-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* docs: fix CVE url logic * chore: add missing line * chore: fix list data (cherry picked from commit 8fb75f8) Co-authored-by: Karl Cardenas <[email protected]>
- Loading branch information
1 parent
8358bb9
commit e154d87
Showing
4 changed files
with
136 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
// generateCVEOfficialDetailsUrl returns a URL that is used to link to the official CVE report. | ||
// The URL is generated based on the cveId. | ||
// The function checks if the cveId starts with "ghsa" and returns a GitHub Security Advisory URL. Other formal sites can be added in the future. | ||
// The default URL is the NVD official CVE report. | ||
function generateCVEOfficialDetailsUrl(cveId) { | ||
let url; | ||
|
||
// If cveId is empty, return the default reports page URL | ||
if (!cveId) { | ||
return "/security-bulletins/reports/"; | ||
} | ||
|
||
switch (true) { | ||
// GitHub Security Advisory | ||
case cveId.toLocaleLowerCase().startsWith("ghsa"): | ||
url = `https://github.com/advisories/${cveId.toLocaleLowerCase()}`; | ||
break; | ||
// Default CVE URL | ||
default: | ||
url = `https://nvd.nist.gov/vuln/detail/${cveId.toLocaleLowerCase()}`; | ||
} | ||
|
||
return url; | ||
} | ||
|
||
module.exports = { | ||
generateCVEOfficialDetailsUrl, | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
const { generateCVEOfficialDetailsUrl } = require("./urls"); | ||
|
||
describe("generateCVEOfficialDetailsUrl", () => { | ||
it("should generate the GitHub Security Advisory URL for CVEs starting with 'ghsa'", () => { | ||
const cveId = "GHSA-27wf-5967-98gx"; | ||
const result = generateCVEOfficialDetailsUrl(cveId); | ||
expect(result).toBe("https://github.com/advisories/ghsa-27wf-5967-98gx"); | ||
}); | ||
|
||
it("should handle 'ghsa' case-insensitively and generate the correct URL", () => { | ||
const cveId = "ghsa-27wf-5967-98gx"; | ||
const result = generateCVEOfficialDetailsUrl(cveId); | ||
expect(result).toBe("https://github.com/advisories/ghsa-27wf-5967-98gx"); | ||
}); | ||
|
||
it("should generate the NVD URL for a CVE ID not starting with 'ghsa'", () => { | ||
const cveId = "CVE-2020-16156"; | ||
const result = generateCVEOfficialDetailsUrl(cveId); | ||
expect(result).toBe("https://nvd.nist.gov/vuln/detail/cve-2020-16156"); | ||
}); | ||
|
||
it("should generate the NVD URL for another CVE ID not starting with 'ghsa'", () => { | ||
const cveId = "CVE-2019-20838"; | ||
const result = generateCVEOfficialDetailsUrl(cveId); | ||
expect(result).toBe("https://nvd.nist.gov/vuln/detail/cve-2019-20838"); | ||
}); | ||
|
||
it("should return the default reports page URL for an empty CVE ID", () => { | ||
const cveId = ""; | ||
const result = generateCVEOfficialDetailsUrl(cveId); | ||
expect(result).toBe("/security-bulletins/reports/"); | ||
}); | ||
|
||
it("should return the NVD URL for a CVE ID with mixed case and normalize it", () => { | ||
const cveId = "CVE-2020-16156"; | ||
const result = generateCVEOfficialDetailsUrl(cveId); | ||
expect(result).toBe("https://nvd.nist.gov/vuln/detail/cve-2020-16156"); | ||
}); | ||
}); |