Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade vm2 from 3.9.11 to 3.9.18 #91

Open
wants to merge 37 commits into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade vm2 from 3.9.11 to 3.9.18 #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
4da995b
update readme
morgansnyk Oct 19, 2021
2a2bd65
Merge pull request #1 from morgansnyk/dev
morgansnyk Oct 19, 2021
6d29ba2
add bad package
morgansnyk Oct 19, 2021
561eee5
bad package
morgansnyk Oct 19, 2021
50c852d
remove bad package
morgansnyk Oct 19, 2021
4065468
fix: package.json & package-lock.json to reduce vulnerabilities
snyk-bot Oct 19, 2021
973f275
Merge pull request #3 from morgansnyk/snyk-fix-9cbdb733c9804818f88322…
morgansnyk Oct 19, 2021
e1425d7
update
morgansnyk Oct 19, 2021
aa6eb3d
Merge pull request #2 from morgansnyk/dev
morgansnyk Oct 19, 2021
89f0b88
fix sync
morgansnyk Oct 27, 2021
37a9c19
user instruct
morgansnyk Nov 3, 2021
f2fbbc7
add sudo?
morgansnyk Nov 3, 2021
ce76214
add sudo?
morgansnyk Nov 3, 2021
5dfce2f
add user inst
morgansnyk Nov 3, 2021
727bf1d
add add stuff
morgansnyk Nov 3, 2021
4a7a175
add ADD
morgansnyk Nov 3, 2021
b6767b4
add ADD
morgansnyk Nov 3, 2021
515e1f5
add user instruction
morgansnyk Nov 19, 2021
0a0c22d
add user instruction
morgansnyk Nov 19, 2021
34099ac
add user instruction
morgansnyk Nov 19, 2021
def27bd
add user instruction
morgansnyk Nov 19, 2021
192d20b
test
morgansnyk Jun 15, 2022
747c8cc
test
morgansnyk Jun 15, 2022
36a98a0
test PR
morgansnyk Jun 15, 2022
83dbeec
vulns
morgansnyk Oct 5, 2022
9d82cba
Update app.js
morgansnyk Oct 5, 2022
f7bfc29
adding vulns
morgansnyk Oct 5, 2022
b2fc8b2
update
morgansnyk Oct 24, 2022
0926912
Merge pull request #65 from morgansnyk/vulnerable
morgansnyk Oct 24, 2022
2d5ffc8
Update docker-compose.yml
morgansnyk Oct 24, 2022
f2b8291
Merge pull request #68 from morgansnyk/vulnerable
morgansnyk Oct 24, 2022
ab4cfb0
Update docker-compose.yml
morgansnyk Oct 24, 2022
83f0977
Update docker-compose.yml
morgansnyk Oct 24, 2022
50792b5
Merge pull request #69 from morgansnyk/vulnerable
morgansnyk Oct 24, 2022
318a849
update docker fil
morgansnyk Oct 24, 2022
cf8bf7a
Merge pull request #70 from morgansnyk/vulnerable
morgansnyk Oct 24, 2022
7a3d91f
fix: package.json & package-lock.json to reduce vulnerabilities
snyk-bot May 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .dccache
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"/Users/mike/Projects/goof/app.js":[2267,1634571049540.3928,"174d57bfa8df392e6af4d329afe1cd1df2fd5847e5259aef392d9a8c335213ec"],"/Users/mike/Projects/goof/mongoose-db.js":[1386,1628101655734.02,"8ab9827c4b3c91d8b1a5ca95dffe6cd99f21d74c32e19673c2af4a6e9219a74d"],"/Users/mike/Projects/goof/typeorm-db.js":[958,1628101689256.3606,"85cdc7ce12438d4afd96c13145a1a7e5ddf94797e3c85eaab1db24adceacb374"],"/Users/mike/Projects/goof/utils.js":[641,1617723196113.9553,"89708c1c71ee8df581db821a502df0023f96c61be34038f2471419c61b9a17c9"],"/Users/mike/Projects/goof/entity/Users.js":[259,1617723196104.9539,"3aa06d2acbe381eab0b8f8cdb89304e54c083b24b06aff63ccb70b2b2dab9a3e"],"/Users/mike/Projects/goof/public/about.html":[70,1617723196111.5613,"21203315cbebc6b0ee319503a16c2f12a9adc6d2e8a7a571a7acf15574c6c505"],"/Users/mike/Projects/goof/routes/index.js":[7004,1634571049545.7893,"94beceb9c6b840e39cd449b81b30941b510ba3a685f9a14bd5225af946f6c1c2"],"/Users/mike/Projects/goof/routes/users.js":[1157,1617723196113.6292,"6ad8ac7589f66b5892f6fc5a66d0b2114f7888b8654e6a3cd6d3b637d50c2ef6"],"/Users/mike/Projects/goof/views/admin.ejs":[543,1617723196114.3547,"d88491c558787b36fe11402f052be05b8172403e53c8349225799f80bc43bf61"],"/Users/mike/Projects/goof/views/edit.ejs":[1068,1617723196114.5288,"867ce350c8ae5d7793208c3b170d98f2733bc15382900833efbc55a59f74e4fe"],"/Users/mike/Projects/goof/views/index.ejs":[607,1617723196114.6807,"3de0b4b893f9c6115f35a9bf6d72b3ed929cf8f4c1a4e8a15056ddd8d1f22c9b"],"/Users/mike/Projects/goof/views/layout.ejs":[856,1617723196114.8848,"da44ae8f7de4f1fcdecd91306e702849099a98dca3421d369c036d697b8e16f9"],"/Users/mike/Projects/goof/public/js/ga.js":[320,1617723196112.836,"ec0bd48aaa6c1da6132f86157ff8419cc0d6a016026d17f237a636938d914164"]}
