snyk-go-plugin
Advanced tools
snyk-go-plugin - npm Package Compare versions
Comparing version 1.2.3 to 1.3.0
@@ -13,3 +13,3 @@ var fs = require('fs'); | ||
| return Promise.all([ | ||
| getMetaData(root), | ||
| getMetaData(root, targetFile), | ||
| getDependencies(root, targetFile), | ||
@@ -26,9 +26,10 @@ ]) | ||
| function getDependencies(root, targetFile) { | ||
| var depLocks; | ||
| var lockedVersions; | ||
| return new Promise(function (resolve, reject) { | ||
| try { | ||
| depLocks = parseDepLock(root, targetFile); | ||
| resolve(depLocks); | ||
| lockedVersions = parseLockFile(root, targetFile); | ||
| resolve(lockedVersions); | ||
| } catch (e) { | ||
| reject(new Error('failed parsing Gopkg.lock file: ' + e.message)); | ||
| reject(new Error( | ||
| 'failed parsing ' + targetFile + ': ' + e.message)); | ||
| } | ||
@@ -46,4 +47,6 @@ }).then(function () { | ||
| var projectRootPath = path.dirname(path.resolve(targetFile)); | ||
| var pkgsTree = recursivelyBuildPkgTree(tree, depLocks, projectRootPath, []); | ||
| var projectRootPath = getProjectRootFromTargetFile(targetFile); | ||
| var pkgsTree = recursivelyBuildPkgTree( | ||
| tree, lockedVersions, projectRootPath, []); | ||
| pkgsTree.packageFormatVersion = 'golang:0.0.1'; | ||
@@ -63,3 +66,3 @@ | ||
| function getMetaData(root) { | ||
| function getMetaData(root, targetFile) { | ||
| return subProcess.execute('go', ['version'], {cwd: root}) | ||
@@ -70,2 +73,3 @@ .then(function (output) { | ||
| runtime: /(go\d+\.\d+\.\d+)/.exec(output)[0], | ||
| targetFile: pathToPosix(targetFile), | ||
| }; | ||
@@ -75,2 +79,21 @@ }); | ||
| function getProjectRootFromTargetFile(targetFile) { | ||
| var fname = path.basename(targetFile); | ||
| var resolved = path.resolve(targetFile); | ||
| var parts = resolved.split(path.sep); | ||
| if (parts[parts.length - 1] == 'Gopkg.lock') { | ||
| return path.dirname(resolved); | ||
| } | ||
| if ( | ||
| parts[parts.length - 1] == 'vendor.json' && | ||
| parts[parts.length - 2] == 'vendor') { | ||
| return path.dirname(path.dirname(resolved)); | ||
| } | ||
| throw new Error('Unsupported file:', targetFile); | ||
| } | ||
| function isRootSubpkg(pkgPath, projectRootPath) { | ||
@@ -100,3 +123,7 @@ if (pkgPath == projectRootPath) { | ||
| function recursivelyBuildPkgTree(goDepsTree, depLocks, projectRootPath, fromPath) { | ||
| function recursivelyBuildPkgTree( | ||
| goDepsTree, | ||
| lockedVersions, | ||
| projectRootPath, | ||
| fromPath) { | ||
| var isRoot = (fromPath.length == 0); | ||
@@ -111,7 +138,7 @@ | ||
| pkg.version = '0.0.0'; | ||
| } else if (!depLocks[pkg.name]) { | ||
| } else if (!lockedVersions[pkg.name]) { | ||
| pkg.version = ''; | ||
| // TODO: warn or set to "?" ? | ||
| } else { | ||
| pkg.version = depLocks[pkg.name].version; | ||
| pkg.version = lockedVersions[pkg.name].version; | ||
| } | ||
@@ -126,3 +153,3 @@ | ||
| var child = recursivelyBuildPkgTree( | ||
| dep, depLocks, projectRootPath, pkg.from); | ||
| dep, lockedVersions, projectRootPath, pkg.from); | ||
@@ -145,2 +172,17 @@ if (isInternalPackage(child.name)) { | ||
| function parseLockFile(root, targetFile) { | ||
| var fname = path.basename(targetFile); | ||
| switch (fname) { | ||
| case 'Gopkg.lock': { | ||
| return parseDepLock(root, targetFile); | ||
| } | ||
| case 'vendor.json': { | ||
| return parseGovendorLock(root, targetFile); | ||
| } | ||
| default: { | ||
| throw new Error('Unsupported file:', targetFile); | ||
| } | ||
| } | ||
| } | ||
| function parseDepLock(root, targetFile) { | ||
@@ -153,3 +195,2 @@ var lock = fs.readFileSync(path.join(root, targetFile)); | ||
| var deps = {}; | ||
| lockJson.projects && lockJson.projects.forEach(function (proj) { | ||
@@ -173,1 +214,31 @@ var version = proj.version || ('#' + proj.revision); | ||
| } | ||
| // TODO: branch, old Version can be a tag too? | ||
| function parseGovendorLock(root, targetFile) { | ||
| var lock = fs.readFileSync(path.join(root, targetFile)); | ||
| var deps = {}; | ||
| var lockJson = JSON.parse(lock); | ||
| var packages = lockJson.package || lockJson.Package; | ||
| packages && packages.forEach(function (pkg) { | ||
| var revision = pkg.revision || pkg.Revision || pkg.version || pkg.Version; | ||
| var version = pkg.versionExact || ('#' + revision); | ||
| var dep = { | ||
| name: pkg.path, | ||
| version: version, | ||
| } | ||
| deps[dep.name] = dep; | ||
| }); | ||
| return deps; | ||
| } | ||
| function pathToPosix(fpath) { | ||
| var parts = fpath.split(path.sep); | ||
| return parts.join(path.posix.sep); | ||
| } |
@@ -27,3 +27,3 @@ { | ||
| }, | ||
| "version": "1.2.3" | ||
| "version": "1.3.0" | ||
| } |
@@ -9,2 +9,2 @@  | ||
| This plugin provides dependency metadata for Golang projects that use `dep` and have a `Gopkg.lock` file. | ||
| This plugin provides dependency metadata for Golang projects that use `dep` (and have a `Gopkg.lock` file), or `govendor` (and have a `vendor/vendor.json` file). |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by13.41%
14376
- Lines of code
- increased by37.09%
207