@coana-tech/cli 14.12.215 → 14.12.217

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/cli.mjs +68 -5
  2. package/package.json +1 -1
  3. package/reachability-analyzers-cli.mjs +37 -18
  4. package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
  5. package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
  6. package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
  7. package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
  8. package/repos/coana-tech/javap-service/javap-service.jar +0 -0
package/cli.mjs CHANGED
@@ -205353,6 +205353,7 @@ var AnalyzerTelemetryServer = class {
205353
205353
 
205354
205354
  // ../utils/src/command-utils.ts
205355
205355
  var DEFAULT_TIMEOUT_MS = 30 * 60 * 1e3;
205356
+ var DEFAULT_KILL_GRACE_PERIOD_MS = 60 * 1e3;
205356
205357
  async function execAndLogOnFailure(cmd, dir, options, logLevel = "info") {
205357
205358
  const result = await execNeverFail(cmd, dir, options);
205358
205359
  if (result.error) logCommandOutput(result, cmd, dir, logLevel);
@@ -205425,7 +205426,7 @@ function wrapWithMemoryLimit(cmd, options) {
205425
205426
  2
205426
205427
  )} MiB). Terminating process.`
205427
205428
  );
205428
- subprocess.kill(options.killSignal ?? "SIGTERM");
205429
+ subprocess.kill("SIGTERM");
205429
205430
  subprocess = void 0;
205430
205431
  }
205431
205432
  prevHandler?.onTelemetry(metrics);
@@ -205461,15 +205462,38 @@ async function execNeverFail(cmd, dir, options) {
205461
205462
  let args2;
205462
205463
  if (typeof cmd !== "string") [cmd, ...args2] = cmd;
205463
205464
  const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
205465
+ const killGracePeriodMs = options?.killGracePeriodMs ?? DEFAULT_KILL_GRACE_PERIOD_MS;
205464
205466
  const env = analyzerTelemetryFilePath ? { ...options?.env ?? process.env, ANALYZER_TELEMETRY_FILE_PATH: analyzerTelemetryFilePath } : options?.env;
205467
+ let sigtermTimer;
205468
+ let sigkillTimer;
205465
205469
  const childProcess = execFile2(
205466
205470
  cmd,
205467
205471
  args2,
205468
- { ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout },
205472
+ { ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout: 0 },
205469
205473
  (error, stdout, stderr) => {
205474
+ if (sigtermTimer) clearTimeout(sigtermTimer);
205475
+ if (sigkillTimer) clearTimeout(sigkillTimer);
205470
205476
  resolve45({ error, stdout, stderr });
205471
205477
  }
205472
205478
  );
205479
+ if (timeout > 0) {
205480
+ sigtermTimer = setTimeout(() => {
205481
+ if (childProcess.exitCode !== null || childProcess.signalCode !== null) return;
205482
+ childProcess.kill();
205483
+ if (killGracePeriodMs > 0) {
205484
+ sigkillTimer = setTimeout(() => {
205485
+ if (childProcess.exitCode === null && childProcess.signalCode === null) {
205486
+ logger.debug(
205487
+ `Process (pid ${childProcess.pid}) did not exit within ${killGracePeriodMs}ms of SIGTERM; escalating to SIGKILL`
205488
+ );
205489
+ childProcess.kill("SIGKILL");
205490
+ }
205491
+ }, killGracePeriodMs);
205492
+ sigkillTimer.unref?.();
205493
+ }
205494
+ }, timeout);
205495
+ sigtermTimer.unref?.();
205496
+ }
205473
205497
  if (options?.telemetryHandler && childProcess.pid)
205474
205498
  stopTelemetry = startTelemetry(childProcess, options.telemetryHandler);
205475
205499
  if (options?.pipe) {
@@ -224779,6 +224803,7 @@ var AnalyzerTelemetryServer2 = class {
224779
224803
 
224780
224804
  // ../utils/dist/command-utils.js
224781
224805
  var DEFAULT_TIMEOUT_MS2 = 30 * 60 * 1e3;
224806
+ var DEFAULT_KILL_GRACE_PERIOD_MS2 = 60 * 1e3;
224782
224807
  async function execAndLogOnFailure3(cmd, dir, options, logLevel = "info") {
224783
224808
  const result = await execNeverFail3(cmd, dir, options);
224784
224809
  if (result.error)
