# Electron Vulnerability Tracker: The Notebook

This notebook serves as a PoC as well proof of execution of the code.

This notebook can be run by anyone, provided the dependencies listed in `pyproject.toml` are installed.

We'll start with some prerequisite code

In [1]:
# Set Autreload
%load_ext autoreload
%autoreload 2

In [2]:
# Import Deps
import csv
import json
import time
from electron_tracker import logger, vulncheck, scraper
# Set Logging Level
logger.LOG_LEVEL = logger.INFO

Now to load our data

In [3]:
# Load App data
with open("electron_apps.csv") as f:
    reader = csv.DictReader(f)
    apps = [l for l in reader]

## Filtering Data

We only want to run against apps with repos that are set to "programmatic" access. This prevents automated processes from overriding human intelligence. In some cases, we known an app is patched, even if this algorithm can't easily discover that fact.

In [4]:
# Filter for only apps with listed repos
apps_with_repos = [a for a in apps if a["repo"] != ""]

In [5]:
# Further filter to exclude manual apps
non_manual_apps = [a for a in apps_with_repos if a["access_type"] == "programmatic"]

## Scraping Repos

Now we make a bunch of HTTPS requests to scrape public repos for their contents, using the responses (at least from GitHub), to determine whether the app is vulnerable.

In [6]:
for a in non_manual_apps:
    package_url = scraper.search_package_json(a["repo"])
    if package_url:
        electron_version = scraper.get_electron_version(package_url)
        if electron_version:
            a["electron_version"] = electron_version
            for v in vulncheck.PATCHED_VERSIONS:
                if vulncheck.is_patched(v, electron_version):
                    a[f"vulnerable_{v}"] = "patched"
                else:
                    a[f"vulnerable_{v}"] = "vulnerable"
        else:
            a["electron_version"] = ""
            for v in vulncheck.PATCHED_VERSIONS:
                a[f"vulnerable_{v}"] = "unknown"
        a["date_accessed"] = time.strftime("%Y-%m-%d %H:%M:%S%z")

## Saving Data

Lastly, we recreate the CSV and JSON files for use by the community!

In [7]:
with open("electron_apps.csv","w") as f:
    writer = csv.DictWriter(f, apps[0].keys())
    writer.writeheader()
    writer.writerows(apps)

with open("electron_apps.json", "w") as f:
    json.dump(apps, f, indent=4)