Skip to content

Commit 72f55aa

Browse files
Copilotfelickz
Copilot
and
felickz
authored
Fix remaining dependabot alerts: replace vulnerable ip package with ipaddr.js, update fast-xml-parser override to 5.5.10, remove unused ip dep from secretValidator
Agent-Logs-Url: https://github.com/advanced-security/GSSAR/sessions/aaf20009-ecfb-4c32-8a8e-fc7307710cd0 Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
1 parent eb7ec5b commit 72f55aa

10 files changed

Lines changed: 218 additions & 216 deletions

File tree

functions/authorizers/githubWebhookIPValidator/package-lock.json

Lines changed: 31 additions & 39 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

functions/authorizers/githubWebhookIPValidator/package.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@
1111
"devDependencies": {
1212
"@tsconfig/node18": "^1.0.1",
1313
"@types/aws-lambda": "^8.10.109",
14-
"@types/ip": "^1.1.0",
1514
"@types/json-schema": "^7.0.11",
1615
"@types/node": "^18.11.17",
1716
"@typescript-eslint/eslint-plugin": "^5.47.0",
@@ -35,6 +34,6 @@
3534
"@aws-sdk/client-ssm": "^3.816.0",
3635
"@octokit/auth-app": "^8.0.1",
3736
"@octokit/graphql": "^9.0.1",
38-
"ip": "^2.0.1"
37+
"ipaddr.js": "^2.2.0"
3938
}
4039
}

functions/authorizers/githubWebhookIPValidator/src/checkIPs.ts

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,11 @@
1-
import { cidrSubnet } from "ip";
1+
import * as ipaddr from "ipaddr.js";
22

33
const findIP = (keys: string[], ipToCheck: string) => {
4-
return keys.some((cidr) => cidrSubnet(cidr).contains(ipToCheck));
4+
const parsedIP = ipaddr.parse(ipToCheck);
5+
return keys.some((cidr) => {
6+
const [addr, prefixLength] = ipaddr.parseCIDR(cidr);
7+
return parsedIP.match(addr, prefixLength);
8+
});
59
};
610

711
export const checkIPs = async (

functions/authorizers/githubWebhookIPValidator/yarn.lock

Lines changed: 26 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1036,13 +1036,6 @@
10361036
resolved "https://registry.npmjs.org/@types/aws-lambda/-/aws-lambda-8.10.149.tgz"
10371037
integrity sha512-NXSZIhfJjnXqJgtS7IwutqIF/SOy1Wz5Px4gUY1RWITp3AYTyuJS4xaXr/bIJY1v15XMzrJ5soGnPM+7uigZjA==
10381038

1039-
"@types/ip@^1.1.0":
1040-
version "1.1.0"
1041-
resolved "https://registry.npmjs.org/@types/ip/-/ip-1.1.0.tgz"
1042-
integrity sha512-dwNe8gOoF70VdL6WJBwVHtQmAX4RMd62M+mAB9HQFjG1/qiCLM/meRy95Pd14FYBbEDwCq7jgJs89cHpLBu4HQ==
1043-
dependencies:
1044-
"@types/node" "*"
1045-
10461039
"@types/json-schema@^7.0.11", "@types/json-schema@^7.0.9":
10471040
version "7.0.11"
10481041
resolved "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz"
@@ -1523,7 +1516,7 @@ flatted@^3.1.0:
15231516
fs.realpath@^1.0.0:
15241517
version "1.0.0"
15251518
resolved "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz"
1526-
integrity sha1-FQStJSMVjKpA20onh8sBQRmU6k8= sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==
1519+
integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==
15271520

15281521
glob-parent@^5.1.2:
15291522
version "5.1.2"
@@ -1540,14 +1533,14 @@ glob-parent@^6.0.2:
15401533
is-glob "^4.0.3"
15411534

15421535
glob@^7.1.3:
1543-
version "7.2.0"
1544-
resolved "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz"
1545-
integrity sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==
1536+
version "7.2.3"
1537+
resolved "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz"
1538+
integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==
15461539
dependencies:
15471540
fs.realpath "^1.0.0"
15481541
inflight "^1.0.4"
15491542
inherits "2"
1550-
minimatch "^3.0.4"
1543+
minimatch "^3.1.1"
15511544
once "^1.3.0"
15521545
path-is-absolute "^1.0.0"
15531546

@@ -1581,9 +1574,9 @@ has-flag@^4.0.0:
15811574
integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
15821575

15831576
ignore@^5.2.0:
1584-
version "5.2.0"
1585-
resolved "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz"
1586-
integrity sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==
1577+
version "5.3.2"
1578+
resolved "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz"
1579+
integrity sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==
15871580

15881581
import-fresh@^3.2.1:
15891582
version "3.3.1"
@@ -1596,12 +1589,12 @@ import-fresh@^3.2.1:
15961589
imurmurhash@^0.1.4:
15971590
version "0.1.4"
15981591
resolved "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz"
1599-
integrity sha1-khi5srkoojixPcT7a21XbyMUU+o= sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==
1592+
integrity sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==
16001593

