From ac357ae0d212beb0d7d28d68a833cf0624d49f6d Mon Sep 17 00:00:00 2001
From: taro-kayo <40859826+taro-kayo@users.noreply.github.com>
Date: Sat, 28 Oct 2023 13:29:43 +0900
Subject: [PATCH] fix: Scan job fails even though CVE is on ignore list

---
 index.js | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/index.js b/index.js
index ab83f24..a8b2e06 100644
--- a/index.js
+++ b/index.js
@@ -135,6 +135,26 @@ function configureGlobalProxy(proxyUrl) {
   });
 }
 
+function countFailingVulnerabilities(failThreshold, foundCounts, ignoredCounts) {
+    let count = foundCounts.critical - ignoredCounts.critical;
+    if (failThreshold === 'critical') {
+        return count;
+    }
+    count += foundCounts.high - ignoredCounts.high;
+    if (failThreshold === 'high') {
+        return count;
+    }
+    count += foundCounts.medium - ignoredCounts.medium;
+    if (failThreshold === 'medium') {
+        return count;
+    }
+    count += foundCounts.low - ignoredCounts.low;
+    if (failThreshold === 'low') {
+        return count;
+    }
+    return count + foundCounts.informational - ignoredCounts.informational;
+}
+
 const main = async () => {
   core.debug('Entering main')
   const repository = core.getInput('repository', { required: true })
@@ -247,12 +267,11 @@ const main = async () => {
   console.log('=================')
   console.log(`${total.toString().padStart(3, ' ')} Total ${getCount('total', ignoredCounts)}`)
 
-  const numFailingVulns =
-    failThreshold === 'informational' ? total - ignoredCounts.informational
-      : failThreshold === 'low' ? critical + high + medium + low - ignoredCounts.low
-        : failThreshold === 'medium' ? critical + high + medium - ignoredCounts.medium
-          : failThreshold === 'high' ? critical + high - ignoredCounts.high
-            : /* failThreshold === 'critical' ? */ critical - ignoredCounts.critical
+  const numFailingVulns = countFailingVulnerabilities(
+    failThreshold,
+    { informational, low, medium, high, critical },
+    ignoredCounts,
+  )
 
   if (numFailingVulns > 0) {
     throw new Error(`Detected ${numFailingVulns} vulnerabilities with severity >= ${failThreshold} (the currently configured fail_threshold).`)