@coana-tech/cli 14.12.151 → 14.12.152
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +1 -1
- package/package.json +2 -2
- package/reachability-analyzers-cli.mjs +5 -4
- package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
- package/repos/coana-tech/javap-service/javap-service.jar +0 -0
- package/repos/coana-tech/mambalade/dist/mambalade-0.3.20-py3-none-any.whl +0 -0
package/cli.mjs
CHANGED
|
@@ -250895,7 +250895,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
250895
250895
|
}
|
|
250896
250896
|
|
|
250897
250897
|
// dist/version.js
|
|
250898
|
-
var version3 = "14.12.
|
|
250898
|
+
var version3 = "14.12.152";
|
|
250899
250899
|
|
|
250900
250900
|
// dist/cli-core.js
|
|
250901
250901
|
var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@coana-tech/cli",
|
|
3
|
-
"version": "14.12.
|
|
3
|
+
"version": "14.12.152",
|
|
4
4
|
"description": "Coana CLI",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -13,6 +13,6 @@
|
|
|
13
13
|
"binaryConfig": {
|
|
14
14
|
"nodeVersion": "22.21.1",
|
|
15
15
|
"npmVersion": "10.9.2",
|
|
16
|
-
"uvVersion": "0.
|
|
16
|
+
"uvVersion": "0.9.24"
|
|
17
17
|
}
|
|
18
18
|
}
|
|
@@ -112775,8 +112775,9 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
112775
112775
|
return;
|
|
112776
112776
|
const experimentalRes = await analyzeAndAugmentVulns(buckets, void 0, true, expHeuristicName);
|
|
112777
112777
|
const experimentalUrlToReachability = transformVulnsToUrlToReachability(experimentalRes.augmentedVulnerabilities);
|
|
112778
|
+
const ignoredVulnerabilities = new Set(expHeuristicName === "LAZY_EXPERIMENT" ? buckets.flatMap((b) => b.vulnerabilities).filter((v) => v.vulnerabilityAccessPaths.some((ap) => ap.includes("?"))).map((v) => v.url) : []);
|
|
112778
112779
|
const vulnUrlsWithPotentialRegressions = experimentalRes.augmentedVulnerabilities.filter((v) => previousAnalysisResults.reachabilityResults[v.url] && // If the vulnerability is new we do not have a previous reachability result
|
|
112779
|
-
getVulnReachability(v.results) !== previousAnalysisResults.reachabilityResults[v.url]).map((v) => v.url);
|
|
112780
|
+
!ignoredVulnerabilities.has(v.url) && getVulnReachability(v.results) !== previousAnalysisResults.reachabilityResults[v.url]).map((v) => v.url);
|
|
112780
112781
|
const [bucketsToRecompute, bucketsNotToRecompute] = import_lodash17.default.partition(experimentalRes.analysisMetadata, (am) => am.vulnUrls.some((v) => vulnUrlsWithPotentialRegressions.includes(v)));
|
|
112781
112782
|
for (const b of bucketsToRecompute)
|
|
112782
112783
|
analysisMetadataCollector?.({ ...b, finalResult: false });
|
|
@@ -112791,7 +112792,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
112791
112792
|
})), analysisMetadataCollector, true);
|
|
112792
112793
|
await Promise.all([
|
|
112793
112794
|
sendTimeRegressionsToDashboard(expHeuristicName, resWithoutExperimentalHeuristic.analysisMetadata, bucketsToRecompute),
|
|
112794
|
-
sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities), experimentalUrlToReachability)
|
|
112795
|
+
sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities), experimentalUrlToReachability, ignoredVulnerabilities)
|
|
112795
112796
|
]);
|
|
112796
112797
|
}
|
|
112797
112798
|
const vulnsToGetFromExperimental = bucketsNotToRecompute.flatMap((b) => b.vulnUrls);
|
|
@@ -113005,8 +113006,8 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
113005
113006
|
return;
|
|
113006
113007
|
await sendRegressionsToDashboard(regressions, relative7(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, COANA_REPORT_ID, apiKey);
|
|
113007
113008
|
}
|
|
113008
|
-
async function sendReachabilityRegressionsToDashboard(heuristicName, experimentName, origRes, experimentRes) {
|
|
113009
|
-
const regressions = Object.entries(origRes).filter(([vulnUrl, oRes]) => experimentRes[vulnUrl] && oRes.reachability !== experimentRes[vulnUrl].reachability).map(([vulnUrl, originalResult]) => ({
|
|
113009
|
+
async function sendReachabilityRegressionsToDashboard(heuristicName, experimentName, origRes, experimentRes, ignoredVulnerabilities) {
|
|
113010
|
+
const regressions = Object.entries(origRes).filter(([vulnUrl]) => !ignoredVulnerabilities.has(vulnUrl)).filter(([vulnUrl, oRes]) => experimentRes[vulnUrl] && oRes.reachability !== experimentRes[vulnUrl].reachability).map(([vulnUrl, originalResult]) => ({
|
|
113010
113011
|
type: "REACHABILITY",
|
|
113011
113012
|
heuristicName,
|
|
113012
113013
|
experimentName,
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|