Socket
Socket
Sign inDemoInstall

@snyk/snyk-cocoapods-plugin

Package Overview
Dependencies
Maintainers
1
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@snyk/snyk-cocoapods-plugin - npm Package Compare versions

Comparing version 2.0.1 to 2.1.0

406

dist/index.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
var tslib_1 = require("tslib");
var fs = require("fs");
var path = require("path");
var crypto = require("crypto");
var subProcess = require("./sub-process");
var cocoapods_lockfile_parser_1 = require("@snyk/cocoapods-lockfile-parser");
var legacy_1 = require("@snyk/dep-graph/dist/legacy");
const tslib_1 = require("tslib");
const fs = require("fs");
const path = require("path");
const crypto = require("crypto");
const subProcess = require("./sub-process");
const cocoapods_lockfile_parser_1 = require("@snyk/cocoapods-lockfile-parser");
const legacy_1 = require("@snyk/dep-graph/dist/legacy");
// Compile-time check that we are implementing the plugin API properly
// eslint-disable-next-line @typescript-eslint/no-unused-vars
var _ = {
pluginName: function () {
const _ = {
pluginName() {
return "snyk-cocoapods-plugin";
},
inspect: inspect,
inspect,
};
var MANIFEST_FILE_NAMES = [
const MANIFEST_FILE_NAMES = [
"CocoaPods.podfile.yaml",

