scanoss 0.18.0 → 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -1
- package/build/main/cli/bin/cli-bin.js +2 -1
- package/build/main/cli/commands/scan.js +6 -3
- package/build/main/index.d.ts +6 -2
- package/build/main/index.js +9 -3
- package/build/main/sdk/BaseConfig.js +1 -2
- package/build/main/sdk/Clients/Cryptography/{CryptographyClient.d.ts → CryptographyGRPCClient.d.ts} +2 -2
- package/build/main/sdk/Clients/Cryptography/CryptographyGRPCClient.js +142 -0
- package/build/main/sdk/Clients/Cryptography/CryptographyHttpClient.d.ts +1 -1
- package/build/main/sdk/Clients/Cryptography/CryptographyHttpClient.js +3 -3
- package/build/main/sdk/Clients/Cryptography/ICryptographyClient.d.ts +1 -1
- package/build/main/sdk/Clients/Dependency/{DependencyClient.d.ts → DependencyGRPCClient.d.ts} +1 -1
- package/build/main/sdk/Clients/Dependency/{DependencyClient.js → DependencyGRPCClient.js} +6 -6
- package/build/main/sdk/Clients/Dependency/DependencyHttpClient.js +4 -4
- package/build/main/sdk/Clients/Dependency/IDependencyClient.d.ts +1 -1
- package/build/main/sdk/Clients/Grpc/BaseGRPCClient.js +4 -5
- package/build/main/sdk/Clients/Vulnerability/IVulnerabilityClient.d.ts +4 -3
- package/build/main/sdk/Clients/Vulnerability/VulnerabilityHttpClient.d.ts +4 -3
- package/build/main/sdk/Clients/Vulnerability/VulnerabilityHttpClient.js +5 -10
- package/build/main/sdk/Clients/helper/clientHelper.d.ts +1 -1
- package/build/main/sdk/Clients/helper/clientHelper.js +2 -2
- package/build/main/sdk/Cryptography/Algorithm/Components/ComponentAlgorithmScanner.d.ts +1 -1
- package/build/main/sdk/Cryptography/Algorithm/Components/ComponentAlgorithmScanner.js +3 -3
- package/build/main/sdk/Cryptography/CryptoCfg.js +6 -7
- package/build/main/sdk/Cryptography/CryptographyScanner.d.ts +1 -1
- package/build/main/sdk/Cryptography/CryptographyScanner.js +1 -1
- package/build/main/sdk/Cryptography/CryptographyTypes.d.ts +1 -1
- package/build/main/sdk/Cryptography/Hint/Components/ComponentHintScanner.d.ts +1 -1
- package/build/main/sdk/Cryptography/Hint/Components/ComponentHintScanner.js +3 -3
- package/build/main/sdk/Dependencies/DependencyScannerCfg.js +6 -10
- package/build/main/sdk/Report/DataLayer/DataLayerTypes.d.ts +1 -11
- package/build/main/sdk/Vulnerability/VulnerabilityCfg.d.ts +1 -1
- package/build/main/sdk/Vulnerability/VulnerabilityCfg.js +10 -7
- package/build/main/sdk/Vulnerability/VulnerabilityScanner.d.ts +4 -2
- package/build/main/sdk/Vulnerability/VulnerabilityScanner.js +64 -10
- package/build/main/sdk/types/common/types.js +3 -0
- package/build/main/sdk/types/vulnerability/types.d.ts +35 -0
- package/build/main/sdk/types/vulnerability/types.js +3 -0
- package/build/main/tsconfig.tsbuildinfo +1 -1
- package/build/module/cli/bin/cli-bin.js +2 -1
- package/build/module/cli/commands/scan.js +6 -3
- package/build/module/index.d.ts +6 -2
- package/build/module/index.js +9 -3
- package/build/module/sdk/BaseConfig.js +1 -2
- package/build/module/sdk/Clients/Cryptography/{CryptographyClient.d.ts → CryptographyGRPCClient.d.ts} +2 -2
- package/build/module/sdk/Clients/Cryptography/CryptographyGRPCClient.js +131 -0
- package/build/module/sdk/Clients/Cryptography/CryptographyHttpClient.d.ts +1 -1
- package/build/module/sdk/Clients/Cryptography/CryptographyHttpClient.js +3 -3
- package/build/module/sdk/Clients/Cryptography/ICryptographyClient.d.ts +1 -1
- package/build/module/sdk/Clients/Dependency/{DependencyClient.d.ts → DependencyGRPCClient.d.ts} +1 -1
- package/build/module/sdk/Clients/Dependency/DependencyGRPCClient.js +74 -0
- package/build/module/sdk/Clients/Dependency/DependencyHttpClient.js +4 -4
- package/build/module/sdk/Clients/Dependency/IDependencyClient.d.ts +1 -1
- package/build/module/sdk/Clients/Grpc/BaseGRPCClient.js +5 -6
- package/build/module/sdk/Clients/Vulnerability/IVulnerabilityClient.d.ts +4 -3
- package/build/module/sdk/Clients/Vulnerability/VulnerabilityHttpClient.d.ts +4 -3
- package/build/module/sdk/Clients/Vulnerability/VulnerabilityHttpClient.js +5 -10
- package/build/module/sdk/Clients/helper/clientHelper.d.ts +1 -1
- package/build/module/sdk/Clients/helper/clientHelper.js +2 -2
- package/build/module/sdk/Cryptography/Algorithm/Components/ComponentAlgorithmScanner.d.ts +1 -1
- package/build/module/sdk/Cryptography/Algorithm/Components/ComponentAlgorithmScanner.js +3 -3
- package/build/module/sdk/Cryptography/CryptoCfg.js +6 -7
- package/build/module/sdk/Cryptography/CryptographyScanner.d.ts +1 -1
- package/build/module/sdk/Cryptography/CryptographyScanner.js +1 -1
- package/build/module/sdk/Cryptography/CryptographyTypes.d.ts +1 -1
- package/build/module/sdk/Cryptography/Hint/Components/ComponentHintScanner.d.ts +1 -1
