@mongodb-js/sbom-tools 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/generate-vulnerability-report.d.ts +3 -2
- package/dist/commands/generate-vulnerability-report.d.ts.map +1 -1
- package/dist/commands/generate-vulnerability-report.js +5 -10
- package/dist/commands/generate-vulnerability-report.js.map +1 -1
- package/dist/commands/scan-node-js.d.ts.map +1 -1
- package/dist/commands/scan-node-js.js +28 -23
- package/dist/commands/scan-node-js.js.map +1 -1
- package/dist/commands/severity.d.ts +7 -0
- package/dist/commands/severity.d.ts.map +1 -0
- package/dist/commands/severity.js +31 -0
- package/dist/commands/severity.js.map +1 -0
- package/package.json +2 -2
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { KnownSeverity } from './severity';
|
|
1
2
|
export declare function loadReports(files: string[]): Promise<SnykTestProjectResult[]>;
|
|
2
3
|
declare type SnykTestProjectResult = {
|
|
3
4
|
vulnerabilities: SnykVulnerability[];
|
|
@@ -8,7 +9,7 @@ declare type SnykVulnerability = {
|
|
|
8
9
|
name: string;
|
|
9
10
|
version: string;
|
|
10
11
|
cvssScore: number;
|
|
11
|
-
severity:
|
|
12
|
+
severity: KnownSeverity;
|
|
12
13
|
id: string;
|
|
13
14
|
url: string;
|
|
14
15
|
title: string;
|
|
@@ -17,7 +18,7 @@ declare type SnykVulnerability = {
|
|
|
17
18
|
export declare function generateVulnerabilityReport(options: {
|
|
18
19
|
dependencyFiles: string[];
|
|
19
20
|
snykReports: string[];
|
|
20
|
-
failOn:
|
|
21
|
+
failOn: KnownSeverity;
|
|
21
22
|
}): Promise<void>;
|
|
22
23
|
export {};
|
|
23
24
|
//# sourceMappingURL=generate-vulnerability-report.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generate-vulnerability-report.d.ts","sourceRoot":"","sources":["../../src/commands/generate-vulnerability-report.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"generate-vulnerability-report.d.ts","sourceRoot":"","sources":["../../src/commands/generate-vulnerability-report.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,wBAAsB,WAAW,CAC/B,KAAK,EAAE,MAAM,EAAE,GACd,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAUlC;AAED,aAAK,qBAAqB,GAAG;IAC3B,eAAe,EAAE,iBAAiB,EAAE,CAAC;CACtC,CAAC;AAEF,aAAK,iBAAiB,GAAG;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,aAAa,CAAC;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAoHF,wBAAsB,2BAA2B,CAAC,OAAO,EAAE;IACzD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,aAAa,CAAC;CACvB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiBhB"}
|
|
@@ -9,6 +9,7 @@ const snykPolicy = require('snyk-policy');
|
|
|
9
9
|
const lodash_1 = __importDefault(require("lodash"));
|
|
10
10
|
const chalk_1 = __importDefault(require("chalk"));
|
|
11
11
|
const load_dependency_files_1 = require("../load-dependency-files");
|
|
12
|
+
const severity_1 = require("./severity");
|
|
12
13
|
async function loadReports(files) {
|
|
13
14
|
return (await Promise.all(files.map(async (fileName) => JSON.parse(await fs_1.promises.readFile(fileName, 'utf-8'))))).flat();
|
|
14
15
|
}
|
|
@@ -69,19 +70,13 @@ function printTable(title, vulnerabilities) {
|
|
|
69
70
|
console.info(`| ${vuln.name} | ${vuln.id} | ${severity} | ${vuln.fixedIn} | ${ignored} |`);
|
|
70
71
|
}
|
|
71
72
|
}
|
|
72
|
-
const SEVERITY_TO_SCORE = {
|
|
73
|
-
low: 0,
|
|
74
|
-
medium: 4,
|
|
75
|
-
high: 7,
|
|
76
|
-
critical: 9,
|
|
77
|
-
};
|
|
78
73
|
function fail(failOn, bundleVulnerabilities) {
|
|
79
|
-
var _a;
|
|
80
|
-
const minScore =
|
|
74
|
+
var _a, _b;
|
|
75
|
+
const minScore = (_a = (0, severity_1.severityToScore)(failOn)) !== null && _a !== void 0 ? _a : 0;