@@ -24,102 +24,73 @@ "CocoaPods.podfile",

];
var LOCKFILE_NAME = "Podfile.lock";
const LOCKFILE_NAME = "Podfile.lock";
function inspect(root, targetFile, options) {
return tslib_1.__awaiter(this, void 0, void 0, function () {
function expectToFindLockfile(dir) {
if (dir === void 0) { dir = '.'; }
return tslib_1.__awaiter(this, void 0, void 0, function () {
var discoveredLockfilePath;
return tslib_1.__generator(this, function (_a) {
switch (_a.label) {
case 0: return [4 /*yield*/, findLockfile(root, dir)];
case 1:
discoveredLockfilePath = _a.sent();
if (!discoveredLockfilePath) {
throw new Error("Could not find lockfile \"Podfile.lock\"! This might be resolved by running `pod install`.");
}
return [2 /*return*/, discoveredLockfilePath];
}
});
return tslib_1.__awaiter(this, void 0, void 0, function* () {
if (!options) {
options = { dev: false };
}
if (!("strictOutOfSync" in options)) {
options.strictOutOfSync = false;
}
if (options.subProject) {
throw new Error("The CocoaPods plugin doesn't support specifying a subProject!");
}
let lockfilePath;
function expectToFindLockfile(dir = '.') {
return tslib_1.__awaiter(this, void 0, void 0, function* () {
const discoveredLockfilePath = yield findLockfile(root, dir);
if (!discoveredLockfilePath) {
throw new Error("Could not find lockfile \"Podfile.lock\"! This might be resolved by running `pod install`.");
}
return discoveredLockfilePath;
});
}
var lockfilePath, manifestFilePath, _a, base, dir, absTargetFilePath, absLockfilePath, absManifestFilePath, result, plugin, _b, depTree;
return tslib_1.__generator(this, function (_c) {
switch (_c.label) {
case 0:
if (!options) {
options = { dev: false };
}
if (!("strictOutOfSync" in options)) {
options.strictOutOfSync = false;
}
if (options.subProject) {
throw new Error("The CocoaPods plugin doesn't support specifying a subProject!");
}
if (!targetFile) return [3 /*break*/, 7];
_a = path.parse(targetFile), base = _a.base, dir = _a.dir;
if (!(base === LOCKFILE_NAME)) return [3 /*break*/, 2];
lockfilePath = targetFile;
return [4 /*yield*/, findManifestFile(root, dir)];
case 1:
manifestFilePath = _c.sent();
return [3 /*break*/, 6];
case 2:
if (!(MANIFEST_FILE_NAMES.indexOf(base) !== -1)) return [3 /*break*/, 5];
absTargetFilePath = path.join(root, targetFile);
return [4 /*yield*/, fsExists(absTargetFilePath)];
case 3:
if (!(_c.sent())) {
throw new Error("Given target file (\"" + targetFile + "\") doesn't exist!");
}
manifestFilePath = targetFile;
return [4 /*yield*/, expectToFindLockfile(dir)];
case 4:
lockfilePath = _c.sent();
return [3 /*break*/, 6];
case 5: throw new Error("Unexpected name for target file!");
case 6: return [3 /*break*/, 10];
case 7: return [4 /*yield*/, findManifestFile(root)];
case 8:
manifestFilePath = _c.sent();
return [4 /*yield*/, expectToFindLockfile()];
case 9:
lockfilePath = _c.sent();
_c.label = 10;
case 10:
absLockfilePath = path.join(root, lockfilePath);
if (!options.strictOutOfSync) return [3 /*break*/, 12];
if (!manifestFilePath) {
throw new Error("Option `--strict-out-of-sync=true` given, but no manifest file could be found!");
}
absManifestFilePath = path.join(root, manifestFilePath);
return [4 /*yield*/, verifyChecksum(absManifestFilePath, absLockfilePath)];
case 11:
result = _c.sent();
if (result === ChecksumVerificationResult.NoChecksumInLockfile) {
throw new Error("Option `--strict-out-of-sync=true` given, but lockfile doesn't encode checksum of Podfile! "
+ "Try to update the CocoaPods integration via \"pod install\" or omit the option.");
}
if (result === ChecksumVerificationResult.Invalid) {
throw new OutOfSyncError(manifestFilePath, lockfilePath);
}
_c.label = 12;
case 12:
_b = {
meta: {},
name: 'cocoapods'
};
return [4 /*yield*/, cocoapodsVersion(root)];
case 13:
plugin = (_b.runtime = _c.sent(),
_b.targetFile = manifestFilePath || lockfilePath,
_b);
return [4 /*yield*/, getAllDeps(absLockfilePath)];
case 14:
depTree = _c.sent();
return [2 /*return*/, {
package: depTree,
plugin: plugin,
}];
let manifestFilePath;
if (targetFile) {
const { base, dir } = path.parse(targetFile);
if (base === LOCKFILE_NAME) {
lockfilePath = targetFile;
manifestFilePath = yield findManifestFile(root, dir);
}
});
else if (MANIFEST_FILE_NAMES.indexOf(base) !== -1) {
const absTargetFilePath = path.join(root, targetFile);
if (!(yield fsExists(absTargetFilePath))) {
throw new Error(`Given target file ("${targetFile}") doesn't exist!`);
}
manifestFilePath = targetFile;
lockfilePath = yield expectToFindLockfile(dir);
}
else {
throw new Error("Unexpected name for target file!");
}
}
else {
manifestFilePath = yield findManifestFile(root);
lockfilePath = yield expectToFindLockfile();
}
const absLockfilePath = path.join(root, lockfilePath);
if (options.strictOutOfSync) {
if (!manifestFilePath) {
throw new Error("Option `--strict-out-of-sync=true` given, but no manifest file could be found!");
}
const absManifestFilePath = path.join(root, manifestFilePath);
const result = yield verifyChecksum(absManifestFilePath, absLockfilePath);
if (result === ChecksumVerificationResult.NoChecksumInLockfile) {
throw new Error("Option `--strict-out-of-sync=true` given, but lockfile doesn't encode checksum of Podfile! "
+ "Try to update the CocoaPods integration via \"pod install\" or omit the option.");
}
if (result === ChecksumVerificationResult.Invalid) {
throw new OutOfSyncError(manifestFilePath, lockfilePath);
}
}
const plugin = {
meta: {},
name: 'cocoapods',
runtime: yield cocoapodsVersion(root),
targetFile: manifestFilePath || lockfilePath,
};
const depTree = yield getAllDeps(absLockfilePath);
return {
package: depTree,
plugin,
};
});

@@ -129,12 +100,10 @@ }

function fsExists(pathToTest) {
return tslib_1.__awaiter(this, void 0, void 0, function () {
return tslib_1.__generator(this, function (_a) {
return [2 /*return*/, new Promise(function (resolve, reject) {
try {
fs.exists(pathToTest, function (exists) { return resolve(exists); });
}
catch (error) {
reject(error);
}
})];
return tslib_1.__awaiter(this, void 0, void 0, function* () {
return new Promise((resolve, reject) => {
try {
fs.exists(pathToTest, (exists) => resolve(exists));
}
catch (error) {
reject(error);
}
});

@@ -144,59 +113,30 @@ });

