refactor(npm-db): update author field to be more verbose (#314)

* refactor(npm-db): update author field to be more verbose This splits up the author field into 3 fields - name - website - username ``` "author": { "name": "Cal Leeming", "website": null, "username": null } ``` * fix(npm-vuln): change author with null to "unknown" * refactor(npm-db): migrate author field to be more verbose
nodejs · Aug 1, 2018 · 9eacac1 · 9eacac1
1 parent 1d1714e
commit 9eacac1
Show file tree

Hide file tree

Showing 409 changed files with 2,116 additions and 414 deletions.
diff --git a/tools/migrations/transform_author.js b/tools/migrations/transform_author.js
@@ -0,0 +1,56 @@
+'use strict'
+
+const fs = require('fs');
+
+const npmVulnerabilityPath = './vuln/npm';
+const npmVulnerabilityPathNew = './vuln/npm_new';
+
+const list = fs.readdirSync(npmVulnerabilityPath);
+
+if (!fs.existsSync(npmVulnerabilityPathNew)) {
+  fs.mkdirSync(npmVulnerabilityPathNew);
+}
+
+function parseAuthor(name) {
+  const pattern = new RegExp(/^(.*) \((https?:\/\/.*)\)$|^(.*) \((.*)\)$|^(.*)$/);
+  const matches = name.match(pattern);
+  var name = null;
+  var website = null;
+  var username = null;
+  if (matches[1] != undefined && matches[2] != undefined) {
+    name = matches[1];
+    website = matches[2];
+
+  } else if (matches[3] != undefined && matches[4] != undefined) {
+    name = matches[3];
+    username = matches[4];
+  } else if (matches[5] != undefined) {
+    name = matches[5];
+  }
+
+  return {
+    name: name,
+    website: website,
+    username: username
+  };
+}
+
+list.forEach((filePath) => {
+  const fileContents = JSON.parse(fs.readFileSync(npmVulnerabilityPath + '/' + filePath, 'utf8'));
+  // console.log(fileContents.author);
+  const name = fileContents.author;
+
+  if (name != null) {
+    var author = parseAuthor(name);
+    fileContents.author = author;
+    fs.writeFileSync(npmVulnerabilityPathNew + '/' + filePath, JSON.stringify(fileContents, null, 2) + "\n");
+
+  }
+  else {
+    console.log(npmVulnerabilityPath + '/' + filePath);
+  }
+})
+
+
+fs.renameSync(npmVulnerabilityPath, npmVulnerabilityPath + '_old');
+fs.renameSync(npmVulnerabilityPathNew, npmVulnerabilityPath);
diff --git a/tools/vuln_valid/index.js b/tools/vuln_valid/index.js
@@ -24,7 +24,13 @@ const npmModel = joi.object().keys({
   updated_at: joi.string().regex(/^\d{4}-\d{2}-\d{2}$/).required().isoDate(),
   title: joi.string().required(),
   title: joi.string().max(150).regex(/^[^\n]+$/).required(),
-  author: joi.string().allow(null).required(),
+  author: joi.object().keys(
+    {
+      name: joi.string().required(),
+      username: joi.string().required().allow(null),
+      website: joi.string().required().allow(null)
+    }
+  ),
   module_name: joi.string().required(),
   publish_date: joi.string().regex(/^\d{4}-\d{2}-\d{2}$/).required().isoDate(),
   vulnerable_versions: joi.alternatives().when("patched_versions", {

diff --git a/vuln/npm/1.json b/vuln/npm/1.json
@@ -3,7 +3,11 @@
   "created_at": "2015-10-17",
   "updated_at": "2016-04-28",
   "title": "Arbitrary JavaScript Execution",
-  "author": "Jarda Kotěšovec",
+  "author": {
+    "name": "Jarda Kotěšovec",
+    "website": null,
+    "username": null
+  },
   "module_name": "bassmaster",
   "publish_date": "2014-09-27",
   "cves": [

diff --git a/vuln/npm/10.json b/vuln/npm/10.json
@@ -3,7 +3,11 @@
   "created_at": "2015-10-17",
   "updated_at": "2016-04-20",
   "title": "Directory Traversal",
-  "author": "Vikram Chaitanya",
+  "author": {
+    "name": "Vikram Chaitanya",
+    "website": null,
+    "username": null
+  },
   "module_name": "geddy",
   "publish_date": "2015-07-27",
   "cves": [

diff --git a/vuln/npm/100.json b/vuln/npm/100.json
@@ -3,7 +3,11 @@
   "created_at": "2016-04-15",
   "updated_at": "2017-04-14",
   "title": "Regular Expression Denial Of Service",
-  "author": "Peter Dotchev",
+  "author": {
+    "name": "Peter Dotchev",
+    "website": null,
+    "username": null
+  },
   "module_name": "uri-js",
   "publish_date": "2017-04-14",
   "cves": [],

