snyk-nuget-plugin
Advanced tools
Comparing version 1.6.4 to 1.6.5
@@ -1,8 +0,8 @@ | ||
var zip = require('zip'); | ||
var JSZip = require('jszip'); | ||
var fs = require('fs'); | ||
var path = require('path'); | ||
var safeBufferRead = require('./safe-buffer-read'); | ||
var parseXML = require('xml2js').parseString; | ||
var Dependency = require('./dependency'); | ||
var _ = require('lodash'); | ||
var debug = require('debug')('snyk'); | ||
@@ -12,65 +12,70 @@ const targetFrameworkRegex = /([.a-zA-Z]+)([.0-9]+)/; | ||
function parseNuspec(dep, targetFrameworks, sep) { | ||
return new Promise(function (resolve, reject) { | ||
var pathSep = sep || '.'; | ||
var nuspecPath = path.resolve( | ||
dep.path, | ||
dep.name + pathSep + dep.version + '.nupkg'); | ||
var rawZipped; | ||
return Promise.resolve() | ||
.then(function () { | ||
var pathSep = sep || '.'; | ||
var nupkgPath = | ||
path.resolve(dep.path, dep.name + pathSep + dep.version + '.nupkg'); | ||
var nupkgData = fs.readFileSync(nupkgPath); | ||
return JSZip.loadAsync(nupkgData); | ||
}) | ||
.then(function (nuspecZipData) { | ||
var nuspecFile = Object.keys(nuspecZipData.files).find(function (file) { | ||
return (path.extname(file) === '.nuspec'); | ||
}); | ||
return nuspecZipData.files[nuspecFile].async('string'); | ||
}) | ||
.then(function (nuspecContent) { | ||
return new Promise(function (resolve, reject) { | ||
parseXML(nuspecContent, function (err, result) { | ||
if (err) { | ||
return reject(err); | ||
} | ||
try { | ||
rawZipped = fs.readFileSync(nuspecPath); | ||
} catch (err) { | ||
return resolve(null); | ||
} | ||
var reader = zip.Reader(rawZipped); | ||
var nuspecContent = null; | ||
reader.forEach(function (entry) { | ||
if (path.extname(entry._header.file_name) === '.nuspec') { // jscs:ignore | ||
nuspecContent = safeBufferRead(entry.getData()); | ||
} | ||
}); | ||
parseXML(nuspecContent, function (err, result) { | ||
if (err) { | ||
return reject(err); | ||
} | ||
var ownDeps = []; | ||
// We are only going to check the first targetFramework we encounter | ||
// in the future we may want to support multiple, but only once | ||
// we have dependency version conflict resolution implemented | ||
// _(targetFrameworks).forEach(function (targetFramework) { | ||
_(result.package.metadata).forEach(function (metadata) { | ||
_(metadata.dependencies).forEach(function (rawDependency) { | ||
var ownDeps = []; | ||
// We are only going to check the first targetFramework we encounter | ||
// in the future we may want to support multiple, but only once | ||
// we have dependency version conflict resolution implemented | ||
// _(targetFrameworks).forEach(function (targetFramework) { | ||
_(result.package.metadata).forEach(function (metadata) { | ||
_(metadata.dependencies).forEach(function (rawDependency) { | ||
// Find and add target framework version specific dependencies | ||
const depsForTargetFramework = | ||
extractDepsForTargetFrameworks(rawDependency, targetFrameworks); | ||
// Find and add target framework version specific dependencies | ||
const depsForTargetFramework = | ||
extractDepsForTargetFrameworks(rawDependency, targetFrameworks); | ||
if (depsForTargetFramework && depsForTargetFramework.group) { | ||
