scanoss 0.18.0 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -1
- package/build/main/cli/bin/cli-bin.js +2 -1
- package/build/main/cli/commands/scan.js +6 -3
- package/build/main/index.d.ts +6 -2
- package/build/main/index.js +9 -3
- package/build/main/sdk/BaseConfig.js +1 -2
- package/build/main/sdk/Clients/Cryptography/{CryptographyClient.d.ts → CryptographyGRPCClient.d.ts} +2 -2
- package/build/main/sdk/Clients/Cryptography/CryptographyGRPCClient.js +142 -0
- package/build/main/sdk/Clients/Cryptography/CryptographyHttpClient.d.ts +1 -1
- package/build/main/sdk/Clients/Cryptography/CryptographyHttpClient.js +3 -3
- package/build/main/sdk/Clients/Cryptography/ICryptographyClient.d.ts +1 -1
- package/build/main/sdk/Clients/Dependency/{DependencyClient.d.ts → DependencyGRPCClient.d.ts} +1 -1
- package/build/main/sdk/Clients/Dependency/{DependencyClient.js → DependencyGRPCClient.js} +6 -6
- package/build/main/sdk/Clients/Dependency/DependencyHttpClient.js +4 -4
- package/build/main/sdk/Clients/Dependency/IDependencyClient.d.ts +1 -1
- package/build/main/sdk/Clients/Grpc/BaseGRPCClient.js +4 -5
- package/build/main/sdk/Clients/Vulnerability/IVulnerabilityClient.d.ts +4 -3
- package/build/main/sdk/Clients/Vulnerability/VulnerabilityHttpClient.d.ts +4 -3
- package/build/main/sdk/Clients/Vulnerability/VulnerabilityHttpClient.js +5 -10
- package/build/main/sdk/Clients/helper/clientHelper.d.ts +1 -1
- package/build/main/sdk/Clients/helper/clientHelper.js +2 -2
- package/build/main/sdk/Cryptography/Algorithm/Components/ComponentAlgorithmScanner.d.ts +1 -1
- package/build/main/sdk/Cryptography/Algorithm/Components/ComponentAlgorithmScanner.js +3 -3
- package/build/main/sdk/Cryptography/CryptoCfg.js +6 -7
- package/build/main/sdk/Cryptography/CryptographyScanner.d.ts +1 -1
- package/build/main/sdk/Cryptography/CryptographyScanner.js +1 -1
- package/build/main/sdk/Cryptography/CryptographyTypes.d.ts +1 -1
- package/build/main/sdk/Cryptography/Hint/Components/ComponentHintScanner.d.ts +1 -1
- package/build/main/sdk/Cryptography/Hint/Components/ComponentHintScanner.js +3 -3
- package/build/main/sdk/Dependencies/DependencyScannerCfg.js +6 -10
- package/build/main/sdk/Report/DataLayer/DataLayerTypes.d.ts +1 -11
- package/build/main/sdk/Vulnerability/VulnerabilityCfg.d.ts +1 -1
- package/build/main/sdk/Vulnerability/VulnerabilityCfg.js +10 -7
- package/build/main/sdk/Vulnerability/VulnerabilityScanner.d.ts +4 -2
- package/build/main/sdk/Vulnerability/VulnerabilityScanner.js +64 -10
- package/build/main/sdk/types/common/types.js +3 -0
- package/build/main/sdk/types/vulnerability/types.d.ts +35 -0
- package/build/main/sdk/types/vulnerability/types.js +3 -0
- package/build/main/tsconfig.tsbuildinfo +1 -1
- package/build/module/cli/bin/cli-bin.js +2 -1
- package/build/module/cli/commands/scan.js +6 -3
- package/build/module/index.d.ts +6 -2
- package/build/module/index.js +9 -3
- package/build/module/sdk/BaseConfig.js +1 -2
- package/build/module/sdk/Clients/Cryptography/{CryptographyClient.d.ts → CryptographyGRPCClient.d.ts} +2 -2
- package/build/module/sdk/Clients/Cryptography/CryptographyGRPCClient.js +131 -0
- package/build/module/sdk/Clients/Cryptography/CryptographyHttpClient.d.ts +1 -1
- package/build/module/sdk/Clients/Cryptography/CryptographyHttpClient.js +3 -3
- package/build/module/sdk/Clients/Cryptography/ICryptographyClient.d.ts +1 -1
- package/build/module/sdk/Clients/Dependency/{DependencyClient.d.ts → DependencyGRPCClient.d.ts} +1 -1
- package/build/module/sdk/Clients/Dependency/DependencyGRPCClient.js +74 -0
- package/build/module/sdk/Clients/Dependency/DependencyHttpClient.js +4 -4
- package/build/module/sdk/Clients/Dependency/IDependencyClient.d.ts +1 -1
- package/build/module/sdk/Clients/Grpc/BaseGRPCClient.js +5 -6
- package/build/module/sdk/Clients/Vulnerability/IVulnerabilityClient.d.ts +4 -3
- package/build/module/sdk/Clients/Vulnerability/VulnerabilityHttpClient.d.ts +4 -3
- package/build/module/sdk/Clients/Vulnerability/VulnerabilityHttpClient.js +5 -10
- package/build/module/sdk/Clients/helper/clientHelper.d.ts +1 -1
- package/build/module/sdk/Clients/helper/clientHelper.js +2 -2
- package/build/module/sdk/Cryptography/Algorithm/Components/ComponentAlgorithmScanner.d.ts +1 -1
- package/build/module/sdk/Cryptography/Algorithm/Components/ComponentAlgorithmScanner.js +3 -3
- package/build/module/sdk/Cryptography/CryptoCfg.js +6 -7
- package/build/module/sdk/Cryptography/CryptographyScanner.d.ts +1 -1
- package/build/module/sdk/Cryptography/CryptographyScanner.js +1 -1
- package/build/module/sdk/Cryptography/CryptographyTypes.d.ts +1 -1
- package/build/module/sdk/Cryptography/Hint/Components/ComponentHintScanner.d.ts +1 -1
- package/build/module/sdk/Cryptography/Hint/Components/ComponentHintScanner.js +3 -3
- package/build/module/sdk/Dependencies/DependencyScannerCfg.js +6 -10
- package/build/module/sdk/Report/DataLayer/DataLayerTypes.d.ts +1 -11
- package/build/module/sdk/Vulnerability/VulnerabilityCfg.d.ts +1 -1
- package/build/module/sdk/Vulnerability/VulnerabilityCfg.js +9 -7
- package/build/module/sdk/Vulnerability/VulnerabilityScanner.d.ts +4 -2
- package/build/module/sdk/Vulnerability/VulnerabilityScanner.js +64 -10
- package/build/module/sdk/types/common/types.js +2 -0
- package/build/module/sdk/types/vulnerability/types.d.ts +35 -0
- package/build/module/sdk/types/vulnerability/types.js +2 -0
- package/build/module/tsconfig.module.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/build/main/sdk/Clients/Cryptography/CryptographyClient.js +0 -142
- package/build/main/sdk/shared/interfaces/Component.js +0 -3
- package/build/module/sdk/Clients/Cryptography/CryptographyClient.js +0 -131
- package/build/module/sdk/Clients/Dependency/DependencyClient.js +0 -74
- package/build/module/sdk/shared/interfaces/Component.js +0 -2
- /package/build/main/sdk/{shared/interfaces/Component.d.ts → types/common/types.d.ts} +0 -0
- /package/build/module/sdk/{shared/interfaces/Component.d.ts → types/common/types.d.ts} +0 -0
|
@@ -31,7 +31,6 @@ const grpc = __importStar(require("@grpc/grpc-js"));
|
|
|
31
31
|
const CommonMessages = __importStar(require("./scanoss/api/common/v2/scanoss-common_pb"));
|
|
32
32
|
const Logger_1 = require("../../Logger");
|
|
33
33
|
const Constants_1 = require("../../Constants");
|
|
34
|
-
var Level = Logger_1.Logger.Level;
|
|
35
34
|
const Errors_1 = require("../../Errors");
|
|
36
35
|
const fs_1 = __importDefault(require("fs"));
|
|
37
36
|
class BaseGRPCClient {
|
|
@@ -52,16 +51,16 @@ class BaseGRPCClient {
|
|
|
52
51
|
handleResponse(response) {
|
|
53
52
|
const { status, ...responseWithoutStatus } = response;
|
|
54
53
|
if (status.status === CommonMessages.StatusCode.FAILED) {
|
|
55
|
-
Logger_1.logger.
|
|
54
|
+
Logger_1.logger.error(`[ GRPC ${this._CLIENT_NAME} ] - Server GRPC Code: ${status.status} - ${status.message}`);
|
|
56
55
|
throw new Error(status.message);
|
|
57
56
|
}
|
|
58
57
|
else if (status.status === CommonMessages.StatusCode.WARNING ||
|
|
59
58
|
status.status === CommonMessages.StatusCode.SUCCEEDED_WITH_WARNINGS ||
|
|
60
59
|
status.status === CommonMessages.StatusCode.UNSPECIFIED) {
|
|
61
|
-
Logger_1.logger.