- package/build/module/sdk/Cryptography/Hint/Components/ComponentHintScanner.js +3 -3
- package/build/module/sdk/Dependencies/DependencyScannerCfg.js +6 -10
- package/build/module/sdk/Report/DataLayer/DataLayerTypes.d.ts +1 -11
- package/build/module/sdk/Vulnerability/VulnerabilityCfg.d.ts +1 -1
- package/build/module/sdk/Vulnerability/VulnerabilityCfg.js +9 -7
- package/build/module/sdk/Vulnerability/VulnerabilityScanner.d.ts +4 -2
- package/build/module/sdk/Vulnerability/VulnerabilityScanner.js +64 -10
- package/build/module/sdk/types/common/types.js +2 -0
- package/build/module/sdk/types/vulnerability/types.d.ts +35 -0
- package/build/module/sdk/types/vulnerability/types.js +2 -0
- package/build/module/tsconfig.module.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/build/main/sdk/Clients/Cryptography/CryptographyClient.js +0 -142
- package/build/main/sdk/shared/interfaces/Component.js +0 -3
- package/build/module/sdk/Clients/Cryptography/CryptographyClient.js +0 -131
- package/build/module/sdk/Clients/Dependency/DependencyClient.js +0 -74
- package/build/module/sdk/shared/interfaces/Component.js +0 -2
- /package/build/main/sdk/{shared/interfaces/Component.d.ts → types/common/types.d.ts} +0 -0
- /package/build/module/sdk/{shared/interfaces/Component.d.ts → types/common/types.d.ts} +0 -0
|
@@ -23,20 +23,19 @@ export class CryptoCfg extends BaseConfig {
|
|
|
23
23
|
* @returns The resolved API URL
|
|
24
24
|
*/
|
|
25
25
|
resolveApiUrl(apiKey, currentUrl) {
|
|
26
|
-
// Case 1: Has API key and using default URL -> upgrade to premium URL
|
|
27
|
-
if (apiKey && currentUrl === BaseConfig.
|
|
26
|
+
// Case 1: Has API key and using default URL -> upgrade to premium URL. The default URL is set on the BaseConfig.ts file
|
|
27
|
+
if (apiKey && currentUrl === BaseConfig.getDefaultURL())
|
|
28
28
|
return BaseConfig.getPremiumURL();
|
|
29
29
|
// Case 2: Has API key and using custom URL -> keep custom URL
|
|
30
|
-
if (apiKey && currentUrl
|
|
31
|
-
//
|
|
30
|
+
if (apiKey && currentUrl.startsWith(BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig.getDefaultURL())) {
|
|
31
|
+
// Check if custom URL is not the same as the default one.
|
|
32
32
|
if (currentUrl.startsWith(BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig.getDefaultURL())) {
|
|
33
33
|
return currentUrl.replace(/\/scan\/direct$/, '');
|
|
34
34
|
}
|
|
35
|
-
// For other custom URLs, return as-is
|
|
36
35
|
return currentUrl;
|
|
37
36
|
}
|
|
38
37
|
// Case 4: No API key and default/empty URL -> use default URL
|
|
39
|
-
return BaseConfig.
|
|
38
|
+
return BaseConfig.getDefaultURL();
|
|
40
39
|
}
|
|
41
40
|
get API_URL() {
|
|
42
41
|
return this.resolveApiUrl(this.API_KEY, super.API_URL);
|
|
@@ -45,4 +44,4 @@ export class CryptoCfg extends BaseConfig {
|
|
|
45
44
|
super.API_URL = value;
|
|
46
45
|
}
|
|
47
46
|
}
|
|
48
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
47
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ3J5cHRvQ2ZnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3Nkay9DcnlwdG9ncmFwaHkvQ3J5cHRvQ2ZnLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFM0M7O0dBRUc7QUFDSCxNQUFNLE9BQU8sU0FBVSxTQUFRLFVBQVU7SUFFckIsZUFBZSxHQUFHLENBQUMsQ0FBQztJQUVyQyxvQkFBb0IsQ0FBUztJQUU3QixrQkFBa0IsQ0FBUztJQUUzQixPQUFPLEdBQVcsSUFBSSxDQUFDLGVBQWUsQ0FBQztJQUV2QyxPQUFPLEdBQVcsRUFBRSxDQUFDO0lBRXJCLFlBQVksR0FBZTtRQUN6QixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFHLEdBQUcsRUFBRSxDQUFDO1lBQ1AsSUFBSSxDQUFDLE9BQU8sR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDaEQsQ0FBQztJQUNILENBQUM7SUFFRjs7Ozs7OztPQU9HO0lBQ1EsYUFBYSxDQUFDLE1BQWMsRUFBRSxVQUFrQjtRQUN6RCx3SEFBd0g7UUFDeEgsSUFBSSxNQUFNLElBQUksVUFBVSxLQUFLLFVBQVUsQ0FBQyxhQUFhLEVBQUU7WUFDckQsT0FBTyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDcEMsOERBQThEO1FBQzlELElBQUksTUFBTSxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBQyxDQUFDO1lBQ3BILDBEQUEwRDtZQUMxRCxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUMzRyxPQUFPLFVBQVUsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDbkQsQ0FBQztZQUNELE9BQU8sVUFBVSxDQUFDO1FBQ3BCLENBQUM7UUFDRCw4REFBOEQ7UUFDOUQsT0FBTyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDbkMsQ0FBQztJQUVELElBQVcsT0FBTztRQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDekQsQ0FBQztJQUVELElBQVcsT0FBTyxDQUFDLEtBQWE7UUFDOUIsS0FBSyxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUM7SUFDeEIsQ0FBQztDQUVIIn0=
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { CryptoCfg } from "./CryptoCfg";
|
|
2
2
|
import { CryptographyResponse, LocalCryptographyResponse } from "./CryptographyTypes";
|
|
3
|
-
import { Component } from "../
|
|
3
|
+
import { Component } from "../types/common/types";
|
|
4
4
|
/**
|
|
5
5
|
* Provides functionality to scan files and components for cryptographic items.