@@ -224847,7 +224872,7 @@ function wrapWithMemoryLimit2(cmd, options) {
224847
224872
  onTelemetry(metrics) {
224848
224873
  if (subprocess?.exitCode === null && metrics.rss >= memoryLimitKiB * 1024) {
224849
224874
  logger.debug(`Memory limit of ${options.memoryLimitInMB} MiB exceeded (RSS: ${(metrics.rss / 1024 / 1024).toFixed(2)} MiB). Terminating process.`);
224850
- subprocess.kill(options.killSignal ?? "SIGTERM");
224875
+ subprocess.kill("SIGTERM");
224851
224876
  subprocess = void 0;
224852
224877
  }
224853
224878
  prevHandler?.onTelemetry(metrics);
@@ -224882,10 +224907,34 @@ async function execNeverFail3(cmd, dir, options) {
224882
224907
  if (typeof cmd !== "string")
224883
224908
  [cmd, ...args2] = cmd;
224884
224909
  const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS2;
224910
+ const killGracePeriodMs = options?.killGracePeriodMs ?? DEFAULT_KILL_GRACE_PERIOD_MS2;
224885
224911
  const env = analyzerTelemetryFilePath ? { ...options?.env ?? process.env, ANALYZER_TELEMETRY_FILE_PATH: analyzerTelemetryFilePath } : options?.env;
224886
- const childProcess = execFile4(cmd, args2, { ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout }, (error, stdout, stderr) => {
224912
+ let sigtermTimer;
224913
+ let sigkillTimer;
224914
+ const childProcess = execFile4(cmd, args2, { ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout: 0 }, (error, stdout, stderr) => {
224915
+ if (sigtermTimer)
224916
+ clearTimeout(sigtermTimer);
224917
+ if (sigkillTimer)
224918
+ clearTimeout(sigkillTimer);
224887
224919
  resolve45({ error, stdout, stderr });
224888
224920
  });
224921
+ if (timeout > 0) {
224922
+ sigtermTimer = setTimeout(() => {
224923
+ if (childProcess.exitCode !== null || childProcess.signalCode !== null)
224924
+ return;
224925
+ childProcess.kill();
224926
+ if (killGracePeriodMs > 0) {
224927
+ sigkillTimer = setTimeout(() => {
224928
+ if (childProcess.exitCode === null && childProcess.signalCode === null) {
224929
+ logger.debug(`Process (pid ${childProcess.pid}) did not exit within ${killGracePeriodMs}ms of SIGTERM; escalating to SIGKILL`);
224930
+ childProcess.kill("SIGKILL");
224931
+ }
224932
+ }, killGracePeriodMs);
224933
+ sigkillTimer.unref?.();
224934
+ }
224935
+ }, timeout);
224936
+ sigtermTimer.unref?.();
224937
+ }
224889
224938
  if (options?.telemetryHandler && childProcess.pid)
224890
224939
  stopTelemetry = startTelemetry2(childProcess, options.telemetryHandler);
224891
224940
  if (options?.pipe) {
@@ -229679,11 +229728,13 @@ var PipSocketUpgradeManager = class {
229679
229728
  );
229680
229729
  pyprojectTomlMatcher = (0, import_picomatch8.default)("pyproject.toml", { basename: true });
229681
229730
  uvLockMatcher = (0, import_picomatch8.default)("uv.lock", { basename: true });
229731
+ poetryLockMatcher = (0, import_picomatch8.default)("poetry.lock", { basename: true });
229682
229732
  async applySocketArtifactUpgrades(ctxt) {
229683
229733
  const pyprojectTomlFiles = ctxt.manifestFiles.filter((f6) => this.pyprojectTomlMatcher(f6));
229684
229734
  const patches = [];
229685
229735
  const uvLockFilesToValidate = /* @__PURE__ */ new Set();
229686
229736
  const lockFileToDepTree = /* @__PURE__ */ new Map();
229737
+ const poetryLockArtifacts = /* @__PURE__ */ new Map();
229687
229738
  for (const [idx, upgradeVersion] of ctxt.upgrades) {
229688
229739
  const artifact = ctxt.artifacts[idx];
229689
229740
  assert13(artifact.name);
@@ -229755,6 +229806,10 @@ var PipSocketUpgradeManager = class {
229755
229806
  patches.push(...await this.createUvLockPatches(mf.file, idx, upgradeVersion, ctxt));
229756
229807
  uvLockFilesToValidate.add(mf.file);
229757
229808
  patches.push(...await this.createOverrideDependencyUpdatePatches(rootTomlFile, idx, upgradeVersion, ctxt));
