Cleanup code and update dependencies

GaelGirodon · GaelGirodon · commit 735659af9c3a · 2025-06-30T13:23:58.000+02:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -33,17 +33,17 @@
     "src/**/*.ejs"
   ],
   "dependencies": {
-    "axios": "^1.9.0",
+    "axios": "^1.10.0",
     "ejs": "npm:neat-ejs@^3.1.10",
     "jsonpath-plus": "^10.3.0"
   },
   "devDependencies": {
-    "@eslint/js": "^9.27.0",
+    "@eslint/js": "^9.30.0",
     "c8": "^10.1.3",
-    "eslint": "^9.27.0",
+    "eslint": "^9.30.0",
     "express": "^5.1.0",
     "globals": "^16.2.0",
-    "mocha": "^11.5.0",
+    "mocha": "^11.7.1",
     "mocha-junit-reporter": "^2.2.1"
   },
   "engines": {
diff --git a/src/cli.js b/src/cli.js
@@ -3,8 +3,8 @@
  * CLI and environment handling service
  */
 
-import { existsSync } from "fs";
-import { readFile } from "fs/promises";
+import { existsSync } from "node:fs";
+import { readFile } from "node:fs/promises";
 
 /**
  * Statuses expected for the "status" CLI option
@@ -113,7 +113,7 @@ export async function parseArgs() {
   // Extract options
   for (const opt of expectedOptions) {
     // From the command line
-    const i = process.argv.findIndex(a => a == `--${opt.name}`);
+    const i = process.argv.findIndex(a => a === `--${opt.name}`);
     let value = undefined;
     if (i >= 0 && i + 1 < process.argv.length) {
       value = process.argv[i + 1];
@@ -157,10 +157,9 @@ export class CliError extends Error {
    *
    * @param {number} exitCode Process exit code
    * @param {string} message Error message
-   * @param  {...any} args Other arguments
    */
-  constructor(exitCode = 1, message = "", ...args) {
-    super(message, ...args);
+  constructor(exitCode = 1, message = "") {
+    super(message);
     this.exitCode = exitCode;
   }
 
diff --git a/src/config.js b/src/config.js
@@ -3,7 +3,7 @@
  * Tool configuration service
  */
 
-import { readFile } from "fs/promises";
+import { readFile } from "node:fs/promises";
 import { JSONPath } from "jsonpath-plus";
 
 /**
diff --git a/src/defectdojo.js b/src/defectdojo.js
@@ -52,9 +52,9 @@ export class DefectDojoApiClient {
   /**
    * Fetch engagements by product and name.
    *
-   * @param {string} productId Product id
-   * @param {string} name Engagement name (optional)
-   * @returns Engagements
+   * @param {string|number} productId Product id
+   * @param {string} [name] Engagement name (optional)
+   * @returns Promise<any> Engagements
    * @throws Request error
    */
   async getEngagements(productId, name) {
@@ -81,7 +81,7 @@ export class DefectDojoApiClient {
    *
    * @param {string[]} engagements Engagements ids
    * @param {string[]} statuses Statuses to filter
-   * @returns Vulnerabilities
+   * @returns Promise<any> Vulnerabilities
    * @throws Request error
    */
   async getFindings(engagements, statuses) {
diff --git a/src/exports.js b/src/exports.js
@@ -4,9 +4,9 @@
  */
 
 import ejs from "ejs";
-import { readFile, writeFile } from "fs/promises";
-import { dirname, join } from "path";
-import { fileURLToPath } from "url";
+import { readFile, writeFile } from "node:fs/promises";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
 import { resolveField } from "./config.js";
 
 /**
diff --git a/src/index.js b/src/index.js
@@ -7,4 +7,4 @@
 
 import { main } from "./main.js";
 
-main();
+await main();
diff --git a/src/main.js b/src/main.js
@@ -3,7 +3,8 @@
  * Export a security debt from DefectDojo.
  */
 
-import { join } from "path";
+import assert from "node:assert/strict";
+import { join } from "node:path";
 import { parseArgs } from "./cli.js";
 import { loadConfig } from "./config.js";
 import { DefectDojoApiClient } from "./defectdojo.js";
@@ -40,6 +41,8 @@ export async function main() {
     return [...results, ...engagements];
   }, []);
 
+  assert(engagements.length > 0, "No engagement found");
+
   // Fetch vulnerabilities
   const findings = await defectDojo
     .getFindings(engagements.map(e => e.id), opts.status)
@@ -58,7 +61,7 @@ export async function main() {
   for (const finding of findings) {
     // Resultant criticity
     finding.severity = finding.severity?.toLowerCase();
-    const i = Math.max(impacts.findIndex(i => i == finding.severity), 0);
+    const i = Math.max(impacts.findIndex(i => i === finding.severity), 0);
     const e = easeTags.indexOf(finding.tags?.find(t => easeTags.includes(t)) ?? easeTags[0]);
     finding.ease_index = e;
     finding.ease = eases[e];
@@ -82,13 +85,13 @@ export async function main() {
     (f2.severity_index - f1.severity_index) || f1.title.localeCompare(f2.title));
 
   console.log("[info] Vulnerabilities:", criticities.map(c =>
-    findings.filter(f => f.criticity == c).length + " " + c).join(", "));
+    findings.filter(f => f.criticity === c).length + " " + c).join(", "));
 
