From daf254935bb50e9c251380d2a502372de0d0e7f6 Mon Sep 17 00:00:00 2001 From: Seth Rait Date: Fri, 19 Jul 2024 13:18:23 -0700 Subject: [PATCH 1/8] Cleanup code --- action.yml | 4 +-- src/index.ts | 63 ++++++--------------------------------------- src/main.ts | 7 ++--- src/msdo-helpers.ts | 2 -- src/post.ts | 7 ++--- src/pre.ts | 6 ++--- 6 files changed, 15 insertions(+), 74 deletions(-) diff --git a/action.yml b/action.yml index 60312756..5986d543 100644 --- a/action.yml +++ b/action.yml @@ -6,13 +6,11 @@ branding: color: 'black' inputs: command: - description: The command to run. Defaults to run. + description: The command to run. Defaults to all. default: all options: - all - run - - pre-job - - post-job config: description: A file path to a .gdnconfig file. policy: diff --git a/src/index.ts b/src/index.ts index 79946cc2..0ecf7f9d 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,70 +1,28 @@ import * as core from '@actions/core'; import { MicrosoftSecurityDevOps } from './msdo'; -import { CommandType, Inputs, RunnerType, Tools } from './msdo-helpers'; +import { Inputs, Tools } from './msdo-helpers'; import { IMicrosoftSecurityDevOps, IMicrosoftSecurityDevOpsFactory } from './msdo-interface'; import { ContainerMapping } from './container-mapping'; import * as common from '@microsoft/security-devops-actions-toolkit/msdo-common'; -/** - * Runs the action. - * @param runnerString The runner where the task is being run: main, pre, or post. - */ -export async function run(runnerString: string) { - let runner = runnerString as RunnerType; - let command: CommandType = getCommandType(); - - switch (runner) { - case RunnerType.Main: - await _runMain(command); - break; - case RunnerType.Pre: - await _runPreJob(command); - break; - case RunnerType.Post: - await _runPostJob(command); - break; - default: - throw new Error(`Invalid source type for the task: ${runnerString}`); - } -} - -async function _runPreJob(command: CommandType) { - if (command != CommandType.All) { - return; - } - // if explicit PreJob, will run in main +export async function runPreJob() { if (_toolIsEnabled(Tools.ContainerMapping)) { await _getExecutor(ContainerMapping).runPreJob(); } } -async function _runPostJob(command: CommandType) { - if (command != CommandType.All) { - return; - } - // if explicit PostJob, will run in main +export async function runPostJob() { if (_toolIsEnabled(Tools.ContainerMapping)) { await _getExecutor(ContainerMapping).runPostJob(); } } -async function _runMain(command: CommandType) { - if (command == CommandType.PreJob) { - // Explicit pre-job - await _runPreJob(command); - } else if (command == CommandType.PostJob) { - // Explicit post-job - await _runPostJob(command); - } else if (command == CommandType.All || command == CommandType.Run) { - // Run main - // If container-mapping is the only enabled tool, then skip scanning - if (_toolIsEnabledOnInput(Inputs.Tools, Tools.ContainerMapping, true)) { - console.log("Scanning is not enabled. Skipping..."); - } else { - await _getExecutor(MicrosoftSecurityDevOps).runMain(); - } +export async function runMainJob() { + // If container-mapping is the only enabled tool, then skip scanning + if (_toolIsEnabledOnInput(Inputs.Tools, Tools.ContainerMapping, true)) { + console.log("Scanning is not enabled. Skipping..."); } else { - throw new Error(`Invalid command type for the main task: ${command}`); + await _getExecutor(MicrosoftSecurityDevOps).runMain(); } } @@ -117,9 +75,4 @@ function _toolIsEnabledOnInput(inputName: string, toolName: string, isOnlyTool: */ function _getExecutor(runner: IMicrosoftSecurityDevOpsFactory): IMicrosoftSecurityDevOps { return new runner(); -} - -function getCommandType(): CommandType { - const commandTypeString: string = core.getInput(Inputs.Command) || CommandType.Run; - return commandTypeString as CommandType; } \ No newline at end of file diff --git a/src/main.ts b/src/main.ts index 778acb12..58af6fdf 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,11 +1,8 @@ import * as core from '@actions/core'; -import { run } from './index'; -import { RunnerType } from './msdo-helpers'; - -const runner = RunnerType.Main; +import { runMainJob } from './index'; async function runMain() { - await run(runner); + await runMainJob(); } runMain().catch(error => { diff --git a/src/msdo-helpers.ts b/src/msdo-helpers.ts index dc0a198e..e25a2159 100644 --- a/src/msdo-helpers.ts +++ b/src/msdo-helpers.ts @@ -28,8 +28,6 @@ export enum RunnerType { */ export enum CommandType { All = 'all', - PreJob = 'pre-job', - PostJob = 'post-job', Run = 'run' } diff --git a/src/post.ts