|
|
60
|
+
Logger_1.logger.debug(`[ GRPC ${this._CLIENT_NAME} ] - Server GRPC Code: ${status.status} - ${status.message}`);
|
|
62
61
|
}
|
|
63
62
|
else if (status.status === CommonMessages.StatusCode.SUCCESS) {
|
|
64
|
-
Logger_1.logger.
|
|
63
|
+
Logger_1.logger.debug(`[ GRPC ${this._CLIENT_NAME} ] - Server GRPC Code: ${status.status} - ${status.message}`);
|
|
65
64
|
}
|
|
66
65
|
return responseWithoutStatus;
|
|
67
66
|
}
|
|
@@ -147,4 +146,4 @@ class BaseGRPCClient {
|
|
|
147
146
|
}
|
|
148
147
|
}
|
|
149
148
|
exports.BaseGRPCClient = BaseGRPCClient;
|
|
150
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
149
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQmFzZUdSUENDbGllbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9zcmMvc2RrL0NsaWVudHMvR3JwYy9CYXNlR1JQQ0NsaWVudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG9EQUFzQztBQUN0QywwRkFBNEU7QUFDNUUseUNBQXNDO0FBQ3RDLCtDQUErRTtBQUMvRSx5Q0FBc0U7QUFDdEUsNENBQW9CO0FBTXBCLE1BQWEsY0FBYztJQU96QixZQUFZLEVBQ0UsUUFBUSxFQUNSLFNBQVMsRUFDVCxTQUFTLEVBQ1QsV0FBVyxFQUNYLE9BQU8sR0FPcEI7UUFsQlMsY0FBUyxHQUFXLGlDQUFxQixDQUFDO1FBQzFDLGVBQVUsR0FBVyxFQUFFLENBQUM7UUFDeEIsaUJBQVksR0FBVyxFQUFFLENBQUM7UUFpQmxDLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1FBQzNCLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1FBQzNCLElBQUksQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDO1FBQy9CLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxDQUFDO1FBR3pCLElBQUksSUFBSSxDQUFDLFNBQVM7WUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBRTVELElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUztZQUNqQixNQUFNLElBQUksS0FBSyxDQUFDLCtDQUFzQyxDQUFDLENBQUM7SUFDNUQsQ0FBQztJQUdTLGNBQWMsQ0FBQyxRQUV4QjtRQUNDLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxxQkFBcUIsRUFBRSxHQUFHLFFBQVEsQ0FBQztRQUN0RCxJQUFJLE1BQU0sQ0FBQyxNQUFNLEtBQUssY0FBYyxDQUFDLFVBQVUsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUN2RCxlQUFNLENBQUMsS0FBSyxDQUNWLFVBQVUsSUFBSSxDQUFDLFlBQVksMEJBQTBCLE1BQU0sQ0FBQyxNQUFNLE1BQU0sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDNUYsTUFBTSxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDbEMsQ0FBQzthQUFNLElBQ0wsTUFBTSxDQUFDLE1BQU0sS0FBSyxjQUFjLENBQUMsVUFBVSxDQUFDLE9BQU87WUFDbkQsTUFBTSxDQUFDLE1BQU0sS0FBSyxjQUFjLENBQUMsVUFBVSxDQUFDLHVCQUF1QjtZQUNuRSxNQUFNLENBQUMsTUFBTSxLQUFLLGNBQWMsQ0FBQyxVQUFVLENBQUMsV0FBVyxFQUN2RCxDQUFDO1lBQ0QsZUFBTSxDQUFDLEtBQUssQ0FDVixVQUFVLElBQUksQ0FBQyxZQUFZLDBCQUEwQixNQUFNLENBQUMsTUFBTSxNQUFNLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQzlGLENBQUM7YUFBTSxJQUFJLE1BQU0sQ0FBQyxNQUFNLEtBQUssY0FBYyxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUMvRCxlQUFNLENBQUMsS0FBSyxDQUNWLFVBQVUsSUFBSSxDQUFDLFlBQVksMEJBQTBCLE1BQU0sQ0FBQyxNQUFNLE1BQU0sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDOUYsQ0FBQztRQUVELE9BQU8scUJBQXFCLENBQUM7SUFDL0IsQ0FBQztJQUVTLG9CQUFvQixDQUM1QixXQUF3QjtRQUV4QixNQUFNLFlBQVksR0FBRyxXQUFXLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxFQUFFLEVBQUU7WUFDdkUsTUFBTSxlQUFlLEdBQUcsSUFBSSxjQUFjLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQy9ELGVBQWUsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDOUIsZUFBZSxDQUFDLGNBQWMsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUM1QyxPQUFPLGVBQWUsQ0FBQztRQUN6QixDQUFDLENBQUMsQ0FBQztRQUNILE1BQU0sZUFBZSxHQUFHLElBQUksY0FBYyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3pELGVBQWUsQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFM0MsT0FBTyxlQUFlLENBQUM7SUFDekIsQ0FBQztJQUVTLG9CQUFvQixDQUM1QixXQUF3QjtRQUV4QixNQUFNLGVBQWUsR0FBRyxJQUFJLGNBQWMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN6RCxlQUFlLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNoRCxPQUFPLGVBQWUsQ0FBQztJQUN6QixDQUFDO0lBRVMsMEJBQTBCO1FBQ2xDLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxFQUFFLENBQUM7UUFFdEMsSUFBSSxJQUFJLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNuQyxNQUFNLE1BQU0sR0FBRyxZQUFFLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUM3QyxFQUFFLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDMUMsQ0FBQztRQUVELElBQUksSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ25CLE1BQU0sWUFBWSxHQUFHLENBQUMsT0FBTyxFQUFFLFFBQVEsRUFBRSxFQUFFO2dCQUN6QyxNQUFNLFFBQVEsR0FBRyxJQUFJLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztnQkFDckMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxpQ0FBcUIsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7Z0JBQ3BELFFBQVEsQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFDM0IsQ0FBQyxDQUFDO1lBQ0YsTUFBTSxlQUFlLEdBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQywyQkFBMkIsQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUNsRixFQUFFLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyx5QkFBeUIsQ0FBRSxFQUFFLEVBQUUsZUFBZSxDQUFFLENBQUM7UUFDekUsQ0FBQztRQUVELE9BQU8sRUFBRSxDQUFDO0lBQ1osQ0FBQztJQUVELElBQUksV0FBVyxDQUFDLFdBQW1CO1FBQ2pDLElBQUksQ0FBQyxZQUFZLEdBQUcsV0FBVyxDQUFDO0lBQ2xDLENBQUM7SUFFRCxJQUFJLFdBQVc7UUFDYixPQUFPLElBQUksQ0FBQyxZQUFZLENBQUM7SUFDM0IsQ0FBQztJQUVELElBQUksUUFBUSxDQUFDLElBQVk7UUFDdkIsSUFBRyxJQUFJLEtBQUssSUFBSSxJQUFJLElBQUksS0FBSyxFQUFFLEVBQUMsQ0FBQztZQUMvQix3Q0FBd0M7WUFDeEMsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7Z0JBQzVCLE1BQU0sTUFBTSxHQUFHLElBQUksR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUM3QixJQUFJLFFBQWdCLENBQUM7Z0JBQ3JCLElBQUksSUFBWSxDQUFDO2dCQUVqQixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUk7b0JBQUUsSUFBSSxHQUFHLE1BQU0sQ0FBQyxRQUFRLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQztnQkFDckUsUUFBUSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ3ZCLElBQUksQ0FBQyxTQUFTLEdBQUcsR0FBRyxRQUFRLElBQUksSUFBSSxFQUFFLENBQUM7Z0JBQ3ZDLE9BQU87WUFDVCxDQUFDO1lBQ0QsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUM7UUFDeEIsQ0FBQztJQUNILENBQUM7SUFFRCxJQUFJLFFBQVE7UUFDVixPQUFPLElBQUksQ0FBQyxTQUFTLENBQUM7SUFDeEIsQ0FBQztJQUVELElBQUksU0FBUyxDQUFDLFFBQWdCO1FBQzVCLElBQUksUUFBUSxJQUFJLElBQUksSUFBSSxRQUFRLElBQUksRUFBRTtZQUFFLElBQUksQ0FBQyxVQUFVLEdBQUcsUUFBUSxDQUFDO0lBQ3JFLENBQUM7SUFFRCxJQUFJLFNBQVM7UUFDWCxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUM7SUFDekIsQ0FBQztJQUVELElBQUksT0FBTyxDQUFDLFVBQWtCO1FBQzVCLElBQUksVUFBVSxJQUFJLElBQUksSUFBSSxVQUFVLElBQUUsRUFBRTtZQUFFLElBQUksQ0FBQyxRQUFRLEdBQUcsVUFBVSxDQUFDO0lBQ3ZFLENBQUM7SUFFRCxJQUFJLE9BQU87UUFDVCxPQUFPLElBQUksQ0FBQyxRQUFRLENBQUM7SUFDdkIsQ0FBQztJQUVELElBQUksU0FBUyxDQUFDLFFBQWdCO1FBQzVCLElBQUksUUFBUSxJQUFJLElBQUksSUFBSSxRQUFRLElBQUUsRUFBRSxFQUFDLENBQUM7WUFDcEMsSUFBSSxDQUFDLFVBQVUsR0FBRyxRQUFRLENBQUM7UUFDN0IsQ0FBQztJQUNILENBQUM7SUFFRCxJQUFJLFNBQVM7UUFDWCxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUM7SUFDekIsQ0FBQztDQUNGO0FBM0pELHdDQTJKQyJ9
