UNPKG

snyk-docker-plugin

Version:

Snyk CLI docker plugin

github.com/snyk/snyk-docker-plugin

snyk/snyk-docker-plugin

116 lines (100 loc) 3.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import { legacy } from "@snyk/dep-graph"; import * as path from "path"; import { DepGraphFact, TestedFilesFact } from "../../facts"; import { buildDepTree, ComposerParserResponse, } from "@snyk/composer-lockfile-parser"; import { InvalidUserInputError } from "@snyk/composer-lockfile-parser/dist/errors"; import { DepTreeDep } from "../../types"; import { AppDepsScanResultWithoutTarget, FilePathToContent } from "./types"; interface ManifestLockPathPair { manifest: string; lock: string; } const PACKAGE_MANAGER_TYPE = "composer"; export async function phpFilesToScannedProjects( filePathToContent: FilePathToContent, ): Promise<AppDepsScanResultWithoutTarget[]> { const scanResults: AppDepsScanResultWithoutTarget[] = []; const filePairs = findManifestLockPairsInSameDirectory(filePathToContent); const shouldIncludeDevDependencies = false; for (const pathPair of filePairs) { let parserResult: ComposerParserResponse | undefined; try { parserResult = buildDepTree( filePathToContent[pathPair.lock], filePathToContent[pathPair.manifest], pathPair.manifest, {}, shouldIncludeDevDependencies, ); } catch (e) { // This will skip parsing all files that error due to being malformed. // If we do not do this, the entire scan will fail. // Ideally, we'd like to log this, but logging does not exist in this library. if (e instanceof InvalidUserInputError) { continue; } else { throw e; } } const depGraph = await legacy.depTreeToGraph( parserResult as DepTreeDep, PACKAGE_MANAGER_TYPE, ); const depGraphFact: DepGraphFact = { type: "depGraph", data: depGraph, }; const testedFilesFact: TestedFilesFact = { type: "testedFiles", data: [path.basename(pathPair.manifest), path.basename(pathPair.lock)], }; scanResults.push({ facts: [depGraphFact, testedFilesFact], identity: { type: depGraph.pkgManager.name, targetFile: pathPair.lock, }, }); } return scanResults; } function findManifestLockPairsInSameDirectory( filePathToContent: FilePathToContent, ): ManifestLockPathPair[] { const fileNamesGroupedByDirectory = groupFilesByDirectory(filePathToContent); const manifestLockPathPairs: ManifestLockPathPair[] = []; for (const directoryPath of Object.keys(fileNamesGroupedByDirectory)) { const filesInDirectory = fileNamesGroupedByDirectory[directoryPath]; if (filesInDirectory.length !== 2) { // either a missing file or too many files, ignore continue; } const hasComposerJson = filesInDirectory.includes("composer.json"); const hasComposerLock = filesInDirectory.includes("composer.lock"); if (hasComposerJson && hasComposerLock) { manifestLockPathPairs.push({ manifest: path.join(directoryPath, "composer.json"), lock: path.join(directoryPath, "composer.lock"), }); } } return manifestLockPathPairs; } // assumption: we only care about manifest+lock files if they are in the same directory function groupFilesByDirectory(filePathToContent: FilePathToContent): { [directoryName: string]: string[]; } { const fileNamesGroupedByDirectory: { [directoryName: string]: string[] } = {}; for (const filePath of Object.keys(filePathToContent)) { const directory = path.dirname(filePath); const fileName = path.basename(filePath); if (!fileNamesGroupedByDirectory[directory]) { fileNamesGroupedByDirectory[directory] = []; } fileNamesGroupedByDirectory[directory].push(fileName); } return fileNamesGroupedByDirectory; }