b/src/post.ts index d3ed363a..ad2f5b74 100644 --- a/src/post.ts +++ b/src/post.ts @@ -1,11 +1,8 @@ import * as core from '@actions/core'; -import { run } from './index'; -import { RunnerType } from './msdo-helpers'; - -const runner = RunnerType.Post; +import { runPostJob } from './index'; async function runPost() { - await run(runner); + await runPostJob(); } runPost().catch((error) => { diff --git a/src/pre.ts b/src/pre.ts index f4ffe392..139ea413 100644 --- a/src/pre.ts +++ b/src/pre.ts @@ -1,11 +1,9 @@ import * as core from '@actions/core'; -import { run } from './index'; -import { RunnerType } from './msdo-helpers'; +import { runPreJob } from './index'; -const runner = RunnerType.Pre; async function runPre() { - await run(runner); + await runPreJob(); } runPre().catch((error) => { From b0ce45bfff1ee2f5e9fa1c867972bca89f0a8610 Mon Sep 17 00:00:00 2001 From: Seth Rait Date: Mon, 22 Jul 2024 07:32:18 -0700 Subject: [PATCH 2/8] Cleanup code --- lib/index.js | 58 ++++++++------------------------------------- lib/main.js | 4 +--- lib/msdo-helpers.js | 2 -- lib/post.js | 4 +--- lib/pre.js | 4 +--- 5 files changed, 13 insertions(+), 59 deletions(-) diff --git a/lib/index.js b/lib/index.js index f51199cb..6ad38842 100644 --- a/lib/index.js +++ b/lib/index.js @@ -32,73 +32,39 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }); }; Object.defineProperty(exports, "__esModule", { value: true }); -exports.run = void 0; +exports.runMainJob = exports.runPostJob = exports.runPreJob = void 0; const core = __importStar(require("@actions/core")); const msdo_1 = require("./msdo"); const msdo_helpers_1 = require("./msdo-helpers"); const container_mapping_1 = require("./container-mapping"); const common = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-common")); -function run(runnerString) { +function runPreJob() { return __awaiter(this, void 0, void 0, function* () { - let runner = runnerString; - let command = getCommandType(); - switch (runner) { - case msdo_helpers_1.RunnerType.Main: - yield _runMain(command); - break; - case msdo_helpers_1.RunnerType.Pre: - yield _runPreJob(command); - break; - case msdo_helpers_1.RunnerType.Post: - yield _runPostJob(command); - break; - default: - throw new Error(`Invalid source type for the task: ${runnerString}`); - } - }); -} -exports.run = run; -function _runPreJob(command) { - return __awaiter(this, void 0, void 0, function* () { - if (command != msdo_helpers_1.CommandType.All) { - return; - } if (_toolIsEnabled(msdo_helpers_1.Tools.ContainerMapping)) { yield _getExecutor(container_mapping_1.ContainerMapping).runPreJob(); } }); } -function _runPostJob(command) { +exports.runPreJob = runPreJob; +function runPostJob() { return __awaiter(this, void 0, void 0, function* () { - if (command != msdo_helpers_1.CommandType.All) { - return; - } if (_toolIsEnabled(msdo_helpers_1.Tools.ContainerMapping)) { yield _getExecutor(container_mapping_1.ContainerMapping).runPostJob(); } }); } -function _runMain(command) { +exports.runPostJob = runPostJob; +function runMainJob() { return __awaiter(this, void 0, void 0, function* () { - if (command == msdo_helpers_1.CommandType.PreJob) { - yield _runPreJob(command); - } - else if (command == msdo_helpers_1.CommandType.PostJob) { - yield _runPostJob(command); - } - else if (command == msdo_helpers_1.CommandType.All || command == msdo_helpers_1.CommandType.Run) { - if (_toolIsEnabledOnInput(msdo_helpers_1.Inputs.Tools, msdo_helpers_1.Tools.ContainerMapping, true)) { - console.log("Scanning is not enabled. Skipping..."); - } - else { - yield _getExecutor(msdo_1.MicrosoftSecurityDevOps).runMain(); - } + if (_toolIsEnabledOnInput(msdo_helpers_1.Inputs.Tools, msdo_helpers_1.Tools.ContainerMapping, true)) { + console.log("Scanning is not enabled. Skipping..."); } else { - throw new Error(`Invalid command type for the main task: ${command}`); + yield _getExecutor(msdo_1.MicrosoftSecurityDevOps).runMain(); } }); } +exports.runMainJob = runMainJob; function _toolIsEnabled(toolName) { let enabled = false; enabled = _toolIsEnabledOnInput(msdo_helpers_1.Inputs.Tools, toolName, false); @@ -125,7 +91,3 @@ function _toolIsEnabledOnInput(inputName, toolName, isOnlyTool = false) { function _getExecutor(runner) { return new runner(); } -function getCommandType() { - const commandTypeString = core.getInput(msdo_helpers_1.Inputs.Command) || msdo_helpers_1.CommandType.Run; - return commandTypeString; -} diff --git a/lib/main.js b/lib/main.js index b2b00d1b..c7895e1f 100644 --- a/lib/main.js +++ b/lib/main.js @@ -34,11 +34,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); const