Big News: Socket Selected for OpenAI's Cybersecurity Grant Program.Details →
snyk-mvn-plugin
Advanced tools
snyk-mvn-plugin - npm Package Compare versions
+50
-16
@@ -9,2 +9,28 @@ "use strict"; | ||
| const jar_1 = require("./jar"); | ||
| const os = require("os"); | ||
| function getCommand(root, targetFile) { | ||
| if (!targetFile) { | ||
| return 'mvn'; | ||
| } | ||
| const isWinLocal = /^win/.test(os.platform()); // local check, can be stubbed in tests | ||
| const wrapperScript = isWinLocal ? 'mvnw.cmd' : './mvnw'; | ||
| // try to find a sibling wrapper script first | ||
| let pathToWrapper = path.resolve(root, path.dirname(targetFile), wrapperScript); | ||
| if (fs.existsSync(pathToWrapper)) { | ||
| return wrapperScript; | ||
| } | ||
| // now try to find a wrapper in the root | ||
| pathToWrapper = path.resolve(root, wrapperScript); | ||
| if (fs.existsSync(pathToWrapper)) { | ||
| return wrapperScript; | ||
| } | ||
| return 'mvn'; | ||
| } | ||
| exports.getCommand = getCommand; | ||
| // When we have `mvn`, we can run the subProcess from anywhere. | ||
| // However due to https://github.com/takari/maven-wrapper/issues/133, `mvnw` can only be run | ||
| // within the directory where `mvnw` exists | ||
| function calculateTargetFilePath(mavenCommand, root, targetPath) { | ||
| return mavenCommand === 'mvn' ? root : path.dirname(targetPath); | ||
| } | ||
| function inspect(root, targetFile, options) { | ||
@@ -33,7 +59,11 @@ return tslib_1.__awaiter(this, void 0, void 0, function* () { | ||
| const mvnArgs = buildArgs(targetFile, options.args); | ||
| const mavenCommand = getCommand(root, targetFile); | ||
| const targetFilePath = calculateTargetFilePath(mavenCommand, root, targetPath); | ||
| try { | ||
| const result = yield subProcess.execute('mvn', mvnArgs, { cwd: root }); | ||
| const versionResult = yield subProcess.execute('mvn --version', [], { | ||
| cwd: root, | ||
| const result = yield subProcess.execute(mavenCommand, mvnArgs, { | ||
| cwd: targetFilePath, | ||
| }); | ||
| const versionResult = yield subProcess.execute(`${mavenCommand} --version`, [], { | ||
| cwd: targetFilePath, | ||
| }); | ||
| const parseResult = parse_mvn_1.parseTree(result, options.dev); | ||
@@ -58,15 +88,3 @@ const { javaVersion, mavenVersion } = parse_mvn_1.parseVersions(versionResult); | ||
| catch (error) { | ||
| error.message = | ||
| error.message + | ||
| '\n\n' + | ||
| 'Please make sure that Apache Maven Dependency Plugin ' + | ||
| 'version 2.2 or above is installed, and that ' + | ||
| '`mvn ' + | ||
| mvnArgs.join(' ') + | ||
| '` executes successfully ' + | ||
| 'on this project.\n\n' + | ||
| 'If the problem persists, collect the output of ' + | ||
| '`mvn ' + | ||
| mvnArgs.join(' ') + | ||
| '` and contact support@snyk.io\n'; | ||
| error.message = buildErrorMessage(error, mvnArgs, mavenCommand); | ||
| throw error; | ||
@@ -89,2 +107,18 @@ } | ||
| exports.buildArgs = buildArgs; | ||
| function buildErrorMessage(error, mvnArgs, mavenCommand) { | ||
| const mavenArguments = mvnArgs.join(' '); | ||
| const fullCommand = `${mavenCommand} ${mavenArguments}`; | ||