|
|
6
6
|
* This class acts as the primary entry point for cryptographic scanning.
|
|
@@ -47,4 +47,4 @@ export class CryptographyScanner {
|
|
|
47
47
|
return componentCryptoResultCollector.getResults();
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
50
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ3J5cHRvZ3JhcGh5U2Nhbm5lci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9zZGsvQ3J5cHRvZ3JhcGh5L0NyeXB0b2dyYXBoeVNjYW5uZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQ0EsT0FBTyxFQUNMLG9CQUFvQixFQUNyQixNQUFNLHdDQUF3QyxDQUFDO0FBQ2hELE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSw4QkFBOEIsQ0FBQztBQUsvRCxPQUFPLEVBQ0wsK0JBQStCLEVBQ2hDLE1BQU0sK0RBQStELENBQUM7QUFDdkUsT0FBTyxFQUNMLG9DQUFvQyxFQUNyQyxNQUFNLHdFQUF3RSxDQUFDO0FBQ2hGLE9BQU8sRUFDTCx5QkFBeUIsRUFDMUIsTUFBTSxrREFBa0QsQ0FBQztBQUMxRCxPQUFPLEVBQ0wsb0JBQW9CLEVBQ3JCLE1BQU0sd0NBQXdDLENBQUM7QUFDaEQsT0FBTyxFQUFFLDRCQUE0QixFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFHM0U7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLG1CQUFtQjtJQUViLE1BQU0sQ0FBWTtJQUVuQyxZQUFZLEdBQWM7UUFDeEIsSUFBSSxDQUFDLE1BQU0sR0FBRyxHQUFHLENBQUM7SUFDcEIsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksS0FBSyxDQUFDLFNBQVMsQ0FBQyxLQUFvQjtRQUN6QyxNQUFNLHFCQUFxQixHQUFHLElBQUksK0JBQStCLEVBQUUsQ0FBQztRQUNwRSxtRUFBbUU7UUFDbkUsSUFBSSxLQUFLLENBQUMsTUFBTSxJQUFJLENBQUM7WUFBRSxPQUFPLHFCQUFxQixDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2pFLE1BQU0sc0JBQXNCLEdBQUcsSUFBSSxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFDLHFCQUFxQixDQUFDLENBQUM7UUFDM0YsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLGVBQWUsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLHFCQUFxQixDQUFDLENBQUM7UUFDbEYsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLDRCQUE0QixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ25FLE1BQU0sc0JBQXNCLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDcEQsTUFBTSxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUMvQyxPQUFPLHFCQUFxQixDQUFDLFVBQVUsRUFBRSxDQUFDO0lBQzVDLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNJLEtBQUssQ0FBQyxjQUFjLENBQUMsR0FBZ0I7UUFDMUMsTUFBTSw4QkFBOEIsR0FBRyxJQUFJLG9DQUFvQyxFQUFFLENBQUM7UUFDbEYsTUFBTSwrQkFBK0IsR0FBRyxJQUFJLHlCQUF5QixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsOEJBQThCLENBQUMsQ0FBQztRQUNuSCxNQUFNLDBCQUEwQixHQUFHLElBQUksb0JBQW9CLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSw4QkFBOEIsQ0FBQyxDQUFDO1FBQ3pHLE1BQU0sK0JBQStCLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ2hELE1BQU0sMEJBQTBCLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzNDLE9BQU8sOEJBQThCLENBQUMsVUFBVSxFQUFFLENBQUM7SUFDckQsQ0FBQztDQUNGIn0=
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { ComponentCryptographyResultCollector } from "../../Helper/ResultCollector/Component/ComponentCryptographyResultColletor";
|
|
2
2
|
import { BaseCryptographyScanner } from "../../BaseCryptographyScanner";
|
|
3
|
-
import { Component } from "../../../shared/interfaces/Component";
|
|
4
3
|
import { HintsInRangeResponse } from "../../../Clients/Cryptography/ICryptographyClient";
|
|
4
|
+
import { Component } from "../../../types/common/types";
|
|
5
5
|
/**
|
|
6
6
|
* Scanner for detecting cryptographic hints in software components.
