@@ -44,38 +44,20 @@ class Model {
4444 return ;
4545 }
4646
47- // only for npm ver. 6
48- if ( advisory . findings ) {
49- advisory . findings . forEach ( ( finding ) =>
50- finding . paths . forEach ( ( path ) => {
51- if ( this . allowlist . paths . includes ( `${ advisory . id } ${ path } ) ) {
52- this . allowlistedPathsFound . push ( `${ advisory . id } ${ path } ) ;
53- }
54- } )
55- ) ;
47+ this . allowlistedPathsFound . push (
48+ ...advisory . findings
49+ . flatMap ( ( finding ) => `${ advisory . id } ${ finding . paths } )
50+ . filter ( ( path ) => this . allowlist . paths . includes ( path ) )
51+ ) ;
5652
57- if (
58- advisory . findings . every ( ( finding ) =>
59- finding . paths . every ( ( path ) =>
60- this . allowlist . paths . includes ( `${ advisory . id } ${ path } )
61- )
62- )
63- ) {
64- return ;
65- }
66- }
53+ const isAllowListed = advisory . findings . every ( ( finding ) =>
54+ finding . paths . every ( ( path ) =>
55+ this . allowlist . paths . includes ( `${ advisory . id } ${ path } )
56+ )
57+ ) ;
6758
68- // only for npm ver. 7
69- if ( advisory . nodes ) {
70- const nodes = advisory . nodes
71- . map ( ( node ) => node . split ( / \/ / ) [ 1 ] )
72- . filter ( ( node ) =>
73- this . allowlist . paths . find ( ( path ) => path . includes ( node ) )
74- ) ;
75-
76- nodes . forEach ( ( path ) => {
77- this . allowlistedPathsFound . push ( `${ advisory . id } ${ path } ) ;
78- } ) ;
59+ if ( isAllowListed ) {
60+ return ;
7961 }
8062
8163 this . advisoriesFound . push ( advisory ) ;
@@ -89,13 +71,25 @@ class Model {
8971 }
9072
9173 // only for npm ver. 7
92- Object . values ( parsedOutput . vulnerabilities )
93- . map ( ( a ) => ( {
94- id : a . via [ 0 ] . source ? a . via [ 0 ] . source : a . via [ 0 ] ,
95- module_name : a . name ,
96- severity : a . severity ,
97- nodes : a . nodes ,
98- } ) )
74+ Object . keys ( parsedOutput . vulnerabilities )
75+ . map ( ( key , index ) => {
76+ const vulnerability = parsedOutput . vulnerabilities [ key ] ;
77+ let { via } = vulnerability ;
78+
79+ if ( typeof via [ 0 ] === "string" ) {
80+ via = parsedOutput . vulnerabilities [ via [ 0 ] ] . via ;
81+ ( via [ index ] || via [ 0 ] ) . paths = `${ vulnerability . name } ${
82+ ( via [ index ] || via [ 0 ] ) . name
83+ } `;
84+ }
85+ return {
86+ id : ( via [ index ] || via [ 0 ] ) . source ,
87+ module_name : vulnerability . name ,
88+ severity : vulnerability . severity ,
89+ nodes : vulnerability . nodes ,
90+ findings : via . map ( ( v ) => ( { paths : [ v . paths || v . name ] } ) ) ,
91+ } ;
92+ } )
9993 . forEach ( ( a ) => this . process ( a ) ) ;
10094 return this . getSummary ( ) ;
10195 }
0 commit comments