Documentation ¶
Overview ¶
Package npmquickaudit provides types and functions for working with audit reports from npm's "Quick Audit" endpoint (/-/npm/v1/security/audits/quick) and transforming them into data structures understood by the Dracon enricher. These reports are JSON objects organised by vulnerable package name; they do not contain as much information about the vulnerabilities affecting each package as npm Full Audit reports (hence the name).
Index ¶
Constants ¶
const PrintableType = "npm Quick Audit report"
PrintableType package const, printed as part of the report or errors.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Advisory ¶
type Advisory struct { Transitive bool `json:"-"` ID int `json:"source"` Package string `json:"name"` Dependency string `json:"dependency"` Title string `json:"title"` URL string `json:"url"` Severity string `json:"severity"` Range string `json:"range"` }
Advisory represents a single vulnerability in a particular package. This vulnerability may arise either in this package itself (non-transitive), or because this package depends on a vulnerable package described elsewhere in the report (transitive). For transitive advisories, only the Transitive, Package and Dependency fields have values assigned.
func (*Advisory) UnmarshalJSON ¶
UnmarshalJSON converts NPM Audit JSON results to Advisory structs.
type AdvisoryData ¶
type AdvisoryData struct { CVEs []string `json:"cves"` CWE string `json:"cwe"` Overview string `json:"overview"` PatchedVersions string `json:"patched_versions"` Recommendation string `json:"recommendation"` References string `json:"recommendations"` VulnerableVersions string `json:"vulnerable_versions"` }
AdvisoryData represents a subset of the data returned in an advisoryData object in an npm Registry advisory. Only the data relevant to Dracon issue reports is retained.
func NewAdvisoryData ¶
func NewAdvisoryData(url string) (*AdvisoryData, error)
NewAdvisoryData constructs an AdvisoryData from the npm Registry advisory at the given URL.
type Fix ¶
type Fix struct { Available bool Package string `json:"name"` Version string `json:"version"` IsMajor bool `json:"isSemVerMajor"` }
Fix represents a proposed fix for a particular advisory.
func (*Fix) UnmarshalJSON ¶
UnmarshalJSON transforms between NPM Audit fix json and the Fix struct above.
type Report ¶
type Report struct { PackagePath string `json:"-"` Version int `json:"auditReportVersion"` Vulnerabilities map[string]Vulnerability `json:"vulnerabilities"` }
Report represents an npm Quick Audit report. The key for Vulnerabilities represents a package name.
func (*Report) SetPackagePath ¶
SetPackagePath helper method to set the npm package path.
type Vulnerability ¶
type Vulnerability struct { Package string `json:"name"` Severity string `json:"severity"` Via []Advisory `json:"via"` Effects []string `json:"effects"` Range string `json:"range"` Fix Fix `json:"fixAvailable"` }
Vulnerability represents the set of vulnerabilities present in a particular package.