|
|
7
7
|
* This class extends the base cryptography scanner to specifically handle
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { BaseCryptographyScanner } from "../../BaseCryptographyScanner";
|
|
2
|
-
import {
|
|
2
|
+
import { CryptographyGRPCClient } from "../../../Clients/Cryptography/CryptographyGRPCClient";
|
|
3
3
|
/**
|
|
4
4
|
* Scanner for detecting cryptographic hints in software components.
|
|
5
5
|
* This class extends the base cryptography scanner to specifically handle
|
|
@@ -14,7 +14,7 @@ export class ComponentHintScanner extends BaseCryptographyScanner {
|
|
|
14
14
|
* @returns {HintsResponse} A promise that resolves to a HintsResponse containing detected cryptographic hints.
|
|
15
15
|
*/
|
|
16
16
|
async scan(req) {
|
|
17
|
-
const cryptographyClient = new
|
|
17
|
+
const cryptographyClient = new CryptographyGRPCClient(this.config.API_KEY, // API KEY
|
|
18
18
|
this.config.API_URL, // Destination Host
|
|
19
19
|
this.config.GRPC_PROXY, // Proxy Host
|
|
20
20
|
this.config.CA_CERT);
|
|
@@ -23,4 +23,4 @@ export class ComponentHintScanner extends BaseCryptographyScanner {
|
|
|
23
23
|
return results;
|
|
24
24
|
}
|
|
25
25
|
}
|
|
26
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
26
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ29tcG9uZW50SGludFNjYW5uZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9zcmMvc2RrL0NyeXB0b2dyYXBoeS9IaW50L0NvbXBvbmVudHMvQ29tcG9uZW50SGludFNjYW5uZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBR0EsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFHeEUsT0FBTyxFQUFFLHNCQUFzQixFQUFFLE1BQU0sc0RBQXNELENBQUM7QUFFOUY7Ozs7R0FJRztBQUNILE1BQU0sT0FBTyxvQkFDWCxTQUFRLHVCQUdlO0lBRXZCOzs7Ozs7T0FNRztJQUNJLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBZ0I7UUFDaEMsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLHNCQUFzQixDQUNuRCxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxVQUFVO1FBQy9CLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLG1CQUFtQjtRQUN4QyxJQUFJLENBQUMsTUFBTSxDQUFDLFVBQVUsRUFBRSxhQUFhO1FBQ3JDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdkIsTUFBTSxPQUFPLEdBQUcsTUFBTSxrQkFBa0IsQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNqRSxJQUFJLENBQUMsZUFBZSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2pELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7Q0FDRiJ9
|
|
@@ -39,22 +39,18 @@ export class DependencyScannerCfg extends BaseConfig {
|
|
|
39
39
|
* @returns The resolved scanner URL
|
|
40
40
|
*/
|
|
41
41
|
resolveApiUrl(apiKey, currentUrl) {
|
|
42
|
-
// Case 1: Has API key and using default URL -> upgrade to premium
|
|
42
|
+
// Case 1: Has API key and using default URL -> upgrade to premium URL. The default URL is set on the BaseConfig.ts file
|
|
43
43
|
if (apiKey && currentUrl === BaseConfig.getDefaultURL())
|
|
44
44
|
return BaseConfig.getPremiumURL();
|
|
45
|
-
// Case 2: Has API key and using custom URL
|
|
46
|
-
if (apiKey && currentUrl
|
|
47
|
-
//
|
|
45
|
+
// Case 2: Has API key and using custom URL -> keep custom URL
|
|
46
|
+
if (apiKey && currentUrl.startsWith(BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig.getDefaultURL())) {
|
|
47
|
+
// Check if custom URL is not the same as the default one.
|
|
48
48
|
if (currentUrl.startsWith(BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig.getDefaultURL())) {
|
|
49
49
|
return currentUrl.replace(/\/scan\/direct$/, '');
|
|
50
50
|
}
|
|
51
|
-
// For other custom URLs, return as-is
|
|
52
51
|
return currentUrl;
|
|
53
52
|
}
|
|
54
|
-
// Case
|
|
55
|
-
if (!apiKey && currentUrl !== BaseConfig.getDefaultURL())
|
|
56
|
-
return currentUrl;
|
|
57
|
-
// Case 4: No API key and default/empty URL -> use default URL with /scan/direct
|
|
53
|
+
// Case 4: No API key and default/empty URL -> use default URL
|
|
58
54
|
return BaseConfig.getDefaultURL();
|
|
59
55
|
}
|
|
60
56
|
get API_URL() {
|
|
@@ -64,4 +60,4 @@ export class DependencyScannerCfg extends BaseConfig {
|
|
|
64
60
|
super.API_URL = url;
|
|
65
61
|
}
|
|
66
62
|
}
|
|
67
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
63
