fix: [error] cve.References is not iterable

Author: homoluctus

__tests__/utils.test.ts

@@ -0,0 +1,12 @@
+import { isIterable } from '../src/utils';
+
+describe('isIterable', () => {
+  test.each([
+    ['test', true],
+    [[], true],
+    [['this', 'is', 'test'], true],
+    [{ id: 'test' }, false],
+  ])('input %s', (obj, expected) => {
+    expect(isIterable(obj)).toBe(expected);
+  });
+});

src/trivy.ts

@@ -6,6 +6,7 @@ import fetch, { Response } from 'node-fetch';
 import { spawnSync, SpawnSyncReturns } from 'child_process';
 
 import { TrivyOption, Vulnerability } from './interface';
+import { isIterable } from './utils';
 
 export class Downloader {
   githubClient: Octokit;
@@ -180,7 +181,9 @@ export class Trivy {
         vulnTable += `|${cve.InstalledVersion || 'N/A'}|${cve.FixedVersion ||
           'N/A'}|`;
 
-        for (const reference of cve.References) {
+        const references = cve.References;
+        if (!isIterable(references)) continue;
+        for (const reference of references) {
           vulnTable += `${reference || 'N/A'}<br>`;
         }
 

src/utils.ts

@@ -0,0 +1,3 @@
+export function isIterable(obj: Object): Boolean {
+  return obj != null && typeof obj[Symbol.iterator] === 'function';
+}