snyk-gradle-plugin - npm Package Compare versions

Comparing version 1.0.2 to 1.0.3

lib/index.js

@@ -0,1 +1,2 @@
+var os = require('os');
 var fs = require('fs');
@@ -13,3 +14,5 @@ var path = require('path');
   if (!options) { options = { dev: false }; }
-  return subProcess.execute('gradle',
+
+  return subProcess.execute(
+    getCommand(root, targetFile),
     buildArgs(root, targetFile, options.args),
@@ -39,2 +42,19 @@ { cwd: root })
 
+function getCommand(root, targetFile) {
+  var isWin = /^win/.test(os.platform());
+  var wrapperScript = isWin ? 'gradlew.bat' : './gradlew';
+  // try to find a sibling wrapper script first
+  var pathToWrapper = path.resolve(
+    root, path.dirname(targetFile), wrapperScript);
+  if (fs.existsSync(pathToWrapper)) {
+    return pathToWrapper;
+  }
+  // now try to find a wrapper in the root
+  pathToWrapper = path.resolve(root, wrapperScript);
+  if (fs.existsSync(pathToWrapper)) {
+    return pathToWrapper;
+  }
+  return 'gradle';
+}
+
 function buildArgs(root, targetFile, gradleArgs) {
@@ -41,0 +61,0 @@ var args = ['dependencies', '-q'];

package.json

@@ -23,5 +23,5 @@ {
   "devDependencies": {
-    "fs": "0.0.1-security",
     "jscs": "^3.0.7",
     "semantic-release": "^6.3.6",
+    "sinon": "^2.4.1",
     "tap": "^10.3.2",
@@ -33,3 +33,3 @@ "tap-only": "0.0.5"
   },
-  "version": "1.0.2"
+  "version": "1.0.3"
 }

test/functional/parse-gradle.test.js

@@ -5,10 +5,11 @@ var fs = require('fs');
 var parse = require('../../lib/parse-gradle');
+var fixturePath = path.join(__dirname, '..', 'fixtures', 'no-wrapper');
 
 test('compare full results', function (t) {
   t.plan(1);
-  var gradleOutput = fs.readFileSync(path.join(
-    __dirname, '..', 'fixtures', 'gradle-dependencies-output.txt'), 'utf8');
+  var gradleOutput = fs.readFileSync(
+    path.join(fixturePath, 'gradle-dependencies-output.txt'), 'utf8');
   var depTree = parse(gradleOutput, 'myPackage@1.0.0');
-  var results = require(path.join(
-    __dirname, '..','fixtures','gradle-dependencies-results.json'));
+  var results = require(
+    path.join(fixturePath,'gradle-dependencies-results.json'));
 
@@ -21,3 +22,3 @@ t.same(depTree, results);
   var gradleOutput = fs.readFileSync(path.join(
-    __dirname, '..', 'fixtures', 'gradle-dependencies-output.txt'), 'utf8');
+    fixturePath, 'gradle-dependencies-output.txt'), 'utf8');
   var depTree = parse(gradleOutput, 'myPackage@1.0.0');
@@ -24,0 +25,0 @@

test/system/plugin.test.js

@@ -1,10 +0,21 @@
-var fs = require('fs');
+var os = require('os');
 var path = require('path');
 var test = require('tap-only');
+var sinon = require('sinon');
 var plugin = require('../../lib');
+var subProcess = require('../../lib/sub-process');
 
