npm - @coana-tech/cli - Versions diffs - 14.12.0 → 14.12.2 - Mend

@coana-tech/cli 14.12.0 → 14.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/cli.mjs +268 -139
package/package.json +1 -1
package/reachability-analyzers-cli.mjs +101 -30
package/repos/coana-tech/alucard/alucard.jar +0 -0
package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.0",
+  "version": "14.12.2",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs CHANGED Viewed

@@ -68747,7 +68747,7 @@ var {
 } = import_index.default;
 // dist/reachability-analyzers-cli.js
-import { readFile as readFile11, writeFile as writeFile9 } from "fs/promises";
+import { readFile as readFile12, writeFile as writeFile9 } from "fs/promises";
 // ../web-compat-utils/src/logger-singleton.ts
 var import_winston = __toESM(require_winston(), 1);
@@ -68768,6 +68768,7 @@ function utilFormatter() {
 }
 // ../web-compat-utils/src/logger-singleton.ts
+import { readFile } from "fs/promises";
 var CLILogger = class {
   logger = console;
   writeStream;
@@ -68847,6 +68848,16 @@ var CLILogger = class {
       });
     });
   }
+  async getLogContent(logFilePath) {
+    await this.finish();
+    let logContent;
+    try {
+      logContent = await readFile(logFilePath, "utf-8");
+    } catch (e) {
+      console.error("Error reading log file", e);
+    }
+    return logContent;
+  }
   set silent(silent) {
     if (!(this.logger instanceof import_winston.Logger)) throw new Error("Cannot set silent mode on console logger");
     this.logger.silent = silent;
@@ -73185,7 +73196,7 @@ function getCoanaAPI() {
 // ../utils/src/dashboard-api/socket-api.ts
 var import_form_data2 = __toESM(require_form_data2(), 1);
-import { readFile } from "fs/promises";
+import { readFile as readFile2 } from "fs/promises";
 import { join } from "path";
 // ../web-compat-utils/src/ghsa.ts
@@ -73388,6 +73399,62 @@ async function getLatestBucketsSocket(subprojectPath, workspacePath) {
     return void 0;
   }
 }
+async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
+    const data2 = {
+      manifestsTarHash,
+      repositoryName,
+      options,
+      cliCommand
+    };
+    const response = await axios2.post(url2, data2, { headers: getAuthHeaders() });
+    return response.data.id;
+  } catch (error) {
+    handleError(error, "Error registering autofix or upgrade purl run", false);
+  }
+}
+async function finalizeAutofixRun(autofixRunId, status, stackTrace, logFileContent) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/finalize-autofix-run`);
+    const data2 = {
+      autofixRunId,
+      status,
+      stackTrace,
+      logFileContent
+    };
+    await axios2.post(url2, data2, { headers: getAuthHeaders() });
+  } catch (error) {
+    handleError(error, "Error finalizing autofix run", false);
+  }
+}
+async function registerUpgradePurlRun(autofixRunId, upgradeSpecs) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-upgrade-purl-run`);
+    const data2 = {
+      cliRunId: autofixRunId,
+      upgradeSpecs
+    };
+    const response = await axios2.post(url2, data2, { headers: getAuthHeaders() });
+    return response.data.id;
+  } catch (error) {
+    handleError(error, "Error registering upgrade purl run", false);
+  }
+}
+async function finalizeUpgradePurlRun(upgradePurlRunId, status, stackTrace, logFileContent) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/finalize-upgrade-purl-run`);
+    const data2 = {
+      upgradePurlRunId,
+      status,
+      stackTrace,
+      logFileContent
+    };
+    await axios2.post(url2, data2, { headers: getAuthHeaders() });
+  } catch (error) {
+    handleError(error, "Error finalizing upgrade purl run", false);
+  }
+}
 function getSocketAPI() {
   return {
     createSocketTier1Scan,
@@ -73395,7 +73462,11 @@ function getSocketAPI() {
     registerSubprojectsSocket,
     registerCLIProgressSocket,
     registerAnalysisMetadataSocket,
-    getLatestBucketsSocket
+    getLatestBucketsSocket,
+    registerAutofixOrUpgradePurlRun,
+    finalizeAutofixRun,
+    registerUpgradePurlRun,
+    finalizeUpgradePurlRun
   };
 }
@@ -74116,7 +74187,7 @@ import { resolve as resolve13 } from "path";
 // ../utils/src/pip-utils.ts
 import { existsSync as existsSync2 } from "fs";
-import { readFile as readFile3 } from "fs/promises";
