forked from Marynk/JavaScript-vulnerability-detection
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfinalizeReports.js
More file actions
66 lines (52 loc) · 2.04 KB
/
finalizeReports.js
File metadata and controls
66 lines (52 loc) · 2.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import fs from "fs";
import fetch from "node-fetch";
const ID_PROPS = [
"original",
"type",
"vendor_Package",
"varName",
];
const data = JSON.parse(fs.readFileSync(process.argv[2]))// json reports with duplicate check
await Promise.all(data.map(report => addVersions(report)));
// console.log(data[0].version);
const addedIds = new Set();
const filtered = data
.filter(entry => !entry.possibleDuplicate?.length && !entry.manualDupMatch?.length)
.map(entry => {
const [left, right] = entry.original.split("npm package");
if (!right.startsWith(` (${entry.version})`)) {
entry.original = `${left}npm package (${entry.version})${right}`;
}
return entry;
})
.filter(obj => {
const id = ID_PROPS.reduce((acc, prop) => acc + obj[prop], "");
if (addedIds.has(id)) {
return false;
} else {
addedIds.add(id);
return true;
}
});
const differentVendors = new Set(data.map(report => report.vendor_Package)).size;
console.log("number of reports: " , filtered.length);
console.log("number of different vendors in reports: ", differentVendors);
// fs.writeFileSync(process.argv[3], reports.join("\n\n----------------------------------\n").toString());
fs.writeFileSync("finalReports.json", JSON.stringify(filtered, null, 4)); // "original" field contains finalized textual report.
async function addVersions(report) {
if (report.version) {
return;
}
const [owner, repo] = report.vendor_Package.split("/");
const commit_sha = report.original.match(/is exported here: (.*)\./)[1].split("/")[5];
try {
const res = await fetch(`https://github.com/${owner}/${repo}/branch_commits/${commit_sha}`)
.then(res => res.text());
const tag = Array.from(res.matchAll(/releases\/tag\/(.*)"/g)).at(-1)?.[1];
console.log(tag);
report.version = tag ? tag : "latest";
} catch(error) {
console.error(error);
report.version = "latest";
}
}