secureCodeBox/secureCodeBox-v2-alpha

View on GitHub
scanners/trivy/parser/parser.js

Summary

Maintainability
A
1 hr
Test Coverage
B
88%
Function `parse` has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.
async function parse(scanResults) {
// The first scan always contains the image id a similar format to: "bkimminich/juice-shop:v10.2.0 (alpine 3.11.5)"
const [imageScanResult] = scanResults;
const [imageId] = imageScanResult.Target.split(" ", 2);
 
const findings = [];
 
for (const { Target: target, Vulnerabilities } of scanResults) {
const vulnerabilities = Vulnerabilities || [];
let category = "Image Vulnerability";
if (target.endsWith("package-lock.json")) {
category = "NPM Package Vulnerability";
} else if (target.endsWith("Gemfile.lock")) {
category = "Ruby Package Vulnerability";
} else if (target.endsWith("Pipfile.lock")) {
category = "Python Package Vulnerability";
} else if (target.endsWith("Cargo.lock")) {
category = "Python Package Vulnerability";
} else if (target.endsWith("Composer.lock")) {
category = "PHP Package Vulnerability";
}
 
for (const vulnerability of vulnerabilities) {
let reference = null;
 
if (vulnerability.VulnerabilityID.startsWith("CVE-")) {
reference = {
id: vulnerability.VulnerabilityID,
source: `https://nvd.nist.gov/vuln/detail/${vulnerability.VulnerabilityID}`,
};
} else if (vulnerability.VulnerabilityID.startsWith("NSWG-")) {
reference = {
id: vulnerability.VulnerabilityID,
source: `https://github.com/nodejs/security-wg/tree/master/vuln`,
};
}
 
findings.push({
name: vulnerability.Title,
description: vulnerability.Description,
category,
location: imageId,
osi_layer: "NOT_APPLICABLE",
severity: vulnerability.Severity,
reference,
attributes: {
installedVersion: vulnerability.InstalledVersion,
fixedVersion: vulnerability.FixedVersion,
packageName: vulnerability.PkgName,
vulnerabilityId: vulnerability.VulnerabilityID,
references: vulnerability.References,
},
});
}
}
 
return findings;
}
 
module.exports.parse = parse;