@coana-tech/cli 14.12.178 → 14.12.179
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +1 -1
- package/package.json +1 -1
- package/reachability-analyzers-cli.mjs +6 -2
- package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
- package/repos/coana-tech/javap-service/javap-service.jar +0 -0
- package/repos/coana-tech/jelly-private/dist/bundle/approx.js +3 -3
- package/repos/coana-tech/jelly-private/dist/bundle/{chunk-6YZBCEC5.js → chunk-AQ5JQOUT.js} +2 -2
- package/repos/coana-tech/jelly-private/dist/bundle/{chunk-B4YMLUZ5.js → chunk-IHOAXGXT.js} +2 -2
- package/repos/coana-tech/jelly-private/dist/bundle/{chunk-LFEVD6IY.js → chunk-S4OPEAUO.js} +2 -1
- package/repos/coana-tech/jelly-private/dist/bundle/{chunk-B76EIOV4.js → chunk-SGCFSZ72.js} +2 -2
- package/repos/coana-tech/jelly-private/dist/bundle/hooks.js +3 -3
- package/repos/coana-tech/jelly-private/dist/bundle/jelly.js +58 -52
package/cli.mjs
CHANGED
|
@@ -251427,7 +251427,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
251427
251427
|
}
|
|
251428
251428
|
|
|
251429
251429
|
// dist/version.js
|
|
251430
|
-
var version3 = "14.12.
|
|
251430
|
+
var version3 = "14.12.179";
|
|
251431
251431
|
|
|
251432
251432
|
// dist/cli-core.js
|
|
251433
251433
|
var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
|
package/package.json
CHANGED
|
@@ -111012,6 +111012,7 @@ import { relative as relative6, resolve as resolve13 } from "path";
|
|
|
111012
111012
|
var { map: map2, uniq: uniq4 } = import_lodash10.default;
|
|
111013
111013
|
var PRINT_JELLY_COMMAND = false;
|
|
111014
111014
|
var STRACE_MAX_LINES = 1e4;
|
|
111015
|
+
var MAX_FILE_SIZE = 512 * 1024;
|
|
111015
111016
|
async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reachabilityAnalysisOptions, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler, analyzerTelemetryHandler) {
|
|
111016
111017
|
const tmpFolder = await createTmpDirectory("jelly-analysis");
|
|
111017
111018
|
try {
|
|
@@ -111043,6 +111044,7 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
|
|
|
111043
111044
|
--max-semi-space-size=128
|
|
111044
111045
|
${logFile && ["--trace-gc", "--trace-gc-verbose", "--trace-gc-ignore-scavenger", "--trace-mutator-utilization"]}
|
|
111045
111046
|
${jellyExecutable}
|
|
111047
|
+
--max-file-size ${MAX_FILE_SIZE}
|
|
111046
111048
|
--basedir ${mainProjectRoot}
|
|
111047
111049
|
--timeout ${timeoutInSeconds}
|
|
111048
111050
|
--vulnerabilities ${vulnerabilitiesFile}
|
|
@@ -111118,7 +111120,8 @@ async function runJellyPhantomDependencyAnalysis(projectRoot, options, telemetry
|
|
|
111118
111120
|
const jellyExecutable = ToolPathResolver.jellyPath;
|
|
111119
111121
|
const reachablePackagesFile = resolve13(tmpFolder, "reachable-packages.json");
|
|
111120
111122
|
const jellyCmd = cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} --max-old-space-size=${options.memoryLimitInMB}
|
|
111121
|
-
${jellyExecutable} --
|
|
111123
|
+
${jellyExecutable} --max-file-size ${MAX_FILE_SIZE}
|
|
111124
|
+
--basedir ${projectRoot} --modules-only --ignore-dependencies
|
|
111122
111125
|
--reachable-json ${reachablePackagesFile} ${projectRoot}`;
|
|
111123
111126
|
await runCommandResolveStdOut2(jellyCmd, void 0, {
|
|
111124
111127
|
timeout: options.timeoutSeconds.allVulnRuns * 1e3,
|
|
@@ -111138,7 +111141,8 @@ async function runJellyImportReachabilityAnalysis(mainProjectRoot, projectRoot,
|
|
|
111138
111141
|
const includePackages = computePackagesOnVulnPath(vulnerabilities, { includeLeafPackages: true });
|
|
111139
111142
|
const reachableModulesFile = resolve13(tmpFolder, "reachable-modules.json");
|
|
111140
111143
|
const jellyCmd = cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} --max-old-space-size=${options.memoryLimitInMB}
|
|
111141
|
-
${ToolPathResolver.jellyPath} --
|
|
111144
|
+
${ToolPathResolver.jellyPath} --max-file-size ${MAX_FILE_SIZE}
|
|
111145
|
+
--basedir ${mainProjectRoot} --modules-only --reparse
|
|
111142
111146
|
${includePackages.length ? ["--include-packages", ...includePackages] : ["--ignore-dependencies"]}
|
|
111143
111147
|
${getExcludes(mainProjectRoot, projectRoot, options)}
|
|
111144
111148
|