   /*
    * Generate reports
    */
 
-  const defaultReportName = "Security-Debt" + (products.length == 1 ? `_${products[0].name}` : "");
+  const defaultReportName = "Security-Debt" + (products.length === 1 ? `_${products[0].name}` : "");
   const path = opts.output ?? join(process.cwd(), defaultReportName);
 
   for (const format of opts.format) {
diff --git a/src/template.ejs b/src/template.ejs
@@ -64,7 +64,6 @@
     td, th {
       padding: .3em .6em;
       border: 1px solid #dbdbdb;
-      border-width: 1px;
     }
     thead th {
       border-width: 1px 1px 2px 1px;
@@ -130,9 +129,9 @@
           <%_ for (const finding of findings) { -%>
           <tr>
             <%_ for (const field of finding) { -%>
-            <%_ if (field.type == "criticity") { -%>
+            <%_ if (field.type === "criticity") { -%>
             <td class="criticity c<%= field.index %>"><%= field.value %></td>
-            <%_ } else if (field.type == "boolean") { -%>
+            <%_ } else if (field.type === "boolean") { -%>
             <td><%= field.value ? "Y" : "N" %></td>
             <%_ } else { -%>
             <td <%_ if (field.value?.length > 20) { %> title="<%= field.value %>" <% } %>><%= field.value -%></td>
diff --git a/test/cli.js b/test/cli.js
@@ -1,4 +1,4 @@
-import assert from "assert";
+import assert from "node:assert/strict";
 import { CliError, parseArgs } from "../src/cli.js";
 
 describe("cli", function () {
@@ -38,7 +38,7 @@ describe("cli", function () {
         } else { // Success expected
           let opts;
           await assert.doesNotReject(async () => { opts = await parseArgs() });
-          assert.strictEqual(Object.keys(opts).length, 8);
+          assert.equal(Object.keys(opts).length, 8);
         }
       });
     }
diff --git a/test/config.js b/test/config.js
@@ -1,6 +1,6 @@
-import assert from "assert";
-import { existsSync } from "fs";
-import { rm, writeFile } from "fs/promises";
+import assert from "node:assert/strict";
+import { existsSync } from "node:fs";
+import { rm, writeFile } from "node:fs/promises";
 import { loadConfig } from "../src/config.js";
 
 describe("config", function () {
@@ -28,7 +28,7 @@ describe("config", function () {
         } else { // Success expected
           let config;
           await assert.doesNotReject(async () => { config = await loadConfig(path) });
-          assert.notStrictEqual(config, null);
+          assert.notEqual(config, null);
         }
       });
     }
diff --git a/test/defectdojo.js b/test/defectdojo.js
@@ -1,4 +1,4 @@
-import assert from "assert";
+import assert from "node:assert/strict";
 import { DefectDojoApiClient } from "../src/defectdojo.js";
 
 const client = new DefectDojoApiClient("http://localhost:8888", "TOKEN");
@@ -9,9 +9,9 @@ describe("DefectDojoApiClient", function () {
     it("should return a single product", async function () {
       let product;
       await assert.doesNotReject(async () => product = await client.getProduct("product"));
-      assert.strictEqual(product.id, 1);
-      assert.strictEqual(product.title, "product");
-      assert.strictEqual(product.url, "http://localhost:8888/product/1");
+      assert.equal(product.id, 1);
+      assert.equal(product.title, "product");
+      assert.equal(product.url, "http://localhost:8888/product/1");
     });
     it("should throw if the product doesn't exist", async function () {
       await assert.rejects(() => client.getProduct("unknown"));
@@ -22,32 +22,32 @@ describe("DefectDojoApiClient", function () {
     it("should return all product engagements when searching by product id", async function () {
       let engagements;
       await assert.doesNotReject(async () => engagements = await client.getEngagements(1));
-      assert.strictEqual(engagements.length, 2);
-      assert.strictEqual(engagements[0].id, 1);
-      assert.strictEqual(engagements[0].url, "http://localhost:8888/engagement/1");
-      assert.strictEqual(engagements[1].id, 2);
-      assert.strictEqual(engagements[1].url, "http://localhost:8888/engagement/2");
+      assert.equal(engagements.length, 2);
+      assert.equal(engagements[0].id, 1);
+      assert.equal(engagements[0].url, "http://localhost:8888/engagement/1");
+      assert.equal(engagements[1].id, 2);
+      assert.equal(engagements[1].url, "http://localhost:8888/engagement/2");
     });
     it("should return a single engagement when searching also by name", async function () {
       let engagements;
       await assert.doesNotReject(async () => engagements = await client.getEngagements(1, "main"));
-      assert.strictEqual(engagements.length, 1);
-      assert.strictEqual(engagements[0].id, 1);
-      assert.strictEqual(engagements[0].name, "main");
-      assert.strictEqual(engagements[0].url, "http://localhost:8888/engagement/1");
+      assert.equal(engagements.length, 1);
+      assert.equal(engagements[0].id, 1);
+      assert.equal(engagements[0].name, "main");
+      assert.equal(engagements[0].url, "http://localhost:8888/engagement/1");
     });
     it("should return no engagement if none exists with the given name", async function () {
       let engagements;
       await assert.doesNotReject(async () => engagements = await client.getEngagements(1, "unknown"));
-      assert.strictEqual(engagements.length, 0);
+      assert.equal(engagements.length, 0);
     });
   });
 