+var rootNoWrapper = path.join(
+    __dirname, '..', 'fixtures', 'no-wrapper');
+
+var rootWithWrapper = path.join(
+    __dirname, '..', 'fixtures', 'with-wrapper');
+
+var subWithWrapper = path.join(
+    __dirname, '..', 'fixtures', 'with-wrapper-in-root');
+
 test('run inspect()', function (t) {
   t.plan(1);
   return plugin.inspect('.', path.join(
-    __dirname, '..', 'fixtures', 'build.gradle'))
+    __dirname, '..', 'fixtures', 'no-wrapper', 'build.gradle'))
   .then(function (result) {
@@ -19,3 +30,112 @@ t.equal(result.package
       'correct version found');
+  })
+  .catch(t.fail);
+});
+
+test('windows without wrapper', function (t) {
+  t.plan(1);
+
+  stubPlatform('win32', t);
+  stubSubProcessExec(t);
+
+  return plugin.inspect(rootNoWrapper, 'build.gradle')
+  .then(t.fail)
+  .catch(function () {
+    var cmd = subProcess.execute.getCall(0).args[0];
+    t.same(cmd, 'gradle', 'invokes gradle directly');
   });
 });
+
+test('darwin without wrapper', function (t) {
+  t.plan(1);
+
+  stubPlatform('darwin', t);
+  stubSubProcessExec(t);
+
+  return plugin.inspect(rootNoWrapper, 'build.gradle')
+  .then(t.fail)
+  .catch(function () {
+    var cmd = subProcess.execute.getCall(0).args[0];
+    t.same(cmd, 'gradle', 'invokes gradle directly');
+  });
+});
+
+test('windows with wrapper', function (t) {
+  t.plan(1);
+
+  stubPlatform('win32', t);
+  stubSubProcessExec(t);
+
+  return plugin.inspect(rootWithWrapper, 'build.gradle')
+  .then(t.fail)
+  .catch(function () {
+    var cmd = subProcess.execute.getCall(0).args[0];
+    var expectedCmd = path.join(
+      __dirname, '..', 'fixtures', 'with-wrapper', 'gradlew.bat');
+    t.same(cmd, expectedCmd, 'invokes wrapper bat');
+  });
+});
+
+test('darwin with wrapper', function (t) {
+  t.plan(1);
+
+  stubPlatform('darwin', t);
+  stubSubProcessExec(t);
+
+  return plugin.inspect(rootWithWrapper, 'build.gradle')
+  .then(t.fail)
+  .catch(function () {
+    var cmd = subProcess.execute.getCall(0).args[0];
+    var expectedCmd = path.join(
+      __dirname, '..', 'fixtures', 'with-wrapper', 'gradlew');
+    t.same(cmd, expectedCmd, 'invokes wrapper script');
+  });
+});
+
+test('windows with wrapper in root', function (t) {
+  t.plan(1);
+
+  stubPlatform('win32', t);
+  stubSubProcessExec(t);
+
+  return plugin.inspect(subWithWrapper, path.join('app', 'build.gradle'))
+  .then(t.fail)
+  .catch(function () {
+    var cmd = subProcess.execute.getCall(0).args[0];
+    var expectedCmd = path.join(
+      __dirname, '..', 'fixtures', 'with-wrapper-in-root', 'gradlew.bat');
+    t.same(cmd, expectedCmd, 'invokes wrapper bat');
+  });
+});
+
+test('darwin with wrapper in root', function (t) {
+  t.plan(1);
+
+  stubPlatform('darwin', t);
+  stubSubProcessExec(t);
+
+  return plugin.inspect(subWithWrapper, path.join('app', 'build.gradle'))
+  .then(t.fail)
+  .catch(function () {
+    var cmd = subProcess.execute.getCall(0).args[0];
+    var expectedCmd = path.join(
+      __dirname, '..', 'fixtures', 'with-wrapper-in-root', 'gradlew');
+    t.same(cmd, expectedCmd, 'invokes wrapper script');
+  });
+});
+
+function stubPlatform(platform, t) {
+  sinon.stub(os, 'platform')
+  .callsFake(function () {
+    return platform;
+  });
+  t.teardown(os.platform.restore);
+}
+
+function stubSubProcessExec(t) {
+  sinon.stub(subProcess, 'execute')
+  .callsFake(function () {
+    return Promise.reject('abort');
+  });
+  t.teardown(subProcess.execute.restore);
+}

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

165759

increased by2.41%

Number of package files

23

increased by35.29%

Lines of code

3480

increased by3.45%

Number of low supply chain risk alerts

3

decreased by-25%

Worsened metrics

Number of medium supply chain risk alerts

2

increased by100%

No dependency changes