snyk-nuget-plugin
Advanced tools
Comparing version 1.6.5 to 1.7.0
245
lib/index.js
@@ -1,10 +0,4 @@ | ||
var fs = require('fs'); | ||
var parseXML = require('xml2js').parseString; | ||
var Dependency = require('./dependency'); | ||
var path = require('path'); | ||
var parseNuspec = require('./nuspec-parser'); | ||
var jsonManifestParser = require('./json-manifest-parser'); | ||
var debug = require('debug')('snyk'); | ||
var projectJsonFormatParser = require('./formats/dotnet-core-parser'); | ||
var determineDotnetVersions = require('./proj-parser'); | ||
var dotnetParser = require('./dotnet-parser'); | ||
var paketParser = require('snyk-paket-parser'); | ||
@@ -22,2 +16,5 @@ function determineManifestType(filename) { | ||
} | ||
case /paket.dependencies$/.test(filename): { | ||
return 'paket'; | ||
} | ||
default: { | ||
@@ -28,222 +25,42 @@ throw new Error('Could not determine manifest type for ' + filename); | ||
} | ||
function injectProjectData(packageTree, projectData) { | ||
packageTree.package.name = projectData.project.name; | ||
packageTree.package.version = projectData.project.version; | ||
} | ||
module.exports = { | ||
inspect: function (root, targetFile, options) { | ||
var packagesFolder; | ||
var flattendPackageList = {}; | ||
var nuspecResolutions = {}; | ||
options = options || {}; | ||
var fileContentPath = path.resolve(root || '.', targetFile || '.'); | ||
var manifestType; | ||
var fileContent; | ||
var dotnetVersions; | ||
var fileContentPath = path.resolve(root || '.', targetFile || '.'); | ||
var projectRootFolder = path.resolve(fileContentPath, '../../'); | ||
if (options && options.packagesFolder) { | ||
packagesFolder = path.resolve(process.cwd(), options.packagesFolder); | ||
} else { | ||
packagesFolder = path.resolve(projectRootFolder, 'packages'); | ||
} | ||
try { | ||
manifestType = determineManifestType(path.basename(targetFile || root)); | ||
if (manifestType === 'dotnet-core') { | ||
dotnetVersions = determineDotnetVersions(projectRootFolder); | ||
} else { | ||
// .csproj is in the same directory as packages.config or project.json | ||
dotnetVersions = determineDotnetVersions( | ||
path.resolve(fileContentPath, '../')); | ||
} | ||
fileContent = fs.readFileSync(fileContentPath).toString(); | ||
debug('Loaded ' + targetFile + ' with manifest type ' | ||
+ manifestType + ' for .NET version ' + dotnetVersions); | ||
} catch (error) { | ||
return Promise.reject(error); | ||
} | ||
var packageTree = { | ||
package: { | ||
name: path.basename(root || projectRootFolder), | ||
version: '0.0.0', | ||
packageFormatVersion: 'nuget:0.0.0', | ||
dependencies: {}, | ||
}, | ||
plugin: { | ||
name: 'snyk-nuget-plugin', | ||
targetFile: targetFile, | ||
}, | ||
var createPackageTree = function (depTree) { | ||
return { | ||
package: depTree, | ||
plugin: { | ||
name: 'snyk-nuget-plugin', | ||
targetFile: targetFile, | ||
}, | ||
}; | ||
}; | ||
var tree = packageTree.package; | ||
var job = new Promise(function parseFileContents(resolve, reject) { | ||
var installedPackages = []; | ||
switch (manifestType) { | ||
case 'dotnet-core': { | ||
debug('Trying to parse dot-net-cli manifest'); | ||
projectJsonFormatParser(fileContent, tree); | ||
resolve([]); // skip installed dependencies parsing | ||
break; | ||
} | ||
case 'project.json': { | ||
debug('Trying to parse project.json format manifest'); | ||
var projectData = jsonManifestParser.parse(fileContent); | ||
var rawDependencies = projectData.dependencies; | ||
debug(rawDependencies); | ||
if (rawDependencies) { | ||
for (var name in rawDependencies) { | ||
// Array<{ "libraryName": "version" }> | ||
var version = rawDependencies[name]; | ||
var newDependency = new Dependency(name, version, null); | ||
installedPackages.push(newDependency); | ||
} | ||
} | ||
if (projectData.project) { | ||
injectProjectData(packageTree, projectData); | ||
} | ||
resolve(installedPackages); | ||
break; | ||
} | ||
case 'packages.config': { | ||
debug('Trying to parse packages.config manifest'); | ||
parseXML(fileContent, function scanPackagesConfig(err, result) { | ||
if (err) { | ||
reject(err); | ||
} else { | ||
result.packages.package.forEach( | ||
function scanPackagesConfigNode(node) { | ||
var installedDependency = | ||
Dependency.from.packgesConfigEntry(node); | ||
installedPackages.push(installedDependency); | ||
}); | ||
resolve(installedPackages); | ||
} | ||
}); | ||
break; | ||
} | ||
} | ||
}).then(function scanInstalled(installedPackages) { | ||
if (manifestType !== 'dotnet-core') { | ||
debug('Located ' + installedPackages.length + ' packages in manifest'); | ||
installedPackages.forEach(function (entry) { | ||
injectPath(entry, packagesFolder); | ||
flattendPackageList[entry.name] = | ||
flattendPackageList[entry.name] || entry; | ||
debug('Entry: ' + entry.name + ' -> ' + entry.path); | ||
}); | ||
try { | ||
debug('Scanning local installed folders'); | ||
debug('Trying to read from installed packages folder: ' + | ||
packagesFolder); | ||
fs.readdirSync(packagesFolder) | ||
.map(function (folderName) { | ||
return Dependency.from.folderName(folderName); | ||
}) | ||
.forEach(function (dep) { | ||
injectPath(dep, packagesFolder); | ||
// only add a package from packages folder if version is different | ||
if (flattendPackageList[dep.name] && | ||
flattendPackageList[dep.name].version !== dep.version) { | ||
// prefer found from packages folder (dep) over existing | ||
debug('For package ' + dep.name + ' the version ' + | ||
flattendPackageList[dep.name].version + | ||
' was extracted from manifest file.' + | ||
'\nWe are overwriting it with version ' + dep.version + | ||
' from the packages folder'); | ||
flattendPackageList[dep.name] = dep; | ||
} | ||
}); | ||
} catch (err) { | ||
debug('Could not complete packages folder scanning'); | ||
debug(err); | ||
} | ||
} else { | ||
debug('Located ' + | ||
Object.keys(tree.dependencies).length + 'packages in manifest'); | ||
var sorted = {}; | ||
Object.keys(flattendPackageList).sort().forEach(function (key) { | ||
sorted[key] = flattendPackageList[key]; | ||
}); | ||
flattendPackageList = sorted; | ||
} | ||
}).then(function fetchNugetInformationFromPackages() { | ||
var nuspecParserChain = []; | ||
if (manifestType !== 'dotnet-core') { | ||
// begin collecting information from .nuget files on installed packages | ||
debug('Trying to analyze .nuspec files'); | ||
for (var name in flattendPackageList) { | ||
var dep = flattendPackageList[name]; | ||
debug('...' + name); | ||
nuspecParserChain.push(parseNuspec(dep, dotnetVersions)); | ||
} | ||
} | ||
return Promise.all(nuspecParserChain); | ||
}).then(function processNugetInformation(nuspecResolutionChain) { | ||
if (manifestType !== 'dotnet-core') { | ||
nuspecResolutionChain.forEach(function (resolution) { | ||
if (!resolution) { | ||
return; | ||
} // jscs:ignore | ||
debug('.nuspec analyzed for ' + resolution.name); | ||
nuspecResolutions[resolution.name] = resolution; | ||
}); | ||
} | ||
}).then(function buildDependencyTree() { | ||
// .nuget parsing is complete, returned as array of promise resolutions | ||
// now the flat list should be rebuilt as a tree | ||
debug('Building dependency tree'); | ||
function buildTree(node, requiredChildren, repository) { | ||
requiredChildren.forEach(function (requiredChild) { | ||
var transitiveDependency; | ||
if (flattendPackageList[requiredChild.name]) { | ||
// fetch from repo | ||
transitiveDependency = | ||
flattendPackageList[requiredChild.name].cloneShallow(); | ||
} else { | ||
// create as new (uninstalled) | ||
transitiveDependency = new Dependency( | ||
requiredChild.name, | ||
requiredChild.version); | ||
} | ||
var transitiveChildren = | ||
(nuspecResolutions[transitiveDependency.name] && | ||
nuspecResolutions[transitiveDependency.name].children) || []; | ||
buildTree( | ||
transitiveDependency, | ||
transitiveChildren, | ||
repository); | ||
node.dependencies[transitiveDependency.name] = transitiveDependency; | ||
}); | ||
} | ||
if (manifestType === 'paket') { | ||
return paketParser.buildDepTreeFromFiles( | ||
root, | ||
targetFile, | ||
options['lock-file-path'] || 'paket.lock', | ||
options['include-dev'], | ||
options.strict | ||
).then(createPackageTree); | ||
} | ||
var _nugtKeyCount = Object.keys(nuspecResolutions).length; | ||
Object.keys(flattendPackageList).forEach(function (packageName) { | ||
tree.dependencies[packageName] = | ||
flattendPackageList[packageName].cloneShallow(); | ||
}); | ||
if (_nugtKeyCount > 0) { | ||
// local folders scanned, build list from .nuspec | ||
for (var key in nuspecResolutions) { | ||
var resolution = nuspecResolutions[key]; | ||
var node = flattendPackageList[resolution.name].cloneShallow(); | ||
buildTree(node, resolution.children, flattendPackageList); | ||
tree.dependencies[node.name] = node; | ||
} | ||
} | ||
return packageTree; | ||
})['catch'](function (err) { | ||
throw (err); | ||
}); | ||
return dotnetParser.parse( | ||
root, | ||
targetFile, | ||
options.packagesFolder, | ||
fileContentPath, | ||
manifestType).then(createPackageTree); | ||
return job; | ||
}, | ||
}; | ||
function injectPath(dep, packagesFolder) { | ||
dep.path = | ||
dep.localPath ? | ||
path.resolve(packagesFolder, dep.localPath) | ||
: path.resolve(packagesFolder, dep.name + '.' + dep.version); | ||
if (dep.localPath) { | ||
delete dep.localPath; | ||
} | ||
} |
@@ -28,2 +28,3 @@ { | ||
"lodash": "^4.17.10", | ||
"snyk-paket-parser": "1.4.0", | ||
"xml2js": "^0.4.17" | ||
@@ -34,6 +35,6 @@ }, | ||
"nodemon": "^1.12.1", | ||
"tap": "^12.0.1", | ||
"tap": "12.4.1", | ||
"tap-only": "0.0.5" | ||
}, | ||
"version": "1.6.5" | ||
"version": "1.7.0" | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
33086
15
679
5
+ Addedsnyk-paket-parser@1.4.0
+ Addedsnyk-paket-parser@1.4.0(transitive)
+ Addedtslib@1.14.1(transitive)