| const mvnwCommandTipMessage = 'Currently, you cannot run `mvnw` outside your current directory, you will have to go inside the directory of your project (see: https://github.com/takari/maven-wrapper/issues/133)\n\n'; | ||
| return (error.message + | ||
| '\n\n' + | ||
| 'Please make sure that Apache Maven Dependency Plugin ' + | ||
| 'version 2.2 or above is installed, and that `' + | ||
| fullCommand + | ||
| '` executes successfully ' + | ||
| 'on this project.\n\n' + | ||
| (mavenCommand.indexOf('mvnw') >= 0 ? mvnwCommandTipMessage : '') + | ||
| 'If the problem persists, collect the output of `' + | ||
| fullCommand + | ||
| '` and contact support@snyk.io\n'); | ||
| } | ||
| //# sourceMappingURL=index.js.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;AAAA,2CAAuD;AACvD,yBAAyB;AACzB,6BAA6B;AAC7B,4CAA4C;AAE5C,+BAA8E;AAM9E,SAAsB,OAAO,CAC3B,IAAY,EACZ,UAAmB,EACnB,OAAsB;;QAEtB,MAAM,UAAU,GAAG,UAAU;YAC3B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YAC9B,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,UAAU,CAAC,CAAC;SACnE;QAED,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;SACnD;QAED,IAAI,WAAK,CAAC,UAAU,CAAC,EAAE;YACrB,UAAU,GAAG,MAAM,qBAAe,CAAC,IAAI,EAAE,UAAW,CAAC,CAAC;SACvD;QAED,IAAI,OAAO,CAAC,gBAAgB,EAAE;YAC5B,IAAI,iBAAW,CAAC,IAAI,CAAC,EAAE;gBACrB,UAAU,GAAG,MAAM,sBAAgB,CAAC,IAAI,CAAC,CAAC;aAC3C;iBAAM;gBACL,MAAM,KAAK,CAAC,0CAA0C,IAAI,IAAI,CAAC,CAAC;aACjE;SACF;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;YACvE,MAAM,aAAa,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,EAAE;gBAClE,GAAG,EAAE,IAAI;aACV,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,qBAAS,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACnD,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,yBAAa,CAAC,aAAa,CAAC,CAAC;YACnE,OAAO;gBACL,MAAM,EAAE;oBACN,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,SAAS;oBAClB,IAAI,EAAE;wBACJ,gBAAgB,EAAE;4BAChB,gBAAgB,EAAE;gCAChB,YAAY;gCACZ,WAAW;6BACZ;yBACF;qBACF;iBACF;gBACD,OAAO,EAAE,WAAW,CAAC,IAAI;aAC1B,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,KAAK,CAAC,OAAO;gBACX,KAAK,CAAC,OAAO;oBACb,MAAM;oBACN,uDAAuD;oBACvD,8CAA8C;oBAC9C,OAAO;oBACP,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;oBACjB,0BAA0B;oBAC1B,sBAAsB;oBACtB,iDAAiD;oBACjD,OAAO;oBACP,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;oBACjB,iCAAiC,CAAC;YACpC,MAAM,KAAK,CAAC;SACb;IACH,CAAC;CAAA;AAnED,0BAmEC;AAED,SAAgB,SAAS,CACvB,UAAmB,EACnB,SAAgC;IAEhC,wBAAwB;IACxB,IAAI,IAAI,GAAG,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,CAAC;IACnD,IAAI,UAAU,EAAE;QACd,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC;KAC1C;IACD,IAAI,SAAS,EAAE;QACb,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;KAC/B;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAbD,8BAaC"} | ||
| {"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;AAAA,2CAAuD;AACvD,yBAAyB;AACzB,6BAA6B;AAC7B,4CAA4C;AAE5C,+BAA8E;AAC9E,yBAAyB;AAMzB,SAAgB,UAAU,CAAC,IAAY,EAAE,UAA8B;IACrE,IAAI,CAAC,UAAU,EAAE;QACf,OAAO,KAAK,CAAC;KACd;IACD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,uCAAuC;IACtF,MAAM,aAAa,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC;IACzD,6CAA6C;IAC7C,IAAI,aAAa,GAAG,IAAI,CAAC,OAAO,CAC9B,IAAI,EACJ,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EACxB,aAAa,CACd,CAAC;IACF,