Skip to content

Commit

Permalink
test(vulnerability-check): adapt test due to changes in results from …
Browse files Browse the repository at this point in the history 
…npm audit
  • Loading branch information
@hdorgeval
hdorgeval committed Jun 28, 2019
1 parent 2c0ab49 commit a53a537
Showing 1 changed file with 76 additions and 1 deletion.
77 changes: 76 additions & 1 deletion test/09-npm-audit-when-npm-version-gte-6.1.0.spec.js
View file
Expand Up @@ -343,6 +343,13 @@ if (nodeInfos.npmAuditHasJsonReporter) {
depth: 3,
target: '4.17.11',
resolves: [
{
id: 782,
path: 'nsp>inquirer>lodash',
dev: false,
optional: false,
bundled: false,
},
{
id: 577,
path: 'nsp>inquirer>lodash',
Expand All @@ -356,6 +363,21 @@ if (nodeInfos.npmAuditHasJsonReporter) {
action: 'review',
module: 'lodash',
resolves: [
{
id: 782,
path:
'ban-sensitive-files>ggit>lodash',
dev: false,
optional: false,
bundled: false,
},
{
id: 782,
path: 'nsp>cli-table2>lodash',
dev: false,
optional: false,
bundled: false,
},
{
id: 577,
path:
Expand Down Expand Up @@ -426,14 +448,67 @@ if (nodeInfos.npmAuditHasJsonReporter) {
},
url: 'https://npmjs.com/advisories/577',
},
'782': {
findings: [
{
version: '4.17.4',
paths: [
'ban-sensitive-files>ggit>lodash',
'nsp>inquirer>lodash',
],
dev: false,
optional: false,
bundled: false,
},
{
version: '3.10.1',
paths: ['nsp>cli-table2>lodash'],
dev: false,
optional: false,
bundled: false,
},
],
id: 782,
created: '2019-02-13T16:16:53.770Z',
updated: '2019-06-27T14:01:44.172Z',
deleted: null,
title: 'Prototype Pollution',
found_by: {
link: '',
name: 'asgerf',
},
reported_by: {
link: '',
name: 'asgerf',
},
module_name: 'lodash',
cves: ['CVE-2018-16487'],
vulnerable_versions: '<4.17.11',
patched_versions: '>=4.17.11',
overview:
"Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.\n\n",
recommendation:
'Update to version 4.17.11 or later.',
references:
'- [HackerOne Report](https://hackerone.com/reports/380873)',
access: 'public',
severity: 'high',
cwe: 'CWE-471',
metadata: {
module_type: '',
exploitability: 3,
affected_components: '',
},
url: 'https://npmjs.com/advisories/782',
},
},
muted: [],
metadata: {
vulnerabilities: {
info: 0,
low: 3,
moderate: 0,
high: 0,
high: 3,
critical: 0,
},
dependencies: 315,
Expand Down

0 comments on commit a53a537

Please sign in to comment.