add verbosity option (-v) to show the issues' description, migrate to shortened git.io links

Author: phosphore

npm-shrinkwrap.json

@@ -41,7 +41,7 @@
     "chalk": "^2.4.1",
     "cheerio": "^1.0.0-rc.2",
     "cli-progress": "^2.0.0",
-    "cli-table2": "^0.2.0",
+    "cli-table3": "^0.5.1",
     "escope": "^3.6.0",
     "eslint": "^6.5.1",
     "esprima": "^4.0.0",

package.json

@@ -7,6 +7,7 @@ export default class AffinityHTMLCheck {
     this.id = 'AFFINITY_HTML_CHECK';
     this.description = `Review the use of affinity property`;
     this.type = sourceTypes.HTML;
+    this.shortenedURL = "https://git.io/Jeu1z";
   }
 
   match(cheerioObj, content) {
@@ -18,7 +19,7 @@ export default class AffinityHTMLCheck {
       if (wp) {
         let features = parseWebPreferencesFeaturesString(wp);
         if (features['affinity'] !== undefined)
-          loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, severity: severity.MEDIUM, confidence: confidence.TENTATIVE, properties: { "AffinityString": features['affinity']}, manualReview: true });
+          loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, shortenedURL: self.shortenedURL, severity: severity.MEDIUM, confidence: confidence.TENTATIVE, properties: { "AffinityString": features['affinity']}, manualReview: true });
       }
 
     });

src/finder/checks/AtomicChecks/AffinityHTMLCheck.js

@@ -6,6 +6,7 @@ export default class AffinityJSCheck {
     this.id = 'AFFINITY_JS_CHECK';
     this.description = `Review the use of affinity property`;
     this.type = sourceTypes.JAVASCRIPT;
+    this.shortenedURL = "https://git.io/Jeu1z";
   }
 
   match(astNode, astHelper, scope) {
@@ -26,7 +27,7 @@ export default class AffinityJSCheck {
 
       for (const node of found_nodes) {
         if (node.value.value) {
-          location.push({ line: node.value.loc.start.line, column: node.value.loc.start.column, id: this.id, description: this.description, severity: severity.MEDIUM, confidence: confidence.TENTATIVE, properties: { "AffinityString": node.value.value }, manualReview: true });
+          location.push({ line: node.value.loc.start.line, column: node.value.loc.start.column, id: this.id, description: this.description, shortenedURL: this.shortenedURL, severity: severity.MEDIUM, confidence: confidence.TENTATIVE, properties: { "AffinityString": node.value.value }, manualReview: true });
         }
       }
     }

src/finder/checks/AtomicChecks/AffinityJSCheck.js

@@ -6,6 +6,7 @@ export default class AllowPopupsHTMLCheck {
     this.id = 'ALLOWPOPUPS_HTML_CHECK';
     this.description = `Do not allow popups in webview`;
     this.type = sourceTypes.HTML;
+    this.shortenedURL = "https://git.io/Jeu1V";
   }
 
   match(cheerioObj, content) {
@@ -15,7 +16,7 @@ export default class AllowPopupsHTMLCheck {
     webviews.each(function (i, elem) {
       const allowpopups = cheerioObj(this).attr('allowpopups');
       if (allowpopups !== undefined) {
-        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, severity: severity.LOW, confidence: confidence.CERTAIN, manualReview: false });
+        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, shortenedURL: self.shortenedURL, severity: severity.LOW, confidence: confidence.CERTAIN, manualReview: false });
       }
 
     });

src/finder/checks/AtomicChecks/AllowPopupHTMLCheck.js

@@ -6,6 +6,7 @@ export default class AuxclickHTMLCheck {
     this.id = 'AUXCLICK_HTML_CHECK';
     this.description = `Limit navigation flows to untrusted origins. Middle-click may cause Electron to open a link within a new window`;
     this.type = sourceTypes.HTML;
+    this.shortenedURL = "https://git.io/Jeu1P";
   }
 
   match(cheerioObj, content) {
@@ -17,7 +18,7 @@ export default class AuxclickHTMLCheck {
       if(dbf && (dbf === "Auxclick")){
         //Nothing to report
       }else{
-        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, severity: severity.MEDIUM, confidence: confidence.FIRM, manualReview: false });
+        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, shortenedURL: self.shortenedURL, severity: severity.MEDIUM, confidence: confidence.FIRM, manualReview: false });
       }
     });
     return loc;

src/finder/checks/AtomicChecks/AuxclickHTMLCheck.js

@@ -6,6 +6,7 @@ export default class AuxclickJSCheck {
     this.id = 'AUXCLICK_JS_CHECK';
     this.description = `Limit navigation flows to untrusted origins. Middle-click may cause Electron to open a link within a new window`;
     this.type = sourceTypes.JAVASCRIPT;
+    this.shortenedURL = "https://git.io/Jeu1K";
   }
 
