Merge pull request #48 from homoluctus/fix/cve_references

Fix an error that cve.References is not iterable
lazy-actions · Feb 17, 2020 · 7adbcc6 · 7adbcc6
2 parents 8201c11 + 7b569b6
commit 7adbcc6
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 33 deletions.
diff --git a/__tests__/utils.test.ts b/__tests__/utils.test.ts
@@ -0,0 +1,12 @@
+import { isIterable } from '../src/utils';
+
+describe('isIterable', () => {
+  test.each([
+    ['test', true],
+    [[], true],
+    [['this', 'is', 'test'], true],
+    [{ id: 'test' }, false],
+  ])('input %s', (obj, expected) => {
+    expect(isIterable(obj)).toBe(expected);
+  });
+});
diff --git a/dist/index.js b/dist/index.js
@@ -3427,41 +3427,15 @@ const create = (opt, files) => {
 /***/ }),
 
 /***/ 163:
-/***/ (function(__unusedmodule, exports, __webpack_require__) {
+/***/ (function(__unusedmodule, exports) {
 
 "use strict";
 
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const rest_1 = __webpack_require__(0);
-const github = __importStar(__webpack_require__(469));
-function createIssue(token, options) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const client = new rest_1.Octokit({ auth: token });
-        const { data: issue, } = yield client.issues.create(Object.assign(Object.assign({}, github.context.repo), options));
-        const result = {
-            issueNumber: issue.number,
-            htmlUrl: issue.html_url,
-        };
-        return result;
-    });
+function isIterable(obj) {
+    return obj != null && typeof obj[Symbol.iterator] === 'function';
 }
-exports.createIssue = createIssue;
+exports.isIterable = isIterable;
 
 
 /***/ }),
@@ -7116,7 +7090,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(__webpack_require__(470));
 const trivy_1 = __webpack_require__(737);
-const issue_1 = __webpack_require__(163);
+const issue_1 = __webpack_require__(486);
 function run() {
     return __awaiter(this, void 0, void 0, function* () {
         try {
@@ -10495,6 +10469,46 @@ module.exports = {
 }
 
 
+/***/ }),
+
+/***/ 486:
+/***/ (function(__unusedmodule, exports, __webpack_require__) {
+
+"use strict";
+
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const rest_1 = __webpack_require__(0);
+const github = __importStar(__webpack_require__(469));
+function createIssue(token, options) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const client = new rest_1.Octokit({ auth: token });
+        const { data: issue, } = yield client.issues.create(Object.assign(Object.assign({}, github.context.repo), options));
+        const result = {
+            issueNumber: issue.number,
+            htmlUrl: issue.html_url,
+        };
+        return result;
+    });
+}
+exports.createIssue = createIssue;
+
+
 /***/ }),
 
 /***/ 489:
@@ -13706,6 +13720,7 @@ const tar_1 = __importDefault(__webpack_require__(885));
 const rest_1 = __webpack_require__(0);
 const node_fetch_1 = __importDefault(__webpack_require__(454));
 const child_process_1 = __webpack_require__(129);
+const utils_1 = __webpack_require__(163);
 class Downloader {
     constructor() {
         this.githubClient = new rest_1.Octokit();
@@ -13846,7 +13861,10 @@ class Trivy {
                 vulnTable += `|${cve.VulnerabilityID || 'N/A'}|${cve.PkgName || 'N/A'}`;
                 vulnTable += `|${cve.InstalledVersion || 'N/A'}|${cve.FixedVersion ||
                     'N/A'}|`;
-                for (const reference of cve.References) {
+                const references = cve.References;
+                if (!utils_1.isIterable(references))
+                    continue;
+                for (const reference of references) {
                     vulnTable += `${reference || 'N/A'}<br>`;
                 }
                 vulnTable.replace(/<br>$/, '|\n');

diff --git a/src/trivy.ts b/src/trivy.ts
@@ -6,6 +6,7 @@ import fetch, { Response } from 'node-fetch';
 import { spawnSync, SpawnSyncReturns } from 'child_process';
 
 import { TrivyOption, Vulnerability } from './interface';
+import { isIterable } from './utils';
 
 export class Downloader {
   githubClient: Octokit;
@@ -180,7 +181,9 @@ export class Trivy {
         vulnTable += `|${cve.InstalledVersion || 'N/A'}|${cve.FixedVersion ||
           'N/A'}|`;
 
-        for (const reference of cve.References) {
+        const references = cve.References;
+        if (!isIterable(references)) continue;
+        for (const reference of references) {
           vulnTable += `${reference || 'N/A'}<br>`;
         }
 

diff --git a/src/utils.ts b/src/utils.ts
@@ -0,0 +1,3 @@
+export function isIterable(obj: Object): Boolean {
+  return obj != null && typeof obj[Symbol.iterator] === 'function';
+}