snyk-gradle-plugin - npm Package Compare versions

Comparing version 3.2.7 to 3.3.0

dist/errors/index.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var missing_sub_project_error_1 = require("./missing-sub-project-error");
		exports.MissingSubProjectError = missing_sub_project_error_1.MissingSubProjectError;
		Object.defineProperty(exports, "MissingSubProjectError", { enumerable: true, get: function () { return missing_sub_project_error_1.MissingSubProjectError; } });
		//# sourceMappingURL=index.js.map

dist/errors/missing-sub-project-error.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.MissingSubProjectError = void 0;
		class MissingSubProjectError extends Error {
		@@ -4,0 +5,0 @@ constructor(subProject, allProjects) {

391

dist/index.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		const tslib_1 = require("tslib");
		exports.exportsForTests = exports.inspect = void 0;
		const os = require("os");
		@@ -10,3 +10,3 @@ const fs = require("fs");
		const errors_1 = require("./errors");
		const chalk_1 = require("chalk");
		const chalk = require("chalk");
		const cli_interface_1 = require("@snyk/cli-interface");
		@@ -29,3 +29,3 @@ const debugModule = require("debug");
		const isWin = /^win/.test(os.platform());
		const quot = isWin ? '"' : '\'';
		const quot = isWin ? '"' : "'";
		const cannotResolveVariantMarkers = [
		@@ -37,42 +37,40 @@ 'Cannot choose between the following',
		// General implementation. The result type depends on the runtime type of `options`.
		function inspect(root, targetFile, options) {
		return tslib_1.__awaiter(this, void 0, void 0, function* () {
		if (!options) {
		options = { dev: false };
		}
		let subProject = options.subProject;
		async function inspect(root, targetFile, options) {
		if (!options) {
		options = { dev: false };
		}
		let subProject = options.subProject;
		if (subProject) {
		subProject = subProject.trim();
		}
		const plugin = {
		name: 'bundled:gradle',
		runtime: 'unknown',
		targetFile: targetFileFilteredForCompatibility(targetFile),
		meta: {},
		};
		if (cli_interface_1.legacyPlugin.isMultiSubProject(options)) {
		if (subProject) {
		subProject = subProject.trim();
		throw new Error('gradle-sub-project flag is incompatible with multiDepRoots');
		}
		const plugin = {
		name: 'bundled:gradle',
		runtime: 'unknown',
		targetFile: targetFileFilteredForCompatibility(targetFile),
		meta: {},
		};
		if (cli_interface_1.legacyPlugin.isMultiSubProject(options)) {
		if (subProject) {
		throw new Error('gradle-sub-project flag is incompatible with multiDepRoots');
		}
		const scannedProjects = yield getAllDepsAllProjects(root, targetFile, options);
		plugin.meta = plugin.meta \|\| {};
		return {
		plugin,
		scannedProjects,
		};
		}
		const depTreeAndDepRootNames = yield getAllDepsOneProject(root, targetFile, options, subProject);
		if (depTreeAndDepRootNames.allSubProjectNames) {
		plugin.meta = plugin.meta \|\| {};
		plugin.meta.allSubProjectNames = depTreeAndDepRootNames.allSubProjectNames;
		}
		const scannedProjects = await getAllDepsAllProjects(root, targetFile, options);
		plugin.meta = plugin.meta \|\| {};
		return {
		plugin,
		package: depTreeAndDepRootNames.depTree,
		meta: {
		gradleProjectName: depTreeAndDepRootNames.gradleProjectName,
		versionBuildInfo: depTreeAndDepRootNames.versionBuildInfo,
		},
		scannedProjects,
		};
		});
		}
		const depTreeAndDepRootNames = await getAllDepsOneProject(root, targetFile, options, subProject);
		if (depTreeAndDepRootNames.allSubProjectNames) {
		plugin.meta = plugin.meta \|\| {};
		plugin.meta.allSubProjectNames = depTreeAndDepRootNames.allSubProjectNames;
		}
		return {
		plugin,
		package: depTreeAndDepRootNames.depTree,
		meta: {
		gradleProjectName: depTreeAndDepRootNames.gradleProjectName,
		versionBuildInfo: depTreeAndDepRootNames.versionBuildInfo,
		},
		};
		}
		@@ -86,3 +84,5 @@ exports.inspect = inspect;
		function targetFileFilteredForCompatibility(targetFile) {
		return (path.basename(targetFile) === 'build.gradle.kts') ? targetFile : undefined;
		return path.basename(targetFile) === 'build.gradle.kts'
		? targetFile
		: undefined;
		}
		@@ -95,3 +95,4 @@ function extractJsonFromScriptOutput(stdoutText) {
		if (jsonLine !== null) {
		throw new Error('More than one line with "JSONDEPS " prefix was returned; full output:\n' + stdoutText);
		throw new Error('More than one line with "JSONDEPS " prefix was returned; full output:\n' +
		stdoutText);
		}
		@@ -102,37 +103,38 @@ jsonLine = l.substr(9);
		if (jsonLine === null) {
		throw new Error('No line prefixed with "JSONDEPS " was returned; full output:\n' + stdoutText);
		throw new Error('No line prefixed with "JSONDEPS " was returned; full output:\n' +
		stdoutText);
		}
		debugLog('The command produced JSONDEPS output of ' + jsonLine.length + ' characters');
		debugLog('The command produced JSONDEPS output of ' +
		jsonLine.length +
		' characters');
		return JSON.parse(jsonLine);
		}
		function getAllDepsOneProject(root, targetFile, options, subProject) {
		return tslib_1.__awaiter(this, void 0, void 0, function* () {
		const packageName = path.basename(root);
		const allProjectDeps = yield getAllDeps(root, targetFile, options);
		const allSubProjectNames = allProjectDeps.allSubProjectNames;
		if (subProject) {
		const { depTree, meta } = getDepsSubProject(root, subProject, allProjectDeps);
		return {
		depTree,
		allSubProjectNames,
		gradleProjectName: meta.gradleProjectName,
		versionBuildInfo: allProjectDeps.versionBuildInfo,
		};
		}
		const { projects, defaultProject } = allProjectDeps;
		const { depDict } = projects[defaultProject];
		async function getAllDepsOneProject(root, targetFile, options, subProject) {
		const packageName = path.basename(root);
		const allProjectDeps = await getAllDeps(root, targetFile, options);
		const allSubProjectNames = allProjectDeps.allSubProjectNames;
		if (subProject) {
		const { depTree, meta } = getDepsSubProject(root, subProject, allProjectDeps);
		return {
		depTree: {
		dependencies: depDict,
		name: packageName,
		// TODO: extract from project
		// https://snyksec.atlassian.net/browse/BST-558
		version: '0.0.0',
		packageFormatVersion,
		},
		depTree,
		allSubProjectNames,
		gradleProjectName: defaultProject,
		gradleProjectName: meta.gradleProjectName,
		versionBuildInfo: allProjectDeps.versionBuildInfo,
		};
		});
		}
		const { projects, defaultProject } = allProjectDeps;
		const { depDict } = projects[defaultProject];
		return {
		depTree: {
		dependencies: depDict,
		name: packageName,
		// TODO: extract from project
		// https://snyksec.atlassian.net/browse/BST-558
		version: '0.0.0',
		packageFormatVersion,
		},
		allSubProjectNames,
		gradleProjectName: defaultProject,
		versionBuildInfo: allProjectDeps.versionBuildInfo,
		};
		}
		@@ -160,35 +162,33 @@ function getDepsSubProject(root, subProject, allProjectDeps) {
		}
		function getAllDepsAllProjects(root, targetFile, options) {
		return tslib_1.__awaiter(this, void 0, void 0, function* () {
		const allProjectDeps = yield getAllDeps(root, targetFile, options);
		const basePackageName = path.basename(root);
		const packageVersion = '0.0.0';
		return Object.keys(allProjectDeps.projects).map((proj) => {
		const packageName = proj === allProjectDeps.defaultProject ? basePackageName : `${basePackageName}/${proj}`;
		const defaultProject = allProjectDeps.defaultProject;
		const gradleProjectName = proj === defaultProject ? defaultProject : `${defaultProject}/${proj}`;
		return {
		targetFile: targetFileFilteredForCompatibility(allProjectDeps.projects[proj].targetFile),
		meta: {
		gradleProjectName,
		versionBuildInfo: allProjectDeps.versionBuildInfo,
		},
		depTree: {
		dependencies: allProjectDeps.projects[proj].depDict,
		name: packageName,
		version: packageVersion,
		packageFormatVersion,
		},
		};
		});
		async function getAllDepsAllProjects(root, targetFile, options) {
		const allProjectDeps = await getAllDeps(root, targetFile, options);
		const basePackageName = path.basename(root);
		const packageVersion = '0.0.0';
		return Object.keys(allProjectDeps.projects).map((proj) => {
		const packageName = proj === allProjectDeps.defaultProject
		? basePackageName
		: `${basePackageName}/${proj}`;
		const defaultProject = allProjectDeps.defaultProject;
		const gradleProjectName = proj === defaultProject ? defaultProject : `${defaultProject}/${proj}`;
		return {
		targetFile: targetFileFilteredForCompatibility(allProjectDeps.projects[proj].targetFile),
		meta: {
		gradleProjectName,
		versionBuildInfo: allProjectDeps.versionBuildInfo,
		},
		depTree: {
		dependencies: allProjectDeps.projects[proj].depDict,
		name: packageName,
		version: packageVersion,
		packageFormatVersion,
		},
		};
		});
		}
		const reEcho = /^SNYKECHO (.*)$/;
		function printIfEcho(line) {
		return tslib_1.__awaiter(this, void 0, void 0, function* () {
		const maybeMatch = reEcho.exec(line);
		if (maybeMatch) {
		debugLog(maybeMatch[1]);
		}
		});
		async function printIfEcho(line) {
		const maybeMatch = reEcho.exec(line);
		if (maybeMatch) {
		debugLog(maybeMatch[1]);
		}
		}
		@@ -199,32 +199,35 @@ // <insert a npm left-pad joke here>
		}
		function getInjectedScriptPath() {
		return tslib_1.__awaiter(this, void 0, void 0, function* () {
		let initGradleAsset = null;
		if (/index.js$/.test(__filename)) {
		// running from ./dist
		// path.join call has to be exactly in this format, needed by "pkg" to build a standalone Snyk CLI binary:
		// https://www.npmjs.com/package/pkg#detecting-assets-in-source-code
		initGradleAsset = path.join(__dirname, '../lib/init.gradle');
		}
		else if (/index.ts$/.test(__filename)) {
		// running from ./lib
		initGradleAsset = path.join(__dirname, 'init.gradle');
		}
		else {
		throw new Error('Cannot locate Snyk init.gradle script');
		}
		// We could be running from a bundled CLI generated by `pkg`.
		// The Node filesystem in that case is not real: https://github.com/zeit/pkg#snapshot-filesystem
		// Copying the injectable script into a temp file.
		try {
		const tmpInitGradle = tmp.fileSync({ postfix: '-init.gradle' });
		fs.createReadStream(initGradleAsset).pipe(fs.createWriteStream('', { fd: tmpInitGradle.fd }));
		return { injectedScripPath: tmpInitGradle.name, cleanupCallback: tmpInitGradle.removeCallback };
		}
		catch (error) {
		error.message = error.message + '\n\n' +
		async function getInjectedScriptPath() {
		let initGradleAsset = null;
		if (/index.js$/.test(__filename)) {
		// running from ./dist
		// path.join call has to be exactly in this format, needed by "pkg" to build a standalone Snyk CLI binary:
		// https://www.npmjs.com/package/pkg#detecting-assets-in-source-code
		initGradleAsset = path.join(__dirname, '../lib/init.gradle');
		}
		else if (/index.ts$/.test(__filename)) {
		// running from ./lib
		initGradleAsset = path.join(__dirname, 'init.gradle');
		}
		else {
		throw new Error('Cannot locate Snyk init.gradle script');
		}
		// We could be running from a bundled CLI generated by `pkg`.
		// The Node filesystem in that case is not real: https://github.com/zeit/pkg#snapshot-filesystem
		// Copying the injectable script into a temp file.
		try {
		const tmpInitGradle = tmp.fileSync({ postfix: '-init.gradle' });
		fs.createReadStream(initGradleAsset).pipe(fs.createWriteStream('', { fd: tmpInitGradle.fd }));
		return {
		injectedScripPath: tmpInitGradle.name,
		cleanupCallback: tmpInitGradle.removeCallback,
		};
		}
		catch (error) {
		error.message =
		error.message +
		'\n\n' +
		'Failed to create a temporary file to host Snyk init script for Gradle build analysis.';
		throw error;
		}
		});
		throw error;
		}
		}
		@@ -255,5 +258,6 @@ // when running a project is making use of gradle wrapper, the first time we run `gradlew -v`, the download
		// Select the lines in "Attribute: value format"
		versionMetaInformation.filter((value) => value && value.length > 0 && value.includes(': '))
		versionMetaInformation
		.filter((value) => value && value.length > 0 && value.includes(': '))
		.map((value) => value.split(/(.): (.)/))
		.forEach((splitValue) => metaBuildVersion[toCamelCase(splitValue[1].trim())] = splitValue[2].trim());
		.forEach((splitValue) => (metaBuildVersion[toCamelCase(splitValue[1].trim())] = splitValue[2].trim()));
		return {
		@@ -269,39 +273,43 @@ gradleVersion,
		}
		function getAllDeps(root, targetFile, options) {
		return tslib_1.__awaiter(this, void 0, void 0, function* () {
		const command = getCommand(root, targetFile);
		let gradleVersionOutput = '[COULD NOT RUN gradle -v] ';
		try {
		gradleVersionOutput = yield subProcess.execute(command, ['-v'], { cwd: root });
		async function getAllDeps(root, targetFile, options) {
		const command = getCommand(root, targetFile);
		let gradleVersionOutput = '[COULD NOT RUN gradle -v] ';
		try {
		gradleVersionOutput = await subProcess.execute(command, ['-v'], {
		cwd: root,
		});
		}
		catch (_) {
		// intentionally empty
		}
		if (gradleVersionOutput.match(/Gradle 1/)) {
		throw new Error('Gradle 1.x is not supported');
		}
		const { injectedScripPath, cleanupCallback } = await getInjectedScriptPath();
		const args = buildArgs(root, targetFile, injectedScripPath, options);
		const fullCommandText = 'gradle command: ' + command + ' ' + args.join(' ');
		debugLog('Executing ' + fullCommandText);
		try {
		const stdoutText = await subProcess.execute(command, args, { cwd: root }, printIfEcho);
		if (cleanupCallback) {
		cleanupCallback();
		}
		catch (_) {
		// intentionally empty
		const extractedJson = extractJsonFromScriptOutput(stdoutText);
		const versionBuildInfo = getVersionBuildInfo(gradleVersionOutput);
		if (versionBuildInfo) {
		extractedJson.versionBuildInfo = versionBuildInfo;
		}
		if (gradleVersionOutput.match(/Gradle 1/)) {
		throw new Error('Gradle 1.x is not supported');
		}
		const { injectedScripPath, cleanupCallback } = yield getInjectedScriptPath();
		const args = buildArgs(root, targetFile, injectedScripPath, options);
		const fullCommandText = 'gradle command: ' + command + ' ' + args.join(' ');
		debugLog('Executing ' + fullCommandText);
		try {
		const stdoutText = yield subProcess.execute(command, args, { cwd: root }, printIfEcho);
		if (cleanupCallback) {
		cleanupCallback();
		}
		const extractedJson = extractJsonFromScriptOutput(stdoutText);
		const versionBuildInfo = getVersionBuildInfo(gradleVersionOutput);
		if (versionBuildInfo) {
		extractedJson.versionBuildInfo = versionBuildInfo;
		}
		return extractedJson;
		}
		catch (error0) {
		const error = error0;
		const gradleErrorMarkers = /^\s>\s.$/;
		const gradleErrorEssence = error.message.split('\n').filter((l) => gradleErrorMarkers.test(l)).join('\n');
		const orange = chalk_1.default.rgb(255, 128, 0);
		const blackOnYellow = chalk_1.default.bgYellowBright.black;
		gradleVersionOutput = orange(gradleVersionOutput);
		let mainErrorMessage = `Error running Gradle dependency analysis.
		return extractedJson;
		}
		catch (error0) {
		const error = error0;
		const gradleErrorMarkers = /^\s>\s.$/;
		const gradleErrorEssence = error.message
		.split('\n')
		.filter((l) => gradleErrorMarkers.test(l))
		.join('\n');
		const orange = chalk.rgb(255, 128, 0);
		const blackOnYellow = chalk.bgYellowBright.black;
		gradleVersionOutput = orange(gradleVersionOutput);
		let mainErrorMessage = `Error running Gradle dependency analysis.

