gpt4 book ai didi

node.js - 如何利用 npm 审计?

转载 作者:搜寻专家 更新时间:2023-10-31 22:25:09 27 4
gpt4 key购买 nike

TLDR:是否可以利用npm audit的漏洞检测能力?作为一种 Restful 服务而不是当前的 CLI 实现?
npm针对 Node 安全平台 (NSP) 漏洞数据库,针对每个安装请求提供自动漏洞扫描,并在您尝试使用不安全代码时发出警告。此外,npm audit递归分析您的依赖树,以明确识别不安全的内容、推荐替代品或使用 npm audit fix 自动修复它。

此功能很棒,我希望能够在 Web 应用程序中利用此漏洞扫描功能。那我为什么要这样做呢?

似乎大多数公司都拥有一个内部 JFrog 存储库,它需要不断更新和维护才能镜像 npmjs .但是,更有效的方法(在我看来)是使用 mitmproxy 创建一个简单的 Web 应用程序。嵌入其中。然后,该 Web 应用程序将更像一个代理,并允许根据自定义业务逻辑和/或 npm 审计漏洞报告结果过滤掉 npm 请求。这样做的好处是允许人们自定义他们的风险评估容忍度以及利用 npmjs 分发请求的库。因此,这将消除公司托管任何内部 JFrog 实例的需要,并可能通过让 npmjs 处理所述库的托管来降低成本。

下面列出的是 npm audit 的一部分报告:

$ npm audit

审核报告样本:
                        === npm audit security report ===  

# ... Removed unnecessary details

# Run npm install jquery@3.4.1 to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ jquery │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ jquery │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ jquery │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/796 │
└───────────────┴──────────────────────────────────────────────────────────────┘


found 88 vulnerabilities (63 low, 10 moderate, 15 high) in 36801 scanned packages
run `npm audit fix` to fix 1 of them.
87 vulnerabilities require semver-major dependency updates.

我看到了 npm audit正在利用以下 url 进行漏洞检测:
https://nodesecurity.io/advisories/<id>

哪里 <id>是一个代表相关图书馆的数字。在我的例子中:jquery => 796。

我不知道如何将此组件名称复制到我端的 id 映射,缺少手动操作,以便抓取漏洞详细信息的响应。我知道这个 API 的内部工作是出于安全原因故意混淆的,通常大多数安全提供商都希望为他们的服务赚钱。