   describe("#getFindings()", function () {
     it("should return findings", async function () {
       let findings;
       await assert.doesNotReject(async () => findings = await client.getFindings([], []));
-      assert.strictEqual(10, findings.length);
+      assert.equal(10, findings.length);
     });
     it("should throw if something went wrong", async function () {
       await assert.rejects(() => client.getFindings(["fatal"], []));
diff --git a/test/e2e.js b/test/e2e.js
@@ -1,7 +1,7 @@
-import assert from "assert";
-import { mkdir, readFile, rm } from "fs/promises";
-import { join } from "path";
-import { fileURLToPath } from "url";
+import assert from "node:assert/strict";
+import { mkdir, readFile, rm } from "node:fs/promises";
+import { join } from "node:path";
+import { fileURLToPath } from "node:url";
 import { main } from "../src/main.js";
 
 const outputDir = fileURLToPath(new URL("tmp", import.meta.url));
@@ -58,17 +58,17 @@ describe("defectdojo-report", function () {
       { str: ">Y<", count: 3 }, // 3 vulnerabilities that must be fixed by the service provider
       { str: ">N<", count: 7 } // 7 vulnerabilities that must be fixed by the owner
     ].forEach(({ str, count }) => {
-      assert.strictEqual(html.match(new RegExp(str, "g"))?.length, count, `Invalid '${str}' count`);
+      assert.equal(html.match(new RegExp(str, "g"))?.length, count, `Invalid '${str}' count`);
     });
 
     // Check the JSON report content
     const jsonReport = JSON.parse(json);
-    assert.strictEqual(jsonReport.products?.length, 1);
-    assert.strictEqual(jsonReport.engagements?.length, 1);
-    assert.strictEqual(jsonReport.findings?.length, 10);
+    assert.equal(jsonReport.products?.length, 1);
+    assert.equal(jsonReport.engagements?.length, 1);
+    assert.equal(jsonReport.findings?.length, 10);
 
     // Check the CSV report content
-    assert.strictEqual(csv.match(/\n/g).length, 10);
+    assert.equal(csv.match(/\n/g).length, 10);
   });
 
   after(async function () {
diff --git a/test/stub.js b/test/stub.js
@@ -4,7 +4,7 @@
  */
 
 import express from "express";
-import { readFileSync } from "fs";
+import { readFileSync } from "node:fs";
 
 const port = 8888;
 const app = express();
@@ -42,7 +42,7 @@ app.get("/api/v2/engagements", (req, res) => {
 
 // GET /api/v2/engagements should return some test findings.
 app.get("/api/v2/findings", (req, res) => {
-  if (req.query.test__engagement === "fatal") {
+  if (req.query["test__engagement"] === "fatal") {
     res.sendStatus(500);
     return;
   }

Original file line number	Diff line number	Diff line change
`@@ -7,4 +7,4 @@`
`7`	`7`
`8`	`8`	`import { main } from "./main.js";`
`9`	`9`
`10`		`-main();`
	`10`	`+await main();`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-import assert from "assert";`
	`1`	`+import assert from "node:assert/strict";`
`2`	`2`	`import { CliError, parseArgs } from "../src/cli.js";`
`3`	`3`
`4`	`4`	`describe("cli", function () {`
`@@ -38,7 +38,7 @@ describe("cli", function () {`
`38`	`38`	`} else { // Success expected`
`39`	`39`	`let opts;`
`40`	`40`	`await assert.doesNotReject(async () => { opts = await parseArgs() });`
`41`		`- assert.strictEqual(Object.keys(opts).length, 8);`
	`41`	`+ assert.equal(Object.keys(opts).length, 8);`
`42`	`42`	`}`
`43`	`43`	`});`
`44`	`44`	`}`