index_1 = require("./index"); -const msdo_helpers_1 = require("./msdo-helpers"); -const runner = msdo_helpers_1.RunnerType.Main; function runMain() { return __awaiter(this, void 0, void 0, function* () { - yield (0, index_1.run)(runner); + yield (0, index_1.runMainJob)(); }); } runMain().catch(error => { diff --git a/lib/msdo-helpers.js b/lib/msdo-helpers.js index b647de16..11742d3a 100644 --- a/lib/msdo-helpers.js +++ b/lib/msdo-helpers.js @@ -24,8 +24,6 @@ var RunnerType; var CommandType; (function (CommandType) { CommandType["All"] = "all"; - CommandType["PreJob"] = "pre-job"; - CommandType["PostJob"] = "post-job"; CommandType["Run"] = "run"; })(CommandType || (exports.CommandType = CommandType = {})); var Tools; diff --git a/lib/post.js b/lib/post.js index a0f4d7f0..f284cbee 100644 --- a/lib/post.js +++ b/lib/post.js @@ -34,11 +34,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); const index_1 = require("./index"); -const msdo_helpers_1 = require("./msdo-helpers"); -const runner = msdo_helpers_1.RunnerType.Post; function runPost() { return __awaiter(this, void 0, void 0, function* () { - yield (0, index_1.run)(runner); + yield (0, index_1.runPostJob)(); }); } runPost().catch((error) => { diff --git a/lib/pre.js b/lib/pre.js index caa16d78..7ff3e600 100644 --- a/lib/pre.js +++ b/lib/pre.js @@ -34,11 +34,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); const index_1 = require("./index"); -const msdo_helpers_1 = require("./msdo-helpers"); -const runner = msdo_helpers_1.RunnerType.Pre; function runPre() { return __awaiter(this, void 0, void 0, function* () { - yield (0, index_1.run)(runner); + yield (0, index_1.runPreJob)(); }); } runPre().catch((error) => { From a95693633b9c3b406a9df0edf5bc332d824b2c3a Mon Sep 17 00:00:00 2001 From: Seth Rait Date: Mon, 22 Jul 2024 08:06:30 -0700 Subject: [PATCH 3/8] Cleanup code --- action.yml | 6 +----- lib/msdo-helpers.js | 7 +------ src/container-mapping.ts | 1 - src/msdo-helpers.ts | 8 -------- src/msdo-interface.ts | 2 -- src/pre.ts | 1 - 6 files changed, 2 insertions(+), 23 deletions(-) diff --git a/action.yml b/action.yml index 5986d543..56916f3a 100644 --- a/action.yml +++ b/action.yml @@ -6,11 +6,7 @@ branding: color: 'black' inputs: command: - description: The command to run. Defaults to all. - default: all - options: - - all - - run + description: Deprecated, do not use. config: description: A file path to a .gdnconfig file. policy: diff --git a/lib/msdo-helpers.js b/lib/msdo-helpers.js index 11742d3a..ead0ff5e 100644 --- a/lib/msdo-helpers.js +++ b/lib/msdo-helpers.js @@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); -exports.writeToOutStream = exports.getEncodedContent = exports.encode = exports.Constants = exports.Tools = exports.CommandType = exports.RunnerType = exports.Inputs = void 0; +exports.writeToOutStream = exports.getEncodedContent = exports.encode = exports.Constants = exports.Tools = exports.RunnerType = exports.Inputs = void 0; const os_1 = __importDefault(require("os")); var Inputs; (function (Inputs) { @@ -21,11 +21,6 @@ var RunnerType; RunnerType["Pre"] = "pre"; RunnerType["Post"] = "post"; })(RunnerType || (exports.RunnerType = RunnerType = {})); -var CommandType; -(function (CommandType) { - CommandType["All"] = "all"; - CommandType["Run"] = "run"; -})(CommandType || (exports.CommandType = CommandType = {})); var Tools; (function (Tools) { Tools["Bandit"] = "bandit"; diff --git a/src/container-mapping.ts b/src/container-mapping.ts index 22fc8347..67dc1f82 100644 --- a/src/container-mapping.ts +++ b/src/container-mapping.ts @@ -1,4 +1,3 @@ -import { CommandType, Constants, getEncodedContent, writeToOutStream } from "./msdo-helpers"; import { IMicrosoftSecurityDevOps } from "./msdo-interface"; import * as https from "https"; import * as core from '@actions/core'; diff --git a/src/msdo-helpers.ts b/src/msdo-helpers.ts index e25a2159..d12e9e18 100644 --- a/src/msdo-helpers.ts +++ b/src/msdo-helpers.ts @@ -23,14 +23,6 @@ export enum RunnerType { Post = 'post' } -/* -* Enum for the possible values for the Inputs.CommandType (specified in action.yml) -*/ -export enum CommandType { - All = 'all', - Run = 'run' -} - /* * Enum for the possible values for the Inputs.Tools (specified in action.yml) */ diff --git a/src/msdo-interface.ts b/src/msdo-interface.ts index cb7afd3a..b2fc387b 100644 --- a/src/msdo-interface.ts +++ b/src/msdo-interface.ts @@ -1,5 +1,3 @@ -import { CommandType } from "./msdo-helpers"; - /* * Interface for the MicrosoftSecurityDevOps task */ diff --git a/src/pre.ts b/src/pre.ts index 139ea413..15889910 