refactor to use nsp@3.x, closes #39

nodesecurity · Feb 15, 2018 · 92de632 · 92de632
1 parent 28bf93c
commit 92de632
Show file tree

Hide file tree

Showing 5 changed files with 4,757 additions and 1,493 deletions.
diff --git a/gulpfile.js b/gulpfile.js
@@ -6,7 +6,7 @@ var GulpNSP = require('./index.js');
 Gulp.task('nsp', function (cb) {
 
   GulpNSP({
-    shrinkwrap: __dirname + '/npm-shrinkwrap.json',
+    packagelock: __dirname + '/package-lock.json',
     package: __dirname + '/package.json'
   }, cb);
 });
diff --git a/index.js b/index.js
@@ -1,61 +1,111 @@
 'use strict';
 
 var Nsp = require('nsp');
+var Preprocessor = require('nsp/lib/preprocessor');
+var Reporter = require('nsp/reporters');
 var PluginError = require('plugin-error');
 var Log = require('fancy-log');
 var PLUGIN_NAME = require('./package.json').name;
+var Os = require('os');
+var Fs = require('fs');
+var Path = require('path');
+
+var internals = {};
+internals.wrapReporter = function (name, fn, ...args) {
+
+  var output = '';
+  return new Promise((resolve, reject) => {
+
+    try {
+      return resolve(fn(...args, {
+        log: function (...segments) {
+
+          output += segments.join(' ') + '\n';
+        },
+        error: function (...segments) {
+
+          output += segments.join(' ') + '\n';
+        }
+      }));
+    }
+    catch (err) {
+      return reject(err);
+    }
+  }).catch((err) => {
+
+    output += `Error in reporter: ${name}\n`;
+    output += err.stack + '\n';
+  }).then(() => {
+
+    return output;
+  });
+};
 
 var rsGulp = function (params, callback) {
 
-  var payload = {};
-  var formatter = Nsp.formatters.default;
+  var payload = Nsp.sanitizeParameters(params);
+  var reporter = Reporter.load(payload.reporter);
 
-  if (params.package) {
-    payload.package = params.package;
-  }
+  return Promise.resolve().then(() => {
 
-  if (params.shrinkwrap) {
-    payload.shrinkwrap = params.shrinkwrap;
-  }
+    const preprocessor = Preprocessor.load(payload.preprocessor);
+    return preprocessor.hasOwnProperty('check') ? preprocessor.check(payload) : Promise.resolve(payload);
+  }).then((args) => {
 
-  // Enable builds behind the HTTP_PROXY
-  if (params.proxy) {
-    payload.proxy = params.proxy;
-  }
+    return Nsp.check(args);
+  }).then((result) => {
 
-  if (params.output) {
-    if (Nsp.formatters.hasOwnProperty(params.output)) {
-      formatter = Nsp.formatters[params.output];
+    var maxCvss;
+    if (payload.filter ||
+        payload.threshold) {
+
+      maxCvss = Math.max(...result.data.map((item) => item.cvss_score));
     }
-    else {
-      Log('Invalid formatter specified in options. Must be one of ' + Object.keys(Nsp.formatters).join(', ') + '\nUsing default formatter');
+
+    if (payload.filter &&
+        result.data.length) {
+
+      result.data = result.data.filter((item) => item.cvss_score > args.filter);
     }
-  }
 
-  Nsp.check(payload, function (err, data) {
+    var buildReport;
+    if (reporter.hasOwnProperty('check') &&
+        reporter.check.hasOwnProperty('success')) {
 
-    var output = formatter(err, data);
-    var pluginErr = new PluginError(PLUGIN_NAME, output);
+      buildReport = internals.wrapReporter(payload.reporter, reporter.check.success, result, payload);
+    }
+    else {
+      buildReport = internals.wrapReporter(payload.reporter, reporter.success, result, payload);
+    }
 
-    if (err) {
-      if (params.stopOnError === false) {
-        Log(output);
+    return buildReport.then((output) => {
+      if (params.stopOnError === false || result.data && result.data.length === 0) {
+        Log(output.trim());
         return callback();
       }
-      return callback(pluginErr);
-    }
 
-    if (params.stopOnError === false || data && data.length === 0) {
-      Log(output);
-      return callback();
-    }
+      if (result.data.length > 0) {
+        var pluginErr = new PluginError(PLUGIN_NAME, output);
+        return callback(pluginErr);
+      }
+    })
+  }).catch((err) => {
 
-    if (data.length > 0) {
-      return callback(pluginErr);
+    var buildReport;
+    if (reporter.hasOwnProperty('check') &&
+        reporter.check.hasOwnProperty('error')) {
+
+      buildReport = internals.wrapReporter(payload.reporter, reporter.check.error, err, payload);
+    }
+    else {
+      buildReport = internals.wrapReporter(payload.reporter, reporter.error, err, payload);
     }
 
+    return buildReport.then((output) => {
+      var pluginErr = new PluginError(PLUGIN_NAME, output);
+      return callback(pluginErr);
+    })
   });
-
 };
 
 module.exports = rsGulp;