16011594
inflight@^1.0.4:
16021595
version "1.0.6"
16031596
resolved "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz"
1604-
integrity sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk= sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==
1597+
integrity sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==
16051598
dependencies:
16061599
once "^1.3.0"
16071600
wrappy "1"
@@ -1611,15 +1604,15 @@ inherits@2:
16111604
resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz"
16121605
integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
16131606

1614-
ip@^2.0.1:
1615-
version "2.0.1"
1616-
resolved "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz"
1617-
integrity sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==
1607+
ipaddr.js@^2.2.0:
1608+
version "2.3.0"
1609+
resolved "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.3.0.tgz"
1610+
integrity sha512-Zv/pA+ciVFbCSBBjGfaKUya/CcGmUHzTydLMaTwrUUEM2DIEO3iZvueGxmacvmN50fGpGVKeTXpb2LcYQxeVdg==
16181611

16191612
is-extglob@^2.1.1:
16201613
version "2.1.1"
16211614
resolved "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz"
1622-
integrity sha1-qIwCU1eR8C7TfHahueqXc8gz+MI= sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==
1615+
integrity sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==
16231616

16241617
is-glob@^4.0.0, is-glob@^4.0.1, is-glob@^4.0.3:
16251618
version "4.0.3"
@@ -1641,7 +1634,7 @@ is-path-inside@^3.0.3:
16411634
isexe@^2.0.0:
16421635
version "2.0.0"
16431636
resolved "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz"
1644-
integrity sha1-6PvzdNxVb/iUehDcsFctYz8s+hA= sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
1637+
integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
16451638

16461639
js-yaml@^4.1.0:
16471640
version "4.1.1"
@@ -1658,7 +1651,7 @@ json-schema-traverse@^0.4.1:
16581651
json-stable-stringify-without-jsonify@^1.0.1:
16591652
version "1.0.1"
16601653
resolved "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz"
1661-
integrity sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE= sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==
1654+
integrity sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==
16621655

16631656
levn@^0.4.1:
16641657
version "0.4.1"
@@ -1698,7 +1691,7 @@ micromatch@^4.0.8:
16981691
braces "^3.0.3"
16991692
picomatch "^2.3.1"
17001693

1701-
minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.2:
1694+
minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2:
17021695
version "3.1.5"
17031696
resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz"
17041697
integrity sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==
@@ -1718,12 +1711,12 @@ natural-compare-lite@^1.4.0:
17181711
natural-compare@^1.4.0:
17191712
version "1.4.0"
17201713
resolved "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz"
1721-
integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc= sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==
1714+
integrity sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==
17221715

17231716
once@^1.3.0:
17241717
version "1.4.0"
17251718
resolved "https://registry.npmjs.org/once/-/once-1.4.0.tgz"
1726-
integrity sha1-WDsap3WWHUsROsF9nFC6753Xa9E= sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==
1719+
integrity sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==
17271720
dependencies:
17281721
wrappy "1"
17291722

@@ -1773,7 +1766,7 @@ path-expression-matcher@^1.1.3, path-expression-matcher@^1.2.0:
17731766
path-is-absolute@^1.0.0:
17741767
version "1.0.1"
17751768
resolved "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz"
1776-
integrity sha1-F0uSaHNVNP+8es5r9TpanhtcX18= sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==
1769+
integrity sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==
17771770

17781771
path-key@^3.1.0:
17791772
version "3.1.1"
@@ -1796,9 +1789,9 @@ prelude-ls@^1.2.1:
17961789
integrity sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==
17971790

17981791
prettier-linter-helpers@^1.0.0:
1799-
version "1.0.0"
1800-
resolved "https://registry.npmjs.org/prettier-linter-helpers/-/prettier-linter-helpers-1.0.0.tgz"
1801-
integrity sha512-GbK2cP9nraSSUF9N2XwUwqfzlAFlMNYYl+ShE/V+H8a9uNl/oUqB1w2EL54Jh0OlyRSd8RfWYJ3coVS4TROP2w==
1792+
version "1.0.1"
1793+
resolved "https://registry.npmjs.org/prettier-linter-helpers/-/prettier-linter-helpers-1.0.1.tgz"
1794+
integrity sha512-SxToR7P8Y2lWmv/kTzVLC1t/GDI2WGjMwNhLLE9qtH8Q13C+aEmuRlzDst4Up4s0Wc8sF2M+J57iB3cMLqftfg==
18021795
dependencies:
18031796
fast-diff "^1.1.2"
18041797

@@ -1890,7 +1883,7 @@ supports-color@^7.1.0:
18901883
text-table@^0.2.0:
18911884
version "0.2.0"
18921885
resolved "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz"
1893-
integrity sha1-f17oI66AUgfACvLfSoTsP8+lcLQ= sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==
1886+
integrity sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==
18941887

18951888
to-regex-range@^5.0.1:
18961889
version "5.0.1"
@@ -1999,7 +1992,7 @@ word-wrap@^1.2.5:
19991992
wrappy@1:
20001993
version "1.0.2"
20011994
resolved "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz"
2002-
integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8= sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==
1995+
integrity sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==
20031996

20041997
yn@3.1.1:
20051998
version "3.1.1"

0 commit comments

Comments
 (0)