UNPKG

snyk-mvn-plugin

Version:

Snyk CLI Maven plugin

github.com/snyk/snyk-mvn-plugin

snyk/snyk-mvn-plugin

152 lines 6.12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.createDepGraphFromArchive = createDepGraphFromArchive; exports.createDepGraphFromArchives = createDepGraphFromArchives; exports.isArchive = isArchive; exports.findArchives = findArchives; const dep_graph_1 = require("@snyk/dep-graph"); const path = require("path"); const crypto = require("crypto"); const fs = require("fs"); const glob = require("glob"); const debugLib = require("debug"); const search_1 = require("./search"); const fingerprint_1 = require("./fingerprint"); const debug = debugLib('snyk-mvn-plugin'); const ALGORITHM = 'sha1'; const DIGEST = 'hex'; function getSha1(buf) { return crypto.createHash(ALGORITHM).update(buf).digest(DIGEST); } function getHash(buf, algorithm) { return crypto.createHash(algorithm).update(buf).digest(DIGEST); } async function getMavenPackages(targetPath, snykHttpClient) { const contents = fs.readFileSync(targetPath); const sha1 = getSha1(contents); return (0, search_1.getMavenPackageInfo)(sha1, targetPath, snykHttpClient); } async function getDependenciesWithPaths(paths, snykHttpClient) { let dependencies = []; for (const p of paths) { try { const mavenPackages = await getMavenPackages(p, snykHttpClient); const packagesWithPaths = mavenPackages.map((pkg) => ({ ...pkg, archivePath: p, })); dependencies = dependencies.concat(packagesWithPaths); } catch (err) { // log error and continue with other paths if (err instanceof Error) { console.error(`Failed to get maven dependency for '${p}'.`, err.message); } } } return dependencies; } async function createDepGraphFromArchive(root, targetPath, snykHttpClient, fingerprintOptions) { try { return await createDepGraphFromArchives(root, [targetPath], snykHttpClient, fingerprintOptions); } catch (err) { const msg = `There was a problem generating a dep-graph for '${targetPath}'.`; debug(msg, err); if (err instanceof Error) { throw new Error(msg + ' ' + err.message); } throw new Error(msg); } } async function createDepGraphFromArchives(root, archivePaths, snykHttpClient, fingerprintOptions) { if (!snykHttpClient) { throw new Error('No HTTP client provided!'); } try { const dependencies = await getDependenciesWithPaths(archivePaths, snykHttpClient); if (!dependencies.length) { throw new Error(`No Maven artifacts found!`); } debug(`Creating dep-graph from ${JSON.stringify(dependencies)}`); const rootDependency = getRootDependency(root); const rootPkg = { name: `${rootDependency.groupId}:${rootDependency.artifactId}`, version: rootDependency.version, }; const builder = new dep_graph_1.DepGraphBuilder({ name: 'maven' }, rootPkg); for (const dependency of dependencies) { const nodeId = `${dependency.groupId}:${dependency.artifactId}@${dependency.version}`; // Create package info const pkgInfo = { name: `${dependency.groupId}:${dependency.artifactId}`, version: dependency.version, }; // Generate fingerprint data if fingerprinting is enabled if (fingerprintOptions?.enabled) { try { const archiveContents = fs.readFileSync(dependency.archivePath); const hash = getHash(archiveContents, fingerprintOptions.algorithm); const fingerprintData = { hash, algorithm: fingerprintOptions.algorithm, filePath: dependency.archivePath, fileSize: archiveContents.length, processingTime: 0, // Not tracking timing for archive files }; debug(`Generated fingerprint for ${dependency.archivePath}: ${hash}`); pkgInfo.purl = (0, fingerprint_1.createMavenPurlWithChecksum)(dependency.groupId, dependency.artifactId, dependency.version, fingerprintData); } catch (err) { debug(`Failed to generate fingerprint for ${dependency.archivePath}:`, err); } } builder.addPkgNode(pkgInfo, nodeId); builder.connectDep(builder.rootNodeId, nodeId); } const depGraph = builder.build(); debug(`Created dep-graph ${JSON.stringify(depGraph.toJSON())}`); return depGraph; } catch (err) { const msg = `Detected supported file(s) in '${root}', but there was a problem generating a dep-graph.`; debug(msg, err); if (err instanceof Error) { throw new Error(msg + ' ' + err.message); } throw new Error(msg); } } function isArchive(file) { return !!file.match(/\.(([jwa]ar)|(zip))$/); } function findArchives(targetPath) { const stats = fs.statSync(targetPath); const dir = stats.isFile() ? path.dirname(targetPath) : targetPath; return glob.sync(`${dir}/**/*.@(jar|war|aar|zip)`); } function getRootDependency(root, targetFile) { let groupId; if (targetFile) { groupId = path.dirname(targetFile); if (groupId === '.') { // we are in directory of the jar groupId = path.basename(path.resolve(root)); } } else { // take root's parent directory base name groupId = path.basename(path.dirname(path.resolve(root))); } // replace path separators with dots groupId = groupId .replace(/\//g, '.') // *inx .replace(/\\/g, '.') // windows .replace(/^\./, ''); // remove any leading '.' return { groupId: groupId || 'root', artifactId: path.basename(targetFile || root) || 'root', version: '1.0.0', }; } //# sourceMappingURL=archive.js.map