npmquickaudit

package
v0.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 19, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package npmquickaudit provides types and functions for working with audit reports from npm's "Quick Audit" endpoint (/-/npm/v1/security/audits/quick) and transforming them into data structures understood by the Dracon enricher. These reports are JSON objects organised by vulnerable package name; they do not contain as much information about the vulnerabilities affecting each package as npm Full Audit reports (hence the name).

Index

Constants

View Source
const PrintableType = "npm Quick Audit report"

PrintableType package const, printed as part of the report or errors.

Variables

This section is empty.

Functions

func NewReport

func NewReport(report []byte) (atypes.Report, error)

NewReport constructs a Report from an npm Full Audit report.

Types

type Advisory

type Advisory struct {
	Transitive bool   `json:"-"`
	ID         int    `json:"source"`
	Package    string `json:"name"`
	Dependency string `json:"dependency"`
	Title      string `json:"title"`
	URL        string `json:"url"`
	Severity   string `json:"severity"`
	Range      string `json:"range"`
}

Advisory represents a single vulnerability in a particular package. This vulnerability may arise either in this package itself (non-transitive), or because this package depends on a vulnerable package described elsewhere in the report (transitive). For transitive advisories, only the Transitive, Package and Dependency fields have values assigned.

func (*Advisory) UnmarshalJSON

func (a *Advisory) UnmarshalJSON(data []byte) error

UnmarshalJSON converts NPM Audit JSON results to Advisory structs.

type AdvisoryData

type AdvisoryData struct {
	CVEs               []string `json:"cves"`
	CWE                string   `json:"cwe"`
	Overview           string   `json:"overview"`
	PatchedVersions    string   `json:"patched_versions"`
	Recommendation     string   `json:"recommendation"`
	References         string   `json:"recommendations"`
	VulnerableVersions string   `json:"vulnerable_versions"`
}

AdvisoryData represents a subset of the data returned in an advisoryData object in an npm Registry advisory. Only the data relevant to Dracon issue reports is retained.

func NewAdvisoryData

func NewAdvisoryData(url string) (*AdvisoryData, error)

NewAdvisoryData constructs an AdvisoryData from the npm Registry advisory at the given URL.

type Fix

type Fix struct {
	Available bool
	Package   string `json:"name"`
	Version   string `json:"version"`
	IsMajor   bool   `json:"isSemVerMajor"`
}

Fix represents a proposed fix for a particular advisory.

func (*Fix) UnmarshalJSON

func (f *Fix) UnmarshalJSON(data []byte) error

UnmarshalJSON transforms between NPM Audit fix json and the Fix struct above.

type Report

type Report struct {
	PackagePath     string                   `json:"-"`
	Version         int                      `json:"auditReportVersion"`
	Vulnerabilities map[string]Vulnerability `json:"vulnerabilities"`
}

Report represents an npm Quick Audit report. The key for Vulnerabilities represents a package name.

func (*Report) AsIssues

func (r *Report) AsIssues() []*v1.Issue

AsIssues transforms between NPM issues and dracon issues.

func (*Report) SetPackagePath

func (r *Report) SetPackagePath(packagePath string)

SetPackagePath helper method to set the npm package path.

func (*Report) Type

func (r *Report) Type() string

Type helper method to set the type.

type Vulnerability

type Vulnerability struct {
	Package  string     `json:"name"`
	Severity string     `json:"severity"`
	Via      []Advisory `json:"via"`
	Effects  []string   `json:"effects"`
	Range    string     `json:"range"`
	Fix      Fix        `json:"fixAvailable"`
}

Vulnerability represents the set of vulnerabilities present in a particular package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL