From c94fa3f555e8f52c5fb6051d617d9d3d1aed90d1 Mon Sep 17 00:00:00 2001 From: Jon Church Date: Tue, 5 May 2026 14:53:46 -0400 Subject: [PATCH] fix: unify SEVERITY_ORDER across commands --- packages/core/src/types.ts | 10 ++++++++++ packages/deepsec/src/commands/export.ts | 11 +---------- packages/deepsec/src/commands/metrics.ts | 14 +++----------- packages/deepsec/src/sandbox/partitioner.ts | 19 ++++++------------- packages/processor/src/enrich.ts | 10 +--------- packages/processor/src/index.ts | 10 +--------- 6 files changed, 22 insertions(+), 52 deletions(-) diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts index b328e11..c7aa0c3 100644 --- a/packages/core/src/types.ts +++ b/packages/core/src/types.ts @@ -92,6 +92,16 @@ export interface AnalysisEntry { export type Severity = "CRITICAL" | "HIGH" | "MEDIUM" | "HIGH_BUG" | "BUG" | "LOW"; export type Confidence = "high" | "medium" | "low"; +/** Severity rank, lower is more severe. Used by `--min-severity` filter and severity sort. */ +export const SEVERITY_ORDER: Record = { + CRITICAL: 0, + HIGH: 1, + MEDIUM: 2, + HIGH_BUG: 3, + BUG: 4, + LOW: 5, +}; + export type RevalidationVerdict = "true-positive" | "false-positive" | "fixed" | "uncertain"; export interface Revalidation { diff --git a/packages/deepsec/src/commands/export.ts b/packages/deepsec/src/commands/export.ts index a336166..6c7532e 100644 --- a/packages/deepsec/src/commands/export.ts +++ b/packages/deepsec/src/commands/export.ts @@ -2,18 +2,9 @@ import crypto from "node:crypto"; import fs from "node:fs"; import path from "node:path"; import type { FileRecord, Finding, Severity } from "@deepsec/core"; -import { dataDir, getDataRoot, loadAllFileRecords } from "@deepsec/core"; +import { dataDir, getDataRoot, loadAllFileRecords, SEVERITY_ORDER } from "@deepsec/core"; import { BOLD, DIM, GREEN, RESET, YELLOW } from "../formatters.js"; -const SEVERITY_ORDER: Record = { - CRITICAL: 0, - HIGH: 1, - HIGH_BUG: 2, - MEDIUM: 3, - BUG: 4, - LOW: 5, -}; - interface OwnerSummary { assignee?: string; assigneeSource?: "oncall" | "manager" | "top-contributor" | "last-committer"; diff --git a/packages/deepsec/src/commands/metrics.ts b/packages/deepsec/src/commands/metrics.ts index 24ca073..9d1dc43 100644 --- a/packages/deepsec/src/commands/metrics.ts +++ b/packages/deepsec/src/commands/metrics.ts @@ -1,17 +1,9 @@ import fs from "node:fs"; import path from "node:path"; -import { getDataRoot, loadAllFileRecords } from "@deepsec/core"; +import type { Severity } from "@deepsec/core"; +import { getDataRoot, loadAllFileRecords, SEVERITY_ORDER } from "@deepsec/core"; import { BOLD, CYAN, DIM, GREEN, RED, RESET, YELLOW } from "../formatters.js"; -const SEVERITY_ORDER: Record = { - CRITICAL: 0, - HIGH: 1, - MEDIUM: 2, - HIGH_BUG: 3, - BUG: 4, - LOW: 5, -}; - interface TokenStats { input: number; output: number; @@ -59,7 +51,7 @@ function discoverProjects(): string[] { } function getMetrics(projectId: string, minSeverity?: string): ProjectMetrics { - const minOrder = minSeverity ? (SEVERITY_ORDER[minSeverity] ?? 2) : 99; + const minOrder = minSeverity ? (SEVERITY_ORDER[minSeverity as Severity] ?? 2) : 99; const records = loadAllFileRecords(projectId); const m: ProjectMetrics = { diff --git a/packages/deepsec/src/sandbox/partitioner.ts b/packages/deepsec/src/sandbox/partitioner.ts index 1de9009..f339c9c 100644 --- a/packages/deepsec/src/sandbox/partitioner.ts +++ b/packages/deepsec/src/sandbox/partitioner.ts @@ -1,18 +1,10 @@ import fs from "node:fs"; import path from "node:path"; -import type { FileRecord } from "@deepsec/core"; -import { dataDir, loadAllFileRecords } from "@deepsec/core"; +import type { FileRecord, Severity } from "@deepsec/core"; +import { dataDir, loadAllFileRecords, SEVERITY_ORDER } from "@deepsec/core"; import { noiseScore } from "@deepsec/scanner"; import type { PartitionResult, SandboxSubcommand } from "./types.js"; -const SEVERITY_ORDER: Record = { - CRITICAL: 0, - HIGH: 1, - MEDIUM: 2, - HIGH_BUG: 3, - BUG: 4, -}; - /** * Load eligible files for the given command and split into N disjoint partitions. */ @@ -60,18 +52,19 @@ export function partitionFiles( } break; - case "revalidate": + case "revalidate": { + const minSev = opts.minSeverity ? SEVERITY_ORDER[opts.minSeverity as Severity] : undefined; eligible = allRecords.filter((r) => { if (r.findings.length === 0) return false; const unrevalidated = r.findings.filter((f) => { if (!opts.force && f.revalidation) return false; - if (opts.minSeverity && SEVERITY_ORDER[f.severity] > SEVERITY_ORDER[opts.minSeverity]) - return false; + if (minSev !== undefined && SEVERITY_ORDER[f.severity] > minSev) return false; return true; }); return unrevalidated.length > 0; }); break; + } default: eligible = allRecords; diff --git a/packages/processor/src/enrich.ts b/packages/processor/src/enrich.ts index f98b244..7d26449 100644 --- a/packages/processor/src/enrich.ts +++ b/packages/processor/src/enrich.ts @@ -6,6 +6,7 @@ import { getRegistry, loadAllFileRecords, readProjectConfig, + SEVERITY_ORDER, writeFileRecord, } from "@deepsec/core"; @@ -152,15 +153,6 @@ interface EnrichProgress { total?: number; } -const SEVERITY_ORDER: Record = { - CRITICAL: 0, - HIGH: 1, - HIGH_BUG: 2, - MEDIUM: 3, - BUG: 4, - LOW: 5, -}; - export async function enrich(params: { projectId: string; filter?: string; diff --git a/packages/processor/src/index.ts b/packages/processor/src/index.ts index 6f83f65..29270ac 100644 --- a/packages/processor/src/index.ts +++ b/packages/processor/src/index.ts @@ -10,6 +10,7 @@ import { loadAllFileRecords, readProjectConfig, readRunMeta, + SEVERITY_ORDER, writeFileRecord, writeRunMeta, } from "@deepsec/core"; @@ -577,15 +578,6 @@ export async function process(params: { // --- Revalidation --- -const SEVERITY_ORDER: Record = { - CRITICAL: 0, - HIGH: 1, - MEDIUM: 2, - HIGH_BUG: 3, - BUG: 4, - LOW: 5, -}; - export async function revalidate(params: { projectId: string; runId?: string;