229809
+ } else if (this.poetryLockMatcher(mf.file)) {
229810
+ const existing = poetryLockArtifacts.get(mf.file) ?? [];
229811
+ existing.push(idx);
229812
+ poetryLockArtifacts.set(mf.file, existing);
229758
229813
  } else {
229759
229814
  ctxt.statusUpdater?.({
229760
229815
  status: "error",
@@ -229774,6 +229829,14 @@ var PipSocketUpgradeManager = class {
229774
229829
  }
229775
229830
  }
229776
229831
  }
229832
+ for (const [file, artifacts] of poetryLockArtifacts) {
229833
+ ctxt.statusUpdater?.({
229834
+ status: "error",
229835
+ file,
229836
+ artifacts,
229837
+ message: "The Poetry package manager is not currently supported for upgrades"
229838
+ });
229839
+ }
229777
229840
  await applyPatches("PIP", this.rootDir, patches, ctxt);
229778
229841
  for (const lockFile of uvLockFilesToValidate) {
229779
229842
  const upgradesForLockFile = [];
@@ -251742,7 +251805,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
251742
251805
  }
251743
251806
 
251744
251807
  // dist/version.js
251745
- var version3 = "14.12.215";
251808
+ var version3 = "14.12.217";
251746
251809
 
251747
251810
  // dist/cli-core.js
251748
251811
  var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coana-tech/cli",
3
- "version": "14.12.215",
3
+ "version": "14.12.217",
4
4
  "description": "Coana CLI",
5
5
  "type": "module",
6
6
  "bin": {
package/reachability-analyzers-cli.mjs CHANGED
@@ -81033,6 +81033,7 @@ var AnalyzerTelemetryServer = class {
81033
81033
 
81034
81034
  // ../utils/src/command-utils.ts
81035
81035
  var DEFAULT_TIMEOUT_MS = 30 * 60 * 1e3;
81036
+ var DEFAULT_KILL_GRACE_PERIOD_MS = 60 * 1e3;
81036
81037
  async function execAndLogOnFailure(cmd, dir, options, logLevel = "info") {
81037
81038
  const result = await execNeverFail(cmd, dir, options);
81038
81039
  if (result.error) logCommandOutput(result, cmd, dir, logLevel);
@@ -81102,7 +81103,7 @@ function wrapWithMemoryLimit(cmd, options) {
81102
81103
  2
81103
81104
  )} MiB). Terminating process.`
81104
81105
  );
81105
- subprocess.kill(options.killSignal ?? "SIGTERM");
81106
+ subprocess.kill("SIGTERM");
81106
81107
  subprocess = void 0;
81107
81108
  }
81108
81109
  prevHandler?.onTelemetry(metrics);
@@ -81138,15 +81139,38 @@ async function execNeverFail(cmd, dir, options) {
81138
81139
  let args;
81139
81140
  if (typeof cmd !== "string") [cmd, ...args] = cmd;
81140
81141
  const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
81142
+ const killGracePeriodMs = options?.killGracePeriodMs ?? DEFAULT_KILL_GRACE_PERIOD_MS;
81141
81143
  const env = analyzerTelemetryFilePath ? { ...options?.env ?? process.env, ANALYZER_TELEMETRY_FILE_PATH: analyzerTelemetryFilePath } : options?.env;
81144
+ let sigtermTimer;
81145
+ let sigkillTimer;
81142
81146
  const childProcess = execFile2(
81143
81147
  cmd,
81144
81148
  args,
81145
- { ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args === void 0, timeout },
81149
+ { ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args === void 0, timeout: 0 },
81146
81150
  (error, stdout, stderr) => {
81151
+ if (sigtermTimer) clearTimeout(sigtermTimer);
81152
+ if (sigkillTimer) clearTimeout(sigkillTimer);
81147
81153
  resolve25({ error, stdout, stderr });
81148
81154
  }
81149
81155
  );
81156
+ if (timeout > 0) {
81157
+ sigtermTimer = setTimeout(() => {
81158
+ if (childProcess.exitCode !== null || childProcess.signalCode !== null) return;
81159
+ childProcess.kill();
81160
+ if (killGracePeriodMs > 0) {
81161
+ sigkillTimer = setTimeout(() => {
81162
+ if (childProcess.exitCode === null && childProcess.signalCode === null) {
81163
+ logger.debug(
81164
+ `Process (pid ${childProcess.pid}) did not exit within ${killGracePeriodMs}ms of SIGTERM; escalating to SIGKILL`