话虽如此,第一遍知道是否 <package>@<version>高/中/低脆弱性就足够了。我看到有一个嵌入式 <script>包含漏洞详细信息的 html 页面中的标记:
<script integrity="sha512-2KUTRVRvbDU3H6wROMklMMJqo9viHDRE+eOC56AIunI3PWKmCX1sVagJux/7BdYxpbbdgUi2sDJGhHEl499Tzw==">window.__context__ = {"context":{"advisoryData":{"id":796,"created":"2019-04-02T21:06:11.895Z","updated":"2019-04-23T14:29:39.788Z","deleted":null,"title":"Prototype Pollution","found_by":{"link":"","name":"asgerf"},"reported_by":{"link":"","name":"asgerf"},"module_name":"jquery","cves":["CVE-2019-5428"],"vulnerable_versions":"\u003c3.4.0","patched_versions":"\u003e=3.4.0","overview":"Versions of `jquery`  prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for `Object` causing changes in properties that will exist on all objects.","recommendation":"Upgrade to version 3.4.0 or later.","references":"- [HackerOne Report](https://hackerone.com/reports/454365)","access":"public","severity":"moderate","cwe":"CWE-471","url":"https://npmjs.com/advisories/796","urls":{"detail":"/v1/advisories/advisory/796","prev":"/v1/advisories/advisory/795","next":"/v1/advisories/advisory/797"},"formatted":{"overview":"\u003cp\u003eVersions of \u003ccode\u003ejquery\u003c/code\u003e  prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for \u003ccode\u003eObject\u003c/code\u003e causing changes in properties that will exist on all objects.\u003c/p\u003e\n","recommendation":"\u003cp\u003eUpgrade to version 3.4.0 or later.\u003c/p\u003e\n","references":"\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://hackerone.com/reports/454365\" rel=\"nofollow\"\u003eHackerOne Report\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n","created":"Apr 2nd, 9:06:11 pm","updated":"Apr 23rd, 2:29:39 pm"}},"events":[{"id":1419,"advisory_id":796,"created":"2019-04-23T14:29:39.821Z","type":"published","message":"Advisory Published","formatted":{"created":"Apr 23rd, 2019"}},{"id":1354,"advisory_id":796,"created":"2019-04-02T21:06:11.904Z","type":"reported","message":"Reported by asgerf","formatted":{"created":"Apr 2nd, 2019"}}],"user":{"tfa":false,"name":"wright1242","isStaff":false,"deactivated":null,"avatars":{"small":"https://s.gravatar.com/avatar/c273b03158ed9f9f045f476897b235fa?size=50\u0026default=retro","medium":"https://s.gravatar.com/avatar/c273b03158ed9f9f045f476897b235fa?size=100\u0026default=retro","large":"https://s.gravatar.com/avatar/c273b03158ed9f9f045f476897b235fa?size=496\u0026default=retro"},"resource":{"fullname":"Nathan Wright"},"is_delegated":false,"email_verified":true,"created":{"ts":1553877333697,"rel":"3 months ago"},"updated":"2019-03-29T16:35:33.695Z"},"csrftoken":"plyisfZBsPE1Ede0ico2RTod6B60nd7l1qHPvREr-mw","notifications":[],"npmExpansions":["Nimble Porridge Muncher","Now, Push Me","Next Phenomenal Microbrewery","npm promulgates marsupials","Newton's Poleless Magnet","Nested Public Modules","New Powerful Machines","No Prize Money","Nostalgic Pickled Mango","Neolithic Populous Metropolis"],"isNpme":false},"chunks":{"commons":["commons.4d94cbb36d7d9f02c2f4.js","commons.4d94cbb36d7d9f02c2f4.js.map"],"styles":["styles.a34b113ba89c0a069aa9.css","minicssextractbug.ece81719b14e4fb51acb.js","styles.a34b113ba89c0a069aa9.css.map","minicssextractbug.ece81719b14e4fb51acb.js.map"],"advisories/detail":["advisories/detail.e640a34c8a03ac2c51e8.js","advisories/detail.e640a34c8a03ac2c51e8.js.map"],"advisories/list":["advisories/list.49eaf09da2c66523e9cd.js","advisories/list.49eaf09da2c66523e9cd.js.map"],"advisories/report":["advisories/report.6b5a536458e618cb3ae5.js","advisories/report.6b5a536458e618cb3ae5.js.map"],"advisories/versions":["advisories/versions.5ce20fcc3f3f3e620292.js","advisories/versions.5ce20fcc3f3f3e620292.js.map"],"auth/cli":["auth/cli.31c9a365866841fcc4fe.js","auth/cli.31c9a365866841fcc4fe.js.map"],"auth/common-passwords":["auth/common-passwords.32150bf4