@package-broker/core 0.17.4 → 0.19.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cache/index.d.ts +0 -1
- package/dist/cache/index.d.ts.map +1 -1
- package/dist/cache/index.js +0 -1
- package/dist/cache/index.js.map +1 -1
- package/dist/cache/memory-driver.d.ts +1 -1
- package/dist/cache/memory-driver.d.ts.map +1 -1
- package/dist/cache/memory-driver.js +4 -2
- package/dist/cache/memory-driver.js.map +1 -1
- package/dist/db/create-database.d.ts +8 -0
- package/dist/db/create-database.d.ts.map +1 -0
- package/dist/db/create-database.js +13 -0
- package/dist/db/create-database.js.map +1 -0
- package/dist/db/index.d.ts +0 -1
- package/dist/db/index.d.ts.map +1 -1
- package/dist/db/index.js +0 -1
- package/dist/db/index.js.map +1 -1
- package/dist/db/schema.d.ts +557 -0
- package/dist/db/schema.d.ts.map +1 -1
- package/dist/db/schema.js +72 -2
- package/dist/db/schema.js.map +1 -1
- package/dist/factory.d.ts.map +1 -1
- package/dist/factory.js +22 -2
- package/dist/factory.js.map +1 -1
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/dist/jobs/processor.d.ts.map +1 -1
- package/dist/jobs/processor.js +16 -6
- package/dist/jobs/processor.js.map +1 -1
- package/dist/kernel/container.d.ts +12 -0
- package/dist/kernel/container.d.ts.map +1 -0
- package/dist/kernel/container.js +43 -0
- package/dist/kernel/container.js.map +1 -0
- package/dist/kernel/events.d.ts +17 -0
- package/dist/kernel/events.d.ts.map +1 -0
- package/dist/kernel/events.js +54 -0
- package/dist/kernel/events.js.map +1 -0
- package/dist/kernel/hooks.d.ts +14 -0
- package/dist/kernel/hooks.d.ts.map +1 -0
- package/dist/kernel/hooks.js +31 -0
- package/dist/kernel/hooks.js.map +1 -0
- package/dist/kernel/index.d.ts +5 -0
- package/dist/kernel/index.d.ts.map +1 -0
- package/dist/kernel/index.js +5 -0
- package/dist/kernel/index.js.map +1 -0
- package/dist/kernel/plugin.d.ts +21 -0
- package/dist/kernel/plugin.d.ts.map +1 -0
- package/dist/kernel/plugin.js +30 -0
- package/dist/kernel/plugin.js.map +1 -0
- package/dist/middleware/auth.d.ts +2 -0
- package/dist/middleware/auth.d.ts.map +1 -1
- package/dist/middleware/auth.js +20 -5
- package/dist/middleware/auth.js.map +1 -1
- package/dist/modules/admin/admin.handlers.d.ts +1 -1
- package/dist/modules/admin/admin.handlers.d.ts.map +1 -1
- package/dist/modules/artifacts/artifacts.handlers.d.ts +1 -1
- package/dist/modules/artifacts/artifacts.handlers.d.ts.map +1 -1
- package/dist/modules/auth/auth.handlers.js +1 -1
- package/dist/modules/auth/auth.handlers.js.map +1 -1
- package/dist/modules/composer/index.d.ts.map +1 -1
- package/dist/modules/composer/index.js +5 -0
- package/dist/modules/composer/index.js.map +1 -1
- package/dist/modules/composer/tenant-composer.d.ts +32 -0
- package/dist/modules/composer/tenant-composer.d.ts.map +1 -0
- package/dist/modules/composer/tenant-composer.js +198 -0
- package/dist/modules/composer/tenant-composer.js.map +1 -0
- package/dist/modules/import/import.handlers.d.ts +4 -0
- package/dist/modules/import/import.handlers.d.ts.map +1 -0
- package/dist/modules/import/import.handlers.js +16 -0
- package/dist/modules/import/import.handlers.js.map +1 -0
- package/dist/{routes/api/openapi/settings.d.ts → modules/import/import.routes.d.ts} +20 -35
- package/dist/modules/import/import.routes.d.ts.map +1 -0
- package/dist/modules/import/import.routes.js +63 -0
- package/dist/modules/import/import.routes.js.map +1 -0
- package/dist/modules/import/index.d.ts +8 -0
- package/dist/modules/import/index.d.ts.map +1 -0
- package/dist/modules/import/index.js +8 -0
- package/dist/modules/import/index.js.map +1 -0
- package/dist/modules/organizations/index.d.ts +8 -0
- package/dist/modules/organizations/index.d.ts.map +1 -0
- package/dist/modules/organizations/index.js +22 -0
- package/dist/modules/organizations/index.js.map +1 -0
- package/dist/modules/organizations/organizations.handlers.d.ts +24 -0
- package/dist/modules/organizations/organizations.handlers.d.ts.map +1 -0
- package/dist/modules/organizations/organizations.handlers.js +278 -0
- package/dist/modules/organizations/organizations.handlers.js.map +1 -0
- package/dist/modules/organizations/organizations.routes.d.ts +596 -0
- package/dist/modules/organizations/organizations.routes.d.ts.map +1 -0
- package/dist/modules/organizations/organizations.routes.js +263 -0
- package/dist/modules/organizations/organizations.routes.js.map +1 -0
- package/dist/modules/packages/packages.handlers.d.ts +1 -1
- package/dist/modules/packages/packages.handlers.d.ts.map +1 -1
- package/dist/modules/packages/packages.handlers.js +3 -69
- package/dist/modules/packages/packages.handlers.js.map +1 -1
- package/dist/modules/repositories/repositories.handlers.d.ts +1 -1
- package/dist/modules/repositories/repositories.handlers.d.ts.map +1 -1
- package/dist/modules/repositories/repositories.handlers.js +74 -3
- package/dist/modules/repositories/repositories.handlers.js.map +1 -1
- package/dist/modules/repositories/repositories.routes.d.ts +12 -0
- package/dist/modules/repositories/repositories.routes.d.ts.map +1 -1
- package/dist/modules/system/index.d.ts.map +1 -1
- package/dist/modules/system/index.js +2 -1
- package/dist/modules/system/index.js.map +1 -1
- package/dist/modules/system/system.handlers.d.ts +11 -1
- package/dist/modules/system/system.handlers.d.ts.map +1 -1
- package/dist/modules/system/system.handlers.js +31 -1
- package/dist/modules/system/system.handlers.js.map +1 -1
- package/dist/modules/system/system.routes.d.ts +34 -4
- package/dist/modules/system/system.routes.d.ts.map +1 -1
- package/dist/modules/system/system.routes.js +21 -1
- package/dist/modules/system/system.routes.js.map +1 -1
- package/dist/modules/tenants/index.d.ts +8 -0
- package/dist/modules/tenants/index.d.ts.map +1 -0
- package/dist/modules/tenants/index.js +21 -0
- package/dist/modules/tenants/index.js.map +1 -0
- package/dist/modules/tenants/tenants.handlers.d.ts +24 -0