--reachable-json ${reachableModulesFile}
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -7,11 +7,11 @@ import "./iterator-helpers-polyfill.js";
|
|
|
7
7
|
import {
|
|
8
8
|
require_hints,
|
|
9
9
|
require_parser
|
|
10
|
-
} from "./chunk-
|
|
10
|
+
} from "./chunk-IHOAXGXT.js";
|
|
11
11
|
import {
|
|
12
12
|
require_proxy,
|
|
13
13
|
require_sandbox
|
|
14
|
-
} from "./chunk-
|
|
14
|
+
} from "./chunk-AQ5JQOUT.js";
|
|
15
15
|
import {
|
|
16
16
|
__commonJS,
|
|
17
17
|
__name,
|
|
@@ -21,7 +21,7 @@ import {
|
|
|
21
21
|
require_options,
|
|
22
22
|
require_transform,
|
|
23
23
|
require_util
|
|
24
|
-
} from "./chunk-
|
|
24
|
+
} from "./chunk-S4OPEAUO.js";
|
|
25
25
|
|
|
26
26
|
// lib/approx/approx.js
|
|
27
27
|
var require_approx = __commonJS({
|
|
@@ -9,7 +9,7 @@ import {
|
|
|
9
9
|
__name,
|
|
10
10
|
__require,
|
|
11
11
|
require_transform
|
|
12
|
-
} from "./chunk-
|
|
12
|
+
} from "./chunk-S4OPEAUO.js";
|
|
13
13
|
|
|
14
14
|
// lib/approx/proxy.js
|
|
15
15
|
var require_proxy = __commonJS({
|
|
@@ -268,4 +268,4 @@ export {
|
|
|
268
268
|
require_proxy,
|
|
269
269
|
require_sandbox
|
|
270
270
|
};
|
|
271
|
-
//# sourceMappingURL=chunk-
|
|
271
|
+
//# sourceMappingURL=chunk-AQ5JQOUT.js.map
|
|
@@ -14,7 +14,7 @@ import {
|
|
|
14
14
|
require_options,
|
|
15
15
|
require_tokens,
|
|
16
16
|
require_util
|
|
17
|
-
} from "./chunk-
|
|
17
|
+
} from "./chunk-S4OPEAUO.js";
|
|
18
18
|
|
|
19
19
|
// lib/parsing/parser.js
|
|
20
20
|
var require_parser = __commonJS({
|
|
@@ -516,4 +516,4 @@ export {
|
|
|
516
516
|
require_patching,
|
|
517
517
|
require_hints
|
|
518
518
|
};
|
|
519
|
-
//# sourceMappingURL=chunk-
|
|
519
|
+
//# sourceMappingURL=chunk-IHOAXGXT.js.map
|
|
@@ -10874,6 +10874,7 @@ var require_options = __commonJS({
|
|
|
10874
10874
|
eagerPropagation: false,
|
|
10875
10875
|
interops: true,
|
|
10876
10876
|
modulesJson: void 0,
|
|
10877
|
+
maxFileSize: void 0,
|
|
10877
10878
|
preciseAccessPathTransitions: false,
|
|
10878
10879
|
lazy: false,
|
|
10879
10880
|
lazyCleanup: false,
|
|
@@ -19923,4 +19924,4 @@ fill-range/index.js:
|
|
|
19923
19924
|
* Licensed under the MIT License.
|
|
19924
19925
|
*)
|
|
19925
19926
|
*/
|
|
19926
|
-
//# sourceMappingURL=chunk-
|
|
19927
|
+
//# sourceMappingURL=chunk-S4OPEAUO.js.map
|
|
@@ -8,7 +8,7 @@ import {
|
|
|
8
8
|
__commonJS,
|
|
9
9
|
__name,
|
|
10
10
|
__require
|
|
11
|
-
} from "./chunk-
|
|
11
|
+
} from "./chunk-S4OPEAUO.js";
|
|
12
12
|
|
|
13
13
|
// node_modules/source-map/lib/base64.js
|
|
14
14
|
var require_base64 = __commonJS({
|
|
@@ -224380,4 +224380,4 @@ typescript/lib/typescript.js:
|
|
|
224380
224380
|
and limitations under the License.
|
|
224381
224381
|
***************************************************************************** *)
|
|
224382
224382
|
*/
|
|
224383
|
-
//# sourceMappingURL=chunk-
|
|
224383
|
+
//# sourceMappingURL=chunk-SGCFSZ72.js.map
|
|
@@ -6,10 +6,10 @@ import "./iterator-helpers-polyfill.js";
|
|
|
6
6
|
|
|
7
7
|
import {
|
|
8
8
|
require_moduleresolver
|
|
9
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-SGCFSZ72.js";
|
|
10
10
|
import {
|
|
11
11
|
require_sandbox
|
|
12
|
-
} from "./chunk-
|
|
12
|
+
} from "./chunk-AQ5JQOUT.js";
|
|
13
13
|
import {
|
|
14
14
|
__commonJS,
|
|
15
15
|
__name,
|
|
@@ -17,7 +17,7 @@ import {
|
|
|
17
17
|
require_files,
|
|
18
18
|
require_options,
|
|
19
19
|
require_transform
|
|
20
|
-
} from "./chunk-
|
|
20
|
+
} from "./chunk-S4OPEAUO.js";
|
|
21
21
|
|
|
22
22
|
// lib/approx/hooks.js
|
|
23
23
|
var require_hooks = __commonJS({
|
|
@@ -9,11 +9,11 @@ import {
|
|
|
9
9
|
require_hints,
|
|
10
10
|
require_parser,
|
|
11
11
|
require_patching
|
|
12
|
-
} from "./chunk-
|
|
12
|
+
} from "./chunk-IHOAXGXT.js";
|
|
13
13
|
import {
|
|
14
14
|
require_moduleresolver,
|
|
15
15
|
require_typescript
|
|
16
|
-
} from "./chunk-
|
|
16
|
+
} from "./chunk-SGCFSZ72.js";
|
|
17
17
|
import {
|
|
18
18
|
__commonJS,
|
|
19
19
|
__name,
|
|
@@ -37,7 +37,7 @@ import {
|
|
|
37
37
|
require_tokens,
|
|
38
38
|
require_transform,
|
|
39
39
|
require_util
|
|
40
|
-
} from "./chunk-
|
|
40
|
+
} from "./chunk-S4OPEAUO.js";
|