diff --git a/vuln/npm/101.json b/vuln/npm/101.json
@@ -3,7 +3,11 @@
   "created_at": "2016-04-18",
   "updated_at": "2017-01-20",
   "title": "Sanitization bypass using HTML Entities",
-  "author": "Matt Austin",
+  "author": {
+    "name": "Matt Austin",
+    "website": null,
+    "username": null
+  },
   "module_name": "marked",
   "publish_date": "2016-04-18",
   "cves": [],

diff --git a/vuln/npm/102.json b/vuln/npm/102.json
@@ -3,7 +3,11 @@
   "created_at": "2016-04-18",
   "updated_at": "2016-10-31",
   "title": "Improper Escaping of Bound Arrays",
-  "author": "Leibale Eidelman",
+  "author": {
+    "name": "Leibale Eidelman",
+    "website": null,
+    "username": null
+  },
   "module_name": "sequelize",
   "publish_date": "2016-10-31",
   "cves": [],

diff --git a/vuln/npm/104.json b/vuln/npm/104.json
@@ -3,7 +3,11 @@
   "created_at": "2016-04-21",
   "updated_at": "2016-06-22",
   "title": "SSL Validation Defaults to False",
-  "author": "Mark Lee",
+  "author": {
+    "name": "Mark Lee",
+    "website": null,
+    "username": null
+  },
   "module_name": "electron-packager",
   "publish_date": "2016-04-22",
   "cves": [],

diff --git a/vuln/npm/106.json b/vuln/npm/106.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-04",
   "updated_at": "2016-06-16",
   "title": "Regular Expression Denial of Service",
-  "author": "Adam Baldwin",
+  "author": {
+    "name": "Adam Baldwin",
+    "website": null,
+    "username": null
+  },
   "module_name": "negotiator",
   "publish_date": "2016-06-16",
   "cves": [],

diff --git a/vuln/npm/107.json b/vuln/npm/107.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-05",
   "updated_at": "2016-06-27",
   "title": "Cross Site Scripting",
-  "author": "Unknown",
+  "author": {
+    "name": "Unknown",
+    "website": null,
+    "username": null
+  },
   "module_name": "dojo",
   "publish_date": "2016-05-23",
   "cves": [

diff --git a/vuln/npm/108.json b/vuln/npm/108.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-05",
   "updated_at": "2016-05-23",
   "title": "Cross Site Scripting",
-  "author": "Unknown",
+  "author": {
+    "name": "Unknown",
+    "website": null,
+    "username": null
+  },
   "module_name": "backbone",
   "publish_date": "2016-05-23",
   "cves": [],

diff --git a/vuln/npm/109.json b/vuln/npm/109.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-05",
   "updated_at": "2016-10-31",
   "title": "Potential SQL Injection",
-  "author": null,
+  "author": {
+    "name": "unknown",
+    "website": null,
+    "username": null
+  },
   "module_name": "sequelize",
   "publish_date": "2016-10-31",
   "cves": [],

diff --git a/vuln/npm/11.json b/vuln/npm/11.json
@@ -3,7 +3,11 @@
   "created_at": "2015-10-17",
   "updated_at": "2016-04-28",
   "title": "File Descriptor Leak Can Cause DoS Vulnerability",
-  "author": "Jo Liss",
+  "author": {
+    "name": "Jo Liss",
+    "website": null,
+    "username": null
+  },
   "module_name": "hapi",
   "publish_date": "2014-02-14",
   "cves": [

diff --git a/vuln/npm/112.json b/vuln/npm/112.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-05",
   "updated_at": "2016-10-31",
   "title": "SQL Injection",
-  "author": "Spencer Creasey",
+  "author": {
+    "name": "Spencer Creasey",
+    "website": null,
+    "username": null
+  },
   "module_name": "sequelize",
   "publish_date": "2016-10-31",
   "cves": [],

diff --git a/vuln/npm/113.json b/vuln/npm/113.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-05",
   "updated_at": "2016-10-31",
   "title": "SQL Injection",
-  "author": null,
+  "author": {
+    "name": "unknown",
+    "website": null,
+    "username": null
+  },
   "module_name": "sequelize",
   "publish_date": "2016-10-31",
   "cves": [],

diff --git a/vuln/npm/114.json b/vuln/npm/114.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-05",
   "updated_at": "2017-02-10",
   "title": "Insecure Defaults Leads to Potential MITM",
-  "author": "Adam Baldwin",
+  "author": {
+    "name": "Adam Baldwin",
+    "website": null,
+    "username": null
+  },
   "module_name": "ezseed-transmission",
   "publish_date": "2016-07-29",
   "cves": [

diff --git a/vuln/npm/115.json b/vuln/npm/115.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-06",
   "updated_at": "2016-10-31",
   "title": "SQL Injection",
-  "author": "James Hush",
+  "author": {
+    "name": "James Hush",
+    "website": null,
+    "username": null
+  },
   "module_name": "waterline-sequel",
   "publish_date": "2016-10-31",
   "cves": [],

