@coana-tech/cli 14.11.15 → 14.11.16

package/cli.mjs

@@ -197870,6 +197870,41 @@ async function registerAnalysisMetadataSocket(subprojectPath, workspacePath, eco
     handleError(error, "Error registering analysis metadata", false);
   }
 }
+async function getLatestBucketsSocket(subprojectPath, workspacePath) {
+  try {
+    const url2 = getSocketApiUrl("tier1-reachability-scan/latest-buckets");
+    const params = {
+      workspacePath,
+      subprojectPath,
+      repoName: process.env.SOCKET_REPO_NAME,
+      branchName: process.env.SOCKET_BRANCH_NAME
+    };
+    const response = await axios2.get(url2, {
+      headers: getAuthHeaders(),
+      params
+    });
+    const responseData = response.data;
+    if (responseData.type !== "success") {
+      throw new Error(response.data.reason);
+    }
+    return {
+      cliVersion: responseData.value.coana_cli_version,
+      buckets: responseData.value.buckets.map((b) => ({
+        vulnUrls: b.ghsas,
+        heuristicName: b.heuristicName
+      }))
+    };
+  } catch (error) {
+    if (error?.response?.data?.message === "No successful report found") {
+      return void 0;
+    }
+    logger.warn(
+      "Unable to retrieve cached analysis configuration. Will continue with default configuration.",
+      error?.message
+    );
+    return void 0;
+  }
+}
 async function useSocketComputeFixEndpoint(artifacts, vulnerableArtifactIdsForGhsas) {
   try {
     const url2 = getSocketApiUrl("fixes/compute-fixes");
@@ -197945,7 +197980,8 @@ function getSocketAPI() {
     sendErrorReportToSocketDashboard,
     registerSubprojectsSocket,
     registerCLIProgressSocket,
-    registerAnalysisMetadataSocket
+    registerAnalysisMetadataSocket,
+    getLatestBucketsSocket
   };
 }
 
@@ -208053,6 +208089,28 @@ async function registerAnalysisMetadataCoana(subprojectPath, workspacePath, ecos
     handleError(e, "Unable to create analysis metadata");
   }
 }
+async function getBucketsForLastReport(subprojectPath, workspacePath, ecosystem, newReportId, apiKey) {
+  if (!newReportId || apiKey.type === "missing") return;
+  try {
+    return (await axios_default.get(coanaAPIUrls.GET_LATEST_BUCKETS, {
+      headers: {
+        "Content-Type": "application/json",
+        apiKey: apiKey.value
+      },
+      params: { newReportId, subprojectPath, workspacePath, ecosystem }
+    })).data;
+  } catch (e) {
+    if (e.response?.data?.message === "No successful report found") return;
+    sendWarningToDashboard(
+      "Unable to get latest buckets",
+      { subprojectPath, workspacePath, newReportId },
+      void 0,
+      newReportId,
+      apiKey
+    );
+    logger.warn("Unable to get latest buckets:", e.message);
+  }
+}
 async function registerCLIProgressCoana(cliProgressEvent, isStartEvent, reportId, apiKey) {
   if (!reportId || apiKey.type === "missing") return;
   try {
@@ -208172,7 +208230,8 @@ function getCoanaAPI() {
     registerSubprojectsCoana,
     registerAnalysisMetadataCoana,
     registerCLIProgressCoana,
-    sendErrorReportToCoanaDashboard
+    sendErrorReportToCoanaDashboard,
+    getBucketsForLastReport
   };
 }
 
@@ -209739,6 +209798,19 @@ var DashboardAPI = class {
       );
     }
   }
+  async getBucketsForLastReport(subprojectPath, workspacePath, ecosystem, reportId, apiKey) {
+    if (this.socketMode) {
+      return await this.socketAPI.getLatestBucketsSocket(subprojectPath, workspacePath);
+    } else {
+      return await this.coanaAPI.getBucketsForLastReport(
+        subprojectPath,
+        workspacePath,
+        ecosystem,
+        reportId,
+        apiKey
+      );
+    }
+  }
 };
 
