From a11726c89c5272313147e0258b59f263e0ff951e Mon Sep 17 00:00:00 2001 From: Jeffry Hesse Date: Thu, 19 Mar 2020 10:45:14 -0800 Subject: [PATCH 1/4] Initial WIP --- src/Munchers/NpmList.ts | 22 ++++++++++++++++++++-- src/Types/Coordinates.ts | 7 ++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/src/Munchers/NpmList.ts b/src/Munchers/NpmList.ts index ec2a3c63..63ee298e 100644 --- a/src/Munchers/NpmList.ts +++ b/src/Munchers/NpmList.ts @@ -101,9 +101,18 @@ export class NpmList implements Muncher { return x.name == name[1] && x.version == pkg.version && x.group == name[0]; }) ) { + const foundIndex = list.findIndex((x) => x.name == name[1] && x.version == pkg.version && x.group == name[0]); + pkg._requiredBy.forEach((item: string) => { + list[foundIndex].requestedBy.add(item); + }); + return false; } - list.push(new Coordinates(name[1], pkg.version, name[0])); + let set = new Set(); + pkg._requiredBy.forEach((item: string) => { + set.add(item); + }); + list.push(new Coordinates(name[1], pkg.version, name[0], set)); return true; } else if (pkg.name) { if ( @@ -111,9 +120,18 @@ export class NpmList implements Muncher { return x.name == pkg.name && x.version == pkg.version && x.group == ''; }) ) { + const foundIndex = list.findIndex((x) => x.name == pkg.name && x.version == pkg.version && x.group == ''); + pkg._requiredBy.forEach((item: string) => { + list[foundIndex].requestedBy.add(item); + }); + return false; } - list.push(new Coordinates(pkg.name, pkg.version, '')); + let set = new Set(); + pkg._requiredBy.forEach((item: string) => { + set.add(item); + }); + list.push(new Coordinates(pkg.name, pkg.version, '', set)); return true; } return false; diff --git a/src/Types/Coordinates.ts b/src/Types/Coordinates.ts index 574e716b..d7b7eecc 100644 --- a/src/Types/Coordinates.ts +++ b/src/Types/Coordinates.ts @@ -14,7 +14,12 @@ * limitations under the License. */ export class Coordinates { - constructor(readonly name: string, readonly version: string, readonly group?: string) {} + constructor( + readonly name: string, + readonly version: string, + readonly group?: string, + public requestedBy: Set = new Set(), + ) {} public toPurl(ecosystem = 'npm'): string { if (this.group) { From c7eac08f1f485e2faf75fa00e64d93b940ba0e5d Mon Sep 17 00:00:00 2001 From: Jeffry Hesse Date: Thu, 19 Mar 2020 11:21:12 -0800 Subject: [PATCH 2/4] RealPath --- src/Munchers/NpmList.ts | 12 ++++++++++-- src/Types/Coordinates.ts | 1 + 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/Munchers/NpmList.ts b/src/Munchers/NpmList.ts index 63ee298e..29d90afe 100644 --- a/src/Munchers/NpmList.ts +++ b/src/Munchers/NpmList.ts @@ -112,7 +112,9 @@ export class NpmList implements Muncher { pkg._requiredBy.forEach((item: string) => { set.add(item); }); - list.push(new Coordinates(name[1], pkg.version, name[0], set)); + list.push( + new Coordinates(name[1], pkg.version, name[0], set, this.stripPwdAndNodeModulesFromRealPath(pkg.realPath)), + ); return true; } else if (pkg.name) { if ( @@ -131,7 +133,7 @@ export class NpmList implements Muncher { pkg._requiredBy.forEach((item: string) => { set.add(item); }); - list.push(new Coordinates(pkg.name, pkg.version, '', set)); + list.push(new Coordinates(pkg.name, pkg.version, '', set, this.stripPwdAndNodeModulesFromRealPath(pkg.realPath))); return true; } return false; @@ -154,4 +156,10 @@ export class