@snyk/snyk-cocoapods-plugin
Advanced tools
Comparing version 2.0.1 to 2.1.0
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
var tslib_1 = require("tslib"); | ||
var fs = require("fs"); | ||
var path = require("path"); | ||
var crypto = require("crypto"); | ||
var subProcess = require("./sub-process"); | ||
var cocoapods_lockfile_parser_1 = require("@snyk/cocoapods-lockfile-parser"); | ||
var legacy_1 = require("@snyk/dep-graph/dist/legacy"); | ||
const tslib_1 = require("tslib"); | ||
const fs = require("fs"); | ||
const path = require("path"); | ||
const crypto = require("crypto"); | ||
const subProcess = require("./sub-process"); | ||
const cocoapods_lockfile_parser_1 = require("@snyk/cocoapods-lockfile-parser"); | ||
const legacy_1 = require("@snyk/dep-graph/dist/legacy"); | ||
// Compile-time check that we are implementing the plugin API properly | ||
// eslint-disable-next-line @typescript-eslint/no-unused-vars | ||
var _ = { | ||
pluginName: function () { | ||
const _ = { | ||
pluginName() { | ||
return "snyk-cocoapods-plugin"; | ||
}, | ||
inspect: inspect, | ||
inspect, | ||
}; | ||
var MANIFEST_FILE_NAMES = [ | ||
const MANIFEST_FILE_NAMES = [ | ||
"CocoaPods.podfile.yaml", | ||
@@ -24,102 +24,73 @@ "CocoaPods.podfile", | ||
]; | ||
var LOCKFILE_NAME = "Podfile.lock"; | ||
const LOCKFILE_NAME = "Podfile.lock"; | ||
function inspect(root, targetFile, options) { | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
function expectToFindLockfile(dir) { | ||
if (dir === void 0) { dir = '.'; } | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
var discoveredLockfilePath; | ||
return tslib_1.__generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: return [4 /*yield*/, findLockfile(root, dir)]; | ||
case 1: | ||
discoveredLockfilePath = _a.sent(); | ||
if (!discoveredLockfilePath) { | ||
throw new Error("Could not find lockfile \"Podfile.lock\"! This might be resolved by running `pod install`."); | ||
} | ||
return [2 /*return*/, discoveredLockfilePath]; | ||
} | ||
}); | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
if (!options) { | ||
options = { dev: false }; | ||
} | ||
if (!("strictOutOfSync" in options)) { | ||
options.strictOutOfSync = false; | ||
} | ||
if (options.subProject) { | ||
throw new Error("The CocoaPods plugin doesn't support specifying a subProject!"); | ||
} | ||
let lockfilePath; | ||
function expectToFindLockfile(dir = '.') { | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
const discoveredLockfilePath = yield findLockfile(root, dir); | ||
if (!discoveredLockfilePath) { | ||
throw new Error("Could not find lockfile \"Podfile.lock\"! This might be resolved by running `pod install`."); | ||
} | ||
return discoveredLockfilePath; | ||
}); | ||
} | ||
var lockfilePath, manifestFilePath, _a, base, dir, absTargetFilePath, absLockfilePath, absManifestFilePath, result, plugin, _b, depTree; | ||
return tslib_1.__generator(this, function (_c) { | ||
switch (_c.label) { | ||
case 0: | ||
if (!options) { | ||
options = { dev: false }; | ||
} | ||
if (!("strictOutOfSync" in options)) { | ||
options.strictOutOfSync = false; | ||
} | ||
if (options.subProject) { | ||
throw new Error("The CocoaPods plugin doesn't support specifying a subProject!"); | ||
} | ||
if (!targetFile) return [3 /*break*/, 7]; | ||
_a = path.parse(targetFile), base = _a.base, dir = _a.dir; | ||
if (!(base === LOCKFILE_NAME)) return [3 /*break*/, 2]; | ||
lockfilePath = targetFile; | ||
return [4 /*yield*/, findManifestFile(root, dir)]; | ||