|
41
41
|
|
|
42
42
|
// lib/misc/timer.js
|
|
43
43
|
var require_timer = __commonJS({
|
|
@@ -525,6 +525,7 @@ var require_patternparser = __commonJS({
|
|
|
525
525
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
526
526
|
exports.AccessPathPatternCanonicalizer = void 0;
|
|
527
527
|
exports.parseDetectionPattern = parseDetectionPattern;
|
|
528
|
+
var util_1 = require_util();
|
|
528
529
|
var patterns_1 = require_patterns();
|
|
529
530
|
var AccessPathPatternCanonicalizer = class {
|
|
530
531
|
static {
|
|
@@ -532,12 +533,7 @@ var require_patternparser = __commonJS({
|
|
|
532
533
|
}
|
|
533
534
|
canonical = /* @__PURE__ */ new Map();
|
|
534
535
|
canonicalize(p) {
|
|
535
|
-
|
|
536
|
-
const c = this.canonical.get(key);
|
|
537
|
-
if (c)
|
|
538
|
-
return c;
|
|
539
|
-
this.canonical.set(key, p);
|
|
540
|
-
return p;
|
|
536
|
+
return (0, util_1.getOrSet)(this.canonical, p.toString(), () => p);
|
|
541
537
|
}
|
|
542
538
|
};
|
|
543
539
|
exports.AccessPathPatternCanonicalizer = AccessPathPatternCanonicalizer;
|
|
@@ -877,6 +873,7 @@ var require_patternparser = __commonJS({
|
|
|
877
873
|
[filter, pos] = parseFilter(pos);
|
|
878
874
|
filters.push(filter);
|
|
879
875
|
}
|
|
876
|
+
p = c.canonicalize(new patterns_1.CallResultAccessPathPattern(p));
|
|
880
877
|
res = new patterns_1.CallDetectionPattern(p, onlyReturnChanged, onlyWhenUsedAsPromise, onlyNonNewCalls, filters.length > 0 ? filters : void 0);
|
|
881
878
|
} else if (([b, pos] = parseOptionalKeyword(pos, "component")) && b) {
|
|
882
879
|
pos = parseSpace(pos, false);
|
|
@@ -887,6 +884,7 @@ var require_patternparser = __commonJS({
|
|
|
887
884
|
[filter, pos] = parseFilter(pos);
|
|
888
885
|
filters.push(filter);
|
|
889
886
|
}
|
|
887
|
+
p = c.canonicalize(new patterns_1.ComponentAccessPathPattern(p));
|
|
890
888
|
res = new patterns_1.ComponentDetectionPattern(p, filters.length > 0 ? filters : void 0);
|
|
891
889
|
} else
|
|
892
890
|
throw 0;
|
|
@@ -1067,7 +1065,7 @@ ${pattern}${"semanticPatchId" in p ? ` (pattern #${p.semanticPatchId} version ${
|
|
|
1067
1065
|
const s = /* @__PURE__ */ new Set();
|
|
1068
1066
|
for (const d of ds)
|
|
1069
1067
|
if (d)
|
|
1070
|
-
d.ap.visitAccessPathPatterns((p) => {
|
|
1068
|
+
(d instanceof patterns_1.DetectionPattern ? d.ap : d).visitAccessPathPatterns((p) => {
|
|
1071
1069
|
if (p instanceof patterns_1.ImportAccessPathPattern)
|
|
1072
1070
|
s.add(p.glob);
|
|
1073
1071
|
});
|
|
@@ -1090,10 +1088,10 @@ ${pattern}${"semanticPatchId" in p ? ` (pattern #${p.semanticPatchId} version ${
|
|
|
1090
1088
|
bs.set(i);
|
|
1091
1089
|
return bs;
|
|
1092
1090
|
});
|
|
1093
|
-
function getPatternGraph(
|
|
1091
|
+
function getPatternGraph(ps) {
|
|
1094
1092
|
const unknowns = /* @__PURE__ */ new Map();
|
|
1095
1093
|
return {
|
|
1096
|
-
graph: new Map(
|
|
1094
|
+
graph: new Map(ps.map((p) => {
|
|
1097
1095
|
const edges = Array.from({ length: 4 }, () => new bitset_1.SmallBitSet());
|
|
1098
1096
|
const properties = /* @__PURE__ */ new Map();
|
|
1099
1097
|
let wildcardIdx = -1;
|
|
@@ -1172,7 +1170,7 @@ ${pattern}${"semanticPatchId" in p ? ` (pattern #${p.semanticPatchId} version ${
|
|
|
1172
1170
|
edges[i].unionUpdate(post);
|
|
1173
1171
|
return [post, false];
|
|
1174
1172
|
}, "aux");
|
|
1175
|
-
aux(p
|
|
1173
|
+
aux(p);
|
|
1176
1174
|
return [p, (prev, next) => {
|
|
1177
1175
|
const [a, b] = [classify(prev), classify(next)];
|
|
1178
1176
|
if (!a || !b)
|
|
@@ -1199,6 +1197,7 @@ var require_globalstate = __commonJS({
|
|
|
1199
1197
|
};
|
|
1200
1198
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
1201
1199
|
exports.GlobalState = void 0;
|
|
1200
|
+
var fs_1 = __require("fs");
|
|
1202
1201
|
var util_1 = require_util();
|
|
1203
1202
|
var constraintvars_1 = require_constraintvars();
|
|
1204
1203
|
var tokens_1 = require_tokens();
|
|
@@ -1265,7 +1264,7 @@ var require_globalstate = __commonJS({
|
|
|
1265
1264
|
}
|
|
1266
1265
|
set vulnerabilities(v) {
|
|
1267
1266
|
this._vulnerabilities = v;
|
|
1268
|
-
this.accessPathEdges = v && options_1.options.preciseAccessPathTransitions ? (0, patternloader_1.getPatternGraph)(v.