ownDeps = _.concat(ownDeps, | ||
extractDepsFromRaw(depsForTargetFramework.group.dependency)); | ||
} | ||
if (depsForTargetFramework && depsForTargetFramework.group) { | ||
ownDeps = _.concat(ownDeps, | ||
extractDepsFromRaw(depsForTargetFramework.group.dependency)); | ||
} | ||
// Find all groups with no targetFramework attribute | ||
// add their deps | ||
const depsFromPlainGroups = | ||
extractDepsForPlainGroups(rawDependency); | ||
// Find all groups with no targetFramework attribute, add their deps | ||
const depsFromPlainGroups = extractDepsForPlainGroups(rawDependency); | ||
if (depsFromPlainGroups) { | ||
depsFromPlainGroups.forEach(function (depGroup) { | ||
ownDeps = _.concat(ownDeps, | ||
extractDepsFromRaw(depGroup.dependency)); | ||
}); | ||
} | ||
if (depsFromPlainGroups) { | ||
depsFromPlainGroups.forEach(function (depGroup) { | ||
ownDeps = _.concat(ownDeps, | ||
extractDepsFromRaw(depGroup.dependency)); | ||
// Add the default dependencies | ||
ownDeps = | ||
_.concat(ownDeps, extractDepsFromRaw(rawDependency.dependency)); | ||
}); | ||
} | ||
}); | ||
// Add the default dependencies | ||
ownDeps = | ||
_.concat(ownDeps, extractDepsFromRaw(rawDependency.dependency)); | ||
return resolve({ | ||
name: dep.name, | ||
children: ownDeps, | ||
}); | ||
}); | ||
}); | ||
return resolve({ | ||
name: dep.name, | ||
children: ownDeps, | ||
}); | ||
}) | ||
.catch(function (err) { | ||
// parsing problems are coerced into an empty nuspec | ||
debug('Error parsing dependency', JSON.stringify(dep), err); | ||
return null; | ||
}); | ||
}); | ||
} | ||
@@ -77,0 +82,0 @@ |
@@ -7,7 +7,4 @@ { | ||
"lint": "eslint -c .eslintrc lib test", | ||
"test": "npm run unit-test", | ||
"test-windows": "tap -R spec test/*.test.js --timeout=120", | ||
"unit-test": "tap `ls ./test/*.test.js` -R=spec --timeout=120", | ||
"dev": "nodemon -x 'npm run unit-test'", | ||
"semantic-release": "semantic-release" | ||
"test": "npm run lint && tap test/*.test.js -R=spec --timeout=120", | ||
"dev": "nodemon -x 'npm run test'" | ||
}, | ||
@@ -30,5 +27,5 @@ "repository": { | ||
"debug": "^3.1.0", | ||
"xml2js": "^0.4.17", | ||
"zip": "^1.2.0", | ||
"lodash": "^4.17.10" | ||
"jszip": "^3.1.5", | ||
"lodash": "^4.17.10", | ||
"xml2js": "^0.4.17" | ||
}, | ||
@@ -38,7 +35,6 @@ "devDependencies": { | ||
"nodemon": "^1.12.1", | ||
"semantic-release": "^15", | ||
"tap": "^12.0.1", | ||
"tap-only": "0.0.5" | ||
}, | ||
"version": "1.6.4" | ||
"version": "1.6.5" | ||
} |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
4
32125
14
644
+ Addedjszip@^3.1.5
+ Addedcore-util-is@1.0.3(transitive)
+ Addedimmediate@3.0.6(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedisarray@1.0.0(transitive)
+ Addedjszip@3.10.1(transitive)
+ Addedlie@3.3.0(transitive)
+ Addedpako@1.0.11(transitive)
+ Addedprocess-nextick-args@2.0.1(transitive)
+ Addedreadable-stream@2.3.8(transitive)
+ Addedsafe-buffer@5.1.2(transitive)
+ Addedsetimmediate@1.0.5(transitive)
+ Addedstring_decoder@1.1.1(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
- Removedzip@^1.2.0
- Removedbase64-js@0.0.2(transitive)
- Removedbops@0.1.1(transitive)
- Removedto-utf8@0.0.1(transitive)
- Removedzip@1.2.0(transitive)