81165
+ );
81166
+ childProcess.kill("SIGKILL");
81167
+ }
81168
+ }, killGracePeriodMs);
81169
+ sigkillTimer.unref?.();
81170
+ }
81171
+ }, timeout);
81172
+ sigtermTimer.unref?.();
81173
+ }
81150
81174
  if (options?.telemetryHandler && childProcess.pid)
81151
81175
  stopTelemetry = startTelemetry(childProcess, options.telemetryHandler);
81152
81176
  if (options?.pipe) {
@@ -96281,7 +96305,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
96281
96305
  const outputFile = resolve9(tmpDir, "output.json");
96282
96306
  await writeFile5(inputFile, JSON.stringify(options));
96283
96307
  const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
96284
- const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.dotnet });
96308
+ const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.dotnet });
96285
96309
  if (result.error)
96286
96310
  return void 0;
96287
96311
  const packageIds = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -96322,7 +96346,6 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
96322
96346
  const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
96323
96347
  const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, {
96324
96348
  timeout: timeoutMs,
96325
- killSignal: "SIGKILL",
96326
96349
  heartbeat: HEARTBEATS.dotnet,
96327
96350
  telemetryHandler,
96328
96351
  analyzerTelemetryHandler
@@ -110360,7 +110383,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
110360
110383
  const outputFile = resolve10(tmpDir, "output.json");
110361
110384
  await writeFile6(inputFile, JSON.stringify(options));
110362
110385
  const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
110363
- const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.java });
110386
+ const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.java });
110364
110387
  if (result.error)
110365
110388
  return void 0;
110366
110389
  const packageIds = JSON.parse(await readFile8(outputFile, "utf-8")).result;
@@ -110399,7 +110422,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
110399
110422
  const outputFile = resolve10(tmpDir, "output.json");
110400
110423
  await writeFile6(inputFile, JSON.stringify(options));
110401
110424
  const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
110402
- const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.java, telemetryHandler, analyzerTelemetryHandler });
110425
+ const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.java, telemetryHandler, analyzerTelemetryHandler });
110403
110426
  if (result.error)
110404
110427
  return { type: "error", message: result.error.message ?? "unknown error" };
110405
110428
  const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile8(outputFile, "utf-8")).result;
@@ -111007,7 +111030,6 @@ var JSAnalysisEngine = class {
111007
111030
  ${options.entryPoints ?? projectRoot}`;
111008
111031
  await runCommandResolveStdOut2(cmd, void 0, {
111009
111032
  timeout: options.timeoutSeconds.allVulnRuns * 1e3,
111010
- killSignal: "SIGKILL",
111011
111033
  heartbeat: HEARTBEATS.js,
111012
111034
  telemetryHandler,
111013
111035
  analyzerTelemetryHandler
@@ -111102,10 +111124,11 @@ var JellyJSAnalysisEngine = class extends JSAnalysisEngine {
111102
111124
  await runCommandResolveStdOut2(
111103
111125
  cmdToRun,
111104
111126
  void 0,
111105
- // Use SIGKILL to ensure termination even if the process is unresponsive 50% above the timeout (e.g., due to GC pressure).
111127
+ // Terminate if the process exceeds 1.5x the timeout (e.g., due to GC pressure making
111128
+ // Jelly's internal timeout checks unreliable). execNeverFail sends SIGTERM first and
111129
+ // escalates to SIGKILL after a grace period if the process remains alive.