|
|
1267
|
+
this.accessPathEdges = v && options_1.options.preciseAccessPathTransitions ? (0, patternloader_1.getPatternGraph)(v.getUniqueAPPatterns()) : void 0;
|
|
1269
1268
|
}
|
|
1270
1269
|
canonicalizeVar(v) {
|
|
1271
1270
|
const next = /* @__PURE__ */ __name(() => {
|
|
@@ -1386,7 +1385,14 @@ var require_globalstate = __commonJS({
|
|
|
1386
1385
|
if (logger_1.default.isDebugEnabled())
|
|
1387
1386
|
logger_1.default.debug(`${moduleInfo} already encountered in another directory`);
|
|
1388
1387
|
} else {
|
|
1389
|
-
|
|
1388
|
+
let ignoreModule = from && (options_1.options.ignoreDependencies || !packageInfo.isEntry && (options_1.options.includePackages && !options_1.options.includePackages.includes(packageInfo.name))) || options_1.options.excludePackages?.includes(packageInfo.name);
|
|
1389
|
+
if (!ignoreModule && options_1.options.maxFileSize !== void 0) {
|
|
1390
|
+
const fileSize = (0, fs_1.statSync)(tofile).size;
|
|
1391
|
+
if (fileSize > options_1.options.maxFileSize) {
|
|
1392
|
+
ignoreModule = true;
|
|
1393
|
+
logger_1.default.warn(`Ignoring module ${tofile} due to file size ${fileSize} > ${options_1.options.maxFileSize}`);
|
|
1394
|
+
}
|
|
1395
|
+
}
|
|
1390
1396
|
moduleInfo = new infos_1.ModuleInfo(rel, packageInfo, from === void 0, !ignoreModule);
|
|
1391
1397
|
packageInfo.modules.set(rel, moduleInfo);
|
|
1392
1398
|
this.moduleInfos.set(moduleInfo.toString(), moduleInfo);
|
|
@@ -2675,6 +2681,7 @@ var require_solver = __commonJS({
|
|
|
2675
2681
|
phase;
|
|
2676
2682
|
timer = new timer_1.default();
|
|
2677
2683
|
lazyRoundsHook;
|
|
2684
|
+
terminationCheckCounter = 0;
|
|
2678
2685
|
constructor(abort) {
|
|
2679
2686
|
this.abort = abort;
|
|
2680
2687
|
}
|
|
@@ -2829,6 +2836,10 @@ var require_solver = __commonJS({
|
|
|
2829
2836
|
unprocessedTokensSize: d.unprocessedTokensSize,
|
|
2830
2837
|
unprocessedListeners1: f.postponedListenerCalls.length,
|
|
2831
2838
|
unprocessedListeners2: f.postponedListenerCalls2.length,
|
|
2839
|
+
tokenListenerNotifications1: d.tokenListenerNotifications,
|
|
2840
|
+
tokenListenerNotifications2: d.tokenListener2Notifications,
|
|
2841
|
+
arrayEntriesListenerNotifications: d.arrayEntriesListenerNotifications,
|
|
2842
|
+
objectPropertiesListenerNotifications: d.objectPropertiesListenerNotifications,
|
|
2832
2843
|
packages: a.packageInfos.size,
|
|
2833
2844
|
modules: a.moduleInfos.size,
|
|
2834
2845
|
modulesFull: d.modulesFull,
|
|
@@ -2849,8 +2860,7 @@ var require_solver = __commonJS({
|
|
|
2849
2860
|
if (d > this.diagnostics.lastPrintDiagnosticsTime + 100) {
|
|
2850
2861
|
this.diagnostics.lastPrintDiagnosticsTime = d;
|
|
2851
2862
|
(0, logger_1.writeStdOut)(`${this.phase}... (total time: ${d}ms, call edges: ${f.numberOfCallToFunctionEdges}` + (options_1.options.diagnostics ? `, vars: ${f.getNumberOfVarsWithTokens()}, tokens: ${f.numberOfTokens}, subsets: ${f.numberOfSubsetEdges}, ` + (options_1.options.maxIndirections !== void 0 ? `round: ${this.diagnostics.round}, ` : "") + `wave: ${this.diagnostics.wave}, propagations: ${this.diagnostics.propagations}, worklist: ${this.diagnostics.unprocessedTokensSize + f.postponedListenerCalls.length + f.postponedListenerCalls2.length - this.postponedListenersProcessed}` : "") + ")");
|
|
2852
|
-
|
|
2853
|
-
(0, memory_1.checkMemoryLow)();
|
|
2863
|
+
this.checkTerminationConditions();
|
|
2854
2864
|
}
|
|
2855
2865
|
}
|
|
2856
2866
|
}
|
|
@@ -3226,7 +3236,8 @@ var require_solver = __commonJS({
|
|
|
3226
3236
|
for (const to of s)
|
|
3227
3237
|
this.addTokens(ts, to);
|
|
3228
3238
|
this.incrementPropagations();
|
|
3229
|
-
}
|
|
3239
|
+
} else
|
|
3240
|
+
