snyk · thisislawatts · Nov 13, 2024
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'SNYK-JS-CXCT-535487':
+    - '*':
+        reason: None given
+        expires: '2100-03-01T19:48:49.699Z'
@@ -0,0 +1,9 @@
+{
+  "name": "npm-package-single-ignored-vuln",
+  "version": "1.0.0",
+  "description": "application with annotated vulns",
+  "dependencies": {
+    "cxct": "0.0.1-security"
+  },
+  "devDependencies": {}
+}
@@ -0,0 +1,104 @@
+{
+  "result": {
+    "affectedPkgs": {
+      "[email protected]": {
+        "pkg": { "name": "cxct", "version": "0.0.1-security" },
+        "issues": {
+          "SNYK-JS-CXCT-535487": {
+            "issueId": "SNYK-JS-CXCT-535487",
+            "fixInfo": { "isPatchable": false, "upgradePaths": [] }
+          }
+        }
+      }
+    },
+    "issuesData": {
+      "SNYK-JS-CXCT-535487": {
+        "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+        "alternativeIds": [],
+        "creationTime": "2019-11-24T13:10:43.888332Z",
+        "credit": ["npm 󠅮󠅰󠅭security"],
+        "cvssScore": 9.8,
+        "description": "## Overview\n\n[cxct](https://www.npmjs.com/package/cxct) is a malicious package.\n\n\nThe package finds and exfiltrates cryptocurrency wallets.\n\n## Remediation\n\nAvoid using `cxct` altogether.\n\n\n## References\n\n- [NPM Security Advisory](https://www.npmjs.com/advisories/1344)\n",
+        "disclosureTime": "2019-11-22T00:24:41Z",
+        "exploit": "Not Defined",
+        "fixedIn": [],
+        "functions": [],
+        "functions_new": [],
+        "id": "SNYK-JS-CXCT-535487",
+        "identifiers": { "CVE": [], "CWE": ["CWE-506"], "NSP": [1344] },
+        "language": "js",
+        "modificationTime": "2019-11-24T16:16:16.630345Z",
+        "moduleName": "cxct",
+        "packageManager": "npm",
+        "packageName": "cxct",
+        "patches": [],
+        "publicationTime": "2019-11-24T13:11:04Z",
+        "references": [
+          {
+            "title": "NPM Security Advisory",
+            "url": "https://www.npmjs.com/advisories/1344"
+          }
+        ],
+        "semver": { "vulnerable": ["*"] },
+        "severity": "high",
+        "title": "Malicious 󠅮󠅰󠅭Package",
+        "isPinnable": false
+      }
+    },
+    "remediation": {
+      "unresolved": [
+        {
+          "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "alternativeIds": [],
+          "creationTime": "2019-11-24T13:10:43.888332Z",
+          "credit": ["npm 󠅮󠅰󠅭security"],
+          "cvssScore": 9.8,
+          "description": "## Overview\n\n[cxct](https://www.npmjs.com/package/cxct) is a malicious package.\n\n\nThe package finds and exfiltrates cryptocurrency wallets.\n\n## Remediation\n\nAvoid using `cxct` altogether.\n\n\n## References\n\n- [NPM Security Advisory](https://www.npmjs.com/advisories/1344)\n",
+          "disclosureTime": "2019-11-22T00:24:41Z",
+          "exploit": "Not Defined",
+          "fixedIn": [],
+          "functions": [],
+          "functions_new": [],
+          "id": "SNYK-JS-CXCT-535487",
+          "identifiers": { "CVE": [], "CWE": ["CWE-506"], "NSP": [1344] },
+          "language": "js",
+          "modificationTime": "2019-11-24T16:16:16.630345Z",
+          "moduleName": "cxct",
+          "packageManager": "npm",
+          "packageName": "cxct",
+          "patches": [],
+          "publicationTime": "2019-11-24T13:11:04Z",
+          "references": [
+            {
+              "title": "NPM Security Advisory",
+              "url": "https://www.npmjs.com/advisories/1344"
+            }
+          ],
+          "semver": { "vulnerable": ["*"] },
+          "severity": "high",
+          "title": "Malicious 󠅮󠅰󠅭Package",
+          "isPinnable": false,
+          "from": ["[email protected]", "[email protected]"],
+          "upgradePath": [],
+          "isUpgradable": false,
+          "isPatchable": false,
+          "name": "cxct",
+          "version": "0.0.1-security"
+        }
+      ],
+      "upgrade": {},
+      "patch": {},
+      "ignore": {},
+      "pin": {}
+    }
+  },
+  "meta": {
+    "isPrivate": true,
+    "isLicensesEnabled": false,
+    "licensesPolicy": { "severities": {}, "orgLicenseRules": {} },
+    "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n  SNYK-JS-CXCT-535487:\n    - '*':\n        reason: None Given\n        expires: 2100-12-13T14:20:21.158Z\n        created: 2017-11-13T14:20:21.163Z\n        source: cli\npatch: {}\n",
+    "ignoreSettings": null,
+    "org": "gitphill"
+  },
+  "filesystemPolicy": false
+}
@@ -164,5 +164,33 @@ describe('test --json', () => {
       expect(code).toEqual(1);
       expect(server.getRequests().length).toBeGreaterThanOrEqual(1);
     });
+
+    it('returns well structured json', async () => {
+      const project = await createProjectFromWorkspace(
+        'npm-package-single-ignored-vuln',
+      );
+      server.setCustomResponse(
+        await project.readJSON('test-graph-results.json'),
+      );
+
+      const { code, stdout } = await runSnykCLI(
+        `test -d --json --log-level=trace`,
+        {
+          cwd: project.path(),
+          env,
+        },
+      );
+
+      try {
+        const returnedJson = JSON.parse(stdout);
+
+        expect(returnedJson.vulnerabilities).toHaveLength(0);
+        expect(code).toEqual(0);
+        expect(server.getRequests().length).toBeGreaterThanOrEqual(1);
+      } catch (err) {
+        console.log(stdout);
+        throw err;
+      }
+    });
   });
 });