a63195186b9e.js","auth/common-passwords.32150bf4a63195186b9e.js.map"],"auth/escalate":["auth/escalate.5d3004f00377e61c65ff.js","auth/escalate.5d3004f00377e61c65ff.js.map"],"auth/forgot":["auth/forgot.4b4e93ca04ea1741a235.js","auth/forgot.4b4e93ca04ea1741a235.js.map"],"auth/forgot-sent":["auth/forgot-sent.b6a321ab13288fbdb321.js","auth/forgot-sent.b6a321ab13288fbdb321.js.map"],"auth/invite-signup":["auth/invite-signup.1374d727ca7f216f4df6.js","auth/invite-signup.1374d727ca7f216f4df6.js.map"],"auth/login":["auth/login.8d9b5fe8a19cbc186849.js","auth/login.8d9b5fe8a19cbc186849.js.map"],"auth/otp":["auth/otp.17f71c286c4ef5838c10.js","auth/otp.17f71c286c4ef5838c10.js.map"],"auth/reset-password":["auth/reset-password.b20251afbd7655b491c1.js","auth/reset-password.b20251afbd7655b491c1.js.map"],"auth/signup":["auth/signup.38e2de18a3d7d49e1901.js","auth/signup.38e2de18a3d7d49e1901.js.map"],"auth/sso-signup":["auth/sso-signup.8c3feddbe01f02ad701b.js","auth/sso-signup.8c3feddbe01f02ad701b.js.map"],"billing/detail":["billing/detail.7c30c25000cb18635fad.js","billing/detail.7c30c25000cb18635fad.js.map"],"billing/downgrade":["billing/downgrade.3be55cca5333d74807d5.js","billing/downgrade.3be55cca5333d74807d5.js.map"],"billing/upgrade":["billing/upgrade.aa74d23e03f79c2b1e56.js","billing/upgrade.aa74d23e03f79c2b1e56.js.map"],"contact/contact":["contact/contact.8662906bb6004554b3f2.js","contact/contact.8662906bb6004554b3f2.js.map"],"debug/badstatus":["debug/badstatus.c7bb04c58ae395906dbf.js","debug/badstatus.c7bb04c58ae395906dbf.js.map"],"debug/detail":["debug/detail.34b54844c3ec9f69e471.js","debug/detail.34b54844c3ec9f69e471.js.map"],"debug/failcomponent":["debug/failcomponent.d1f8803e2009818ef71d.js","debug/failcomponent.d1f8803e2009818ef71d.js.map"],"egg/egg":["egg/egg.4e4902966f9314b37154.js","egg/egg.4e4902966f9314b37154.js.map"],"enterprise/complete":["enterprise/complete.89eaa305053a6c0f8989.js","enterprise/complete.89eaa305053a6c0f8989.js.map"],"enterprise/license-paid":["enterprise/license-paid.ebe1bfa16a3d49069d9b.js","enterprise/license-paid.ebe1bfa16a3d49069d9b.js.map"],"enterprise/license-purchase":["enterprise/license-purchase.33b546c059bd99696cf0.js","enterprise/license-purchase.33b546c059bd99696cf0.js.map"],"enterprise/on-site-buy-now":["enterprise/on-site-buy-now.537497d98021ab3a5cb2.js","enterprise/on-site-buy-now.537497d98021ab3a5cb2.js.map"],"enterprise/on-site-contact-confirmation":["enterprise/on-site-contact-confirmation.30cef6ea069bb5b8d238.js","enterprise/on-site-contact-confirmation.30cef6ea069bb5b8d238.js.map"],"enterprise/on-site-trial":["enterprise/on-site-trial.c4299d1451374df8d233.js","enterprise/on-site-trial.c4299d1451374df8d233.js.map"],"enterprise/orgs-terms":["enterprise/orgs-terms.1d97d471a2406c7a0bfa.js","enterprise/orgs-terms.1d97d471a2406c7a0bfa.js.map"],"enterprise/signup-confirmation":["enterprise/signup-confirmation.01182145a57b51bf81d6.js","enterprise/signup-confirmation.01182145a57b51bf81d6.js.map"],"errors/not-found":["errors/not-found.233c66ddecbbf24ac4fc.js","errors/not-found.233c66ddecbbf24ac4fc.js.map"],"errors/server":["errors/server.dd29f86cfe1f6df5386d.js","errors/server.dd29f86cfe1f6df5386d.js.map"],"errors/template":["errors/template.66c3e6b9be4cdeeb1b31.js","errors/template.66c3e6b9be4cdeeb1b31.js.map"],"flatpage/flatpage":["flatpage/flatpage.a15b631354b26980e9d2.js","flatpage/flatpage.a15b631354b26980e9d2.js.map"],"homepage/homepage":["homepage/homepage.110dbed7fffb8ed42685.js","homepage/homepage.110dbed7fffb8ed42685.js.map"],"homepage/homepage-logged-in":["homepage/homepage-logged-in.8797a9ea2201ab4336cc.js","homepage/homepage-logged-in.8797a9ea2201ab4336cc.js.map"],"npme-2/invite":["npme-2/invite.2db2f811ab5b4ca10d5f.js","npme-2/invite.2db2f811ab5b4ca10d5f.js.map"],"npme-2/invites":["npme-2/invites.8878a423875defcf6c