-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpatch-vulnerabilities.js
More file actions
129 lines (112 loc) · 5.7 KB
/
patch-vulnerabilities.js
File metadata and controls
129 lines (112 loc) · 5.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
const fs = require('fs');
const path = require('path');
// Create a patch for the vulnerabilities
try {
// Patch nth-check in react-scripts
const reactScriptsNthCheckPath = path.join(__dirname, 'node_modules', 'react-scripts', 'node_modules', 'nth-check');
if (fs.existsSync(reactScriptsNthCheckPath)) {
console.log('Patching nth-check in react-scripts...');
// Delete the vulnerable version and replace with our secure version
const secureNthCheckPath = path.join(__dirname, 'node_modules', 'nth-check');
if (fs.existsSync(secureNthCheckPath)) {
fs.rmSync(reactScriptsNthCheckPath, { recursive: true, force: true });
// Copy the contents instead of creating a symlink
fs.mkdirSync(reactScriptsNthCheckPath, { recursive: true });
fs.readdirSync(secureNthCheckPath).forEach(file => {
const sourcePath = path.join(secureNthCheckPath, file);
const destPath = path.join(reactScriptsNthCheckPath, file);
if (fs.statSync(sourcePath).isFile()) {
fs.copyFileSync(sourcePath, destPath);
} else {
fs.cpSync(sourcePath, destPath, { recursive: true });
}
});
console.log('Successfully patched nth-check vulnerability in react-scripts!');
} else {
console.log('Secure nth-check not found. Please install it first with: npm install nth-check@latest');
}
} else {
console.log('Vulnerable nth-check not found in react-scripts. No patch needed.');
}
// Patch postcss in react-scripts/resolve-url-loader
const resolveUrlLoaderPostcssPath = path.join(__dirname, 'node_modules', 'react-scripts', 'node_modules', 'resolve-url-loader', 'node_modules', 'postcss');
if (fs.existsSync(resolveUrlLoaderPostcssPath)) {
console.log('Patching postcss in react-scripts/resolve-url-loader...');
// Delete the vulnerable version and replace with our secure version
const securePostcssPath = path.join(__dirname, 'node_modules', 'postcss');
if (fs.existsSync(securePostcssPath)) {
fs.rmSync(resolveUrlLoaderPostcssPath, { recursive: true, force: true });
// Copy the contents instead of creating a symlink
fs.mkdirSync(resolveUrlLoaderPostcssPath, { recursive: true });
fs.readdirSync(securePostcssPath).forEach(file => {
const sourcePath = path.join(securePostcssPath, file);
const destPath = path.join(resolveUrlLoaderPostcssPath, file);
if (fs.statSync(sourcePath).isFile()) {
fs.copyFileSync(sourcePath, destPath);
} else {
fs.cpSync(sourcePath, destPath, { recursive: true });
}
});
console.log('Successfully patched postcss vulnerability in react-scripts/resolve-url-loader!');
} else {
console.log('Secure postcss not found. Please install it first with: npm install postcss@latest');
}
} else {
console.log('Vulnerable postcss not found in react-scripts/resolve-url-loader. No patch needed.');
}
// Patch css-select in react-scripts
const reactScriptsCssSelectPath = path.join(__dirname, 'node_modules', 'react-scripts', 'node_modules', 'css-select');
if (fs.existsSync(reactScriptsCssSelectPath)) {
console.log('Patching css-select in react-scripts...');
// Delete the vulnerable version and replace with our secure version
const secureCssSelectPath = path.join(__dirname, 'node_modules', 'css-select');
if (fs.existsSync(secureCssSelectPath)) {
fs.rmSync(reactScriptsCssSelectPath, { recursive: true, force: true });
// Copy the contents instead of creating a symlink
fs.mkdirSync(reactScriptsCssSelectPath, { recursive: true });
fs.readdirSync(secureCssSelectPath).forEach(file => {
const sourcePath = path.join(secureCssSelectPath, file);
const destPath = path.join(reactScriptsCssSelectPath, file);
if (fs.statSync(sourcePath).isFile()) {
fs.copyFileSync(sourcePath, destPath);
} else {
fs.cpSync(sourcePath, destPath, { recursive: true });
}
});
console.log('Successfully patched css-select vulnerability in react-scripts!');
} else {
console.log('Secure css-select not found. Please install it first with: npm install css-select@latest');
}
} else {
console.log('Vulnerable css-select not found in react-scripts. No patch needed.');
}
// Patch svgo in react-scripts
const reactScriptsSvgoPath = path.join(__dirname, 'node_modules', 'react-scripts', 'node_modules', 'svgo');
if (fs.existsSync(reactScriptsSvgoPath)) {
console.log('Patching svgo in react-scripts...');
// Delete the vulnerable version and replace with our secure version
const secureSvgoPath = path.join(__dirname, 'node_modules', 'svgo');
if (fs.existsSync(secureSvgoPath)) {
fs.rmSync(reactScriptsSvgoPath, { recursive: true, force: true });
// Copy the contents instead of creating a symlink
fs.mkdirSync(reactScriptsSvgoPath, { recursive: true });
fs.readdirSync(secureSvgoPath).forEach(file => {
const sourcePath = path.join(secureSvgoPath, file);
const destPath = path.join(reactScriptsSvgoPath, file);
if (fs.statSync(sourcePath).isFile()) {
fs.copyFileSync(sourcePath, destPath);
} else {
fs.cpSync(sourcePath, destPath, { recursive: true });
}
});
console.log('Successfully patched svgo vulnerability in react-scripts!');
} else {
console.log('Secure svgo not found. Please install it first with: npm install svgo@latest');
}
} else {
console.log('Vulnerable svgo not found in react-scripts. No patch needed.');
}
console.log('Patch process completed.');
} catch (error) {
console.error('Error while applying security patches:', error);
}