HIGH|CRITICAL/;
+    if (!validateArrayOption(allowedSeverities, severities)) {
+      throw new Error(
+        `Trivy option error: ${severities.join(',')} is unknown severity.
+        Trivy supports UNKNOWN, LOW, MEDIUM, HIGH and CRITICAL.`
+      );
     }
+    return true;
+  }
 
-    for (const vulnType of option.vulnType.split(',')) {
-      if (!allowedVulnTypes.test(vulnType)) {
-        throw new Error(
-          `vuln-type option error: ${vulnType} is unknown vuln-type`
-        );
-      }
+  private validateVulnType(vulnTypes: string[]): boolean {
+    const allowedVulnTypes = /os|library/;
+    if (!validateArrayOption(allowedVulnTypes, vulnTypes)) {
+      throw new Error(
+        `Trivy option error: ${vulnTypes.join(',')} is unknown vuln-type.
+        Trivy supports os and library.`
+      );
     }
-
     return true;
   }
 }
+
+function validateArrayOption(allowedValue: RegExp, options: string[]): boolean {
+  for (const option of options) {
+    if (!allowedValue.test(option)) {
+      return false;
+    }
+  }
+  return true;
+}