+import { readFile as readFile4 } from "fs/promises";
 import { resolve as resolve3 } from "path";
 import util4 from "util";
@@ -74125,7 +74196,7 @@ var import_lodash4 = __toESM(require_lodash(), 1);
 var import_semver = __toESM(require_semver2(), 1);
 import { execFileSync } from "child_process";
 import { constants as constants2 } from "fs";
-import { access as access2, readFile as readFile2 } from "fs/promises";
+import { access as access2, readFile as readFile3 } from "fs/promises";
 import { join as join4, resolve as resolve2 } from "path";
 import util3 from "util";
 var { once } = import_lodash4.default;
@@ -74164,7 +74235,7 @@ var PythonVersionsManager = class _PythonVersionsManager {
     const pyenvRoot = process.env.PYENV_ROOT ?? await runCommandResolveStdOut("pyenv root");
     if (pyenvOrigin !== join4(pyenvRoot, "version"))
       try {
-        return [(await readFile2(pyenvOrigin, "utf-8")).split("\n")[0].trim()];
+        return [(await readFile3(pyenvOrigin, "utf-8")).split("\n")[0].trim()];
       } catch (e) {
         if (e.code !== "ENOENT") logger.warn("Failed to read python version file with error", e);
       }
@@ -74351,7 +74422,7 @@ function addPathToTrie(root3, vulnPath) {
 var import_lodash14 = __toESM(require_lodash(), 1);
 import assert6 from "assert";
 import { existsSync as existsSync10 } from "fs";
-import { cp as cp5, readdir as readdir3, readFile as readFile9, rm as rm5, writeFile as writeFile8 } from "fs/promises";
+import { cp as cp5, readdir as readdir3, readFile as readFile10, rm as rm5, writeFile as writeFile8 } from "fs/promises";
 import { basename as basename9, dirname as dirname12, join as join20, resolve as resolve11, sep as sep3 } from "path";
 import util5 from "util";
@@ -74518,7 +74589,7 @@ function assertDefined(value) {
 // dist/whole-program-code-aware-vulnerability-scanner/dotnet/dotnet-code-aware-vulnerability-scanner.js
 var import_adm_zip = __toESM(require_adm_zip(), 1);
-import { mkdir, readFile as readFile4, writeFile as writeFile3 } from "fs/promises";
+import { mkdir, readFile as readFile5, writeFile as writeFile3 } from "fs/promises";
 var import_packageurl_js4 = __toESM(require_packageurl_js(), 1);
 import { randomUUID } from "crypto";
@@ -74653,7 +74724,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${cocoaPath} --tree-sitter-c-sharp ${treeSitterCSharpPath}`);
       if (result.error)
         return void 0;
-      const packageIds = JSON.parse(await readFile4(outputFile, "utf-8")).result;
+      const packageIds = JSON.parse(await readFile5(outputFile, "utf-8")).result;
       return packageIds?.filter((packageId) => !Object.hasOwn(this.apps, packageId))?.map((packageId) => parsePackageUrlToNugetDependency(packageId).packageName);
     });
   }
@@ -74684,7 +74755,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${cocoaPath} --tree-sitter-c-sharp ${treeSitterCSharpPath}`);
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
-      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile4(outputFile, "utf-8")).result;
+      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile5(outputFile, "utf-8")).result;
       if (!success)
         return { type: "error", message: error ?? "unknown error" };
       return {
@@ -74782,7 +74853,7 @@ async function convertSocketArtifacts(artifacts, tmpDir) {
 // dist/whole-program-code-aware-vulnerability-scanner/java/java-code-aware-vulnerability-scanner.js
 var import_lodash8 = __toESM(require_lodash(), 1);
 import { existsSync as existsSync7 } from "fs";
-import { mkdir as mkdir2, readFile as readFile5, writeFile as writeFile4 } from "fs/promises";
+import { mkdir as mkdir2, readFile as readFile6, writeFile as writeFile4 } from "fs/promises";
 import { basename as basename5, dirname as dirname4, join as join14 } from "path";
 // ../../node_modules/.pnpm/cheerio@1.0.0-rc.12/node_modules/cheerio/lib/esm/options.js
@@ -88497,7 +88568,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --alucard ${alucardPath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`);
       if (result.error)
         return void 0;
-      const packageIds = JSON.parse(await readFile5(outputFile, "utf-8")).result;
+      const packageIds = JSON.parse(await readFile6(outputFile, "utf-8")).result;
