Add summary identifiers to npmrepo

samuelbjohnson · samuelbjohnson · commit 16858a26976d · 2015-03-24T14:58:35.000-04:00
diff --git a/repository/npmrepository.json b/repository/npmrepository.json
@@ -29,6 +29,9 @@
 			{
 				"below" : "1.0.0.beta.3",
 				"severity": "high",
+				"identifiers": {
+					"summary": "poorly sanitized input passed to eval()"
+				},
 				"info" : [ "https://github.com/wycats/handlebars.js/pull/68" ]
 			}
 		]
@@ -99,11 +102,17 @@
 		"vulnerabilities" : [
 			{ "below" : "1.1.0",
 				"severity": "high",
+				"identifiers": {
+					"summary": "Cross-site scripting filter bypass"
+				},
 				"info" : [ "https://nealpoole.com/blog/2013/07/xss-filter-bypass-in-validator-nodejs-module/" ]
 			},
 			{
 				"below" : "2.0.0",
 				"severity": "low",
+				"identifiers": {
+					"summary": "Remove cross-site scripting filter"
+				},
 				"info" : [ "https://github.com/chriso/validator.js/commit/2d5d6999541add350fb396ef02dc42ca3215049e" ]
 			}
 		]
@@ -128,6 +137,9 @@
 			{
 				"below" : "1.0.0.beta.3",
 				"severity": "high",
+				"identifiers": {
+					"summary": "poorly sanitized input passed to eval()"
+				},
 				"info" : [ "https://github.com/wycats/handlebars.js/pull/68" ] }
 		]
 	},
@@ -228,6 +240,10 @@
 			{
 				"below" : "0.9.7",
 				"severity": "medium",
+				"identifiers": {
+					"bug": "699",
+					"summary": "Bound attributes aren't escaped properly"
+				},
 				"info" : [ "https://github.com/emberjs/ember.js/issues/699" ]
 			}
 		]
@@ -295,7 +311,10 @@
 			{
 				"below" : "0.5.0",
 				"severity": "medium",
-				"identifiers": {"release": "0.5.0"},
+				"identifiers": {
+					"release": "0.5.0",
+					"summary": "cross-site scripting vulnerability"
+				},
 				"info" : [ "http://backbonejs.org/#changelog" ]
 			}
 		]
@@ -305,7 +324,10 @@
 			{
 				"below" : "0.3.1",
 				"severity": "medium",
-				"identifiers": {"bug": "112"},
+				"identifiers": {
+					"bug": "112",
+					"summary": "execution of arbitrary javascript"
+				},
 				"info" : [ "https://github.com/janl/mustache.js/issues/112" ]
 			}
 		]
@@ -423,6 +445,9 @@
 			{
 				"below" : "1.4.3",
 				"severity": "medium",
+				"identifiers": {
+					"summary": "Sanitization not applied recursively"
+				},
 				"info" : [ "https://github.com/punkave/sanitize-html/issues/29" ]
 			}
 		]

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,9 @@`
`29`	`29`	`{`
`30`	`30`	`"below" : "1.0.0.beta.3",`
`31`	`31`	`"severity": "high",`
	`32`	`+ "identifiers": {`
	`33`	`+ "summary": "poorly sanitized input passed to eval()"`
	`34`	`+ },`
`32`	`35`	`"info" : [ "https://github.com/wycats/handlebars.js/pull/68" ]`
`33`	`36`	`}`
`34`	`37`	`]`
`@@ -99,11 +102,17 @@`
`99`	`102`	`"vulnerabilities" : [`
`100`	`103`	`{ "below" : "1.1.0",`
`101`	`104`	`"severity": "high",`
	`105`	`+ "identifiers": {`
	`106`	`+ "summary": "Cross-site scripting filter bypass"`
	`107`	`+ },`
`102`	`108`	`"info" : [ "https://nealpoole.com/blog/2013/07/xss-filter-bypass-in-validator-nodejs-module/" ]`
`103`	`109`	`},`
`104`	`110`	`{`
`105`	`111`	`"below" : "2.0.0",`
`106`	`112`	`"severity": "low",`
	`113`	`+ "identifiers": {`
	`114`	`+ "summary": "Remove cross-site scripting filter"`
	`115`	`+ },`
`107`	`116`	`"info" : [ "https://github.com/chriso/validator.js/commit/2d5d6999541add350fb396ef02dc42ca3215049e" ]`
`108`	`117`	`}`
`109`	`118`	`]`
`@@ -128,6 +137,9 @@`
`128`	`137`	`{`
`129`	`138`	`"below" : "1.0.0.beta.3",`
`130`	`139`	`"severity": "high",`
	`140`	`+ "identifiers": {`
	`141`	`+ "summary": "poorly sanitized input passed to eval()"`
	`142`	`+ },`
`131`	`143`	`"info" : [ "https://github.com/wycats/handlebars.js/pull/68" ] }`
`132`	`144`	`]`
`133`	`145`	`},`
`@@ -228,6 +240,10 @@`
`228`	`240`	`{`
`229`	`241`	`"below" : "0.9.7",`
`230`	`242`	`"severity": "medium",`
	`243`	`+ "identifiers": {`
	`244`	`+ "bug": "699",`
	`245`	`+ "summary": "Bound attributes aren't escaped properly"`
	`246`	`+ },`
`231`	`247`	`"info" : [ "https://github.com/emberjs/ember.js/issues/699" ]`
`232`	`248`	`}`
`233`	`249`	`]`
`@@ -295,7 +311,10 @@`
`295`	`311`	`{`
`296`	`312`	`"below" : "0.5.0",`
`297`	`313`	`"severity": "medium",`
`298`		`- "identifiers": {"release": "0.5.0"},`
	`314`	`+ "identifiers": {`
	`315`	`+ "release": "0.5.0",`
	`316`	`+ "summary": "cross-site scripting vulnerability"`
	`317`	`+ },`
`299`	`318`	`"info" : [ "http://backbonejs.org/#changelog" ]`
`300`	`319`	`}`
`301`	`320`	`]`
`@@ -305,7 +324,10 @@`
`305`	`324`	`{`
`306`	`325`	`"below" : "0.3.1",`
`307`	`326`	`"severity": "medium",`
`308`		`- "identifiers": {"bug": "112"},`
	`327`	`+ "identifiers": {`
	`328`	`+ "bug": "112",`
	`329`	`+ "summary": "execution of arbitrary javascript"`
	`330`	`+ },`
`309`	`331`	`"info" : [ "https://github.com/janl/mustache.js/issues/112" ]`
`310`	`332`	`}`
`311`	`333`	`]`
`@@ -423,6 +445,9 @@`
`423`	`445`	`{`
`424`	`446`	`"below" : "1.4.3",`
`425`	`447`	`"severity": "medium",`
	`448`	`+ "identifiers": {`
	`449`	`+ "summary": "Sanitization not applied recursively"`
	`450`	`+ },`
`426`	`451`	`"info" : [ "https://github.com/punkave/sanitize-html/issues/29" ]`
`427`	`452`	`}`
`428`	`453`	`]`