function fsReadFile(filename) {
return tslib_1.__awaiter(this, void 0, void 0, function () {
return tslib_1.__generator(this, function (_a) {
return [2 /*return*/, new Promise(function (resolve, reject) {
fs.readFile(filename, 'utf8', function (err, data) {
if (err) {
reject(err);
return;
}
resolve(data);
});
})];
return tslib_1.__awaiter(this, void 0, void 0, function* () {
return new Promise((resolve, reject) => {
fs.readFile(filename, 'utf8', (err, data) => {
if (err) {
reject(err);
return;
}
resolve(data);
});
});
});
}
function findManifestFile(root, dir) {
if (dir === void 0) { dir = '.'; }
return tslib_1.__awaiter(this, void 0, void 0, function () {
var _i, MANIFEST_FILE_NAMES_1, manifestFileName, targetFilePath;
return tslib_1.__generator(this, function (_a) {
switch (_a.label) {
case 0:
_i = 0, MANIFEST_FILE_NAMES_1 = MANIFEST_FILE_NAMES;
_a.label = 1;
case 1:
if (!(_i < MANIFEST_FILE_NAMES_1.length)) return [3 /*break*/, 4];
manifestFileName = MANIFEST_FILE_NAMES_1[_i];
targetFilePath = path.join(root, dir, manifestFileName);
return [4 /*yield*/, fsExists(targetFilePath)];
case 2:
if (_a.sent()) {
return [2 /*return*/, path.join(dir, manifestFileName)];
}
_a.label = 3;
case 3:
_i++;
return [3 /*break*/, 1];
case 4: return [2 /*return*/];
function findManifestFile(root, dir = '.') {
return tslib_1.__awaiter(this, void 0, void 0, function* () {
for (const manifestFileName of MANIFEST_FILE_NAMES) {
const targetFilePath = path.join(root, dir, manifestFileName);
if (yield fsExists(targetFilePath)) {
return path.join(dir, manifestFileName);
}
});
}
});
}
function findLockfile(root, dir) {
if (dir === void 0) { dir = '.'; }
return tslib_1.__awaiter(this, void 0, void 0, function () {
var lockfilePath;
return tslib_1.__generator(this, function (_a) {
switch (_a.label) {
case 0:
lockfilePath = path.join(root, dir, LOCKFILE_NAME);
return [4 /*yield*/, fsExists(lockfilePath)];
case 1:
if (_a.sent()) {
return [2 /*return*/, path.join(dir, LOCKFILE_NAME)];
}
return [2 /*return*/];
}
});
function findLockfile(root, dir = '.') {
return tslib_1.__awaiter(this, void 0, void 0, function* () {
const lockfilePath = path.join(root, dir, LOCKFILE_NAME);
if (yield fsExists(lockfilePath)) {
return path.join(dir, LOCKFILE_NAME);
}
});