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { ComponentsVulnerabilitiesResponse, ComponentVulnerabilityResponse } from "../../types/vulnerability/types";
|
|
2
|
+
import { Component } from "../../types/common/types";
|
|
2
3
|
export interface IVulnerabilityClient {
|
|
3
|
-
getVulnerabilitiesComponents(components: Component[]): Promise<
|
|
4
|
-
getVulnerabilitiesComponent(component: Component): Promise<
|
|
4
|
+
getVulnerabilitiesComponents(components: Component[]): Promise<ComponentsVulnerabilitiesResponse>;
|
|
5
|
+
getVulnerabilitiesComponent(component: Component): Promise<ComponentVulnerabilityResponse>;
|
|
5
6
|
}
|
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
import { HttpClient } from "../http/HttpClient";
|
|
2
|
-
import { Component } from "../../shared/interfaces/Component";
|
|
3
2
|
import { IVulnerabilityClient } from "./IVulnerabilityClient";
|
|
3
|
+
import { Component } from "../../types/common/types";
|
|
4
|
+
import { ComponentsVulnerabilitiesResponse, ComponentVulnerabilityResponse } from "../../types/vulnerability/types";
|
|
4
5
|
export declare class VulnerabilityHttpClient extends HttpClient implements IVulnerabilityClient {
|
|
5
6
|
private client;
|
|
6
7
|
private readonly baseUrl;
|
|
7
8
|
constructor(token: string, hostName: string, proxyHost?: string, caCertPath?: string);
|
|
8
|
-
getVulnerabilitiesComponents(components: Array<Component>): Promise<
|
|
9
|
-
getVulnerabilitiesComponent(component: Component): Promise<
|
|
9
|
+
getVulnerabilitiesComponents(components: Array<Component>): Promise<ComponentsVulnerabilitiesResponse>;
|
|
10
|
+
getVulnerabilitiesComponent(component: Component): Promise<ComponentVulnerabilityResponse>;
|
|
10
11
|
}
|
|
@@ -16,18 +16,16 @@ class VulnerabilityHttpClient extends HttpClient_1.HttpClient {
|
|
|
16
16
|
}
|
|
17
17
|
async getVulnerabilitiesComponents(components) {
|
|
18
18
|
try {
|
|
19
|
-
|
|
19
|
+
Logger_1.logger.debug(`Getting vulnerabilities for ${components.map((c) => JSON.stringify(c, null, 2))} components`);
|
|
20
|
+
const response = await this.client.post(`${this.baseUrl}/v2/vulnerabilities/components`, { components: components });
|
|
20
21
|
if (response.ok) {
|
|
21
|
-
|
|
22
|
-
return vulnerabilities;
|
|
22
|
+
return await response.json();
|
|
23
23
|
}
|
|
24
24
|
const errorText = await response.text();
|
|
25
25
|
const errorMessage = `Failed to get vulnerabilities: ${response.status} ${response.statusText} - ${errorText}`;
|
|
26
|
-
Logger_1.logger.log(`Error getting vulnerabilities: ${errorMessage}`);
|
|
27
26
|
throw new Error(errorMessage);
|
|
28
27
|
}
|
|
29
28
|
catch (error) {
|
|
30
|
-
Logger_1.logger.log('Error getting vulnerabilities:', error);
|
|
31
29
|
throw this.handleError(error, 'Failed to get vulnerabilities');
|
|
32
30
|
}
|
|
33
31
|
}
|
|
@@ -40,19 +38,16 @@ class VulnerabilityHttpClient extends HttpClient_1.HttpClient {
|
|
|
40
38
|
}
|
|
41
39
|
const response = await this.client.get(`${this.baseUrl}/api/v2/vulnerabilities/component?${queryParams.toString()}`);
|
|
42
40
|
if (response.ok) {
|
|
43
|
-
|
|
44
|
-
return vulnerabilities;
|
|
41
|
+
return await response.json();
|
|
45
42
|
}
|
|
46
43
|
const errorText = await response.text();
|
|
47
44
|
const errorMessage = `Failed to get vulnerabilities: ${response.status} ${response.statusText} - ${errorText}`;
|
|
48
|
-
Logger_1.logger.log(`Error getting vulnerabilities: ${errorMessage}`);
|
|
49
45
|
throw new Error(errorMessage);
|
|
50
46
|
}
|
|
51
47
|
catch (error) {
|
|
52
|
-
Logger_1.logger.log('Error getting vulnerabilities:', error);
|
|
53
48
|
throw this.handleError(error, 'Failed to get vulnerabilities');
|
|
54
49
|
}
|
|
55
50
|
}
|
|
56
51
|
}
|
|
57
52
|
exports.VulnerabilityHttpClient = VulnerabilityHttpClient;
|
|
58
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
53
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVnVsbmVyYWJpbGl0eUh0dHBDbGllbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9zcmMvc2RrL0NsaWVudHMvVnVsbmVyYWJpbGl0eS9WdWxuZXJhYmlsaXR5SHR0cENsaWVudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxtREFBZ0Q7QUFFaEQseUNBQXNDO0FBSXRDLE1BQWEsdUJBQXdCLFNBQVEsdUJBQVU7SUFJckQsWUFBWSxLQUFhLEVBQUUsUUFBZ0IsRUFBRSxTQUFrQixFQUFFLFVBQW1CO1FBQ2xGLEtBQUssRUFBRSxDQUFDO1FBQ1IsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLHVCQUFVLENBQUM7WUFDM0IsUUFBUSxFQUFFLFFBQVE7WUFDbEIsT0FBTyxFQUFFLEtBQUs7WUFDZCxXQUFXLEVBQUUsU0FBUztZQUN0QixPQUFPLEVBQUUsVUFBVTtTQUNwQixDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsT0FBTyxHQUFHLFFBQVEsQ0FBQztJQUMxQixDQUFDO0lBRU0sS0FBSyxDQUFDLDRCQUE0QixDQUFDLFVBQTRCO1FBQ3BFLElBQUksQ0FBQztZQUNILGVBQU0sQ0FBQyxLQUFLLENBQUMsK0JBQStCLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFDLElBQUksRUFBQyxDQUFDLENBQUMsQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUN6RyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8sZ0NBQWdDLEVBQUUsRUFBRSxVQUFVLEVBQUUsVUFBVSxFQUFFLENBQUMsQ0FBQztZQUNySCxJQUFJLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztnQkFDaEIsT0FBTyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQXVDLENBQUM7WUFDcEUsQ0FBQztZQUNELE1BQU0sU0FBUyxHQUFHLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3hDLE1BQU0sWUFBWSxHQUFHLGtDQUFrQyxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLE1BQU0sU0FBUyxFQUFFLENBQUM7WUFDL0csTUFBTSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUNoQyxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxLQUFLLEVBQUUsK0JBQStCLENBQUMsQ0FBQztRQUNqRSxDQUFDO0lBQ0gsQ0FBQztJQUVNLEtBQUssQ0FBQywyQkFBMkIsQ0FBQyxTQUFvQjtRQUMzRCxJQUFJLENBQUM7WUFDSCxNQUFNLFdBQVcsR0FBRyxJQUFJLGVBQWUsRUFBRSxDQUFDO1lBQzFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUMzQyxJQUFJLFNBQVMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztnQkFDMUIsV0FBVyxDQUFDLE1BQU0sQ0FBQyxhQUFhLEVBQUUsU0FBUyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQzNELENBQUM7WUFDRCxNQUFNLFFBQVEsR0FBSSxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8scUNBQXFDLFdBQVcsQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDdEgsSUFBSSxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUM7Z0JBQ2hCLE9BQU8sTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFvQyxDQUFDO1lBQ2pFLENBQUM7WUFDRCxNQUFNLFNBQVMsR0FBRyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUN4QyxNQUFNLFlBQVksR0FBRyxrQ0FBa0MsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxNQUFNLFNBQVMsRUFBRSxDQUFDO1lBQy9HLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxFQUFFLCtCQUErQixDQUFDLENBQUM7UUFDakUsQ0FBQztJQUNILENBQUM7Q0FDRjtBQWhERCwwREFnREMifQ==
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { Component } from "../../
|