76.js","npme-2/invites.8878a423875defcf6c76.js.map"],"npme-2/login":["npme-2/login.a9b772e49ae0412bf666.js","npme-2/login.a9b772e49ae0412bf666.js.map"],"npme-2/overrides/components/tutorials/creating-org":["npme-2/overrides/components/tutorials/creating-org.71f7d5901781c193fb73.js","npme-2/overrides/components/tutorials/creating-org.71f7d5901781c193fb73.js.map"],"npme-2/overrides/components/tutorials/default-registry":["npme-2/overrides/components/tutorials/default-registry.475fb9f18556bd682949.js","npme-2/overrides/components/tutorials/default-registry.475fb9f18556bd682949.js.map"],"npme-2/overrides/components/tutorials/installing-package":["npme-2/overrides/components/tutorials/installing-package.2b04ab2356a096fd5a49.js","npme-2/overrides/components/tutorials/installing-package.2b04ab2356a096fd5a49.js.map"],"npme-2/overrides/components/tutorials/publishing-package":["npme-2/overrides/components/tutorials/publishing-package.5697dc8704d72ac9ced0.js","npme-2/overrides/components/tutorials/publishing-package.5697dc8704d72ac9ced0.js.map"],"npme-2/overrides/components/tutorials/tabs":["npme-2/overrides/components/tutorials/tabs.df1dac1eefb18c4859bc.js","npme-2/overrides/components/tutorials/tabs.df1dac1eefb18c4859bc.js.map"],"npme-2/overrides/homepage":["npme-2/overrides/homepage.c385707ae0df1411a2a1.js","npme-2/overrides/homepage.c385707ae0df1411a2a1.js.map"],"npme-2/overrides/orgs/create":["npme-2/overrides/orgs/create.796a1ec58f26a83b0b55.js","npme-2/overrides/orgs/create.796a1ec58f26a83b0b55.js.map"],"npme-2/reports":["npme-2/reports.c848851d64a15951a1ef.js","npme-2/reports.c848851d64a15951a1ef.js.map"],"npme-2/settings":["npme-2/settings.d0c798bb186ce82f3ea8.js","npme-2/settings.d0c798bb186ce82f3ea8.js.map"],"npme-2/setup":["npme-2/setup.8ebd15e786c914775153.js","npme-2/setup.8ebd15e786c914775153.js.map"],"npme-2/sso-config":["npme-2/sso-config.28c27038f210cf50638a.js","npme-2/sso-config.28c27038f210cf50638a.js.map"],"npme-2/users":["npme-2/users.eeb8e1c64514e5683330.js","npme-2/users.eeb8e1c64514e5683330.js.map"],"npme/invite":["npme/invite.ffae73172929956e34eb.js","npme/invite.ffae73172929956e34eb.js.map"],"npme/invites":["npme/invites.44e371e54eac0a082e0d.js","npme/invites.44e371e54eac0a082e0d.js.map"],"npme/login":["npme/login.ab849e614586290dfb37.js","npme/login.ab849e614586290dfb37.js.map"],"npme/overrides/components/tutorials/creating-org":["npme/overrides/components/tutorials/creating-org.471161dde8734e77baa4.js","npme/overrides/components/tutorials/creating-org.471161dde8734e77baa4.js.map"],"npme/overrides/components/tutorials/default-registry":["npme/overrides/components/tutorials/default-registry.17619197ac9ebf75f78b.js","npme/overrides/components/tutorials/default-registry.17619197ac9ebf75f78b.js.map"],"npme/overrides/components/tutorials/installing-package":["npme/overrides/components/tutorials/installing-package.e55b3915848c09265955.js","npme/overrides/components/tutorials/installing-package.e55b3915848c09265955.js.map"],"npme/overrides/components/tutorials/publishing-package":["npme/overrides/components/tutorials/publishing-package.0e248bac8e84760c3a3c.js","npme/overrides/components/tutorials/publishing-package.0e248bac8e84760c3a3c.js.map"],"npme/overrides/components/tutorials/tabs":["npme/overrides/components/tutorials/tabs.1f4c0ff4d1338c5cb611.js","npme/overrides/components/tutorials/tabs.1f4c0ff4d1338c5cb611.js.map"],"npme/overrides/homepage":["npme/overrides/homepage.4955c4963ed9fa476105.js","npme/overrides/homepage.4955c4963ed9fa476105.js.map"],"npme/overrides/orgs/create":["npme/overrides/orgs/create.a7fa242e75db505a14cc.js","npme/overrides/orgs/create.a7fa242e75db505a14cc.js.map"],"npme/settings":["npme/settings.58e57b118bbd7878e2ed.js","npme/settings.58e57b118bbd7878e2ed.js.map"],"npme/setup":["npme/setup.c348ba66cd10e64fba12.js","