 // ../utils/src/promise-queue.ts
@@ -225421,7 +225493,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.11.15";
+var version2 = "14.11.16";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -226224,43 +226296,44 @@ ${vulnerabilityFixes.map((fix) => `	${fix.dependencyName} from ${fix.currentVers
 
 // dist/cli-compute-fixes-and-upgrade-purls.js
 async function computeFixesAndUpgradePurls(path2, options) {
-  const { artifacts, vulnerableArtifactIdsPerVulnerability } = await computeInputForComputingFixes(path2, options);
-  if (vulnerableArtifactIdsPerVulnerability.size === 0) {
+  const { artifacts, ghsaToVulnerableArtifactIds } = await computeInputForComputingFixes(path2, options);
+  if (Object.keys(ghsaToVulnerableArtifactIds).length === 0) {
     logger.info("No vulnerabilities to compute fixes for");
     return;
   }
   if (options.applyFixesTo.length === 0) {
-    logger.info("Vulnerabilities found:", Array.from(vulnerableArtifactIdsPerVulnerability.keys()).join(", "));
+    logger.info("Vulnerabilities found:", Object.keys(ghsaToVulnerableArtifactIds).join(", "));
     logger.info("Run again with --apply-fixes-to GHSA_IDS to fix those vulnerabilities by computing packages to upgrade and apply them");
     return;
   }
-  const vulnerableArtifactIdsForGhsas = options.applyFixesTo.includes("all") ? Array.from(vulnerableArtifactIdsPerVulnerability.values()).flatMap((ids) => Array.from(ids)) : options.applyFixesTo.flatMap((ghsa) => [...vulnerableArtifactIdsPerVulnerability.get(ghsa)?.values() ?? []]);
-  const computedFix = await useSocketComputeFixEndpoint(artifacts, vulnerableArtifactIdsForGhsas);
+  const ghsaToVulnerableArtifactIdsToApply = options.applyFixesTo.includes("all") ? ghsaToVulnerableArtifactIds : Object.fromEntries(Object.entries(ghsaToVulnerableArtifactIds).filter(([ghsa]) => options.applyFixesTo.includes(ghsa)));
+  const computedFix = await useSocketComputeFixEndpoint(artifacts, ghsaToVulnerableArtifactIdsToApply);
   if (computedFix.type !== "success") {
     throw new Error(`No fix found for the given vulnerabilities`);
   }
-  if (computedFix.failedArtifacts) {
-    const ghsasFailedToFix = options.applyFixesTo.filter((ghsa) => {
-      const artifactIds = vulnerableArtifactIdsPerVulnerability.get(ghsa);
-      if (!artifactIds)
-        return false;
-      return Array.from(artifactIds).some((vuln) => computedFix.failedArtifacts?.includes(vuln));
-    });
+  const ghsasFailedToFix = options.applyFixesTo.filter((ghsa) => {
+    const artifactIds = ghsaToVulnerableArtifactIdsToApply[ghsa];
+    if (!artifactIds)
+      return false;
+    return artifactIds.some((artifactId) => computedFix.ghsaToResult[ghsa].failedArtifacts?.includes(artifactId));
+  });
+  if (ghsasFailedToFix.length > 0) {
     logger.info("Failed to compute fixes for the following vulnerabilities:");
-    for (const ghsa of ghsasFailedToFix) {
-      logger.info(`  - ${ghsa} (${Array.from(vulnerableArtifactIdsPerVulnerability.get(ghsa)).map((id) => simplePurl(artifacts[id].type, artifacts[id].namespace ?? null, artifacts[id].name ?? "", artifacts[id].version ?? null)).join(", ")})`);
-    }
   }
+  for (const ghsa of ghsasFailedToFix) {
+    logger.info(`  - ${ghsa} (${ghsaToVulnerableArtifactIdsToApply[ghsa].map((id) => simplePurl(artifacts[id].type, artifacts[id].namespace ?? null, artifacts[id].name ?? "", artifacts[id].version ?? null)).join(", ")})`);
+  }
+  const combinedFixes = Object.values(computedFix.ghsaToResult).filter((result) => result.failedArtifacts === void 0 || result.failedArtifacts.length === 0).flatMap((result) => result.fixes);
   if (options.dryRun) {
     logger.info("Fixes found:");
-    for (const fix of computedFix.fixes) {
+    for (const fix of combinedFixes) {
       logger.info(`  - ${fix.purl} -> ${fix.fixedVersion}`);
     }
     logger.info("Run again without --dry-run to apply the fixes");
     return;
   }
   try {
-    await upgradePurl(path2, computedFix.fixes.map((fix) => ({ purl: fix.purl, upgradeVersion: fix.fixedVersion })), {
+    await upgradePurl(path2, combinedFixes.map((fix) => ({ purl: fix.purl, upgradeVersion: fix.fixedVersion })), {
       debug: options.debug,
       silent: options.silent,
       runWithoutDocker: options.runWithoutDocker,
@@ -226276,13 +226349,13 @@ async function computeFixesAndUpgradePurls(path2, options) {
