@coana-tech/cli 13.19.25 → 13.19.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.js +44 -38
- package/package.json +1 -1
package/cli.js
CHANGED
|
@@ -83364,10 +83364,10 @@ ${indent}`);
|
|
|
83364
83364
|
var pathModule = __webpack_require__(0);
|
|
83365
83365
|
var isWindows = process.platform === "win32";
|
|
83366
83366
|
var fs = __webpack_require__(3);
|
|
83367
|
-
var
|
|
83367
|
+
var DEBUG = process.env.NODE_DEBUG && /fs/.test(process.env.NODE_DEBUG);
|
|
83368
83368
|
function rethrow() {
|
|
83369
83369
|
var callback;
|
|
83370
|
-
if (
|
|
83370
|
+
if (DEBUG) {
|
|
83371
83371
|
var backtrace = new Error();
|
|
83372
83372
|
callback = debugCallback;
|
|
83373
83373
|
} else
|
|
@@ -118447,10 +118447,10 @@ var require_old = __commonJS({
|
|
|
118447
118447
|
var pathModule = require("path");
|
|
118448
118448
|
var isWindows = process.platform === "win32";
|
|
118449
118449
|
var fs = require("fs");
|
|
118450
|
-
var
|
|
118450
|
+
var DEBUG = process.env.NODE_DEBUG && /fs/.test(process.env.NODE_DEBUG);
|
|
118451
118451
|
function rethrow() {
|
|
118452
118452
|
var callback;
|
|
118453
|
-
if (
|
|
118453
|
+
if (DEBUG) {
|
|
118454
118454
|
var backtrace = new Error();
|
|
118455
118455
|
callback = debugCallback;
|
|
118456
118456
|
} else
|
|
@@ -123669,7 +123669,8 @@ var init_dashboard_integration = __esm({
|
|
|
123669
123669
|
errorSubmitEndpoint = process.env.COANA_CLI_ERROR_SUBMIT_ENDPOINT ?? "https://app.coana.tech/api/v1/cli/error";
|
|
123670
123670
|
axiosClient = axios_default.create();
|
|
123671
123671
|
esm_default(axiosClient, {
|
|
123672
|
-
retries:
|
|
123672
|
+
retries: 7,
|
|
123673
|
+
// The delay before the second retry is 1 second and before the third retry it is 2 seconds.
|
|
123673
123674
|
// eslint-disable-next-line @typescript-eslint/unbound-method
|
|
123674
123675
|
retryDelay: esm_default.exponentialDelay,
|
|
123675
123676
|
onRetry(retryCount, error, requestConfig) {
|
|
@@ -189533,7 +189534,7 @@ function combineVulnPathDetails([vpd1, ...rest]) {
|
|
|
189533
189534
|
}
|
|
189534
189535
|
return res;
|
|
189535
189536
|
}
|
|
189536
|
-
var
|
|
189537
|
+
var MESSAGE_PREFIX_FOR_FAILED_TO_PICK_VERSION, MESSAGE_PREFIX_FOR_NO_POTENTIAL_VERSIONS, FixesTask;
|
|
189537
189538
|
var init_fixes_task = __esm({
|
|
189538
189539
|
"../security-auditor/security-auditor-api/src/fixes-task.ts"() {
|
|
189539
189540
|
"use strict";
|
|
@@ -189541,14 +189542,14 @@ var init_fixes_task = __esm({
|
|
|
189541
189542
|
init_assertions();
|
|
189542
189543
|
init_async();
|
|
189543
189544
|
init_dependency_tree();
|
|
189544
|
-
DEBUG = process.env.DEBUG;
|
|
189545
189545
|
MESSAGE_PREFIX_FOR_FAILED_TO_PICK_VERSION = `Failed to pick a version`;
|
|
189546
189546
|
MESSAGE_PREFIX_FOR_NO_POTENTIAL_VERSIONS = `No potential versions`;
|
|
189547
189547
|
FixesTask = class {
|
|
189548
|
-
constructor(pms, vms, packageStructure) {
|
|
189548
|
+
constructor(pms, vms, packageStructure, logger5) {
|
|
189549
189549
|
this.pms = pms;
|
|
189550
189550
|
this.vms = vms;
|
|
189551
189551
|
this.packageStructure = packageStructure;
|
|
189552
|
+
this.logger = logger5;
|
|
189552
189553
|
this.ecosystem = packageStructure.ecosystem ?? "NPM";
|
|
189553
189554
|
this.parentsMap = /* @__PURE__ */ new Map();
|
|
189554
189555
|
}
|
|
@@ -189567,24 +189568,29 @@ var init_fixes_task = __esm({
|
|
|
189567
189568
|
};
|
|
189568
189569
|
}
|
|
189569
189570
|
const validNonVulnerableVersionsForAllVulns = [];