- package/dist/modules/tenants/tenants.handlers.d.ts.map +1 -0
- package/dist/modules/tenants/tenants.handlers.js +268 -0
- package/dist/modules/tenants/tenants.handlers.js.map +1 -0
- package/dist/modules/tenants/tenants.routes.d.ts +486 -0
- package/dist/modules/tenants/tenants.routes.d.ts.map +1 -0
- package/dist/modules/tenants/tenants.routes.js +227 -0
- package/dist/modules/tenants/tenants.routes.js.map +1 -0
- package/dist/modules/tokens/tokens.handlers.d.ts +1 -1
- package/dist/modules/tokens/tokens.handlers.d.ts.map +1 -1
- package/dist/modules/users/users.handlers.d.ts +1 -1
- package/dist/modules/users/users.handlers.d.ts.map +1 -1
- package/dist/modules/users/users.handlers.js +1 -1
- package/dist/modules/users/users.handlers.js.map +1 -1
- package/dist/plugins/security-advisories/advisory-db.d.ts +85 -0
- package/dist/plugins/security-advisories/advisory-db.d.ts.map +1 -0
- package/dist/plugins/security-advisories/advisory-db.js +161 -0
- package/dist/plugins/security-advisories/advisory-db.js.map +1 -0
- package/dist/plugins/security-advisories/advisory-service.d.ts +44 -0
- package/dist/plugins/security-advisories/advisory-service.d.ts.map +1 -0
- package/dist/plugins/security-advisories/advisory-service.js +122 -0
- package/dist/plugins/security-advisories/advisory-service.js.map +1 -0
- package/dist/plugins/security-advisories/advisory.handlers.d.ts +13 -0
- package/dist/plugins/security-advisories/advisory.handlers.d.ts.map +1 -0
- package/dist/plugins/security-advisories/advisory.handlers.js +87 -0
- package/dist/plugins/security-advisories/advisory.handlers.js.map +1 -0
- package/dist/plugins/security-advisories/advisory.module.d.ts +4 -0
- package/dist/plugins/security-advisories/advisory.module.d.ts.map +1 -0
- package/dist/plugins/security-advisories/advisory.module.js +13 -0
- package/dist/plugins/security-advisories/advisory.module.js.map +1 -0
- package/dist/plugins/security-advisories/advisory.routes.d.ts +73 -0
- package/dist/plugins/security-advisories/advisory.routes.d.ts.map +1 -0
- package/dist/plugins/security-advisories/advisory.routes.js +76 -0
- package/dist/plugins/security-advisories/advisory.routes.js.map +1 -0
- package/dist/plugins/security-advisories/index.d.ts +31 -0
- package/dist/plugins/security-advisories/index.d.ts.map +1 -0
- package/dist/plugins/security-advisories/index.js +100 -0
- package/dist/plugins/security-advisories/index.js.map +1 -0
- package/dist/ports.d.ts +39 -21
- package/dist/ports.d.ts.map +1 -1
- package/dist/queue/consumer.d.ts +0 -8
- package/dist/queue/consumer.d.ts.map +1 -1
- package/dist/queue/consumer.js +2 -23
- package/dist/queue/consumer.js.map +1 -1
- package/dist/queue/index.d.ts +2 -0
- package/dist/queue/index.d.ts.map +1 -1
- package/dist/queue/index.js +2 -0
- package/dist/queue/index.js.map +1 -1
- package/dist/queue/memory-driver.d.ts +3 -2
- package/dist/queue/memory-driver.d.ts.map +1 -1
- package/dist/queue/memory-driver.js.map +1 -1
- package/dist/routes/composer.d.ts +7 -1
- package/dist/routes/composer.d.ts.map +1 -1
- package/dist/routes/composer.js +172 -70
- package/dist/routes/composer.js.map +1 -1
- package/dist/routes/dist.d.ts.map +1 -1
- package/dist/routes/dist.js +26 -80
- package/dist/routes/dist.js.map +1 -1
- package/dist/routes/index.d.ts +0 -1
- package/dist/routes/index.d.ts.map +1 -1
- package/dist/routes/index.js +0 -1
- package/dist/routes/index.js.map +1 -1
- package/dist/routes/package-revalidation.d.ts +38 -0
- package/dist/routes/package-revalidation.d.ts.map +1 -0
- package/dist/routes/package-revalidation.js +66 -0
- package/dist/routes/package-revalidation.js.map +1 -0
- package/dist/services/GitHubOrgImporter.d.ts +21 -0
- package/dist/services/GitHubOrgImporter.d.ts.map +1 -0
- package/dist/services/GitHubOrgImporter.js +51 -0
- package/dist/services/GitHubOrgImporter.js.map +1 -0
- package/dist/services/TokenScopeService.d.ts +15 -0
- package/dist/services/TokenScopeService.d.ts.map +1 -0
- package/dist/services/TokenScopeService.js +42 -0
- package/dist/services/TokenScopeService.js.map +1 -0
- package/dist/storage/index.d.ts +0 -1
- package/dist/storage/index.d.ts.map +1 -1
- package/dist/storage/index.js +0 -1
- package/dist/storage/index.js.map +1 -1
- package/dist/sync/repository-sync.d.ts.map +1 -1
- package/dist/sync/repository-sync.js +35 -23
- package/dist/sync/repository-sync.js.map +1 -1
- package/dist/sync/strategies/git-ssh.d.ts +17 -0
- package/dist/sync/strategies/git-ssh.d.ts.map +1 -0
- package/dist/sync/strategies/git-ssh.js +325 -0
- package/dist/sync/strategies/git-ssh.js.map +1 -0
- package/dist/{routes/api/types.d.ts → types/openapi.d.ts} +3 -4
- package/dist/types/openapi.d.ts.map +1 -0
- package/dist/{routes/api/types.js → types/openapi.js} +1 -1
- package/dist/types/openapi.js.map +1 -0
- package/dist/utils/background.d.ts +7 -0
- package/dist/utils/background.d.ts.map +1 -0
- package/dist/utils/background.js +11 -0
- package/dist/utils/background.js.map +1 -0
- package/dist/utils/environment.d.ts +15 -0
- package/dist/utils/environment.d.ts.map +1 -0
- package/dist/utils/environment.js +38 -0
- package/dist/utils/environment.js.map +1 -0
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/package-filter.d.ts +7 -0
- package/dist/utils/package-filter.d.ts.map +1 -0
- package/dist/utils/package-filter.js +23 -0
- package/dist/utils/package-filter.js.map +1 -0
- package/dist/utils/package-validator.d.ts +3 -3
- package/dist/utils/package-validator.d.ts.map +1 -1
- package/dist/utils/package-validator.js +4 -37
- package/dist/utils/package-validator.js.map +1 -1
- package/dist/utils/upstream-fetch.d.ts +18 -0
- package/dist/utils/upstream-fetch.d.ts.map +1 -1
- package/dist/utils/upstream-fetch.js +76 -5
- package/dist/utils/upstream-fetch.js.map +1 -1
- package/dist/utils/zip-utils.d.ts +13 -0
- package/dist/utils/zip-utils.d.ts.map +1 -0
- package/dist/utils/zip-utils.js +66 -0
- package/dist/utils/zip-utils.js.map +1 -0