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRGVwZW5kZW5jeVNjYW5uZXJDZmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2RrL0RlcGVuZGVuY2llcy9EZXBlbmRlbmN5U2Nhbm5lckNmZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQzNDLE1BQU0sMEJBQTBCLEdBQUcsRUFBRSxDQUFDO0FBRXRDLE1BQU0sT0FBTyxvQkFBcUIsU0FBUSxVQUFVO0lBRWxELG1CQUFtQixHQUFHLEtBQUssQ0FBQztJQUU1QixRQUFRLEdBQVcsRUFBRSxDQUFDO0lBRXRCLG1CQUFtQixHQUFHLDBCQUEwQixDQUFDO0lBQ2pELFlBQVksTUFBNkI7UUFDdkMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2QsSUFBRyxNQUFNLEVBQUMsQ0FBQztZQUNULElBQUksQ0FBQyxrQkFBa0IsR0FBRyxNQUFNLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsMEJBQTBCLENBQUM7WUFDN0csSUFBSSxDQUFDLE9BQU8sR0FBSSxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7WUFDckQsSUFBSSxDQUFDLGtCQUFrQixHQUFHLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUM7UUFDMUYsQ0FBQztJQUNILENBQUM7SUFFRCxJQUFJLGtCQUFrQjtRQUNwQixPQUFPLElBQUksQ0FBQyxtQkFBbUIsQ0FBQztJQUNsQyxDQUFDO0lBRUQsSUFBSSxrQkFBa0IsQ0FBQyxLQUFhO1FBQ2xDLElBQUksQ0FBQyxtQkFBbUIsR0FBRyxLQUFLLENBQUM7SUFDbkMsQ0FBQztJQUVELElBQUksT0FBTztRQUNULE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQztJQUN2QixDQUFDO0lBRUQsSUFBSSxPQUFPLENBQUMsS0FBYTtRQUN2QixJQUFJLENBQUMsUUFBUSxHQUFHLEtBQUssQ0FBQztJQUN4QixDQUFDO0lBRUQsSUFBSSxrQkFBa0I7UUFDcEIsT0FBTyxJQUFJLENBQUMsbUJBQW1CLENBQUM7SUFDbEMsQ0FBQztJQUVELElBQUksa0JBQWtCLENBQUMsS0FBYztRQUNuQyxJQUFJLENBQUMsbUJBQW1CLEdBQUcsS0FBSyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ08sYUFBYSxDQUFDLE1BQWMsRUFBRSxVQUFrQjtRQUN4RCx3SEFBd0g7UUFDeEgsSUFBSSxNQUFNLElBQUksVUFBVSxLQUFLLFVBQVUsQ0FBQyxhQUFhLEVBQUU7WUFDckQsT0FBTyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDcEMsOERBQThEO1FBQzlELElBQUksTUFBTSxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBQyxDQUFDO1lBQ3BILDBEQUEwRDtZQUMxRCxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUMzRyxPQUFPLFVBQVUsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDbkQsQ0FBQztZQUNELE9BQU8sVUFBVSxDQUFDO1FBQ3BCLENBQUM7UUFDRCw4REFBOEQ7UUFDOUQsT0FBTyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDcEMsQ0FBQztJQUVELElBQUksT0FBTztRQUNULE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQsSUFBSSxPQUFPLENBQUMsR0FBVztRQUNyQixLQUFLLENBQUMsT0FBTyxHQUFHLEdBQUcsQ0FBQztJQUN0QixDQUFDO0NBRUYifQ==
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { CryptoAlgorithm } from "../../Cryptography/CryptographyTypes";
|
|
2
|
+
import { Vulnerability } from "../../types/vulnerability/types";
|
|
2
3
|
/************* Component interface definition *************/
|
|
3
4
|
export interface ComponentDataLayer {
|
|
4
5
|
key: string;
|
|
@@ -56,17 +57,6 @@ export interface Dependency {
|
|
|
56
57
|
licenses: License[];
|
|
57
58
|
}
|
|
58
59
|
/************* Dependency interface definition *************/
|
|
59
|
-
/************* Vulnerability interface definition *************/
|
|
60
|
-
export interface Vulnerability {
|
|
61
|
-
id: string;
|
|
62
|
-
cve: string;
|
|
63
|
-
url: string;
|
|
64
|
-
summary: string;
|
|
65
|
-
severity: string;
|
|
66
|
-
published: string;
|
|
67
|
-
modified: string;
|
|
68
|
-
source: string;
|
|
69
|
-
}
|
|
70
60
|
export interface VulnerabilityDataLayer {
|
|
71
61
|
purl: string;
|
|
72
62
|
vulnerability: Vulnerability[];
|
|
@@ -16,7 +16,7 @@ export declare class VulnerabilityCfg extends BaseConfig {
|
|
|
16
16
|
API_KEY: string;
|
|
17
17
|
constructor(config?: VulnerabilityCfg);
|
|
18
18
|
/**
|
|
19
|
-
* Resolves the appropriate API URL based on API key presence and current URL.
|
|
19
|
+
* Resolves the appropriate API URL based on API key presence and current URL. See: src/sdk/BaseConfig.ts
|
|
20
20
|
* If an API key is provided and the current URL is the default, returns the premium
|
|
21
21
|
* URL, otherwise returns the current URL.
|
|
22
22
|
* @param apiKey - The API key (if any)
|
|
@@ -16,9 +16,11 @@ export class VulnerabilityCfg extends BaseConfig {
|
|
|
16
16
|
API_KEY = "";
|
|
17
17
|
constructor(config) {
|
|
18
18
|
super(config);
|
|
19
|
+
this.REQUEST_CHUNK_SIZE = config?.REQUEST_CHUNK_SIZE ?? this.REQUEST_CHUNK_SIZE;
|
|
20
|
+
this.API_KEY = config?.API_KEY ?? this.API_KEY;
|
|
19
21
|
}
|
|
20
22
|
/**
|
|
21
|
-
* Resolves the appropriate API URL based on API key presence and current URL.
|
|
23
|
+
* Resolves the appropriate API URL based on API key presence and current URL. See: src/sdk/BaseConfig.ts
|
|
22
24
|
* If an API key is provided and the current URL is the default, returns the premium
|
|
23
25
|
* URL, otherwise returns the current URL.
