namikingsoft · February 28, 2019 21:28
diff --git a/notify-audit-to-slack.sh b/notify-audit-to-slack.sh
 #!/bin/sh -eu
 #
 # required env:
 #   SLACK_TEXT: Description, Build URL of CI
 #   SLACK_INCOMING: Slack Incoming Webhook URL
 #
 # required stdin:
 #   json text of `.data.advisory` on yarn audit
 #
 # required packages:
 #   printf
 #   curl
 #   jq
 #
 # usage:
 #   yarn audit --json \
 #   | jq -s 'map(.data.advisory)' \
 #   |\
 #   SLACK_TEXT="Check unknown advisories\n${CIRCLE_BUILD_URL}" \
 #   SLACK_INCOMING="https://hooks.slack.com/services/********" \
 #     sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/notify-audit-to-slack.sh)
 #
 # usage:
 #   sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/yarn-audit-without-exceptions.sh) \
 #   |\
 #   SLACK_TEXT="Check unknown advisories\n${CIRCLE_BUILD_URL}" \
 #   SLACK_INCOMING="https://hooks.slack.com/services/********" \
 #     sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/notify-audit-to-slack.sh)

 # stdin
 advisories_json="$(cat)"

 # check advisories count
 if [ "$(printf "%s" "$advisories_json" | jq 'length')" = "0" ]; then
  echo Nothing unknown advisories
  exit
 fi

 # for console dump
 printf "%s" "$advisories_json" | jq .

 # generate post json for slack incoming
 post_slack_json="$(printf "%s" "$advisories_json" | jq "$(cat << EOS
  {
    text: "${SLACK_TEXT}",
    attachments: map({
      color:
        ( if .severity == "critical" then "#bf008c"
        elif .severity == "high" then "#d9534f"
        elif .severity == "moderate" then "#f0ad4e"
        else "#cccccc"
        end ),
      title: "\(.title) (\(.severity))",
      title_link: .url,
      text: .overview,
      fields: [
        {
          title: "Module",
          value: "\(.module_name) @ \(.vulnerable_versions)",
          short: true,
        },
        {
          title: "Used By",
          value: .findings
            | map(.paths)
            | flatten
            | map(split(">")[0])
            | unique
            | join("\n"),
          short: true,
        }
      ],
      footer: "Updated: \(.updated)",
    }),
  }
 EOS
 )")"

 # notify to slack
 curl \
  -H "Content-Type: application/json" \
  -X POST -d "$post_slack_json" \
  ${SLACK_INCOMING}
diff --git a/yarn-audit-check.sh b/yarn-audit-check.sh
 #!/bin/sh -eu
 #
 # required files:
 #   ./package.json
 #   ./yarn.lock
 #
 # required packages:
 #   node
 #   yarn
 #   jq
 #
 # usage:
 #   sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/yarn-audit-check.sh)
 #
 # package.json:
 #   ```json
 #   {
 #     "audit": {
 #       "exceptions": {
 #         "severities": [
 #           "moderate",
 #           "low",
 #           "(critical|high|moderate|low)"
 #        ],
 #        "ids": [
 #          "678",
 #          "(Please input advisories id more than high is attached end of url, i.e. `678`)",
 #          "(advisories url: https://nodesecurity.io/advisories/678)"
 #        ]
 #      }
 #    }
 #  }
 #  ```

 result="$(yarn audit --json || true)"

 [ "${#result}" != "0" ] # exit if 503 Service Unavailable

 advisories_json="$(printf "%s" "${result}" | jq -s 'map(.data.advisory | select(.))')"

 echo "Wasted exception of severities: "
 for severity in $(
  < package.json jq -r '.audit.exceptions.severities[]' 2> /dev/null \
  | grep -E "^(critical|high|moderate|low)$" \
 ); do
  printf "%s" "${advisories_json}" | jq -r "$(cat << EOS
    map(select(.severity == "$severity"))
    | length
    | (if . == 0 then "  $severity" else empty end)
 EOS
  )"
 done
 echo

 echo "Wasted exception of ids:"
 for id in $(
  < package.json jq -r '.audit.exceptions.ids[]' 2> /dev/null \
  | grep -E "^[0-9]+$" \
 ); do
  printf "%s" "${advisories_json}" | jq -r "$(cat << EOS
    map(select(.id == $id))
    | length
    | (if . == 0 then "  $id" else empty end)
 EOS
  )"
 done
 echo

 yarn audit || true
diff --git a/yarn-audit-without-exceptions.sh b/yarn-audit-without-exceptions.sh
 #!/bin/sh -eu
 #
 # required files:
 #   ./package.json
 #   ./yarn.lock
 #
 # required packages:
 #   node
 #   yarn
 #   jq
 #
 # usage:
 #   sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/yarn-audit-without-exceptions.sh)
 #
 # package.json:
 #   ```json
 #   {
 #     "audit": {
 #       "exceptions": {
 #         "severities": [
 #           "moderate",
 #           "low",
 #           "(critical|high|moderate|low)"
 #        ],
 #        "ids": [
 #          "678",
 #          "(Please input advisories id more than high is attached end of url, i.e. `678`)",
 #          "(advisories url: https://nodesecurity.io/advisories/678)"
 #        ]
 #      }
 #    }
 #  }
 #  ```

