@coana-tech/cli 14.12.164 → 14.12.166

package/cli.mjs

@@ -204869,7 +204869,7 @@ function getSocketAPI() {
 
 // ../utils/src/tool-extractor.ts
 import { createHash } from "node:crypto";
-import { createReadStream, createWriteStream as createWriteStream2, readFileSync as readFileSync2, statSync as statSync2 } from "node:fs";
+import { createReadStream, createWriteStream as createWriteStream3, readFileSync as readFileSync2, statSync as statSync2 } from "node:fs";
 import { copyFile, cp as cp2, mkdir as mkdir4, writeFile as writeFile2 } from "node:fs/promises";
 import { tmpdir as tmpdir2 } from "node:os";
 import { basename as basename3, dirname as dirname5, join as join5 } from "node:path";
@@ -204879,6 +204879,7 @@ import { createGunzip } from "node:zlib";
 // ../utils/src/command-utils.ts
 import assert from "assert";
 import { execFile as execFile2 } from "child_process";
+import { createWriteStream as createWriteStream2 } from "fs";
 
 // ../../node_modules/.pnpm/async-mutex@0.5.0/node_modules/async-mutex/index.mjs
 var E_TIMEOUT = new Error("timeout while waiting for mutex to become available");
@@ -205622,6 +205623,14 @@ async function execNeverFail(cmd, dir, options) {
           });
         });
       }
+      if (options?.outputLogFile) {
+        const logFileStream = createWriteStream2(options.outputLogFile, { flags: "w" });
+        childProcess.stdout?.pipe(logFileStream);
+        childProcess.stderr?.pipe(logFileStream);
+        childProcess.on("close", () => {
+          logFileStream.end();
+        });
+      }
       if (options?.stdin) childProcess.stdin?.write(options.stdin);
       childProcess.stdin?.end();
     });
@@ -211793,7 +211802,7 @@ async function getNodeExecutable(overridePath) {
     await pipeline(
       createReadStream(compressedBinaryPath),
       createGunzip(),
-      createWriteStream2(nodeBinaryPath, { mode: 493 })
+      createWriteStream3(nodeBinaryPath, { mode: 493 })
     );
     logger.debug("Node.js binary extracted and ready");
     return nodeBinaryPath;
@@ -212022,7 +212031,7 @@ async function getUvExecutable() {
     await pipeline(
       createReadStream(compressedBinaryPath),
       createGunzip(),
-      createWriteStream2(uvBinaryPath, { mode: 493 })
+      createWriteStream3(uvBinaryPath, { mode: 493 })
     );
     logger.debug("uv binary extracted and ready");
     return uvBinaryPath;
@@ -224349,6 +224358,7 @@ import { join as join12, resolve as resolve18 } from "path";
 // ../utils/dist/command-utils.js
 import assert9 from "assert";
 import { execFile as execFile4 } from "child_process";
+import { createWriteStream as createWriteStream4 } from "fs";
 
 // ../utils/dist/spinner.js
 var import_lodash4 = __toESM(require_lodash(), 1);
@@ -224879,6 +224889,14 @@ async function execNeverFail3(cmd, dir, options) {
           });
         });
       }
+      if (options?.outputLogFile) {
+        const logFileStream = createWriteStream4(options.outputLogFile, { flags: "w" });
+        childProcess.stdout?.pipe(logFileStream);
+        childProcess.stderr?.pipe(logFileStream);
+        childProcess.on("close", () => {
+          logFileStream.end();
+        });
+      }
       if (options?.stdin)
         childProcess.stdin?.write(options.stdin);
       childProcess.stdin?.end();
@@ -231320,7 +231338,7 @@ function flattenDockerSpec({
 // ../web-compat-utils/dist/logger-singleton.js
 var import_winston2 = __toESM(require_winston(), 1);
 import { Console as Console2 } from "console";
-import { createWriteStream as createWriteStream3 } from "fs";
+import { createWriteStream as createWriteStream5 } from "fs";
 import { readFile as readFile29 } from "fs/promises";
 