       return packageIds?.filter((packageId) => !Object.hasOwn(this.apps, packageId))?.map((packageId) => parsePackageUrlToMavenDependency(packageId).packageName);
     });
   }
@@ -88528,7 +88599,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --alucard ${alucardPath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`);
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
-      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile5(outputFile, "utf-8")).result;
+      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile6(outputFile, "utf-8")).result;
       if (!success)
         return { type: "error", message: error ?? "unknown error" };
       return {
@@ -88643,7 +88714,7 @@ async function convertSocketArtifacts2(artifacts, tmpDir) {
 // dist/whole-program-code-aware-vulnerability-scanner/js/jelly-runner.js
 var import_lodash9 = __toESM(require_lodash(), 1);
-import { readFile as readFile6, rm as rm2, writeFile as writeFile5 } from "fs/promises";
+import { readFile as readFile7, rm as rm2, writeFile as writeFile5 } from "fs/promises";
 import { relative as relative4, resolve as resolve6 } from "path";
 var { map: map2, uniq: uniq4 } = import_lodash9.default;
 var PRINT_JELLY_COMMAND = false;
@@ -88702,15 +88773,15 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
       experiment && reachabilityAnalysisOptions.timeoutInSeconds ? { timeout: reachabilityAnalysisOptions.timeoutInSeconds * 1e3 * 1.5 } : void 0
     );
     if (reachabilityAnalysisOptions.printLogFile)
-      logger.info("JS analysis log file:", await readFile6(logFile, "utf-8"));
-    const analysisDiagnostics = JSON.parse(await readFile6(diagnosticsFile, "utf-8"));
+      logger.info("JS analysis log file:", await readFile7(logFile, "utf-8"));
+    const analysisDiagnostics = JSON.parse(await readFile7(diagnosticsFile, "utf-8"));
     analysisDiagnostics.time = analysisDiagnostics.analysisTime;
     delete analysisDiagnostics.analysisTime;
     analysisDiagnostics.timings = {
       analysisTime: analysisDiagnostics.time,
       patternMatchingTime: analysisDiagnostics.patternMatchingTime
     };
-    const callStacks = JSON.parse(await readFile6(callStackFile, "utf-8"));
+    const callStacks = JSON.parse(await readFile7(callStackFile, "utf-8"));
     const matches = {};
     for (const { vulnerability, paths } of callStacks) {
       const transformedStacks = transformJellyCallStacks(projectRoot, paths);
@@ -88744,7 +88815,7 @@ async function runJellyPhantomDependencyAnalysis(projectRoot) {
       projectRoot
     ];
     await runCommandResolveStdOut(jellyCmd);
-    return JSON.parse(await readFile6(reachablePackagesFile, "utf-8"));
+    return JSON.parse(await readFile7(reachablePackagesFile, "utf-8"));
   } finally {
     await rm2(tmpFolder, { recursive: true });
   }
@@ -95047,7 +95118,7 @@ function transformSourceLocations(fileMappings, detectedOccurrences) {
 var import_lodash11 = __toESM(require_lodash(), 1);
 import assert4 from "assert";
 import { existsSync as existsSync9, createReadStream, createWriteStream as createWriteStream2 } from "fs";
-import { readFile as readFile7, rm as rm4, cp as cp4 } from "fs/promises";
+import { readFile as readFile8, rm as rm4, cp as cp4 } from "fs/promises";
 import zlib2 from "zlib";
 import { join as join17, resolve as resolve9, sep } from "path";
 import { pipeline } from "stream/promises";
@@ -95100,9 +95171,9 @@ var GoCodeAwareVulnerabilityScanner = class {
       if (stderr)
         logger.debug(`Go code-aware analysis stderr
 ${stderr}`);
-      const diagnostics = JSON.parse(await readFile7(diagnosticsOutputFile, "utf8"));
+      const diagnostics = JSON.parse(await readFile8(diagnosticsOutputFile, "utf8"));
       logger.debug("Diagnostics", diagnostics);
-      const result = JSON.parse(await readFile7(vulnsOutputFile, "utf8"));
+      const result = JSON.parse(await readFile8(vulnsOutputFile, "utf8"));
       logger.debug("Analysis results", result);
       return {
         type: "success",
@@ -95197,7 +95268,7 @@ ${stderr}`);
 // dist/whole-program-code-aware-vulnerability-scanner/rust/rust-code-aware-vulnerability-scanner.js
 var import_lodash12 = __toESM(require_lodash(), 1);
-import { readFile as readFile8, writeFile as writeFile7 } from "fs/promises";
