UNPKG

@nodesecure/vulnera

Version:

NodeSecure vulnerabilities strategies

122 lines 4.48 kB
// Import Node.js Dependencies import timers from "node:timers/promises"; // Import Third-party Dependencies import * as httpie from "@openally/httpie"; // Import Internal Dependencies import * as utils from "../utils.js"; export class NVD { static ROOT_API = "https://services.nvd.nist.gov/rest/json/cves/2.0"; #credential; #requestDelay; constructor(options) { this.#credential = options.credential; this.#requestDelay = options.requestDelay ?? 6_000; } async find(parameters) { const queryParams = new URLSearchParams(); if (parameters.packageName) { queryParams.append("keywordSearch", parameters.packageName); /** * NVD doesn't support cpeMatchString for npm packages. * We only search by keyword. */ } else if (parameters.keywordSearch) { queryParams.append("keywordSearch", parameters.keywordSearch); } if (parameters.keywordExactMatch) { queryParams.append("keywordExactMatch", ""); } if (parameters.cveId) { queryParams.append("cveId", parameters.cveId); } if (parameters.cveTag) { queryParams.append("cveTag", parameters.cveTag); } if (parameters.cweId) { queryParams.append("cweId", parameters.cweId); } if (parameters.cvssV2Severity) { queryParams.append("cvssV2Severity", parameters.cvssV2Severity); } if (parameters.cvssV3Severity) { queryParams.append("cvssV3Severity", parameters.cvssV3Severity); } if (parameters.cvssV4Severity) { queryParams.append("cvssV4Severity", parameters.cvssV4Severity); } if (parameters.cvssV2Metrics) { queryParams.append("cvssV2Metrics", parameters.cvssV2Metrics); } if (parameters.cvssV3Metrics) { queryParams.append("cvssV3Metrics", parameters.cvssV3Metrics); } if (parameters.cvssV4Metrics) { queryParams.append("cvssV4Metrics", parameters.cvssV4Metrics); } if (parameters.noRejected) { queryParams.append("noRejected", ""); } if (parameters.hasKev) { queryParams.append("hasKev", ""); } if (parameters.hasCertAlerts) { queryParams.append("hasCertAlerts", ""); } if (parameters.hasCertNotes) { queryParams.append("hasCertNotes", ""); } if (parameters.hasOval) { queryParams.append("hasOval", ""); } if (parameters.pubStartDate) { queryParams.append("pubStartDate", parameters.pubStartDate); } if (parameters.pubEndDate) { queryParams.append("pubEndDate", parameters.pubEndDate); } if (parameters.lastModStartDate) { queryParams.append("lastModStartDate", parameters.lastModStartDate); } if (parameters.lastModEndDate) { queryParams.append("lastModEndDate", parameters.lastModEndDate); } if (parameters.sourceIdentifier) { queryParams.append("sourceIdentifier", parameters.sourceIdentifier); } if (parameters.resultsPerPage !== undefined) { queryParams.append("resultsPerPage", String(parameters.resultsPerPage)); } if (parameters.startIndex !== undefined) { queryParams.append("startIndex", String(parameters.startIndex)); } for (const [name, value] of Object.entries(this.#credential.queryParams)) { queryParams.append(name, value); } const url = new URL(NVD.ROOT_API); url.search = queryParams.toString(); const { data } = await httpie.get(url.toString()); return data.vulnerabilities || []; } findByCveId(cveId) { return this.find({ cveId }); } findBySpec(spec) { const { name } = utils.parseNpmSpec(spec); return this.find({ packageName: name, ecosystem: "npm" }); } async findMany(specs) { const result = {}; for (let i = 0; i < specs.length; i++) { result[specs[i]] = await this.findBySpec(specs[i]); if (i < specs.length - 1) { await timers.setTimeout(this.#requestDelay); } } return result; } } //# sourceMappingURL=nvd.js.map