|
1
|
+
import { Component } from "../../types/common/types";
|
|
2
2
|
export declare function chunkRequest(components: Component[], chunkSize: number): Array<Component[]>;
|
|
3
3
|
export declare function validateComponents(components: Component[]): void;
|
|
@@ -5,7 +5,7 @@ exports.validateComponents = validateComponents;
|
|
|
5
5
|
function chunkRequest(components, chunkSize) {
|
|
6
6
|
const requests = [];
|
|
7
7
|
for (let i = 0; i < components.length; i += chunkSize) {
|
|
8
|
-
requests.push(components.slice(i, i +
|
|
8
|
+
requests.push(components.slice(i, i + chunkSize));
|
|
9
9
|
}
|
|
10
10
|
return requests;
|
|
11
11
|
}
|
|
@@ -22,4 +22,4 @@ function validateComponents(components) {
|
|
|
22
22
|
}
|
|
23
23
|
}
|
|
24
24
|
}
|
|
25
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
25
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xpZW50SGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL3Nkay9DbGllbnRzL2hlbHBlci9jbGllbnRIZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFHQSxvQ0FNQztBQUdELGdEQWNDO0FBdkJELFNBQWdCLFlBQVksQ0FBQyxVQUF1QixFQUFFLFNBQWlCO0lBQ3JFLE1BQU0sUUFBUSxHQUFHLEVBQUUsQ0FBQztJQUNwQixLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsVUFBVSxDQUFDLE1BQU0sRUFBRSxDQUFDLElBQUksU0FBUyxFQUFFLENBQUM7UUFDdEQsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLEdBQUcsU0FBUyxDQUFDLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBQ0QsT0FBTyxRQUFRLENBQUM7QUFDbEIsQ0FBQztBQUdELFNBQWdCLGtCQUFrQixDQUFDLFVBQXVCO0lBQ3hELElBQUksQ0FBQyxVQUFVLElBQUksVUFBVSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUM3QyxNQUFNLElBQUksS0FBSyxDQUFDLGtDQUFrQyxDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVELElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUM7UUFDL0IsTUFBTSxJQUFJLEtBQUssQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ2pELENBQUM7SUFFRCxLQUFLLE1BQU0sU0FBUyxJQUFJLFVBQVUsRUFBRSxDQUFDO1FBQ25DLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxJQUFJLE9BQU8sU0FBUyxDQUFDLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUMxRCxNQUFNLElBQUksS0FBSyxDQUFDLDhDQUE4QyxDQUFDLENBQUM7UUFDbEUsQ0FBQztJQUNILENBQUM7QUFDRCxDQUFDIn0=
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { ComponentCryptographyResultCollector } from "../../Helper/ResultCollector/Component/ComponentCryptographyResultColletor";
|
|
2
2
|
import { BaseCryptographyScanner } from "../../BaseCryptographyScanner";
|
|
3
|
-
import { Component } from "../../../shared/interfaces/Component";
|
|
4
3
|
import { AlgorithmResponse } from "../../../Clients/Cryptography/ICryptographyClient";
|
|
4
|
+
import { Component } from "../../../types/common/types";
|
|
5
5
|
/**
|
|
6
6
|
* Scanner for detecting cryptographic algorithms in software components.
|
|
7
7
|
* This class extends the base cryptography scanner to specifically handle
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.ComponentAlgorithmScanner = void 0;
|
|
4
4
|
const BaseCryptographyScanner_1 = require("../../BaseCryptographyScanner");
|
|
5
|
-
const
|
|
5
|
+
const CryptographyGRPCClient_1 = require("../../../Clients/Cryptography/CryptographyGRPCClient");
|
|
6
6
|
/**
|
|
7
7
|
* Scanner for detecting cryptographic algorithms in software components.
|
|
8
8
|
* This class extends the base cryptography scanner to specifically handle
|
|
@@ -17,7 +17,7 @@ class ComponentAlgorithmScanner extends BaseCryptographyScanner_1.BaseCryptograp
|
|
|
17
17
|
* @returns {AlgorithmResponse} A promise that resolves to an AlgorithmResponse containing detected cryptographic algorithms.
|
|
18
18
|
*/
|
|
19
19
|
async scan(components) {
|
|
20
|
-
const cryptographyClient = new
|
|
20
|
+
const cryptographyClient = new CryptographyGRPCClient_1.CryptographyGRPCClient(this.config.API_KEY, // API KEY
|
|
21
21
|
this.config.API_URL, // Destination Host
|
|
22
22
|
this.config.GRPC_PROXY, // Proxy Host
|
|
23
23
|
this.config.CA_CERT);
|
|
@@ -27,4 +27,4 @@ class ComponentAlgorithmScanner extends BaseCryptographyScanner_1.BaseCryptograp
|
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
exports.ComponentAlgorithmScanner = ComponentAlgorithmScanner;
|
|
30
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
30
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ29tcG9uZW50QWxnb3JpdGhtU2Nhbm5lci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL3NyYy9zZGsvQ3J5cHRvZ3JhcGh5L0FsZ29yaXRobS9Db21wb25lbnRzL0NvbXBvbmVudEFsZ29yaXRobVNjYW5uZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBSUEsMkVBQXdFO0FBR3hFLGlHQUE4RjtBQUU5Rjs7OztHQUlHO0FBQ0gsTUFBYSx5QkFDWCxTQUFRLGlEQUdZO0lBRXBCOzs7Ozs7T0FNRztJQUNJLEtBQUssQ0FBQyxJQUFJLENBQUMsVUFBdUI7UUFDdkMsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLCtDQUFzQixDQUNuRCxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxVQUFVO1FBQy9CLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLG1CQUFtQjtRQUN4QyxJQUFJLENBQUMsTUFBTSxDQUFDLFVBQVUsRUFBRSxhQUFhO1FBQ3JDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdkIsTUFBTSxPQUFPLEdBQXFCLE1BQU0sa0JBQWtCLENBQUMsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ3JGLElBQUksQ0FBQyxlQUFlLENBQUMsdUJBQXVCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEQsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztDQUNGO0FBdkJELDhEQXVCQyJ9
|
|
@@ -24,20 +24,19 @@ class CryptoCfg extends BaseConfig_1.BaseConfig {
|
|
|
24
24
|
* @returns The resolved API URL
|
|
25
25
|
*/
|
|
26
26
|
resolveApiUrl(apiKey, currentUrl) {
|
|
27
|
-
// Case 1: Has API key and using default URL -> upgrade to premium URL
|
|
28
|
-
if (apiKey && currentUrl === BaseConfig_1.BaseConfig.
|
|
27
|
+
// Case 1: Has API key and using default URL -> upgrade to premium URL. The default URL is set on the BaseConfig.ts file
|
|
28
|
+
if (apiKey && currentUrl === BaseConfig_1.BaseConfig.getDefaultURL())
|
|
29
29
|
return BaseConfig_1.BaseConfig.getPremiumURL();
|
|
30
30
|
// Case 2: Has API key and using custom URL -> keep custom URL
|
|
31
|
-
if (apiKey && currentUrl
|
|
32
|
-
//
|
|
31
|
+
if (apiKey && currentUrl.startsWith(BaseConfig_1.BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig_1.BaseConfig.getDefaultURL())) {
|
|
32
|
+
// Check if custom URL is not the same as the default one.
|
|
33
33
|
if (currentUrl.startsWith(BaseConfig_1.BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig_1.BaseConfig.getDefaultURL())) {
|
|
34
34
|
return currentUrl.replace(/\/scan\/direct$/, '');
|
|
35
35
|
}
|
|
36
|
-
// For other custom URLs, return as-is
|
|
37
36
|
return currentUrl;
|
|
38
37
|
}
|
|
39
38
|
// Case 4: No API key and default/empty URL -> use default URL
|
|
40
|
-
return BaseConfig_1.BaseConfig.