100644 --- a/src/pre.ts +++ b/src/pre.ts @@ -1,7 +1,6 @@ import * as core from '@actions/core'; import { runPreJob } from './index'; - async function runPre() { await runPreJob(); } From 25574b7e1c106a44a9bd68b94ee2e30c683cba4d Mon Sep 17 00:00:00 2001 From: Seth Rait Date: Mon, 22 Jul 2024 08:28:18 -0700 Subject: [PATCH 4/8] Cleanup code --- action.yml | 2 +- lib/index.js | 93 ------------------------------------------- lib/main.js | 5 ++- lib/msdo-interface.js | 5 +++ lib/msdo.js | 19 --------- lib/post.js | 5 ++- lib/pre.js | 5 ++- src/index.ts | 78 ------------------------------------ src/main.ts | 5 ++- src/msdo-helpers.ts | 1 + src/msdo-interface.ts | 11 +++++ src/msdo.ts | 20 ---------- src/post.ts | 5 ++- src/pre.ts | 5 ++- 14 files changed, 36 insertions(+), 223 deletions(-) delete mode 100644 lib/index.js delete mode 100644 src/index.ts diff --git a/action.yml b/action.yml index 56916f3a..0e073371 100644 --- a/action.yml +++ b/action.yml @@ -19,7 +19,7 @@ inputs: tools: description: A comma separated list of analyzer to run. Example bandit, binskim, container-mapping, eslint, templateanalyzer, terrascan, trivy. includeTools: - description: A comma separated list of analyzers to run in addition to the default set defined by the policy. Limited to container-mapping + description: Deprecated outputs: sarifFile: description: A file path to a SARIF results file. diff --git a/lib/index.js b/lib/index.js deleted file mode 100644 index 6ad38842..00000000 --- a/lib/index.js +++ /dev/null @@ -1,93 +0,0 @@ -"use strict"; -var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -})); -var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; -var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { - function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } - return new (P || (P = Promise))(function (resolve, reject) { - function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } - function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } - function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } - step((generator = generator.apply(thisArg, _arguments || [])).next()); - }); -}; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.runMainJob = exports.runPostJob = exports.runPreJob = void 0; -const core = __importStar(require("@actions/core")); -const msdo_1 = require("./msdo"); -const msdo_helpers_1 = require("./msdo-helpers"); -const container_mapping_1 = require("./container-mapping"); -const common = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-common")); -function runPreJob() { - return __awaiter(this, void 0, void 0, function* () { - if (_toolIsEnabled(msdo_helpers_1.Tools.ContainerMapping)) { - yield _getExecutor(container_mapping_1.ContainerMapping).runPreJob(); - } - }); -} -exports.runPreJob = runPreJob; -function runPostJob() { - return __awaiter(this, void 0, void 0, function* () { - if (_toolIsEnabled(msdo_helpers_1.Tools.ContainerMapping)) { - yield _getExecutor(container_mapping_1.ContainerMapping).runPostJob(); - } - }); -} -exports.runPostJob = runPostJob; -function runMainJob() { - return __awaiter(this, void 0, void 0, function* () { - if (_toolIsEnabledOnInput(msdo_helpers_1.Inputs.Tools, msdo_helpers_1.Tools.ContainerMapping, true)) { - console.log("Scanning is not enabled. Skipping..."); - } - else { - yield _getExecutor(msdo_1.MicrosoftSecurityDevOps).runMain(); - } - }); -} -exports.runMainJob = runMainJob; -function _toolIsEnabled(toolName) { - let enabled = false; - enabled = _toolIsEnabledOnInput(msdo_helpers_1.Inputs.Tools, toolName, false); - if (!enabled) { - enabled = _toolIsEnabledOnInput(msdo_helpers_1.Inputs.IncludeTools, toolName, false); - } - return enabled; -} -function _toolIsEnabledOnInput(inputName, toolName, isOnlyTool = false) { - let enabled = false; - let toolsString = core.getInput(inputName); - if (!common.isNullOrWhiteSpace(toolsString)) { - let tools = toolsString.split(','); - if (isOnlyTool && tools.length > 1) { - enabled = false; - } - else { - const toolIndex = tools.indexOf(toolName); - enabled = toolIndex > -1; - } - } - return enabled; -} -function _getExecutor(runner) { - return new runner(); -} diff --git a/lib/main.js b/lib/main.js index c7895e1f..f335b4ea 100644 --- a/lib/main.js +++ b/lib/main.js @@ -33,10 +33,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }; Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); -const index_1 = require("./index"); +const msdo_1 = require("./msdo"); +const msdo_interface_1 = require("./msdo-interface"); function runMain() { return __awaiter(this, void 0, void 0, function* () { - yield (0, index_1.runMainJob)(); + yield (0, msdo_interface_1.getExecutor)(msdo_1.MicrosoftSecurityDevOps).runMain(); }); } runMain().catch(error => { diff --git a/lib/msdo-interface.js b/lib/msdo-interface.js index c8ad2e54..ed538cfb 100644 --- a/lib/msdo-interface.js +++ b/lib/msdo-interface.js @@ -1,2 +1,7 @@ "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); +exports.getExecutor = void 0; +function getExecutor(runner) { + return new runner(); +} +exports.getExecutor = getExecutor; diff --git a/lib/msdo.js b/lib/msdo.js index 5f2133ff..f9fcf4b6 100644 --- a/lib/msdo.js +++ b/lib/msdo.js @@ -34,7 +34,6 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge Object.defineProperty(exports, "__esModule", { value: true }); exports.MicrosoftSecurityDevOps = void 0; const core = __importStar(require("@actions/core")); -const msdo_helpers_1 = require("./msdo-helpers"); const client = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-client")); const common = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-common")); class MicrosoftSecurityDevOps { @@ -94,24 +93,6 @@ class MicrosoftSecurityDevOps { let tool = tools[i]; let toolTrimmed = tool.trim(); if (!common.isNullOrWhiteSpace(tool) - && tool != msdo_helpers_1.Tools.ContainerMapping - && includedTools.indexOf(toolTrimmed) == -1) { - if (includedTools.length == 0) { - args.push('--tool'); - } - args.push(toolTrimmed); - includedTools.push(toolTrimmed); - } - } - } - let includeToolsString = core.getInput('includeTools'); - if (!common.isNullOrWhiteSpace(includeToolsString)) { - let includeTools = includeToolsString.split(','); - for (let i = 0; i < includeTools.length; i++) { - let includeTool = includeTools[i]; - let toolTrimmed = includeTool.trim(); - if (!common.isNullOrWhiteSpace(includeTool) - && includeTool != msdo_helpers_1.Tools.ContainerMapping && includedTools.indexOf(toolTrimmed) == -1) { if (includedTools.length == 0) { args.push('--tool'); diff --git a/lib/post.js b/lib/post.js index f284cbee..ca4f9b68 100644 --- a/lib/post.js +++ b/lib/post.js @@ -33,10 +33,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }; Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); -const index_1 = require("./index"); +const container_mapping_1 = require("./container-mapping"); +const msdo_interface_1 = require("./msdo-interface"); function runPost() { return __awaiter(this, void 0, void 0, function* () { - yield (0, index_1.runPostJob)(); + yield (0, msdo_interface_1.getExecutor)(container_mapping_1.ContainerMapping).runPostJob(); }); } runPost().catch((error) => { diff --git a/lib/pre.js b/lib/pre.js index 7ff3e600..1305f979 100644 --- a/lib/pre.js +++ b/lib/pre.js @@ -33,10 +33,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge }; Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); -const index_1 = require("./index"); +const container_mapping_1 = require("./container-mapping"); +const msdo_interface_1 = require("./msdo-interface"); function runPre() { return __awaiter(this, void 0, void 0, function* () { - yield (0, index_1.runPreJob)(); + yield (0, msdo_interface_1.getExecutor)(container_mapping_1.ContainerMapping).runPreJob(); }); } runPre().catch((error) => { diff --git a/src/index.ts b/src/index.ts deleted file mode 100644 index 0ecf7f9d..00000000 --- a/src/index.ts +++ /dev/null @@ -1,78 +0,0 @@ -import * as core from '@actions/core'; -import { MicrosoftSecurityDevOps } from './msdo'; -import { Inputs, Tools } from './msdo-helpers'; -import { IMicrosoftSecurityDevOps, IMicrosoftSecurityDevOpsFactory } from './msdo-interface'; -import { ContainerMapping } from './container-mapping'; -import * as common from '@microsoft/security-devops-actions-toolkit/msdo-common'; - -export async function runPreJob() { - if (_toolIsEnabled(Tools.ContainerMapping)) { - await _getExecutor(ContainerMapping).runPreJob(); - } -} - -export async function runPostJob() { - if (_toolIsEnabled(Tools.ContainerMapping)) { - await _getExecutor(ContainerMapping).runPostJob(); - } -} - -export async function runMainJob() { - // If container-mapping is the only enabled tool, then skip scanning - if (_toolIsEnabledOnInput(Inputs.Tools, Tools.ContainerMapping, true)) { - console.log("Scanning is not enabled. Skipping..."); - } else { - await _getExecutor(MicrosoftSecurityDevOps).runMain(); - } -} - -/** - * Returns true if the tool is enabled on either the tools or includeTools inputs. - * @param toolName - The name of the tool. - * @returns True if the tool is enabled in the inputs. - */ -function _toolIsEnabled(toolName: string): boolean { - let enabled: boolean = false; - - enabled = _toolIsEnabledOnInput(Inputs.Tools, toolName, false); - - if (!enabled) { - // See if the tool is in includeTools - enabled = _toolIsEnabledOnInput(Inputs.IncludeTools, toolName, false); - } - - return enabled; -} - -/** - * Returns true if the tool is enabled on the specified input. - * @param inputName The action input name to check for the list of tools. Values tools or includeTools. - * @param toolName The name of the tool to look for. - * @param isOnlyTool Return true only if it is the only tool. - * @returns True if the tool is enabled on the specified input. - */ -function _toolIsEnabledOnInput(inputName: string, toolName: string, isOnlyTool: boolean = false) { - let enabled: boolean = false; - let toolsString: string = core.getInput(inputName); - if (!common.isNullOrWhiteSpace(toolsString)) { - let tools = toolsString.split(','); - if (isOnlyTool && tools.length > 1) { - enabled = false; - } else { - const toolIndex = tools.indexOf(toolName); - enabled = toolIndex > -1; - } - } - return enabled; -} - -/** - * Returns an instance of IMicrosoftSecurityDevOps based on the input runner and command type. - * (This is used to enforce strong typing for the inputs for the runner). - * @param runner - The runner to use to create the instance of IMicrosoftSecurityDevOps. - * @param commandType - The input command type. - * @returns An instance of IMicrosoftSecurityDevOps. - */ -function _getExecutor(runner: IMicrosoftSecurityDevOpsFactory): IMicrosoftSecurityDevOps { - return new runner(); -} \ No newline at end of file diff --git a/src/main.ts b/src/main.ts index 58af6fdf..321b337d 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,8 +1,9 @@ import * as core from '@actions/core'; -import { runMainJob } from './index'; +import { MicrosoftSecurityDevOps } from './msdo'; +import { getExecutor } from './msdo-interface'; async function runMain() { - await runMainJob(); + await getExecutor(MicrosoftSecurityDevOps).runMain(); } runMain().catch(error => { diff --git a/src/msdo-helpers.ts b/src/msdo-helpers.ts index d12e9e18..f77719f0 100644 --- a/src/msdo-helpers.ts +++ b/src/msdo-helpers.ts @@ -1,5 +1,6 @@ import os from 'os'; import { Writable } from "stream"; +import { IMicrosoftSecurityDevOps, IMicrosoftSecurityDevOpsFactory } from './msdo-interface'; /** * Enum for the possible inputs for the task (specified in action.yml) diff --git a/src/msdo-interface.ts b/src/msdo-interface.ts index b2fc387b..af50977e 100644 --- a/src/msdo-interface.ts +++ b/src/msdo-interface.ts @@ -15,4 +15,15 @@ export interface IMicrosoftSecurityDevOps { */ export interface IMicrosoftSecurityDevOpsFactory { new (): IMicrosoftSecurityDevOps; +} + +/** + * Returns an instance of IMicrosoftSecurityDevOps based on the input runner and command type. + * (This is used to enforce strong typing for the inputs for the runner). + * @param runner - The runner to use to create the instance of IMicrosoftSecurityDevOps. + * @param commandType - The input command type. + * @returns An instance of IMicrosoftSecurityDevOps. + */ +export function getExecutor(runner: IMicrosoftSecurityDevOpsFactory): IMicrosoftSecurityDevOps { + return new runner(); } \ No newline at end of file diff --git a/src/msdo.ts b/src/msdo.ts index e8e886c9..2546a4f1 100644 --- a/src/msdo.ts +++ b/src/msdo.ts @@ -1,6 +1,5 @@ import * as core from '@actions/core'; import { IMicrosoftSecurityDevOps } from './msdo-interface'; -import { Tools } from './msdo-helpers'; import * as client from '@microsoft/security-devops-actions-toolkit/msdo-client'; import * as common from '@microsoft/security-devops-actions-toolkit/msdo-common'; @@ -73,25 +72,6 @@ export class MicrosoftSecurityDevOps implements IMicrosoftSecurityDevOps { let tool = tools[i]; let toolTrimmed = tool.trim(); if (!common.isNullOrWhiteSpace(tool) - && tool != Tools.ContainerMapping - && includedTools.indexOf(toolTrimmed) == -1) { - if (includedTools.length == 0) { - args.push('--tool'); - } - args.push(toolTrimmed); - includedTools.push(toolTrimmed); - } - } - } - - let includeToolsString: string = core.getInput('includeTools'); - if (!common.isNullOrWhiteSpace(includeToolsString)) { - let includeTools = includeToolsString.split(','); - for (let i = 0; i < includeTools.length; i++) { - let includeTool = includeTools[i]; - let toolTrimmed = includeTool.trim(); - if (!common.isNullOrWhiteSpace(includeTool) - && includeTool != Tools.ContainerMapping && includedTools.indexOf(toolTrimmed) == -1) { if (includedTools.length == 0) { args.push('--tool'); diff --git a/src/post.ts b/src/post.ts index ad2f5b74..ab75224f 100644 --- a/src/post.ts +++ b/src/post.ts @@ -1,8 +1,9 @@ import * as core from '@actions/core'; -import { runPostJob } from './index'; +import { ContainerMapping } from './container-mapping'; +import { getExecutor } from './msdo-interface'; async function runPost() { - await runPostJob(); + await getExecutor(ContainerMapping).runPostJob(); } runPost().catch((error) => { diff --git a/src/pre.ts b/src/pre.ts index 15889910..f717e43a 100644 --- a/src/pre.ts +++ b/src/pre.ts @@ -1,8 +1,9 @@ import * as core from '@actions/core'; -import { runPreJob } from './index'; +import { ContainerMapping } from './container-mapping'; +import { getExecutor } from './msdo-interface'; async function runPre() { - await runPreJob(); + await getExecutor(ContainerMapping).runPreJob(); } runPre().catch((error) => { From c23429e43d7dfaaba07e3e5ced7960287b845dcf Mon Sep 17 00:00:00 2001 From: Seth Rait Date: Mon, 22 Jul 2024 08:31:56 -0700 Subject: [PATCH 5/8] Cleanup code --- lib/msdo.js | 2 ++ src/msdo.ts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/msdo.js b/lib/msdo.js index f9fcf4b6..0d2ef306 100644 --- a/lib/msdo.js +++ b/lib/msdo.js @@ -34,6 +34,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge Object.defineProperty(exports, "__esModule", { value: true }); exports.MicrosoftSecurityDevOps = void 0; const core = __importStar(require("@actions/core")); +const msdo_helpers_1 = require("./msdo-helpers"); const client = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-client")); const common = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-common")); class MicrosoftSecurityDevOps { @@ -93,6 +94,7 @@ class MicrosoftSecurityDevOps { let tool = tools[i]; let toolTrimmed = tool.trim(); if (!common.isNullOrWhiteSpace(tool) + && tool != msdo_helpers_1.Tools.ContainerMapping && includedTools.indexOf(toolTrimmed) == -1) { if (includedTools.length == 0) { args.push('--tool'); diff --git a/src/msdo.ts b/src/msdo.ts index 2546a4f1..16250524 100644 --- a/src/msdo.ts +++ b/src/msdo.ts @@ -1,5 +1,6 @@ import * as core from '@actions/core'; import { IMicrosoftSecurityDevOps } from './msdo-interface'; +import { Tools } from './msdo-helpers'; import * as client from '@microsoft/security-devops-actions-toolkit/msdo-client'; import * as common from '@microsoft/security-devops-actions-toolkit/msdo-common'; @@ -72,6 +73,7 @@ export class MicrosoftSecurityDevOps implements IMicrosoftSecurityDevOps { let tool = tools[i]; let toolTrimmed = tool.trim(); if (!common.isNullOrWhiteSpace(tool) + && tool != Tools.ContainerMapping && includedTools.indexOf(toolTrimmed) == -1) { if (includedTools.length == 0) { args.push('--tool'); From 2cc77989f03c9f2286157dcb90d8f2c81e5e1b00 Mon Sep 17 00:00:00 2001 From: Seth Rait Date: Mon, 22 Jul 2024 08:56:38 -0700 Subject: [PATCH 6/8] Cleanup code --- lib/main.js | 19 ++++++++++++++++++- src/main.ts | 27 +++++++++++++++++++++++++-- src/msdo-helpers.ts | 1 - src/msdo.ts | 2 +- 4 files changed, 44 insertions(+), 5 deletions(-) diff --git a/lib/main.js b/lib/main.js index f335b4ea..1f33096d 100644 --- a/lib/main.js +++ b/lib/main.js @@ -35,11 +35,28 @@ Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); const msdo_1 = require("./msdo"); const msdo_interface_1 = require("./msdo-interface"); +const common = __importStar(require("@microsoft/security-devops-actions-toolkit/msdo-common")); +const msdo_helpers_1 = require("./msdo-helpers"); function runMain() { return __awaiter(this, void 0, void 0, function* () { - yield (0, msdo_interface_1.getExecutor)(msdo_1.MicrosoftSecurityDevOps).runMain(); + if (shouldRunMain()) { + yield (0, msdo_interface_1.getExecutor)(msdo_1.MicrosoftSecurityDevOps).runMain(); + } + else { + console.log("Scanning is not enabled. Skipping..."); + } }); } runMain().catch(error => { core.setFailed(error); }); +function shouldRunMain() { + let toolsString = core.getInput('tools'); + if (!common.isNullOrWhiteSpace(toolsString)) { + let tools = toolsString.split(','); + if (tools.length == 1 && tools[0].trim() == msdo_helpers_1.Tools.ContainerMapping) { + return false; + } + return true; + } +} diff --git a/src/main.ts b/src/main.ts index 321b337d..dbbf9443 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,11 +1,34 @@ import * as core from '@actions/core'; import { MicrosoftSecurityDevOps } from './msdo'; import { getExecutor } from './msdo-interface'; +import * as common from '@microsoft/security-devops-actions-toolkit/msdo-common'; +import { Tools } from './msdo-helpers'; async function runMain() { - await getExecutor(MicrosoftSecurityDevOps).runMain(); + if (shouldRunMain()) + { + await