Merge pull request #330 from SocketDev/refactor_a_lot

Refactor many commands into consistency

Author: pvdz

package.json

@@ -46,6 +46,7 @@
     "clean": "run-p --aggregate-output clean:*",
     "clean:dist": "del-cli 'dist' 'test/dist'",
     "clean:node_modules": "del-cli '**/node_modules'",
+    "fix": "npm run lint:fix ; npm run check:lint -- --fix",
     "knip:dependencies": "knip --dependencies",
     "knip:exports": "knip --include exports,duplicates",
     "lint": "oxlint -c=./.oxlintrc.json --ignore-path=./.oxlintignore --tsconfig=./tsconfig.json .",

src/cli.ts

@@ -7,14 +7,14 @@ import { messageWithCauses, stackWithCauses } from 'pony-cause'
 import updateNotifier from 'tiny-updater'
 import colors from 'yoctocolors-cjs'
 
-import { actionCommand } from './commands/action'
-import { analyticsCommand } from './commands/analytics/analytics-command'
-import { auditLogCommand } from './commands/audit-log'
-import { cdxgenCommand } from './commands/cdxgen'
-import { dependenciesCommand } from './commands/dependencies'
-import { diffScanCommand } from './commands/diff-scan'
-import { fixCommand } from './commands/fix'
-import { infoCommand } from './commands/info'
+import { cmdAction } from './commands/action/cmd-action.ts'
+import { cmdAnalytics } from './commands/analytics/cmd-analytics.ts'
+import { cmdAuditLog } from './commands/audit-log/cmd-audit-log.ts'
+import { cmdCdxgen } from './commands/cdxgen/cmd-cdxgen.ts'
+import { cmdScanCreate } from './commands/dependencies/cmd-dependencies.ts'
+import { cmdDiffScan } from './commands/diff-scan/cmd-diff-scan.ts'
+import { cmdFix } from './commands/fix/cmd-fix.ts'
+import { cmdInfo } from './commands/info/cmd-info.ts'
 import { loginCommand } from './commands/login'
 import { logoutCommand } from './commands/logout'
 import { manifestCommand } from './commands/manifest'
@@ -24,8 +24,8 @@ import { optimizeCommand } from './commands/optimize'
 import { organizationCommand } from './commands/organization'
 import { rawNpmCommand } from './commands/raw-npm'
 import { rawNpxCommand } from './commands/raw-npx'
-import { reportCommand } from './commands/report'
-import { reposCommand } from './commands/repos'
+import { cmdReport } from './commands/report/cmd-report.ts'
+import { cmdRepos } from './commands/repos/cmd-repos.ts'
 import { cmdScan } from './commands/scan/cmd-scan.ts'
 import { threatFeedCommand } from './commands/threat-feed'
 import { wrapperCommand } from './commands/wrapper'
@@ -47,10 +47,10 @@ void (async () => {
   try {
     await meowWithSubcommands(
       {
-        action: actionCommand,
-        cdxgen: cdxgenCommand,
-        fix: fixCommand,
-        info: infoCommand,
+        action: cmdAction,
+        cdxgen: cmdCdxgen,
+        fix: cmdFix,
+        info: cmdInfo,
         login: loginCommand,
         logout: logoutCommand,
         npm: npmCommand,
@@ -59,14 +59,14 @@ void (async () => {
         organization: organizationCommand,
         'raw-npm': rawNpmCommand,
         'raw-npx': rawNpxCommand,
-        report: reportCommand,
+        report: cmdReport,
         wrapper: wrapperCommand,
         scan: cmdScan,
-        'audit-log': auditLogCommand,
-        repos: reposCommand,
-        dependencies: dependenciesCommand,
-        analytics: analyticsCommand,
-        'diff-scan': diffScanCommand,
+        'audit-log': cmdAuditLog,
+        repos: cmdRepos,
+        dependencies: cmdScanCreate,
+        analytics: cmdAnalytics,
+        'diff-scan': cmdDiffScan,
         'threat-feed': threatFeedCommand,
         manifest: manifestCommand
       },

