Handle sast tool not found

src/branchprotection/BranchProtectionService.ts

@@ -32,7 +32,7 @@ export class BranchProtectionService {
       if (error.status === 401) {
         core.info('Failed to get branch protection');
         // Removes link to REST API endpoint
-        const errorMessage: string = error.message.split('.')[0];
+        const errorMessage: string = error.message.split('-')[0];
         core.warning(errorMessage, {
           title: 'Branch protection control failed',
         });

src/identitiesInRepo/identitiesInRepoService.ts

@@ -33,11 +33,11 @@
 
       for await (const { data: page } of iterator) {
         for (const user of page) {
           if (user.permissions!.admin) {
             numberOfAdmins++;
           } else if (user.permissions!.maintain!) {
             numberOfWriters++;
           } else if (user.permissions!.push!) {
             numberOfWriters++;
           } else if (user.permissions!.triage!) {
             numberOfReaders++;
@@ -56,7 +56,7 @@
       core.info('Failed to fetch identities for repo');
       if (error.status === 401 || error.status === 403) {
         // Removes link to REST API endpoint
-        const errorMessage: string = error.message.split('.')[0];
+        const errorMessage: string = error.message.split('-')[0];
         core.warning(errorMessage, {
           title: 'Failed to fetch identities for repo',
         });

src/sasttools/CodeQLService.ts

@@ -4,7 +4,12 @@ import GitHub_Tool_Severity_Level from '../types/GithubToolSeverityLevel';
 import { CodeScanningAlertsForRepoResponseDataType } from '../types/OctokitResponses';
 
 export class CodeQLService {
-  public static async setCodeQLFindings(octokit: Octokit, owner: string, repo: string): Promise<void> {
+  public static async setCodeQLFindings(
+    nameOfTool: string,
+    octokit: Octokit,
+    owner: string,
+    repo: string
+  ): Promise<void> {
     try {
       // https://www.npmjs.com/package/octokit#pagination
       const iterator: AsyncIterableIterator<CodeScanningAlertsForRepoResponseDataType> = octokit.paginate.iterator(
@@ -49,6 +54,7 @@ export class CodeQLService {
       console.log('High: ' + sastNumberOfSeverity3);
       console.log('Critical: ' + sastNumberOfSeverity4);
 
+      core.exportVariable('sastTool', nameOfTool);
       core.exportVariable('SASTnumberOfSeverity1', sastNumberOfSeverity1);
       core.exportVariable('SASTnumberOfSeverity2', sastNumberOfSeverity2);
       core.exportVariable('SASTnumberOfSeverity3', sastNumberOfSeverity3);
@@ -57,7 +63,7 @@ export class CodeQLService {
       core.info('Failed to get CodeQL severities');
       if (error.status === 401 || error.status === 403 || error.status === 404) {
         // Removes link to REST API endpoint
-        const errorMessage: string = error.message.split('.')[0];
+        const errorMessage: string = error.message.split('-')[0];
         core.warning(errorMessage, {
           title: 'SAST tool control failed',
         });
@@ -66,10 +72,6 @@ export class CodeQLService {
           title: 'SAST tool control failed',
         });
       }
-      core.exportVariable('SASTnumberOfSeverity1', 0);
-      core.exportVariable('SASTnumberOfSeverity2', 0);
-      core.exportVariable('SASTnumberOfSeverity3', 0);
-      core.exportVariable('SASTnumberOfSeverity4', 0);
     }
   }
 }

src/sasttools/SastService.ts

@@ -15,16 +15,18 @@ export class SastService {
     if (process.env.sastTool) {
       sast = process.env.sastTool;
     }
-    console.log(`Tool:`, `${sast}`);
-    core.exportVariable('sastTool', sast);
-
     if (!sast || sast === '' || sast === 'name-of-tool') {
       core.warning('SAST Tool is not set!');
       return;
     }
-
-    if (sast.toLowerCase() === GitHub_Tools.CODEQL.toLowerCase()) {
-      await CodeQLService.setCodeQLFindings(octokit, owner, repo);
+    console.log(`Tool:`, `${sast}`);
+    switch (sast.toLowerCase()) {
+      case GitHub_Tools.CODEQL.toLowerCase():
+        await CodeQLService.setCodeQLFindings(sast, octokit, owner, repo);
+        break;
+      default:
+        core.exportVariable('sastTool', sast);
+        break;
     }
     console.log();
   }

src/scatools/DependabotService.ts

@@ -4,7 +4,12 @@ import GitHub_Tool_Severity_Level from '../types/GithubToolSeverityLevel';
 import { DependabotAlertsForRepoResponseDataType } from '../types/OctokitResponses';
 
 export class DependabotService {
-  public static async setDependabotFindings(octokit: Octokit, owner: string, repo: string): Promise<void> {
+  public static async setDependabotFindings(
+    nameOfTool: string,
+    octokit: Octokit,
+    owner: string,
+    repo: string
+  ): Promise<void> {
     try {
       // https://www.npmjs.com/package/octokit#pagination
       const iterator: AsyncIterableIterator<DependabotAlertsForRepoResponseDataType> = octokit.paginate.iterator(
@@ -46,6 +51,7 @@ export class DependabotService {
       console.log('High: ' + scaNumberOfSeverity3);
       console.log('Critical: ' + scaNumberOfSeverity4);
 