- package/dist/vcs/bitbucket-provider.d.ts +19 -0
- package/dist/vcs/bitbucket-provider.d.ts.map +1 -0
- package/dist/vcs/bitbucket-provider.js +249 -0
- package/dist/vcs/bitbucket-provider.js.map +1 -0
- package/dist/vcs/github-provider.d.ts +16 -0
- package/dist/vcs/github-provider.d.ts.map +1 -0
- package/dist/vcs/github-provider.js +117 -0
- package/dist/vcs/github-provider.js.map +1 -0
- package/dist/vcs/gitlab-provider.d.ts +17 -0
- package/dist/vcs/gitlab-provider.d.ts.map +1 -0
- package/dist/vcs/gitlab-provider.js +216 -0
- package/dist/vcs/gitlab-provider.js.map +1 -0
- package/dist/vcs/index.d.ts +10 -0
- package/dist/vcs/index.d.ts.map +1 -0
- package/dist/vcs/index.js +24 -0
- package/dist/vcs/index.js.map +1 -0
- package/dist/vcs/registry.d.ts +32 -0
- package/dist/vcs/registry.d.ts.map +1 -0
- package/dist/vcs/registry.js +47 -0
- package/dist/vcs/registry.js.map +1 -0
- package/dist/workflows/package-storage.d.ts.map +1 -1
- package/dist/workflows/package-storage.js +3 -3
- package/dist/workflows/package-storage.js.map +1 -1
- package/package.json +11 -8
- package/dist/cache/kv-driver.d.ts +0 -16
- package/dist/cache/kv-driver.d.ts.map +0 -1
- package/dist/cache/kv-driver.js +0 -23
- package/dist/cache/kv-driver.js.map +0 -1
- package/dist/db/d1-driver.d.ts +0 -3
- package/dist/db/d1-driver.d.ts.map +0 -1
- package/dist/db/d1-driver.js +0 -7
- package/dist/db/d1-driver.js.map +0 -1
- package/dist/routes/api/artifacts.d.ts +0 -27
- package/dist/routes/api/artifacts.d.ts.map +0 -1
- package/dist/routes/api/artifacts.js +0 -57
- package/dist/routes/api/artifacts.js.map +0 -1
- package/dist/routes/api/auth.d.ts +0 -52
- package/dist/routes/api/auth.d.ts.map +0 -1
- package/dist/routes/api/auth.js +0 -277
- package/dist/routes/api/auth.js.map +0 -1
- package/dist/routes/api/index.d.ts +0 -10
- package/dist/routes/api/index.d.ts.map +0 -1
- package/dist/routes/api/index.js +0 -11
- package/dist/routes/api/index.js.map +0 -1
- package/dist/routes/api/openapi/artifacts.d.ts +0 -80
- package/dist/routes/api/openapi/artifacts.d.ts.map +0 -1
- package/dist/routes/api/openapi/artifacts.js +0 -73
- package/dist/routes/api/openapi/artifacts.js.map +0 -1
- package/dist/routes/api/openapi/auth.d.ts +0 -187
- package/dist/routes/api/openapi/auth.d.ts.map +0 -1
- package/dist/routes/api/openapi/auth.js +0 -135
- package/dist/routes/api/openapi/auth.js.map +0 -1
- package/dist/routes/api/openapi/health.d.ts +0 -23
- package/dist/routes/api/openapi/health.d.ts.map +0 -1
- package/dist/routes/api/openapi/health.js +0 -25
- package/dist/routes/api/openapi/health.js.map +0 -1
- package/dist/routes/api/openapi/index.d.ts +0 -10
- package/dist/routes/api/openapi/index.d.ts.map +0 -1
- package/dist/routes/api/openapi/index.js +0 -16
- package/dist/routes/api/openapi/index.js.map +0 -1
- package/dist/routes/api/openapi/packages.d.ts +0 -172
- package/dist/routes/api/openapi/packages.d.ts.map +0 -1
- package/dist/routes/api/openapi/packages.js +0 -126
- package/dist/routes/api/openapi/packages.js.map +0 -1
- package/dist/routes/api/openapi/repositories.d.ts +0 -451
- package/dist/routes/api/openapi/repositories.d.ts.map +0 -1
- package/dist/routes/api/openapi/repositories.js +0 -238
- package/dist/routes/api/openapi/repositories.js.map +0 -1
- package/dist/routes/api/openapi/settings.d.ts.map +0 -1
- package/dist/routes/api/openapi/settings.js +0 -72
- package/dist/routes/api/openapi/settings.js.map +0 -1
- package/dist/routes/api/openapi/stats.d.ts +0 -59
- package/dist/routes/api/openapi/stats.d.ts.map +0 -1
- package/dist/routes/api/openapi/stats.js +0 -53
- package/dist/routes/api/openapi/stats.js.map +0 -1
- package/dist/routes/api/openapi/tokens.d.ts +0 -202
- package/dist/routes/api/openapi/tokens.d.ts.map +0 -1
- package/dist/routes/api/openapi/tokens.js +0 -132
- package/dist/routes/api/openapi/tokens.js.map +0 -1
- package/dist/routes/api/openapi/users.d.ts +0 -190
- package/dist/routes/api/openapi/users.d.ts.map +0 -1
- package/dist/routes/api/openapi/users.js +0 -126
- package/dist/routes/api/openapi/users.js.map +0 -1
- package/dist/routes/api/packages.d.ts +0 -50
- package/dist/routes/api/packages.d.ts.map +0 -1
- package/dist/routes/api/packages.js +0 -708
- package/dist/routes/api/packages.js.map +0 -1
- package/dist/routes/api/repositories.d.ts +0 -58
- package/dist/routes/api/repositories.d.ts.map +0 -1
- package/dist/routes/api/repositories.js +0 -321
- package/dist/routes/api/repositories.js.map +0 -1
- package/dist/routes/api/settings.d.ts +0 -29
- package/dist/routes/api/settings.d.ts.map +0 -1
- package/dist/routes/api/settings.js +0 -81
- package/dist/routes/api/settings.js.map +0 -1
- package/dist/routes/api/stats.d.ts +0 -21
- package/dist/routes/api/stats.d.ts.map +0 -1
- package/dist/routes/api/stats.js +0 -51
- package/dist/routes/api/stats.js.map +0 -1
- package/dist/routes/api/tokens.d.ts +0 -40
- package/dist/routes/api/tokens.d.ts.map +0 -1
- package/dist/routes/api/tokens.js +0 -187
- package/dist/routes/api/tokens.js.map +0 -1
- package/dist/routes/api/types.d.ts.map +0 -1
- package/dist/routes/api/types.js.map +0 -1
- package/dist/routes/api/users.d.ts +0 -6
- package/dist/routes/api/users.d.ts.map +0 -1
- package/dist/routes/api/users.js +0 -115
- package/dist/routes/api/users.js.map +0 -1
- package/dist/storage/r2-driver.d.ts +0 -16
- package/dist/storage/r2-driver.d.ts.map +0 -1
- package/dist/storage/r2-driver.js +0 -28
- package/dist/storage/r2-driver.js.map +0 -1
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* PACKAGE.broker
|
|
3
|
+
* Copyright (C) 2025 Łukasz Bajsarowicz
|
|
4
|
+
* Licensed under AGPL-3.0
|
|
5
|
+
*/
|
|
6
|
+
import { AdvisoryDatabase } from './advisory-db';
|
|
7
|
+
import { getLogger } from '../../utils/logger';
|
|
8
|
+
import semver from 'semver';
|
|
9
|
+
/**
|
|
10
|
+
* Service for checking packages against known security advisories.
|
|
11
|
+
* Uses the Packagist security advisories API for real-time lookups.
