Server.Enrichment.SecureAnnex :: Velociraptor

Server.Enrichment.SecureAnnex

Submit an extension to the Secure Annex API.

https://app.secureannex.com/settings/api

This artifact can be called from within another artifact, like one looking for installed Chrome extensions, to enrich the data coming back with vulnerability information from Secure Annex.

Ex.

SELECT * from Artifact.Server.Enrichment.SecureAnnex(ExtensionId=$EXTENSION_ID,ExtensionVersion=$EXTENSION_VERSION,ApiKey=$API_KEY)


name: Server.Enrichment.SecureAnnex
author: Whitney Champion -- bsky.app/profile/whit.zip
description: |
  Submit an extension to the Secure Annex API.

  https://app.secureannex.com/settings/api

  This artifact can be called from within another artifact, like one looking for installed Chrome extensions, to enrich the data coming back with vulnerability information from Secure Annex.
  
  Ex.

    `SELECT * from Artifact.Server.Enrichment.SecureAnnex(ExtensionId=$EXTENSION_ID,ExtensionVersion=$EXTENSION_VERSION,ApiKey=$API_KEY)`


type: SERVER

parameters:
    - name: ExtensionId
      type: string
      description: The extension ID to submit to SecureAnnex
    - name: ExtensionVersion
      type: string
      description: The extension version to submit to SecureAnnex
    - name: ApiKey
      type: string
      description: The API key to submit to SecureAnnex
      default: 
    - name: ApiURL
      type: string
      description: The SecureAnnex API URL
      default: https://api.secureannex.com/api/v0/vulnerabilities

sources:
  - query: |
        // Get the JSON response from the API call
        LET Response = SELECT parse_json(data=Content).result AS Vulnerabilities
            FROM http_client(url=ApiURL, 
            headers=dict(`x-api-key`=ApiKey), 
            params=dict(`extension_id`=ExtensionId,`version`=ExtensionVersion,`page`=1,`page_size`=100),
            method='GET')

        SELECT * FROM foreach(
             row=Response,
             query={
              SELECT
              name as Name,
              version as Version,
              vulnerability.severity AS VulnerabilitySeverity,
              component AS Component,
              detection AS Detection,
              extension_id AS ExtensionID,
              file_path AS FilePath,
              npmname AS NPMName,
              vuln_version AS VulnVersion,
              vulnerability.atOrAbove AS VulnerabilityAtOrAbove,
              vulnerability.below AS VulnerabilityBelow,
              vulnerability.identifiers AS VulnerabilityIdentifiers,
              vulnerability.info AS VulnerabilityInfo
               FROM foreach(row=Vulnerabilities)
             })