npm - @coana-tech/cli - Versions diffs - 14.12.50 → 14.12.51 - Mend

@coana-tech/cli 14.12.50 → 14.12.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/cli.mjs +16 -14
package/package.json +1 -1
package/reachability-analyzers-cli.mjs +40 -1
package/repos/coana-tech/alucard/alucard.jar +0 -0
package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
package/repos/coana-tech/mambalade/dist/mambalade-0.3.13-py3-none-any.whl +0 -0

package/cli.mjs CHANGED Viewed

@@ -219383,30 +219383,32 @@ function toSocketFacts(report, dependencyTrees, subPjToWsPathToDirectDependencie
   };
 }
 function toSocketReachabilitySchema(vulnerability) {
-  if (vulnerability.codeAwareScanResult.type === "missingVulnerabilityPattern") {
+  const codeAwareScanResult = vulnerability.codeAwareScanResult;
+  if (codeAwareScanResult.type === "missingVulnerabilityPattern") {
     return { type: "missing_support" };
   }
-  if (vulnerability.codeAwareScanResult.type === "noAnalysisCheck") {
+  if (codeAwareScanResult.type === "noAnalysisCheck") {
     return { type: "undeterminable_reachability" };
   }
-  if (vulnerability.codeAwareScanResult.type === "analysisError") {
-    return { type: "error", error: vulnerability.codeAwareScanResult.message };
+  if (codeAwareScanResult.type === "analysisError") {
+    return { type: "error", error: codeAwareScanResult.message };
   }
-  if (vulnerability.codeAwareScanResult.type === "otherError") {
-    if (vulnerability.codeAwareScanResult.message.includes("Reachability analysis for languages using"))
+  if (codeAwareScanResult.type === "otherError") {
+    if (codeAwareScanResult.message.includes("Reachability analysis for languages using"))
       return { type: "unknown" };
-    return { type: "error", error: vulnerability.codeAwareScanResult.message };
+    return { type: "error", error: codeAwareScanResult.message };
   }
-  if (vulnerability.codeAwareScanResult.type === "success") {
-    if (Array.isArray(vulnerability.codeAwareScanResult.detectedOccurrences)) {
-      if (vulnerability.codeAwareScanResult.detectedOccurrences.length === 0) {
-        return { type: "unreachable" };
+  if (codeAwareScanResult.type === "success") {
+    const affectedPurls = codeAwareScanResult.affectedPurls;
+    if (Array.isArray(codeAwareScanResult.detectedOccurrences)) {
+      if (codeAwareScanResult.detectedOccurrences.length === 0) {
+        return { type: "unreachable", affectedPurls };
       }
       throw new Error("Detected occurrences is an array with elements. This is a bug.");
     }
-    const detOccWithStacks = vulnerability.codeAwareScanResult.detectedOccurrences;
+    const detOccWithStacks = codeAwareScanResult.detectedOccurrences;
     if (detOccWithStacks.stacks.length === 0) {
-      return { type: "unreachable" };
+      return { type: "unreachable", affectedPurls };
     }
     const shouldTruncate = detOccWithStacks.stacks.length > MAX_STACKS_TO_SEND;
     if (shouldTruncate) {
@@ -234350,7 +234352,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 // dist/version.js
-var version2 = "14.12.50";
+var version2 = "14.12.51";
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.50",
+  "version": "14.12.51",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs CHANGED Viewed

@@ -76734,6 +76734,37 @@ function getPurlType(ecosystem) {
       throw Error(`Unsupported ecosystem: ${ecosystem}`);
   }
 }
+function getNamespaceAndName(ecosystem, packageName) {
+  let namespace2 = "";
+  let name2 = "";
+  switch (ecosystem) {
+    case "NPM":
+      if (packageName.includes("/")) [namespace2, name2] = packageName.split("/", 2);
+      else name2 = packageName;
+      break;
+    case "MAVEN":
+      if (packageName.includes(":")) [namespace2, name2] = packageName.split(":", 2);
+      else name2 = packageName;
+      break;
+    case "PIP":
+      name2 = packageName;
+      break;
+    default:
+      name2 = packageName;
+  }
+  return { namespace: namespace2, name: name2 };
+}
+function affectedJSPackagesToPurl(packages) {
+  return packages.map((pkg) => {
+    const { namespace: namespace2, name: name2 } = getNamespaceAndName("NPM", pkg.name);
+    return {
+      type: "npm" /* NPM */,
+      ...namespace2 && { namespace: namespace2 },
+      name: name2,
+      version: pkg.version
+    };
+  });
+}
 // ../utils/src/dashboard-api/socket-api.ts
 var axios2 = getAxiosClient();
@@ -104044,6 +104075,7 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
     const diagnosticsFile = resolve11(tmpFolder, "diagnostics.json");
     const matchesFile = resolve11(tmpFolder, "matches.json");
     const callStackFile = resolve11(tmpFolder, "call-stacks.json");
+    const affectedPackagesFile = resolve11(tmpFolder, "affected-packages.json");
     const logFile = reachabilityAnalysisOptions.analysisLogFile ?? (reachabilityAnalysisOptions.printLogFile && resolve11(projectRoot, "js-analysis.log"));
     await writeFile5(vulnerabilitiesFile, JSON.stringify(vulnerabilitiesInJellyFormat));
     let excludeEntries;
@@ -104062,6 +104094,8 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
       "" + (reachabilityAnalysisOptions.timeoutInSeconds ?? 60),
       "--vulnerabilities",
       vulnerabilitiesFile,
+      "--reachable-packages-file",
+      affectedPackagesFile,
       ...excludeEntries ? ["--exclude-entries", ...excludeEntries] : [],
       "--diagnostics-json",
       diagnosticsFile,
@@ -104102,9 +104136,12 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
       } else
         matches[vulnerability.osv.url] = transformedStacks;
     }
+    const affectedPackages = JSON.parse(await readFile7(affectedPackagesFile, "utf-8"));
+    const affectedPurls = affectedJSPackagesToPurl(affectedPackages);
     return {
       matches,
-      analysisDiagnostics
+      analysisDiagnostics,
+      affectedPurls
     };
   } finally {
     await rm2(tmpFolder, { recursive: true });
@@ -104178,6 +104215,7 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
         diagnostics,
         terminatedEarly: diagnostics.aborted || diagnostics.timeout,
         reachedDependencies: diagnostics.packages > 0,
+        affectedPurls: analysisRes.affectedPurls,
         computeDetectedOccurrences: ({ url: url2 }) => transformSourceLocations3(matches[url2] ?? [])
       };
     } catch (e) {
@@ -106696,6 +106734,7 @@ function augmentVulnsWithDetectedOccurrences(vulns, codeAwareScanner, heuristic,
       type: "success",
       terminatedEarly: result.terminatedEarly,
       heuristicName: heuristic.name,
+      affectedPurls: result.affectedPurls,
       detectedOccurrences
     };
   }

package/repos/coana-tech/alucard/alucard.jar CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/mambalade/dist/mambalade-0.3.13-py3-none-any.whl CHANGED Viewed

Binary file