this.incrementTerminationCheckCount();
|
|
3230
3241
|
const tr = f.tokenListeners.get(v);
|
|
3231
3242
|
if (tr)
|
|
3232
3243
|
if (Array.isArray(ts))
|
|
@@ -3249,11 +3260,7 @@ var require_solver = __commonJS({
|
|
|
3249
3260
|
}
|
|
3250
3261
|
incrementPropagations() {
|
|
3251
3262
|
this.diagnostics.propagations++;
|
|
3252
|
-
|
|
3253
|
-
this.globalState.timeoutTimer.checkTimeout();
|
|
3254
|
-
(0, memory_1.checkMemoryLow)();
|
|
3255
|
-
this.printDiagnostics();
|
|
3256
|
-
}
|
|
3263
|
+
this.incrementTerminationCheckCount();
|
|
3257
3264
|
}
|
|
3258
3265
|
isIgnoredVar(v) {
|
|
3259
3266
|
return v instanceof constraintvars_1.ObjectPropertyVar && v.obj instanceof tokens_1.NativeObjectToken && !v.obj.moduleInfo && (v.accessor === "get" || v.accessor === "set");
|
|
@@ -3264,8 +3271,7 @@ var require_solver = __commonJS({
|
|
|
3264
3271
|
logger_1.default.debug("Processing constraints until fixpoint...");
|
|
3265
3272
|
const { fragmentState: f, diagnostics: d } = this;
|
|
3266
3273
|
d.propagationRounds++;
|
|
3267
|
-
|
|
3268
|
-
(0, memory_1.checkMemoryLow)();
|
|
3274
|
+
this.checkTerminationConditions();
|
|
3269
3275
|
await this.checkAbort();
|
|
3270
3276
|
if (logger_1.default.isVerboseEnabled())
|
|
3271
3277
|
logger_1.default.verbose(`Propagating (tokens: ${this.unprocessedTokens.size}, non-bounded: ${f.postponedListenerCalls.length}, bounded: ${f.postponedListenerCalls2.length})`);
|
|
@@ -3337,11 +3343,7 @@ var require_solver = __commonJS({
|
|
|
3337
3343
|
d.listenerNotificationRounds++;
|
|
3338
3344
|
f.postponedListenerCalls.forEach((fun, arg) => {
|
|
3339
3345
|
fun(arg);
|
|
3340
|
-
|
|
3341
|
-
f.a.timeoutTimer.checkTimeout();
|
|
3342
|
-
(0, memory_1.checkMemoryLow)();
|
|
3343
|
-
this.printDiagnostics();
|
|
3344
|
-
}
|
|
3346
|
+
this.incrementTerminationCheckCount();
|
|
3345
3347
|
});
|
|
3346
3348
|
f.postponedListenerCalls.length = this.postponedListenersProcessed = 0;
|
|
3347
3349
|
d.totalListenerCallTime += timer.elapsed();
|
|
@@ -3361,11 +3363,7 @@ var require_solver = __commonJS({
|
|
|
3361
3363
|
this.postponedListenersProcessed = 0;
|
|
3362
3364
|
f.postponedListenerCalls2.forEachAndClear((fun, arg) => {
|
|
3363
3365
|
fun(arg);
|
|
3364
|
-
|
|
3365
|
-
f.a.timeoutTimer.checkTimeout();
|
|
3366
|
-
(0, memory_1.checkMemoryLow)();
|
|
3367
|
-
this.printDiagnostics();
|
|
3368
|
-
}
|
|
3366
|
+
this.incrementTerminationCheckCount();
|
|
3369
3367
|
});
|
|
3370
3368
|
d.totalListenerCallTime += timer.elapsed();
|
|
3371
3369
|
if (logger_1.default.isVerboseEnabled() || options_1.options.diagnostics && options_1.options.printProgress)
|
|
@@ -3396,6 +3394,18 @@ var require_solver = __commonJS({
|
|
|
3396
3394
|
}
|
|
3397
3395
|
}
|
|
3398
3396
|
}
|
|
3397
|
+
incrementTerminationCheckCount() {
|
|
3398
|
+
if (++this.terminationCheckCounter === 100) {
|
|
3399
|
+
this.checkTerminationConditions(true);
|
|
3400
|
+
this.terminationCheckCounter = 0;
|
|
3401
|
+
}
|
|
3402
|
+
}
|
|
3403
|
+
checkTerminationConditions(printDiagnostics = false) {
|
|
3404
|
+
if (printDiagnostics)
|
|
3405
|
+
this.printDiagnostics();
|
|
3406
|
+
this.globalState.timeoutTimer.checkTimeout();
|
|
3407
|
+
(0, memory_1.checkMemoryLow)();
|
|
3408
|
+
}
|
|
3399
3409
|
assertLazy(strings, ...values) {
|
|
3400
3410
|
const template = strings.join("%s");
|
|
3401
3411
|
if (options_1.options.lazySoftAssert) {
|
|
@@ -5617,11 +5627,8 @@ var require_analyzer = __commonJS({
|
|
|
5617
5627
|
}
|
|
5618
5628
|
if (!options_1.options.reparse || a.reachedModulesFull.has(moduleInfo))
|
|
5619
5629
|
moduleInfo.ast = ast;
|
|
5620
|
-
if (d.modules % 16 === 0)
|
|
5621
|
-
solver.
|
|
5622
|
-
a.timeoutTimer.checkTimeout();
|
|
5623
|
-
(0, memory_1.checkMemoryLow)();
|
|
5624
|
-
}
|
|
5630
|
+
if (d.modules % 16 === 0)
|
|
5631
|
+
solver.checkTerminationConditions(true);
|
|
5625
5632
|
}
|
|
5626
5633
|
for (const moduleInfo of a.pendingModulesFull) {
|
|
5627
5634
|
let ast = moduleInfo.ast;
|
|
@@ -5634,11 +5641,8 @@ var require_analyzer = __commonJS({
|
|
|
5634
5641
|
const str = fs_1.default.readFileSync(file, "utf8");
|
|
5635
5642
|
ast = (0, parser_1.parseAndDesugar)(str, file, solver.fragmentState);
|
|
5636
5643
|
}
|
|
5637
|
-
if (++d.modulesFull % 16 === 0)
|
|
5638
|
-
solver.
|
|
5639
|
-
a.timeoutTimer.checkTimeout();
|
|
5640
|
-
(0, memory_1.checkMemoryLow)();
|
|
5641
|
-
}
|
|
5644
|
+
if (++d.modulesFull % 16 === 0)
|
|
5645
|
+
solver.checkTerminationConditions(true);
|
|
5642
5646
|
if (!options_1.options.modulesOnly && options_1.options.printProgress)
|
|
5643
5647
|
logger_1.default.info(`Analyzing ${moduleInfo}`);
|
|
5644
5648
|
const moduleParams = (0, extras_1.preprocessAst)(ast, moduleInfo);
|
|
@@ -9248,7 +9252,7 @@ var require_patternmatcher = __commonJS({
|
|
|
9248
9252
|
res.push({ exp, encl, uncertainties });
|
|
9249
9253
|
}
|
|
9250
9254
|
} else if (d instanceof patterns_1.CallDetectionPattern) {
|
|
9251
|
-
const sub = this.findAccessPathPatternMatches(
|
|
9255
|
+
const sub = this.findAccessPathPatternMatches(d.ap, moduleFilter);
|
|
9252
9256
|
const f = this.fragmentState;
|
|
9253
9257
|
for (const level of exports.confidenceLevels)
|
|
9254
9258
|
matches: for (const [exp, [, encl]] of sub[level]) {
|
|
@@ -9291,7 +9295,7 @@ var require_patternmatcher = __commonJS({
|
|
|
9291
9295
|
}
|
|
9292
9296
|
}
|
|
9293
9297
|
} else if (d instanceof patterns_1.ComponentDetectionPattern) {
|
|
9294
|
-
const sub = this.findAccessPathPatternMatches(
|
|
9298
|
+
const sub = this.findAccessPathPatternMatches(d.ap, moduleFilter);
|
|
9295
9299
|
for (const level of exports.confidenceLevels)
|
|
9296
9300
|
matches: for (const [exp, [, encl]] of sub[level]) {
|
|
9297
9301
|
(0, assert_1.default)(encl);
|
|
@@ -9490,8 +9494,7 @@ var require_tapirpatterns = __commonJS({
|
|
|
9490
9494
|
const tpVersion = "version" in tp ? ` (version ${tp.version})` : "";
|
|
9491
9495
|
const p = patterns[i];
|
|
9492
9496
|
if (p) {
|
|
9493
|
-
solver.
|
|
9494
|
-
(0, memory_1.checkMemoryLow)();
|
|
9497
|
+
solver.checkTerminationConditions();
|
|
9495
9498
|
const ms = matcher.findDetectionPatternMatches(p, solver.diagnostics);
|
|
9496
9499
|
for (const m of ms) {
|
|
9497
9500
|
logger_1.default.info(`Pattern #${tpId}: ${tpPattern}${tpVersion} matches ${(0, util_1.locationToStringWithFileAndEnd)(m.exp.loc)} (confidence: ${isHigh(m) ? "high" : "low"})`);
|
|
@@ -13217,7 +13220,7 @@ ${p} (${(0, vulnerabilities_1.getVulnerabilityId)(v)})`);
|
|
|
13217
13220
|
}
|
|
13218
13221
|
}
|
|
13219
13222
|
const globToPatterns = /* @__PURE__ */ new Map();
|
|
13220
|
-
const patterns = this.
|
|
13223
|
+
const patterns = this.getUniqueAPPatterns();
|
|
13221
13224
|
for (const p of patterns)
|
|
13222
13225
|
for (const glob of (0, patternloader_1.getGlobs)([p]))
|
|
13223
13226
|
(0, util_1.mapArrayAdd)(glob, p, globToPatterns);
|
|
@@ -13225,13 +13228,16 @@ ${p} (${(0, vulnerabilities_1.getVulnerabilityId)(v)})`);
|
|
|
13225
13228
|
this.importGlobsToPatterns.push([micromatch_1.default.matcher(g), ps]);
|
|
13226
13229
|
this.hasCallbackArgumentPattern = patterns.some((p) => {
|
|
13227
13230
|
let found = false;
|
|
13228
|
-
p.
|
|
13231
|
+
p.visitAccessPathPatterns((app) => found ||= app instanceof patterns_1.CallbackArgumentAccessPathPattern);
|
|
13229
13232
|
return found;
|
|
13230
13233
|
});
|
|
13231
13234
|
}
|
|
13232
13235
|
getPatterns() {
|
|
13233
13236
|
return this.patterns.values().flatMap((ps) => ps).toArray();
|
|
13234
13237
|
}
|
|
13238
|
+
getUniqueAPPatterns() {
|
|
13239
|
+
return Array.from(new Set(this.getPatterns().map((p) => p.ap)));
|
|
13240
|
+
}
|
|
13235
13241
|
reachedPackage(packageInfo) {
|
|
13236
13242
|
const vs = this.vulnerabilities.get(packageInfo.name);
|
|
13237
13243
|
if (vs) {
|
|
@@ -14008,7 +14014,7 @@ var require_main = __commonJS({
|
|
|
14008
14014
|
var assert_1 = __importDefault(__require("assert"));
|
|
14009
14015
|
var semver_1 = __importDefault(require_semver2());
|
|
14010
14016
|
var ENGINES_NODE = require_package()?.engines?.node;
|
|
14011
|
-
commander_1.program.name("jelly").version(options_1.VERSION).addHelpText("before", options_1.COPYRIGHT).option("-b, --basedir <directory>", "base directory for files to analyze (default: auto-detect)").option("-f, --logfile <file>", "log to file (default: log to stdout)").option("-l, --loglevel <level>", "log level (debug/verbose/info/warn/error)", "info").option("-i, --timeout <seconds>", "limit analysis time").option("-a, --dataflow-html <file>", "save data-flow graph as HTML file").option("-m, --callgraph-html <file>", "save call graph as HTML file").option("-j, --callgraph-json <file>", "save call graph as JSON file").option("-s, --soundness <file>", "compare with dynamic call graph").option("-n, --graal-home <directory>", "home of graal-nodejs (default: $GRAAL_HOME)").option("-d, --dynamic <file>", "generate call graph dynamically, no static analysis").option("--approx", "enable approximate interpretation").option("--approx-only <file>", "perform approximate interpretation, no static analysis").option("--approx-load <file>", "use pre-computed approximate interpretation results").option("-p, --patterns <file...>", "files containing API usage patterns to detect").option("-v, --vulnerabilities <file>", "report vulnerability matches").option("--vulnerabilities-json <json>", "report vulnerability matches (patterns given as JSON string)").option("--include-packages <package...>", "include only dependencies in this list").option("--exclude-packages <package...>", "exclude dependencies in this list").option("--ignore-dependencies", "don't include dependencies in analysis").option("--ignore-unresolved", "don't report errors about unresolved modules").option("--npm-test <dir>", "run 'npm test' instead of 'node' (use with -d)").option("--callgraph", "report call graph").option("--tokens-json <file>", "save tokens for constraint variables as JSON file").option("--tokens", "report tokens for constraint variables").option("--largest", "report largest token sets and subset relations").option("--no-cycle-elimination", "disable cycle elimination").option("--no-natives", "disable nonessential models of native libraries").option("--test-graal", "test graal-nodejs (use with -d)").option("--no-print-progress", "don't print analysis progress information").option("--no-tty", "don't print solver progress for TTY").option("--warnings-unsupported", "print warnings about unsupported features").option("--gc", "enable garbage collection for more accurate memory usage reporting").option("--typescript", "enable TypeScript type inference (use with -p)").option("--api-usage", "report API usage of external packages (implies --ignore-dependencies)").option("--api-exported", "report API of modules").option("--find-access-paths <location>", "find access paths for source location (file:line)").option("--higher-order-functions", "report higher-order functions").option("--zeros", "report calls with zero callees and functions with zero callers").option("--exclude-entries <glob...>", "files to exclude when specifying entry directories").option("--tracked-modules <glob...>", "modules to track usage of (default: auto-detect)").option("--external-matches", "enable pattern matches from external code").option("--no-callgraph-implicit", "omit implicit calls in call graph").option("--no-callgraph-native", "omit native calls in call graph").option("--no-callgraph-require", "omit module loading in call graph").option("--no-callgraph-external", "omit heuristic external callbacks in call graph").option("--diagnostics", "report internal analysis diagnostics").option("--diagnostics-json <file>", "save analysis diagnostics in JSON file").option("--variable-kinds", "report constraint variable kinds").option("--max-waves <number>", "limit number of fixpoint waves").option("--max-indirections <number>", "limit number of function call and property write indirections").option("--full-indirection-bounding", "enable indirection bounding for method calls and property reads (use with --max-indirections)").option("--typescript-library-usage <file>", "save TypeScript library usage in JSON file, no analysis").option("--modules-only", "report reachable packages and modules only, no analysis").option("--compare-callgraphs", "compare two call graphs given as JSON files, no analysis").option("--reachability", "compare call graph reachability (use with -s or --compare-callgraphs)").option("--library", "assume program is a library (default: true if in node_modules)").option("--skip-tests", "skip files that look like tests").option("--no-patch-escaping", "disable patching using escape analysis").option("--patch-dynamics", "enable dynamic property access patching heuristic").option("--patch-method-calls", "enable method call patching heuristic").option("--no-patch-this", "disable 'this' patching heuristic").option("--proto", "enable model of assignments to the __proto__ property").option("--obj-spread", "enable model of spread syntax for object literals ({...obj})").option("--native-overwrites", "allow overwriting of native object properties").option("--ignore-imprecise-native-calls", "ignore imprecise native calls").option("--matches-json <file>", "save vulnerability pattern matches in JSON file").option("--reachable-json <file>", "save reachable packages and modules in JSON file").option("--callstacks-json <file>", "save vulnerability call stacks in JSON file").option("--vulnerabilities-full", "full report of vulnerabilities").option("--eager-propagation", "perform propagation after each module").option("--no-interops", "disable models of common module interop helper functions").option("--modules-json <file>", "save modules dependencies in JSON file").option("--precise-access-path-transitions", "enable pruning of imprecise access path transitions (uses more unique access path tokens)").addOption(commander_1.program.createOption("--lazy", "lazy analysis of modules").implies({
|
|
14017
|
+
commander_1.program.name("jelly").version(options_1.VERSION).addHelpText("before", options_1.COPYRIGHT).option("-b, --basedir <directory>", "base directory for files to analyze (default: auto-detect)").option("-f, --logfile <file>", "log to file (default: log to stdout)").option("-l, --loglevel <level>", "log level (debug/verbose/info/warn/error)", "info").option("-i, --timeout <seconds>", "limit analysis time").option("-a, --dataflow-html <file>", "save data-flow graph as HTML file").option("-m, --callgraph-html <file>", "save call graph as HTML file").option("-j, --callgraph-json <file>", "save call graph as JSON file").option("-s, --soundness <file>", "compare with dynamic call graph").option("-n, --graal-home <directory>", "home of graal-nodejs (default: $GRAAL_HOME)").option("-d, --dynamic <file>", "generate call graph dynamically, no static analysis").option("--approx", "enable approximate interpretation").option("--approx-only <file>", "perform approximate interpretation, no static analysis").option("--approx-load <file>", "use pre-computed approximate interpretation results").option("-p, --patterns <file...>", "files containing API usage patterns to detect").option("-v, --vulnerabilities <file>", "report vulnerability matches").option("--vulnerabilities-json <json>", "report vulnerability matches (patterns given as JSON string)").option("--include-packages <package...>", "include only dependencies in this list").option("--exclude-packages <package...>", "exclude dependencies in this list").option("--ignore-dependencies", "don't include dependencies in analysis").option("--ignore-unresolved", "don't report errors about unresolved modules").option("--npm-test <dir>", "run 'npm test' instead of 'node' (use with -d)").option("--callgraph", "report call graph").option("--tokens-json <file>", "save tokens for constraint variables as JSON file").option("--tokens", "report tokens for constraint variables").option("--largest", "report largest token sets and subset relations").option("--no-cycle-elimination", "disable cycle elimination").option("--no-natives", "disable nonessential models of native libraries").option("--test-graal", "test graal-nodejs (use with -d)").option("--no-print-progress", "don't print analysis progress information").option("--no-tty", "don't print solver progress for TTY").option("--warnings-unsupported", "print warnings about unsupported features").option("--gc", "enable garbage collection for more accurate memory usage reporting").option("--typescript", "enable TypeScript type inference (use with -p)").option("--api-usage", "report API usage of external packages (implies --ignore-dependencies)").option("--api-exported", "report API of modules").option("--find-access-paths <location>", "find access paths for source location (file:line)").option("--higher-order-functions", "report higher-order functions").option("--zeros", "report calls with zero callees and functions with zero callers").option("--exclude-entries <glob...>", "files to exclude when specifying entry directories").option("--tracked-modules <glob...>", "modules to track usage of (default: auto-detect)").option("--external-matches", "enable pattern matches from external code").option("--no-callgraph-implicit", "omit implicit calls in call graph").option("--no-callgraph-native", "omit native calls in call graph").option("--no-callgraph-require", "omit module loading in call graph").option("--no-callgraph-external", "omit heuristic external callbacks in call graph").option("--diagnostics", "report internal analysis diagnostics").option("--diagnostics-json <file>", "save analysis diagnostics in JSON file").option("--variable-kinds", "report constraint variable kinds").option("--max-waves <number>", "limit number of fixpoint waves").option("--max-indirections <number>", "limit number of function call and property write indirections").option("--full-indirection-bounding", "enable indirection bounding for method calls and property reads (use with --max-indirections)").option("--typescript-library-usage <file>", "save TypeScript library usage in JSON file, no analysis").option("--modules-only", "report reachable packages and modules only, no analysis").option("--compare-callgraphs", "compare two call graphs given as JSON files, no analysis").option("--reachability", "compare call graph reachability (use with -s or --compare-callgraphs)").option("--library", "assume program is a library (default: true if in node_modules)").option("--skip-tests", "skip files that look like tests").option("--no-patch-escaping", "disable patching using escape analysis").option("--patch-dynamics", "enable dynamic property access patching heuristic").option("--patch-method-calls", "enable method call patching heuristic").option("--no-patch-this", "disable 'this' patching heuristic").option("--proto", "enable model of assignments to the __proto__ property").option("--obj-spread", "enable model of spread syntax for object literals ({...obj})").option("--native-overwrites", "allow overwriting of native object properties").option("--ignore-imprecise-native-calls", "ignore imprecise native calls").option("--matches-json <file>", "save vulnerability pattern matches in JSON file").option("--reachable-json <file>", "save reachable packages and modules in JSON file").option("--callstacks-json <file>", "save vulnerability call stacks in JSON file").option("--vulnerabilities-full", "full report of vulnerabilities").option("--eager-propagation", "perform propagation after each module").option("--no-interops", "disable models of common module interop helper functions").option("--modules-json <file>", "save modules dependencies in JSON file").option("--max-file-size <bytes>", "skip files larger than the given size in bytes", (value) => parseInt(value, 10)).option("--precise-access-path-transitions", "enable pruning of imprecise access path transitions (uses more unique access path tokens)").addOption(commander_1.program.createOption("--lazy", "lazy analysis of modules").implies({
|
|
14012
14018
|
preciseAccessPathTransitions: true
|
|
14013
14019
|
})).option("--lazy-cleanup", "lazily clean up redundant tokens for lazy module analysis").option("--lazy-soft-assert", "assertions for --lazy mode are non-fatal (see diagnostics)").option("--reparse", "reparse by need (use with --lazy)").option("--memory <limit>", "abort if reaching selected fraction of memory limit").usage("[options] [files]").addHelpText("after", `
|
|
14014
14020
|
All modules reachable by require/import from the given files are included in the analysis
|