+      core.exportVariable('scaTool', nameOfTool);
       core.exportVariable('SCAnumberOfSeverity1', scaNumberOfSeverity1);
       core.exportVariable('SCAnumberOfSeverity2', scaNumberOfSeverity2);
       core.exportVariable('SCAnumberOfSeverity3', scaNumberOfSeverity3);
@@ -54,7 +60,7 @@ export class DependabotService {
       core.info('Failed to get Dependabot severities');
       if (error.status === 401 || error.status === 403 || error.status === 404) {
         // Removes link to REST API endpoint
-        const errorMessage: string = error.message.split('.')[0];
+        const errorMessage: string = error.message.split('-')[0];
         core.warning(errorMessage, {
           title: 'SCA tool control failed',
         });
@@ -63,10 +69,6 @@ export class DependabotService {
           title: 'SCA tool control failed',
         });
       }
-      core.exportVariable('SCAnumberOfSeverity1', 0);
-      core.exportVariable('SCAnumberOfSeverity2', 0);
-      core.exportVariable('SCAnumberOfSeverity3', 0);
-      core.exportVariable('SCAnumberOfSeverity4', 0);
     }
   }
 }

src/scatools/ScaService.ts

@@ -15,16 +15,18 @@ export class ScaService {
     if (process.env.scaTool) {
       sca = process.env.scaTool;
     }
-    console.log(`Tool:`, `${sca}`);
-    core.exportVariable('scaTool', sca);
-
     if (!sca || sca === '' || sca === 'name-of-tool') {
       core.warning('SCA Tool is not set!');
       return;
     }
-
-    if (sca.toLowerCase() === GitHub_Tools.DEPENDABOT.toLowerCase()) {
-      await DependabotService.setDependabotFindings(octokit, owner, repo);
+    console.log(`Tool:`, `${sca}`);
+    switch (sca.toLowerCase()) {
+      case GitHub_Tools.DEPENDABOT.toLowerCase():
+        await DependabotService.setDependabotFindings(sca, octokit, owner, repo);
+        break;
+      default:
+        core.exportVariable('scaTool', sca);
+        break;
     }
     console.log();
   }

src/secretscanning/SecretScanningService.ts

@@ -30,13 +30,13 @@ export class SecretScanningService {
       core.info('Failed to get number of exposed secrets');
       if (error.status === 401) {
         // Removes link to REST API endpoint
-        const errorMessage: string = error.message.split('.')[0];
+        const errorMessage: string = error.message.split('-')[0];
         core.warning(errorMessage, {
           title: 'Number of exposed secrets control failed',
         });
       } else if (error.status === 404) {
         // Removes link to REST API endpoint
-        const errorMessage: string = error.message.split('.')[0];
+        const errorMessage: string = error.message.split('-')[0];
         if (errorMessage === 'Secret scanning is disabled on this repository') {
           core.warning(errorMessage, {
             title: 'Number of exposed secrets control failed',

tests/BranchProtectionService.test.ts

@@ -2,7 +2,7 @@ import * as core from '@actions/core';
 import sinon, { SinonStub } from 'sinon';
 import { BranchProtectionService } from '../src/branchprotection/BranchProtectionService';
 
-describe('BranchProtectionService', () => {
+describe('BranchProtectionService', function () {
   let warningStub: SinonStub;
   let noticeStub: SinonStub;
   let infoStub: SinonStub;
@@ -19,7 +19,7 @@ describe('BranchProtectionService', () => {
     },
   };
 
-  beforeEach(() => {
+  beforeEach(function () {
     warningStub = sinon.stub(core, 'warning');
     noticeStub = sinon.stub(core, 'notice');
     infoStub = sinon.stub(core, 'info');
@@ -28,11 +28,11 @@ describe('BranchProtectionService', () => {
     getBranchProtectionStub = sinon.stub(octokitMock.rest.repos, 'getBranchProtection');
   });
 
-  afterEach(() => {
+  afterEach(function () {
     sinon.restore();
   });
 
-  it('should handle successful branch protection retrieval', async () => {
+  it('should handle successful branch protection retrieval', async function () {
     getBranchProtectionStub.returns({
       data: {
         enforce_admins: { enabled: true },
@@ -45,7 +45,7 @@ describe('BranchProtectionService', () => {
     sinon.assert.notCalled(warningStub);
   });
 
-  it('should warn when admins can bypass branch protection rules', async () => {
+  it('should warn when admins can bypass branch protection rules', async function () {
     getBranchProtectionStub.returns({
       data: {
         enforce_admins: { enabled: false },
@@ -58,7 +58,7 @@ describe('BranchProtectionService', () => {
     sinon.assert.calledOnceWithExactly(exportVariableStub, 'numberOfReviewers', 0);
   });
 
-  it('should handle a 401 error', async () => {
+  it('should handle a 401 error', async function () {
     getBranchProtectionStub.rejects({
       status: 401,
       message: '401 error message',
@@ -69,7 +69,7 @@ describe('BranchProtectionService', () => {
     sinon.assert.notCalled(exportVariableStub);
   });
 
