Giter Site home page Giter Site logo

cve.js's Introduction

CVE.js

CVE.js is a JS client-side library for secure, serverless access to the CVE services REST API.

Features

CVE.js runs in the browser and provides:

  • Serverless access to the MITRE CVE services API.
  • Secure credential management solution using Service Workers.
  • Multi-user session management and session timeouts.
  • Broadcast event notification (similar to push notifications).

The following browsers are currently supported:

  • Google Chrome / Chromium
  • Firefox
  • Opera
  • Microsoft Edge (>= v. 99 preferred)
  • Safari

All versions of Internet Explorer are not supported.

Installation

CVE.js can be integrated by the inclusion of the library in the appropriate component of your application.

<script src="cve.js"></script>

Typically cve.js and sw.js are deployed at the root of the component that will provide access to the CVE Services API. The Service Worker will assume this root as its scope of control. If you need to install sw.js in a different location, be sure to specify its location each time you initialise a handle (see Usage).

Usage

Initialise a new handle to CveServices:

let client = new CveServices();

Want to specify a custom API end point for the MITRE CVE Services API? Need to customise the location where the service worker is installed? These can be customised when initialising the handle.

let client = new CveServices(<API-endpoint>,<sw-installation-path>);

Session management

Before services may be requested from CveServices, a user must be logged in. An error will be returned if no user is logged in or the last user's session timeed out.

await client.login("user", "org", "key");

The active user may be replaced by calling login with a different user's credentials:

await client.login("user2", "org_6", "keyabcdef");

The active session may be manually destroyed (along with the Service Worker in the user's browser) by calling logout:

await client.logout();
Timeout

After login, the active user will be automatically logged out after 1 hour.

Event notifications

Event notifications are provided by the Broadcast Channel Web API.

To subscribe a handle to broadcast event, use the on method like so:

client.on("logout").then(msg => alert(msg.message));

License

This project is published under the MIT license. See LICENSE in the project root directory for a full copy of the license.

cve.js's People

Contributors

sei-vsarvepalli avatar xdrr avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

sei-vsarvepalli

cve.js's Issues

getcveIds should support pagination

The getcveIds with corresponds to authenticated API request for /cve-ids URL can be truncated in cases where the number of records is above the PAGINATOR_OPTIONS.limit which is the pagination limit setup by the API application. (This value is currently set to 500 in CVE-Services 2.1)

https://github.com/CVEProject/cve-services/blob/3546ecc214406224753b6d284195437c81f38edd/src/constants/index.js#L62

In these cases the variables nextPage and pageCount are provided to show that all records that are present and potentially were not returned. Provide the ability to paginate using page numbers as query variable to the cve-id request. If nextPage is null then the queries have reached the final page of the blanket request for cve-ids. This issue is related to Vulnagram issue Vulnogram/Vulnogram#54

Serviceworker restarts / times out causing unexpected loss of state

It seems most browsers desire to restart or terminate service workers after a period of inactivity.
This means cve.js looses stored state sooner than expected and without an explicit timeout.

Investgate the cause and overcome this issue so the explicit timeout could be as long or small as desired.

Storing some state outside the service worker may be an issue depending on the exact nature of the issue.

Browsers halt Service Workers after period of inactivity

CVE.js users have been reporting that the Service Worker is being halted by browsers after a period of inactivity and automatic restart does not occur. Hence, browsers left idle for a while will suddenly experience a broken CVE.js.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.