 async function computeInputForComputingFixes(path2, options) {
   if (options.manifestsTarHash) {
     const { artifacts: artifacts2 } = await fetchArtifactsFromSocket(path2, options.manifestsTarHash);
-    const vulnerableArtifactIdsPerVulnerability2 = /* @__PURE__ */ new Map();
+    const ghsaToVulnerableArtifactIds2 = {};
     for (const [index2, artifact] of artifacts2.entries()) {
-      if (artifact.vulnerabilities) {
-        for (const vulnerability of artifact.vulnerabilities) {
-          if (!vulnerableArtifactIdsPerVulnerability2.has(vulnerability.ghsaId))
-            vulnerableArtifactIdsPerVulnerability2.set(vulnerability.ghsaId, /* @__PURE__ */ new Set());
-          vulnerableArtifactIdsPerVulnerability2.get(vulnerability.ghsaId).add(index2);
+      if (!artifact.vulnerabilities)
+        continue;
+      for (const vulnerability of artifact.vulnerabilities) {
+        if (!(ghsaToVulnerableArtifactIds2[vulnerability.ghsaId] ??= []).includes(index2)) {
+          ghsaToVulnerableArtifactIds2[vulnerability.ghsaId].push(index2);
         }
       }
     }
@@ -226293,7 +226366,7 @@ async function computeInputForComputingFixes(path2, options) {
       namespace: artifact.namespace ?? void 0,
       adj: artifact.dependencies?.map((dep) => artifacts2.findIndex((a4) => a4.id === dep)) ?? []
     }));
-    return { artifacts: sbomTaskArtifacts, vulnerableArtifactIdsPerVulnerability: vulnerableArtifactIdsPerVulnerability2 };
+    return { artifacts: sbomTaskArtifacts, ghsaToVulnerableArtifactIds: ghsaToVulnerableArtifactIds2 };
   }
   const otherModulesCommunicator = new OtherModulesCommunicator(path2, options, {
     type: "missing"
@@ -226307,21 +226380,24 @@ async function computeInputForComputingFixes(path2, options) {
   const cliCore = new CliCore(path2, { ...defaultCliOptions, socketMode: "true" });
   const results = await asyncMap(supportedSubprojects, async (subproject) => cliCore.getDependencyTreeAndVulnerabilities(otherModulesCommunicator, subproject));
   const { artifacts, purlToIndex } = computeSBOMTaskArtifacts(results.flatMap((r2) => Object.values(r2.projectInfo).map((info) => info.dataForAnalysis.data.dependencyTree)));
-  const vulnerableArtifactIdsPerVulnerability = computeVulnerableArtifactIdsPerVulnerability(results.flatMap((r2) => Object.values(r2.workspaceToVulnerabilities).flat()), purlToIndex);
-  return { artifacts, vulnerableArtifactIdsPerVulnerability };
+  const ghsaToVulnerableArtifactIds = computeVulnerableArtifactIdsPerVulnerability(results.flatMap((r2) => Object.values(r2.workspaceToVulnerabilities).flat()), purlToIndex);
+  return { artifacts, ghsaToVulnerableArtifactIds };
 }
 function computeVulnerableArtifactIdsPerVulnerability(vulnerabilities, purlToIndex) {
-  const vulnerableArtifactIdsPerVulnerability = /* @__PURE__ */ new Map();
+  const vulnerableArtifactIdsPerVulnerability = {};
   for (const vulnerability of vulnerabilities) {
-    if (!vulnerableArtifactIdsPerVulnerability.has(vulnerability.url)) {
-      vulnerableArtifactIdsPerVulnerability.set(vulnerability.url, /* @__PURE__ */ new Set());
+    if (!vulnerableArtifactIdsPerVulnerability[vulnerability.url]) {
+      vulnerableArtifactIdsPerVulnerability[vulnerability.url] = [];
     }
     if (!vulnerability.purl)
       throw new Error(`Vulnerability ${vulnerability.url} has no purl`);
     if (!purlToIndex.has(vulnerability.purl)) {
       throw new Error(`Vulnerability ${vulnerability.url} has no purl in sbomTaskArtifacts`);
     }
-    vulnerableArtifactIdsPerVulnerability.get(vulnerability.url).add(purlToIndex.get(vulnerability.purl));
+    const index2 = purlToIndex.get(vulnerability.purl);
+    if (!vulnerableArtifactIdsPerVulnerability[vulnerability.url].includes(index2)) {
+      vulnerableArtifactIdsPerVulnerability[vulnerability.url].push(index2);
+    }
   }
   return vulnerableArtifactIdsPerVulnerability;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.11.15",
+  "version": "14.11.16",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -73178,7 +73178,8 @@ function getCoanaAPI() {
     registerSubprojectsCoana,
     registerAnalysisMetadataCoana,
     registerCLIProgressCoana,
-    sendErrorReportToCoanaDashboard
+    sendErrorReportToCoanaDashboard,
+    getBucketsForLastReport
   };
 }
 
