@coana-tech/cli 14.12.209 → 14.12.211
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +1 -1
- package/package.json +1 -1
- package/reachability-analyzers-cli.mjs +10 -4
- package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
- package/repos/coana-tech/javap-service/javap-service.jar +0 -0
package/cli.mjs
CHANGED
|
@@ -251742,7 +251742,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
251742
251742
|
}
|
|
251743
251743
|
|
|
251744
251744
|
// dist/version.js
|
|
251745
|
-
var version3 = "14.12.
|
|
251745
|
+
var version3 = "14.12.211";
|
|
251746
251746
|
|
|
251747
251747
|
// dist/cli-core.js
|
|
251748
251748
|
var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
|
package/package.json
CHANGED
|
@@ -110928,6 +110928,9 @@ function convertToArtifactForInstallation(dep) {
|
|
|
110928
110928
|
}
|
|
110929
110929
|
|
|
110930
110930
|
// dist/whole-program-code-aware-vulnerability-scanner/js/heuristics.js
|
|
110931
|
+
var largeIndirectionBoundOptions = {
|
|
110932
|
+
maxIndirections: 1024
|
|
110933
|
+
};
|
|
110931
110934
|
var lazyIndirectionBoundOptions = {
|
|
110932
110935
|
maxIndirections: 5
|
|
110933
110936
|
};
|
|
@@ -111863,7 +111866,9 @@ var SparJSAnalysisEngine = class extends JSAnalysisEngine {
|
|
|
111863
111866
|
--reachable-json ${affectedPackagesFile}
|
|
111864
111867
|
${getExcludes(mainProjectRoot, projectRoot, reachabilityAnalysisOptions)}
|
|
111865
111868
|
--diagnostics-json ${diagnosticsFile}
|
|
111866
|
-
--max-indirections
|
|
111869
|
+
--max-indirections=${/* XXX: maxIndirections is tuned for --lazy mode, which SparJS doesn't support,
|
|
111870
|
+
* so we use a value that's better for non-lazy analysis. */
|
|
111871
|
+
maxIndirections ? largeIndirectionBoundOptions.maxIndirections : void 0}
|
|
111867
111872
|
${!!includePackages && (includePackages.length ? ["--include-packages", ...includePackages] : ["--ignore-dependencies"])}
|
|
111868
111873
|
${/* XXX: Requires Node 22+ */
|
|
111869
111874
|
approx && "--approx"}
|
|
@@ -112034,7 +112039,7 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
|
|
|
112034
112039
|
...new Set(state.vulnerabilities.flatMap((v) => Object.values(v.vulnChainDetails?.transitiveDependencies ?? {}).filter((d) => d.vulnerable === true).map((d) => d.packageName)))
|
|
112035
112040
|
];
|
|
112036
112041
|
const packagesToInstall = !includePackages ? state.workspaceData.type === "coana" ? Object.values(state.workspaceData.data.dependencyTree.transitiveDependencies).map((dep) => getPackageName(dep)) : state.workspaceData.data.artifacts.map((dep) => getPackageName(dep)) : [.../* @__PURE__ */ new Set([...includePackages, ...vulnerablePackageNames])];
|
|
112037
|
-
const { failedPackages } = await prepareNpmDependencies(state.
|
|
112042
|
+
const { failedPackages } = await prepareNpmDependencies(state.subprojectDir, this.projectDir, state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.transitiveDependencies : Object.fromEntries(state.workspaceData.data.artifacts.map((d) => [d.id, d])), state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.dependencies ?? [] : state.workspaceData.data.artifacts.filter((a2) => a2.direct).map((a2) => a2.id), packagesToInstall);
|
|
112038
112043
|
this.packagesExcludedUnrelatedToHeuristic = failedPackages.map((p) => getPackageName(p));
|
|
112039
112044
|
}
|
|
112040
112045
|
async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, experiment, telemetryHandler, analyzerTelemetryHandler) {
|
|
@@ -113914,8 +113919,8 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
113914
113919
|
const bucketsFromLastAnalysisAndCliVersion = await dashboardAPI.getBucketsForLastReport(relative9(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
|
|
113915
113920
|
if (!bucketsFromLastAnalysisAndCliVersion)
|
|
113916
113921
|
return void 0;
|
|
113917
|
-
const { cliVersion: cliVersion2, buckets:
|
|
113918
|
-
if (
|
|
113922
|
+
const { cliVersion: cliVersion2, buckets: rawBucketsFromLastAnalysis } = bucketsFromLastAnalysisAndCliVersion;
|
|
113923
|
+
if (rawBucketsFromLastAnalysis.some((b) => b.heuristicName === heuristics.IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3.name))
|
|
113919
113924
|
return;
|
|
113920
113925
|
try {
|
|
113921
113926
|
if ((0, import_semver4.lt)(cliVersion2, CLI_VERSION_TO_USE_CACHING_FROM[ecosystem] ?? CLI_VERSION_TO_USE_CACHING_FROM_DEFAULT))
|
|
@@ -113923,6 +113928,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
113923
113928
|
} catch (e) {
|
|
113924
113929
|
return void 0;
|
|
113925
113930
|
}
|
|
113931
|
+
const bucketsFromLastAnalysis = rawBucketsFromLastAnalysis.filter((b) => b.heuristicName !== "IMPORT_REACHABILITY");
|
|
113926
113932
|
const duplicateUrls = findDuplicateVulnsInBuckets(bucketsFromLastAnalysis);
|
|
113927
113933
|
if (duplicateUrls.length > 0) {
|
|
113928
113934
|
sendWarningToDashboard(`Assertion error: Detected bucket(s) with non-unique vulnerability URLs. Non-unique URLs: ${duplicateUrls.join(" ")}.`, {
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|