|
|
81
76
|
for (const vuln of bundleVulnerabilities) {
|
|
82
|
-
if (vuln.score >= minScore &&
|
|
77
|
+
if ((vuln.score === undefined || vuln.score >= minScore) &&
|
|
83
78
|
vuln.fixedIn &&
|
|
84
|
-
((
|
|
79
|
+
((_b = vuln.policy) === null || _b === void 0 ? void 0 : _b.type) !== 'ignore') {
|
|
85
80
|
console.error(chalk_1.default.red(`Vulnerabilities check failed: found vulnerabilies >= "${failOn}"`));
|
|
86
81
|
process.exit(1);
|
|
87
82
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generate-vulnerability-report.js","sourceRoot":"","sources":["../../src/commands/generate-vulnerability-report.ts"],"names":[],"mappings":";;;;;;AAAA,2BAAoC;AAGpC,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;AAC1C,oDAAuB;AACvB,kDAA0B;AAE1B,oEAA+D;
|
|
1
|
+
{"version":3,"file":"generate-vulnerability-report.js","sourceRoot":"","sources":["../../src/commands/generate-vulnerability-report.ts"],"names":[],"mappings":";;;;;;AAAA,2BAAoC;AAGpC,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;AAC1C,oDAAuB;AACvB,kDAA0B;AAE1B,oEAA+D;AAE/D,yCAA6C;AAEtC,KAAK,UAAU,WAAW,CAC/B,KAAe;IAIf,OAAO,CACL,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,CAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,aAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CACjD,CACF,CACF,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AAZD,kCAYC;AAqCD,KAAK,UAAU,wBAAwB,CACrC,eAAwC,EACxC,YAA0B;IAE1B,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACnD,MAAM,oBAAoB,GAAwB,EAAE,CAAC;IAErD,eAAe,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACxC,aAAa,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YAC7C,YAAY,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3B,IACE,IAAI,CAAC,UAAU,KAAK,GAAG,CAAC,IAAI;oBAC5B,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC,EAChD;oBACA,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;iBACjC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,qBAAqB,GAAG,IAAI,GAAG,EAAE,CAAC;IAExC,oBAAoB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QACpC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG,GAAG,CAAC;QAEnB,IAAI,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YAClC,MAAM,YAAY,GAAG,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACpD,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;gBAC1C,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;aACnC;SACF;aAAM;YACL,qBAAqB,CAAC,GAAG,CAAC,GAAG,EAAE;gBAC7B,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE;gBACpC,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,SAAS;gBACrB,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ;qBACvB,MAAM,CAAC,CAAC,CAAC;qBACT,WAAW,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;gBAC3C,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;gBAChC,OAAO,EAAE,CAAC,MAAM,CAAC;gBACjB,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC;aAC1C,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,qBAAqB,GAAG,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAC3E,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CACvC,CAAC;IAEF,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AAED,SAAS,UAAU,CAAC,KAAa,EAAE,eAAgC;;IACjE,OAAO,CAAC,IAAI,CAAC,MAAM,KAAK,KAAK,eAAe,CAAC,MAAM,mBAAmB,CAAC,CAAC;IACxE,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;IAC3E,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;IAE3E,MAAM,WAAW,GAAG,gBAAC,CAAC,OAAO,CAC3B,eAAe,EACf,CAAC,OAAO,EAAE,MAAM,CAAC,EACjB,CAAC,MAAM,EAAE,KAAK,CAAC,CAChB,CAAC;IACF,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE;QAC9B,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,QAAQ,GAAG,CAAC;QACpD,MAAM,OAAO,GACX,CAAA,MAAA,IAAI,CAAC,MAAM,0CAAE,IAAI,MAAK,QAAQ;YAC5B,CAAC,CAAC,MAAA,IAAI,CAAC,MAAM,0CAAE,MAAM;YACrB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO;gBACf,CAAC,CAAC,+BAA+B;gBACjC,CAAC,CAAC,GAAG,CAAC;QAEV,OAAO,CAAC,IAAI,CACV,KAAK,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,MAAM,QAAQ,MAAM,IAAI,CAAC,OAAO,MAAM,OAAO,IAAI,CAC7E,CAAC;KACH;AACH,CAAC;AAED,SAAS,IAAI,CAAC,MAAqB,EAAE,qBAAsC;;IACzE,MAAM,QAAQ,GAAG,MAAA,IAAA,0BAAe,EAAC,MAAM,CAAC,mCAAI,CAAC,CAAC;IAC9C,KAAK,MAAM,IAAI,IAAI,qBAAqB,EAAE;QACxC,IACE,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC;YACpD,IAAI,CAAC,OAAO;YACZ,CAAA,MAAA,IAAI,CAAC,MAAM,0CAAE,IAAI,MAAK,QAAQ,EAC9B;YACA,OAAO,CAAC,KAAK,CACX,eAAK,CAAC,GAAG,CACP,yDAAyD,MAAM,GAAG,CACnE,CACF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;SACjB;KACF;AACH,CAAC;AAEM,KAAK,UAAU,2BAA2B,CAAC,OAIjD;IACC,MAAM,sBAAsB,GAAG,MAAM,IAAA,2CAAmB,EACtD,OAAO,CAAC,eAAe,CACxB,CAAC;IAEF,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9D,MAAM,qBAAqB,GAAG,MAAM,wBAAwB,CAC1D,cAAc,EACd,sBAAsB,CACvB,CAAC;IAEF,UAAU,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;IAEjD,IAAI,OAAO,CAAC,MAAM,EAAE;QAClB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;KAC7C;AACH,CAAC;AArBD,kEAqBC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-node-js.d.ts","sourceRoot":"","sources":["../../src/commands/scan-node-js.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"scan-node-js.d.ts","sourceRoot":"","sources":["../../src/commands/scan-node-js.ts"],"names":[],"mappings":"AAsJA,wBAAsB,UAAU,CAAC,EAAE,OAAO,EAAE,EAAE;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,iBAoBhE"}
|
|
@@ -7,28 +7,10 @@ exports.scanNodeJs = void 0;
|
|
|
7
7
|
const node_fetch_1 = __importDefault(require("node-fetch"));
|
|
8
8
|
const semver_1 = __importDefault(require("semver"));
|
|
9
9
|
const nv_1 = __importDefault(require("@pkgjs/nv"));
|
|
10
|
-
|
|
11
|
-
if (score >= 9) {
|
|
12
|
-
return 'critical';
|
|
13
|
-
}
|
|
14
|
-
if (score >= 7) {
|
|
15
|
-
return 'high';
|
|
16
|
-
}
|
|
17
|
-
if (score >= 4) {
|
|
18
|
-
return 'medium';
|
|
19
|
-
}
|
|
20
|
-
return 'low';
|
|
21
|
-
}
|
|
10
|
+
const severity_1 = require("./severity");
|
|
22
11
|
async function formatVuln(id, nodeVuln, nodeVersion) {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
const cves = await Promise.all(nodeVuln.cve.map((cve) => (0, node_fetch_1.default)(`https://cve.circl.lu/api/cve/${cve}`).then((res) => res.json())));
|
|
26
|
-
const allCvss = cves.map((cve) => cve.cvss);
|
|
27
|
-
score = Math.max(...allCvss);
|
|
28
|
-
}
|
|
29
|
-
catch (e) {
|
|
30
|
-
console.error(e);
|
|
31
|
-
}
|
|
12
|
+
const score = await fetchScore(`NSWG-COR-${id}`, nodeVuln);
|
|
13
|
+
const severity = (0, severity_1.scoreToSeverity)(score);
|
|
32
14
|
return {
|
|
33
15
|
id: `NSWG-COR-${id}`,
|
|
34
16
|
title: `Node.js core vulnerability #${id}`,
|
|
@@ -45,7 +27,7 @@ async function formatVuln(id, nodeVuln, nodeVersion) {
|
|
|
45
27
|
triageAdvice: null,
|
|
46
28
|
},
|
|
47
29
|
language: 'js',
|
|
48
|
-
severity:
|
|
30
|
+
severity: severity,
|
|
49
31
|
cvssScore: score,
|
|
50
32
|
functions: [],
|
|
51
33
|
moduleName: '.node.js',
|
|
@@ -71,7 +53,7 @@ async function formatVuln(id, nodeVuln, nodeVersion) {
|
|
|
71
53
|
publicationTime: '-',
|
|
72
54
|
modificationTime: '-',
|
|
73
55
|
socialTrendAlert: false,
|
|
74
|
-
severityWithCritical:
|
|
56
|
+
severityWithCritical: severity,
|
|
75
57
|
from: [`.node.js@${nodeVersion}`],
|
|
76
58
|
upgradePath: [],