case 1: | ||
manifestFilePath = _c.sent(); | ||
return [3 /*break*/, 6]; | ||
case 2: | ||
if (!(MANIFEST_FILE_NAMES.indexOf(base) !== -1)) return [3 /*break*/, 5]; | ||
absTargetFilePath = path.join(root, targetFile); | ||
return [4 /*yield*/, fsExists(absTargetFilePath)]; | ||
case 3: | ||
if (!(_c.sent())) { | ||
throw new Error("Given target file (\"" + targetFile + "\") doesn't exist!"); | ||
} | ||
manifestFilePath = targetFile; | ||
return [4 /*yield*/, expectToFindLockfile(dir)]; | ||
case 4: | ||
lockfilePath = _c.sent(); | ||
return [3 /*break*/, 6]; | ||
case 5: throw new Error("Unexpected name for target file!"); | ||
case 6: return [3 /*break*/, 10]; | ||
case 7: return [4 /*yield*/, findManifestFile(root)]; | ||
case 8: | ||
manifestFilePath = _c.sent(); | ||
return [4 /*yield*/, expectToFindLockfile()]; | ||
case 9: | ||
lockfilePath = _c.sent(); | ||
_c.label = 10; | ||
case 10: | ||
absLockfilePath = path.join(root, lockfilePath); | ||
if (!options.strictOutOfSync) return [3 /*break*/, 12]; | ||
if (!manifestFilePath) { | ||
throw new Error("Option `--strict-out-of-sync=true` given, but no manifest file could be found!"); | ||
} | ||
absManifestFilePath = path.join(root, manifestFilePath); | ||
return [4 /*yield*/, verifyChecksum(absManifestFilePath, absLockfilePath)]; | ||
case 11: | ||
result = _c.sent(); | ||
if (result === ChecksumVerificationResult.NoChecksumInLockfile) { | ||
throw new Error("Option `--strict-out-of-sync=true` given, but lockfile doesn't encode checksum of Podfile! " | ||
+ "Try to update the CocoaPods integration via \"pod install\" or omit the option."); | ||
} | ||
if (result === ChecksumVerificationResult.Invalid) { | ||
throw new OutOfSyncError(manifestFilePath, lockfilePath); | ||
} | ||
_c.label = 12; | ||
case 12: | ||
_b = { | ||
meta: {}, | ||
name: 'cocoapods' | ||
}; | ||
return [4 /*yield*/, cocoapodsVersion(root)]; | ||
case 13: | ||
plugin = (_b.runtime = _c.sent(), | ||
_b.targetFile = manifestFilePath || lockfilePath, | ||
_b); | ||
return [4 /*yield*/, getAllDeps(absLockfilePath)]; | ||
case 14: | ||
depTree = _c.sent(); | ||
return [2 /*return*/, { | ||
package: depTree, | ||
plugin: plugin, | ||
}]; | ||
let manifestFilePath; | ||
if (targetFile) { | ||
const { base, dir } = path.parse(targetFile); | ||
if (base === LOCKFILE_NAME) { | ||
lockfilePath = targetFile; | ||
manifestFilePath = yield findManifestFile(root, dir); | ||
} | ||
}); | ||
else if (MANIFEST_FILE_NAMES.indexOf(base) !== -1) { | ||
const absTargetFilePath = path.join(root, targetFile); | ||
if (!(yield fsExists(absTargetFilePath))) { | ||
throw new Error(`Given target file ("${targetFile}") doesn't exist!`); | ||
} | ||
manifestFilePath = targetFile; | ||
lockfilePath = yield expectToFindLockfile(dir); | ||
} | ||
else { | ||
throw new Error("Unexpected name for target file!"); | ||
} | ||
} | ||
else { | ||
manifestFilePath = yield findManifestFile(root); | ||
lockfilePath = yield expectToFindLockfile(); | ||
} | ||
const absLockfilePath = path.join(root, lockfilePath); | ||
if (options.strictOutOfSync) { | ||
if (!manifestFilePath) { | ||
throw new Error("Option `--strict-out-of-sync=true` given, but no manifest file could be found!"); | ||
} | ||
const absManifestFilePath = path.join(root, manifestFilePath); | ||
const result = yield verifyChecksum(absManifestFilePath, absLockfilePath); | ||
if (result === ChecksumVerificationResult.NoChecksumInLockfile) { | ||
throw new Error("Option `--strict-out-of-sync=true` given, but lockfile doesn't encode checksum of Podfile! " | ||
