jacobcsmith
commented
5 years ago @InfoSec812 There seems to be an issue with sonar scanner. Getting command not found in Travis
Closed jacobcsmith closed 4 years ago
jacobcsmith
commented
5 years ago @InfoSec812 There seems to be an issue with sonar scanner. Getting command not found in Travis
InfoSec812
commented
5 years ago Looks like Travis changed some of the features around SonarQube and no longer support running sonar scans on PRs from external forks "for security reasons". So.... Please make the following change to the .travis.yml in your PR:
Change
- sonar-scannerTo
- 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then sonar-scanner; fi' # sonar only on non-PRsWoot! Let me try it out locally and I will approve/merge shortly.
InfoSec812
commented
5 years ago We're apparently missing an edge case:
/home/dphillips/Documents/RedHat/Workspace/npm-audit-ci-wrapper/lib/parser.js:34
let advisories = Object.entries(data.advisories);
^
TypeError: Cannot convert undefined or null to object
at Function.entries (<anonymous>)
at parse_audit_results (/home/dphillips/Documents/RedHat/Workspace/npm-audit-ci-wrapper/lib/parser.js:34:29)
at exec (/home/dphillips/Documents/RedHat/Workspace/npm-audit-ci-wrapper/bin/index.js:39:36)
at ChildProcess.exithandler (child_process.js:301:5)
at ChildProcess.emit (events.js:189:13)
at maybeClose (internal/child_process.js:970:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:259:5)Here's the output of npm audit --json for that project:
{
"actions": [
{
"action": "install",
"module": "@vue/cli-plugin-unit-jest",
"target": "3.5.3",
"isMajor": false,
"resolves": [
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-jasmine2>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-haste-map>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-resolve-dependencies>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-jasmine2>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-haste-map>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-jasmine2>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>babel-plugin-istanbul>test-exclude>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-jasmine2>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-haste-map>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>babel-plugin-istanbul>test-exclude>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-haste-map>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-snapshot>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>jest-util>jest-message-util>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 786,
"path": "@vue/cli-plugin-unit-jest>jest>jest-cli>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
}
]
},
{
"action": "install",
"module": "babel-jest",
"target": "24.7.0",
"isMajor": true,
"resolves": [
{
"id": 786,
"path": "babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"dev": true,
"optional": false,
"bundled": false
}
]
},
{
"action": "review",
"module": "growl",
"resolves": [
{
"id": 146,
"path": "@vue/cli-plugin-e2e-nightwatch>nightwatch>mocha-nightwatch>growl",
"dev": true,
"optional": false,
"bundled": false
}
]
},
{
"action": "review",
"module": "http-proxy-agent",
"resolves": [
{
"id": 607,
"path": "@vue/cli-plugin-e2e-nightwatch>nightwatch>proxy-agent>http-proxy-agent",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 607,
"path": "@vue/cli-plugin-e2e-nightwatch>nightwatch>proxy-agent>pac-proxy-agent>http-proxy-agent",
"dev": true,
"optional": false,
"bundled": false
}
]
},
{
"action": "review",
"module": "https-proxy-agent",
"resolves": [
{
"id": 593,
"path": "@vue/cli-plugin-e2e-nightwatch>nightwatch>proxy-agent>https-proxy-agent",
"dev": true,
"optional": false,
"bundled": false
},
{
"id": 593,
"path": "@vue/cli-plugin-e2e-nightwatch>nightwatch>proxy-agent>pac-proxy-agent>https-proxy-agent",
"dev": true,
"optional": false,
"bundled": false
}
]
},
{
"action": "review",
"module": "debug",
"resolves": [
{
"id": 534,
"path": "@vue/cli-plugin-e2e-nightwatch>nightwatch>mocha-nightwatch>debug",
"dev": true,
"optional": false,
"bundled": false
}
]
}
],
"advisories": {
"146": {
"findings": [
{
"version": "1.9.2",
"paths": [
"@vue/cli-plugin-e2e-nightwatch>nightwatch>mocha-nightwatch>growl"
],
"dev": true,
"optional": false,