|
|
24
26
|
* @param apiKey - The API key (if any)
|
|
@@ -26,19 +28,19 @@ export class VulnerabilityCfg extends BaseConfig {
|
|
|
26
28
|
* @returns The resolved API URL
|
|
27
29
|
*/
|
|
28
30
|
resolveApiUrl(apiKey, currentUrl) {
|
|
29
|
-
// Case 1: Has API key and using default URL -> upgrade to premium URL
|
|
30
|
-
if (apiKey && currentUrl === BaseConfig.
|
|
31
|
+
// Case 1: Has API key and using default URL -> upgrade to premium URL. The default URL is set on the BaseConfig.ts file
|
|
32
|
+
if (apiKey && currentUrl === BaseConfig.getDefaultURL())
|
|
31
33
|
return BaseConfig.getPremiumURL();
|
|
32
34
|
// Case 2: Has API key and using custom URL -> keep custom URL
|
|
33
|
-
if (apiKey && currentUrl
|
|
34
|
-
//
|
|
35
|
+
if (apiKey && currentUrl.startsWith(BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig.getDefaultURL())) {
|
|
36
|
+
// Check if custom URL is not the same as the default one.
|
|
35
37
|
if (currentUrl.startsWith(BaseConfig.getPremiumURL()) || currentUrl.startsWith(BaseConfig.getDefaultURL())) {
|
|
36
38
|
return currentUrl.replace(/\/scan\/direct$/, '');
|
|
37
39
|
}
|
|
38
40
|
return currentUrl;
|
|
39
41
|
}
|
|
40
42
|
// Case 4: No API key and default/empty URL -> use default URL
|
|
41
|
-
return BaseConfig.
|
|
43
|
+
return BaseConfig.getDefaultURL();
|
|
42
44
|
}
|
|
43
45
|
get API_URL() {
|
|
44
46
|
return this.resolveApiUrl(this.API_KEY, super.API_URL);
|
|
@@ -47,4 +49,4 @@ export class VulnerabilityCfg extends BaseConfig {
|
|
|
47
49
|
super.API_URL = url;
|
|
48
50
|
}
|
|
49
51
|
}
|
|
50
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
52
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVnVsbmVyYWJpbGl0eUNmZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9zZGsvVnVsbmVyYWJpbGl0eS9WdWxuZXJhYmlsaXR5Q2ZnLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFM0M7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLGdCQUFpQixTQUFRLFVBQVU7SUFFOUM7OztPQUdHO0lBQ0gsa0JBQWtCLEdBQUcsRUFBRSxDQUFDO0lBRXhCOzs7T0FHRztJQUNILE9BQU8sR0FBRyxFQUFFLENBQUM7SUFFYixZQUFZLE1BQXlCO1FBQ25DLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNkLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxNQUFNLEVBQUUsa0JBQWtCLElBQUksSUFBSSxDQUFDLGtCQUFrQixDQUFDO1FBQ2hGLElBQUksQ0FBQyxPQUFPLEdBQUcsTUFBTSxFQUFFLE9BQU8sSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDO0lBQ2pELENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ08sYUFBYSxDQUFDLE1BQWMsRUFBRSxVQUFrQjtRQUN4RCx3SEFBd0g7UUFDeEgsSUFBSSxNQUFNLElBQUksVUFBVSxLQUFLLFVBQVUsQ0FBQyxhQUFhLEVBQUU7WUFDckQsT0FBTyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDcEMsOERBQThEO1FBQzlELElBQUksTUFBTSxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBQyxDQUFDO1lBQ3BILDBEQUEwRDtZQUMxRCxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUMzRyxPQUFPLFVBQVUsQ0FBQyxPQUFPLENBQUMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDbkQsQ0FBQztZQUNELE9BQU8sVUFBVSxDQUFDO1FBQ3BCLENBQUM7UUFDRCw4REFBOEQ7UUFDOUQsT0FBTyxVQUFVLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDcEMsQ0FBQztJQUVELElBQVcsT0FBTztRQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDekQsQ0FBQztJQUVELElBQUksT0FBTyxDQUFDLEdBQVc7UUFDckIsS0FBSyxDQUFDLE9BQU8sR0FBRyxHQUFHLENBQUM7SUFDdEIsQ0FBQztDQUNGIn0=
|
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
import { VulnerabilityCfg } from "./VulnerabilityCfg";
|
|
2
|
-
import {
|
|
2
|
+
import { ComponentsVulnerabilitiesResponse, ComponentVulnerabilityResponse } from "../types/vulnerability/types";
|
|
3
|
+
import { Component } from "../types/common/types";
|
|
3
4
|
export declare class VulnerabilityScanner {
|
|
4
5
|
private config;
|
|
5
6
|
private vulnerabilityClient;
|
|
6
7
|
constructor(config?: VulnerabilityCfg);
|
|
7
|
-
|
|
8
|
+
getVulnerabilitiesComponents(components: Array<Component>): Promise<ComponentsVulnerabilitiesResponse>;
|
|
9
|
+
getVulnerabilitiesComponent(component: Component): Promise<ComponentVulnerabilityResponse>;
|
|
8
10
|
}
|
|
@@ -12,21 +12,75 @@ export class VulnerabilityScanner {
|
|
|
12
12
|
this.config = new VulnerabilityCfg();
|
|
13
13
|
this.vulnerabilityClient = new VulnerabilityHttpClient(this.config.API_KEY, this.config.API_URL ? this.config.API_URL : '', this.config.HTTPS_PROXY ? this.config.HTTPS_PROXY : '', this.config.CA_CERT);
