yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-26 08:52:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2435 from strapi/add-snyk

Browse Source 
Check dependencies vulnerability with Snyk
This commit is contained in:
Jim LAURIE 2018-12-12 12:05:10 +01:00 committed by GitHub
commit 816ed33ed2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
40 changed files with 409 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:31:33.160Z
patch: {}

11
.travis.yml
View File

@ -6,14 +6,15 @@ git:
language: node_js language: node_js
node_js: node_js:
- "10" - '10'
- "11" - '11'
before_install: before_install:
- export CHROME_BIN=chromium-browser - export CHROME_BIN=chromium-browser
- export DISPLAY=:99.0 - export DISPLAY=:99.0
- sh -e /etc/init.d/xvfb start - sh -e /etc/init.d/xvfb start
- git fetch -a - git fetch -a
- git fetch origin master
# - sudo chown -R $(whoami) $(npm config get prefix)/{lib/node_modules,bin,share} # - sudo chown -R $(whoami) $(npm config get prefix)/{lib/node_modules,bin,share}
# - npm cache clean --force # - npm cache clean --force
# - rm -rf node_modules/ # - rm -rf node_modules/
@ -21,10 +22,14 @@ before_install:
install: install:
- npm run setup --debug - npm run setup --debug
before_script:
- git fetch origin master:master
script: script:
- npm run lint - npm run lint
- npm run doc - npm run doc
- npm run snyk
cache: cache:
directories: directories:
- "node_modules" - 'node_modules'

8
package.json
View File

@ -20,7 +20,8 @@
"redux-saga": "^0.14.3", "redux-saga": "^0.14.3",
"request": "^2.87.0", "request": "^2.87.0",
"shelljs": "^0.7.7", "shelljs": "^0.7.7",
"strapi-lint": "file:packages/strapi-lint" "strapi-lint": "file:packages/strapi-lint",
"snyk": "^1.99.0"
}, },
"scripts": { "scripts": {
"clean": "npm run removesymlinkdependencies && npx rimraf package-lock.json && npx rimraf packages/*/package-lock.json", "clean": "npm run removesymlinkdependencies && npx rimraf package-lock.json && npx rimraf packages/*/package-lock.json",
@ -32,8 +33,9 @@
"setup:build": "npm run setup --build", "setup:build": "npm run setup --build",
"setup": "npm run clean:all && npm install ./packages/strapi-lint --save-dev && npm install && node ./scripts/setup.js && npm run clean", "setup": "npm run clean:all && npm install ./packages/strapi-lint --save-dev && npm install && node ./scripts/setup.js && npm run clean",
"lint": "node ./scripts/lint.js", "lint": "node ./scripts/lint.js",
"test": "node ./test/start.js", "test": "snyk test && node ./test/start.js",
"prettier": "node ./packages/strapi-lint/lib/internals/prettier/index.js" "prettier": "node ./packages/strapi-lint/lib/internals/prettier/index.js",
"snyk": "node ./scripts/snyk.js"
}, },
"author": { "author": {
"email": "hi@strapi.io", "email": "hi@strapi.io",

9
packages/strapi-admin/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:35:17.133Z
patch: {}

9
packages/strapi-generate-admin/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:35:52.618Z
patch: {}

9
packages/strapi-generate-api/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:35:54.864Z
patch: {}

9
packages/strapi-generate-controller/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:35:57.351Z
patch: {}

9
packages/strapi-generate-model/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:35:59.679Z
patch: {}

9
packages/strapi-generate-new/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:04.222Z
patch: {}

9
packages/strapi-generate-plugin/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:06.569Z
patch: {}

9
packages/strapi-generate-policy/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:09.263Z
patch: {}

9
packages/strapi-generate-service/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:25.992Z
patch: {}

9
packages/strapi-generate/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:35:22.585Z
patch: {}

9
packages/strapi-helper-plugin/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:48.647Z
patch: {}

9
packages/strapi-hook-bookshelf/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:51.201Z
patch: {}

9
packages/strapi-hook-ejs/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:53.294Z
patch: {}

9
packages/strapi-hook-knex/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:55.758Z
patch: {}

9
packages/strapi-hook-mongoose/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:36:58.340Z
patch: {}

9
packages/strapi-hook-redis/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:00.449Z
patch: {}

9
packages/strapi-lint/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:04.113Z
patch: {}

