forked from stcu/SharedScripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Get-LibraryVulnerabilityInfo.ps1
57 lines (47 loc) · 1.89 KB
/
Get-LibraryVulnerabilityInfo.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<#
.SYNOPSIS
Get the list of module/package/library vulnerabilities from the RetireJS or SafeNuGet projects.
.INPUTS
System.String of a package/module name to search for.
.OUTPUTS
System.Management.Automation.PSCustomObject with details about any vulnerabilities found.
.LINK
Invoke-RestMethod
.LINK
Select-Xml
.EXAMPLE
Get-LibraryVulnerabilityInfo.ps1 Backbone.js
atOrAbove below identifiers info
--------- ----- ----------- ----
0.5.0 @{release=0.5.0; summary=cross-site scripting vulnerability} {http://backbonejs.org/#changelog}
.EXAMPLE
Get-LibraryVulnerabilityInfo.ps1 Backbone.js -Repository nuget
id before infoUri
-- ------ -------
Backbone.js 0.5.3 http://backbonejs.org/#changelog
#>
#Requires -Version 3
[CmdletBinding()][OutputType([Management.Automation.PSCustomObject])] Param(
# The name of the module or package or library to check.
[Parameter(Position=0,Mandatory=$true,ValueFromPipeline=$true)]
[Alias('Module','Package','Library')][string]$Name,
# Whether to check the NPM, JS, or NuGet vulnerability lists.
[ValidateSet('js','npm','nuget')][string]$Repository = 'js'
)
Process
{
if($Repository -eq 'nuget')
{
Invoke-RestMethod https://raw.githubusercontent.com/OWASP/SafeNuGet/master/feed/unsafepackages.xml |
Select-Xml //package |
foreach Node |
where {$_.id -eq $Name} |
foreach {[pscustomobject]@{id=$_.id;before=$_.before;infoUri=$_.infoUri}}
}
else
{
$lib = Invoke-RestMethod https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/${Repository}repository.json
if($lib.$Name) {$lib.$Name.vulnerabilities |select atOrAbove,below,identifiers,info}
else {Write-Warning "$Name not found"}
}
}