@coana-tech/cli 14.12.13 → 14.12.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +15 -7
- package/package.json +1 -1
- package/repos/coana-tech/alucard/alucard.jar +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
package/cli.mjs
CHANGED
|
@@ -210395,7 +210395,7 @@ function getAllToplevelAncestors(artifactMap, artifactId) {
|
|
|
210395
210395
|
findAncestors(artifactId);
|
|
210396
210396
|
return Array.from(toplevelAncestors);
|
|
210397
210397
|
}
|
|
210398
|
-
async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash) {
|
|
210398
|
+
async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash, mode) {
|
|
210399
210399
|
logger.info("Fetching artifacts from Socket backend using manifests tar hash", manifestsTarHash);
|
|
210400
210400
|
try {
|
|
210401
210401
|
const { artifacts } = await fetchArtifactsFromManifestsTarHash(manifestsTarHash);
|
|
@@ -210530,7 +210530,7 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
|
|
|
210530
210530
|
}
|
|
210531
210531
|
if (purlsFailedToFindWorkspace.size > 0) {
|
|
210532
210532
|
logger.warn(`Failed to find workspace for the following purls with vulnerabilities: ${Array.from(purlsFailedToFindWorkspace).join(", ")}.
|
|
210533
|
-
This means that we will not do a full reachability analysis for these vulnerabilities, but fallback to the results from the pre-computed reachability analysis
|
|
210533
|
+
${mode === "reachability" ? "This means that we will not do a full reachability analysis for these vulnerabilities, but fallback to the results from the pre-computed reachability analysis." : ""}`);
|
|
210534
210534
|
}
|
|
210535
210535
|
return {
|
|
210536
210536
|
artifacts,
|
|
@@ -225660,7 +225660,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
225660
225660
|
}
|
|
225661
225661
|
|
|
225662
225662
|
// dist/version.js
|
|
225663
|
-
var version2 = "14.12.
|
|
225663
|
+
var version2 = "14.12.15";
|
|
225664
225664
|
|
|
225665
225665
|
// dist/cli-core.js
|
|
225666
225666
|
var { mapValues, omit, partition, pick } = import_lodash15.default;
|
|
@@ -225809,7 +225809,7 @@ var CliCore = class {
|
|
|
225809
225809
|
async computeAndOutputReportSocketMode(otherModulesCommunicator) {
|
|
225810
225810
|
logger.info("Fetching artifacts from Socket backend");
|
|
225811
225811
|
this.sendProgress("SCAN_FOR_VULNERABILITIES", true, ".", ".");
|
|
225812
|
-
const { artifacts, ecosystemToWorkspaceToAnalysisData, ecosystemToWorkspaceToVulnerabilities } = await fetchArtifactsFromSocket(this.rootWorkingDirectory, this.options.manifestsTarHash);
|
|
225812
|
+
const { artifacts, ecosystemToWorkspaceToAnalysisData, ecosystemToWorkspaceToVulnerabilities } = await fetchArtifactsFromSocket(this.rootWorkingDirectory, this.options.manifestsTarHash, "reachability");
|
|
225813
225813
|
this.sendProgress("SCAN_FOR_VULNERABILITIES", false, ".", ".");
|
|
225814
225814
|
const subProjects = Object.entries(ecosystemToWorkspaceToAnalysisData).flatMap(([ecosystem, workspaceToAnalysisData]) => {
|
|
225815
225815
|
return Object.entries(workspaceToAnalysisData).map(([workspace, analysisData]) => {
|
|
@@ -226377,7 +226377,7 @@ ${upgrades.map((upgrade) => ` ${upgrade.purl} -> ${upgrade.upgradeVersion}`).joi
|
|
|
226377
226377
|
}
|
|
226378
226378
|
try {
|
|
226379
226379
|
const purlToUpgradeVersion = new Map(supportedUpgrades.map((upgrade) => [upgrade.purl, upgrade.upgradeVersion]));
|
|
226380
|
-
const { artifacts } = await fetchArtifactsFromSocket(path2, options.manifestsTarHash);
|
|
226380
|
+
const { artifacts } = await fetchArtifactsFromSocket(path2, options.manifestsTarHash, "upgrade-purls");
|
|
226381
226381
|
const ecosystemToSocketArtifactUpgrades = {};
|
|
226382
226382
|
artifacts.forEach((artifact, idx) => {
|
|
226383
226383
|
if (!artifact.name)
|
|
@@ -226549,7 +226549,7 @@ async function computeFixesAndUpgradePurls(path2, options, logFile) {
|
|
|
226549
226549
|
}
|
|
226550
226550
|
async function computeInputForComputingFixes(path2, options) {
|
|
226551
226551
|
if (options.manifestsTarHash) {
|
|
226552
|
-
const { artifacts: artifacts2 } = await fetchArtifactsFromSocket(path2, options.manifestsTarHash);
|
|
226552
|
+
const { artifacts: artifacts2 } = await fetchArtifactsFromSocket(path2, options.manifestsTarHash, "autofix");
|
|
226553
226553
|
const ghsaToVulnerableArtifactIds2 = {};
|
|
226554
226554
|
for (const [index2, artifact] of artifacts2.entries()) {
|
|
226555
226555
|
if (!artifact.vulnerabilities)
|
|
@@ -226674,6 +226674,9 @@ upgradePurls.name("upgrade-purls").argument("<path>", "File system path to the f
|
|
|
226674
226674
|
var computeFixesAndUpgradePurlsCmd = new Command();
|
|
226675
226675
|
computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", 'GHSA IDs to compute fixes for. Use "all" to compute fixes for all vulnerabilities.', []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--range-style <style>", 'Range style to use for the output. Currently only "pin" is supported and it only works for npm.').addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
|
|
226676
226676
|
process.env.DOCKER_IMAGE_TAG ??= version2;
|
|
226677
|
+
if (options.rangeStyle && options.rangeStyle === "preserve") {
|
|
226678
|
+
options.rangeStyle = void 0;
|
|
226679
|
+
}
|
|
226677
226680
|
if (options.rangeStyle && options.rangeStyle !== "pin") {
|
|
226678
226681
|
throw new Error('Range style must be "pin"');
|
|
226679
226682
|
}
|
|
@@ -226692,7 +226695,12 @@ compareReportsCommand.name("compare-reports").argument("<baselineReportPath>", "
|
|
|
226692
226695
|
const newReport = await readReport(newReportPath);
|
|
226693
226696
|
await compareReports(baselineReport, newReport, options);
|
|
226694
226697
|
});
|
|
226695
|
-
|
|
226698
|
+
var findVulnerabilities = new Command();
|
|
226699
|
+
findVulnerabilities.name("find-vulnerabilities").requiredOption("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket.").action(async (options) => {
|
|
226700
|
+
const { artifacts } = await fetchArtifactsFromManifestsTarHash(options.manifestsTarHash);
|
|
226701
|
+
console.log(i5(artifacts.flatMap((a4) => a4.vulnerabilities?.map((v) => v.ghsaId) ?? [])));
|
|
226702
|
+
});
|
|
226703
|
+
program2.name("coana-cli").addCommand(run2, { isDefault: true }).addCommand(findVulnerabilities).addCommand(applyFixes).addCommand(upgradePurls, { hidden: true }).addCommand(compareReportsCommand).addCommand(computeFixesAndUpgradePurlsCmd, { hidden: true }).configureHelp({ sortSubcommands: true }).version(version2);
|
|
226696
226704
|
program2.parseAsync();
|
|
226697
226705
|
var defaultCliOptions = {
|
|
226698
226706
|
debug: false,
|
package/package.json
CHANGED
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|