@@ -73352,13 +73353,49 @@ async function registerAnalysisMetadataSocket(subprojectPath, workspacePath, eco
     handleError(error, "Error registering analysis metadata", false);
   }
 }
+async function getLatestBucketsSocket(subprojectPath, workspacePath) {
+  try {
+    const url2 = getSocketApiUrl("tier1-reachability-scan/latest-buckets");
+    const params = {
+      workspacePath,
+      subprojectPath,
+      repoName: process.env.SOCKET_REPO_NAME,
+      branchName: process.env.SOCKET_BRANCH_NAME
+    };
+    const response = await axios2.get(url2, {
+      headers: getAuthHeaders(),
+      params
+    });
+    const responseData = response.data;
+    if (responseData.type !== "success") {
+      throw new Error(response.data.reason);
+    }
+    return {
+      cliVersion: responseData.value.coana_cli_version,
+      buckets: responseData.value.buckets.map((b) => ({
+        vulnUrls: b.ghsas,
+        heuristicName: b.heuristicName
+      }))
+    };
+  } catch (error) {
+    if (error?.response?.data?.message === "No successful report found") {
+      return void 0;
+    }
+    logger.warn(
+      "Unable to retrieve cached analysis configuration. Will continue with default configuration.",
+      error?.message
+    );
+    return void 0;
+  }
+}
 function getSocketAPI() {
   return {
     createSocketTier1Scan,
     sendErrorReportToSocketDashboard,
     registerSubprojectsSocket,
     registerCLIProgressSocket,
-    registerAnalysisMetadataSocket
+    registerAnalysisMetadataSocket,
+    getLatestBucketsSocket
   };
 }
 
