Skip to content
This repository was archived by the owner on Dec 25, 2025. It is now read-only.

refactor(extract): use scanner extractor api #183

Merged
fraxken merged 1 commit into from
Jun 20, 2025
+16 −39
Merged

refactor(extract): use scanner extractor api #183

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@
"@nodesecure/i18n": "^4.0.1",
"@nodesecure/js-x-ray": "^8.0.0",
"@nodesecure/rc": "^4.0.0",
"@nodesecure/scanner": "^6.1.0",
"@nodesecure/scanner": "^6.8.0",
"@nodesecure/vulnera": "^2.0.1",
"@openally/result": "^1.3.0",
"@topcli/spinner": "^3.0.0",
Expand Down
53 changes: 15 additions & 38 deletions src/analysis/extraction/extract.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,55 +27,32 @@ function keepOnlyWorkableVulns(
return vuln.severity !== undefined || vuln.package !== undefined;
}

function extractDependenciesVulns(
dependencies: Scanner.Dependencies
): WorkableVulnerability[] {
return Object.entries(dependencies)
.flatMap(([_packageName, packageData]) => packageData.vulnerabilities)
.filter(keepOnlyWorkableVulns);
}

function extractDependenciesWarnings(
dependencies: Scanner.Dependencies
): DependencyWarning[] {
return Object.entries(dependencies).map(([packageName, packageData]) => {
return {
package: packageName,
warnings: Object.values(packageData.versions).flatMap(
(packageVersionData) => packageVersionData.warnings
)
};
});
}

function extractDependenciesVulnsAndWarnings(
dependencies: Scanner.Dependencies
): {
warnings: DependencyWarning[];
vulnerabilities: WorkableVulnerability[];
} {
const warnings = extractDependenciesWarnings(dependencies);
const vulnerabilities = extractDependenciesVulns(dependencies);

return { warnings, vulnerabilities };
}

/**
* In order to simplify the next step of scanner payload interpretation, we
* extract reduce the payload data to only match interpreter requirements.
*/
export function extractScannerPayload(
payload: Scanner.Payload
): CompactedScannerPayload {
const { warnings, vulnerabilities } = extractDependenciesVulnsAndWarnings(
payload.dependencies
);
const extractor = new Scanner.Extractors.Payload(payload, [
new Scanner.Extractors.Probes.Vulnerabilities(),
new Scanner.Extractors.Probes.Warnings({
useSpecAsKey: false
})
]);

const { vulnerabilities, warnings } = extractor.extractAndMerge();

return {
warnings: payload.warnings,
dependencies: {
warnings,
vulnerabilities
warnings: Object.entries(warnings.groups).map(([name, warnings]) => {
return {
package: name,
warnings
};
}),
vulnerabilities: vulnerabilities.filter(keepOnlyWorkableVulns)
}
};
}
Loading