NpmList implements Muncher { } return `${name}/${version}`; } + + private stripPwdAndNodeModulesFromRealPath(realPath: string): string { + const cwd = process.cwd(); + + return realPath.substr(cwd.length); + } } diff --git a/src/Types/Coordinates.ts b/src/Types/Coordinates.ts index d7b7eecc..f6e1712f 100644 --- a/src/Types/Coordinates.ts +++ b/src/Types/Coordinates.ts @@ -19,6 +19,7 @@ export class Coordinates { readonly version: string, readonly group?: string, public requestedBy: Set = new Set(), + public pathOnDisk: string = '', ) {} public toPurl(ecosystem = 'npm'): string { From 179a116a439332215b950e10e858fe0168b8b1c9 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse Date: Thu, 19 Mar 2020 12:06:01 -0800 Subject: [PATCH 3/4] Fun fun fun --- src/Application/Application.ts | 2 +- src/Audit/AuditOSSIndex.spec.ts | 2 +- src/Audit/AuditOSSIndex.ts | 8 +++++++- src/Audit/Formatters/TextFormatter.ts | 6 ++++++ src/Types/OssIndexServerResult.ts | 2 ++ 5 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/Application/Application.ts b/src/Application/Application.ts index f85fc03f..954b9fc0 100644 --- a/src/Application/Application.ts +++ b/src/Application/Application.ts @@ -184,7 +184,7 @@ export class Application { this.spinner.maybeStop(); logMessage('Attempting to audit results', DEBUG); - const failed = auditOSSIndex.auditResults(ossIndexResults); + const failed = auditOSSIndex.auditResults(ossIndexResults, this.results); logMessage('Results audited', DEBUG, { failureCode: failed }); failed ? shutDownLoggerAndExit(1) : shutDownLoggerAndExit(0); diff --git a/src/Audit/AuditOSSIndex.spec.ts b/src/Audit/AuditOSSIndex.spec.ts index db69af92..f2df1f97 100644 --- a/src/Audit/AuditOSSIndex.spec.ts +++ b/src/Audit/AuditOSSIndex.spec.ts @@ -28,7 +28,7 @@ const oldWrite = process.stdout.write; const doAuditOSSIndex = (results: OssIndexServerResult[]): boolean => { process.stdout.write = write; - const auditResult = auditOSSIndex.auditResults(results); + const auditResult = auditOSSIndex.auditResults(results, []); process.stdout.write = oldWrite; return auditResult; }; diff --git a/src/Audit/AuditOSSIndex.ts b/src/Audit/AuditOSSIndex.ts index 98cffabc..875cad78 100644 --- a/src/Audit/AuditOSSIndex.ts +++ b/src/Audit/AuditOSSIndex.ts @@ -18,6 +18,7 @@ import { Formatter, getNumberOfVulnerablePackagesFromResults } from './Formatter import { JsonFormatter } from './Formatters/JsonFormatter'; import { TextFormatter } from './Formatters/TextFormatter'; import { XmlFormatter } from './Formatters/XmlFormatter'; +import { Coordinates } from '../Types/Coordinates'; export class AuditOSSIndex { private formatter: Formatter; @@ -32,12 +33,17 @@ export class AuditOSSIndex { } } - public auditResults(results: Array): boolean { + public auditResults(results: Array, supplemental: Array): boolean { if (this.quiet) { results = results.filter((x) => { return x.vulnerabilities && x.vulnerabilities?.length > 0; }); } + for (let i = 0; i < supplemental.length; i++) { + let index = results.findIndex((res) => res.coordinates == supplemental[i].toPurl()); + results[index].requiredBy = Array.from(supplemental[i].requestedBy).join(', '); + results[index].realPath = supplemental[i].pathOnDisk; + } this.formatter.printAuditResults(results); diff --git a/src/Audit/Formatters/TextFormatter.ts b/src/Audit/Formatters/TextFormatter.ts index 