+import { readFile as readFile9, writeFile as writeFile7 } from "fs/promises";
 import { basename as basename8, dirname as dirname11, join as join19 } from "path";
 // dist/whole-program-code-aware-vulnerability-scanner/rust/heuristics.js
@@ -96044,7 +96115,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${treeSitterRustPath}`);
       if (result.error)
         return void 0;
-      const packageIds = JSON.parse(await readFile8(outputFile, "utf-8")).result;
+      const packageIds = JSON.parse(await readFile9(outputFile, "utf-8")).result;
       return packageIds?.filter((packageId) => !Object.hasOwn(this.apps, packageId))?.map((packageId) => parsePackageUrlToRustDependency(packageId).packageName);
     });
   }
@@ -96076,7 +96147,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${treeSitterRustPath}`);
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
-      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile8(outputFile, "utf-8")).result;
+      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile9(outputFile, "utf-8")).result;
       if (!success)
         return { type: "error", message: error ?? "unknown error" };
       return {
@@ -96175,7 +96246,7 @@ async function getCrateInfo(cargoTomlPath) {
   let examples;
   let tests;
   const cargoTomlDir = dirname11(cargoTomlPath);
-  const content = await readFile8(cargoTomlPath, "utf-8");
+  const content = await readFile9(cargoTomlPath, "utf-8");
   const parsed = parse14(content);
   if (typeof parsed.package === "object" && "name" in parsed.package) {
     const crateName = parsed.package.name;
@@ -96452,10 +96523,10 @@ ${vulnAccPaths.join("\n")}`);
       if (errors.length > 0)
         logger.info(`Error messages from mambalade:
 ${errors.join("\n")}`);
-      const result = JSON.parse(await readFile9(vulnsOutputFile, "utf-8"));
+      const result = JSON.parse(await readFile10(vulnsOutputFile, "utf-8"));
       logger.debug("Analysis result:", JSON.stringify(result, null, 2));
       logger.debug("About to read diagnostics output file");
-      const { modules, ...mambaladeDiagnosticsOutput } = JSON.parse(await readFile9(diagnosticsOutputFile, "utf-8"));
+      const { modules, ...mambaladeDiagnosticsOutput } = JSON.parse(await readFile10(diagnosticsOutputFile, "utf-8"));
       logger.debug("Done reading diagnostics output file");
       const getTimes = (...keys) => (
         // Mambalade outputs times in seconds, we convert them to milliseconds
@@ -97500,13 +97571,13 @@ async function runReachabilityAnalysis(state) {
 }
 // dist/reachability-analysis-state.js
-import { readFile as readFile10 } from "fs/promises";
+import { readFile as readFile11 } from "fs/promises";
 async function getReachabilityAnalyzersStateFromInput(rootWorkingDir, subprojectDir, workspacePath, inputFile) {
   return {
     rootWorkingDir,
     subprojectDir,
     workspacePath,
-    ...JSON.parse(await readFile10(inputFile, "utf-8"))
+    ...JSON.parse(await readFile11(inputFile, "utf-8"))
   };
 }
@@ -97522,7 +97593,7 @@ var runReachabilityAnalysisCmd = new Command().name("runReachabilityAnalysis").a
   }
 }));
 var runOnDependencyChainCmd = new Command().name("runOnDependencyChain").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--coana-log-path <logPath>", "Coana log path").option("--silent-spinner", "Silence spinner").requiredOption("-i, --input-file <inputFile>", "Input file for data and vulnerabilities").requiredOption("-o, --output-file <outputFile>", "Output directory for the results").configureHelp({ sortSubcommands: true, sortOptions: true }).action(async (options) => withLoggerAndSpinner("Coana Reachability Analyzers", options, async () => {
-  const { ecosystem, dependencyChain, vulnerability } = JSON.parse(await readFile11(options.inputFile, "utf-8"));
+  const { ecosystem, dependencyChain, vulnerability } = JSON.parse(await readFile12(options.inputFile, "utf-8"));
   const result = await analyzePackages(ecosystem, deserializeDependencyChain(ecosystem, dependencyChain), vulnerability);
   if (options.outputFile) {
     logger.debug("Writing result to file", options.outputFile);

package/repos/coana-tech/alucard/alucard.jar CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-arm64.gz CHANGED Viewed

Binary file