|
|
39
|
+
return BaseConfig_1.BaseConfig.getDefaultURL();
|
|
41
40
|
}
|
|
42
41
|
get API_URL() {
|
|
43
42
|
return this.resolveApiUrl(this.API_KEY, super.API_URL);
|
|
@@ -47,4 +46,4 @@ class CryptoCfg extends BaseConfig_1.BaseConfig {
|
|
|
47
46
|
}
|
|
48
47
|
}
|
|
49
48
|
exports.CryptoCfg = CryptoCfg;
|
|
50
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
49
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ3J5cHRvQ2ZnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3Nkay9DcnlwdG9ncmFwaHkvQ3J5cHRvQ2ZnLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDhDQUEyQztBQUUzQzs7R0FFRztBQUNILE1BQWEsU0FBVSxTQUFRLHVCQUFVO0lBWXRDLFlBQVksR0FBZTtRQUN6QixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFYSSxvQkFBZSxHQUFHLENBQUMsQ0FBQztRQU1yQyxZQUFPLEdBQVcsSUFBSSxDQUFDLGVBQWUsQ0FBQztRQUV2QyxZQUFPLEdBQVcsRUFBRSxDQUFDO1FBSW5CLElBQUcsR0FBRyxFQUFFLENBQUM7WUFDUCxJQUFJLENBQUMsT0FBTyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUNoRCxDQUFDO0lBQ0gsQ0FBQztJQUVGOzs7Ozs7O09BT0c7SUFDUSxhQUFhLENBQUMsTUFBYyxFQUFFLFVBQWtCO1FBQ3pELHdIQUF3SDtRQUN4SCxJQUFJLE1BQU0sSUFBSSxVQUFVLEtBQUssdUJBQVUsQ0FBQyxhQUFhLEVBQUU7WUFDckQsT0FBTyx1QkFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3BDLDhEQUE4RDtRQUM5RCxJQUFJLE1BQU0sSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLHVCQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLHVCQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBQyxDQUFDO1lBQ3BILDBEQUEwRDtZQUMxRCxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsdUJBQVUsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsdUJBQVUsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxFQUFFLENBQUM7Z0JBQzNHLE9BQU8sVUFBVSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxVQUFVLENBQUM7UUFDcEIsQ0FBQztRQUNELDhEQUE4RDtRQUM5RCxPQUFPLHVCQUFVLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDbkMsQ0FBQztJQUVELElBQVcsT0FBTztRQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDekQsQ0FBQztJQUVELElBQVcsT0FBTyxDQUFDLEtBQWE7UUFDOUIsS0FBSyxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUM7SUFDeEIsQ0FBQztDQUVIO0FBbkRELDhCQW1EQyJ9
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { CryptoCfg } from "./CryptoCfg";
|
|
2
2
|
import { CryptographyResponse, LocalCryptographyResponse } from "./CryptographyTypes";
|
|
3
|
-
import { Component } from "../
|
|
3
|
+
import { Component } from "../types/common/types";
|
|
4
4
|
/**
|
|
5
5
|
* Provides functionality to scan files and components for cryptographic items.
|
|
6
6
|
* This class acts as the primary entry point for cryptographic scanning.
|
|
@@ -50,4 +50,4 @@ class CryptographyScanner {
|
|
|
50
50
|
}
|
|
51
51
|
}
|
|
52
52
|
exports.CryptographyScanner = CryptographyScanner;
|
|
53
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
53
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ3J5cHRvZ3JhcGh5U2Nhbm5lci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9zZGsvQ3J5cHRvZ3JhcGh5L0NyeXB0b2dyYXBoeVNjYW5uZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EsaUZBRWdEO0FBQ2hELGtFQUErRDtBQUsvRCxtSEFFdUU7QUFDdkUsZ0lBRWdGO0FBQ2hGLGdHQUUwRDtBQUMxRCxpRkFFZ0Q7QUFDaEQsb0VBQTJFO0FBRzNFOzs7R0FHRztBQUNILE1BQWEsbUJBQW1CO0lBSTlCLFlBQVksR0FBYztRQUN4QixJQUFJLENBQUMsTUFBTSxHQUFHLEdBQUcsQ0FBQztJQUNwQixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSSxLQUFLLENBQUMsU0FBUyxDQUFDLEtBQW9CO1FBQ3pDLE1BQU0scUJBQXFCLEdBQUcsSUFBSSxpRUFBK0IsRUFBRSxDQUFDO1FBQ3BFLG1FQUFtRTtRQUNuRSxJQUFJLEtBQUssQ0FBQyxNQUFNLElBQUksQ0FBQztZQUFFLE9BQU8scUJBQXFCLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDakUsTUFBTSxzQkFBc0IsR0FBRyxJQUFJLDJDQUFvQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUMscUJBQXFCLENBQUMsQ0FBQztRQUMzRixNQUFNLGlCQUFpQixHQUFHLElBQUksaUNBQWUsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLHFCQUFxQixDQUFDLENBQUM7UUFDbEYsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUEsaURBQTRCLEVBQUMsS0FBSyxDQUFDLENBQUM7UUFDbkUsTUFBTSxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUNwRCxNQUFNLGlCQUFpQixDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQy9DLE9BQU8scUJBQXFCLENBQUMsVUFBVSxFQUFFLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksS0FBSyxDQUFDLGNBQWMsQ0FBQyxHQUFnQjtRQUMxQyxNQUFNLDhCQUE4QixHQUFHLElBQUksMEVBQW9DLEVBQUUsQ0FBQztRQUNsRixNQUFNLCtCQUErQixHQUFHLElBQUkscURBQXlCLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSw4QkFBOEIsQ0FBQyxDQUFDO1FBQ25ILE1BQU0sMEJBQTBCLEdBQUcsSUFBSSwyQ0FBb0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLDhCQUE4QixDQUFDLENBQUM7UUFDekcsTUFBTSwrQkFBK0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDaEQsTUFBTSwwQkFBMEIsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDM0MsT0FBTyw4QkFBOEIsQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUNyRCxDQUFDO0NBQ0Y7QUF4Q0Qsa0RBd0NDIn0=
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { ComponentCryptographyResultCollector } from "../../Helper/ResultCollector/Component/ComponentCryptographyResultColletor";
|
|
2
2
|
import { BaseCryptographyScanner } from "../../BaseCryptographyScanner";
|
|
3
|
-
import { Component } from "../../../shared/interfaces/Component";
|
|
4
3
|
import { HintsInRangeResponse } from "../../../Clients/Cryptography/ICryptographyClient";
|
|
4
|
+
import { Component } from "../../../types/common/types";
|
|
5
5
|
/**
|
|
6
6
|
* Scanner for detecting cryptographic hints in software components.
|
|
7
7
|
* This class extends the base cryptography scanner to specifically handle
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.ComponentHintScanner = void 0;
|
|
4
4
|
const BaseCryptographyScanner_1 = require("../../BaseCryptographyScanner");
|
|
5
|
-
const
|
|
5
|
+
const CryptographyGRPCClient_1 = require("../../../Clients/Cryptography/CryptographyGRPCClient");
|
|
6
6
|
/**
|
|
7
7
|
* Scanner for detecting cryptographic hints in software components.
|
|
8
8
|
* This class extends the base cryptography scanner to specifically handle
|
|
@@ -17,7 +17,7 @@ class ComponentHintScanner extends BaseCryptographyScanner_1.BaseCryptographySca
|
|
|
17
17
|
* @returns {HintsResponse} A promise that resolves to a HintsResponse containing detected cryptographic hints.
|
|
18
18
|
*/
|
|
19
19
|
async scan(req) {
|
|
20
|
-
const cryptographyClient = new
|
|
20
|
+
const cryptographyClient = new CryptographyGRPCClient_1.CryptographyGRPCClient(this.config.API_KEY, // API KEY
|
|
21
21
|
this.config.API_URL, // Destination Host
|
|
22
22
|
this.config.GRPC_PROXY, // Proxy Host
|
|
23
23
|
this.config.CA_CERT);
|
|
@@ -27,4 +27,4 @@ class ComponentHintScanner extends BaseCryptographyScanner_1.BaseCryptographySca
|
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
exports.ComponentHintScanner = ComponentHintScanner;
|
|
30
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
30
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ29tcG9uZW50SGludFNjYW5uZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9zcmMvc2RrL0NyeXB0b2dyYXBoeS9IaW50L0NvbXBvbmVudHMvQ29tcG9uZW50SGludFNjYW5uZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBR0EsMkVBQXdFO0FBR3hFLGlHQUE4RjtBQUU5Rjs7OztHQUlHO0FBQ0gsTUFBYSxvQkFDWCxTQUFRLGlEQUdlO0lBRXZCOzs7Ozs7T0FNRztJQUNJLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBZ0I7UUFDaEMsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLCtDQUFzQixDQUNuRCxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxVQUFVO1FBQy9CLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLG1CQUFtQjtRQUN4QyxJQUFJLENBQUMsTUFBTSxDQUFDLFVBQVUsRUFBRSxhQUFhO1FBQ3JDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdkIsTUFBTSxPQUFPLEdBQUcsTUFBTSxrQkFBa0IsQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNqRSxJQUFJLENBQUMsZUFBZSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2pELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7Q0FDRjtBQXZCRCxvREF1QkMifQ==
|
|
@@ -42,22 +42,18 @@ class DependencyScannerCfg extends BaseConfig_1.BaseConfig {
|
|
|
42
42
|
* @returns The resolved scanner URL
|
|
43
43
|
*/
|
|
44
44
|
resolveApiUrl(apiKey, currentUrl) {
|
|
45
|
-
// Case 1: Has API key and using default URL -> upgrade to premium
|
|
45
|
+
// Case 1: Has API key and using default URL -> upgrade to premium URL. The default URL is set on the BaseConfig.ts file
|
|
46
46
|
if (apiKey && currentUrl === BaseConfig_1.BaseConfig.getDefaultURL())
|
|
47
47
|
return BaseConfig_1.BaseConfig.getPremiumURL();
|
|
48
|
-
// Case 2: Has API key and using custom URL
|
|
49
|
-
if (apiKey && currentUrl
|
|
50
|
-
//
|
|
48
|
+
// Case 2: Has API key and using custom URL -> keep custom URL
|
|
49
|
+
if (apiKey && currentUrl.startsWith(BaseConfig_1.BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig_1.BaseConfig.getDefaultURL())) {
|
|
50
|
+
// Check if custom URL is not the same as the default one.
