-
-
Notifications
You must be signed in to change notification settings - Fork 132
Expand file tree
/
Copy pathcreate_deps_index.js
More file actions
56 lines (45 loc) · 1.72 KB
/
create_deps_index.js
File metadata and controls
56 lines (45 loc) · 1.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
const fs = require('node:fs')
const path = require('node:path')
const depsVulnerabilitiesPath = path.join(__dirname, '../../vuln/deps/')
// Valid justification values from OpenVEX spec v0.2.0
// See: https://github.com/openvex/spec/blob/main/OPENVEX-SPEC.md#status-justifications
const validJustifications = [
'component_not_present',
'vulnerable_code_not_present',
'vulnerable_code_not_in_execute_path',
'vulnerable_code_cannot_be_controlled_by_adversary',
'inline_mitigations_already_exist'
]
let vuln = {}
function createDepsIndex() {
const files = fs.readdirSync(depsVulnerabilitiesPath)
getVulnDirectoryContents(files)
writeIndex(vuln)
}
function getVulnDirectoryContents(files) {
for (const file of files) {
const filename = file.slice(0, file.toString().indexOf('.json'))
if (filename !== 'index') {
const data = fs.readFileSync(depsVulnerabilitiesPath + file)
const json = JSON.parse(data)
if (!json.reason) {
throw new Error(`Missing 'reason' field in ${file}`)
}
if (!validJustifications.includes(json.reason)) {
throw new Error(
`Invalid justification '${json.reason}' in ${file}. ` +
`Valid values are: ${validJustifications.join(', ')}`
)
}
createVulnObject(filename, json)
}
}
}
function createVulnObject(identifier, json) {
vuln[identifier] = json
}
function writeIndex(data) {
fs.writeFileSync(depsVulnerabilitiesPath + 'index.json', JSON.stringify(data, null, 2))
console.log('Successfully wrote ' + depsVulnerabilitiesPath + 'index.json for deps vulnerabilities.')
}
createDepsIndex()