|
|
12
|
+
*/
|
|
13
|
+
export class SecurityAdvisoryService {
|
|
14
|
+
db;
|
|
15
|
+
constructor(db) {
|
|
16
|
+
this.db = db || new AdvisoryDatabase();
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Check a single package/version for vulnerabilities.
|
|
20
|
+
*/
|
|
21
|
+
async checkPackage(packageName, version) {
|
|
22
|
+
const advisories = await this.db.queryPackages([packageName]);
|
|
23
|
+
const packageAdvisories = advisories.get(packageName) || [];
|
|
24
|
+
const matchingAdvisories = this.filterByVersion(packageAdvisories, version);
|
|
25
|
+
return {
|
|
26
|
+
package_name: packageName,
|
|
27
|
+
version,
|
|
28
|
+
advisories: matchingAdvisories,
|
|
29
|
+
is_vulnerable: matchingAdvisories.length > 0,
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Check multiple packages for vulnerabilities (batch).
|
|
34
|
+
*/
|
|
35
|
+
async checkPackages(packages) {
|
|
36
|
+
const uniqueNames = [...new Set(packages.map((p) => p.name))];
|
|
37
|
+
const advisoryMap = await this.db.queryPackages(uniqueNames);
|
|
38
|
+
return packages.map((pkg) => {
|
|
39
|
+
const packageAdvisories = advisoryMap.get(pkg.name) || [];
|
|
40
|
+
const matching = this.filterByVersion(packageAdvisories, pkg.version);
|
|
41
|
+
return {
|
|
42
|
+
package_name: pkg.name,
|
|
43
|
+
version: pkg.version,
|
|
44
|
+
advisories: matching,
|
|
45
|
+
is_vulnerable: matching.length > 0,
|
|
46
|
+
};
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Get the underlying advisory database for direct access.
|
|
51
|
+
*/
|
|
52
|
+
getDatabase() {
|
|
53
|
+
return this.db;
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Filter advisories by checking if the given version falls within the affected range.
|
|
57
|
+
* Uses Composer-style version constraints (translated to semver ranges).
|
|
58
|
+
*/
|
|
59
|
+
filterByVersion(advisories, version) {
|
|
60
|
+
const logger = getLogger();
|
|
61
|
+
const cleanVersion = semver.clean(version);
|
|
62
|
+
// If version is not valid semver (e.g. "dev-main"), return all advisories
|
|
63
|
+
if (!cleanVersion) {
|
|
64
|
+
return advisories;
|
|
65
|
+
}
|
|
66
|
+
return advisories.filter((advisory) => {
|
|
67
|
+
try {
|
|
68
|
+
const range = this.composerConstraintToSemver(advisory.affected_versions);
|
|
69
|
+
if (!range)
|
|
70
|
+
return true; // Can't parse → assume affected for safety
|
|
71
|
+
return semver.satisfies(cleanVersion, range);
|
|
72
|
+
}
|
|
73
|
+
catch {
|
|
74
|
+
// If we can't determine, err on the side of caution
|
|
75
|
+
logger.debug('Could not parse version constraint', {
|
|
76
|
+
constraint: advisory.affected_versions,
|
|
77
|
+
version,
|
|
78
|
+
});
|
|
79
|
+
return true;
|
|
80
|
+
}
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
/**
|
|
84
|
+
* Convert a Composer version constraint to a semver range.
|
|
85
|
+
* Handles common patterns:
|
|
86
|
+
* - ">=2.0,<2.3.1" → ">=2.0.0 <2.3.1"
|
|
87
|
+
* - ">=1.0,<1.5|>=2.0,<2.1" → ">=1.0.0 <1.5.0 || >=2.0.0 <2.1.0"
|
|
88
|
+
* - "<5.4.46" → "<5.4.46"
|
|
89
|
+
*/
|
|
90
|
+
composerConstraintToSemver(constraint) {
|
|
91
|
+
if (!constraint)
|
|
92
|
+
return null;
|
|
93
|
+
// Split on pipe (OR) and handle each group
|
|
94
|
+
const groups = constraint.split('|').map((group) => group.trim());
|
|
95
|
+
const semverGroups = groups
|
|
96
|
+
.map((group) => {
|
|
97
|
+
// Split on comma (AND) within a group
|
|
98
|
+
const parts = group.split(',').map((p) => p.trim());
|
|
99
|
+
return parts
|
|
100
|
+
.map((part) => {
|
|
101
|
+
// Clean up Composer-specific syntax
|
|
102
|
+
return part
|
|
103
|
+
.replace(/^([<>=!]+)\s*/, '$1') // Remove whitespace after operators
|
|
104
|
+
.replace(/^~/, '~') // Tilde range
|
|
105
|
+
.replace(/^\^/, '^'); // Caret range
|
|
106
|
+
})
|
|
107
|
+
.join(' ');
|
|
108
|
+
})
|
|
109
|
+
.filter(Boolean);
|
|
110
|
+
const result = semverGroups.join(' || ');
|
|
111
|
+
// Verify the range is valid
|
|
112
|
+
try {
|
|
113
|
+
if (semver.validRange(result))
|
|
114
|
+
return result;
|
|
115
|
+
}
|
|
116
|
+
catch {
|
|
117
|
+
// Fall through
|
|
118
|
+
}
|
|
119
|
+
return null;
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
//# sourceMappingURL=advisory-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"advisory-service.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory-service.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAyB,MAAM,eAAe,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAS5B;;;GAGG;AACH,MAAM,OAAO,uBAAuB;IACjB,EAAE,CAAmB;IAEtC,YAAY,EAAqB;QAC/B,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,IAAI,gBAAgB,EAAE,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,WAAmB,EAAE,OAAe;QACrD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QAC9D,MAAM,iBAAiB,GAAG,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QAE5D,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAE5E,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,OAAO;YACP,UAAU,EAAE,kBAAkB;YAC9B,aAAa,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC;SAC7C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,QAAkD;QAElD,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QAE7D,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC1B,MAAM,iBAAiB,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAEtE,OAAO;gBACL,YAAY,EAAE,GAAG,CAAC,IAAI;gBACtB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,UAAU,EAAE,QAAQ;gBACpB,aAAa,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;aACnC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,UAA8B,EAAE,OAAe;QACrE,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE3C,0EAA0E;QAC1E,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;YACpC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,0BAA0B,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;gBAC1E,IAAI,CAAC,KAAK;oBAAE,OAAO,IAAI,CAAC,CAAC,2CAA2C;gBACpE,OAAO,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,oDAAoD;gBACpD,MAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE;oBACjD,UAAU,EAAE,QAAQ,CAAC,iBAAiB;oBACtC,OAAO;iBACR,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACK,0BAA0B,CAAC,UAAkB;QACnD,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,2CAA2C;QAC3C,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,MAAM;aACxB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YACb,sCAAsC;YACtC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACpD,OAAO,KAAK;iBACT,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;gBACZ,oCAAoC;gBACpC,OAAO,IAAI;qBACR,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC,oCAAoC;qBACnE,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,cAAc;qBACjC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,cAAc;YACxC,CAAC,CAAC;iBACD,IAAI,CAAC,GAAG,CAAC,CAAC;QACf,CAAC,CAAC;aACD,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,4BAA4B;QAC5B,IAAI,CAAC;YACH,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,OAAO,MAAM,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { Context } from 'hono';