		@@ -311,12 +319,19 @@ Please ensure you are calling the \`snyk\` command with correct arguments.
		message from above, starting with ===== DEBUG INFORMATION START =====.`;
		// Special case for Android, where merging the configurations is sometimes
		// impossible.
		// There are no automated tests for this yet (setting up Android SDK is quite problematic).
		// See test/manual/README.md
		if (cannotResolveVariantMarkers.find((m) => error.message.includes(m))) {
		// Extract attribute information via JSONATTRS marker:
		const jsonAttrs = JSON.parse(error.message.split('\n').filter((line) => /^JSONATTRS /.test(line))[0].substr(10));
		const attrNameWidth = Math.max(...Object.keys(jsonAttrs).map((name) => name.length));
		const jsonAttrsPretty = Object.keys(jsonAttrs).map((name) => chalk_1.default.whiteBright(leftPad(name, attrNameWidth)) + ': ' + chalk_1.default.gray(jsonAttrs[name].join(', '))).join('\n');
		mainErrorMessage = `Error running Gradle dependency analysis.
		// Special case for Android, where merging the configurations is sometimes
		// impossible.
		// There are no automated tests for this yet (setting up Android SDK is quite problematic).
		// See test/manual/README.md
		if (cannotResolveVariantMarkers.find((m) => error.message.includes(m))) {
		// Extract attribute information via JSONATTRS marker:
		const jsonAttrs = JSON.parse(error.message
		.split('\n')
		.filter((line) => /^JSONATTRS /.test(line))[0]
		.substr(10));
		const attrNameWidth = Math.max(...Object.keys(jsonAttrs).map((name) => name.length));
		const jsonAttrsPretty = Object.keys(jsonAttrs)
		.map((name) => chalk.whiteBright(leftPad(name, attrNameWidth)) +
		': ' +
		chalk.gray(jsonAttrs[name].join(', ')))
		.join('\n');
		mainErrorMessage = `Error running Gradle dependency analysis.

