util::resources::check_vulnerability (public)

 util::resources::check_vulnerability -service service -library library \
    -version version

Defined in packages/acs-tcl/tcl/utilities-procs.tcl

Return a dict containing vulnerability info with the keys "hasVulnerability", "libraryURL" and "versionURL"

Switches:

-service

(required)

name of the vulnerability checking service (currently only synk)

-library

(required)

name of the library as named by the vulnerability service

-version

(required)

version of the library to be checked

Partial Call Graph (max 5 caller/called nodes):

Testcases:

No testcase defined.

Source code:

        set hasVulnerability ?
        switch $service {
            snyk {
                set vulnerabilityCheckURL https://security.snyk.io/package/npm/$library
                set vulnerabilityCheckVersionURL https://security.snyk.io/package/npm/$library/$version
                set vulnerabilityAdvisorURL https://snyk.io/advisor/npm-package/$library
                set page [::util::resources::http_get_with_default  -url $vulnerabilityCheckVersionURL  -key snyk-$library/$version]
                if {$page eq ""} {
                    unset vulnerabilityCheckVersionURL
                    ns_log notice "check_vulnerability: request failed $vulnerabilityCheckVersionURL"
                } else {
                    set hasVulnerability [string match "*PackageVulnerabilitiesTable*" $page]
                    #ns_log notice RESULT=$page
                }
            }
            default {
                error "check_vulnerability: unknown service '$service'"
            }
        }
        ns_log notice "=== check_vulnerability for $library @$version -> $hasVulnerability"
        return [list hasVulnerability $hasVulnerability  libraryURL $vulnerabilityCheckURL  versionURL $vulnerabilityCheckVersionURL  advisorURL $vulnerabilityAdvisorURL]

XQL Not present:

PostgreSQL, Oracle

Generic XQL file:

packages/acs-tcl/tcl/utilities-procs.xql