@sudoplatform/sudo-common 8.8.6 → 8.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -2,14 +2,83 @@
2
2
  #
3
3
  # Insert a audit identifier to suppress in verification proccess.
4
4
  #
5
+ # Suppressions are objects added to the auditSuppresions element of package.json
6
+ # and are of the form:
7
+ #
8
+ # "auditSuppressions": {
9
+ # "<numeric-vulnerability-id>": {
10
+ # "until": <numeric-expiry-in-seconds-since-epoch>,
11
+ # "untilISO": "<expiry-time-in-ISO8601-format>",
12
+ # "reason": "<string-text-for-recording-reason-for-suppression>"
13
+ # }
14
+ # }
15
+ #
5
16
 
6
- auditid=$1
7
- PACKAGE_JSON="package.json"
17
+ usage() {
18
+ echo 1>&2 "Usage: $cmd [-d <days-to-suppress>] audit-id reasonwords as remaining args"
19
+ echo 1>&2
20
+ echo 1>&2 " -d Number of days to suppress vulnerability for. Default: 30."
21
+ echo 1>&2
22
+ echo 1>&2 " Example:"
23
+ echo 1>&2 " suppress-audit.sh 12345 suppressing for a while"
24
+ echo 1>&2
25
+ echo 1>&2 " Suppresses vulnerability 12345 for default 30 days recording"
26
+ echo 1>&2 " 'suppressing for a while' as the reason."
27
+ echo 1>&2
28
+ }
29
+
30
+ DAYS_TO_SUPPRESS=30
31
+
32
+ cmd=$(basename "$0")
33
+ # shellcheck disable=SC2048,SC2086
34
+ if ! args=$(getopt d: $*); then
35
+ usage
36
+ exit 1
37
+ fi
38
+
39
+ # shellcheck disable=SC2086
40
+ set -- $args
8
41
 
9
- if [ -z $auditid ]; then
10
- echo "Usage: yarn suppress-audit <audit id>"
42
+ while [ "$#" -gt 0 ] && [ "$1" != "--" ]; do
43
+ case "$1" in
44
+ -d) if ! expr "$2" : '[0-9][0-9]*$' >/dev/null || [ "$(($2 > 0))" -eq 0 ]; then
45
+ echo 1>&2 "ERROR: suppression days must be positive integer"
46
+ echo 1>&2
47
+ usage
48
+ exit 1
49
+ fi
50
+ DAYS_TO_SUPPRESS=$2
51
+ shift
52
+ shift
53
+ ;;
54
+ esac
55
+ done
56
+ if [ "$1" = "--" ]; then
57
+ shift
58
+ fi
59
+ auditid="$1"
60
+ shift
61
+ reason="${*}"
62
+
63
+ if [ -z "$auditid" ]; then
64
+ echo 1>&2 "ERROR: No audit-id specified"
65
+ echo 1>&2
66
+ usage
67
+ exit 1
68
+ fi
69
+
70
+ if [ -z "$reason" ]; then
71
+ echo 1>&2 "ERROR: No suppression reason specified"
72
+ echo 1>&2
73
+ usage
11
74
  exit 1
12
75
  fi
76
+
77
+ SECONDS_TO_SUPPRESS=$((DAYS_TO_SUPPRESS * 3600 * 24))
78
+ PACKAGE_JSON="package.json"
79
+
80
+ set -e
13
81
  cp $PACKAGE_JSON $PACKAGE_JSON.old
14
- cat $PACKAGE_JSON | jq ".auditSuppressions.\"$auditid\" = (now | floor | . + 1209600)" > $PACKAGE_JSON.staging
82
+ cat $PACKAGE_JSON | jq '(now | floor | . + '$SECONDS_TO_SUPPRESS') as $expiry | .auditSuppressions."'"$auditid"'" = {"until": $expiry,"untilISO":($expiry | strftime("%FT%TZ") ),"reason":"'"${reason}"'"}' > $PACKAGE_JSON.staging
15
83
  mv $PACKAGE_JSON.staging $PACKAGE_JSON
84
+ set +e
@@ -1,16 +1,43 @@
1
1
  #!/bin/sh
2
2
 