|
|
189570
|
-
await
|
|
189571
|
-
|
|
189572
|
-
|
|
189573
|
-
|
|
189574
|
-
|
|
189575
|
-
|
|
189576
|
-
|
|
189577
|
-
|
|
189578
|
-
|
|
189579
|
-
|
|
189580
|
-
|
|
189581
|
-
|
|
189582
|
-
|
|
189583
|
-
|
|
189571
|
+
await asyncForEach(
|
|
189572
|
+
vulnerabilities,
|
|
189573
|
+
async (v) => {
|
|
189574
|
+
try {
|
|
189575
|
+
this.logger?.debug(`Starting finding fixes for vulnerability: ${v.url} at ${(/* @__PURE__ */ new Date()).toString()}`);
|
|
189576
|
+
const { potentialVersionsForFix, vulnerabilityFixes } = await this.findFixForVulnerability(v);
|
|
189577
|
+
this.logger?.debug(`Done finding fixes for vulnerability: ${v.url} at ${(/* @__PURE__ */ new Date()).toString()}`);
|
|
189578
|
+
v.fix = {
|
|
189579
|
+
type: "success",
|
|
189580
|
+
vulnerabilityFixes
|
|
189581
|
+
};
|
|
189582
|
+
validNonVulnerableVersionsForAllVulns.push(potentialVersionsForFix);
|
|
189583
|
+
} catch (e) {
|
|
189584
|
+
this.logger?.error({
|
|
189585
|
+
message: "Failed to find fix for vulnerability",
|
|
189586
|
+
vulnerability: v.url,
|
|
189587
|
+
stack: e.stack
|
|
189588
|
+
});
|
|
189589
|
+
v.fix = transformErrorToVulnerabilityFixes(e);
|
|
189584
189590
|
}
|
|
189585
|
-
|
|
189586
|
-
|
|
189587
|
-
|
|
189591
|
+
},
|
|
189592
|
+
5
|
|
189593
|
+
);
|
|
189588
189594
|
const validNonVulnerableVersionsOfVulnerableDependenciesCombined = combinePotentialVersions(validNonVulnerableVersionsForAllVulns);
|
|
189589
189595
|
const computeCombinedFix = async (vulnerabilities2, potentialVersionsCombined) => {
|
|
189590
189596
|
try {
|
|
@@ -189621,11 +189627,8 @@ var init_fixes_task = __esm({
|
|
|
189621
189627
|
*/
|
|
189622
189628
|
async findFixForVulnerability(vuln) {
|
|
189623
189629
|
const potentialVersionsForFix = await this.computePotentialVersionsForFixWrapper(vuln);
|
|
189624
|
-
|
|
189625
|
-
|
|
189626
|
-
console.log("vuln.vulnChainDetails", JSON.stringify(vuln.vulnChainDetails, null, 2));
|
|
189627
|
-
console.log("potentialVersionsForFix", JSON.stringify(potentialVersionsForFix, null, 2));
|
|
189628
|
-
}
|
|
189630
|
+
this.logger?.debug(`Found potential versions, now choosing fixed versions for ${vuln.url}`);
|
|
189631
|
+
this.logger?.debug(`potentialVersionsForFix: ${JSON.stringify(potentialVersionsForFix)}`);
|
|
189629
189632
|
const vulnerabilityFixes = await this.chooseFixesFromPotentialVersionsForFix(
|
|
189630
189633
|
vuln.vulnChainDetails,
|
|
189631
189634
|
potentialVersionsForFix
|
|
@@ -189954,7 +189957,7 @@ var security_auditor_exports = {};
|
|
|
189954
189957
|
__export(security_auditor_exports, {
|
|
189955
189958
|
SecurityAuditor: () => SecurityAuditor
|
|
189956
189959
|
});
|
|
189957
|
-
var
|
|
189960
|
+
var SecurityAuditor;
|
|
189958
189961
|
var init_security_auditor = __esm({
|
|
189959
189962
|
"../security-auditor/security-auditor-api/src/security-auditor.ts"() {
|
|
189960
189963
|
"use strict";
|
|
@@ -189965,16 +189968,16 @@ var init_security_auditor = __esm({
|
|
|
189965
189968
|
init_fixes_task();
|
|
189966
189969
|
init_coana_supported_vulnerabilities_loader();
|
|
189967
189970
|
init_vulnerabilities_supported_db();
|
|
189968
|
-
DEBUG2 = process.env.DEBUG;
|
|
189969
189971
|
SecurityAuditor = class {
|
|
189970
189972
|
/**
|
|
189971
189973
|
* @param enableMissingVulnerabilitySupportReporting - if true, then slack reporting is enabled. Still requires SLACK_OAUTH_TOKEN and SLACK_CHANNEL_ID to be set.