@@ -211,96 +151,60 @@ }

function verifyChecksum(manifestFilePath, lockfilePath) {
return tslib_1.__awaiter(this, void 0, void 0, function () {
var manifestFileContents, checksum, parser;
return tslib_1.__generator(this, function (_a) {
switch (_a.label) {
case 0: return [4 /*yield*/, fsReadFile(manifestFilePath)];
case 1:
manifestFileContents = _a.sent();
checksum = crypto.createHash('sha1').update(manifestFileContents).digest('hex');
return [4 /*yield*/, cocoapods_lockfile_parser_1.LockfileParser.readFile(lockfilePath)];
case 2:
parser = _a.sent();
if (parser.podfileChecksum === undefined) {
return [2 /*return*/, ChecksumVerificationResult.NoChecksumInLockfile];
}
else if (parser.podfileChecksum === checksum) {
return [2 /*return*/, ChecksumVerificationResult.Valid];
}
else {
return [2 /*return*/, ChecksumVerificationResult.Invalid];
}
return [2 /*return*/];
}
});
return tslib_1.__awaiter(this, void 0, void 0, function* () {
const manifestFileContents = yield fsReadFile(manifestFilePath);
const checksum = crypto.createHash('sha1').update(manifestFileContents).digest('hex');
const parser = yield cocoapods_lockfile_parser_1.LockfileParser.readFile(lockfilePath);
if (parser.podfileChecksum === undefined) {
return ChecksumVerificationResult.NoChecksumInLockfile;
}
else if (parser.podfileChecksum === checksum) {
return ChecksumVerificationResult.Valid;
}
else {
return ChecksumVerificationResult.Invalid;
}
});
}
function getAllDeps(lockfilePath) {
return tslib_1.__awaiter(this, void 0, void 0, function () {
var parser, error_1, graph;
return tslib_1.__generator(this, function (_a) {
switch (_a.label) {
case 0:
_a.trys.push([0, 2, , 3]);
return [4 /*yield*/, cocoapods_lockfile_parser_1.LockfileParser.readFile(lockfilePath)];
case 1:
parser = _a.sent();
return [3 /*break*/, 3];
case 2:
error_1 = _a.sent();
throw new Error("Error while parsing " + LOCKFILE_NAME + ":\n" + error_1.message);
case 3:
graph = parser.toDepGraph();
return [2 /*return*/, legacy_1.graphToDepTree(graph, "cocoapods")];
}
});
return tslib_1.__awaiter(this, void 0, void 0, function* () {
let parser;
try {
parser = yield cocoapods_lockfile_parser_1.LockfileParser.readFile(lockfilePath);
}
catch (error) {
throw new Error(`Error while parsing ${LOCKFILE_NAME}:\n${error.message}`);
}
const graph = parser.toDepGraph();
return legacy_1.graphToDepTree(graph, "cocoapods");
});
}
function cocoapodsVersion(root) {
return tslib_1.__awaiter(this, void 0, void 0, function () {
var podVersionOutput, _a, _b;
return tslib_1.__generator(this, function (_c) {
switch (_c.label) {
case 0:
podVersionOutput = '';
_c.label = 1;
case 1:
_c.trys.push([1, 3, , 8]);
return [4 /*yield*/, subProcess.execute('bundle exec pod', ['--version'], { cwd: root })];
case 2:
// 1st: try to run CocoaPods via bundler
podVersionOutput = _c.sent();
return [3 /*break*/, 8];
case 3:
_a = _c.sent();
_c.label = 4;
case 4:
_c.trys.push([4, 6, , 7]);
return [4 /*yield*/, subProcess.execute('pod', ['--version'], { cwd: root })];
case 5:
// 2nd: try to run CocoaPods directly
podVersionOutput = _c.sent();
return [3 /*break*/, 7];
case 6:
_b = _c.sent();
return [3 /*break*/, 7];
case 7: return [3 /*break*/, 8];
case 8: return [2 /*return*/, podVersionOutput.trim()];
return tslib_1.__awaiter(this, void 0, void 0, function* () {
let podVersionOutput = '';
try {
// 1st: try to run CocoaPods via bundler
podVersionOutput = yield subProcess.execute('bundle exec pod', ['--version'], { cwd: root });
}
catch (_a) {
try {
// 2nd: try to run CocoaPods directly
podVersionOutput = yield subProcess.execute('pod', ['--version'], { cwd: root });
}
});
catch (_b) {
// intentionally empty
}
}
return podVersionOutput.trim();
});
}
var OutOfSyncError = /** @class */ (function (_super) {
tslib_1.__extends(OutOfSyncError, _super);
function OutOfSyncError(manifestFileName, lockfileName) {
var _this = _super.call(this, "Your Podfile (\"" + manifestFileName + "\") is not in sync " +
("with your lockfile (\"" + lockfileName + "\"). ") +
"Please run \"pod install\" and try again.") || this;
_this.code = 422;
_this.name = 'OutOfSyncError';
Error.captureStackTrace(_this, OutOfSyncError);
return _this;
class OutOfSyncError extends Error {
constructor(manifestFileName, lockfileName) {
super(`Your Podfile ("${manifestFileName}") is not in sync ` +
`with your lockfile ("${lockfileName}"). ` +
`Please run "pod install" and try again.`);
this.code = 422;
this.name = 'OutOfSyncError';
Error.captureStackTrace(this, OutOfSyncError);
}
return OutOfSyncError;
}(Error));
}
exports.OutOfSyncError = OutOfSyncError;
//# sourceMappingURL=index.js.map

21

dist/sub-process.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
var childProcess = require("child_process");
function execute(command, args, options) {
if (args === void 0) { args = []; }
var spawnOptions = { shell: true };
const childProcess = require("child_process");
function execute(command, args = [], options) {
const spawnOptions = { shell: true };
if (options && options.cwd) {
spawnOptions.cwd = options.cwd;
}
return new Promise(function (resolve, reject) {
var stdout = '';
var stderr = '';
var proc = childProcess.spawn(command, args, spawnOptions);
proc.stdout.on('data', function (data) {
return new Promise((resolve, reject) => {
let stdout = '';
let stderr = '';
const proc = childProcess.spawn(command, args, spawnOptions);
proc.stdout.on('data', (data) => {
stdout = stdout + data;
});
proc.stderr.on('data', function (data) {
proc.stderr.on('data', (data) => {
stderr = stderr + data;
});
proc.on('close', function (code) {
proc.on('close', (code) => {
if (code !== 0) {

@@ -22,0 +21,0 @@ return reject(new Error(stdout || stderr));

6

package.json

@@ -40,3 +40,3 @@ {

"source-map-support": "^0.5.7",
"tslib": "^1.9.3"
"tslib": "^1.10.0"
},

@@ -57,5 +57,5 @@ "devDependencies": {

"tslint-config-prettier": "^1.18.0",
"typescript": "^3.4.1"
"typescript": "^3.7.3"
},
"version": "2.0.1"
"version": "2.1.0"
}
dist/index.js.map

Sorry, the diff of this file is not supported yet

dist/sub-process.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc