Add support to environment check

RafaelGSS / is-my-node-vulnerable

package that checks if your Node.js installation is vulnerable to known security vulnerabilities

MIT License

180 stars 6 forks source link

Add support to environment check #9

Closed RafaelGSS closed 1 year ago

RafaelGSS commented 1 year ago

Sometimes a security vulnerability affects only windows or macOS and in order to make this package consistent, a check against the environment should be performed.

Currently, the Node.js Security DB doesn't provide information about the CVE environment, so the steps should be:

1) Update the Security DB to provide this information 2) Update this package

UlisesGascon commented 1 year ago

Happy to help if you need an extra hand 😉

RafaelGSS commented 1 year ago

Happy to help if you need an extra hand wink

That would be awesome, @UlisesGascon

UlisesGascon commented 1 year ago

Next steps:

[x] Add affectedEnvironments to the Nodejs Core Vuln model. See: https://github.com/nodejs/security-wg/pull/912
[x] Update the vuln DB to include for the core reported vulnerabilities. See: https://github.com/nodejs/security-wg/pull/914
[x] Add business logic to check against the os.platform(). See: https://github.com/RafaelGSS/is-my-node-vulnerable/pull/12