snyk-labs / snyk-filter Goto Github PK

Please can snyk-filter become an official npm package?

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

No npm token specified.

An npm token must be created and set in the NPM_TOKEN environment variable on your CI environment.

Please make sure to create an npm token and to set it in the NPM_TOKEN environment variable on your CI environment. The token must allow to publish to the registry https://registry.npmjs.org/.

Good luck with your project ✨

Your semantic-release bot 📦🚀

the issues for IaC are under a different array. rather than .vulnerabilities[] the issues are located in .infrastructureAsCodeIssues[]

I created a filter based on that and the resulting response codes based on the filter is correct, although it didn't completely work. snyk-filter makes some assumptions in the code about .vulnerabilities[] (e.g. https://github.com/snyk-tech-services/snyk-filter/blob/36fa715f21275d82ebbf032d57a7520c7f8f5342/lib/snyk-display.js#L31)
so the display of the issues is messed up

Using:
[email protected]
[email protected]
[email protected]

When run with the --all-projects JSON input from the Snyk CLI, snyk-filter produces invalid JSON output, as illustrated in the following example with snyk-to-html:

> $ snyk test --all-projects --json | snyk-filter -f ~/opt/snyk/filter-high-vulns-upgradeable.yml --json |snyk-to-html -o results.html
Using a custom API endpoint from `snyk config` (tip: it should contain path to `/api`): https://snyk.io/api/v1/
json output enabled
json output enabled
json output enabled
High severity & upgradeable vulns found. Please review upgrade steps
Snyk Test Failed
The source provided is not a valid json! Please validate that the input provided to the CLI is an actual JSON

Tip: To find more information, try running `snyk-to-html` in debug mode by appending to the CLI the `-d` parameter

Error running `snyk-to-html`. Please check you are providing the correct parameters. Is the issue persists contact [email protected]

Attached are the JSON outputs from the Snyk CLI and from snyk-filter, along with a copy of the filter that was used.
supporting-docs.zip

It appears the difference between the two outputs is that the CLI output contains an array of snyk projects, but the snyk-filter output is a concatenation of these.

Is there an existing issue for this?

• I have searched the existing issues

Description of the bug

Show the following error

filter failed
err
Error: spawn Unknown system error -86
    at ChildProcess.spawn (node:internal/child_process:413:11)
    at Object.spawn (node:child_process:757:9)
    at /Users/kingwu/.nvm/versions/node/v18.16.1/lib/node_modules/snyk-filter/node_modules/node-jq/lib/exec.js:22:45
    at new Promise (<anonymous>)
    at Object.exec [as default] (/Users/kingwu/.nvm/versions/node/v18.16.1/lib/node_modules/snyk-filter/node_modules/node-jq/lib/exec.js:15:12)
    at /Users/kingwu/.nvm/versions/node/v18.16.1/lib/node_modules/snyk-filter/node_modules/node-jq/lib/jq.js:17:27
    at new Promise (<anonymous>)
    at Object.run (/Users/kingwu/.nvm/versions/node/v18.16.1/lib/node_modules/snyk-filter/node_modules/node-jq/lib/jq.js:15:12)
    at /Users/kingwu/.nvm/versions/node/v18.16.1/lib/node_modules/snyk-filter/lib/snyk-filter.js:154:8
    at new Promise (<anonymous>) {
  errno: -86,
  code: 'Unknown system error -86',
  syscall: 'spawn'
}

Steps To Reproduce

use nodejs 18.16.1 and run the following command
snyk-filter -i ./sample-data/snyk-sample-results.json -f ./sample-filters/example-complex-combination-SCA.yml

Additional Information

No response

Hi,

I have just pulled version 1.3.0 and i am getting this error:

Error loading yml fileError: Function yaml.safeLoad is removed in js-yaml 4. Use yaml.load instead, which is now safe by default.
/usr/local/lib/node_modules/snyk-filter/lib/snyk-filter.js:24
  const jqFilterString = customFilters.filter;
                                       ^

TypeError: Cannot read properties of undefined (reading 'filter')
    at onDataCallback (/usr/local/lib/node_modules/snyk-filter/lib/snyk-filter.js:24:40)
    at /usr/local/lib/node_modules/snyk-filter/lib/snyk-filter.js:42:5
    at FSReqCallback.readFileAfterClose [as oncomplete] (node:internal/fs/read_file_context:68:3)

Cannot reproduce this error in version 1.2.3

Regards

Is there an existing issue for this?

• I have searched the existing issues

Description of the bug

[BUG]: There are 2 Path Traversals issues which are detected by snyk code in index.js

Steps To Reproduce

run snyk code test on this repo

Additional Information

No response

allow tabs (not just spaces) to be used in the yaml since its still valid yaml

https://snyk.slack.com/archives/CL4CLU9S9/p1589678253008700

The filter file(.yml file) should have specific required fields for snyk-filter to work correctly. These are "customFilters", "filter", "pass" and "msg". If there is a typo in any of these snyk-filter throws a type error like below:

/Users/lovebhardwaj/Tools/snyk-filter/lib/snyk-filter.js:18
  const jqFilterString = customFilters.filter;
                                       ^

TypeError: Cannot read property 'filter' of undefined

The error is ambiguous for the user. We need to have sanity( ! == null) check to see if the required fields exist in the .yml file. If not then throw an error to let the user know.

    var ymlFileInJSON = yaml.safeLoad(fs.readFileSync(filters, 'utf8'));
    customFilters = ymlFileInJSON.customFilters; 

The YAML filter file used is attached for two different cases where same error is thrown(have changed the extension from .yml to .txt since GitHub won't let me attach a .yml file). First case the problem seems to be causes by indentation and second seems to be caused by incorrect field name.

Command used:

snyk-filter -i snyk_results.json -f snyk-filter-1.yml

snyk-filter-1.txt

snyk-filter-2.txt

package snyk-filter executable to the release assets section, as it is being done with other tools

Can you support .snyk ignores?

My .snyk is:

ignore:
  SNYK-JS-ANSIREGEX-1583908:
    - '*':
      reason: 'This dependency is not actually used. See: https://github.com/aws/aws-sdk-js-v3/issues/3640'
      expires: '2024-01-01T00:00:00.000Z'

Snyk-filter should honor those ignores.