5618f84c..5ae93c73 100644 --- a/src/Audit/Formatters/TextFormatter.ts +++ b/src/Audit/Formatters/TextFormatter.ts @@ -40,6 +40,10 @@ export class TextFormatter implements Formatter { this.printVulnerability(i, total, x); } else { this.printLine(chalk.keyword('green')(`[${i + 1}/${total}] - ${x.toAuditLog()}`)); + console.group(); + this.printLine(chalk.keyword('green')(`Path: ${x.realPath}`)); + this.printLine(chalk.keyword('green')(`Required By: ${x.requiredBy}`)); + console.groupEnd(); } }); @@ -85,6 +89,8 @@ export class TextFormatter implements Formatter { console.log( chalk.keyword(this.getColorFromMaxScore(maxScore)).bold(`[${i + 1}/${total}] - ${result.toAuditLog()}`), ); + console.log(chalk.keyword(this.getColorFromMaxScore(maxScore)).bold(`Path: ${result.realPath}`)); + console.log(chalk.keyword(this.getColorFromMaxScore(maxScore)).bold(`Required By: ${result.requiredBy}`)); console.log(); result.vulnerabilities && printVuln( diff --git a/src/Types/OssIndexServerResult.ts b/src/Types/OssIndexServerResult.ts index 77c068d9..ae343eed 100644 --- a/src/Types/OssIndexServerResult.ts +++ b/src/Types/OssIndexServerResult.ts @@ -18,6 +18,8 @@ export class OssIndexServerResult { readonly description?: string; readonly reference: string; readonly vulnerabilities?: Array; + public requiredBy: string = ''; + public realPath: string = ''; constructor(result: any) { this.coordinates = result.coordinates; From f554dc6f8125bd48602869c4bc19a457200dffc4 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse Date: Thu, 19 Mar 2020 12:09:39 -0800 Subject: [PATCH 4/4] eslint --- src/Audit/AuditOSSIndex.ts | 2 +- src/Munchers/NpmList.ts | 4 ++-- src/Types/OssIndexServerResult.ts | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Audit/AuditOSSIndex.ts b/src/Audit/AuditOSSIndex.ts index 875cad78..9ca34f4f 100644 --- a/src/Audit/AuditOSSIndex.ts +++ b/src/Audit/AuditOSSIndex.ts @@ -40,7 +40,7 @@ export class AuditOSSIndex { }); } for (let i = 0; i < supplemental.length; i++) { - let index = results.findIndex((res) => res.coordinates == supplemental[i].toPurl()); + const index = results.findIndex((res) => res.coordinates == supplemental[i].toPurl()); results[index].requiredBy = Array.from(supplemental[i].requestedBy).join(', '); results[index].realPath = supplemental[i].pathOnDisk; } diff --git a/src/Munchers/NpmList.ts b/src/Munchers/NpmList.ts index 29d90afe..1917ade4 100644 --- a/src/Munchers/NpmList.ts +++ b/src/Munchers/NpmList.ts @@ -108,7 +108,7 @@ export class NpmList implements Muncher { return false; } - let set = new Set(); + const set = new Set(); pkg._requiredBy.forEach((item: string) => { set.add(item); }); @@ -129,7 +129,7 @@ export class NpmList implements Muncher { return false; } - let set = new Set(); + const set = new Set(); pkg._requiredBy.forEach((item: string) => { set.add(item); }); diff --git a/src/Types/OssIndexServerResult.ts b/src/Types/OssIndexServerResult.ts index ae343eed..e47abb92 100644 --- a/src/Types/OssIndexServerResult.ts +++ b/src/Types/OssIndexServerResult.ts @@ -18,8 +18,8 @@ export class OssIndexServerResult { readonly description?: string; readonly reference: string; readonly vulnerabilities?: Array; - public requiredBy: string = ''; - public realPath: string = ''; + public requiredBy = ''; + public realPath = ''; constructor(result: any) { this.coordinates = result.coordinates;