|
|
14
14
|
}
|
|
15
|
-
async
|
|
15
|
+
async getVulnerabilitiesComponents(components) {
|
|
16
16
|
const requests = chunkRequest(components, this.config.REQUEST_CHUNK_SIZE);
|
|
17
|
-
const
|
|
17
|
+
const response = {
|
|
18
|
+
components: [],
|
|
19
|
+
status: {
|
|
20
|
+
status: "SUCCESS",
|
|
21
|
+
message: "Vulnerabilities retrieved successfully"
|
|
22
|
+
}
|
|
23
|
+
};
|
|
24
|
+
const failedRequests = [];
|
|
25
|
+
const componentVulnerabilities = new Map();
|
|
18
26
|
for (const request of requests) {
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
27
|
+
try {
|
|
28
|
+
const r = await this.vulnerabilityClient.getVulnerabilitiesComponents(request);
|
|
29
|
+
if (r.components) {
|
|
30
|
+
for (const c of r.components) {
|
|
31
|
+
const key = c.purl + c.requirement + c.version;
|
|
32
|
+
if (componentVulnerabilities.has(key)) {
|
|
33
|
+
componentVulnerabilities.get(key).vulnerabilities.push(...c.vulnerabilities);
|
|
34
|
+
}
|
|
35
|
+
else {
|
|
36
|
+
componentVulnerabilities.set(key, c);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
catch (error) {
|
|
42
|
+
failedRequests.push(request);
|
|
43
|
+
logger.error(error);
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
if (failedRequests.length > 0) {
|
|
47
|
+
if (failedRequests.length >= requests.length) {
|
|
48
|
+
response.status.status = "FAILED";
|
|
49
|
+
response.status.message = "Error while retrieving vulnerabilities";
|
|
50
|
+
return response;
|
|
23
51
|
}
|
|
24
52
|
else {
|
|
25
|
-
|
|
26
|
-
|
|
53
|
+
response.status.status = "SUCCEEDED_WITH_WARNINGS";
|
|
54
|
+
response.status.message = `Warning: some vulnerabilities were not retrieved: ${failedRequests.map(r => r.map((c) => `${c.purl}${c.requirement}`)).join(", ")}`;
|
|
55
|
+
return response;
|
|
27
56
|
}
|
|
28
57
|
}
|
|
29
|
-
|
|
58
|
+
response.components = Array.from(componentVulnerabilities.values());
|
|
59
|
+
return response;
|
|
60
|
+
}
|
|
61
|
+
async getVulnerabilitiesComponent(component) {
|
|
62
|
+
const response = {
|
|
63
|
+
purl: component.purl,
|
|
64
|
+
version: component.requirement,
|
|
65
|
+
requirement: component.requirement,
|
|
66
|
+
vulnerabilities: [],
|
|
67
|
+
status: {
|
|
68
|
+
status: "SUCCESS",
|
|
69
|
+
message: "Vulnerabilities retrieved successfully"
|
|
70
|
+
}
|
|
71
|
+
};
|
|
72
|
+
try {
|
|
73
|
+
const componentVulnerabilities = await this.vulnerabilityClient.getVulnerabilitiesComponent(component);
|
|
74
|
+
response.vulnerabilities = componentVulnerabilities.vulnerabilities;
|
|
75
|
+
response.version = componentVulnerabilities.version;
|
|
76
|
+
return response;
|
|
77
|
+
}
|
|
78
|
+
catch (error) {
|
|
79
|
+
logger.error(error);
|
|
80
|
+
response.status.status = "FAILED";
|
|
81
|
+
response.status.message = "Error while retrieving vulnerabilities";
|
|
82
|
+
return response;
|
|
83
|
+
}
|
|
30
84
|
}
|
|
31
85
|
}
|
|
32
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
86
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVnVsbmVyYWJpbGl0eVNjYW5uZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2RrL1Z1bG5lcmFiaWxpdHkvVnVsbmVyYWJpbGl0eVNjYW5uZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDdEQsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sa0RBQWtELENBQUM7QUFDM0YsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUNuQyxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFTOUQsTUFBTSxPQUFPLG9CQUFvQjtJQUN2QixNQUFNLENBQW1CO0lBRXpCLG1CQUFtQixDQUEwQjtJQUVyRCxZQUFZLE1BQXlCO1FBQ25DLElBQUksTUFBTTtZQUFFLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDOztZQUM1QixJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztRQUMxQyxJQUFJLENBQUMsbUJBQW1CLEdBQUcsSUFBSSx1QkFBdUIsQ0FDcEQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQ25CLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUM5QyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFDdEQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQ3BCLENBQUM7SUFDSixDQUFDO0lBRU0sS0FBSyxDQUFDLDRCQUE0QixDQUFDLFVBQTRCO1FBQ3BFLE1BQU0sUUFBUSxHQUFHLFlBQVksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQzFFLE1BQU0sUUFBUSxHQUFzQztZQUNsRCxVQUFVLEVBQUUsRUFBRTtZQUNkLE1BQU0sRUFBQztnQkFDTCxNQUFNLEVBQUUsU0FBUztnQkFDakIsT0FBTyxFQUFFLHdDQUF3QzthQUNsRDtTQUNGLENBQUM7UUFDRixNQUFNLGNBQWMsR0FBRSxFQUFFLENBQUM7UUFDekIsTUFBTSx3QkFBd0IsR0FBRyxJQUFJLEdBQUcsRUFBa0MsQ0FBQztRQUMzRSxLQUFLLE1BQU0sT0FBTyxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQy9CLElBQUksQ0FBQztnQkFDSCxNQUFNLENBQUMsR0FBRyxNQUFNLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyw0QkFBNEIsQ0FBQyxPQUFPLENBQUMsQ0FBQTtnQkFDOUUsSUFBSSxDQUFDLENBQUMsVUFBVSxFQUFFLENBQUM7b0JBQ2pCLEtBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLFVBQVUsRUFBQyxDQUFDO3dCQUMzQixNQUFNLEdBQUcsR0FBRyxDQUFDLENBQUMsSUFBSSxHQUFHLENBQUMsQ0FBQyxXQUFXLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQzt3QkFDL0MsSUFBSSx3QkFBd0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQzs0QkFDdEMsd0JBQXdCLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsZUFBZSxDQUFDLENBQUM7d0JBQy9FLENBQUM7NkJBQU0sQ0FBQzs0QkFDTix3QkFBd0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO3dCQUN2QyxDQUFDO29CQUNILENBQUM7Z0JBQ0gsQ0FBQztZQUNILENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNmLGNBQWMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQzdCLE1BQU0sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDdEIsQ0FBQztRQUNILENBQUM7UUFFRCxJQUFJLGNBQWMsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDOUIsSUFBSSxjQUFjLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDN0MsUUFBUSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEdBQUcsUUFBUSxDQUFDO2dCQUNsQyxRQUFRLENBQUMsTUFBTSxDQUFDLE9BQU8sR0FBRyx3Q0FBd0MsQ0FBQztnQkFDbkUsT0FBTyxRQUFRLENBQUM7WUFDbEIsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTSxHQUFHLHlCQUF5QixDQUFDO2dCQUNuRCxRQUFRLENBQUMsTUFBTSxDQUFDLE9BQU8sR0FBRyxxREFBcUQsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFZLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksR0FBRyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO2dCQUMxSyxPQUFPLFFBQVEsQ0FBQztZQUNsQixDQUFDO1FBQ0gsQ0FBQztRQUNELFFBQVEsQ0FBQyxVQUFVLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO1FBQ3BFLE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7SUFFTSxLQUFLLENBQUMsMkJBQTJCLENBQUMsU0FBb0I7UUFDM0QsTUFBTSxRQUFRLEdBQW1DO1lBQy9DLElBQUksRUFBRSxTQUFTLENBQUMsSUFBSTtZQUNwQixPQUFPLEVBQUUsU0FBUyxDQUFDLFdBQVc7WUFDOUIsV0FBVyxFQUFFLFNBQVMsQ0FBQyxXQUFXO1lBQ2xDLGVBQWUsRUFBRSxFQUFFO1lBQ25CLE1BQU0sRUFBRTtnQkFDTixNQUFNLEVBQUUsU0FBUztnQkFDakIsT0FBTyxFQUFFLHdDQUF3QzthQUNsRDtTQUNGLENBQUM7UUFDRixJQUFJLENBQUM7WUFDSCxNQUFNLHdCQUF3QixHQUFHLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLDJCQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3ZHLFFBQVEsQ0FBQyxlQUFlLEdBQUcsd0JBQXdCLENBQUMsZUFBZSxDQUFDO1lBQ3BFLFFBQVEsQ0FBQyxPQUFPLEdBQUcsd0JBQXdCLENBQUMsT0FBTyxDQUFDO1lBQ3BELE9BQU8sUUFBUSxDQUFDO1FBQ2xCLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUNwQixRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sR0FBRyxRQUFRLENBQUM7WUFDbEMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEdBQUcsd0NBQXdDLENBQUM7WUFDbkUsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQztJQUNILENBQUM7Q0FDRiJ9
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
export interface CVSS {
|
|
2
|
+
cvss: string;
|
|
3
|
+
cvss_score: number;
|
|
4
|
+
cvss_severity: string;
|
|
5
|
+
}
|
|
6
|
+
export interface Vulnerability {
|
|
7
|
+
id: string;
|
|
8
|
+
cve: string;
|
|
9
|
+
url: string;
|
|
10
|
+
summary: string;
|
|
11
|
+
severity: string;
|
|
12
|
+
published: string;
|
|
13
|
+
modified: string;
|
|
14
|
+
source: string;
|
|
15
|
+
cvss: CVSS[];
|
|
16
|
+
}
|
|
17
|
+
export interface ComponentVulnerability {
|
|
18
|
+
purl: string;
|
|
19
|
+
version: string;
|
|
20
|
+
requirement: string;
|
|
21
|
+
vulnerabilities: Vulnerability[];
|
|
22
|
+
}
|
|
23
|
+
export interface ComponentsVulnerabilitiesResponse {
|
|
24
|
+
components: Array<ComponentVulnerability>;
|
|
25
|
+
status: {
|
|
26
|
+
"status": "SUCCESS" | "FAILED" | "SUCCEEDED_WITH_WARNINGS";
|
|
27
|
+
"message": string;
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
export interface ComponentVulnerabilityResponse extends ComponentVulnerability {
|
|
31
|
+
status: {
|
|
32
|
+
"status": "SUCCESS" | "FAILED" | "SUCCEEDED_WITH_WARNINGS";
|
|
33
|
+
"message": string;
|
|
34
|
+
};
|
|
35
|
+
}
|