getExecutor(MicrosoftSecurityDevOps).runMain(); + } + else { + console.log("Scanning is not enabled. Skipping..."); + } } runMain().catch(error => { core.setFailed(error); -}); \ No newline at end of file +}); + +/** + * Returns false if the 'tools' input is specified and the only tool on the list is 'container-mapping'. + * This is because the MicrosoftSecurityDevOps executer does not have a workload for the container-mapping tool. +*/ +function shouldRunMain() { + let toolsString: string = core.getInput('tools'); + if (!common.isNullOrWhiteSpace(toolsString)) { + let tools = toolsString.split(','); + if (tools.length == 1 && tools[0].trim() == Tools.ContainerMapping) { + return false; + } + return true; + } +} \ No newline at end of file diff --git a/src/msdo-helpers.ts b/src/msdo-helpers.ts index f77719f0..d12e9e18 100644 --- a/src/msdo-helpers.ts +++ b/src/msdo-helpers.ts @@ -1,6 +1,5 @@ import os from 'os'; import { Writable } from "stream"; -import { IMicrosoftSecurityDevOps, IMicrosoftSecurityDevOpsFactory } from './msdo-interface'; /** * Enum for the possible inputs for the task (specified in action.yml) diff --git a/src/msdo.ts b/src/msdo.ts index 16250524..bdbd0e4a 100644 --- a/src/msdo.ts +++ b/src/msdo.ts @@ -73,7 +73,7 @@ export class MicrosoftSecurityDevOps implements IMicrosoftSecurityDevOps { let tool = tools[i]; let toolTrimmed = tool.trim(); if (!common.isNullOrWhiteSpace(tool) - && tool != Tools.ContainerMapping + && tool != Tools.ContainerMapping // This tool is not handled by this executor && includedTools.indexOf(toolTrimmed) == -1) { if (includedTools.length == 0) { args.push('--tool'); From 416e86d3e463591eb937d8ab2d8d611c4b601f65 Mon Sep 17 00:00:00 2001 From: Seth Rait Date: Mon, 22 Jul 2024 09:05:54 -0700 Subject: [PATCH 7/8] Update documentation --- README.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 0e6e33ab..9286b913 100644 --- a/README.md +++ b/README.md @@ -50,15 +50,8 @@ To upload results to the Security tab of your repo, run the `github/codeql-actio ## Advanced -To configure **Container Mapping** to send to **Microsoft Defender for DevOps**, include `container-mapping` as a tool: -```yaml -- uses: microsoft/security-devops-action@v1 - id: msdo - with: - includeTools: container-mapping -``` +To only run specific analyzers, use the `tools` command. This command is a comma-seperated list of tools to run. For example, to run only the `container-mapping` tool, configure this action as follows: -This will run all the analyzers defined by the configured or defaulted policy in addition to `container-mapping`. To only run this feature, define `container-mapping` as the only `tool` to run: ```yaml - uses: microsoft/security-devops-action@v1 id: msdo @@ -77,6 +70,7 @@ This will run all the analyzers defined by the configured or defaulted policy in | [Template Analyzer](https://github.com/Azure/template-analyzer) | Infrastructure-as-code (IaC), ARM templates, Bicep files | [MIT License](https://github.com/Azure/template-analyzer/blob/main/LICENSE.txt) | | [Terrascan](https://github.com/accurics/terrascan) | Infrastructure-as-code (IaC), Terraform (HCL2), Kubernetes (JSON/YAML), Helm v3, Kustomize, Dockerfiles, Cloudformation | [Apache License 2.0](https://github.com/accurics/terrascan/blob/master/LICENSE) | | [Trivy](https://github.com/aquasecurity/trivy) | container images, file systems, and git repositories | [Apache License 2.0](https://github.com/aquasecurity/trivy/blob/main/LICENSE) | +| [container-mapping](https://learn.microsoft.com/en-us/azure/defender-for-cloud/container-image-mapping) | container images and registries (only available for DevOps security enabled CSPM plans) | [MIT License](https://github.com/microsoft/security-devops-action/blob/main/LICENSE) | # More Information From 481b67d14ca50e71075a2d643fa21a46c802d00b Mon Sep 17 00:00:00 2001 From: Seth Rait Date: Mon, 22 Jul 2024 09:20:11 -0700 Subject: [PATCH 8/8] Update documentation --- lib/main.js | 2 +- src/main.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/main.js b/lib/main.js index 1f33096d..f857f586 100644 --- a/lib/main.js +++ b/lib/main.js @@ -57,6 +57,6 @@ function shouldRunMain() { if (tools.length == 1 && tools[0].trim() == msdo_helpers_1.Tools.ContainerMapping) { return false; } - return true; } + return true; } diff --git a/src/main.ts b/src/main.ts index dbbf9443..1f45f9d1 100644 --- a/src/main.ts +++ b/src/main.ts @@ -29,6 +29,6 @@ function shouldRunMain() { if (tools.length == 1 && tools[0].trim() == Tools.ContainerMapping) { return false; } - return true; } + return true; } \ No newline at end of file