-  it('should handle a 404 error (caused by branch protection not enabled)', async () => {
+  it('should handle a 404 error (caused by branch protection not enabled)', async function () {
     getBranchProtectionStub.rejects({
       status: 404,
       message: 'Branch not protected',
@@ -80,7 +80,7 @@ describe('BranchProtectionService', () => {
     sinon.assert.calledOnceWithExactly(exportVariableStub, 'numberOfReviewers', 0);
   });
 
-  it('should handle a normal 404 error', async () => {
+  it('should handle a normal 404 error', async function () {
     getBranchProtectionStub.rejects({
       status: 404,
       message: 'Regular 404 error message',
@@ -91,7 +91,7 @@ describe('BranchProtectionService', () => {
     sinon.assert.notCalled(exportVariableStub);
   });
 
-  it('should call warning when branch protection is enabled but receives 404 (status = 404)', async () => {
+  it('should call warning when branch protection is enabled but receives 404 (status = 404)', async function () {
     getBranchProtectionStub.rejects({
       status: 500,
       message: 'Default error case',

tests/CodeQLService.test.ts

@@ -1,8 +1,9 @@
 import * as core from '@actions/core';
 import sinon, { SinonStub } from 'sinon';
 import { CodeQLService } from '../src/sasttools/CodeQLService';
+import GitHub_Tools from '../src/types/GitHubTools';
 
-describe('CodeQLService', () => {
+describe('CodeQLService', function () {
   let warningStub: SinonStub;
   let noticeStub: SinonStub;
   let infoStub: SinonStub;
@@ -33,7 +34,7 @@ describe('CodeQLService', () => {
     sinon.restore();
   });
 
-  it('should handle successful code scanning retrieval', async () => {
+  it('should handle successful code scanning retrieval', async function () {
     iteratorStub.returns([
       {
         data: [
@@ -61,73 +62,54 @@ describe('CodeQLService', () => {
       },
     ]);
 
-    await CodeQLService.setCodeQLFindings(octokitMock, 'owner', 'repo');
-    sinon.assert.callCount(exportVariableStub, 4);
+    await CodeQLService.setCodeQLFindings(GitHub_Tools.CODEQL, octokitMock, 'owner', 'repo');
+    sinon.assert.callCount(exportVariableStub, 5);
+    sinon.assert.calledWithExactly(exportVariableStub, 'sastTool', GitHub_Tools.CODEQL);
     sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity1', 1);
     sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity2', 1);
     sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity3', 1);
     sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity4', 1);
     sinon.assert.notCalled(warningStub);
   });
 
-  it('should handle a 401 error', async () => {
+  it('should handle a 401 error', async function () {
     iteratorStub.throws({
       status: 401,
       message: '401 error message',
     });
 
-    await CodeQLService.setCodeQLFindings(octokitMock, 'owner', 'repo');
+    await CodeQLService.setCodeQLFindings(GitHub_Tools.CODEQL, octokitMock, 'owner', 'repo');
     sinon.assert.calledOnce(warningStub);
-    sinon.assert.callCount(exportVariableStub, 4);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity1', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity2', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity3', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity4', 0);
   });
 
-  it('should handle a 403 error', async () => {
+  it('should handle a 403 error', async function () {
     iteratorStub.throws({
       status: 403,
       message: '403 error message',
     });
 
-    await CodeQLService.setCodeQLFindings(octokitMock, 'owner', 'repo');
+    await CodeQLService.setCodeQLFindings(GitHub_Tools.CODEQL, octokitMock, 'owner', 'repo');
     sinon.assert.calledOnce(warningStub);
-    sinon.assert.callCount(exportVariableStub, 4);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity1', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity2', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity3', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity4', 0);
   });
 
-  it('should handle a 404 error', async () => {
+  it('should handle a 404 error', async function () {
     iteratorStub.throws({
       status: 404,
       message: '404 error message',
     });
 
-    await CodeQLService.setCodeQLFindings(octokitMock, 'owner', 'repo');
+    await CodeQLService.setCodeQLFindings(GitHub_Tools.CODEQL, octokitMock, 'owner', 'repo');
     sinon.assert.calledOnce(warningStub);
-    sinon.assert.callCount(exportVariableStub, 4);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity1', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity2', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity3', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity4', 0);
   });
 
-  it('should handle error other than 401, 403, 404', async () => {
+  it('should handle error other than 401, 403, 404', async function () {
     iteratorStub.throws({
       status: 500,
       message: 'Default error case',
     });
 
-    await CodeQLService.setCodeQLFindings(octokitMock, 'owner', 'repo');
+    await CodeQLService.setCodeQLFindings(GitHub_Tools.CODEQL, octokitMock, 'owner', 'repo');
     sinon.assert.calledOnce(noticeStub);
-    sinon.assert.callCount(exportVariableStub, 4);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity1', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity2', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity3', 0);
-    sinon.assert.calledWithExactly(exportVariableStub, 'SASTnumberOfSeverity4', 0);
     sinon.assert.notCalled(warningStub);
   });
 });