|
|
2
|
+
import { SecurityAdvisoryService } from './advisory-service';
|
|
3
|
+
export declare function getSecurityAdvisoryService(): SecurityAdvisoryService;
|
|
4
|
+
export declare function setSecurityAdvisoryServiceInstance(service: SecurityAdvisoryService): void;
|
|
5
|
+
/**
|
|
6
|
+
* GET /api/security/advisories?packages=vendor/pkg1,vendor/pkg2
|
|
7
|
+
*/
|
|
8
|
+
export declare function listAdvisories(c: Context): Promise<Response>;
|
|
9
|
+
/**
|
|
10
|
+
* GET /api/security/advisories/:vendor/:package/:version
|
|
11
|
+
*/
|
|
12
|
+
export declare function checkPackageAdvisories(c: Context): Promise<Response>;
|
|
13
|
+
//# sourceMappingURL=advisory.handlers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"advisory.handlers.d.ts","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.handlers.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAQ7D,wBAAgB,0BAA0B,IAAI,uBAAuB,CAKpE;AAED,wBAAgB,kCAAkC,CAAC,OAAO,EAAE,uBAAuB,GAAG,IAAI,CAEzF;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAwDlE;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CA4B1E"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* PACKAGE.broker
|
|
3
|
+
* Copyright (C) 2025 Łukasz Bajsarowicz
|
|
4
|
+
* Licensed under AGPL-3.0
|
|
5
|
+
*/
|
|
6
|
+
import { SecurityAdvisoryService } from './advisory-service';
|
|
7
|
+
import { AdvisoryDatabase } from './advisory-db';
|
|
8
|
+
import { getLogger } from '../../utils/logger';
|
|
9
|
+
// Singleton service instance — shared with the plugin when loaded
|
|
10
|
+
let serviceInstance = null;
|
|
11
|
+
export function getSecurityAdvisoryService() {
|
|
12
|
+
if (!serviceInstance) {
|
|
13
|
+
serviceInstance = new SecurityAdvisoryService(new AdvisoryDatabase());
|
|
14
|
+
}
|
|
15
|
+
return serviceInstance;
|
|
16
|
+
}
|
|
17
|
+
export function setSecurityAdvisoryServiceInstance(service) {
|
|
18
|
+
serviceInstance = service;
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* GET /api/security/advisories?packages=vendor/pkg1,vendor/pkg2
|
|
22
|
+
*/
|
|
23
|
+
export async function listAdvisories(c) {
|
|
24
|
+
const logger = getLogger();
|
|
25
|
+
const service = getSecurityAdvisoryService();
|
|
26
|
+
try {
|
|
27
|
+
const packagesParam = c.req.query('packages');
|
|
28
|
+
if (!packagesParam) {
|
|
29
|
+
return c.json({
|
|
30
|
+
advisories: {},
|
|
31
|
+
packages_checked: 0,
|
|
32
|
+
vulnerable_count: 0,
|
|
33
|
+
});
|
|
34
|
+
}
|
|
35
|
+
const packageNames = packagesParam
|
|
36
|
+
.split(',')
|
|
37
|
+
.map((p) => p.trim())
|
|
38
|
+
.filter(Boolean);
|
|
39
|
+
if (packageNames.length === 0) {
|
|
40
|
+
return c.json({
|
|
41
|
+
advisories: {},
|
|
42
|
+
packages_checked: 0,
|
|
43
|
+
vulnerable_count: 0,
|
|
44
|
+
});
|
|
45
|
+
}
|
|
46
|
+
// Cap at 100 packages per request
|
|
47
|
+
const cappedNames = packageNames.slice(0, 100);
|
|
48
|
+
const { results: advisoryMap, upstream_error } = await service.getDatabase().queryPackagesWithStatus(cappedNames);
|
|
49
|
+
const response = {};
|
|
50
|
+
for (const [name, advisories] of advisoryMap) {
|
|
51
|
+
response[name] = advisories;
|
|
52
|
+
}
|
|
53
|
+
return c.json({
|
|
54
|
+
advisories: response,
|
|
55
|
+
packages_checked: cappedNames.length,
|
|
56
|
+
vulnerable_count: advisoryMap.size,
|
|
57
|
+
...(upstream_error && { upstream_error: true }),
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
catch (err) {
|
|
61
|
+
logger.error('Error listing advisories', {}, err instanceof Error ? err : new Error(String(err)));
|
|
62
|
+
return c.json({ error: 'Internal Server Error', message: 'Failed to check security advisories' }, 500);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* GET /api/security/advisories/:vendor/:package/:version
|
|
67
|
+
*/
|
|
68
|
+
export async function checkPackageAdvisories(c) {
|
|
69
|
+
const logger = getLogger();
|
|
70
|
+
const service = getSecurityAdvisoryService();
|
|
71
|
+
try {
|
|
72
|
+
const vendor = c.req.param('vendor');
|
|
73
|
+
const pkg = c.req.param('package');
|
|
74
|
+
const version = c.req.param('version');
|
|
75
|
+
if (!vendor || !pkg || !version) {
|
|
76
|
+
return c.json({ error: 'Bad Request', message: 'Vendor, package, and version are required' }, 400);
|
|
77
|
+
}
|
|
78
|
+
const packageName = `${vendor}/${pkg}`;
|
|
79
|
+
const result = await service.checkPackage(packageName, version);
|
|
80
|
+
return c.json(result);
|
|
81
|
+
}
|
|
82
|
+
catch (err) {
|
|
83
|
+
logger.error('Error checking package advisories', { vendor: c.req.param('vendor'), package: c.req.param('package'), version: c.req.param('version') }, err instanceof Error ? err : new Error(String(err)));
|
|
84
|
+
return c.json({ error: 'Internal Server Error', message: 'Failed to check security advisories' }, 500);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
//# sourceMappingURL=advisory.handlers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"advisory.handlers.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEjD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,kEAAkE;AAClE,IAAI,eAAe,GAAmC,IAAI,CAAC;AAE3D,MAAM,UAAU,0BAA0B;IACxC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,eAAe,GAAG,IAAI,uBAAuB,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,kCAAkC,CAAC,OAAgC;IACjF,eAAe,GAAG,OAAO,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,CAAU;IAC7C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,0BAA0B,EAAE,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,CAAC,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,EAAE;gBACd,gBAAgB,EAAE,CAAC;gBACnB,gBAAgB,EAAE,CAAC;aACpB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,YAAY,GAAG,aAAa;aAC/B,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aAC5B,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,EAAE;gBACd,gBAAgB,EAAE,CAAC;gBACnB,gBAAgB,EAAE,CAAC;aACpB,CAAC,CAAC;QACL,CAAC;QAED,kCAAkC;QAClC,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAE/C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,GAC5C,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAEnE,MAAM,QAAQ,GAAuC,EAAE,