UNPKG

snyk-docker-plugin

Version:

Snyk CLI docker plugin

github.com/snyk/snyk-docker-plugin

snyk/snyk-docker-plugin

143 lines (124 loc) 4.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
import { legacy } from "@snyk/dep-graph"; import * as path from "path"; import * as lockFileParser from "snyk-nodejs-lockfile-parser"; import { DepGraphFact, TestedFilesFact } from "../../facts"; import { AppDepsScanResultWithoutTarget, FilePathToContent } from "./types"; interface ManifestLockPathPair { manifest: string; lock: string; lockType: lockFileParser.LockfileType; } export async function nodeFilesToScannedProjects( filePathToContent: FilePathToContent, ): Promise<AppDepsScanResultWithoutTarget[]> { const scanResults: AppDepsScanResultWithoutTarget[] = []; /** * TODO: Add support for Yarn workspaces! * https://github.com/snyk/nodejs-lockfile-parser/blob/af8ba81930e950156b539281ecf41c1bc63dacf4/test/lib/yarn-workflows.test.ts#L7-L17 * * When building the ScanResult ensure the workspace is stored in scanResult.identity.args: * args: { * rootWorkspace: <path-of-workspace>, * }; */ const filePairs = findManifestLockPairsInSameDirectory(filePathToContent); const shouldIncludeDevDependencies = false; const shouldBeStrictForManifestAndLockfileOutOfSync = false; for (const pathPair of filePairs) { // TODO: initially generate as DepGraph const parserResult = await lockFileParser.buildDepTree( filePathToContent[pathPair.manifest], filePathToContent[pathPair.lock], shouldIncludeDevDependencies, pathPair.lockType, shouldBeStrictForManifestAndLockfileOutOfSync, // Don't provide a default manifest file name, prefer the parser to infer it. ); const strippedLabelsParserResult = stripUndefinedLabels(parserResult); const depGraph = await legacy.depTreeToGraph( strippedLabelsParserResult, pathPair.lockType, ); const depGraphFact: DepGraphFact = { type: "depGraph", data: depGraph, }; const testedFilesFact: TestedFilesFact = { type: "testedFiles", data: [path.basename(pathPair.manifest), path.basename(pathPair.lock)], }; scanResults.push({ facts: [depGraphFact, testedFilesFact], identity: { type: depGraph.pkgManager.name, targetFile: pathPair.manifest, }, }); } return scanResults; } function findManifestLockPairsInSameDirectory( filePathToContent: FilePathToContent, ): ManifestLockPathPair[] { const fileNamesGroupedByDirectory = groupFilesByDirectory(filePathToContent); const manifestLockPathPairs: ManifestLockPathPair[] = []; for (const directoryPath of Object.keys(fileNamesGroupedByDirectory)) { const filesInDirectory = fileNamesGroupedByDirectory[directoryPath]; if (filesInDirectory.length !== 2) { // either a missing file or too many files, ignore continue; } const hasPackageJson = filesInDirectory.includes("package.json"); const hasPackageLockJson = filesInDirectory.includes("package-lock.json"); const hasYarnLock = filesInDirectory.includes("yarn.lock"); if (hasPackageJson && hasPackageLockJson) { manifestLockPathPairs.push({ manifest: path.join(directoryPath, "package.json"), lock: path.join(directoryPath, "package-lock.json"), lockType: lockFileParser.LockfileType.npm, }); continue; } if (hasPackageJson && hasYarnLock) { manifestLockPathPairs.push({ manifest: path.join(directoryPath, "package.json"), lock: path.join(directoryPath, "yarn.lock"), lockType: lockFileParser.LockfileType.yarn, }); continue; } } return manifestLockPathPairs; } // assumption: we only care about manifest+lock files if they are in the same directory function groupFilesByDirectory( filePathToContent: FilePathToContent, ): { [directoryName: string]: string[] } { const fileNamesGroupedByDirectory: { [directoryName: string]: string[] } = {}; for (const filePath of Object.keys(filePathToContent)) { const directory = path.dirname(filePath); const fileName = path.basename(filePath); if (!fileNamesGroupedByDirectory[directory]) { fileNamesGroupedByDirectory[directory] = []; } fileNamesGroupedByDirectory[directory].push(fileName); } return fileNamesGroupedByDirectory; } function stripUndefinedLabels( parserResult: lockFileParser.PkgTree, ): lockFileParser.PkgTree { const optionalLabels = parserResult.labels; const mandatoryLabels: Record<string, string> = {}; if (optionalLabels) { for (const currentLabelName of Object.keys(optionalLabels)) { if (optionalLabels[currentLabelName] !== undefined) { mandatoryLabels[currentLabelName] = optionalLabels[currentLabelName]!; } } } const parserResultWithProperLabels = Object.assign({}, parserResult, { labels: mandatoryLabels, }); return parserResultWithProperLabels; }