report: concept for html report feature (needs design)

mster · mster · commit 8d5a6ec17b60 · 2019-08-12T19:36:56.000-07:00
diff --git a/commands/report.js b/commands/report.js
@@ -14,6 +14,7 @@ const {
 } = require('../lib/report/util')
 const longReport = require('../lib/report/long')
 const shortReport = require('../lib/report/short')
+const htmlReport = require('../lib/report/html')
 const { helpHeader } = require('../lib/help')
 const {
   COLORS,
@@ -30,7 +31,8 @@ module.exports.optionsList = optionsList
 
 async function report (argv, _dir) {
   const {
-    long
+    long,
+    html
   } = argv
   let { dir = _dir } = argv
   if (!dir) dir = process.cwd()
@@ -162,6 +164,7 @@ async function report (argv, _dir) {
 
   if (!long) shortReport(pkgScores, whitelisted, dir, argv)
   if (long) longReport(pkgScores, whitelisted, dir, argv)
+  if (html) htmlReport(pkgScores, whitelisted, dir, html, argv)
   if (hasFailures) process.exitCode = 1
 }
 
diff --git a/lib/report/html.js b/lib/report/html.js
@@ -0,0 +1,192 @@
+'use strict'
+
+const path = require('path')
+const { promisify } = require('util')
+const writeFile = promisify(require('fs').writeFile)
+const {
+  summaryInfo,
+  filterVulns,
+  SEVERITY_RMAP
+} = require('./util')
+const {
+  COLORS,
+  success,
+  formatError
+} = require('../ncm-style')
+const L = console.log
+
+module.exports = htmlReport
+
+async function htmlReport (report, whitelist, dir, output) {
+  if (output === true) output = path.join(process.cwd(), `ncm-report-${Date.now()}.html`)
+
+  const { riskCount, insecureModules, complianceCount, securityCount } = summaryInfo(report)
+
+  /* Define embedded CSS report styles */
+  const reportStyles = `
+    body {
+      background: ${COLORS.base.match(/(#[a-zA-Z0-9]*)/)[0]};
+      padding: 10px;
+    }
+    p {
+      color: white;
+    }
+    .summary {
+      text-align: left;
+      font-size: 14pt;
+      color: #ffffff;
+    }
+    .module-list {
+
+    }
+    .module-element {
+      padding: 0px;
+      margin: 0px;
+      font-size: 10pt;
+    }
+  `
+
+  /* Begin body with report summary */
+  let reportBody = `
+    <h1 class="">${path.basename(dir) || 'NCM'} Report</h1>
+    <h6>Powered by <a href="https://docs.nodesource.com/ncmv2/docs">Node Certified Modules v2</a></h6>
+    <div class="summary">
+      <div style=""><b>${report.length}</b> packages checked</div>
+      <br>
+      <div style="color:${COLORS.red.match(/(#[a-zA-Z0-9]*)/)[0]}"><b>${riskCount[4]}</b> Critical Risk</div>
+      <div style="color:${COLORS.orange.match(/(#[a-zA-Z0-9]*)/)[0]}"><b>${riskCount[3]}</b> High Risk</div>
+      <div style="color:${COLORS.yellow.match(/(#[a-zA-Z0-9]*)/)[0]}"><b>${riskCount[2]}</b> Medium Risk</div>
+      <div style="color:${COLORS.light1.match(/(#[a-zA-Z0-9]*)/)[0]}"><b>${riskCount[1]}</b> Low Risk</div>
+      <br>
+      <div><b>${securityCount}</b> security vulnerabilities found across <b>${insecureModules}</b> modules</div>
+      <div><b>${complianceCount}</b> noncompliant modules found</div>
+      ${(whitelist.length > 0 ? `<div><b>${whitelist.length}</b> used modules whitelisted </div>` : '')}
+    </div>
+  `
+
+  /* Whitelisted Modules */
+  reportBody += `
+  <a data-toggle="collapse" href="#collapseWL" data-target="#collapseWL">
+    <h2>Whitelisted Modules</h2>
+  </a>
+  <div class="module-list collapse" id="collapseWL">`
+  for (const pkg of whitelist) {
+    reportBody += formatSegment(pkg)
+  }
+  reportBody += '</div>'
+
+  /* Non-whitelisted Modules */
+  reportBody += `
+  <h2>Non-whitelisted Modules</h2>
+  <div class="module-list">`
+
+  /* Critical risk */
+  reportBody += `