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;QAC9B,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,UAAU,EAAE,QAAQ;YACpB,gBAAgB,EAAE,WAAW,CAAC,MAAM;YACpC,gBAAgB,EAAE,WAAW,CAAC,IAAI;YAClC,GAAG,CAAC,cAAc,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;SAChD,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,EAAE,EACF,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACpD,CAAC;QACF,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,qCAAqC,EAAE,EAClF,GAAG,CACJ,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,CAAU;IACrD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,0BAA0B,EAAE,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEvC,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAChC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,2CAA2C,EAAE,EAAE,GAAG,CAAC,CAAC;QACrG,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEhE,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CACV,mCAAmC,EACnC,EAAE,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,EACnG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACpD,CAAC;QACF,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,uBAAuB,EAAE,OAAO,EAAE,qCAAqC,EAAE,EAClF,GAAG,CACJ,CAAC;IACJ,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"advisory.module.d.ts","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.module.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAIhD,QAAA,MAAM,cAAc,0CAAoB,CAAC;AAKzC,eAAe,cAAc,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* PACKAGE.broker
|
|
3
|
+
* Copyright (C) 2025 Łukasz Bajsarowicz
|
|
4
|
+
* Licensed under AGPL-3.0
|
|
5
|
+
*/
|
|
6
|
+
import { OpenAPIHono } from '@hono/zod-openapi';
|
|
7
|
+
import { listAdvisoriesRoute, checkPackageRoute } from './advisory.routes';
|
|
8
|
+
import { listAdvisories, checkPackageAdvisories } from './advisory.handlers';
|
|
9
|
+
const securityModule = new OpenAPIHono();
|
|
10
|
+
securityModule.openapi(listAdvisoriesRoute, listAdvisories);
|
|
11
|
+
securityModule.openapi(checkPackageRoute, checkPackageAdvisories);
|
|
12
|
+
export default securityModule;
|
|
13
|
+
//# sourceMappingURL=advisory.module.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"advisory.module.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.module.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAE7E,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC;AAEzC,cAAc,CAAC,OAAO,CAAC,mBAAmB,EAAE,cAAqB,CAAC,CAAC;AACnE,cAAc,CAAC,OAAO,CAAC,iBAAiB,EAAE,sBAA6B,CAAC,CAAC;AAEzE,eAAe,cAAc,CAAC"}
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
import { z } from '@hono/zod-openapi';
|
|
2
|
+
export declare const listAdvisoriesRoute: {
|
|
3
|
+
method: "get";
|
|
4
|
+
path: "/advisories";
|
|
5
|
+
tags: string[];
|
|
6
|
+
summary: string;
|
|
7
|
+
description: string;
|
|
8
|
+
request: {
|
|
9
|
+
query: z.ZodObject<{
|
|
10
|
+
packages: z.ZodOptional<z.ZodString>;
|
|
11
|
+
}, z.core.$strip>;
|
|
12
|
+
};
|
|
13
|
+
responses: {
|
|
14
|
+
200: {
|
|
15
|
+
description: string;
|
|
16
|
+
content: {
|
|
17
|
+
'application/json': {
|
|
18
|
+
schema: z.ZodObject<{
|
|
19
|
+
advisories: z.ZodRecord<z.ZodString, z.ZodArray<z.ZodObject<{
|
|
20
|
+
cve: z.ZodNullable<z.ZodString>;
|
|
21
|
+
title: z.ZodString;
|
|
22
|
+
link: z.ZodString;
|
|
23
|
+
affected_versions: z.ZodString;
|
|
24
|
+
package_name: z.ZodString;
|
|
25
|
+
}, z.core.$strip>>>;
|
|
26
|
+
packages_checked: z.ZodNumber;
|
|
27
|
+
vulnerable_count: z.ZodNumber;
|
|
28
|
+
upstream_error: z.ZodOptional<z.ZodBoolean>;
|
|
29
|
+
}, z.core.$strip>;
|
|
30
|
+
};
|
|
31
|
+
};
|
|
32
|
+
};
|
|
33
|
+
};
|
|
34
|
+
} & {
|
|
35
|
+
getRoutingPath(): "/advisories";
|
|
36
|
+
};
|
|
37
|
+
export declare const checkPackageRoute: {
|
|
38
|
+
method: "get";
|
|
39
|
+
path: "/advisories/{vendor}/{package}/{version}";
|
|
40
|
+
tags: string[];
|
|
41
|
+
summary: string;
|
|
42
|
+
request: {
|
|
43
|
+
params: z.ZodObject<{
|
|
44
|
+
vendor: z.ZodString;
|
|
45
|
+
package: z.ZodString;
|
|
46
|
+
version: z.ZodString;
|
|
47
|
+
}, z.core.$strip>;
|
|
48
|
+
};
|
|
49
|
+
responses: {
|
|
50
|
+
200: {
|
|
51
|
+
description: string;
|
|
52
|
+
content: {
|
|
53
|
+
'application/json': {
|
|
54
|
+
schema: z.ZodObject<{
|
|
55
|
+
package_name: z.ZodString;
|
|
56
|
+
version: z.ZodString;
|
|
57
|
+
advisories: z.ZodArray<z.ZodObject<{
|
|
58
|
+
cve: z.ZodNullable<z.ZodString>;
|
|
59
|
+
title: z.ZodString;
|
|
60
|
+
link: z.ZodString;
|
|
61
|
+
affected_versions: z.ZodString;
|
|
62
|
+
package_name: z.ZodString;
|
|
63
|
+
}, z.core.$strip>>;
|
|
64
|
+
is_vulnerable: z.ZodBoolean;
|
|
65
|
+
}, z.core.$strip>;
|
|
66
|
+
};
|
|
67
|
+
};
|
|
68
|
+
};
|
|
69
|
+
};
|
|
70
|
+
} & {
|
|
71
|
+
getRoutingPath(): "/advisories/:vendor/:package/:version";
|
|
72
|
+
};
|
|
73
|
+
//# sourceMappingURL=advisory.routes.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"advisory.routes.d.ts","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.routes.ts"],"names":[],"mappings":"AAMA,OAAO,EAAe,CAAC,EAAE,MAAM,mBAAmB,CAAC;AAiBnD,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgC9B,CAAC;AAEH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsB5B,CAAC"}
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* PACKAGE.broker
|
|
3
|
+
* Copyright (C) 2025 Łukasz Bajsarowicz
|
|
4
|
+
* Licensed under AGPL-3.0
|
|
5
|
+
*/
|
|
6
|
+
import { createRoute, z } from '@hono/zod-openapi';
|
|
7
|
+
const advisorySchema = z.object({
|
|
8
|
+
cve: z.string().nullable(),
|
|
9
|
+
title: z.string(),
|
|
10
|
+
link: z.string(),
|
|
11
|
+
affected_versions: z.string(),
|
|
12
|
+
package_name: z.string(),
|
|
13
|
+
});
|
|
14
|
+
const vulnerabilityCheckResultSchema = z.object({
|
|
15
|
+
package_name: z.string(),
|
|
16
|
+
version: z.string(),
|
|
17
|
+
advisories: z.array(advisorySchema),
|
|
18
|
+
is_vulnerable: z.boolean(),
|
|
19
|
+
});
|
|
20
|
+
export const listAdvisoriesRoute = createRoute({
|
|
21
|
+
method: 'get',
|
|
22
|
+
path: '/advisories',
|
|
23
|
+
tags: ['Security'],
|
|
24
|
+
summary: 'Check packages for security advisories',
|
|
25
|
+
description: 'Query the Packagist security advisories database for vulnerabilities affecting specified packages.',
|
|
26
|
+
request: {
|
|
27
|
+
query: z.object({
|
|
28
|
+
packages: z
|
|
29
|
+
.string()
|
|
30
|
+
.optional()
|
|
31
|
+
.openapi({
|
|
32
|
+
description: 'Comma-separated list of package names to check (e.g. "symfony/http-kernel,laravel/framework")',
|
|
33
|
+
example: 'symfony/http-kernel,laravel/framework',
|
|
34
|
+
}),
|
|
35
|
+
}),
|
|
36
|
+
},
|
|
37
|
+
responses: {
|
|
38
|
+
200: {
|
|
39
|
+
description: 'Advisory check results',
|
|
40
|
+
content: {
|
|
41
|
+
'application/json': {
|
|
42
|
+
schema: z.object({
|
|
43
|
+
advisories: z.record(z.string(), z.array(advisorySchema)),
|
|
44
|
+
packages_checked: z.number(),
|
|
45
|
+
vulnerable_count: z.number(),
|
|
46
|
+
upstream_error: z.boolean().optional(),
|
|
47
|
+
}),
|
|
48
|
+
},
|
|
49
|
+
},
|
|
50
|
+
},
|
|
51
|
+
},
|
|
52
|
+
});
|
|
53
|
+
export const checkPackageRoute = createRoute({
|
|
54
|
+
method: 'get',
|
|
55
|
+
path: '/advisories/{vendor}/{package}/{version}',
|
|
56
|
+
tags: ['Security'],
|
|
57
|
+
summary: 'Check a specific package version for advisories',
|
|
58
|
+
request: {
|
|
59
|
+
params: z.object({
|
|
60
|
+
vendor: z.string().openapi({ description: 'Composer vendor name (e.g. "symfony")', example: 'symfony' }),
|
|
61
|
+
package: z.string().openapi({ description: 'Composer package name (e.g. "http-kernel")', example: 'http-kernel' }),
|
|
62
|
+
version: z.string().openapi({ description: 'Package version (e.g. "6.3.0")', example: '6.3.0' }),
|
|
63
|
+
}),
|
|
64
|
+
},
|
|
65
|
+
responses: {
|
|
66
|
+
200: {
|
|
67
|
+
description: 'Vulnerability check result for specific package version',
|
|
68
|
+
content: {
|
|
69
|
+
'application/json': {
|
|
70
|
+
schema: vulnerabilityCheckResultSchema,
|
|
71
|
+
},
|
|
72
|
+
},
|
|
73
|
+
},
|
|
74
|
+
},
|
|
75
|
+
});
|
|
76
|
+
//# sourceMappingURL=advisory.routes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"advisory.routes.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/advisory.routes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;AAEnD,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;CACzB,CAAC,CAAC;AAEH,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;IACnC,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,aAAa;IACnB,IAAI,EAAE,CAAC,UAAU,CAAC;IAClB,OAAO,EAAE,wCAAwC;IACjD,WAAW,EAAE,oGAAoG;IACjH,OAAO,EAAE;QACP,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;YACd,QAAQ,EAAE,CAAC;iBACR,MAAM,EAAE;iBACR,QAAQ,EAAE;iBACV,OAAO,CAAC;gBACP,WAAW,EAAE,+FAA+F;gBAC5G,OAAO,EAAE,uCAAuC;aACjD,CAAC;SACL,CAAC;KACH;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,wBAAwB;YACrC,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;wBACf,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;wBACzD,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;wBAC5B,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;wBAC5B,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;qBACvC,CAAC;iBACH;aACF;SACF;KACF;CACF,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,WAAW,CAAC;IAC3C,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,0CAA0C;IAChD,IAAI,EAAE,CAAC,UAAU,CAAC;IAClB,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE;QACP,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;YACf,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,uCAAuC,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YACxG,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,4CAA4C,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC;YAClH,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,gCAAgC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;SACjG,CAAC;KACH;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,yDAAyD;YACtE,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,8BAA8B;iBACvC;aACF;SACF;KACF;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import type { BrokerPlugin } from '../../kernel/plugin';
|
|
2
|
+
import { SecurityAdvisoryService } from './advisory-service';
|
|
3
|
+
import { AdvisoryDatabase } from './advisory-db';
|
|
4
|
+
export { SecurityAdvisoryService } from './advisory-service';
|
|
5
|
+
export { AdvisoryDatabase, type SecurityAdvisory } from './advisory-db';
|
|
6
|
+
interface SecurityAdvisoryServices extends Record<string, unknown> {
|
|
7
|
+
securityAdvisoryService: SecurityAdvisoryService;
|
|
8
|
+
securityAdvisoryDb: AdvisoryDatabase;
|
|
9
|
+
}
|
|
10
|
+
interface SecurityAdvisoryEvents extends Record<string, unknown> {
|
|
11
|
+
'package.synced': {
|
|
12
|
+
packageName: string;
|
|
13
|
+
version: string;
|
|
14
|
+
};
|
|
15
|
+
'security.advisory.found': {
|
|
16
|
+
packageName: string;
|
|
17
|
+
version: string;
|
|
18
|
+
advisoryCount: number;
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Security Advisories Plugin
|
|
23
|
+
*
|
|
24
|
+
* The first real plugin built on the Phase 0 kernel. It:
|
|
25
|
+
* 1. Registers a SecurityAdvisoryService in the service container
|
|
26
|
+
* 2. Subscribes to `package.synced` events to check packages
|
|
27
|
+
* 3. Emits `security.advisory.found` when vulnerabilities are detected
|
|
28
|
+
* 4. Adds a sync observer to scan packages after repository sync
|
|
29
|
+
*/
|
|
30
|
+
export declare const securityAdvisoriesPlugin: BrokerPlugin<SecurityAdvisoryServices, SecurityAdvisoryEvents>;
|
|
31
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/security-advisories/index.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAExD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAIjD,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAExE,UAAU,wBAAyB,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAChE,uBAAuB,EAAE,uBAAuB,CAAC;IACjD,kBAAkB,EAAE,gBAAgB,CAAC;CACtC;AAED,UAAU,sBAAuB,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC9D,gBAAgB,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAC3D,yBAAyB,EAAE;QACzB,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;CACH;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,EAAE,YAAY,CACjD,wBAAwB,EACxB,sBAAsB,CA0GvB,CAAC"}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* PACKAGE.broker
|
|
3
|
+
* Copyright (C) 2025 Łukasz Bajsarowicz
|
|
4
|
+
* Licensed under AGPL-3.0
|
|
5
|
+
*/
|
|
6
|
+
import { SecurityAdvisoryService } from './advisory-service';
|
|
7
|
+
import { AdvisoryDatabase } from './advisory-db';
|
|
8
|
+
import { setSecurityAdvisoryServiceInstance } from './advisory.handlers';
|
|
9
|
+
import { getLogger } from '../../utils/logger';
|
|
10
|
+
export { SecurityAdvisoryService } from './advisory-service';
|
|
11
|
+
export { AdvisoryDatabase } from './advisory-db';
|
|
12
|
+
/**
|
|
13
|
+
* Security Advisories Plugin
|
|
14
|
+
*
|
|
15
|
+
* The first real plugin built on the Phase 0 kernel. It:
|
|
16
|
+
* 1. Registers a SecurityAdvisoryService in the service container
|
|
17
|
+
* 2. Subscribes to `package.synced` events to check packages
|
|
18
|
+
* 3. Emits `security.advisory.found` when vulnerabilities are detected
|
|
19
|
+
* 4. Adds a sync observer to scan packages after repository sync
|
|
20
|
+
*/
|
|
21
|
+
export const securityAdvisoriesPlugin = {
|
|
22
|
+
name: 'security-advisories',
|
|
23
|
+
version: '1.0.0',
|
|
24
|
+
register(ctx) {
|
|
25
|
+
const logger = getLogger();
|
|
26
|
+
const db = new AdvisoryDatabase();
|
|
27
|
+
const service = new SecurityAdvisoryService(db);
|
|
28
|
+
// Share service instance with HTTP handlers
|
|
29
|
+
setSecurityAdvisoryServiceInstance(service);
|
|
30
|
+
// Register services
|
|
31
|
+
ctx.services.register('securityAdvisoryDb', () => db);
|
|
32
|
+
ctx.services.register('securityAdvisoryService', () => service);
|
|
33
|
+
// Subscribe to package.synced events — store unsubscribe handle
|
|
34
|
+
const unsubscribeSynced = ctx.events.on('package.synced', async (payload) => {
|
|
35
|
+
const { packageName, version } = payload;
|
|
36
|
+
try {
|
|
37
|
+
const result = await service.checkPackage(packageName, version);
|
|
38
|
+
if (result.is_vulnerable) {
|
|
39
|
+
logger.warn('Security advisory found', {
|
|
40
|
+
package: packageName,
|
|
41
|
+
version,
|
|
42
|
+
advisoryCount: result.advisories.length,
|
|
43
|
+
});
|
|
44
|
+
ctx.events.emit('security.advisory.found', {
|
|
45
|
+
packageName,
|
|
46
|
+
version,
|
|
47
|
+
advisoryCount: result.advisories.length,
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
catch (err) {
|
|
52
|
+
logger.error('Security advisory check failed', { package: packageName, version }, err instanceof Error ? err : new Error(String(err)));
|
|
53
|
+
}
|
|
54
|
+
});
|
|
55
|
+
// Add sync observer — store reference for cleanup
|
|
56
|
+
const syncObserver = async (payload) => {
|
|
57
|
+
const syncPayload = payload;
|
|
58
|
+
if (!syncPayload.packages || syncPayload.packages.length === 0)
|
|
59
|
+
return;
|
|
60
|
+
try {
|
|
61
|
+
const results = await service.checkPackages(syncPayload.packages);
|
|
62
|
+
const vulnerable = results.filter((r) => r.is_vulnerable);
|
|
63
|
+
if (vulnerable.length > 0) {
|
|
64
|
+
logger.warn('Vulnerable packages detected after sync', {
|
|
65
|
+
repoId: syncPayload.repoId,
|
|
66
|
+
vulnerableCount: vulnerable.length,
|
|
67
|
+
totalChecked: syncPayload.packages.length,
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
catch (err) {
|
|
72
|
+
logger.error('Post-sync security scan failed', { repoId: syncPayload.repoId }, err instanceof Error ? err : new Error(String(err)));
|
|
73
|
+
}
|
|
74
|
+
};
|
|
75
|
+
ctx.hooks.addSyncObserver(syncObserver);
|
|
76
|
+
// Store cleanup references on the plugin object for dispose()
|
|
77
|
+
securityAdvisoriesPlugin._unsubscribeSynced = unsubscribeSynced;
|
|
78
|
+
securityAdvisoriesPlugin._syncObserver = syncObserver;
|
|
79
|
+
securityAdvisoriesPlugin._hooks = ctx.hooks;
|
|
80
|
+
logger.info('Security advisories plugin registered');
|
|
81
|
+
},
|
|
82
|
+
async dispose() {
|
|
83
|
+
const logger = getLogger();
|
|
84
|
+
// Clean up event subscription
|
|
85
|
+
const unsubscribe = securityAdvisoriesPlugin._unsubscribeSynced;
|
|
86
|
+
if (typeof unsubscribe === 'function') {
|
|
87
|
+
unsubscribe();
|
|
88
|
+
}
|
|
89
|
+
// Clean up sync observer
|
|
90
|
+
const hooks = securityAdvisoriesPlugin._hooks;
|
|
91
|
+
const observer = securityAdvisoriesPlugin._syncObserver;
|
|
92
|
+
if (hooks && observer) {
|
|
93
|
+
hooks.removeSyncObserver(observer);
|
|
94
|
+
}
|
|
95
|
+
// Reset shared service instance
|
|
96
|
+
setSecurityAdvisoryServiceInstance(null);
|
|
97
|
+
logger.info('Security advisories plugin disposed');
|
|
98
|
+
},
|
|
99
|
+
};
|
|
100
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/security-advisories/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,kCAAkC,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAyB,MAAM,eAAe,CAAC;AAgBxE;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAGjC;IACF,IAAI,EAAE,qBAAqB;IAC3B,OAAO,EAAE,OAAO;IAEhB,QAAQ,CAAC,GAAG;QACV,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,IAAI,uBAAuB,CAAC,EAAE,CAAC,CAAC;QAEhD,4CAA4C;QAC5C,kCAAkC,CAAC,OAAO,CAAC,CAAC;QAE5C,oBAAoB;QACpB,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACtD,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;QAEhE,gEAAgE;QAChE,MAAM,iBAAiB,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;YAC1E,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;YAEzC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;gBAEhE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBACzB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;wBACrC,OAAO,EAAE,WAAW;wBACpB,OAAO;wBACP,aAAa,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM;qBACxC,CAAC,CAAC;oBAEH,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;wBACzC,WAAW;wBACX,OAAO;wBACP,aAAa,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM;qBACxC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CACV,gCAAgC,EAChC,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,EACjC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACpD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,kDAAkD;QAClD,MAAM,YAAY,GAAiB,KAAK,EAAE,OAAgB,EAAE,EAAE;YAC5D,MAAM,WAAW,GAAG,OAGnB,CAAC;YAEF,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO;YAEvE,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;gBAClE,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;gBAE1D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE;wBACrD,MAAM,EAAE,WAAW,CAAC,MAAM;wBAC1B,eAAe,EAAE,UAAU,CAAC,MAAM;wBAClC,YAAY,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;qBAC1C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CACV,gCAAgC,EAChC,EAAE,MAAM,EAAE,WAAW,CAAC,MAAM,EAAE,EAC9B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACpD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;QAEF,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QAExC,8DAA8D;QAC7D,wBAAgC,CAAC,kBAAkB,GAAG,iBAAiB,CAAC;QACxE,wBAAgC,CAAC,aAAa,GAAG,YAAY,CAAC;QAC9D,wBAAgC,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC;QAErD,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAE3B,8BAA8B;QAC9B,MAAM,WAAW,GAAI,wBAAgC,CAAC,kBAAkB,CAAC;QACzE,IAAI,OAAO,WAAW,KAAK,UAAU,EAAE,CAAC;YACtC,WAAW,EAAE,CAAC;QAChB,CAAC;QAED,yBAAyB;QACzB,MAAM,KAAK,GAAI,wBAAgC,CAAC,MAAM,CAAC;QACvD,MAAM,QAAQ,GAAI,wBAAgC,CAAC,aAAa,CAAC;QACjE,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;YACtB,KAAK,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QAED,gCAAgC;QAChC,kCAAkC,CAAC,IAAW,CAAC,CAAC;QAEhD,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;CACF,CAAC"}
|