snyk-docker-plugin/dist/analyzer/applications/php.js

Snyk CLI docker plugin

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.phpFilesToScannedProjects = void 0;
const dep_graph_1 = require("@snyk/dep-graph");
const path = require("path");
const composer_lockfile_parser_1 = require("@snyk/composer-lockfile-parser");
const errors_1 = require("@snyk/composer-lockfile-parser/dist/errors");
const PACKAGE_MANAGER_TYPE = "composer";
async function phpFilesToScannedProjects(filePathToContent) {
    const scanResults = [];
    const filePairs = findManifestLockPairsInSameDirectory(filePathToContent);
    const shouldIncludeDevDependencies = false;
    for (const pathPair of filePairs) {
        let parserResult;
        try {
            parserResult = (0, composer_lockfile_parser_1.buildDepTree)(filePathToContent[pathPair.lock], filePathToContent[pathPair.manifest], pathPair.manifest, {}, shouldIncludeDevDependencies);
        }
        catch (e) {
            // This will skip parsing all files that error due to being malformed.
            // If we do not do this, the entire scan will fail.
            // Ideally, we'd like to log this, but logging does not exist in this library.
            if (e instanceof errors_1.InvalidUserInputError) {
                continue;
            }
            else {
                throw e;
            }
        }
        const depGraph = await dep_graph_1.legacy.depTreeToGraph(parserResult, PACKAGE_MANAGER_TYPE);
        const depGraphFact = {
            type: "depGraph",
            data: depGraph,
        };
        const testedFilesFact = {
            type: "testedFiles",
            data: [path.basename(pathPair.manifest), path.basename(pathPair.lock)],
        };
        scanResults.push({
            facts: [depGraphFact, testedFilesFact],
            identity: {
                type: depGraph.pkgManager.name,
                targetFile: pathPair.lock,
            },
        });
    }
    return scanResults;
}
exports.phpFilesToScannedProjects = phpFilesToScannedProjects;
function findManifestLockPairsInSameDirectory(filePathToContent) {
    const fileNamesGroupedByDirectory = groupFilesByDirectory(filePathToContent);
    const manifestLockPathPairs = [];
    for (const directoryPath of Object.keys(fileNamesGroupedByDirectory)) {
        const filesInDirectory = fileNamesGroupedByDirectory[directoryPath];
        if (filesInDirectory.length !== 2) {
            // either a missing file or too many files, ignore
            continue;
        }
        const hasComposerJson = filesInDirectory.includes("composer.json");
        const hasComposerLock = filesInDirectory.includes("composer.lock");
        if (hasComposerJson && hasComposerLock) {
            manifestLockPathPairs.push({
                manifest: path.join(directoryPath, "composer.json"),
                lock: path.join(directoryPath, "composer.lock"),
            });
        }
    }
    return manifestLockPathPairs;
}
// assumption: we only care about manifest+lock files if they are in the same directory
function groupFilesByDirectory(filePathToContent) {
    const fileNamesGroupedByDirectory = {};
    for (const filePath of Object.keys(filePathToContent)) {
        const directory = path.dirname(filePath);
        const fileName = path.basename(filePath);
        if (!fileNamesGroupedByDirectory[directory]) {
            fileNamesGroupedByDirectory[directory] = [];
        }
        fileNamesGroupedByDirectory[directory].push(fileName);
    }
    return fileNamesGroupedByDirectory;
}
//# sourceMappingURL=php.js.map