def main():
args = build_args()
print(at_logo)
if args.clean:
if os.path.exists(config.data_dir):
try:
os.rmdir(config.data_dir)
except Exception:
pass
else:
LOG.info("Vulnerability database loaded from {}".format(
config.vdb_bin_file))
if args.cache:
for s in [GitHubSource(), NvdSource()]:
LOG.info("Refreshing {}".format(s.__class__.__name__))
s.refresh()
elif args.sync:
for s in [GitHubSource(), NvdSource()]:
LOG.info("Syncing {}".format(s.__class__.__name__))
s.download_recent()
if args.sync_npm:
for s in [NpmSource()]:
LOG.info("Syncing {}".format(s.__class__.__name__))
s.download_recent()
if args.sync_github:
for s in [GitHubSource()]:
LOG.info("Syncing {}".format(s.__class__.__name__))
s.download_recent()
if args.search_npm:
source = NpmSource()
results = source.bulk_search(config.npm_app_info, [args.search_npm])
print_results(results)
if args.list:
db = dbLib.get()
results = dbLib.list_all_occurrence(db)
print_results(results)
elif args.search:
db = dbLib.get()
search_list = re.split(r"[,|;]", args.search)
for pkg_info in search_list:
pstr = re.split(r"[:=@]", pkg_info)
if pstr:
if len(pstr) == 2 and dbLib.index_search(*pstr):
results = dbLib.pkg_search(db, *pstr)
print_results(results)
elif len(pstr) == 3:
results = dbLib.vendor_pkg_search(db, *pstr)
print_results(results)
else:
print("No vulnerability found!")
def test_version_ranges():
source = NpmSource()
version_list = source.get_version_ranges("<1.10.2")
assert version_list == [{
"version_start_including": "",
"version_end_including": "",
"version_start_excluding": "",
"version_end_excluding": "1.10.2",
}]
version_list = source.get_version_ranges("<=4.0.13 || >=4.1.0 <4.1.2")
assert version_list == [
{
"version_start_including": "",
"version_end_including": "4.0.13",
"version_start_excluding": "",
"version_end_excluding": "",
},
{
"version_start_including": "4.1.0",
"version_end_including": "",
"version_start_excluding": "",
"version_end_excluding": "4.1.2",
},
]
version_list = source.get_version_ranges(">=4.3.0")
assert version_list == [{
"version_start_including": "4.3.0",
"version_end_including": "",
"version_start_excluding": "",
"version_end_excluding": "",
}]
version_list = source.get_version_ranges("1.1.0")
assert version_list == [{
"version_start_including": "1.1.0",
"version_end_including": "",
"version_start_excluding": "",
"version_end_excluding": "",
}]
version_list = source.get_version_ranges(">= 0.6.1")
assert version_list == [{
"version_start_including": "0.6.1",
"version_end_including": "",
"version_start_excluding": "",
"version_end_excluding": "",
}]
version_list = source.get_version_ranges(">= 1.4.1 < 2.0.0 || >= 2.0.3")
assert version_list == [
{
"version_start_including": "1.4.1",
"version_end_including": "",
"version_start_excluding": "",
"version_end_excluding": "2.0.0",
},
{
"version_start_including": "2.0.3",
"version_end_including": "",
"version_start_excluding": "",
"version_end_excluding": "",
},
]
from vdb.lib.npm import NpmSource
# Dict mapping project type to the audit source
type_audit_map = {"nodejs": NpmSource(), "js": NpmSource()}
def audit(project_type, pkg_list, report_file):
"""
Method to audit packages using remote source such as npm advisory
:param project_type: Project type
:param pkg_list: List of packages
:param report_file: Report file
"""
app_info = {"name": "appthreat-depscan", "version": "1.0.0"}
results = type_audit_map[project_type].bulk_search(app_info=app_info,
pkg_list=pkg_list)
return results
def test_convert(test_cve_json):
data = NpmSource().convert(test_cve_json)
assert len(data) == 8
assert data[0].id == "CVE-2017-16042"
def test_bulk_search(test_app_info, test_pkg_list):
data = NpmSource().bulk_search(test_app_info, test_pkg_list)
assert len(data) == 7
assert data[0].id == "CVE-2017-16042"
def test_download_all():
data = NpmSource().download_all()
assert len(data) >= 100