 yarn audit --ignore-engines --json | jq -s "$(cat << EOS
  map(
    .data.advisory
    | select(.
      $(
        < package.json jq -r '.audit.exceptions.severities[]' 2> /dev/null \
        | grep -E "^(critical|high|moderate|low)$" \
        | xargs -I{} echo ' and (.severity != "{}")'
      )
    )
    | select(.
      $(
        < package.json jq -r '.audit.exceptions.ids[]' 2> /dev/null \
        | grep -E "^[0-9]+$" \
        | xargs -I{} echo " and (.id != {})"
      )
    )
  )
  | unique_by(.id)
 EOS
 )"
	#!/bin/sh -eu
	#
	# required env:
	# SLACK_TEXT: Description, Build URL of CI
	# SLACK_INCOMING: Slack Incoming Webhook URL
	#
	# required stdin:
	# json text of `.data.advisory` on yarn audit
	#
	# required packages:
	# printf
	# curl
	# jq
	#
	# usage:
	# yarn audit --json \
	# \| jq -s 'map(.data.advisory)' \
	# \|\
	# SLACK_TEXT="Check unknown advisories\n${CIRCLE_BUILD_URL}" \
	# SLACK_INCOMING="https://hooks.slack.com/services/********" \
	# sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/notify-audit-to-slack.sh)
	#
	# usage:
	# sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/yarn-audit-without-exceptions.sh) \
	# \|\
	# SLACK_TEXT="Check unknown advisories\n${CIRCLE_BUILD_URL}" \
	# SLACK_INCOMING="https://hooks.slack.com/services/********" \
	# sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/notify-audit-to-slack.sh)

	# stdin
	advisories_json="$(cat)"

	# check advisories count
	if [ "$(printf "%s" "$advisories_json" \| jq 'length')" = "0" ]; then
	echo Nothing unknown advisories
	exit
	fi

	# for console dump
	printf "%s" "$advisories_json" \| jq .

	# generate post json for slack incoming
	post_slack_json="$(printf "%s" "$advisories_json" \| jq "$(cat << EOS
	{
	text: "${SLACK_TEXT}",
	attachments: map({
	color:
	( if .severity == "critical" then "#bf008c"
	elif .severity == "high" then "#d9534f"
	elif .severity == "moderate" then "#f0ad4e"
	else "#cccccc"
	end ),
	title: "\(.title) (\(.severity))",
	title_link: .url,
	text: .overview,
	fields: [
	{
	title: "Module",
	value: "\(.module_name) @ \(.vulnerable_versions)",
	short: true,
	},
	{
	title: "Used By",
	value: .findings
	\| map(.paths)
	\| flatten
	\| map(split(">")[0])
	\| unique
	\| join("\n"),
	short: true,
	}
	],
	footer: "Updated: \(.updated)",
	}),
	}
	EOS
	)")"

	# notify to slack
	curl \
	-H "Content-Type: application/json" \
	-X POST -d "$post_slack_json" \
	${SLACK_INCOMING}
	#!/bin/sh -eu
	#
	# required files:
	# ./package.json
	# ./yarn.lock
	#
	# required packages:
	# node
	# yarn
	# jq
	#
	# usage:
	# sh <(curl --silent -L https://gist.githubusercontent.com/namikingsoft/b2cde62e1953766acf2d47bc1ec1fa2b/raw/yarn-audit-check.sh)
	#
	# package.json:
	# ```json
	# {
	# "audit": {
	# "exceptions": {
	# "severities": [
	# "moderate",
	# "low",
	# "(critical\|high\|moderate\|low)"
	# ],
	# "ids": [
	# "678",
	# "(Please input advisories id more than high is attached end of url, i.e. `678`)",
	# "(advisories url: https://nodesecurity.io/advisories/678)"
	# ]
	# }
	# }
	# }
	# ```

	result="$(yarn audit --json \|\| true)"

	[ "${#result}" != "0" ] # exit if 503 Service Unavailable

	advisories_json="$(printf "%s" "${result}" \| jq -s 'map(.data.advisory \| select(.))')"

	echo "Wasted exception of severities: "
	for severity in $(
	< package.json jq -r '.audit.exceptions.severities[]' 2> /dev/null \
	\| grep -E "^(critical\|high\|moderate\|low)$" \
	); do
	printf "%s" "${advisories_json}" \| jq -r "$(cat << EOS
	map(select(.severity == "$severity"))
	\| length
	\| (if . == 0 then " $severity" else empty end)
	EOS
	)"
	done
	echo

	echo "Wasted exception of ids:"
	for id in $(
	< package.json jq -r '.audit.exceptions.ids[]' 2> /dev/null \
	\| grep -E "^[0-9]+$" \
	); do
	printf "%s" "${advisories_json}" \| jq -r "$(cat << EOS
	map(select(.id == $id))
	\| length
	\| (if . == 0 then " $id" else empty end)
	EOS
	)"
	done
	echo

	yarn audit \|\| true