|
|
51
51
|
if (currentUrl.startsWith(BaseConfig_1.BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig_1.BaseConfig.getDefaultURL())) {
|
|
52
52
|
return currentUrl.replace(/\/scan\/direct$/, '');
|
|
53
53
|
}
|
|
54
|
-
// For other custom URLs, return as-is
|
|
55
54
|
return currentUrl;
|
|
56
55
|
}
|
|
57
|
-
// Case
|
|
58
|
-
if (!apiKey && currentUrl !== BaseConfig_1.BaseConfig.getDefaultURL())
|
|
59
|
-
return currentUrl;
|
|
60
|
-
// Case 4: No API key and default/empty URL -> use default URL with /scan/direct
|
|
56
|
+
// Case 4: No API key and default/empty URL -> use default URL
|
|
61
57
|
return BaseConfig_1.BaseConfig.getDefaultURL();
|
|
62
58
|
}
|
|
63
59
|
get API_URL() {
|
|
@@ -68,4 +64,4 @@ class DependencyScannerCfg extends BaseConfig_1.BaseConfig {
|
|
|
68
64
|
}
|
|
69
65
|
}
|
|
70
66
|
exports.DependencyScannerCfg = DependencyScannerCfg;
|
|
71
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
67
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRGVwZW5kZW5jeVNjYW5uZXJDZmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2RrL0RlcGVuZGVuY2llcy9EZXBlbmRlbmN5U2Nhbm5lckNmZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw4Q0FBMkM7QUFDM0MsTUFBTSwwQkFBMEIsR0FBRyxFQUFFLENBQUM7QUFFdEMsTUFBYSxvQkFBcUIsU0FBUSx1QkFBVTtJQU9sRCxZQUFZLE1BQTZCO1FBQ3ZDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztRQU5oQix3QkFBbUIsR0FBRyxLQUFLLENBQUM7UUFFNUIsYUFBUSxHQUFXLEVBQUUsQ0FBQztRQUV0Qix3QkFBbUIsR0FBRywwQkFBMEIsQ0FBQztRQUcvQyxJQUFHLE1BQU0sRUFBQyxDQUFDO1lBQ1QsSUFBSSxDQUFDLGtCQUFrQixHQUFHLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQywwQkFBMEIsQ0FBQztZQUM3RyxJQUFJLENBQUMsT0FBTyxHQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUNyRCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsTUFBTSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQztRQUMxRixDQUFDO0lBQ0gsQ0FBQztJQUVELElBQUksa0JBQWtCO1FBQ3BCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixDQUFDO0lBQ2xDLENBQUM7SUFFRCxJQUFJLGtCQUFrQixDQUFDLEtBQWE7UUFDbEMsSUFBSSxDQUFDLG1CQUFtQixHQUFHLEtBQUssQ0FBQztJQUNuQyxDQUFDO0lBRUQsSUFBSSxPQUFPO1FBQ1QsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDO0lBQ3ZCLENBQUM7SUFFRCxJQUFJLE9BQU8sQ0FBQyxLQUFhO1FBQ3ZCLElBQUksQ0FBQyxRQUFRLEdBQUcsS0FBSyxDQUFDO0lBQ3hCLENBQUM7SUFFRCxJQUFJLGtCQUFrQjtRQUNwQixPQUFPLElBQUksQ0FBQyxtQkFBbUIsQ0FBQztJQUNsQyxDQUFDO0lBRUQsSUFBSSxrQkFBa0IsQ0FBQyxLQUFjO1FBQ25DLElBQUksQ0FBQyxtQkFBbUIsR0FBRyxLQUFLLENBQUM7SUFDbkMsQ0FBQztJQUVEOzs7Ozs7O09BT0c7SUFDTyxhQUFhLENBQUMsTUFBYyxFQUFFLFVBQWtCO1FBQ3hELHdIQUF3SDtRQUN4SCxJQUFJLE1BQU0sSUFBSSxVQUFVLEtBQUssdUJBQVUsQ0FBQyxhQUFhLEVBQUU7WUFDckQsT0FBTyx1QkFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3BDLDhEQUE4RDtRQUM5RCxJQUFJLE1BQU0sSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLHVCQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLHVCQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBQyxDQUFDO1lBQ3BILDBEQUEwRDtZQUMxRCxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsdUJBQVUsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsdUJBQVUsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxFQUFFLENBQUM7Z0JBQzNHLE9BQU8sVUFBVSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxVQUFVLENBQUM7UUFDcEIsQ0FBQztRQUNELDhEQUE4RDtRQUM5RCxPQUFPLHVCQUFVLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDcEMsQ0FBQztJQUVELElBQUksT0FBTztRQUNULE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQsSUFBSSxPQUFPLENBQUMsR0FBVztRQUNyQixLQUFLLENBQUMsT0FBTyxHQUFHLEdBQUcsQ0FBQztJQUN0QixDQUFDO0NBRUY7QUF4RUQsb0RBd0VDIn0=
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { CryptoAlgorithm } from "../../Cryptography/CryptographyTypes";
|
|
2
|
+
import { Vulnerability } from "../../types/vulnerability/types";
|
|
2
3
|
/************* Component interface definition *************/
|
|
3
4
|
export interface ComponentDataLayer {
|
|
4
5
|
key: string;
|
|
@@ -56,17 +57,6 @@ export interface Dependency {
|
|
|
56
57
|
licenses: License[];
|
|
57
58
|
}
|
|
58
59
|
/************* Dependency interface definition *************/
|
|
59
|
-
/************* Vulnerability interface definition *************/
|
|
60
|
-
export interface Vulnerability {
|
|
61
|
-
id: string;
|
|
62
|
-
cve: string;
|
|
63
|
-
url: string;
|
|
64
|
-
summary: string;
|
|
65
|
-
severity: string;
|
|
66
|
-
published: string;
|
|
67
|
-
modified: string;
|
|
68
|
-
source: string;
|
|
69
|
-
}
|
|
70
60
|
export interface VulnerabilityDataLayer {
|
|
71
61
|
purl: string;
|
|
72
62
|
vulnerability: Vulnerability[];
|
|
@@ -16,7 +16,7 @@ export declare class VulnerabilityCfg extends BaseConfig {
|
|
|
16
16
|
API_KEY: string;
|
|
17
17
|
constructor(config?: VulnerabilityCfg);
|
|
18
18
|
/**
|
|
19
|
-
* Resolves the appropriate API URL based on API key presence and current URL.
|
|
19
|
+
* Resolves the appropriate API URL based on API key presence and current URL. See: src/sdk/BaseConfig.ts
|
|
20
20
|
* If an API key is provided and the current URL is the default, returns the premium
|
|
21
21
|
* URL, otherwise returns the current URL.
|
|
22
22
|
* @param apiKey - The API key (if any)
|
|
@@ -8,6 +8,7 @@ const BaseConfig_1 = require("../BaseConfig");
|
|
|
8
8
|
*/
|
|
9
9
|
class VulnerabilityCfg extends BaseConfig_1.BaseConfig {
|
|
10
10
|
constructor(config) {
|
|
11
|
+
var _a, _b;
|
|
11
12
|
super(config);
|
|
12
13
|
/**
|
|
13
14
|
* Number of components to process in each request chunk.
|
|
@@ -19,9 +20,11 @@ class VulnerabilityCfg extends BaseConfig_1.BaseConfig {
|
|
|
19
20
|
* Leave empty if no authentication is required.
|
|
20
21
|
*/
|
|
21
22
|
this.API_KEY = "";
|
|
23
|
+
this.REQUEST_CHUNK_SIZE = (_a = config === null || config === void 0 ? void 0 : config.REQUEST_CHUNK_SIZE) !== null && _a !== void 0 ? _a : this.REQUEST_CHUNK_SIZE;
|
|
24
|
+
this.API_KEY = (_b = config === null || config === void 0 ? void 0 : config.API_KEY) !== null && _b !== void 0 ? _b : this.API_KEY;
|
|
22
25
|
}
|
|
23
26
|
/**
|
|
24
|
-
* Resolves the appropriate API URL based on API key presence and current URL.
