snyk-nuget-plugin
Advanced tools
Comparing version 1.0.3 to 1.1.0
@@ -26,4 +26,20 @@ function Dependency(name, version, targetFramework) { | ||
}, | ||
csprojEntry: function (referenceItem) { | ||
var sep = ( | ||
/\//.exec(referenceItem.HintPath[0]) || | ||
/\\/.exec(referenceItem.HintPath[0]))[0]; | ||
var depLocalPath = referenceItem.HintPath[0] | ||
.split(sep).slice(2,3).join(sep); | ||
var versionRef = /(?=\S+)(?=\.{1})((\.\d+)+)/.exec(depLocalPath)[0]; | ||
var name = depLocalPath.split(versionRef)[0]; | ||
var version = versionRef.slice(1); | ||
var result = new Dependency( | ||
name, | ||
version, | ||
'unknown' | ||
); | ||
return result; | ||
}, | ||
}; | ||
module.exports = Dependency; |
137
lib/index.js
@@ -9,10 +9,16 @@ var fs = require('fs'); | ||
var flattendPackageList = {}; | ||
var nuspecResolutions = {}; | ||
function isJSON(content) { | ||
try { | ||
return JSON.parse(content); | ||
} catch (err) { | ||
return false; | ||
function determineManifestType (filename) { | ||
switch (true) { | ||
case /.json$/.test(filename): { | ||
return 'project.json'; | ||
} | ||
case /packages.config$/.test(filename): { | ||
return 'packages.config'; | ||
} | ||
case /.csproj$/.test(filename): { | ||
return '.csproj' | ||
} | ||
default: { | ||
throw new Error('Could not determine manifest type for ' + filename); | ||
} | ||
} | ||
@@ -25,2 +31,14 @@ } | ||
inspect: function (root, targetFile, options) { | ||
debugger; | ||
var flattendPackageList = {}; | ||
var nuspecResolutions = {}; | ||
var manifestType; | ||
var fileContent; | ||
try { | ||
manifestType = determineManifestType(path.basename(targetFile || root)); | ||
fileContent = fs.readFileSync(targetFile).toString(); | ||
} | ||
catch (error) { | ||
return Promise.reject(error); | ||
} | ||
var projectRootFolder = path.resolve( | ||
@@ -30,4 +48,2 @@ root || '.', | ||
'../../'); | ||
var fileContent = fs.readFileSync(targetFile).toString(); | ||
var contentAsJson = isJSON(fileContent); | ||
var packageTree = { | ||
@@ -47,43 +63,63 @@ package: { | ||
var tree = packageTree.package; | ||
var chain = new Promise(function parseFileContents(resolve, reject) { | ||
// Parse the file content | ||
if (contentAsJson) { | ||
// skip parsing from XML | ||
return resolve(contentAsJson); | ||
} | ||
// not a JSON, try XML | ||
parseXML(fileContent, function (err, result) { | ||
if (err) { | ||
reject(err); | ||
} else { | ||
resolve(result); | ||
} | ||
}) | ||
}).then(function (rawXML) { | ||
// collect installed packages and add to flat list | ||
var installedPackages = []; | ||
if (rawXML === contentAsJson) { | ||
// start parsing JSON data | ||
var rawDependencies = contentAsJson['dependencies']; | ||
if (rawDependencies) { | ||
for (var name in rawDependencies) { | ||
// Array<{ "libraryName": "version" }> | ||
var version = rawDependencies[name]; | ||
var newDependency = new Dependecy(name, version, null); | ||
if (newDependency.name.indexOf('System.') !== 0) { | ||
installedPackages.push(newDependency); | ||
switch (manifestType) { | ||
case 'project.json': { | ||
var rawDependencies = JSON.parse(fileContent).dependencies; | ||
if (rawDependencies) { | ||
for (var name in rawDependencies) { | ||
// Array<{ "libraryName": "version" }> | ||
var version = rawDependencies[name]; | ||
var newDependency = new Dependecy(name, version, null); | ||
if (newDependency.name.indexOf('System.') !== 0) { | ||
installedPackages.push(newDependency); | ||
} | ||
} | ||
} | ||
resolve(installedPackages); | ||
break; | ||
} | ||
} else { | ||
// start parsing XML data | ||
rawXML.packages.package.forEach(function (node) { | ||
if (node.$.id.indexOf('System.') !== 0) { | ||
// include only non-system libraries | ||
var installedDependency = Dependecy.from.packgesConfigEntry(node); | ||
installedPackages.push(installedDependency); | ||
} | ||
}); | ||
case 'packages.config': { | ||
parseXML(fileContent, function scanPackagesConfig(err, result) { | ||
if (err) { | ||
reject(err); | ||
} else { | ||
result.packages.package.forEach( | ||
function scanPackagesConfigNode(node) { | ||
if (node.$.id.indexOf('System.') !== 0) { | ||
