From 3cdbfa63d80eb081666be3fc056f12e655854dd7 Mon Sep 17 00:00:00 2001
From: Kyle Clark <kyclark@twilio.com>
Date: Mon, 7 Mar 2022 11:45:07 -0500
Subject: [PATCH] Update 'isExcepted' to check for CVE id

---
 src/types/general.d.ts     |  1 +
 src/utils/vulnerability.ts | 11 ++++++++++-
 tsconfig.json              |  5 ++---
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/types/general.d.ts b/src/types/general.d.ts
index a8e5f04..35cd0fe 100644
--- a/src/types/general.d.ts
+++ b/src/types/general.d.ts
@@ -19,6 +19,7 @@ export interface v6Advisories {
 
 export interface v6Advisory {
   readonly id: string;
+  readonly cves: string[];
   // eslint-disable-next-line camelcase
   readonly module_name: string;
   readonly title: string;
diff --git a/src/utils/vulnerability.ts b/src/utils/vulnerability.ts
index a0068d2..0363468 100644
--- a/src/utils/vulnerability.ts
+++ b/src/utils/vulnerability.ts
@@ -76,7 +76,16 @@ export function processAuditJson(
     return Object.values(advisories).reduce(
       (acc: ProcessedResult, cur: v6Advisory) => {
         const shouldAudit = mapLevelToNumber(cur.severity) >= mapLevelToNumber(auditLevel);
-        const isExcepted = exceptionIds.includes(Number(cur.id));
+        let isExcepted: boolean = false;
+
+        if (cur.id && exceptionIds.includes(Number(cur.id)) || // NPM v6 contains 'id's to use
+            (cur.cves && exceptionIds.filter(id => cur.cves.includes(id)).length > 0) || // NPM v6 can also have an array of cve id's
+            (cur.via && cur.via[0].source && exceptionIds.includes(Number(cur.via[0].source))) || //auditReportVersion: 2. Check via.source for id
+            (cur.via && cur.via[0].url && exceptionIds.filter(id => cur.via[0].url.contains(id)).length > 0 )) //auditReportVersion: 2. Check via.url for github id
+        {
+            isExcepted = true;
+        }
+
         const isIgnoredModule = modulesToIgnore.includes(cur.module_name);
 
         // Record this vulnerability into the report, and highlight it using yellow color if it's new
diff --git a/tsconfig.json b/tsconfig.json
index 967d51d..e1ae4c5 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -3,8 +3,7 @@
         "target": "es5",
         "module": "commonjs",
         "lib": [
-            "ES6",
-            "ES2015"
+            "ES2018"
         ],
         "outDir": "lib",
         "strict": true,
@@ -19,4 +18,4 @@
     "exclude": [
         "test",
     ],
-}
\ No newline at end of file
+}