vuejs support (#123)

app-build.sh

@@ -3,7 +3,7 @@
 rm -rf AppDir appimage-builder-cache
 rm *.AppImage*
 mkdir -p appimage-builder-cache
-cp ~/Downloads/runtime-x86_64 appimage-builder-cache/
+wget https://github.com/AppImage/AppImageKit/releases/download/12/runtime-x86_64 -O appimage-builder-cache/runtime-x86_64
 UPDATE_INFO="gh-releases-zsync|ShiftLeftSecurity|sast-scan|latest|*x86_64.AppImage.zsync" appimage-builder --recipe appimage-builder.yml --skip-test
 rm -rf AppDir appimage-builder-cache
 chmod +x *.AppImage

lib/builder.py

@@ -75,9 +75,9 @@ def auto_build(type_list, src, reports_dir):
                 return ret
         # Look for any _scan function in this module for execution
         try:
-            getattr(sys.modules[__name__], "%s_build" % ptype)(
-                src, reports_dir, lang_tools
-            )
+            dfn = getattr(sys.modules[__name__], "%s_build" % ptype, None)
+            if dfn:
+                dfn(src, reports_dir, lang_tools)
         except Exception:
             continue
     return ret

lib/config.py

@@ -75,6 +75,7 @@
     "credscan",
     "depscan",
     "go",
+    "groovy",
     "java",
     "jsp",
     "kotlin",
@@ -100,7 +101,6 @@
     ".mvn",
     ".idea",
     "dist",
-    "bin",
     "obj",
     "backup",
     "docs",
@@ -114,6 +114,9 @@
     ".serverless",
     "venv",
     ".virtualenv",
+    "vendor",
+    "bower_components",
+    ".vscode",
 ]
 
 # Ignore files list
@@ -138,6 +141,8 @@
     ".d.ts",
     ".min.js",
     ".min.css",
+    ".eslintrc.js",
+    ".babelrc.js",
 ]
 
 

lib/convert.py

@@ -53,7 +53,7 @@ def tweak_severity(tool_name, issue_dict):
     :return:
     """
     issue_severity = issue_dict["issue_severity"]
-    if tool_name in ["staticcheck", "psalm", "phpstan"]:
+    if tool_name in ["staticcheck", "psalm", "phpstan", "source-js"]:
         if issue_severity in ["HIGH", "CRITICAL"]:
             return "MEDIUM"
         return "LOW"
@@ -188,7 +188,11 @@ def extract_from_file(
                         )
             elif tool_name == "source-js":
                 njs_findings = report_data.get("nodejs", {})
+                njs_findings.update(report_data.get("templates", {}))
                 for k, v in njs_findings.items():
+                    # Password detection by njsscan is full of false positives
+                    if k == "node_password":
+                        continue
                     files = v.get("files", [])
                     metadata = v.get("metadata", {})
                     if not files or not metadata:

lib/utils.py

@@ -66,7 +66,7 @@ def is_ignored_file(base_dir, file_name):
         return False
     file_name = file_name.lower()
     extn = "".join(Path(file_name).suffixes)
-    if extn in config.ignore_files:
+    if extn in config.ignore_files or file_name in config.ignore_files:
         return True
     return False
 

scan

@@ -181,9 +181,7 @@ def scan(type_list, src, reports_dir, convert, scan_mode, repo_context):
                 else:
                     # Look for any _scan function in this module for execution
                     try:
-                        dfn = getattr(
-                            sys.modules[__name__], "%s_scan" % type_str, None
-                        )
+                        dfn = getattr(sys.modules[__name__], "%s_scan" % type_str, None)
                         if dfn:
                             pool.apply_async(
                                 dfn, (src, reports_dir, convert, repo_context)
@@ -466,7 +464,10 @@ def sec_scan(src, reports_dir, convert, repo_context):
     sec_cmd = "njsscan"
     sec_args = [sec_cmd, *convert_args]
     js_files = utils.find_files(src, ".js")
+    vue_files = utils.find_files(src, ".vue")
     sec_args += js_files
+    if vue_files:
+        sec_args += vue_files
     exec_tool("source-js", sec_args, src)
     if convert:
         crep_fname = utils.get_report_file(