|
|
77
59
|
isUpgradable: true,
|
|
@@ -80,6 +62,29 @@ async function formatVuln(id, nodeVuln, nodeVersion) {
|
|
|
80
62
|
version: nodeVersion,
|
|
81
63
|
};
|
|
82
64
|
}
|
|
65
|
+
async function fetchScore(vulnId, nodeVuln) {
|
|
66
|
+
const cves = await Promise.all(nodeVuln.cve.map((cve) => (0, node_fetch_1.default)(`https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=${cve}`).then((res) => res.ok
|
|
67
|
+
? res.json()
|
|
68
|
+
: Promise.reject(`Fetch ${cve} failed! status: ${res.status}`)))).catch((e) => {
|
|
69
|
+
console.error(`Error fetching score for ${vulnId}: ${e.message}`);
|
|
70
|
+
return [];
|
|
71
|
+
});
|
|
72
|
+
const getBestCvssMetricScore = (cvssMetrics) => {
|
|
73
|
+
var _a, _b, _c, _d, _e;
|
|
74
|
+
return ((_c = (_b = (_a = cvssMetrics.find((m) => m.type === 'Primary')) === null || _a === void 0 ? void 0 : _a.cvssData) === null || _b === void 0 ? void 0 : _b.baseScore) !== null && _c !== void 0 ? _c : (_e = (_d = cvssMetrics.find((m) => m.type === 'Secondary')) === null || _d === void 0 ? void 0 : _d.cvssData) === null || _e === void 0 ? void 0 : _e.baseScore);
|
|
75
|
+
};
|
|
76
|
+
const allCvss = cves.map((cve) => {
|
|
77
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p;
|
|
78
|
+
return (_k = (_e = getBestCvssMetricScore((_d = (_c = (_b = (_a = cve === null || cve === void 0 ? void 0 : cve.vulnerabilities[0]) === null || _a === void 0 ? void 0 : _a.cve) === null || _b === void 0 ? void 0 : _b.metrics) === null || _c === void 0 ? void 0 : _c.cvssMetricV31) !== null && _d !== void 0 ? _d : [])) !== null && _e !== void 0 ? _e : getBestCvssMetricScore((_j = (_h = (_g = (_f = cve === null || cve === void 0 ? void 0 : cve.vulnerabilities[0]) === null || _f === void 0 ? void 0 : _f.cve) === null || _g === void 0 ? void 0 : _g.metrics) === null || _h === void 0 ? void 0 : _h.cvssMetricV30) !== null && _j !== void 0 ? _j : [])) !== null && _k !== void 0 ? _k : getBestCvssMetricScore((_p = (_o = (_m = (_l = cve === null || cve === void 0 ? void 0 : cve.vulnerabilities[0]) === null || _l === void 0 ? void 0 : _l.cve) === null || _m === void 0 ? void 0 : _m.metrics) === null || _o === void 0 ? void 0 : _o.cvssMetricV2) !== null && _p !== void 0 ? _p : []);
|
|
79
|
+
});
|
|
80
|
+
const knownCvss = [];
|
|
81
|
+
for (const cvss of allCvss) {
|
|
82
|
+
if (typeof cvss === 'number') {
|
|
83
|
+
knownCvss.push(cvss);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
return knownCvss.length ? Math.max(...knownCvss) : undefined;
|
|
87
|
+
}
|
|
83
88
|
async function downloadCoreDb() {
|
|
84
89
|
const url = 'https://raw.githubusercontent.com/nodejs/security-wg/main/vuln/core/index.json';
|
|
85
90
|
const response = await (0, node_fetch_1.default)(url);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-node-js.js","sourceRoot":"","sources":["../../src/commands/scan-node-js.ts"],"names":[],"mappings":";;;;;;AAAA,4DAA+B;AAC/B,oDAA4B;AAC5B,mDAA2B;
|
|
1
|
+
{"version":3,"file":"scan-node-js.js","sourceRoot":"","sources":["../../src/commands/scan-node-js.ts"],"names":[],"mappings":";;;;;;AAAA,4DAA+B;AAC/B,oDAA4B;AAC5B,mDAA2B;AAC3B,yCAA6C;AAY7C,KAAK,UAAU,UAAU,CACvB,EAAU,EACV,QAAkB,EAClB,WAAmB;IAEnB,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,IAAA,0BAAe,EAAC,KAAK,CAAC,CAAC;IACxC,OAAO;QACL,EAAE,EAAE,YAAY,EAAE,EAAE;QACpB,KAAK,EAAE,+BAA+B,EAAE,EAAE;QAC1C,MAAM,EAAE,GAAG;QACX,MAAM,EAAE,CAAC,GAAG,CAAC;QACb,MAAM,EAAE;YACN,UAAU,EAAE,QAAQ,CAAC,UAAU;SAChC;QACD,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC;QAC3B,OAAO,EAAE,EAAE;QACX,