		@@ -329,3 +344,3 @@ It seems like you are scanning an Android build with ambiguous dependency variants.
		1. Run Snyk CLI tool with an attribute filter, e.g.:
		${chalk_1.default.whiteBright('snyk test --all-sub-projects --configuration-attributes=buildtype:release,usage:java-runtime')}
		${chalk.whiteBright('snyk test --all-sub-projects --configuration-attributes=buildtype:release,usage:java-runtime')}

		@@ -346,3 +361,3 @@ The filter will select matching attributes from those found in your configurations, use them
		2. Run Snyk CLI tool for specific configuration(s), e.g.:
		${chalk_1.default.whiteBright("snyk test --gradle-sub-project=my-app --configuration-matching='^releaseRuntimeClasspath$'")}
		${chalk.whiteBright("snyk test --gradle-sub-project=my-app --configuration-matching='^releaseRuntimeClasspath$'")}

		@@ -352,7 +367,7 @@ (note that some configurations won't be present in every your subproject)
		3. Converting your subproject dependency specifications from the form of
		${chalk_1.default.whiteBright("implementation project(':mymodule')")}
		${chalk.whiteBright("implementation project(':mymodule')")}
		to
		${chalk_1.default.whiteBright("implementation project(path: ':mymodule', configuration: 'default')")}`;
		}
		error.message = `${chalk_1.default.red.bold('Gradle Error (short):\n' + gradleErrorEssence)}
		${chalk.whiteBright("implementation project(path: ':mymodule', configuration: 'default')")}`;
		}
		error.message = `${chalk.red.bold('Gradle Error (short):\n' + gradleErrorEssence)}

