@nodesecure/vulnera
Version:
NodeSecure vulnerabilities strategies
122 lines • 4.48 kB
JavaScript
// Import Node.js Dependencies
import timers from "node:timers/promises";
// Import Third-party Dependencies
import * as httpie from "@openally/httpie";
// Import Internal Dependencies
import * as utils from "../utils.js";
export class NVD {
static ROOT_API = "https://services.nvd.nist.gov/rest/json/cves/2.0";
#credential;
#requestDelay;
constructor(options) {
this.#credential = options.credential;
this.#requestDelay = options.requestDelay ?? 6_000;
}
async find(parameters) {
const queryParams = new URLSearchParams();
if (parameters.packageName) {
queryParams.append("keywordSearch", parameters.packageName);
/**
* NVD doesn't support cpeMatchString for npm packages.
* We only search by keyword.
*/
}
else if (parameters.keywordSearch) {
queryParams.append("keywordSearch", parameters.keywordSearch);
}
if (parameters.keywordExactMatch) {
queryParams.append("keywordExactMatch", "");
}
if (parameters.cveId) {
queryParams.append("cveId", parameters.cveId);
}
if (parameters.cveTag) {
queryParams.append("cveTag", parameters.cveTag);
}
if (parameters.cweId) {
queryParams.append("cweId", parameters.cweId);
}
if (parameters.cvssV2Severity) {
queryParams.append("cvssV2Severity", parameters.cvssV2Severity);
}
if (parameters.cvssV3Severity) {
queryParams.append("cvssV3Severity", parameters.cvssV3Severity);
}
if (parameters.cvssV4Severity) {
queryParams.append("cvssV4Severity", parameters.cvssV4Severity);
}
if (parameters.cvssV2Metrics) {
queryParams.append("cvssV2Metrics", parameters.cvssV2Metrics);
}
if (parameters.cvssV3Metrics) {
queryParams.append("cvssV3Metrics", parameters.cvssV3Metrics);
}
if (parameters.cvssV4Metrics) {
queryParams.append("cvssV4Metrics", parameters.cvssV4Metrics);
}
if (parameters.noRejected) {
queryParams.append("noRejected", "");
}
if (parameters.hasKev) {
queryParams.append("hasKev", "");
}
if (parameters.hasCertAlerts) {
queryParams.append("hasCertAlerts", "");
}
if (parameters.hasCertNotes) {
queryParams.append("hasCertNotes", "");
}
if (parameters.hasOval) {
queryParams.append("hasOval", "");
}
if (parameters.pubStartDate) {
queryParams.append("pubStartDate", parameters.pubStartDate);
}
if (parameters.pubEndDate) {
queryParams.append("pubEndDate", parameters.pubEndDate);
}
if (parameters.lastModStartDate) {
queryParams.append("lastModStartDate", parameters.lastModStartDate);
}
if (parameters.lastModEndDate) {
queryParams.append("lastModEndDate", parameters.lastModEndDate);
}
if (parameters.sourceIdentifier) {
queryParams.append("sourceIdentifier", parameters.sourceIdentifier);
}
if (parameters.resultsPerPage !== undefined) {
queryParams.append("resultsPerPage", String(parameters.resultsPerPage));
}
if (parameters.startIndex !== undefined) {
queryParams.append("startIndex", String(parameters.startIndex));
}
for (const [name, value] of Object.entries(this.#credential.queryParams)) {
queryParams.append(name, value);
}
const url = new URL(NVD.ROOT_API);
url.search = queryParams.toString();
const { data } = await httpie.get(url.toString());
return data.vulnerabilities || [];
}
findByCveId(cveId) {
return this.find({ cveId });
}
findBySpec(spec) {
const { name } = utils.parseNpmSpec(spec);
return this.find({
packageName: name,
ecosystem: "npm"
});
}
async findMany(specs) {
const result = {};
for (let i = 0; i < specs.length; i++) {
result[specs[i]] = await this.findBySpec(specs[i]);
if (i < specs.length - 1) {
await timers.setTimeout(this.#requestDelay);
}
}
return result;
}
}
//# sourceMappingURL=nvd.js.map