   match(astNode, astHelper, scope) {
@@ -27,12 +28,12 @@ export default class AuxclickJSCheck {
       if (found_nodes.length > 0) {
         for (const node of found_nodes) {
           if (node.value.value.indexOf("Auxclick") == -1) {
-            location.push({ line: node.key.loc.start.line, column: node.key.loc.start.column, id: this.id, description: this.description, severity: severity.MEDIUM, confidence: confidence.FIRM, manualReview: false });
+            location.push({ line: node.key.loc.start.line, column: node.key.loc.start.column, id: this.id, description: this.description, shortenedURL: this.shortenedURL, severity: severity.MEDIUM, confidence: confidence.FIRM, manualReview: false });
           }
         }
       }
       else {
-        location.push({ line: astNode.loc.start.line, column: astNode.loc.start.column, id: this.id, description: this.description, severity: severity.MEDIUM, confidence: confidence.FIRM, manualReview: false });
+        location.push({ line: astNode.loc.start.line, column: astNode.loc.start.column, id: this.id, description: this.description, shortenedURL: this.shortenedURL, severity: severity.MEDIUM, confidence: confidence.FIRM, manualReview: false });
       }
 
     }

src/finder/checks/AtomicChecks/AuxclickJSCheck.js

@@ -6,6 +6,7 @@ export default class BlinkFeaturesHTMLCheck {
     this.id = 'BLINK_FEATURES_HTML_CHECK';
     this.description = `Do not use Chromium's experimental features`;
     this.type = sourceTypes.HTML;
+    this.shortenedURL = "https://git.io/Jeu19";
   }
 
   match(cheerioObj, content) {
@@ -15,15 +16,15 @@ export default class BlinkFeaturesHTMLCheck {
     webviews.each(function (i, elem) {
       let wp = cheerioObj(this).attr('enableblinkfeatures');
       if(wp){
-        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, severity: severity.LOW, confidence: confidence.CERTAIN, manualReview: true });
+        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, shortenedURL: self.shortenedURL, severity: severity.LOW, confidence: confidence.CERTAIN, manualReview: true });
       }
 
       // search for both names for now
       // todo: implement taking electron version into account
       // https://github.com/electron/electron/blob/master/docs/api/breaking-changes.md#browserwindow
       wp = cheerioObj(this).attr('blinkfeatures');
       if(wp){
-        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, severity: severity.LOW, confidence: confidence.CERTAIN, manualReview: true });
+        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, shortenedURL: self.shortenedURL, severity: severity.LOW, confidence: confidence.CERTAIN, manualReview: true });
       }
     });
     return loc;

src/finder/checks/AtomicChecks/BlinkFeaturesHTMLCheck.js

@@ -6,6 +6,7 @@ export default class BlinkFeaturesJSCheck {
     this.id = 'BLINK_FEATURES_JS_CHECK';
     this.description = `Do not use Chromium’s experimental features`;
     this.type = sourceTypes.JAVASCRIPT;
+    this.shortenedURL = "https://git.io/Jeu1M";
   }
 
   match(astNode, astHelper, scope){
@@ -29,7 +30,7 @@ export default class BlinkFeaturesJSCheck {
                  node.key.value === 'blinkFeatures' || node.key.name === 'blinkFeatures'));
 
       for (const node of found_nodes) {
-        location.push({ line: node.key.loc.start.line, column: node.key.loc.start.column, id: this.id, description: this.description, severity: severity.LOW, confidence: confidence.CERTAIN, manualReview: true });
+        location.push({ line: node.key.loc.start.line, column: node.key.loc.start.column, id: this.id, description: this.description, shortenedURL: this.shortenedURL, severity: severity.LOW, confidence: confidence.CERTAIN, manualReview: true });
       }
     }
 

src/finder/checks/AtomicChecks/BlinkFeaturesJSCheck.js

@@ -6,6 +6,7 @@ export default class CSPHTMLCheck {
     this.id = 'CSP_HTML_CHECK';
     this.description = `A CSP is set for this page using a meta tag`;
     this.type = sourceTypes.HTML;
+    this.shortenedURL = "https://git.io/JeuMe";
   }
 
   match(cheerioObj, content) {
@@ -16,7 +17,7 @@ export default class CSPHTMLCheck {
       const httpEquiv = cheerioObj(this).attr('http-equiv');
       const cspContent = cheerioObj(this).attr('content');
       if (httpEquiv && httpEquiv.toLowerCase() === "Content-Security-Policy".toLowerCase()) {
-        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, severity: severity.INFORMATIONAL, confidence: confidence.TENTATIVE, properties: { "CSPstring": cspContent }, manualReview: true });
+        loc.push({ line: content.substr(0, elem.startIndex).split('\n').length, column: 0, id: self.id, description: self.description, shortenedURL: self.shortenedURL, severity: severity.INFORMATIONAL, confidence: confidence.TENTATIVE, properties: { "CSPstring": cspContent }, manualReview: true });
       }
     });
     return loc;