diff --git a/vuln/npm/116.json b/vuln/npm/116.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-15",
   "updated_at": "2016-10-31",
   "title": "Resources Downloaded over Insecure Protocol",
-  "author": "Adam Baldwin",
+  "author": {
+    "name": "Adam Baldwin",
+    "website": null,
+    "username": null
+  },
   "module_name": "igniteui",
   "publish_date": "2016-10-31",
   "cves": [],

diff --git a/vuln/npm/117.json b/vuln/npm/117.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-16",
   "updated_at": "2016-06-21",
   "title": "Potential Command Injection",
-  "author": "Koki Takahashi, Node Security Team",
+  "author": {
+    "name": "Koki Takahashi, Node Security Team",
+    "website": null,
+    "username": null
+  },
   "module_name": "shell-quote",
   "publish_date": "2016-06-21",
   "cves": [],

diff --git a/vuln/npm/118.json b/vuln/npm/118.json
@@ -3,7 +3,11 @@
   "created_at": "2016-05-25",
   "updated_at": "2016-08-09",
   "title": "Regular Expression Denial of Service",
-  "author": "Nick Starke",
+  "author": {
+    "name": "Nick Starke",
+    "website": null,
+    "username": null
+  },
   "module_name": "minimatch",
   "publish_date": "2016-06-20",
   "cves": [],

diff --git a/vuln/npm/12.json b/vuln/npm/12.json
@@ -3,7 +3,11 @@
   "created_at": "2015-10-17",
   "updated_at": "2016-07-25",
   "title": "Rosetta-Flash JSONP Vulnerability",
-  "author": "Michele Spagnuolo",
+  "author": {
+    "name": "Michele Spagnuolo",
+    "website": null,
+    "username": null
+  },
   "module_name": "hapi",
   "publish_date": "2014-07-08",
   "cves": [

diff --git a/vuln/npm/120.json b/vuln/npm/120.json
@@ -3,7 +3,11 @@
   "created_at": "2016-06-24",
   "updated_at": "2016-06-24",
   "title": "DoS due to excessively large websocket message",
-  "author": "Fedor Indutny",
+  "author": {
+    "name": "Fedor Indutny",
+    "website": null,
+    "username": null
+  },
   "module_name": "ws",
   "publish_date": "2016-06-24",
   "cves": [],

diff --git a/vuln/npm/121.json b/vuln/npm/121.json
@@ -3,7 +3,11 @@
   "created_at": "2016-07-05",
   "updated_at": "2016-07-05",
   "title": "Invalid input to route validation rules",
-  "author": "Nicolas Morel",
+  "author": {
+    "name": "Nicolas Morel",
+    "website": null,
+    "username": null
+  },
   "module_name": "call",
   "publish_date": "2016-07-05",
   "cves": [],

diff --git a/vuln/npm/122.json b/vuln/npm/122.json
@@ -3,7 +3,11 @@
   "created_at": "2016-07-18",
   "updated_at": "2017-02-10",
   "title": "SQL Injection via GeoJSON",
-  "author": "Eric Schoffstall",
+  "author": {
+    "name": "Eric Schoffstall",
+    "website": null,
+    "username": null
+  },
   "module_name": "sequelize",
   "publish_date": "2016-07-18",
   "cves": [

diff --git a/vuln/npm/123.json b/vuln/npm/123.json
@@ -3,7 +3,11 @@
   "created_at": "2016-07-20",
   "updated_at": "2017-02-10",
   "title": "XSS in Consumes/Produces Parameter",
-  "author": "Joe Vennix",
+  "author": {
+    "name": "Joe Vennix",
+    "website": null,
+    "username": null
+  },
   "module_name": "swagger-ui",
   "publish_date": "2016-07-20",
   "cves": [

diff --git a/vuln/npm/124.json b/vuln/npm/124.json
@@ -3,7 +3,11 @@
   "created_at": "2016-07-20",
   "updated_at": "2017-02-10",
   "title": "XSS in itemTitle parameter",
-  "author": "Alex Wong",
+  "author": {
+    "name": "Alex Wong",
+    "website": null,
+    "username": null
+  },
   "module_name": "bootstrap-tagsinput",
   "publish_date": "2016-07-20",
   "cves": [

diff --git a/vuln/npm/125.json b/vuln/npm/125.json
@@ -3,7 +3,11 @@
   "created_at": "2016-07-21",
   "updated_at": "2017-02-10",
   "title": "DOM-based XSS",
-  "author": "Gursev Singh Kalra",
+  "author": {
+    "name": "Gursev Singh Kalra",
+    "website": null,
+    "username": null
+  },
   "module_name": "gmail-js",
   "publish_date": "2016-07-21",
   "cves": [