+  <a data-toggle="collapse" href="#collapseCritRisk" data-target="#collapseCritRisk">
+    <h4>Critical Risk Modules</h4>
+  </a>
+  <div class="module-list collapse" id="collapseCritRisk">`
+  for (const pkg of report.filter(pkg => pkg.maxSeverity === 4)) {
+    reportBody += formatSegment(pkg)
+  }
+  reportBody += '</div>'
+
+  /* High risk */
+  reportBody += `
+  <a data-toggle="collapse" href="#collapseHighRisk" data-target="#collapseHighRisk">
+    <h4>High Risk Modules</h4>
+  </a>
+  <div class="module-list collapse" id="collapseHighRisk">`
+  for (const pkg of report.filter(pkg => pkg.maxSeverity === 3)) {
+    reportBody += formatSegment(pkg)
+  }
+  reportBody += '</div>'
+
+  /* Medium risk */
+  reportBody += `
+  <a data-toggle="collapse" href="#collapseMedRisk" data-target="#collapseMedRisk">
+    <h4>Medium Risk Modules</h4>
+  </a>
+  <div class="module-list collapse" id="collapseMedRisk">`
+  for (const pkg of report.filter(pkg => pkg.maxSeverity === 2)) {
+    reportBody += formatSegment(pkg)
+  }
+  reportBody += '</div>'
+
+  /* Low risk */
+  reportBody += `
+  <a data-toggle="collapse" href="#collapseLowRisk" data-target="#collapseLowRisk">
+    <h4>Low Risk Modules</h4>
+  </a>
+  <div class="module-list collapse" id="collapseLowRisk">`
+  for (const pkg of report.filter(pkg => pkg.maxSeverity === 1)) {
+    reportBody += formatSegment(pkg)
+  }
+  reportBody += '</div>'
+
+  /* None risk */
+  reportBody += `
+  <a data-toggle="collapse" href="#collapseNoneRisk" data-target="#collapseNoneRisk">
+    <h4>No Risk Modules</h4>
+  </a>
+  <div class="module-list collapse" id="collapseNoneRisk">`
+  for (const pkg of report.filter(pkg => pkg.maxSeverity === 0)) {
+    reportBody += formatSegment(pkg)
+  }
+  reportBody += '</div>'
+
+  reportBody += '</div>'
+
+  /* Format final HTML report */
+  const html = `
+  <!DOCTYPE html>
+  <html>
+  <head>
+    <title>${path.basename(dir) || 'NCM'} Report</title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+    <style type="text/css">
+      ${reportStyles}
+    </style>
+  </head>
+  <body>
+    ${reportBody}
+    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
+  </body>
+  </html>
+  `
+
+  /* Write report to file */
+  try {
+    await writeFile(output, html)
+    L()
+    L(success(`Wrote HTML report to: ${output}`))
+    L()
+  } catch (error) {
+    L()
+    L(formatError(`Unable to write HTML report to: ${output}`, error))
+    L()
+    process.exitCode = 1
+  }
+}
+
+function formatSegment (pkg) {
+  const { name, version, maxSeverity, failures, license } = pkg
+  const pkgVulns = filterVulns(failures).map(v => v === 0 ? '' : `${v} ${['Critical', 'High', 'Medium', 'Low'][v]}`)
+  const pkgLicense = license && license.data && license.data.spdx ? license.data.spdx : 'UNKNOWN'
+  const pkgSeverity = SEVERITY_RMAP[maxSeverity]
+
+  const segment = `
+  <div class="row module-element">
+    <div class="col-4" style="display:inline-block;">${name}@${version}</div>
+    <div class="col-2" style="display:inline-block;">Risk: ${pkgSeverity}</div>
+    <div class="col-3" style="display:inline-block;">License: ${pkgLicense}</div>
+    <div class="col-3" style="display:inline-block;">
+      Vulnerabilities: ${pkgVulns.join('').length === 0 ? 'None' : pkgVulns.join(' ')}
+    </div>
+  </div>
+  `
+
+  return segment
+}
diff --git a/lib/report/summary.js b/lib/report/summary.js
@@ -7,7 +7,7 @@ const {
   tooltip
 } = require('../ncm-style')
 const {
-  SEVERITY_RMAP
+  summaryInfo
 } = require('./util')
 const L = console.log
 const chalk = require('chalk')
@@ -19,27 +19,7 @@ function summary (report, dir, filterOptions) {
   L(chalk`${report.length} {${COLORS.light1} packages checked}`)
   L()
 
