"Fossies" - the Fresh Open Source Software Archive

Member "cli-1.1280.1/src/lib/spotlight-vuln-notification.ts" (20 Feb 2024, 2109 Bytes) of package /linux/misc/snyk-cli-1.1280.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) TypeScript source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 import * as theme from './theme';
    2 import * as createDebug from 'debug';
    3 import { EOL } from 'os';
    4 import config from './config';
    5 import { getVulnerabilityUrl } from './formatters/get-vuln-url';
    6 
    7 const debug = createDebug('snyk-spotlight-vuln-notification');
    8 
    9 const spotlightVulnIds = ['SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720'];
   10 
   11 export function containsSpotlightVulnIds(results: any[]): string[] {
   12   try {
   13     const spotlightVulnsFound = new Set<string>();
   14     for (const r of results) {
   15       if (r.vulnerabilities) {
   16         for (const v of r.vulnerabilities) {
   17           if (spotlightVulnIds.includes(v.id)) {
   18             spotlightVulnsFound.add(v.id);
   19           }
   20         }
   21       }
   22     }
   23     return [...spotlightVulnsFound];
   24   } catch (err) {
   25     debug('Error in containsSpotlightVulnIds()', err);
   26     return [];
   27   }
   28 }
   29 
   30 type VulnerabilityId = string;
   31 
   32 export function notificationForSpotlightVulns(
   33   foundSpotlightVulnsIds: VulnerabilityId[],
   34 ) {
   35   try {
   36     if (foundSpotlightVulnsIds.length > 0) {
   37       let message = '';
   38       for (const vulnId of spotlightVulnIds) {
   39         if (vulnId === 'SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720') {
   40           message += theme.color.severity.critical(
   41             `${theme.icon.WARNING} WARNING: Critical severity vulnerabilities were found with Log4j!` +
   42               EOL,
   43           );
   44 
   45           for (const vulnId of foundSpotlightVulnsIds) {
   46             message += `  - ${vulnId} (See ${getVulnerabilityUrl(vulnId)})`;
   47           }
   48 
   49           message += EOL + EOL;
   50           message +=
   51             theme.color.severity.critical(
   52               `We highly recommend fixing this vulnerability. If it cannot be fixed by upgrading, see mitigation information here:`,
   53             ) +
   54             EOL +
   55             `  - ${config.PUBLIC_VULN_DB_URL}/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720` +
   56             EOL +
   57             `  - https://snyk.io/blog/log4shell-remediation-cheat-sheet/` +
   58             EOL;
   59         }
   60       }
   61       return message;
   62     }
   63     return '';
   64   } catch (err) {
   65     debug('Error in notificationForSpotlightVulns()', err);
   66     return '';
   67   }
   68 }