Example #1
0
def test_npm_confusion_risks():
    test_deprecated_pkg = os.path.join(
        os.path.dirname(os.path.realpath(__file__)), "data",
        "cdxgen-metadata.json")
    with open(test_deprecated_pkg) as fp:
        pkg_metadata = json.load(fp)
        risk_metrics = npm_pkg_risk(pkg_metadata, True, None)
        assert risk_metrics["pkg_private_on_public_registry_risk"]
        assert not risk_metrics["pkg_min_versions_risk"]
Example #2
0
def test_npm_risks():
    test_deprecated_pkg = os.path.join(
        os.path.dirname(os.path.realpath(__file__)), "data",
        "bcrypt-metadata.json")
    with open(test_deprecated_pkg) as fp:
        pkg_metadata = json.load(fp)
        risk_metrics = npm_pkg_risk(pkg_metadata, False, None)
        assert risk_metrics["pkg_deprecated_risk"]
        assert not risk_metrics["pkg_min_versions_risk"]
        assert risk_metrics["latest_now_max_seconds_risk"]

    ebp_pkg = os.path.join(os.path.dirname(os.path.realpath(__file__)), "data",
                           "ebparser-metadata.json")
    with open(ebp_pkg) as fp:
        pkg_metadata = json.load(fp)
        risk_metrics = npm_pkg_risk(pkg_metadata, False, None)
        assert risk_metrics["pkg_node_version_risk"]
        assert not risk_metrics["pkg_deprecated_risk"]
        assert not risk_metrics["pkg_min_versions_risk"]
Example #3
0
import json
import requests

from depscan.lib.pkg_query import npm_pkg_risk

settings = {"interval": "1000", "count": "50", "include_docs": "true"}
url = "https://replicate.npmjs.com/_changes"

r = requests.get(url, params=settings, stream=True, timeout=30)

for line in r.iter_lines():
    if line:
        line = line.decode("utf-8")[:-1]
        try:
            json_obj = json.loads(line)
            npm_pkg = json_obj.get("id")
            risk_metrics = npm_pkg_risk(json_obj.get("doc"), False, None)
            if risk_metrics and risk_metrics["risk_score"] > 0.6:
                print(npm_pkg, risk_metrics)
        except Exception as e:
            print(line, e)
            pass