@@ -39,6 +39,8 @@ class Advisory {
3939 this . severity = source . severity || 'high'
4040 this . versions = [ ]
4141 this . vulnerableVersions = [ ]
42+ this . cwe = source . cwe
43+ this . cvss = source . cvss
4244
4345 // advisories have the range, metavulns do not
4446 // if an advisory doesn't specify range, assume all are vulnerable
@@ -326,7 +328,7 @@ class Advisory {
326328 list . push ( v )
327329 }
328330
329- for ( const list of versionSets ) {
331+ for ( const set of versionSets ) {
330332 // it's common to have version lists like:
331333 // 1.0.0
332334 // 1.0.1-alpha.0
@@ -340,54 +342,54 @@ class Advisory {
340342 // 1.0.2
341343 // with a huge number of prerelease versions that are not installable
342344 // anyway.
343- // If mid has a prerelease tag, and list [0] does not, then walk it
345+ // If mid has a prerelease tag, and set [0] does not, then walk it
344346 // back until we hit a non-prerelease version
345- // If mid has a prerelease tag, and list[list .length-1] does not,
347+ // If mid has a prerelease tag, and set[set .length-1] does not,
346348 // then walk it forward until we hit a version without a prerelease tag
347349 // Similarly, if the head/tail is a prerelease, but there is a non-pr
348- // version in the list , then start there instead.
350+ // version in the set , then start there instead.
349351 let h = 0
350- const origHeadVuln = this . testVersion ( list [ h ] )
351- while ( h < list . length && / - / . test ( String ( list [ h ] ) ) ) {
352+ const origHeadVuln = this . testVersion ( set [ h ] )
353+ while ( h < set . length && / - / . test ( String ( set [ h ] ) ) ) {
352354 h ++
353355 }
354356
355357 // don't filter out the whole list! they might all be pr's
356- if ( h === list . length ) {
358+ if ( h === set . length ) {
357359 h = 0
358360 } else if ( origHeadVuln ) {
359361 // if the original was vulnerable, assume so are all of these
360362 for ( let hh = 0 ; hh < h ; hh ++ ) {
361- this [ _markVulnerable ] ( list [ hh ] )
363+ this [ _markVulnerable ] ( set [ hh ] )
362364 }
363365 }
364366
365- let t = list . length - 1
366- const origTailVuln = this . testVersion ( list [ t ] )
367- while ( t > h && / - / . test ( String ( list [ t ] ) ) ) {
367+ let t = set . length - 1
368+ const origTailVuln = this . testVersion ( set [ t ] )
369+ while ( t > h && / - / . test ( String ( set [ t ] ) ) ) {
368370 t --
369371 }
370372
371373 // don't filter out the whole list! might all be pr's
372374 if ( t === h ) {
373- t = list . length - 1
375+ t = set . length - 1
374376 } else if ( origTailVuln ) {
375377 // if original tail was vulnerable, assume these are as well
376- for ( let tt = list . length - 1 ; tt > t ; tt -- ) {
377- this [ _markVulnerable ] ( list [ tt ] )
378+ for ( let tt = set . length - 1 ; tt > t ; tt -- ) {
379+ this [ _markVulnerable ] ( set [ tt ] )
378380 }
379381 }
380382
381383 const headVuln = h === 0 ? origHeadVuln
382- : this . testVersion ( list [ h ] )
384+ : this . testVersion ( set [ h ] )
383385
384- const tailVuln = t === list . length - 1 ? origTailVuln
385- : this . testVersion ( list [ t ] )
386+ const tailVuln = t === set . length - 1 ? origTailVuln
387+ : this . testVersion ( set [ t ] )
386388
387389 // if head and tail both vulnerable, whole list is thrown out
388390 if ( headVuln && tailVuln ) {
389391 for ( let v = h ; v < t ; v ++ ) {
390- this [ _markVulnerable ] ( list [ v ] )
392+ this [ _markVulnerable ] ( set [ v ] )
391393 }
392394 continue
393395 }
@@ -397,9 +399,9 @@ class Advisory {
397399 continue
398400 }
399401
400- const mid = Math . floor ( list . length / 2 )
401- const pre = list . slice ( 0 , mid )
402- const post = list . slice ( mid )
402+ const mid = Math . floor ( set . length / 2 )
403+ const pre = set . slice ( 0 , mid )
404+ const post = set . slice ( mid )
403405
404406 // if the parent list wasn't prereleases, then drop pr tags
405407 // from end of the pre list, and beginning of the post list,
0 commit comments