		@@ -365,9 +380,10 @@ ${blackOnYellow('===== DEBUG INFORMATION START =====')}

		${chalk_1.default.red.bold(mainErrorMessage)}`;
		throw error;
		}
		});
		${chalk.red.bold(mainErrorMessage)}`;
		throw error;
		}
		}
		function toCamelCase(input) {
		input = input.toLowerCase().replace(/(?:(^.)\|([-_\s]+.))/g, (match) => {
		input = input
		.toLowerCase()
		.replace(/(?:(^.)\|([-_\s]+.))/g, (match) => {
		return match.charAt(match.length - 1).toUpperCase();
		@@ -379,3 +395,3 @@ });
		const isWinLocal = /^win/.test(os.platform()); // local check, can be stubbed in tests
		const quotLocal = isWinLocal ? '"' : '\'';
		const quotLocal = isWinLocal ? '"' : "'";
		const wrapperScript = isWinLocal ? 'gradlew.bat' : './gradlew';
		@@ -403,3 +419,4 @@ // try to find a sibling wrapper script first
		let formattedTargetFile = targetFile;
		if (/\s/.test(targetFile)) { // checking for whitespaces
		if (/\s/.test(targetFile)) {
		// checking for whitespaces
		formattedTargetFile = quot + targetFile + quot;
		@@ -406,0 +423,0 @@ }

dist/sub-process.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.execute = void 0;
		const childProcess = require("child_process");
		@@ -4,0 +5,0 @@ const debugModule = require("debug");

package.json

		@@ -19,5 +19,6 @@ {
		"build": "tsc",
		"lint": "tslint --project tsconfig.json --format stylish",
		"lint": "eslint --color --cache '{lib,test}/*/.{js,ts}' && prettier --check '{lib,test}/*/.{js,ts}'",
		"format": "prettier --write '{lib,test}/*/.{js,ts}'",
		"prepare": "npm run build",
		"test": "npm run lint && tsc -p tsconfig-test.json && npm run test-functional && npm run test-system",
		"test": "tsc -p tsconfig-test.json && npm run test-functional && npm run test-system",
		"test-functional": "tap --node-arg=-r --node-arg=ts-node/register -R spec ./test/functional/*.test.[tj]s",
		@@ -30,8 +31,13 @@ "test-system": "tap --node-arg=-r --node-arg=ts-node/register -R spec --timeout=240 ./test/system/*.test.[tj]s",
		"devDependencies": {
		"@types/chalk": "^2.2.0",
		"@types/jest": "^24.0.13",
		"@types/node": "^4.9.1",
		"@types/sinon": "^7.0.10",
		"@types/tmp": "0.0.34",
		"@types/tmp": "0.2.0",
		"@typescript-eslint/eslint-plugin": "^2.29.0",
		"@typescript-eslint/parser": "^2.29.0",
		"eslint": "^6.8.0",
		"eslint-config-prettier": "^6.11.0",
		"eslint-plugin-prettier": "^3.1.3",
		"jest": "^24.8.0",
		"prettier": "^2.0.2",
		"sinon": "^2.4.1",
		@@ -41,4 +47,3 @@ "tap": "^12.6.1",
		"ts-node": "^8.3.0",
		"tslint": "^5.14.0",
		"typescript": "^3.4.5"
		"typescript": "^3.9.2"
		},
		@@ -48,8 +53,8 @@ "dependencies": {
		"@types/debug": "^4.1.4",
		"chalk": "^2.4.2",
		"chalk": "^3.0.0",
		"debug": "^4.1.1",
		"tmp": "0.0.33",
		"tslib": "^1.9.3"
		"tmp": "0.2.1",
		"tslib": "^2.0.0"
		},
		"version": "3.2.7"
		"version": "3.3.0"
		}

dist/errors/index.js.map

Sorry, the diff of this file is not supported yet

dist/errors/missing-sub-project-error.js.map

Sorry, the diff of this file is not supported yet

dist/index.js.map

Sorry, the diff of this file is not supported yet

dist/sub-process.js.map

Sorry, the diff of this file is not supported yet

snyk-gradle-plugin - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes