fabric8-analytics-lsp-server - npm Package Compare versions

Comparing version 0.1.58 to 0.2.0

collector.js

		@@ -16,2 +16,3 @@ /* --------------------------------------------------------------------------------------------
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.ReqDependencyCollector = exports.PomXmlDependencyCollector = exports.DependencyCollector = void 0;
		const json_1 = require("./json");
		@@ -18,0 +19,0 @@ const Xml2Object = require("xml2object");

consumers.js

		@@ -7,2 +7,3 @@ /* --------------------------------------------------------------------------------------------
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.codeActionsMap = exports.EmptyResultEngine = exports.SecurityEngine = exports.DiagnosticsPipeline = void 0;
		const utils_1 = require("./utils");
		@@ -54,2 +55,6 @@ const vscode_languageserver_1 = require("vscode-languageserver");
		this.changeTo = null;
		this.registrationLink = null;
		this.message = null;
		this.vulnerabilityCount = 0;
		this.advisoryCount = 0;
		}
		@@ -66,2 +71,14 @@ consume(data) {
		}
		if (this.registrationLinkBinding != null) {
		this.registrationLink = bind_object(data, this.registrationLinkBinding);
		}
		if (this.messageBinding != null) {
		this.message = bind_object(data, this.messageBinding);
		}
		if (this.vulnerabilityCountBinding != null) {
		this.vulnerabilityCount = bind_object(data, this.vulnerabilityCountBinding);
		}
		if (this.advisoryCountBinding != null) {
		this.advisoryCount = bind_object(data, this.advisoryCountBinding);
		}
		return this.item != null;
		@@ -78,5 +95,4 @@ }
		produce() {
		if (this.item == {} \|\|
		this.item.finished_at === undefined \|\|
		this.item.finished_at == null) {
		if (this.item == {} && (this.item.finished_at === undefined \|\|
		this.item.finished_at == null)) {
		return [{
		@@ -100,24 +116,37 @@ severity: vscode_languageserver_1.DiagnosticSeverity.Information,
		this.context = context;
		this.binding = { path: ['result', 'recommendation', 'component-analyses', 'cve'] };
		this.binding = { path: ['component_analyses', 'vulnerability'] };
		/* recommendation to use a different version */
		this.changeToBinding = { path: ['result', 'recommendation', 'change_to'] };
		this.changeToBinding = { path: ['recommended_versions'] };
		/* snyk registration link */
		this.registrationLinkBinding = { path: ['registration_link'] };
		/* Diagnostic message */
		this.messageBinding = { path: ['message'] };
		/* Publicly known Security Vulnerability count */
		this.vulnerabilityCountBinding = { path: ['known_security_vulnerability_count'] };
		/* Private Security Advisory count */
		this.advisoryCountBinding = { path: ['security_advisory_count'] };
		}
		produce(ctx) {
		if (this.item.length > 0) {
		let cveList = [];
		for (let cve of this.item) {
		cveList.push(cve['id']);
		/* The diagnostic's severity. */
		let diagSeverity;
		if (this.vulnerabilityCount == 0 && this.advisoryCount > 0) {
		diagSeverity = vscode_languageserver_1.DiagnosticSeverity.Information;
		}
		let cves = cveList.join(' ');
		else {
		diagSeverity = vscode_languageserver_1.DiagnosticSeverity.Error;
		}
		let diagnostic = {
		severity: vscode_languageserver_1.DiagnosticSeverity.Error,
		severity: diagSeverity,
		range: utils_1.get_range(this.context.version),
		message: `Application dependency ${this.context.name.value}-${this.context.version.value} is vulnerable: ${cves}`,
		source: 'Dependency Analytics'
		message: this.message,
		source: 'Dependency Analytics',
		code: `Find out more: ${this.registrationLink}`
		};
		// TODO: this can be done lazily
		if (this.changeTo != null) {
		if (this.changeTo && this.vulnerabilityCount > 0) {
		let codeAction = {
		title: "Switch to recommended version " + this.changeTo,
		diagnostics: [diagnostic],
		kind: vscode_languageserver_1.CodeActionKind.QuickFix,
		edit: {
		@@ -131,3 +160,2 @@ changes: {}
		}];
		diagnostic.message += ". Recommendation: use version " + this.changeTo;
		codeActionsMap[diagnostic.message] = codeAction;
		@@ -134,0 +162,0 @@ }

json.js

		@@ -16,2 +16,3 @@ /* --------------------------------------------------------------------------------------------
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.ValueType = exports.Variant = exports.KeyValueEntry = exports.StreamingParser = void 0;
		/* Since the following modules are written in regular JS we can't use TS's import statement
		@@ -18,0 +19,0 @@ so we need to `require` those the JS way */

package.json

		@@ -1,1 +0,1 @@
		{"name":"fabric8-analytics-lsp-server","description":"LSP Server for Dependency Analytics","version":"0.1.58","author":"Pavel Odvody","contributors":[{"name":"Michal Srb","email":"michal@redhat.com"},{"name":"Jyasveer Gotta","email":"jgotta@redhat.com"},{"name":"Jaivardhan Kumar","email":"jakumar@redhat.com"}],"license":"Apache-2.0","engines":{"node":""},"keywords":["fabric8-analytics","LSP"],"repository":{"type":"git","url":"https://github.com/fabric8-analytics/fabric8-analytics-lsp-server.git"},"dependencies":{"request":"^2.79.0","stream-json":"0.6.1","winston":"3.2.1","xml2object":"0.1.2","vscode-languageserver":"^5.3.0-next.9"},"devDependencies":{"@krux/condition-jenkins":"1.0.1","@types/chai":"^4.1.7","@types/mocha":"^5.2.7","@types/node":"^12.7.5","chai":"^4.2.0","mocha":"^6.2.0","nyc":"^14.1.1","semantic-release":"8.2.0","ts-node":"^8.3.0","typescript":"^3.6.3"},"scripts":{"build":"npm run clean && node node_modules/typescript/bin/tsc -p . && cp LICENSE package.json README.md output && npm run dist","clean":"rm -Rf ca-lsp-server.tar output/","test":"nyc mocha","dist":"cp -r node_modules output/ && cp ./package.json output/ && node -p -e \"require('./package.json').version\" > output/VERSION && rm -rf output/node_modules/typescript/ && tar cvjf ca-lsp-server.tar -C output/ .","semantic-release":"semantic-release pre && npm run build && cp -r .git output && npm publish output/ && semantic-release post"},"nyc":{"include":["src//.ts"],"extension":[".ts"],"require":["ts-node/register"],"reporter":["text","html"],"sourceMap":true,"instrument":true},"release":{"branch":"master","debug":false,"verifyConditions":{"path":"./node_modules/@krux/condition-jenkins"}}}
		{"name":"fabric8-analytics-lsp-server","description":"LSP Server for Dependency Analytics","version":"0.2.0","author":"Pavel Odvody","contributors":[{"name":"Michal Srb","email":"michal@redhat.com"},{"name":"Jyasveer Gotta","email":"jgotta@redhat.com"},{"name":"Jaivardhan Kumar","email":"jakumar@redhat.com"}],"license":"Apache-2.0","engines":{"node":""},"keywords":["fabric8-analytics","LSP"],"repository":{"type":"git","url":"https://github.com/fabric8-analytics/fabric8-analytics-lsp-server.git"},"dependencies":{"request":"^2.79.0","stream-json":"0.6.1","winston":"3.2.1","xml2object":"0.1.2","vscode-languageserver":"^5.3.0-next.9"},"devDependencies":{"@krux/condition-jenkins":"1.0.1","@types/chai":"^4.1.7","@types/mocha":"^5.2.7","@types/node":"^12.7.5","chai":"^4.2.0","mocha":"^6.2.0","nyc":"^14.1.1","semantic-release":"8.2.0","ts-node":"^8.3.0","typescript":"^3.6.3"},"scripts":{"build":"npm run clean && node node_modules/typescript/bin/tsc -p . && cp LICENSE package.json README.md output && npm run dist","clean":"rm -Rf ca-lsp-server.tar output/","test":"nyc mocha","dist":"cp -r node_modules output/ && cp ./package.json output/ && node -p -e \"require('./package.json').version\" > output/VERSION && rm -rf output/node_modules/typescript/ && tar cvjf ca-lsp-server.tar -C output/ .","semantic-release":"semantic-release pre && npm run build && cp -r .git output && npm publish output/ && semantic-release post"},"nyc":{"include":["src//.ts"],"extension":[".ts"],"require":["ts-node/register"],"reporter":["text","html"],"sourceMap":true,"instrument":true},"release":{"branch":"master","debug":false,"verifyConditions":{"path":"./node_modules/@krux/condition-jenkins"}}}

README.md

		# Dependency Analytics LSP Server

		[![Build Status](https://ci.centos.org/job/devtools-fabric8-analytics-lsp-server-npm-publish-build-master/badge/icon)](https://ci.centos.org/job/devtools-fabric8-analytics-lsp-server-npm-publish-build-master/)

		Language Server(LSP) that can analyze your dependencies specified in `package.json` and `pom.xml`.
		@@ -4,0 +6,0 @@

server.js

		@@ -147,13 +147,21 @@ /* --------------------------------------------------------------------------------------------
		if ('server' in rc) {
		config.server_url = `${rc.server}/api/v1`;
		config.server_url = `${rc.server}/api/v2`;
		}
		}
		let DiagnosticsEngines = [consumers_1.SecurityEngine];
		const getCAmsg = (deps, diagnostics) => {
		const getCAmsg = (deps, diagnostics, totalCount) => {
		let msg = `Scanned ${deps.length} runtime ${deps.length == 1 ? 'dependency' : 'dependencies'}, `;
		if (diagnostics.length > 0) {
		return `Scanned ${deps.length} runtime dependencies, flagged ${diagnostics.length} potential security vulnerabilities along with quick fixes`;
		const vulStr = (count) => count == 1 ? 'Vulnerability' : 'Vulnerabilities';
		const advStr = (count) => count == 1 ? 'Advisory' : 'Advisories';
		const knownVulnMsg = !totalCount.vulnerabilityCount \|\| `${totalCount.vulnerabilityCount} Known Security ${vulStr(totalCount.vulnerabilityCount)}`;
		const advisoryMsg = !totalCount.advisoryCount \|\| `${totalCount.advisoryCount} Security ${advStr(totalCount.advisoryCount)}`;
		let summaryMsg = [knownVulnMsg, advisoryMsg].filter(x => x !== true).join(' and ');
		summaryMsg += (totalCount.vulnerabilityCount > 0) ? " along with quick fixes" : "";
		msg += summaryMsg ? ('flagged ' + summaryMsg) : 'No potential security vulnerabilities found';
		}
		else {
		return `Scanned ${deps.length} runtime dependencies. No potential security vulnerabilities found`;
		msg += `No potential security vulnerabilities found`;
		}
		return msg;
		};
		@@ -207,2 +215,10 @@ const caDefaultMsg = 'Checking for security vulnerabilities ...';
		};
		/* Total Counts of #Known Security Vulnerability and #Security Advisory */
		class TotalCount {
		constructor() {
		this.vulnerabilityCount = 0;
		this.advisoryCount = 0;
		}
		}
		;
		const regexVersion = new RegExp(/^([a-zA-Z0-9]+\.)?([a-zA-Z0-9]+\.)?([a-zA-Z0-9]+\.)?([a-zA-Z0-9]+)$/);
		@@ -215,5 +231,6 @@ const sendDiagnostics = (ecosystem, uri, contents, collector) => {
		let aggregator = new Aggregator(deps, () => {
		connection.sendNotification('caNotification', { 'data': getCAmsg(deps, diagnostics), 'diagCount': diagnostics.length > 0 ? diagnostics.length : 0 });
		connection.sendNotification('caNotification', { 'data': getCAmsg(deps, diagnostics, totalCount), 'diagCount': diagnostics.length > 0 ? diagnostics.length : 0 });
		connection.sendDiagnostics({ uri: uri, diagnostics: diagnostics });
		});
		let totalCount = new TotalCount();
		for (let dependency of deps) {
		@@ -225,2 +242,7 @@ if (dependency.name.value && dependency.version.value && regexVersion.test(dependency.version.value.trim())) {
		pipeline.run(response);
		for (const item of pipeline.items) {
		let secEng = item;
		totalCount.vulnerabilityCount += secEng.vulnerabilityCount;
		totalCount.advisoryCount += secEng.advisoryCount;
		}
		}
		@@ -227,0 +249,0 @@ aggregator.aggregate(dependency);

utils.js

		@@ -7,2 +7,3 @@ /* --------------------------------------------------------------------------------------------
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.get_range = exports.to_lsp_position = exports.stream_from_string = void 0;
		const stream_1 = require("stream");
		@@ -9,0 +10,0 @@ exports.stream_from_string = (s) => {

collector.js.map