"bundled": false
}
],
"id": 146,
"created": "2016-09-06T12:49:40.000Z",
"updated": "2018-03-02T21:07:28.071Z",
"deleted": null,
"title": "Command Injection",
"found_by": {
"name": "Cristian-Alexandru Staicu"
},
"reported_by": {
"name": "Cristian-Alexandru Staicu"
},
"module_name": "growl",
"cves": [
"CVE-2017-16042"
],
"vulnerable_versions": "<1.10.2",
"patched_versions": ">=1.10.2",
"overview": "Affected versions of `growl` do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution.",
"recommendation": "Update to version 1.10.2 or later.",
"references": "[Issue #60](https://github.com/tj/node-growl/issues/60)\n[PR #61](https://github.com/tj/node-growl/pull/61)",
"access": "public",
"severity": "critical",
"cwe": "CWE-94",
"metadata": {
"module_type": "CLI.Library",
"exploitability": 5,
"affected_components": ""
},
"url": "https://npmjs.com/advisories/146"
},
"534": {
"findings": [
{
"version": "2.2.0",
"paths": [
"@vue/cli-plugin-e2e-nightwatch>nightwatch>mocha-nightwatch>debug"
],
"dev": true,
"optional": false,
"bundled": false
}
],
"id": 534,
"created": "2017-09-25T18:55:55.956Z",
"updated": "2018-05-16T19:37:43.686Z",
"deleted": null,
"title": "Regular Expression Denial of Service",
"found_by": {
"name": "Cristian-Alexandru Staicu"
},
"reported_by": {
"name": "Cristian-Alexandru Staicu"
},
"module_name": "debug",
"cves": [
"CVE-2017-16137"
],
"vulnerable_versions": "<= 2.6.8 || >= 3.0.0 <= 3.0.1",
"patched_versions": ">= 2.6.9 < 3.0.0 || >= 3.1.0",
"overview": "Affected versions of `debug` are vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter. \n\nAs it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.",
"recommendation": "Version 2.x.x: Update to version 2.6.9 or later.\nVersion 3.x.x: Update to version 3.1.0 or later.\n",
"references": "- [Issue #501](https://github.com/visionmedia/debug/issues/501)\n- [PR #504](https://github.com/visionmedia/debug/pull/504)",
"access": "public",
"severity": "low",
"cwe": "CWE-400",
"metadata": {
"module_type": "",
"exploitability": 5,
"affected_components": ""
},
"url": "https://npmjs.com/advisories/534"
},
"593": {
"findings": [
{
"version": "1.0.0",
"paths": [
"@vue/cli-plugin-e2e-nightwatch>nightwatch>proxy-agent>https-proxy-agent",
"@vue/cli-plugin-e2e-nightwatch>nightwatch>proxy-agent>pac-proxy-agent>https-proxy-agent"
],
"dev": true,
"optional": false,
"bundled": false
}
],
"id": 593,
"created": "2018-04-24T15:54:57.432Z",
"updated": "2018-04-24T15:55:49.931Z",
"deleted": null,
"title": "Denial of Service",
"found_by": {
"name": "Сковорода Никита Андреевич"
},
"reported_by": {
"name": "Сковорода Никита Андреевич"
},
"module_name": "https-proxy-agent",
"cves": [],
"vulnerable_versions": "<=2.1.1",
"patched_versions": ">=2.2.0",
"overview": "Versions of `https-proxy-agent` before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to `Buffer()`.",
"recommendation": "Update to version 2.2.0 or later.",
"references": "- [index.js Line 207](https://github.com/TooTallNate/node-https-proxy-agent/blob/2.1.1/index.js#L207)\n- [HackerOne Report](https://hackerone.com/reports/319532)",
"access": "public",
"severity": "high",
"cwe": "CWE-20",
"metadata": {
"module_type": "",
"exploitability": 3,
"affected_components": ""
},
"url": "https://npmjs.com/advisories/593"
},
"607": {
"findings": [
{
"version": "1.0.0",
"paths": [
"@vue/cli-plugin-e2e-nightwatch>nightwatch>proxy-agent>http-proxy-agent",
"@vue/cli-plugin-e2e-nightwatch>nightwatch>proxy-agent>pac-proxy-agent>http-proxy-agent"
],
"dev": true,
"optional": false,
"bundled": false
}
],
"id": 607,
"created": "2018-04-24T22:28:57.482Z",
"updated": "2018-04-24T22:28:57.482Z",
"deleted": null,
"title": "Denial of Service",
"found_by": {
"name": "Сковорода Никита Андреевич"
},
"reported_by": {
"name": "Сковорода Никита Андреевич"
},
"module_name": "http-proxy-agent",
"cves": [],
"vulnerable_versions": "<=2.0.0",
"patched_versions": ">=2.1.0",
"overview": "Versions of `http-proxy-agent` before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to `Buffer`.",
"recommendation": "Update to version 2.1.0 or later.",
"references": "- https://github.com/TooTallNate/node-http-proxy-agent/blob/2.0.0/index.js#L80\n- [HackerOne Report](https://hackerone.com/reports/321631)",
"access": "public",