npme/setup.c348ba66cd10e64fba12.js.map"],"npme/sso-config":["npme/sso-config.fc863259ffafbadaac78.js","npme/sso-config.fc863259ffafbadaac78.js.map"],"npme/users":["npme/users.7bf881838868fa2e8146.js","npme/users.7bf881838868fa2e8146.js.map"],"orgs/create":["orgs/create.25acfbc854056d91faab.js","orgs/create.25acfbc854056d91faab.js.map"],"orgs/detail":["orgs/detail.a0fc09a1dafcc608f604.js","orgs/detail.a0fc09a1dafcc608f604.js.map"],"orgs/invite":["orgs/invite.bb4dd212f2a1638cd111.js","orgs/invite.bb4dd212f2a1638cd111.js.map"],"orgs/upgrade":["orgs/upgrade.720c3caf2998a6f28cd5.js","orgs/upgrade.720c3caf2998a6f28cd5.js.map"],"package-list/dependents-list":["package-list/dependents-list.2dce05752934fcbcbe4f.js","package-list/dependents-list.2dce05752934fcbcbe4f.js.map"],"package-list/most-depended":["package-list/most-depended.f7001bbcaa0641bf4f40.js","package-list/most-depended.f7001bbcaa0641bf4f40.js.map"],"package-list/recently-updated":["package-list/recently-updated.37fbdf8fec827ddacad3.js","package-list/recently-updated.37fbdf8fec827ddacad3.js.map"],"package/package":["package/package.a8b3c84300ae1382adf1.js","package/package.a8b3c84300ae1382adf1.js.map"],"partners/detail":["partners/detail.455f79e0b6e62b2b62c8.js","partners/detail.455f79e0b6e62b2b62c8.js.map"],"partners/join":["partners/join.64518905a4506bd65cb0.js","partners/join.64518905a4506bd65cb0.js.map"],"partners/thanks":["partners/thanks.ff01ac06bf6bc9dca957.js","partners/thanks.ff01ac06bf6bc9dca957.js.map"],"profile/profile":["profile/profile.225a06aa9545bb306666.js","profile/profile.225a06aa9545bb306666.js.map"],"search/search":["search/search.7a1e54cf3d045148dbc1.js","search/search.7a1e54cf3d045148dbc1.js.map"],"settings/change-password":["settings/change-password.70b297e43c57d042ce46.js","settings/change-password.70b297e43c57d042ce46.js.map"],"settings/email":["settings/email.fadfc72c579bb081162b.js","settings/email.fadfc72c579bb081162b.js.map"],"settings/memberships":["settings/memberships.410836fc226dd288ffb8.js","settings/memberships.410836fc226dd288ffb8.js.map"],"settings/packages":["settings/packages.64c297193727a8e51542.js","settings/packages.64c297193727a8e51542.js.map"],"settings/profile":["settings/profile.833a150cc274224f5f70.js","settings/profile.833a150cc274224f5f70.js.map"],"teams/create":["teams/create.b9f70a2ae9de1915d420.js","teams/create.b9f70a2ae9de1915d420.js.map"],"teams/detail":["teams/detail.d4664bced272f9d0a3ad.js","teams/detail.d4664bced272f9d0a3ad.js.map"],"teams/list":["teams/list.261cf5f94b9192a3daab.js","teams/list.261cf5f94b9192a3daab.js.map"],"teams/packages":["teams/packages.71096da465263d66286d.js","teams/packages.71096da465263d66286d.js.map"],"teams/users":["teams/users.674a8b5b623059964462.js","teams/users.674a8b5b623059964462.js.map"],"tfa/enable":["tfa/enable.18fb4a852c69318b5589.js","tfa/enable.18fb4a852c69318b5589.js.map"],"tfa/showTFAQRCode":["tfa/showTFAQRCode.eb7002f5007a27821807.js","tfa/showTFAQRCode.eb7002f5007a27821807.js.map"],"tfa/showTFASuccess":["tfa/showTFASuccess.d060dc3061cf308203c2.js","tfa/showTFASuccess.d060dc3061cf308203c2.js.map"],"tfa/tfa-mode-selection":["tfa/tfa-mode-selection.a16db0ac7e3f02c6f5d3.js","tfa/tfa-mode-selection.a16db0ac7e3f02c6f5d3.js.map"],"tfa/tfa-password-entry":["tfa/tfa-password-entry.be0ca4c5433e4802b5ac.js","tfa/tfa-password-entry.be0ca4c5433e4802b5ac.js.map"],"tokens/create":["tokens/create.0a64e73c9a20dc823d2a.js","tokens/create.0a64e73c9a20dc823d2a.js.map"],"tokens/list":["tokens/list.1d67b6a2423c57d4efcd.js","tokens/list.1d67b6a2423c57d4efcd.js.map"],"vouchers/view":["vouchers/view.cc023324f08f48ef3082.js","vouchers/view.cc023324f08f48ef3082.js.map"]},"hash":"4d94cbb36d7d9f02c2f4","name":"advisories/detail","containerId":"app","headerName":"x-spiferack","publicPath":"https://static.npmjs.com/"}</script>