@@ -73454,6 +73491,19 @@ var DashboardAPI = class {
       );
     }
   }
+  async getBucketsForLastReport(subprojectPath, workspacePath, ecosystem, reportId, apiKey3) {
+    if (this.socketMode) {
+      return await this.socketAPI.getLatestBucketsSocket(subprojectPath, workspacePath);
+    } else {
+      return await this.coanaAPI.getBucketsForLastReport(
+        subprojectPath,
+        workspacePath,
+        ecosystem,
+        reportId,
+        apiKey3
+      );
+    }
+  }
 };
 
 // dist/analyzers/go-analyzer.js
@@ -96850,6 +96900,7 @@ function assertVulnChainDetails(vs) {
   assert8(vs.every((v) => v.vulnChainDetails));
 }
 var apiKey = COANA_API_KEY ? { type: "present", value: COANA_API_KEY } : { type: "missing" };
+var dashboardAPI = new DashboardAPI(process.env.SOCKET_MODE === "true", process.env.DISABLE_ANALYTICS_SHARING === "true");
 async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecomputeForTimeoutsAndAborts, codeAwareScanner, analysisMetadataCollector, statusUpdater) {
   logger.debug("Starting analyzeWithHeuristics");
   assertVulnChainDetails(vulns);
@@ -96937,9 +96988,9 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
     }
   }
   async function getBucketsBasedOnPreviousResults() {
-    if (!COANA_REPORT_ID || apiKey.type === "missing")
+    if (process.env.SOCKET_MODE !== "true" && (!COANA_REPORT_ID || apiKey.type === "missing"))
       return void 0;
-    const bucketsFromLastAnalysisAndCliVersion = await getBucketsForLastReport(relative5(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
+    const bucketsFromLastAnalysisAndCliVersion = await dashboardAPI.getBucketsForLastReport(relative5(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
     if (!bucketsFromLastAnalysisAndCliVersion)
       return void 0;
     const { cliVersion, buckets: bucketsFromLastAnalysis } = bucketsFromLastAnalysisAndCliVersion;
@@ -97411,7 +97462,7 @@ var ecosystemAnalyzer = {
   RUST: RustAnalyzer
 };
 var apiKey2 = COANA_API_KEY ? { type: "present", value: COANA_API_KEY } : { type: "missing" };
-var dashboardAPI = new DashboardAPI(process.env.SOCKET_MODE === "true", process.env.DISABLE_ANALYTICS_SHARING === "true");
+var dashboardAPI2 = new DashboardAPI(process.env.SOCKET_MODE === "true", process.env.DISABLE_ANALYTICS_SHARING === "true");
 async function runReachabilityAnalysis(state) {
   const projectDir = resolve16(state.subprojectDir, state.workspacePath);
   const ecosystem = state.workspaceData.data.type;
@@ -97425,7 +97476,7 @@ async function runReachabilityAnalysis(state) {
   }
   const [vulnerabilitiesWithPrecomputedResults, vulnerabilitiesWithoutPrecomputedResults] = partition3(state.vulnerabilities, (v) => "results" in v);
   const augmentedVulnerabilities = await runWholeProgramCodeAwareVulnerabilityScanner(analyzer, vulnerabilitiesWithoutPrecomputedResults, async (amd) => {
-    await dashboardAPI.registerAnalysisMetadata(relative6(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, state.workspaceData.data.type, amd, COANA_REPORT_ID, apiKey2);
+    await dashboardAPI2.registerAnalysisMetadata(relative6(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, state.workspaceData.data.type, amd, COANA_REPORT_ID, apiKey2);
   });
   return [...vulnerabilitiesWithPrecomputedResults, ...augmentedVulnerabilities];
 }