 // ../web-compat-utils/dist/util-formatter.js
@@ -231354,7 +231372,7 @@ var CLILogger2 = class {
     }
     const transports = [new import_winston2.transports.Console()];
     if (logFilePath) {
-      this.writeStream = createWriteStream3(logFilePath, { flags: "a" });
+      this.writeStream = createWriteStream5(logFilePath, { flags: "a" });
       transports.push(new import_winston2.transports.Stream({ stream: this.writeStream, level: "file" }));
     }
     const customLevels = {
@@ -234796,7 +234814,7 @@ var BatchedHttpLogStreamer = class {
 // ../utils/src/logging/socket-log-server.ts
 import { createServer } from "net";
 import { once as once8 } from "events";
-import { createWriteStream as createWriteStream4, existsSync as existsSync24 } from "fs";
+import { createWriteStream as createWriteStream6, existsSync as existsSync24 } from "fs";
 import { unlink as unlink3 } from "fs/promises";
 var SocketLogServer = class {
   server;
@@ -234813,7 +234831,7 @@ var SocketLogServer = class {
     this.socketPath = options.socketPath;
     this.logFilePath = options.logFilePath;
     this.onLogReceived = options.onLogReceived;
-    this.writeStream = createWriteStream4(this.logFilePath, { flags: "a" });
+    this.writeStream = createWriteStream6(this.logFilePath, { flags: "a" });
     this.server = createServer((socket) => this.handleConnection(socket));
   }
   async start() {
@@ -251289,7 +251307,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.164";
+var version3 = "14.12.166";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.164",
+  "version": "14.12.166",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -80897,6 +80897,7 @@ import { join as join4 } from "path";
 // ../utils/src/command-utils.ts
 import assert from "assert";
 import { execFile as execFile2 } from "child_process";
+import { createWriteStream as createWriteStream2 } from "fs";
 
 // ../utils/src/telemetry/telemetry-collector.ts
 import { execFile } from "child_process";
@@ -81299,6 +81300,14 @@ async function execNeverFail(cmd, dir, options) {
           });
         });
       }
+      if (options?.outputLogFile) {
+        const logFileStream = createWriteStream2(options.outputLogFile, { flags: "w" });
+        childProcess.stdout?.pipe(logFileStream);
+        childProcess.stderr?.pipe(logFileStream);
+        childProcess.on("close", () => {
+          logFileStream.end();
+        });
+      }
       if (options?.stdin) childProcess.stdin?.write(options.stdin);
       childProcess.stdin?.end();
     });
@@ -81308,6 +81317,10 @@ async function execNeverFail(cmd, dir, options) {
     await analyzerTelemetryServer?.close();
   }
 }
+async function execAndResolveSucceeded(cmd, dir, options) {
+  const { error } = await execNeverFail(cmd, dir, options);
+  return !error;
+}
 async function exec(cmd, dir, options) {
   const { error, stdout, stderr } = await execNeverFail(cmd, dir, options);
   if (!error) return { stdout, stderr };
@@ -81387,6 +81400,12 @@ async function execNeverFail2(cmd, dir, options) {
   logger.debug(`Command ${formatCmd(cmd, dir)} finished ${result.error ? "with error" : "successfully"}`);
   return result;
 }
+async function execAndResolveSucceeded2(cmd, dir, options) {
+  logger.debug(`Running command: ${formatCmd(cmd, dir)}`);
+  const result = await execAndResolveSucceeded(cmd, dir, options);
+  logger.debug(`Command ${formatCmd(cmd, dir)} finished ${result ? "successfully" : "with error"}`);
+  return result;
+}
 async function exec2(cmd, dir, options) {
   logger.debug(`Running command: ${formatCmd(cmd, dir)}`);
   try {
@@ -88868,7 +88887,7 @@ function getUrlForPackage(packageName, version3) {
 
