@coana-tech/cli 14.12.219 → 14.12.220

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/cli.mjs +1 -1
  2. package/package.json +1 -1
  3. package/reachability-analyzers-cli.mjs +16 -3
  4. package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
  5. package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
  6. package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
  7. package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
  8. package/repos/coana-tech/javap-service/javap-service.jar +0 -0
package/cli.mjs CHANGED
@@ -251836,7 +251836,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
251836
251836
  }
251837
251837
 
251838
251838
  // dist/version.js
251839
- var version3 = "14.12.219";
251839
+ var version3 = "14.12.220";
251840
251840
 
251841
251841
  // dist/cli-core.js
251842
251842
  var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coana-tech/cli",
3
- "version": "14.12.219",
3
+ "version": "14.12.220",
4
4
  "description": "Coana CLI",
5
5
  "type": "module",
6
6
  "bin": {
package/reachability-analyzers-cli.mjs CHANGED
@@ -113917,9 +113917,22 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
113917
113917
  heuristic: getHeuristicFromName(state, b.heuristicName, ecosystem),
113918
113918
  vulnerabilities: b.vulnUrls.map((vUrl) => vulnerabilities.find((v) => v.url === vUrl))
113919
113919
  })), analysisMetadataCollector, true);
113920
+ const originalUrlToReachability = transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities);
113921
+ if (expHeuristicName === "SPARJS_EXPERIMENT") {
113922
+ for (const v of resWithoutExperimentalHeuristic.augmentedVulnerabilities) {
113923
+ if (v.results.type !== "success")
113924
+ continue;
113925
+ const { stacks } = v.results.detectedOccurrences;
113926
+ if (!stacks.length)
113927
+ continue;
113928
+ const pkgsInVulnChain = new Set(Object.values(v.vulnChainDetails.transitiveDependencies).map((d) => d.packageName));
113929
+ if (stacks.every((s2) => s2.some((f2, i4) => i4 > 0 && !pkgsInVulnChain.has(f2.package))))
113930
+ ignoredVulnerabilities.add(v.url);
113931
+ }
113932
+ }
113920
113933
  await Promise.all([
113921
113934
  sendTimeRegressionsToDashboard(expHeuristicName, resWithoutExperimentalHeuristic.analysisMetadata, bucketsToRecompute),
113922
- sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities), experimentalUrlToReachability, ignoredVulnerabilities)
113935
+ sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, originalUrlToReachability, experimentalUrlToReachability, ignoredVulnerabilities)
113923
113936
  ]);
113924
113937
  }
113925
113938
  const vulnsToGetFromExperimental = bucketsNotToRecompute.flatMap((b) => b.vulnUrls);
@@ -114227,8 +114240,8 @@ function findDuplicateVulnsInBuckets(bucketsFromLastAnalysis) {
114227
114240
  }
114228
114241
  return duplicateUrls;
114229
114242
  }
114230
- function transformVulnsToUrlToReachability(oldHeuristicAugmentedVulnerabilities) {
114231
- return Object.fromEntries(oldHeuristicAugmentedVulnerabilities.map((v) => [
114243
+ function transformVulnsToUrlToReachability(augmentedVulnerabilities) {
114244
+ return Object.fromEntries(augmentedVulnerabilities.map((v) => [
114232
114245
  v.url,
114233
114246
  {
114234
114247
  reachability: getVulnReachability(v.results),