|
|
27
|
+
* Resolves the appropriate API URL based on API key presence and current URL. See: src/sdk/BaseConfig.ts
|
|
25
28
|
* If an API key is provided and the current URL is the default, returns the premium
|
|
26
29
|
* URL, otherwise returns the current URL.
|
|
27
30
|
* @param apiKey - The API key (if any)
|
|
@@ -29,19 +32,19 @@ class VulnerabilityCfg extends BaseConfig_1.BaseConfig {
|
|
|
29
32
|
* @returns The resolved API URL
|
|
30
33
|
*/
|
|
31
34
|
resolveApiUrl(apiKey, currentUrl) {
|
|
32
|
-
// Case 1: Has API key and using default URL -> upgrade to premium URL
|
|
33
|
-
if (apiKey && currentUrl === BaseConfig_1.BaseConfig.
|
|
35
|
+
// Case 1: Has API key and using default URL -> upgrade to premium URL. The default URL is set on the BaseConfig.ts file
|
|
36
|
+
if (apiKey && currentUrl === BaseConfig_1.BaseConfig.getDefaultURL())
|
|
34
37
|
return BaseConfig_1.BaseConfig.getPremiumURL();
|
|
35
38
|
// Case 2: Has API key and using custom URL -> keep custom URL
|
|
36
|
-
if (apiKey && currentUrl
|
|
37
|
-
//
|
|
39
|
+
if (apiKey && currentUrl.startsWith(BaseConfig_1.BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig_1.BaseConfig.getDefaultURL())) {
|
|
40
|
+
// Check if custom URL is not the same as the default one.
|
|
38
41
|
if (currentUrl.startsWith(BaseConfig_1.BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig_1.BaseConfig.getDefaultURL())) {
|
|
39
42
|
return currentUrl.replace(/\/scan\/direct$/, '');
|
|
40
43
|
}
|
|
41
44
|
return currentUrl;
|
|
42
45
|
}
|
|
43
46
|
// Case 4: No API key and default/empty URL -> use default URL
|
|
44
|
-
return BaseConfig_1.BaseConfig.
|
|
47
|
+
return BaseConfig_1.BaseConfig.getDefaultURL();
|
|
45
48
|
}
|
|
46
49
|
get API_URL() {
|
|
47
50
|
return this.resolveApiUrl(this.API_KEY, super.API_URL);
|
|
@@ -51,4 +54,4 @@ class VulnerabilityCfg extends BaseConfig_1.BaseConfig {
|
|
|
51
54
|
}
|
|
52
55
|
}
|
|
53
56
|
exports.VulnerabilityCfg = VulnerabilityCfg;
|
|
54
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
57
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVnVsbmVyYWJpbGl0eUNmZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9zZGsvVnVsbmVyYWJpbGl0eS9WdWxuZXJhYmlsaXR5Q2ZnLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDhDQUEyQztBQUUzQzs7O0dBR0c7QUFDSCxNQUFhLGdCQUFpQixTQUFRLHVCQUFVO0lBYzlDLFlBQVksTUFBeUI7O1FBQ25DLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztRQWJoQjs7O1dBR0c7UUFDSCx1QkFBa0IsR0FBRyxFQUFFLENBQUM7UUFFeEI7OztXQUdHO1FBQ0gsWUFBTyxHQUFHLEVBQUUsQ0FBQztRQUlYLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxNQUFBLE1BQU0sYUFBTixNQUFNLHVCQUFOLE1BQU0sQ0FBRSxrQkFBa0IsbUNBQUksSUFBSSxDQUFDLGtCQUFrQixDQUFDO1FBQ2hGLElBQUksQ0FBQyxPQUFPLEdBQUcsTUFBQSxNQUFNLGFBQU4sTUFBTSx1QkFBTixNQUFNLENBQUUsT0FBTyxtQ0FBSSxJQUFJLENBQUMsT0FBTyxDQUFDO0lBQ2pELENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ08sYUFBYSxDQUFDLE1BQWMsRUFBRSxVQUFrQjtRQUN4RCx3SEFBd0g7UUFDeEgsSUFBSSxNQUFNLElBQUksVUFBVSxLQUFLLHVCQUFVLENBQUMsYUFBYSxFQUFFO1lBQ3JELE9BQU8sdUJBQVUsQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNwQyw4REFBOEQ7UUFDOUQsSUFBSSxNQUFNLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyx1QkFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyx1QkFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDLEVBQUMsQ0FBQztZQUNwSCwwREFBMEQ7WUFDMUQsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLHVCQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLHVCQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUMzRyxPQUFPLFVBQVUsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDbkQsQ0FBQztZQUNELE9BQU8sVUFBVSxDQUFDO1FBQ3BCLENBQUM7UUFDRCw4REFBOEQ7UUFDOUQsT0FBTyx1QkFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDO0lBQ3BDLENBQUM7SUFFRCxJQUFXLE9BQU87UUFDaEIsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3pELENBQUM7SUFFRCxJQUFJLE9BQU8sQ0FBQyxHQUFXO1FBQ3JCLEtBQUssQ0FBQyxPQUFPLEdBQUcsR0FBRyxDQUFDO0lBQ3RCLENBQUM7Q0FDRjtBQW5ERCw0Q0FtREMifQ==
|
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
import { VulnerabilityCfg } from "./VulnerabilityCfg";
|
|
2
|
-
import {
|
|
2
|
+
import { ComponentsVulnerabilitiesResponse, ComponentVulnerabilityResponse } from "../types/vulnerability/types";
|
|
3
|
+
import { Component } from "../types/common/types";
|
|
3
4
|
export declare class VulnerabilityScanner {
|
|
4
5
|
private config;
|
|
5
6
|
private vulnerabilityClient;
|
|
6
7
|
constructor(config?: VulnerabilityCfg);
|
|
7
|
-
|
|
8
|
+
getVulnerabilitiesComponents(components: Array<Component>): Promise<ComponentsVulnerabilitiesResponse>;
|
|
9
|
+
getVulnerabilitiesComponent(component: Component): Promise<ComponentVulnerabilityResponse>;
|
|
8
10
|
}
|
|
@@ -13,22 +13,76 @@ class VulnerabilityScanner {
|
|
|
13
13
|
this.config = new VulnerabilityCfg_1.VulnerabilityCfg();
|
|
14
14
|
this.vulnerabilityClient = new VulnerabilityHttpClient_1.VulnerabilityHttpClient(this.config.API_KEY, this.config.API_URL ? this.config.API_URL : '', this.config.HTTPS_PROXY ? this.config.HTTPS_PROXY : '', this.config.CA_CERT);
|
|
15
15
|
}
|
|
16
|
-
async
|
|
16
|
+
async getVulnerabilitiesComponents(components) {
|
|
17
17
|
const requests = (0, clientHelper_1.chunkRequest)(components, this.config.REQUEST_CHUNK_SIZE);
|
|
18
|
-
const
|
|
18
|
+
const response = {
|
|
19
|
+
components: [],
|
|
20
|
+
status: {
|
|
21
|
+
status: "SUCCESS",
|
|
22
|
+
message: "Vulnerabilities retrieved successfully"
|
|
23
|
+
}
|
|
24
|
+
};
|
|
25
|
+
const failedRequests = [];
|
|
26
|
+
const componentVulnerabilities = new Map();
|
|
19
27
|
for (const request of requests) {
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
28
|
+
try {
|
|
29
|
+
const r = await this.vulnerabilityClient.getVulnerabilitiesComponents(request);
|
|
30
|
+
if (r.components) {
|
|
31
|
+
for (const c of r.components) {
|
|
32
|
+
const key = c.purl + c.requirement + c.version;
|
|
33
|
+
if (componentVulnerabilities.has(key)) {
|
|
34
|
+
componentVulnerabilities.get(key).vulnerabilities.push(...c.vulnerabilities);
|
|
35
|
+
}
|
|
36
|
+
else {
|
|
37
|
+
componentVulnerabilities.set(key, c);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
catch (error) {
|
|
43
|
+
failedRequests.push(request);
|
|
44
|
+
Logger_1.logger.error(error);
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
if (failedRequests.length > 0) {
|
|
48
|
+
if (failedRequests.length >= requests.length) {
|
|
49
|
+
response.status.status = "FAILED";
|
|
50
|
+
response.status.message = "Error while retrieving vulnerabilities";
|
|
51
|
+
return response;
|
|
24
52
|
}
|
|
25
53
|
else {
|
|
26
|
-
|
|
27
|
-
|
|
54
|
+
response.status.status = "SUCCEEDED_WITH_WARNINGS";
|
|
55
|
+
response.status.message = `Warning: some vulnerabilities were not retrieved: ${failedRequests.map(r => r.map((c) => `${c.purl}${c.requirement}`)).join(", ")}`;
|
|
56
|