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE;QAChC,OAAO,aAAa,CAAC;KACtB;IACD,wCAAwC;IACxC,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IAClD,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE;QAChC,OAAO,aAAa,CAAC;KACtB;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AArBD,gCAqBC;AAED,+DAA+D;AAC/D,4FAA4F;AAC5F,2CAA2C;AAC3C,SAAS,uBAAuB,CAAC,YAAY,EAAE,IAAY,EAAE,UAAU;IACrE,OAAO,YAAY,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAClE,CAAC;AAED,SAAsB,OAAO,CAC3B,IAAY,EACZ,UAAmB,EACnB,OAAsB;;QAEtB,MAAM,UAAU,GAAG,UAAU;YAC3B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YAC9B,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,UAAU,CAAC,CAAC;SACnE;QAED,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;SACnD;QAED,IAAI,WAAK,CAAC,UAAU,CAAC,EAAE;YACrB,UAAU,GAAG,MAAM,qBAAe,CAAC,IAAI,EAAE,UAAW,CAAC,CAAC;SACvD;QAED,IAAI,OAAO,CAAC,gBAAgB,EAAE;YAC5B,IAAI,iBAAW,CAAC,IAAI,CAAC,EAAE;gBACrB,UAAU,GAAG,MAAM,sBAAgB,CAAC,IAAI,CAAC,CAAC;aAC3C;iBAAM;gBACL,MAAM,KAAK,CAAC,0CAA0C,IAAI,IAAI,CAAC,CAAC;aACjE;SACF;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAClD,MAAM,cAAc,GAAG,uBAAuB,CAC5C,YAAY,EACZ,IAAI,EACJ,UAAU,CACX,CAAC;QACF,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,EAAE;gBAC7D,GAAG,EAAE,cAAc;aACpB,CAAC,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,UAAU,CAAC,OAAO,CAC5C,GAAG,YAAY,YAAY,EAC3B,EAAE,EACF;gBACE,GAAG,EAAE,cAAc;aACpB,CACF,CAAC;YACF,MAAM,WAAW,GAAG,qBAAS,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACnD,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,yBAAa,CAAC,aAAa,CAAC,CAAC;YACnE,OAAO;gBACL,MAAM,EAAE;oBACN,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,SAAS;oBAClB,IAAI,EAAE;wBACJ,gBAAgB,EAAE;4BAChB,gBAAgB,EAAE;gCAChB,YAAY;gCACZ,WAAW;6BACZ;yBACF;qBACF;iBACF;gBACD,OAAO,EAAE,WAAW,CAAC,IAAI;aAC1B,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,KAAK,CAAC,OAAO,GAAG,iBAAiB,CAAC,KAAK,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;YAChE,MAAM,KAAK,CAAC;SACb;IACH,CAAC;CAAA;AAnED,0BAmEC;AAED,SAAgB,SAAS,CACvB,UAAmB,EACnB,SAAgC;IAEhC,wBAAwB;IACxB,IAAI,IAAI,GAAG,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,CAAC;IACnD,IAAI,UAAU,EAAE;QACd,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC;KAC1C;IACD,IAAI,SAAS,EAAE;QACb,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;KAC/B;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAbD,8BAaC;AAED,SAAS,iBAAiB,CACxB,KAAY,EACZ,OAAiB,EACjB,YAAoB;IAEpB,MAAM,cAAc,GAAW,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,GAAG,YAAY,IAAI,cAAc,EAAE,CAAC;IACxD,MAAM,qBAAqB,GACzB,yLAAyL,CAAC;IAC5L,OAAO,CACL,KAAK,CAAC,OAAO;QACb,MAAM;QACN,uDAAuD;QACvD,+CAA+C;QAC/C,WAAW;QACX,0BAA0B;QAC1B,sBAAsB;QACtB,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,kDAAkD;QAClD,WAAW;QACX,iCAAiC,CAClC,CAAC;AACJ,CAAC"} |
+3
-1
@@ -35,3 +35,5 @@ { | ||
| "prettier": "^1.19.1", | ||
| "@types/sinon": "^7.0.10", | ||
| "semantic-release": "^15", | ||
| "sinon": "^2.4.1", | ||
| "tap": "^12.0.1", | ||
@@ -48,3 +50,3 @@ "tap-only": "0.0.5" | ||
| }, | ||
| "version": "2.8.0" | ||
| "version": "2.9.0" | ||
| } |
New alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
33236
9.56%- Lines of code
458
8.02%Worsened metrics
- Dev dependency count
11
22.22%No dependency changes