+ "Try to update the CocoaPods integration via \"pod install\" or omit the option."); | ||
} | ||
if (result === ChecksumVerificationResult.Invalid) { | ||
throw new OutOfSyncError(manifestFilePath, lockfilePath); | ||
} | ||
} | ||
const plugin = { | ||
meta: {}, | ||
name: 'cocoapods', | ||
runtime: yield cocoapodsVersion(root), | ||
targetFile: manifestFilePath || lockfilePath, | ||
}; | ||
const depTree = yield getAllDeps(absLockfilePath); | ||
return { | ||
package: depTree, | ||
plugin, | ||
}; | ||
}); | ||
@@ -129,12 +100,10 @@ } | ||
function fsExists(pathToTest) { | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
return tslib_1.__generator(this, function (_a) { | ||
return [2 /*return*/, new Promise(function (resolve, reject) { | ||
try { | ||
fs.exists(pathToTest, function (exists) { return resolve(exists); }); | ||
} | ||
catch (error) { | ||
reject(error); | ||
} | ||
})]; | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
return new Promise((resolve, reject) => { | ||
try { | ||
fs.exists(pathToTest, (exists) => resolve(exists)); | ||
} | ||
catch (error) { | ||
reject(error); | ||
} | ||
}); | ||
@@ -144,59 +113,30 @@ }); | ||
function fsReadFile(filename) { | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
return tslib_1.__generator(this, function (_a) { | ||
return [2 /*return*/, new Promise(function (resolve, reject) { | ||
fs.readFile(filename, 'utf8', function (err, data) { | ||
if (err) { | ||
reject(err); | ||
return; | ||
} | ||
resolve(data); | ||
}); | ||
})]; | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
return new Promise((resolve, reject) => { | ||
fs.readFile(filename, 'utf8', (err, data) => { | ||
if (err) { | ||
reject(err); | ||
return; | ||
} | ||
resolve(data); | ||
}); | ||
}); | ||
}); | ||
} | ||
function findManifestFile(root, dir) { | ||
if (dir === void 0) { dir = '.'; } | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
var _i, MANIFEST_FILE_NAMES_1, manifestFileName, targetFilePath; | ||
return tslib_1.__generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: | ||
_i = 0, MANIFEST_FILE_NAMES_1 = MANIFEST_FILE_NAMES; | ||
_a.label = 1; | ||
case 1: | ||
if (!(_i < MANIFEST_FILE_NAMES_1.length)) return [3 /*break*/, 4]; | ||
manifestFileName = MANIFEST_FILE_NAMES_1[_i]; | ||
targetFilePath = path.join(root, dir, manifestFileName); | ||
return [4 /*yield*/, fsExists(targetFilePath)]; | ||
case 2: | ||
if (_a.sent()) { | ||
return [2 /*return*/, path.join(dir, manifestFileName)]; | ||
} | ||
_a.label = 3; | ||
case 3: | ||
_i++; | ||
return [3 /*break*/, 1]; | ||
case 4: return [2 /*return*/]; | ||
function findManifestFile(root, dir = '.') { | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
for (const manifestFileName of MANIFEST_FILE_NAMES) { | ||
const targetFilePath = path.join(root, dir, manifestFileName); | ||
if (yield fsExists(targetFilePath)) { | ||
return path.join(dir, manifestFileName); | ||
} | ||
}); | ||
} | ||
}); | ||
} | ||
function findLockfile(root, dir) { | ||
if (dir === void 0) { dir = '.'; } | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
var lockfilePath; | ||
return tslib_1.__generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: | ||
lockfilePath = path.join(root, dir, LOCKFILE_NAME); | ||
return [4 /*yield*/, fsExists(lockfilePath)]; | ||
case 1: | ||
if (_a.sent()) { | ||
return [2 /*return*/, path.join(dir, LOCKFILE_NAME)]; | ||
} | ||
return [2 /*return*/]; | ||
} | ||
}); | ||
function findLockfile(root, dir = '.') { | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
const lockfilePath = path.join(root, dir, LOCKFILE_NAME); | ||
if (yield fsExists(lockfilePath)) { | ||
return path.join(dir, LOCKFILE_NAME); | ||
} | ||
}); | ||
@@ -211,96 +151,60 @@ } | ||
function verifyChecksum(manifestFilePath, lockfilePath) { | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
var manifestFileContents, checksum, parser; | ||
return tslib_1.__generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: return [4 /*yield*/, fsReadFile(manifestFilePath)]; | ||
case 1: | ||
manifestFileContents = _a.sent(); | ||
checksum = crypto.createHash('sha1').update(manifestFileContents).digest('hex'); | ||
return [4 /*yield*/, cocoapods_lockfile_parser_1.LockfileParser.readFile(lockfilePath)]; | ||
case 2: | ||
parser = _a.sent(); | ||
if (parser.podfileChecksum === undefined) { | ||
return [2 /*return*/, ChecksumVerificationResult.NoChecksumInLockfile]; | ||
} | ||
else if (parser.podfileChecksum === checksum) { | ||
return [2 /*return*/, ChecksumVerificationResult.Valid]; | ||
} | ||
else { | ||
return [2 /*return*/, ChecksumVerificationResult.Invalid]; | ||
} | ||
return [2 /*return*/]; | ||
} | ||
}); | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
const manifestFileContents = yield fsReadFile(manifestFilePath); | ||
const checksum = crypto.createHash('sha1').update(manifestFileContents).digest('hex'); | ||
const parser = yield cocoapods_lockfile_parser_1.LockfileParser.readFile(lockfilePath); | ||
if (parser.podfileChecksum === undefined) { | ||
return ChecksumVerificationResult.NoChecksumInLockfile; | ||
} | ||
else if (parser.podfileChecksum === checksum) { | ||
return ChecksumVerificationResult.Valid; | ||
} | ||
else { | ||
return ChecksumVerificationResult.Invalid; | ||
} | ||
}); | ||
} | ||
function getAllDeps(lockfilePath) { | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
var parser, error_1, graph; | ||
return tslib_1.__generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: | ||
_a.trys.push([0, 2, , 3]); | ||
return [4 /*yield*/, cocoapods_lockfile_parser_1.LockfileParser.readFile(lockfilePath)]; | ||
case 1: | ||
parser = _a.sent(); | ||
return [3 /*break*/, 3]; | ||
case 2: | ||
error_1 = _a.sent(); | ||
throw new Error("Error while parsing " + LOCKFILE_NAME + ":\n" + error_1.message); | ||
case 3: | ||
graph = parser.toDepGraph(); | ||
return [2 /*return*/, legacy_1.graphToDepTree(graph, "cocoapods")]; | ||
} | ||
}); | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
let parser; | ||
try { | ||
parser = yield cocoapods_lockfile_parser_1.LockfileParser.readFile(lockfilePath); | ||
} | ||
catch (error) { | ||
throw new Error(`Error while parsing ${LOCKFILE_NAME}:\n${error.message}`); | ||
} | ||
const graph = parser.toDepGraph(); | ||
return legacy_1.graphToDepTree(graph, "cocoapods"); | ||
}); | ||
} | ||
function cocoapodsVersion(root) { | ||
return tslib_1.__awaiter(this, void 0, void 0, function () { | ||
var podVersionOutput, _a, _b; | ||
return tslib_1.__generator(this, function (_c) { | ||
switch (_c.label) { | ||
case 0: | ||
podVersionOutput = ''; | ||
_c.label = 1; | ||
case 1: | ||
_c.trys.push([1, 3, , 8]); | ||
return [4 /*yield*/, subProcess.execute('bundle exec pod', ['--version'], { cwd: root })]; | ||
case 2: | ||
// 1st: try to run CocoaPods via bundler | ||
podVersionOutput = _c.sent(); | ||
return [3 /*break*/, 8]; | ||
case 3: | ||
_a = _c.sent(); | ||
_c.label = 4; | ||
case 4: | ||
_c.trys.push([4, 6, , 7]); | ||
return [4 /*yield*/, subProcess.execute('pod', ['--version'], { cwd: root })]; | ||
case 5: | ||
// 2nd: try to run CocoaPods directly | ||
podVersionOutput = _c.sent(); | ||
return [3 /*break*/, 7]; | ||
case 6: | ||
_b = _c.sent(); | ||
return [3 /*break*/, 7]; | ||
case 7: return [3 /*break*/, 8]; | ||
case 8: return [2 /*return*/, podVersionOutput.trim()]; | ||
return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
let podVersionOutput = ''; | ||
try { | ||
// 1st: try to run CocoaPods via bundler | ||
podVersionOutput = yield subProcess.execute('bundle exec pod', ['--version'], { cwd: root }); | ||
} | ||
catch (_a) { | ||
try { | ||
// 2nd: try to run CocoaPods directly | ||
podVersionOutput = yield subProcess.execute('pod', ['--version'], { cwd: root }); | ||
} | ||
}); | ||
catch (_b) { | ||
// intentionally empty | ||
} | ||
} | ||
return podVersionOutput.trim(); | ||
}); | ||
} | ||
var OutOfSyncError = /** @class */ (function (_super) { | ||
tslib_1.__extends(OutOfSyncError, _super); | ||
function OutOfSyncError(manifestFileName, lockfileName) { | ||
var _this = _super.call(this, "Your Podfile (\"" + manifestFileName + "\") is not in sync " + | ||
("with your lockfile (\"" + lockfileName + "\"). ") + | ||
"Please run \"pod install\" and try again.") || this; | ||
_this.code = 422; | ||
_this.name = 'OutOfSyncError'; | ||
Error.captureStackTrace(_this, OutOfSyncError); | ||
return _this; | ||
class OutOfSyncError extends Error { | ||
constructor(manifestFileName, lockfileName) { | ||
super(`Your Podfile ("${manifestFileName}") is not in sync ` + | ||
`with your lockfile ("${lockfileName}"). ` + | ||
`Please run "pod install" and try again.`); | ||
this.code = 422; | ||
this.name = 'OutOfSyncError'; | ||
Error.captureStackTrace(this, OutOfSyncError); | ||
} | ||
return OutOfSyncError; | ||
}(Error)); | ||
} | ||
exports.OutOfSyncError = OutOfSyncError; | ||
//# sourceMappingURL=index.js.map |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
var childProcess = require("child_process"); | ||
function execute(command, args, options) { | ||
if (args === void 0) { args = []; } | ||
var spawnOptions = { shell: true }; | ||
const childProcess = require("child_process"); | ||
function execute(command, args = [], options) { | ||
const spawnOptions = { shell: true }; | ||
if (options && options.cwd) { | ||
spawnOptions.cwd = options.cwd; | ||
} | ||
return new Promise(function (resolve, reject) { | ||
var stdout = ''; | ||
var stderr = ''; | ||
var proc = childProcess.spawn(command, args, spawnOptions); | ||
proc.stdout.on('data', function (data) { | ||
return new Promise((resolve, reject) => { | ||
let stdout = ''; | ||
let stderr = ''; | ||
const proc = childProcess.spawn(command, args, spawnOptions); | ||
proc.stdout.on('data', (data) => { | ||
stdout = stdout + data; | ||
}); | ||
proc.stderr.on('data', function (data) { | ||
proc.stderr.on('data', (data) => { | ||
stderr = stderr + data; | ||
}); | ||
proc.on('close', function (code) { | ||
proc.on('close', (code) => { | ||
if (code !== 0) { | ||
@@ -22,0 +21,0 @@ return reject(new Error(stdout || stderr)); |
@@ -40,3 +40,3 @@ { | ||
"source-map-support": "^0.5.7", | ||
"tslib": "^1.9.3" | ||
"tslib": "^1.10.0" | ||
}, | ||
@@ -57,5 +57,5 @@ "devDependencies": { | ||
"tslint-config-prettier": "^1.18.0", | ||
"typescript": "^3.4.1" | ||
"typescript": "^3.7.3" | ||
}, | ||
"version": "2.0.1" | ||
"version": "2.1.0" | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
19057
245
2
Updatedtslib@^1.10.0