3
- yarn audit --json --groups "dependencies devDependencies" | jq -s -c 'map(select(.type == "auditAdvisory").data.advisory) | unique_by(.id) | .[] | {id, title, module_name, vulnerable_versions, patched_versions, severity, findings}' | (new=""; while read advisory ; do
3
+ # Run yarn audit reading any suppressions from the auditSuppressions element
4
+ # of package.json.
5
+ #
6
+ # Suppressions are added by yarn suppress-audit and are of the form:
7
+ #
8
+ # "auditSuppressions": {
9
+ # "<numeric-vulnerability-id>": {
10
+ # "until": <numeric-expiry-in-seconds-since-epoch>,
11
+ # "untilISO": "<expiry-time-in-ISO8601-format>",
12
+ # "reason": "<string-text-for-recording-reason-for-suppression>"
13
+ # }
14
+ # }
15
+ #
16
+ # Previously, the value of the audit suppression was jsut the expiry timestamp
17
+ # this old format is still recognized by this script.
18
+ #
19
+ yarn audit --json --groups "dependencies devDependencies" | \
20
+ jq -M -s -c 'map(select(.type == "auditAdvisory").data.advisory) | unique_by(.id) | .[] | {id, title, module_name, vulnerable_versions, patched_versions, severity, findings}' | \
21
+ (new=""; while read -r advisory ; do
4
22
  id=$(echo "${advisory}" | jq '.id')
5
23
  suppression=$(jq ".auditSuppressions[\"$id\"] | select (. != null)" package.json)
6
24
  if [ -z "$suppression" ]; then
7
25
  echo "New advisory ${id}:"
8
26
  echo "${advisory}" | jq .
9
27
  new=1
10
- elif [ $(date '+%s') -gt "$suppression" ]; then
11
- echo "Suppression for advisory ${id} has expired. Please revisit:"
12
- echo "${advisory}" | jq .
13
- new=1
28
+ else
29
+ if expr "$suppression" : '[0-9][0-9]*$' >/dev/null ; then
30
+ # Old style suppression that was just the expiry timestamp
31
+ expiry="$suppression"
32
+ else
33
+ # New style suppression is a JSON object
34
+ expiry=$(echo "$suppression" | jq -M -c ".until // 0")
35
+ fi
36
+ if [ "$(date '+%s')" -gt "$expiry" ]; then
37
+ echo "Suppression for advisory ${id} has expired. Please revisit:"
38
+ echo "${advisory}" | jq .
39
+ new=1
40
+ fi
14
41
  fi
15
42
  done
16
43
  if [ -n "${new}" ]; then
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sudoplatform/sudo-common",
3
- "version": "8.8.6",
3
+ "version": "8.9.1",
4
4
  "author": "Anonyome Labs, Inc.",
5
5
  "repository": {
6
6
  "type": "git",
@@ -52,13 +52,13 @@
52
52
  "**/apollo-client": "^2.6.10"
53
53
  },
54
54
  "dependencies": {
55
- "@aws-sdk/client-s3": "^3.490.0",
55
+ "@aws-sdk/client-s3": "^3.588.0",
56
56
  "apollo-client": "^2.6.10",
57
57
  "asn1js": "^3.0.5",
58
58
  "browser-bunyan": "^1.8.0",
59
59
  "fflate": "^0.8.2",
60
60
  "graphql": "^15.8.0",
61
- "pkijs": "^3.0.16",
61
+ "pkijs": "^3.1.0",
62
62
  "tslib": "^2.6.2"
63
63
  },
64
64
  "peerDependencies": {
@@ -84,12 +84,12 @@
84
84
  "jest": "^27.5.1",
85
85
  "monocle-ts": "^2.3.13",
86
86
  "newtype-ts": "^0.3.5",
87
- "prettier": "^3.2.5",
87
+ "prettier": "^3.3.0",
88
88
  "rimraf": "^5.0.7",
89
89
  "ts-jest": "^27.1.5",
90
90
  "ts-mockito": "^2.6.1",
91
91
  "ts-node": "^10.9.2",
92
92
  "typedoc": "^0.25.13",
93
- "typescript": "^5.4.5"
93
+ "typescript": "~5.4.x"
94
94
  }
95
95
  }