+
return response;
|
|
28
57
|
}
|
|
29
58
|
}
|
|
30
|
-
|
|
59
|
+
response.components = Array.from(componentVulnerabilities.values());
|
|
60
|
+
return response;
|
|
61
|
+
}
|
|
62
|
+
async getVulnerabilitiesComponent(component) {
|
|
63
|
+
const response = {
|
|
64
|
+
purl: component.purl,
|
|
65
|
+
version: component.requirement,
|
|
66
|
+
requirement: component.requirement,
|
|
67
|
+
vulnerabilities: [],
|
|
68
|
+
status: {
|
|
69
|
+
status: "SUCCESS",
|
|
70
|
+
message: "Vulnerabilities retrieved successfully"
|
|
71
|
+
}
|
|
72
|
+
};
|
|
73
|
+
try {
|
|
74
|
+
const componentVulnerabilities = await this.vulnerabilityClient.getVulnerabilitiesComponent(component);
|
|
75
|
+
response.vulnerabilities = componentVulnerabilities.vulnerabilities;
|
|
76
|
+
response.version = componentVulnerabilities.version;
|
|
77
|
+
return response;
|
|
78
|
+
}
|
|
79
|
+
catch (error) {
|
|
80
|
+
Logger_1.logger.error(error);
|
|
81
|
+
response.status.status = "FAILED";
|
|
82
|
+
response.status.message = "Error while retrieving vulnerabilities";
|
|
83
|
+
return response;
|
|
84
|
+
}
|
|
31
85
|
}
|
|
32
86
|
}
|
|
33
87
|
exports.VulnerabilityScanner = VulnerabilityScanner;
|
|
34
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
88
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVnVsbmVyYWJpbGl0eVNjYW5uZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2RrL1Z1bG5lcmFiaWxpdHkvVnVsbmVyYWJpbGl0eVNjYW5uZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEseURBQXNEO0FBQ3RELDhGQUEyRjtBQUMzRixzQ0FBbUM7QUFDbkMsaUVBQThEO0FBUzlELE1BQWEsb0JBQW9CO0lBSy9CLFlBQVksTUFBeUI7UUFDbkMsSUFBSSxNQUFNO1lBQUUsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7O1lBQzVCLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxtQ0FBZ0IsRUFBRSxDQUFDO1FBQzFDLElBQUksQ0FBQyxtQkFBbUIsR0FBRyxJQUFJLGlEQUF1QixDQUNwRCxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFDbkIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQzlDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUN0RCxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FDcEIsQ0FBQztJQUNKLENBQUM7SUFFTSxLQUFLLENBQUMsNEJBQTRCLENBQUMsVUFBNEI7UUFDcEUsTUFBTSxRQUFRLEdBQUcsSUFBQSwyQkFBWSxFQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDMUUsTUFBTSxRQUFRLEdBQXNDO1lBQ2xELFVBQVUsRUFBRSxFQUFFO1lBQ2QsTUFBTSxFQUFDO2dCQUNMLE1BQU0sRUFBRSxTQUFTO2dCQUNqQixPQUFPLEVBQUUsd0NBQXdDO2FBQ2xEO1NBQ0YsQ0FBQztRQUNGLE1BQU0sY0FBYyxHQUFFLEVBQUUsQ0FBQztRQUN6QixNQUFNLHdCQUF3QixHQUFHLElBQUksR0FBRyxFQUFrQyxDQUFDO1FBQzNFLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7WUFDL0IsSUFBSSxDQUFDO2dCQUNILE1BQU0sQ0FBQyxHQUFHLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLDRCQUE0QixDQUFDLE9BQU8sQ0FBQyxDQUFBO2dCQUM5RSxJQUFJLENBQUMsQ0FBQyxVQUFVLEVBQUUsQ0FBQztvQkFDakIsS0FBSSxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsVUFBVSxFQUFDLENBQUM7d0JBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxDQUFDLFdBQVcsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDO3dCQUMvQyxJQUFJLHdCQUF3QixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDOzRCQUN0Qyx3QkFBd0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxlQUFlLENBQUMsQ0FBQzt3QkFDL0UsQ0FBQzs2QkFBTSxDQUFDOzRCQUNOLHdCQUF3QixDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7d0JBQ3ZDLENBQUM7b0JBQ0gsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2YsY0FBYyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDN0IsZUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUN0QixDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksY0FBYyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM5QixJQUFJLGNBQWMsQ0FBQyxNQUFNLElBQUksUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUM3QyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sR0FBRyxRQUFRLENBQUM7Z0JBQ2xDLFFBQVEsQ0FBQyxNQUFNLENBQUMsT0FBTyxHQUFHLHdDQUF3QyxDQUFDO2dCQUNuRSxPQUFPLFFBQVEsQ0FBQztZQUNsQixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sUUFBUSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEdBQUcseUJBQXlCLENBQUM7Z0JBQ25ELFFBQVEsQ0FBQyxNQUFNLENBQUMsT0FBTyxHQUFHLHFEQUFxRCxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQVksRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxHQUFHLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7Z0JBQzFLLE9BQU8sUUFBUSxDQUFDO1lBQ2xCLENBQUM7UUFDSCxDQUFDO1FBQ0QsUUFBUSxDQUFDLFVBQVUsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLHdCQUF3QixDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7UUFDcEUsT0FBTyxRQUFRLENBQUM7SUFDbEIsQ0FBQztJQUVNLEtBQUssQ0FBQywyQkFBMkIsQ0FBQyxTQUFvQjtRQUMzRCxNQUFNLFFBQVEsR0FBbUM7WUFDL0MsSUFBSSxFQUFFLFNBQVMsQ0FBQyxJQUFJO1lBQ3BCLE9BQU8sRUFBRSxTQUFTLENBQUMsV0FBVztZQUM5QixXQUFXLEVBQUUsU0FBUyxDQUFDLFdBQVc7WUFDbEMsZUFBZSxFQUFFLEVBQUU7WUFDbkIsTUFBTSxFQUFFO2dCQUNOLE1BQU0sRUFBRSxTQUFTO2dCQUNqQixPQUFPLEVBQUUsd0NBQXdDO2FBQ2xEO1NBQ0YsQ0FBQztRQUNGLElBQUksQ0FBQztZQUNILE1BQU0sd0JBQXdCLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsMkJBQTJCLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDdkcsUUFBUSxDQUFDLGVBQWUsR0FBRyx3QkFBd0IsQ0FBQyxlQUFlLENBQUM7WUFDcEUsUUFBUSxDQUFDLE9BQU8sR0FBRyx3QkFBd0IsQ0FBQyxPQUFPLENBQUM7WUFDcEQsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixlQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ3BCLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTSxHQUFHLFFBQVEsQ0FBQztZQUNsQyxRQUFRLENBQUMsTUFBTSxDQUFDLE9BQU8sR0FBRyx3Q0FBd0MsQ0FBQztZQUNuRSxPQUFPLFFBQVEsQ0FBQztRQUNsQixDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBcEZELG9EQW9GQyJ9
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9zcmMvc2RrL3R5cGVzL2NvbW1vbi90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
export interface CVSS {
|
|
2
|
+
cvss: string;
|
|
3
|
+
cvss_score: number;
|
|
4
|
+
cvss_severity: string;
|
|
5
|
+
}
|
|
6
|
+
export interface Vulnerability {
|
|
7
|
+
id: string;
|
|
8
|
+
cve: string;
|
|
9
|
+
url: string;
|
|
10
|
+
summary: string;
|
|
11
|
+
severity: string;
|
|
12
|
+
published: string;
|
|
13
|
+
modified: string;
|
|
14
|
+
source: string;
|
|
15
|
+
cvss: CVSS[];
|
|
16
|
+
}
|
|
17
|
+
export interface ComponentVulnerability {
|
|
18
|
+
purl: string;
|
|
19
|
+
version: string;
|
|
20
|
+
requirement: string;
|
|
21
|
+
vulnerabilities: Vulnerability[];
|
|
22
|
+
}
|
|
23
|
+
export interface ComponentsVulnerabilitiesResponse {
|
|
24
|
+
components: Array<ComponentVulnerability>;
|
|
25
|
+
status: {
|
|
26
|
+
"status": "SUCCESS" | "FAILED" | "SUCCEEDED_WITH_WARNINGS";
|
|
27
|
+
"message": string;
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
export interface ComponentVulnerabilityResponse extends ComponentVulnerability {
|
|
31
|
+
status: {
|
|
32
|
+
"status": "SUCCESS" | "FAILED" | "SUCCEEDED_WITH_WARNINGS";
|
|
33
|
+
"message": string;
|
|
34
|
+
};
|
|
35
|
+
}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9zcmMvc2RrL3R5cGVzL3Z1bG5lcmFiaWxpdHkvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9
|