From 4adc95291f6d320c9f83d194ed1b4c2213c47888 Mon Sep 17 00:00:00 2001 From: Mathilde Date: Thu, 27 May 2021 10:13:50 +0100 Subject: [PATCH] fix: add Advisory and remove quotes on undefined --- src/lib/convert-issue-to-spdx.ts | 8 +-- src/types.ts | 4 +- .../convert-issue-to-spdx.spec.ts.snap | 2 +- test/lib/__snapshots__/index.spec.ts.snap | 54 +++++++++---------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/src/lib/convert-issue-to-spdx.ts b/src/lib/convert-issue-to-spdx.ts index c909224..3c5e18f 100644 --- a/src/lib/convert-issue-to-spdx.ts +++ b/src/lib/convert-issue-to-spdx.ts @@ -10,7 +10,7 @@ function getVulnerabilityRating( }; const vulnerabilityRating: types.VulnerabilityRating = { - method: issue.CVSSv3 ? 'CVSS_3' : 'undefined', // must be CVSS_2, CVSS_3, OWASP_RISK or OTHER + method: issue.CVSSv3 ? 'CVSS_3' : undefined, // must be CVSS_2, CVSS_3, OWASP_RISK or OTHER score: [vulnerabilityRatingScore], severity: issue.severity, // exploitability score of the vulnerability either None, Low, Medium, High or Critical vector: issue.CVSSv3, @@ -28,7 +28,7 @@ function getExternalReferencesRelationships( externalReferencesRelationship = references ? references.map((step) => { return { - category: undefined, // not amndatory,but should be either ADVISORY, ARTICLE, FIX, REPORT or OTHER. + category: 'ADVISORY', // not mandatory,but should be either ADVISORY, ARTICLE, FIX, REPORT or OTHER. locator: step.url, // url }; }) @@ -74,7 +74,7 @@ function getVulnerabilityRelationship( type: 'AFFECTS', }; - const vulnerabilityfoundBy: types.AffectedBy = { + const vulnerabilityFoundBy: types.AffectedBy = { to: issue.credit, type: 'FOUND_BY', }; @@ -95,7 +95,7 @@ function getVulnerabilityRelationship( const relationship: types.VulnerabilityRelationship[] = [ { affect: vulnerabilityAffect, - foundBy: vulnerabilityfoundBy, + foundBy: vulnerabilityFoundBy, suppliedBy: vulnerabilitySuppliedBy, ratedBy: ratedBy, }, diff --git a/src/types.ts b/src/types.ts index 697d273..ec21bf2 100644 --- a/src/types.ts +++ b/src/types.ts @@ -14,7 +14,7 @@ export interface SPDXv3 { // Single line of text with the following keywords: // "Person: person name" and optional "(email)" // "Organization: organization" and optional "(email)" - // "Tool: toolidentifier-version" + // "Tool: toolIdentifier-version" creator: string; vulnerabilities: Vulnerability[]; defectResponses?: DefectResponse[]; @@ -62,7 +62,7 @@ export interface RatedBy { } export interface VulnerabilityRating { - method: string; // must be CVSS_2, CVSS_3, OWASP_RISK or OTHER + method: string | undefined; // must be CVSS_2, CVSS_3, OWASP_RISK or OTHER score: VulnerabilityRatingScore[]; severity: string; // exploitability score of the vulnerability either None, Low, Medium, High or Critical vector: string; // textual representation of the metric values used diff --git a/test/lib/__snapshots__/convert-issue-to-spdx.spec.ts.snap b/test/lib/__snapshots__/convert-issue-to-spdx.spec.ts.snap index 6f525f8..e0e1abe 100644 --- a/test/lib/__snapshots__/convert-issue-to-spdx.spec.ts.snap +++ b/test/lib/__snapshots__/convert-issue-to-spdx.spec.ts.snap @@ -73,7 +73,7 @@ Upgrade \`json\` to version 2.3.0 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", }, ], diff --git a/test/lib/__snapshots__/index.spec.ts.snap b/test/lib/__snapshots__/index.spec.ts.snap index 2df1026..0a27cb6 100644 --- a/test/lib/__snapshots__/index.spec.ts.snap +++ b/test/lib/__snapshots__/index.spec.ts.snap @@ -74,7 +74,7 @@ Upgrade \`json\` to version 2.3.0 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", }, ], @@ -145,7 +145,7 @@ Affected versions of this gem are vulnerable to arbitrary command executions due Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "http://rubysec.com/advisories/OSVDB-108579", }, ], @@ -216,7 +216,7 @@ Affected versions of this gem are vulnerable due to a flaw in \`command/basic.rb Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "http://rubysec.com/advisories/CVE-2014-5002", }, ], @@ -296,15 +296,15 @@ Upgrade \`django\` to version 2.2.19, 3.0.13, 3.1.7 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://www.djangoproject.com/weblog/2021/feb/19/security-releases/", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/commit/be8237c7cce24b06aabde0b97afce98ddabbe3b6", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/", }, ], @@ -410,23 +410,23 @@ Upgrade \`django\` to version 2.2.20, 3.0.14, 3.1.8 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/commit/2820fd1be5dfccbf1216c3845fad8580502473e1", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/commit/cca0d98118cccf9ae0c6dcf2d6c57fc50469fbf0", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/commit/e7fba62248f604c76da4f23dcf1db4a57b0808ea", }, ], @@ -529,11 +529,11 @@ Upgrade \`django\` to version 2.2.21, 3.1.9, 3.2.1 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://www.djangoproject.com/weblog/2021/may/04/security-releases/", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007", }, ], @@ -611,19 +611,19 @@ Upgrade \`django\` to version 3.2.2, 3.1.10, 2.2.22 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://www.djangoproject.com/weblog/2021/may/06/security-releases/", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/django/django/pull/14360", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1804086.html", }, ], @@ -766,11 +766,11 @@ Upgrade \`jinja2\` to version 2.11.3 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/pallets/jinja/pull/1343", }, ], @@ -843,7 +843,7 @@ Upgrade \`jinja2\` to version 2.10.1 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://palletsprojects.com/blog/jinja-2-10-1-released", }, ], @@ -920,23 +920,23 @@ FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary direc Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/mitsuhiko/jinja2/pull/292", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/mitsuhiko/jinja2/pull/296", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0012", }, Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://bugzilla.redhat.com/show_bug.cgi?id=1051421", }, ], @@ -1009,7 +1009,7 @@ Upgrade \`jinja2\` to version 2.8.1 or higher. Object { "externalReferencesRelationships": Array [ Object { - "category": undefined, + "category": "ADVISORY", "locator": "https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16", }, ], @@ -1098,7 +1098,7 @@ Upgrade \`jinja2\` to version 2.8.1 or higher. "cwes": Array [], "rating": Array [ Object { - "method": "undefined", + "method": undefined, "score": Array [ Object { "base": undefined,