{"/Users/morgansmith/Documents/GitHub/goof/app.js":[2297,1665008574315.7275,"c313b4617f8b24cb4d35298e8a5582d15dc443804254a7b13f9fcd55144a12dc"],"/Users/morgansmith/Documents/GitHub/goof/mongoose-db.js":[1386,1665006732976.5747,"8ab9827c4b3c91d8b1a5ca95dffe6cd99f21d74c32e19673c2af4a6e9219a74d"],"/Users/morgansmith/Documents/GitHub/goof/results.html":[102587,1665006732983.7249,"3555c453bc1cdf3e9b1dfc6e9bf40ded46d76a83f3442f4d76b55dceab2f577e"],"/Users/morgansmith/Documents/GitHub/goof/typeorm-db.js":[958,1665006733177.535,"85cdc7ce12438d4afd96c13145a1a7e5ddf94797e3c85eaab1db24adceacb374"],"/Users/morgansmith/Documents/GitHub/goof/utils.js":[641,1665006733177.743,"89708c1c71ee8df581db821a502df0023f96c61be34038f2471419c61b9a17c9"],"/Users/morgansmith/Documents/GitHub/goof/.idea/misc.xml":[256,1665006732889.9822,"cb31c6b51d8c3f81450ee955b3fd978bf911dce123e954cb1da82434793660b1"],"/Users/morgansmith/Documents/GitHub/goof/.idea/modules.xml":[260,1665006732890.1665,"b5d48df259965e3b04b5825ddc0711e230cd19272deab6bbefd1ac2f22da30a5"],"/Users/morgansmith/Documents/GitHub/goof/.idea/runConfigurations.xml":[337,1665006732890.3545,"9b769560c57b140d7253568435610c2de0a82ee4a9cc14fdc2fcba24e2b428cd"],"/Users/morgansmith/Documents/GitHub/goof/.idea/snyk.project.settings.xml":[184,1665006732890.5598,"21c05b86e00116b46d178ec6aab4770c37636fd1d03d72b04646c24a92ed09f9"],"/Users/morgansmith/Documents/GitHub/goof/.idea/vcs.xml":[167,1665006732890.7485,"6323e12648862a0a96fc0d7877672817d6cd91e2c2a3c3d78f1090db23c6e88e"],"/Users/morgansmith/Documents/GitHub/goof/entity/Users.js":[259,1665006732968.6543,"3aa06d2acbe381eab0b8f8cdb89304e54c083b24b06aff63ccb70b2b2dab9a3e"],"/Users/morgansmith/Documents/GitHub/goof/public/about.html":[70,1665006732979.5874,"21203315cbebc6b0ee319503a16c2f12a9adc6d2e8a7a571a7acf15574c6c505"],"/Users/morgansmith/Documents/GitHub/goof/routes/index.js":[7054,1665006733177.0557,"fa0132d45d08f1440c2a684d519fe6b49e7a477bd5a202ac3377ee0cdfd8764a"],"/Users/morgansmith/Documents/GitHub/goof/routes/users.js":[1157,1665006733177.3142,"6ad8ac7589f66b5892f6fc5a66d0b2114f7888b8654e6a3cd6d3b637d50c2ef6"],"/Users/morgansmith/Documents/GitHub/goof/views/admin.ejs":[543,1665006733178.3057,"d88491c558787b36fe11402f052be05b8172403e53c8349225799f80bc43bf61"],"/Users/morgansmith/Documents/GitHub/goof/views/edit.ejs":[1068,1665006733178.5327,"867ce350c8ae5d7793208c3b170d98f2733bc15382900833efbc55a59f74e4fe"],"/Users/morgansmith/Documents/GitHub/goof/views/index.ejs":[607,1665006733178.749,"3de0b4b893f9c6115f35a9bf6d72b3ed929cf8f4c1a4e8a15056ddd8d1f22c9b"],"/Users/morgansmith/Documents/GitHub/goof/views/layout.ejs":[856,1665006733178.9688,"da44ae8f7de4f1fcdecd91306e702849099a98dca3421d369c036d697b8e16f9"],"/Users/morgansmith/Documents/GitHub/goof/.idea/libraries/zip_slip.xml":[303,1665006732889.7966,"b90342f05598b680c1ecc9c8cc98aa2576c724402f98c7cf2182487d5cfc2095"],"/Users/morgansmith/Documents/GitHub/goof/public/js/bundle.js":[258080,1665006732982.662,"0883b188904846f02811714bde228a9c0fce1b8e56c163b07c02484556d4cc71"],"/Users/morgansmith/Documents/GitHub/goof/public/js/ga.js":[320,1665006732982.9236,"ec0bd48aaa6c1da6132f86157ff8419cc0d6a016026d17f237a636938d914164"]}
38 changes: 38 additions & 0 deletions .github/workflows/pipeline
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
image: node:12.18.4-buster