44
packages/strapi-lint/lib/internals/shared/listChangedFiles.js
View File

@ -8,28 +8,38 @@
const execFileSync = require('child_process').execFileSync; const execFileSync = require('child_process').execFileSync;
const exec = (command, args) => { const exec = (command, args) => {
console.log('> ' + [command].concat(args).join(' ')); console.log('> ' + [command].concat(args).join(' '));
const options = { const options = {
cwd: process.cwd(), cwd: process.cwd(),
env: process.env, env: process.env,
stdio: 'pipe', stdio: 'pipe',
encoding: 'utf-8', encoding: 'utf-8',
}; };
return execFileSync(command, args, options);
try {
return execFileSync(command, args, options);
} catch (err) {
return '';
}
}; };
const execGitCmd = args => const execGitCmd = args =>
exec('git', args) exec('git', args)
.trim() .trim()
.toString() .toString()
.split('\n'); .split('\n');
const listChangedFiles = () => { const listChangedFiles = () => {
const mergeBase = execGitCmd(['merge-base', 'HEAD', 'master']); const mergeBase = execGitCmd(['merge-base', 'HEAD', 'master']);
return new Set([
...execGitCmd(['diff', '--name-only', '--diff-filter=ACMRTUB', mergeBase]), try {
...execGitCmd(['ls-files', '--others', '--exclude-standard']), return new Set([
]); ...execGitCmd(['diff', '--name-only', '--diff-filter=ACMRTUB', mergeBase]),
...execGitCmd(['ls-files', '--others', '--exclude-standard']),
]);
} catch (err) {
return [];
}
}; };
module.exports = listChangedFiles; module.exports = listChangedFiles;

9
packages/strapi-middleware-views/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:06.512Z
patch: {}

9
packages/strapi-plugin-content-manager/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:14.459Z
patch: {}

9
packages/strapi-plugin-content-type-builder/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:23.290Z
patch: {}

9
packages/strapi-plugin-email/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:31.383Z
patch: {}

17
packages/strapi-plugin-graphql/.snyk Normal file
View File

@ -0,0 +1,17 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:34.495Z
qs:
- '*':
reason: Temporarily ignore
expires: 2019-01-31T00:00:00.000Z
apollo-server-koa@2.2.6:
- '*':
reason: Temporarily ignore
expires: 2019-01-04T16:34:24.069Z
patch: {}

9
packages/strapi-plugin-settings-manager/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:42.177Z
patch: {}

9
packages/strapi-plugin-upload/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:50.220Z
patch: {}

17
packages/strapi-plugin-users-permissions/.snyk Normal file
View File

@ -0,0 +1,17 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:37:58.353Z
qs:
- '*':
reason: Temporarily ignore
expires: 2019-01-31T00:00:00.000Z
purest:
- '*':
reason: Temporarily ignore
expires: 2019-01-31T00:00:00.000Z
patch: {}

9
packages/strapi-provider-email-amazon-ses/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:00.833Z
patch: {}

9
packages/strapi-provider-email-mailgun/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:03.075Z
patch: {}

9
packages/strapi-provider-email-sendgrid/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:05.425Z
patch: {}

9
packages/strapi-provider-email-sendmail/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:07.540Z
patch: {}

9
packages/strapi-provider-upload-aws-s3/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:09.622Z
patch: {}

9
packages/strapi-provider-upload-cloudinary/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:11.663Z
patch: {}

9
packages/strapi-provider-upload-local/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:13.835Z
patch: {}

9
packages/strapi-provider-upload-rackspace/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:15.967Z
patch: {}

9
packages/strapi-utils/.snyk Normal file
View File

@ -0,0 +1,9 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:38:18.270Z
patch: {}

13
packages/strapi/.snyk Normal file
View File

@ -0,0 +1,13 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
shelljs:
- '*':
reason: testing
expires: 2019-01-04T14:35:06.536Z
koa-body:
- '*':
reason: Temporarily ignore
expires: 2019-01-04T16:46:20.156Z
patch: {}

25
scripts/snyk.js Normal file
View File

@ -0,0 +1,25 @@
const fs = require('fs');
const path = require('path');
const shell = require('shelljs');
try {
const packages = fs.readdirSync(path.resolve(process.cwd(), 'packages'), 'utf8');
shell.cd('packages/strapi');
packages
.filter(pkg => pkg.indexOf('strapi') !== -1)
.forEach(pkg => {
shell.cd('../' + pkg);
shell.echo(`Testing ${pkg} dependencies`);
const data = shell.exec('snyk test --severity-threshold=high', { silent: true });
if (data.code !== 0 && data.stdout.indexOf('Missing node_modules folder') === -1) {
shell.echo(data.stdout);
process.exit(1);
}
});
} catch (error) {
console.error(error);
}