src/commands/action/cmd-action.ts

@@ -0,0 +1,61 @@
+// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/socketcli.py
+import meowOrExit from 'meow'
+
+import { runAction } from './run-action.ts'
+import { type CliCommandConfig } from '../../utils/meow-with-subcommands'
+import { getFlagListOutput } from '../../utils/output-formatting.ts'
+
+const config: CliCommandConfig = {
+  commandName: 'action',
+  description: 'Socket action command', // GitHub Action ?
+  hidden: true,
+  flags: {
+    // This flag is unused
+    // socketSecurityApiKey: { // deprecate this asap.
+    //   type: 'string',
+    //   default: 'env var SOCKET_SECURITY_API_KEY',
+    //   description: 'Socket API token'
+    // },
+    githubEventBefore: {
+      type: 'string',
+      default: '',
+      description: 'Before marker'
+    },
+    githubEventAfter: {
+      type: 'string',
+      default: '',
+      description: 'After marker'
+    }
+  },
+  help: (parentName, { commandName, flags }) => `
+    Usage
+      $ ${parentName} ${commandName} [options]
+
+    Options
+      ${getFlagListOutput(flags, 6)}
+  `
+}
+
+export const cmdAction = {
+  description: config.description,
+  hidden: config.hidden,
+  run: run
+}
+
+async function run(
+  argv: readonly string[],
+  importMeta: ImportMeta,
+  { parentName }: { parentName: string }
+): Promise<void> {
+  const cli = meowOrExit(config.help(parentName, config), {
+    argv,
+    description: config.description,
+    importMeta,
+    flags: config.flags
+  })
+
+  const githubEventBefore = String(cli.flags['githubEventBefore'] || '')
+  const githubEventAfter = String(cli.flags['githubEventAfter'] || '')
+
+  await runAction(githubEventBefore, githubEventAfter)
+}

src/commands/action/index.ts

@@ -0,0 +1,87 @@
+// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/socketcli.py
+
+import micromatch from 'micromatch'
+import { simpleGit } from 'simple-git'
+
+import { SocketSdk } from '@socketsecurity/sdk'
+
+import { Core } from './core'
+import { GitHub } from './core/github'
+import * as Messages from './core/messages'
+import * as SCMComments from './core/scm_comments'
+import { getDefaultToken } from '../../utils/sdk'
+
+// TODO: is this a github action handler?
+export async function runAction(
+  githubEventBefore: string,
+  githubEventAfter: string
+) {
+  //TODO
+  const socket = new SocketSdk(getDefaultToken()!)
+
+  const git = simpleGit()
+  const changedFiles = (
+    await git.diff(
+      process.env['GITHUB_EVENT_NAME'] === 'pull_request'
+        ? ['--name-only', 'HEAD^1', 'HEAD']
+        : ['--name-only', githubEventBefore, githubEventAfter]
+    )
+  ).split('\n')
+
+  console.log({ changedFiles })
+  // supportedFiles have 3-level deep globs
+  const patterns = Object.values(await socket.getReportSupportedFiles())
+    .flatMap((i: Record<string, any>) => Object.values(i))
+    .flatMap((i: Record<string, any>) => Object.values(i))
+    .flatMap((i: Record<string, any>) => Object.values(i))
+
+  const files = micromatch(changedFiles, patterns)
+
+  const scm = new GitHub()
+
+  if (scm.checkEventType() === 'comment') {
+    console.log('Comment initiated flow')
+    const comments = await scm.getCommentsForPR()
+    await scm.removeCommentAlerts({ comments })
+  } else if (scm.checkEventType() === 'diff') {
+    console.log('Push initiated flow')
+    const core = new Core({ owner: scm.owner, repo: scm.repo, files, socket })
+    const diff = await core.createNewDiff({})
+    const comments = await scm.getCommentsForPR()
+    diff.newAlerts = SCMComments.removeAlerts({
+      comments,
+      newAlerts: diff.newAlerts
+    })
+    const overviewComment = Messages.dependencyOverviewTemplate(diff)
+    const securityComment = Messages.securityCommentTemplate(diff)
+    let newSecurityComment = true
+    let newOverviewComment = true
+    let updateOldSecurityComment = comments.security !== undefined
+    let updateOldOverviewComment = comments.overview !== undefined
+    if (diff.newAlerts.length === 0) {
+      if (!updateOldSecurityComment) {
+        newSecurityComment = false
+        console.log('No new alerts or security issue comment disabled')
+      } else {
+        console.log('Updated security comment with no new alerts')
+      }
+    }
+    if (diff.newPackages.length === 0 && diff.removedPackages.length === 0) {
+      if (!updateOldOverviewComment) {
+        newOverviewComment = false
+        console.log(
+          'No new/removed packages or Dependency Overview comment disabled'
+        )
+      } else {
+        console.log('Updated overview comment with no dependencies')
+      }
+    }
+    await scm.addSocketComments({
+      securityComment,
+      overviewComment,
+      comments,
+      newSecurityComment,
+      newOverviewComment
+    })
+  }
+}