 // ../utils/src/tool-extractor.ts
 import { createHash } from "node:crypto";
-import { createReadStream, createWriteStream as createWriteStream2, readFileSync as readFileSync3, statSync as statSync3 } from "node:fs";
+import { createReadStream, createWriteStream as createWriteStream3, readFileSync as readFileSync3, statSync as statSync3 } from "node:fs";
 import { copyFile as copyFile2, cp as cp4, mkdir as mkdir4, writeFile as writeFile4 } from "node:fs/promises";
 import { tmpdir as tmpdir3 } from "node:os";
 import { basename as basename5, dirname as dirname8, join as join11 } from "node:path";
@@ -94020,7 +94039,7 @@ async function getNodeExecutable(overridePath) {
     await pipeline(
       createReadStream(compressedBinaryPath),
       createGunzip(),
-      createWriteStream2(nodeBinaryPath, { mode: 493 })
+      createWriteStream3(nodeBinaryPath, { mode: 493 })
     );
     logger.debug("Node.js binary extracted and ready");
     return nodeBinaryPath;
@@ -110961,6 +110980,7 @@ import { readFile as readFile9, realpath as realpath2, rm as rm2, writeFile as w
 import { relative as relative6, resolve as resolve13 } from "path";
 var { map: map2, uniq: uniq4 } = import_lodash10.default;
 var PRINT_JELLY_COMMAND = false;
+var STRACE_MAX_LINES = 1e4;
 async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reachabilityAnalysisOptions, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler, analyzerTelemetryHandler) {
   const tmpFolder = await createTmpDirectory("jelly-analysis");
   try {
@@ -110978,7 +110998,7 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
     const diagnosticsFile = resolve13(tmpFolder, "diagnostics.json");
     const callStackFile = resolve13(tmpFolder, "call-stacks.json");
     const affectedPackagesFile = resolve13(tmpFolder, "affected-packages.json");
-    const logFile = reachabilityAnalysisOptions.analysisLogFile ?? (reachabilityAnalysisOptions.printLogFile && resolve13(projectRoot, "js-analysis.log"));
+    const logFile = reachabilityAnalysisOptions.printLogFile ? resolve13(projectRoot, "js-analysis.log") : void 0;
     await writeFile7(vulnerabilitiesFile, JSON.stringify(vulnerabilitiesInJellyFormat));
     const useLazy = experiment === "LAZY_EXPERIMENT" || reachabilityAnalysisOptions.lazy;
     const { includePackages } = jellyOptions;
@@ -110996,15 +111016,21 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
         --max-indirections=${useLazy ? 2 : jellyOptions.maxIndirections}
         ${!!includePackages && (includePackages.length ? ["--include-packages", ...includePackages] : ["--ignore-dependencies"])}
         ${jellyOptions.approx && "--approx"}
-        ${logFile ? ["--logfile", logFile] : []}
         --callstacks-json ${callStackFile}
         ${additionalFlags}
         ${filesToAnalyze}
       `;
     if (PRINT_JELLY_COMMAND)
       logger.info("Jelly command:", jellyCmd.join(" "));
+    const straceEnabled = process.env.COANA_ANALYSIS_ENABLE_STRACE === "true";
+    const straceOutputFile = resolve13(mainProjectRoot, "strace-output.txt");
+    const useStrace = straceEnabled && await isStraceAvailable();
+    if (straceEnabled && !useStrace) {
+      logger.info("COANA_ANALYSIS_ENABLE_STRACE is enabled but strace is not available on this system");
+    }
+    const cmdToRun = useStrace ? ["strace", "-f", "-o", `|tail -n ${STRACE_MAX_LINES} > ${straceOutputFile}`, ...jellyCmd] : jellyCmd;
     await runCommandResolveStdOut2(
-      jellyCmd,
+      cmdToRun,
       void 0,
       // Use SIGKILL to ensure termination even if the process is unresponsive 50% above the timeout (e.g., due to GC pressure).
       {
@@ -111012,7 +111038,8 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
         killSignal: "SIGKILL",
         heartbeat: HEARTBEATS.js,
         telemetryHandler,
-        analyzerTelemetryHandler
+        analyzerTelemetryHandler,
+        outputLogFile: logFile
       }
     );
     if (reachabilityAnalysisOptions.printLogFile)
@@ -111111,6 +111138,9 @@ function transformJellyCallStacks(projectRoot, paths) {
     affectedPackages: uniq4(paths.stacks.flatMap((stack) => map2(stack, "package")))
   };
 }
+async function isStraceAvailable() {
+  return execAndResolveSucceeded2(["which", "strace"]);
+}
 
 // dist/whole-program-code-aware-vulnerability-scanner/js/js-code-aware-vulnerability-scanner.js
 var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
@@ -111287,7 +111317,7 @@ function transformSourceLocations(fileMappings, detectedOccurrences) {
 // dist/whole-program-code-aware-vulnerability-scanner/go/go-code-aware-vulnerability-scanner.js
 var import_lodash11 = __toESM(require_lodash(), 1);
 import assert5 from "assert";
-import { existsSync as existsSync11, createReadStream as createReadStream2, createWriteStream as createWriteStream3 } from "fs";
+import { existsSync as existsSync11, createReadStream as createReadStream2, createWriteStream as createWriteStream4 } from "fs";
 import { readFile as readFile10, rm as rm4, cp as cp6 } from "fs/promises";
 import zlib2 from "zlib";
 import { join as join16, resolve as resolve14, sep as sep3 } from "path";
@@ -111337,7 +111367,7 @@ var GoCodeAwareVulnerabilityScanner = class {
       const binaryPath = ToolPathResolver.getGoanaBinaryPath(process.platform, process.arch);
       if (!await exists(binaryPath))
         throw new Error(`goana binary not found at '${binaryPath}'`);
-      await pipeline2(createReadStream2(binaryPath), zlib2.createGunzip(), createWriteStream3(join16(tmpDir, "goana"), { mode: 493 }));
+      await pipeline2(createReadStream2(binaryPath), zlib2.createGunzip(), createWriteStream4(join16(tmpDir, "goana"), { mode: 493 }));
       const vulnAccPaths = uniq5(vulns.flatMap((v) => v.vulnerabilityAccessPaths));
       const { error, stderr } = await execNeverFail2(cmdt`${join16(tmpDir, "goana")}
           -output-vulnerabilities ${vulnsOutputFile}
@@ -113690,7 +113720,7 @@ import { resolve as resolve21 } from "path";
 
 // dist/whole-program-code-aware-vulnerability-scanner/ruby/ruby-code-aware-vulnerability-scanner.js
 var import_lodash20 = __toESM(require_lodash(), 1);
-import { createWriteStream as createWriteStream4, existsSync as existsSync15 } from "fs";
+import { createWriteStream as createWriteStream5, existsSync as existsSync15 } from "fs";
 import { mkdir as mkdir9, readdir as readdir5, readFile as readFile13, rm as rm7 } from "fs/promises";
 import { join as join18, relative as relative9 } from "path";
 import { pipeline as pipeline3 } from "stream/promises";
@@ -113892,7 +113922,7 @@ async function downloadAndExtractGem(gemName, version3, vendorDir) {
       throw new Error(`Failed to download gem from ${response.url}: ${response.status} ${response.statusText}`);
     if (!response.body)
       throw new Error("Response body is null");
-    await pipeline3(response.body, createWriteStream4(tempGemFile));
+    await pipeline3(response.body, createWriteStream5(tempGemFile));
     await mkdir9(gemDir, { recursive: true });
     logger.debug(`Extracting gem ${gemName}@${version3}`);
     await exec2(["tar", "-xf", tempGemFile, "data.tar.gz"], gemDir);