feat: Add support for Javascript package scanning (Fixes #1453)

intel · Feb 13, 2022 · ccf8ebe · ccf8ebe
1 parent ebb1375
commit ccf8ebe
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/cve_bin_tool/version_scanner.py b/cve_bin_tool/version_scanner.py
@@ -6,6 +6,7 @@
 import subprocess
 import sys
 from re import MULTILINE, compile, search
+from typing import List
 
 import defusedxml.ElementTree as ET
 
@@ -252,12 +253,12 @@ def run_java_checker(self, filename: str) -> None:
 
         self.logger.debug(f"Done scanning file: {filename}")
 
-    def find_js_vendor(self, product: str, version: str) -> list[str]:
+    def find_js_vendor(self, product: str, version: str) -> List[List[str]]:
         """Find vendor for Javascript product"""
         if version == "*":
             return None
         vendor_package_pair = self.cve_db.get_vendor_product_pairs(product)
-        vendorlist = []
+        vendorlist: List[List[str]] = []
         if vendor_package_pair != []:
             # To handle multiple vendors, return all combinations of product/vendor mappings
             for v in vendor_package_pair:
@@ -271,7 +272,7 @@ def find_js_vendor(self, product: str, version: str) -> list[str]:
             return vendorlist if len(vendorlist) > 0 else None
         return None
 
-    def run_js_checker(self, filename: str) ->  None:
+    def run_js_checker(self, filename: str) -> None:
         """Process package-lock.json file and extract product and dependency details"""
         fh = open(filename)
         data = json.load(fh)