class YAVDB::Sources::NPMJS::Client
Constants
- API_URL
Public Class Methods
advisories()
click to toggle source
# File lib/yavdb/sources/npmjs.rb, line 31 def self.advisories packages = fetch_packages_recursive(0) parse_vulnerabilities(packages) end
Private Class Methods
create(package)
click to toggle source
# File lib/yavdb/sources/npmjs.rb, line 63 def create(package) published_date = Date.strptime(package['created'], '%s') updated_date = Date.strptime(package['updated'], '%s') cves = package['cves'] || [] versions = [package['vulnerable_versions']] versions = ['*'] unless versions.any? vuln_id = "npmjs:npm:#{package['module_name']}:#{package['id']}" YAVDB::Advisory.new( vuln_id, package['title'], package['overview'], package['module_name'], versions, nil, #:unaffected_versions nil, #:patched_versions parse_severity(package['severity']), 'npm', cves, package['cwe'], nil, #:osvdb nil, #:cvss_v2_vector nil, #:cvss_v2_score nil, #:cvss_v3_vector nil, #:cvss_v3_score published_date, published_date, updated_date, package['found_by']['name'], package['url'], package['url'] ) end
fetch_packages_recursive(page_number)
click to toggle source
# File lib/yavdb/sources/npmjs.rb, line 40 def fetch_packages_recursive(page_number) page = get_page_html(get_page_url(page_number), false, 'npmjs/feed') script_tag = page.css('script').find { |script| script.text.include?('window.__context__') }.text context = ExecJS.compile("var window = {};\n#{script_tag.force_encoding('utf-8')};") advisory_data = context.exec('return window.__context__.context.advisoriesData') packages = advisory_data['objects'] next_url = advisory_data['urls']['next'] next_packages = if next_url && !next_url&.include?("page=#{page_number}") fetch_packages_recursive(page_number + 1) else [] end packages.concat(next_packages) end
get_page_html(source_url, with_cache, group_cache_key)
click to toggle source
# File lib/yavdb/sources/npmjs.rb, line 100 def get_page_html(source_url, with_cache, group_cache_key) body_lines = YAVDB::Utils::HTTP.get_page_contents(source_url, with_cache, group_cache_key) Oga.parse_html(body_lines, :strict => true) end
get_page_url(page)
click to toggle source
# File lib/yavdb/sources/npmjs.rb, line 105 def get_page_url(page) "#{API_URL}/advisories?page=#{page}&perPage=100&order=-id" end
parse_severity(severity)
click to toggle source
# File lib/yavdb/sources/npmjs.rb, line 109 def parse_severity(severity) case severity when 'low' 'low' when 'moderate' 'medium' when 'high' 'high' when 'critical' 'high' else 'high' end end
parse_vulnerabilities(packages)
click to toggle source
# File lib/yavdb/sources/npmjs.rb, line 59 def parse_vulnerabilities(packages) packages.map { |package| create(package) }.flatten end