"severity": "high",
"cwe": "CWE-20",
"metadata": {
"module_type": "",
"exploitability": 5,
"affected_components": ""
},
"url": "https://npmjs.com/advisories/607"
},
"786": {
"findings": [
{
"version": "1.8.5",
"paths": [
"@vue/cli-plugin-unit-jest>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-jasmine2>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-config>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-haste-map>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-resolve-dependencies>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-jasmine2>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-config>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-haste-map>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-jasmine2>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>babel-plugin-istanbul>test-exclude>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-jasmine2>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-config>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-haste-map>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-runtime>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runner>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>babel-plugin-istanbul>test-exclude>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-environment-jsdom>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-environment-node>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>expect>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-jasmine2>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-config>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-haste-map>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-runtime>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-snapshot>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>jest-util>jest-message-util>micromatch>braces",
"@vue/cli-plugin-unit-jest>jest>jest-cli>micromatch>braces",
"babel-jest>babel-plugin-istanbul>test-exclude>micromatch>braces"
],
"dev": true,
"optional": false,
"bundled": false
}
],
"id": 786,
"created": "2019-02-15T21:44:30.680Z",
"updated": "2019-04-02T18:18:29.356Z",
"deleted": null,
"title": "Regular Expression Denial of Service",
"found_by": {
"link": "",
"name": "Santosh Rao"
},
"reported_by": {
"link": "",
"name": "Santosh Rao"
},
"module_name": "braces",
"cves": [],
"vulnerable_versions": "<2.3.1",
"patched_versions": ">=2.3.1",
"overview": "Versions of `braces` prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.",
"recommendation": "Upgrade to version 2.3.1 or higher.",
"references": "- [GitHub Commit](https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451)",
"access": "public",
"severity": "low",
"cwe": "CWE-185",
"metadata": {
"module_type": "",
"exploitability": 4,
"affected_components": ""
},
"url": "https://npmjs.com/advisories/786"
}
},
"muted": [],
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 65,
"moderate": 0,
"high": 4,
"critical": 1
},
"dependencies": 1,
"devDependencies": 42892,
"optionalDependencies": 1008,
"totalDependencies": 42893
},
"runId": "9ce99cae-9787-417c-ab18-47070d5e7233"
}
groovecoder
commented
5 years ago Any ETA on a merge or other fix for this?
InfoSec812
commented
4 years ago @groovecoder Sorry for the long delay. I missed the notice on the change you made. I will merge and review today.
InfoSec812
commented
4 years ago @groovecoder Unfortunately, the code has diverged since this was submitted and now I cannot trivially merge this change. Could you take a look and see if you can figure out what I am missing? Thanks.
● Validate run with 7 vulnerabilities and JSON output
expect(received).toEqual(expected) // deep equality
Expected: undefined
Received: [Function keys]
134 | const cli_output_json = JSON.parse(cli_output);
135 | const data = JSON.parse(test_data);
> 136 | expect(cli_output_json.advisories.keys).toEqual(data.advisories.keys);
| ^
137 | });
138 |
139 | /*
at Object.toEqual (lib/parser.test.js:136:43)Been a long while since I looked at this, so I'm not much help here.
Resolves #32
Description
When outputting JSON, ensure the advisories object matches the data type found in the output of
npm audit --json. Array filter returns an array so I converted the results to an object. @InfoSec812