-  const riskCount = [0, 0, 0, 0, 0]
-  let insecureModules = 0
-  let complianceCount = 0
-  let securityCount = 0
-
-  for (const pkg of report) {
-    let insecure = false
-    let pkgMaxSeverity = 0
-    for (const score of pkg.scores) {
-      if (score.group === 'quality') continue
-      if (score.group === 'compliance' && !score.pass) complianceCount++
-      if (score.group === 'security' && !score.pass) {
-        securityCount++
-        insecure = true
-      }
-      const scoreIndex = SEVERITY_RMAP.indexOf(score.severity)
-      pkgMaxSeverity = scoreIndex > pkgMaxSeverity ? scoreIndex : pkgMaxSeverity
-    }
-    riskCount[pkgMaxSeverity]++
-    if (insecure) insecureModules++
-  }
+  const { riskCount, insecureModules, complianceCount, securityCount } = summaryInfo(report)
 
   L(chalk`  {${COLORS.red} ! ${riskCount[4]}} critical risk`)
   L(chalk`    {${COLORS.orange} ${riskCount[3]}} high risk`)
diff --git a/lib/report/util.js b/lib/report/util.js
@@ -40,7 +40,9 @@ module.exports = {
   severityTextLabel,
   shortVulnerabilityList,
   moduleList,
-  moduleSort
+  moduleSort,
+  summaryInfo,
+  filterVulns
 }
 
 function filterReport (report, options) {
@@ -121,15 +123,7 @@ function moduleList (report, title, options) {
         : chalk`{${COLORS.red} X}`
 
       /* security badge */
-      const vulns = [0, 0, 0, 0]
-      for (const { group, severity } of pkg.failures) {
-        if (group === 'security') {
-          if (severity === 'CRITICAL') vulns[3]++
-          if (severity === 'HIGH') vulns[2]++
-          if (severity === 'MEDIUM') vulns[1]++
-          if (severity === 'LOW') vulns[0]++
-        }
-      }
+      const vulns = filterVulns(pkg.failures)
       const securityBadges = [
         vulns.reduce((a, b) => a + b, 0) === 0
           ? chalk`{${COLORS.green} ✓} 0` : chalk`{${COLORS.red} X} `,
@@ -254,3 +248,43 @@ function severityTextLabel (severity) {
   const color = severity === 'NONE' ? COLORS.base : COLORS.light1
   return chalk`{${color} ${severityLabel[severity]}}`
 }
+
+function summaryInfo (report) {
+  const riskCount = [0, 0, 0, 0, 0]
+  let insecureModules = 0
+  let complianceCount = 0
+  let securityCount = 0
+
+  for (const pkg of report) {
+    let insecure = false
+    let pkgMaxSeverity = 0
+    for (const score of pkg.scores) {
+      if (score.group === 'quality') continue
+      if (score.group === 'compliance' && !score.pass) complianceCount++
+      if (score.group === 'security' && !score.pass) {
+        securityCount++
+        insecure = true
+      }
+      const scoreIndex = SEVERITY_RMAP.indexOf(score.severity)
+      pkgMaxSeverity = scoreIndex > pkgMaxSeverity ? scoreIndex : pkgMaxSeverity
+    }
+    riskCount[pkgMaxSeverity]++
+    if (insecure) insecureModules++
+  }
+
+  return { riskCount, insecureModules, complianceCount, securityCount }
+}
+
+function filterVulns (failures) {
+  const vulns = [0, 0, 0, 0]
+  for (const { group, severity } of failures) {
+    if (group === 'security') {
+      if (severity === 'CRITICAL') vulns[3]++
+      if (severity === 'HIGH') vulns[2]++
+      if (severity === 'MEDIUM') vulns[1]++
+      if (severity === 'LOW') vulns[0]++
+    }
+  }
+
+  return vulns
+}