|
|
189972
189974
|
*/
|
|
189973
|
-
constructor(pms, vms, enableMissingVulnerabilitySupportReporting, coanaSupportedVulnerabilitiesLoader = CoanaSupportedVulnerabilitiesLoader.create()) {
|
|
189975
|
+
constructor(pms, vms, enableMissingVulnerabilitySupportReporting, coanaSupportedVulnerabilitiesLoader = CoanaSupportedVulnerabilitiesLoader.create(), nestLogger) {
|
|
189974
189976
|
this.pms = pms;
|
|
189975
189977
|
this.vms = vms;
|
|
189976
189978
|
this.enableMissingVulnerabilitySupportReporting = enableMissingVulnerabilitySupportReporting;
|
|
189977
189979
|
this.coanaSupportedVulnerabilitiesLoader = coanaSupportedVulnerabilitiesLoader;
|
|
189980
|
+
this.nestLogger = nestLogger;
|
|
189978
189981
|
if (enableMissingVulnerabilitySupportReporting) {
|
|
189979
189982
|
this.slackReporter = new SlackReporter();
|
|
189980
189983
|
this.coanaSupportedVulnerabilitiesDbInterface = CoanaSupportedVulnerabilitiesDBInterface.create();
|
|
@@ -190109,7 +190112,10 @@ var init_security_auditor = __esm({
|
|
|
190109
190112
|
const patchedVersions = await this.findPatchedVersionsForVulnerability(vulnerability);
|
|
190110
190113
|
return { ...vulnerability, patchedVersions };
|
|
190111
190114
|
} catch (error) {
|
|
190112
|
-
|
|
190115
|
+
this.nestLogger?.error(
|
|
190116
|
+
`Error while fetching patched versions for vulnerability ${vulnerability.url}`,
|
|
190117
|
+
error.stack
|
|
190118
|
+
);
|
|
190113
190119
|
return vulnerability;
|
|
190114
190120
|
}
|
|
190115
190121
|
})
|
|
@@ -190141,9 +190147,9 @@ var init_security_auditor = __esm({
|
|
|
190141
190147
|
}
|
|
190142
190148
|
async findFixes(vulnerabilities, packageStructure) {
|
|
190143
190149
|
const startTime = Date.now();
|
|
190144
|
-
|
|
190145
|
-
const fixes = await new FixesTask(this.pms, this.vms, packageStructure).findFixes(vulnerabilities);
|
|
190146
|
-
|
|
190150
|
+
this.nestLogger?.debug("Starting findFixes at " + (/* @__PURE__ */ new Date()).toISOString());
|
|
190151
|
+
const fixes = await new FixesTask(this.pms, this.vms, packageStructure, this.nestLogger).findFixes(vulnerabilities);
|
|
190152
|
+
this.nestLogger?.debug("Completed findFixes at " + (/* @__PURE__ */ new Date()).toISOString());
|
|
190147
190153
|
return Object.assign(fixes, { metadata: { computeFixesDuration: Date.now() - startTime } });
|
|
190148
190154
|
}
|
|
190149
190155
|
async close() {
|
|
@@ -190235,7 +190241,7 @@ var require_version = __commonJS({
|
|
|
190235
190241
|
"use strict";
|
|
190236
190242
|
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
190237
190243
|
exports2.version = void 0;
|
|
190238
|
-
exports2.version = "13.19.
|
|
190244
|
+
exports2.version = "13.19.27";
|
|
190239
190245
|
}
|
|
190240
190246
|
});
|
|
190241
190247
|
|