OAAO,EAAE,CAAC,QAAQ,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QAC/C,QAAQ,EAAE;YACR,YAAY,EAAE,IAAI;SACnB;QACD,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,UAAU;QACtB,UAAU,EAAE;YACV;gBACE,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,KAAK,EAAE,KAAK;aACb;SACF;QACD,WAAW,EAAE,EAAE;QACf,WAAW,EAAE,QAAQ,CAAC,QAAQ;QAC9B,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE;YACX,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB;QACD,WAAW,EAAE,UAAU;QACvB,WAAW,EAAE,IAAI;QACjB,YAAY,EAAE,GAAG;QACjB,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,EAAE;QAClB,cAAc,EAAE,GAAG;QACnB,cAAc,EAAE,KAAK;QACrB,eAAe,EAAE,GAAG;QACpB,gBAAgB,EAAE,GAAG;QACrB,gBAAgB,EAAE,KAAK;QACvB,oBAAoB,EAAE,QAAQ;QAC9B,IAAI,EAAE,CAAC,YAAY,WAAW,EAAE,CAAC;QACjC,WAAW,EAAE,EAAE;QACf,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,KAAK;QAClB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,WAAW;KACrB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,MAAc,EAAE,QAAkB;IAC1D,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5B,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACvB,IAAA,oBAAK,EACH,0DAA0D,GAAG,EAAE,CAChE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACb,GAAG,CAAC,EAAE;QACJ,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE;QACZ,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,GAAG,oBAAoB,GAAG,CAAC,MAAM,EAAE,CAAC,CACjE,CACF,CACF,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;QACZ,OAAO,CAAC,KAAK,CACX,4BAA4B,MAAM,KAAM,CAAW,CAAC,OAAO,EAAE,CAC9D,CAAC;QAEF,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;IAEH,MAAM,sBAAsB,GAAG,CAC7B,WAGG,EACH,EAAE;;QACF,OAAO,CACL,MAAA,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,0CAAE,QAAQ,0CAAE,SAAS,mCAClE,MAAA,MAAA,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,0CAAE,QAAQ,0CAAE,SAAS,CACrE,CAAC;IACJ,CAAC,CAAC;IAEF,MAAM,OAAO,GAA2B,IAAI,CAAC,GAAG,CAC9C,CAAC,GAAG,EAAE,EAAE;;QACN,OAAA,MAAA,MAAA,sBAAsB,CACpB,MAAA,MAAA,MAAA,MAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,eAAe,CAAC,CAAC,CAAC,0CAAE,GAAG,0CAAE,OAAO,0CAAE,aAAa,mCAAI,EAAE,CAC3D,mCACD,sBAAsB,CACpB,MAAA,MAAA,MAAA,MAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,eAAe,CAAC,CAAC,CAAC,0CAAE,GAAG,0CAAE,OAAO,0CAAE,aAAa,mCAAI,EAAE,CAC3D,mCACD,sBAAsB,CACpB,MAAA,MAAA,MAAA,MAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,eAAe,CAAC,CAAC,CAAC,0CAAE,GAAG,0CAAE,OAAO,0CAAE,YAAY,mCAAI,EAAE,CAC1D,CAAA;KAAA,CACJ,CAAC;IAEF,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE;QAC1B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;YAC5B,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SACtB;KACF;IAED,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,KAAK,UAAU,cAAc;IAC3B,MAAM,GAAG,GACP,gFAAgF,CAAC;IAEnF,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAK,EAAC,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,oBAAoB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;KACxD;IAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;AAC/B,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,OAAe;IACxC,MAAM,SAAS,GAAG,CAAC,MAAM,IAAA,YAAE,EAAC,WAAW,CAAC,CAAC;SACtC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC;SAC1B,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhB,OAAO,gBAAM,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,EAAE,OAAO,EAAuB;IAC/D,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,OAAO,4BAA4B,CAAC,CAAC;KACzE;IAED,MAAM,UAAU,GAAG,MAAM,cAAc,EAAE,CAAC;IAE1C,MAAM,UAAU,GAAG,EAAE,CAAC;IAEtB,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;QACnD,IACE,gBAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC;YAC1C,IAAI,CAAC,OAAO;YACZ,CAAC,gBAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,EACxC;YACA,UAAU,CAAC,IAAI,CAAC,MAAM,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;SACtD;KACF;IAED,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,eAAe,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACxE,CAAC;AApBD,gCAoBC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export declare type KnownSeverity = 'low' | 'medium' | 'high' | 'critical';
|
|
2
|
+
export declare type Severity = KnownSeverity | 'unknown';
|
|
3
|
+
declare type Score = number | undefined;
|
|
4
|
+
export declare function severityToScore(severity: Severity): Score;
|
|
5
|
+
export declare function scoreToSeverity(score: number | undefined): Severity;
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=severity.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"severity.d.ts","sourceRoot":"","sources":["../../src/commands/severity.ts"],"names":[],"mappings":"AAAA,oBAAY,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AACnE,oBAAY,QAAQ,GAAG,aAAa,GAAG,SAAS,CAAC;AAEjD,aAAK,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;AAUhC,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,GAAG,KAAK,CAEzD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,CAenE"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.scoreToSeverity = exports.severityToScore = void 0;
|
|
4
|
+
const SEVERITY_TO_SCORE = {
|
|
5
|
+
low: 0,
|
|
6
|
+
medium: 4,
|
|
7
|
+
high: 7,
|
|
8
|
+
critical: 9,
|
|
9
|
+
unknown: undefined,
|
|
10
|
+
};
|
|
11
|
+
function severityToScore(severity) {
|
|
12
|
+
return SEVERITY_TO_SCORE[severity];
|
|
13
|
+
}
|
|
14
|
+
exports.severityToScore = severityToScore;
|
|
15
|
+
function scoreToSeverity(score) {
|
|
16
|
+
if (score === undefined) {
|
|
17
|
+
return 'unknown';
|
|
18
|
+
}
|
|
19
|
+
if (score >= 9) {
|
|
20
|
+
return 'critical';
|
|
21
|
+
}
|
|
22
|
+
if (score >= 7) {
|
|
23
|
+
return 'high';
|
|
24
|
+
}
|
|
25
|
+
if (score >= 4) {
|
|
26
|
+
return 'medium';
|
|
27
|
+
}
|
|
28
|
+
return 'low';
|
|
29
|
+
}
|
|
30
|
+
exports.scoreToSeverity = scoreToSeverity;
|
|
31
|
+
//# sourceMappingURL=severity.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"severity.js","sourceRoot":"","sources":["../../src/commands/severity.ts"],"names":[],"mappings":";;;AAKA,MAAM,iBAAiB,GAA4B;IACjD,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;IACX,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,SAAgB,eAAe,CAAC,QAAkB;IAChD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAFD,0CAEC;AAED,SAAgB,eAAe,CAAC,KAAyB;IACvD,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,OAAO,SAAS,CAAC;KAClB;IAED,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,UAAU,CAAC;KACnB;IACD,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,MAAM,CAAC;KACf;IACD,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,QAAQ,CAAC;KACjB;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAfD,0CAeC"}
|
package/package.json
CHANGED
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
"email": "compass@mongodb.com"
|
|
17
17
|
},
|
|
18
18
|
"homepage": "https://github.com/mongodb-js/devtools-shared",
|
|
19
|
-
"version": "0.2.
|
|
19
|
+
"version": "0.2.2",
|
|
20
20
|
"repository": {
|
|
21
21
|
"type": "git",
|
|
22
22
|
"url": "https://github.com/mongodb-js/devtools-shared.git"
|
|
@@ -85,5 +85,5 @@
|
|
|
85
85
|
"spdx-satisfies": "^5.0.1",
|
|
86
86
|
"webpack": "^5.82.0"
|
|
87
87
|
},
|
|
88
|
-
"gitHead": "
|
|
88
|
+
"gitHead": "a9fd88c959fc72cfc745e9c84d8509b8ecfea731"
|
|
89
89
|
}
|