// include only non-system libraries | ||
var installedDependency = | ||
Dependecy.from.packgesConfigEntry(node); | ||
installedPackages.push(installedDependency); | ||
} | ||
}); | ||
resolve(installedPackages); | ||
} | ||
}) | ||
break; | ||
} | ||
case '.csproj': { | ||
parseXML(fileContent, function scanCsprojContent(err, result) { | ||
if (err) { | ||
reject(err); | ||
} else { | ||
(result.Project.ItemGroup || []).forEach(function (itemGroup) { | ||
(itemGroup.Reference || []).forEach(function (referenceItem) { | ||
if (referenceItem.HintPath) { | ||
var installedDependency = | ||
Dependecy.from.csprojEntry(referenceItem); | ||
if (installedDependency.name.indexOf('System.') !== 0) { | ||
installedPackages.push(installedDependency); | ||
} | ||
} | ||
}); | ||
}); | ||
} | ||
resolve(installedPackages); | ||
}); | ||
break; | ||
} | ||
} | ||
}).then(function scanInstalled(installedPackages) { | ||
installedPackages.forEach(function (entry) { | ||
@@ -97,3 +133,3 @@ entry.path = | ||
}); | ||
}).then(function () { | ||
}).then(function fetchNugetInformationFromPackages() { | ||
// initiate collecting information from .nuget files on installed packages | ||
@@ -106,3 +142,3 @@ var nuspecParserChain = []; | ||
return Promise.all(nuspecParserChain); | ||
}).then(function (nuspecResolutionChain) { | ||
}).then(function processNugetInformation(nuspecResolutionChain) { | ||
nuspecResolutionChain.forEach(function (resolution) { | ||
@@ -112,3 +148,3 @@ if (!resolution) return; // jscs:ignore | ||
}); | ||
}).then(function () { | ||
}).then(function buildDependencyTree() { | ||
// .nuget parsing is complete, returned as array of promise resolutions | ||
@@ -148,3 +184,6 @@ // now the flat list should be rebuilt as a tree | ||
var _nugtKeyCount = Object.keys(nuspecResolutions).length; | ||
tree.dependencies = flattendPackageList | ||
Object.keys(flattendPackageList).forEach(function (packageName) { | ||
tree.dependencies[packageName] = | ||
flattendPackageList[packageName].cloneShallow() | ||
}) | ||
if (_nugtKeyCount > 0) { | ||
@@ -151,0 +190,0 @@ // local folders scanned, build list from .nuspec |
@@ -1,1 +0,1 @@ | ||
{"name":"snyk-nuget-plugin","description":"![logo](https://res.cloudinary.com/snyk/image/upload/v1468845259/logo/snyk-dog.svg) ## Snyk: NuGet Plugin ***","main":"lib/index.js","scripts":{"lint":"jscs `find ./lib -name '*.js'` -v && jscs `find ./test -name '*.js'` -v","test":"npm run unit-test","unit-test":"tap `ls ./test/*.test.js` -R=spec","dev":"nodemon -x 'npm run unit-test'","semantic-release":"semantic-release pre && npm publish && semantic-release post"},"repository":{"type":"git","url":"https://github.com/snyk/snyk-nuget-plugin.git"},"keywords":["snyk","nuget"],"author":"snyk.io","license":"Apache-2.0","bugs":{"url":"https://github.com/snyk/snyk-nuget-plugin/issues"},"homepage":"https://github.com/snyk/snyk-nuget-plugin#readme","dependencies":{"es6-promise":"^4.1.1","xml2js":"^0.4.17","zip":"^1.2.0"},"devDependencies":{"jscs":"^3.0.7","nodemon":"^1.12.1","semantic-release":"^8.2.0","tap":"^10.7.0","tap-only":"0.0.5"},"version":"1.0.3"} | ||
{"name":"snyk-nuget-plugin","description":"![logo](https://res.cloudinary.com/snyk/image/upload/v1468845259/logo/snyk-dog.svg) ## Snyk: NuGet Plugin ***","main":"lib/index.js","scripts":{"lint":"jscs `find ./lib -name '*.js'` -v && jscs `find ./test -name '*.js'` -v","test":"npm run unit-test","unit-test":"tap `ls ./test/*.test.js` -R=spec","dev":"nodemon -x 'npm run unit-test'","semantic-release":"semantic-release pre && npm publish && semantic-release post"},"repository":{"type":"git","url":"https://github.com/snyk/snyk-nuget-plugin.git"},"keywords":["snyk","nuget"],"author":"snyk.io","license":"Apache-2.0","bugs":{"url":"https://github.com/snyk/snyk-nuget-plugin/issues"},"homepage":"https://github.com/snyk/snyk-nuget-plugin#readme","dependencies":{"es6-promise":"^4.1.1","xml2js":"^0.4.17","zip":"^1.2.0"},"devDependencies":{"jscs":"^3.0.7","nodemon":"^1.12.1","semantic-release":"^8.2.0","tap":"^10.7.0","tap-only":"0.0.5"},"version":"1.1.0"} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
13016
316