111106
111130
  {
111107
111131
  timeout: timeoutInSeconds * 1e3 * 1.5,
111108
- killSignal: "SIGKILL",
111109
111132
  heartbeat: HEARTBEATS.js,
111110
111133
  telemetryHandler,
111111
111134
  analyzerTelemetryHandler,
@@ -111156,7 +111179,6 @@ var JellyJSAnalysisEngine = class extends JSAnalysisEngine {
111156
111179
  --reachable-json ${reachablePackagesFile} ${projectRoot}`;
111157
111180
  await runCommandResolveStdOut2(jellyCmd, void 0, {
111158
111181
  timeout: options.timeoutSeconds.allVulnRuns * 1e3,
111159
- killSignal: "SIGKILL",
111160
111182
  heartbeat: HEARTBEATS.js,
111161
111183
  telemetryHandler,
111162
111184
  analyzerTelemetryHandler
@@ -111881,10 +111903,10 @@ var SparJSAnalysisEngine = class extends JSAnalysisEngine {
111881
111903
  await runCommandResolveStdOut2(
111882
111904
  cmd,
111883
111905
  void 0,
111884
- // Use SIGKILL to ensure termination even if the process is unresponsive 50% above the timeout
111906
+ // Terminate if the process exceeds 1.5x the timeout. execNeverFail sends SIGTERM
111907
+ // first and escalates to SIGKILL after a grace period if the process remains alive.
111885
111908
  {
111886
111909
  timeout: timeoutInSeconds * 1e3 * 1.5,
111887
- killSignal: "SIGKILL",
111888
111910
  heartbeat: HEARTBEATS.js,
111889
111911
  telemetryHandler,
111890
111912
  analyzerTelemetryHandler,
@@ -112255,7 +112277,6 @@ var GoCodeAwareVulnerabilityScanner = class {
112255
112277
  -topk=4 ${heuristic.includeTests && "-tests"}
112256
112278
  ${this.projectDir} ${vulnAccPaths}`, void 0, {
112257
112279
  timeout: timeoutInSeconds * 1e3,
112258
- killSignal: "SIGKILL",
112259
112280
  memoryLimitInMB,
112260
112281
  env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${Math.max(Math.ceil(memoryLimitInMB - 256), 0)}MiB` } : void 0,
112261
112282
  heartbeat: HEARTBEATS.go,
@@ -112664,7 +112685,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
112664
112685
  const outputFile = resolve17(tmpDir, "output.json");
112665
112686
  await writeFile10(inputFile, JSON.stringify(options));
112666
112687
  const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
112667
- const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.rust });
112688
+ const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.rust });
112668
112689
  if (result.error)
112669
112690
  return void 0;
112670
112691
  const packageIds = JSON.parse(await readFile13(outputFile, "utf-8")).result;
@@ -112700,7 +112721,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
112700
112721
  const outputFile = resolve17(tmpDir, "output.json");
112701
112722
  await writeFile10(inputFile, JSON.stringify(options));
112702
112723
  const timeoutMs = Math.max(effectiveTimeout * 1.5, effectiveTimeout + 30) * 1e3;
112703
- const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.rust, telemetryHandler, analyzerTelemetryHandler });
112724
+ const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.rust, telemetryHandler, analyzerTelemetryHandler });
112704
112725
  if (result.error)
112705
112726
  return { type: "error", message: result.error.message ?? "unknown error" };
112706
112727
  const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile13(outputFile, "utf-8")).result;
@@ -113214,9 +113235,8 @@ var PythonCodeAwareVulnerabilityScanner = class {
113214
113235
  PYPY_GC_MAX: `${memoryLimitInMB ? Math.max(Math.ceil(memoryLimitInMB - 256), 1) : 0}MB`
113215
113236
  },
113216
113237
  // Forcefully kill the process if the internal timeout mechanism fails.
113217
- // Use SIGKILL to ensure termination even if the process is unresponsive.
113238
+ // execNeverFail sends SIGTERM first and escalates to SIGKILL after a grace period.
113218
113239
  timeout: (timeoutInSeconds * 1.5 + 15) * 1e3,
113219
- killSignal: "SIGKILL",
113220
113240
  heartbeat: HEARTBEATS.python,
113221
113241
  telemetryHandler,
113222
113242
  analyzerTelemetryHandler,
@@ -114708,7 +114728,6 @@ var RubyCodeAwareVulnerabilityScanner = class {
114708
114728
  this.numberAnalysesRun++;
114709
114729
  await exec2(cmd, this.projectDir, {
114710
114730
  timeout: (timeoutInSeconds * 1.5 + 10) * 1e3,
114711
- killSignal: "SIGKILL",
114712
114731
  heartbeat: HEARTBEATS.ruby,
114713
114732
  telemetryHandler
114714
114733
  });