@conterra/vuln-scan 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/add-statement.js +1 -1
- package/package.json +1 -1
package/dist/add-statement.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
"use strict";var N=Object.create;var x=Object.defineProperty;var $=Object.getOwnPropertyDescriptor;var k=Object.getOwnPropertyNames;var A=Object.getPrototypeOf,I=Object.prototype.hasOwnProperty;var C=(t,e,r,f)=>{if(e&&typeof e=="object"||typeof e=="function")for(let a of k(e))!I.call(t,a)&&a!==r&&x(t,a,{get:()=>e[a],enumerable:!(f=$(e,a))||f.enumerable});return t};var D=(t,e,r)=>(r=t!=null?N(A(t)):{},C(e||!t||!t.__esModule?x(r,"default",{value:t,enumerable:!0}):r,t));var h=D(require("node:readline/promises")),j=require("node:process");var _=D(require("path"));var m=require("fs/promises");async function v(t){if(await O(t))return JSON.parse(await(0,m.readFile)(t,{encoding:"utf-8"}))}async function O(t){try{return await(0,m.access)(t,m.constants.F_OK),!0}catch{return!1}}async function b(t){let e="https://repository.conterra.de/repository/maven-mirror-ct",r=l(t.workingDir,"input/vex"),f=l(t.workingDir,"output"),a=l(t.workingDir,"cache"),S=["grype","trivy","ossindex"],g=l(t.workingDir,"vuln-scan-conf.json"),o=await v(g);if(!o)throw new Error(`Missing project configuration file '${g}'`);return{failOnNewVulnerabilities:!1,createSubDirsForProject:o.createSubDirsForProject??!0,mavenRepo:o.mavenRepo??e,vexUrls:o.vexUrls??[],vexDir:l(t.workingDir,o.vexDir)??r,outDir:l(t.workingDir,o.outDir)??f,cacheDir:l(t.workingDir,o.cacheDir)??a,scanners:o.scanners??S,projects:(o.projects??[]).map(c=>{let i=c;if(!i.name)throw new Error("Project name is missing on entry:"+JSON.stringify(i));if(!i.version)throw new Error("Project version is missing on entry:"+JSON.stringify(i));if(!i.purl)throw new Error("Project purl is missing on entry:"+JSON.stringify(i));return i.enabled==null&&(i.enabled=!0),i.silent==null&&(i.silent=!1),i.minimumSeverity||(i.minimumSeverity="UNKNOWN"),i.sbomFile?{...i,sbomFile:l(t.workingDir,i.sbomFile)}:c})}}function l(t,e){if(e)return _.default.isAbsolute(e)?e:(0,_.resolve)(t,e)}var P=require("path");var F=require("fs/promises"),E=require("crypto");(async()=>{let t=await b({workingDir:process.cwd()});console.info("## Add New VEX Statement ##");let e=h.default.createInterface({input:j.stdin,output:j.stdout}),r=await e.question(`CVE name (e.g. CVE-2023-52070):
|
|
3
3
|
> `);r||(console.log("Please provide a CVE name."),process.exit(1));let f=t.projects.map(n=>`${n.name}@${n.version}`),a=await e.question(`Projects to add? Available are:
|
|
4
|
-
- ${f.join(
|
|
4
|
+
- ${f.join(`
|
|
5
5
|
- `)}
|
|
6
6
|
You can list multiple projects separated by comma:
|
|
7
7
|
> `);a||(console.log("Please provide projects to add."),process.exit(1));let S=a.split(/\s*,\s*/).map(n=>{let s=n.split("@");return{name:s[0],version:s[1]}}),g=new Set(function*(){for(let n of S)for(let s of t.projects)s.name===n.name&&s.version===n.version&&(yield s.purl)}()),o=(0,P.resolve)(t.vexDir,`${r}.json`),c=await v(o),i=["under_investigation","affected","fixed","not_affected"],p=await e.question(`Status? Available are:
|