我对任何其他开源安全扫描工具持开放态度,例如:Snyk、OWASP 等……只要我可以将此漏洞检测功能用作 Web 服务。关于尝试/使用什么的任何想法?

任何帮助将不胜感激!

更新:

似乎 Node Security 正在利用国家漏洞数据库 ( NVD) 来查找开源漏洞并拥有 将模块映射到常见漏洞和暴露 (CVE)。可以多种形式获取整个CVE数据集 here .也许这些数据可以反向映射?我看到内嵌 <script>标记有问题的模块有许多字段。直接相关的两个字段是: cves , 和 module_name .哪里 module_name指向有问题的模块,在我的示例 jquery 中,和 cves似乎是上述 CVE 数据集的一对一映射。这将允许人们将整个数据集读入数据库并将该数据库用作查找的真实来源。所以问题真的变成了:

Node Security 如何将 CVE 映射到 module_names?这是手动操作还是备用数据集中有更多列/字段?

更新 2

两者 NVDSnyk ,为库的漏洞检测提供 RSS 提要。在幕后,这正是 npm 审计在安装库或运行审计时用来确定高/中/低漏洞的方法。这些 RSS 提要有多种格式,实际上很容易解析。此外,它们还具有模块到内置漏洞的映射。

话虽如此,如果您想利用这些开源扫描仪, 必须遵守其指定的许可证和使用规则。 例如,Snyx 的 RSS 源使用规则如下:

Snyk's Vulnerability DB RSS feed. This DB (feed and repository) is licensed under the AGPL-v3 license, which often allows use internally, but prohibits embedding the DB in another product or service, unless that product and provided service are open source and under the AGPL-v3 license.** For a different license to Snyk's vulnerability DB, please contact us at contact@snyk.io**



至于提到的一些担忧:

您将利用 npmjs(它是开源的),这就是重点。 Npmjs 将保存您所有的库,并且您将按预期使用 npmjs。如果您需要更多隐私,例如使用私有(private)范围的模块供内部使用,您可以直接向 npmjs 付费。对不起,如果我说不清楚,因为目的是只使用 npmjs 而不是支付第三方实体为您托管 JFrog 存储库。

至于License的问题,你 应始终遵守管辖软件使用或再分发的法律。

最佳答案

TLDR:使用由 NVD 和 Snyk 提供的 RSS 源进行库的漏洞检测,遵守其指定的许可证和使用规则。

NVD 和 Snyk 都提供用于库漏洞检测的 RSS 提要。在幕后,这正是 npm 审计在安装库或运行审计时用来确定高/中/低漏洞的方法。这些 RSS 提要有多种格式,实际上很容易解析。此外,它们还具有模块到内置漏洞的映射。

话虽如此,如果您想利用这些开源漏洞扫描器,必须遵守其指定的许可证和使用规则 .例如,Snyx 的 RSS 源使用规则如下:

Snyk's Vulnerability DB RSS feed. This DB (feed and repository) is licensed under the AGPL-v3 license, which often allows use internally, but prohibits embedding the DB in another product or service, unless that product and provided service are open source and under the AGPL-v3 license.** For a different license to Snyk's vulnerability DB, please contact us at contact@snyk.io**



干杯

关于node.js - 如何利用 npm 审计?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56710565/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com