before_script:
- npm i -g snyk # install synk

# PERFORM A SNYK SCA TEST
snykTest:
script:
- npm install --production --unsafe-perm
- snyk auth $SNYK_TOKEN
- snyk test # snyk open source test
allow_failure: false
tags:
- docker

# TAKE A SNAPSHOT AND MONITOR IT WITH SNYK MONITOR
snykMonitor:
script:
- snyk monitor
allow_failure: false
tags:
- docker

#SNYK CODE TEST
snykCodeTest:
script:
- snyk code test
allow_failure: false
tags:
- docker

#SNYK IAC TEST
snykIACTest:
script:
- snyk iac test
allow_failure: false
tags:
- docker
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ node_modules
sass
config.rb
npm-debug.log
sarif.txt
10 changes: 10 additions & 0 deletions .idea/runConfigurations.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions .idea/snyk.project.settings.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions .snyk
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-JS-LODASH-450202:
- '*':
reason: None Given
expires: 2022-11-19T20:29:36.652Z
created: 2022-10-20T20:29:36.655Z
patch: {}
7 changes: 4 additions & 3 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
# FROM node:6-stretch
FROM node:14.1.0
FROM morganls23/goof:1.12.1

LABEL org.opencontainers.image.source="https://github.com/metalstormbass/goof"
LABEL io.snyk.containers.image.dockerfile="/Dockerfile"

RUN mkdir /usr/src/goof
RUN mkdir /tmp/extracted_files
COPY . /usr/src/goof
WORKDIR /usr/src/goof


RUN apt-get update && apt install sa-exim -y && apt-get install iputils-ping -y && apt-get install nmap -y

RUN npm update
RUN npm install
EXPOSE 3001
Expand Down
3 changes: 3 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,3 +88,6 @@ snyk wizard

In this application, the default `snyk wizard` answers will fix all the issues.
When the wizard is done, restart the application and run the exploits again to confirm they are fixed.


Testing Cahnge
4 changes: 3 additions & 1 deletion app.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,9 @@ var dust = require('dustjs-linkedin');
var dustHelpers = require('dustjs-helpers');
var cons = require('consolidate');


var app = express();
var app = express.Router();
var routes = require('./routes');
var routesUsers = require('./routes/users.js')

Expand Down Expand Up @@ -61,7 +63,7 @@ app.use('/users', routesUsers)
// Static
app.use(st({ path: './public', url: '/public' }));

// Add the option to output (sanitized!) markdown
// Add the option to output (sanzitized!) markdown
marked.setOptions({ sanitize: true });
app.locals.marked = marked;

Expand Down
Loading