@coana-tech/cli 14.12.50 → 14.12.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/cli.mjs +40 -23
  2. package/package.json +1 -1
  3. package/reachability-analyzers-cli.mjs +1345 -935
  4. package/repos/coana-tech/alucard/alucard.jar +0 -0
  5. package/repos/coana-tech/class-graph-analysis/dist/bundle/class-graph-analysis-cli.mjs +16 -4
  6. package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
  7. package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
  8. package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
  9. package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
  10. package/repos/coana-tech/mambalade/dist/{mambalade-0.3.13-py3-none-any.whl → mambalade-0.3.14-py3-none-any.whl} +0 -0
package/cli.mjs CHANGED
@@ -197422,7 +197422,11 @@ var ecosystemMap = {
197422
197422
  versionSatisfiesRelation: versionSatisfiesRelationWithComparisonFunction(nugetCompareVersions),
197423
197423
  versionSatisfiesRange: versionSatisfiesWithVersionComparisonFunction(nugetCompareVersions)
197424
197424
  },
197425
- RUBYGEMS: buildUnsupportedEcosystem("RUBYGEMS"),
197425
+ RUBYGEMS: {
197426
+ ...buildUnsupportedEcosystem("RUBYGEMS"),
197427
+ // XXX: Currently only used for checking vulnerability access paths in `check-match-on-versions.ts`!
197428
+ versionSatisfiesRange: semverSatisfiesRange
197429
+ },
197426
197430
  COMPOSER: buildUnsupportedEcosystem("COMPOSER"),
197427
197431
  SWIFT: buildUnsupportedEcosystem("SWIFT"),
197428
197432
  ERLANG: buildUnsupportedEcosystem("ERLANG"),
@@ -213583,13 +213587,13 @@ async function getCargoTomlFilesForCargoLockFile(rootDir, cargoLockFile, cargoTo
213583
213587
  if (!toml) return void 0;
213584
213588
  const memberPatterns = [];
213585
213589
  const excludePatterns = [];
213586
- const members = getNestedValue(toml, "tool.uv.workspace.members");
213590
+ const members = getNestedValue(toml, "workspace.members");
213587
213591
  for (const member of members instanceof TOMLArray ? members : []) {
213588
213592
  if (member instanceof TOMLScalar && typeof member[value] === "string") {
213589
213593
  memberPatterns.push(member[value]);
213590
213594
  }
213591
213595
  }
213592
- const excludes = getNestedValue(toml, "tool.uv.workspace.exclude");
213596
+ const excludes = getNestedValue(toml, "workspace.exclude");
213593
213597
  for (const exclude of excludes instanceof TOMLArray ? excludes : []) {
213594
213598
  if (exclude instanceof TOMLScalar && typeof exclude[value] === "string") {
213595
213599
  excludePatterns.push(exclude[value]);
@@ -218165,6 +218169,9 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
218165
218169
  const dir = dirname15(manifestPath);
218166
218170
  return base === "go.mod" ? dir || "." : void 0;
218167
218171
  }
218172
+ case "RUBYGEMS": {
218173
+ return dirname15(manifestPath) || ".";
218174
+ }
218168
218175
  default: {
218169
218176
  return ".";
218170
218177
  }
@@ -218536,10 +218543,10 @@ ${upgrades.map(({ purl, upgradeVersion }) => ` ${prettyPrintPurlUpgrade(purl, up
218536
218543
  const subprojectPromiseQueue = new PromiseQueue(Number(options.concurrency));
218537
218544
  supportedSubprojects.forEach((subproject) => {
218538
218545
  subprojectPromiseQueue.enqueueTask(async () => {
218539
- const workspacePathsMatchingGlob = subproject.workspacePaths.filter((wsPath) => minimatch(join25(subproject.subprojectPath, wsPath), options.globPattern ?? "**"));
218546
+ const workspacePathsMatchingGlob = subproject.workspacePaths.filter((wsPath) => minimatch(join25(subproject.subprojectPath, wsPath), options.glob ?? "**"));
218540
218547
  if (workspacePathsMatchingGlob.length === 0)
218541
218548
  return;
218542
- logger.info(`Found workspaces for subproject ${subproject.subprojectPath}${options.globPattern ? `matching glob ${options.globPattern}` : ""}:
218549
+ logger.info(`Found workspaces for subproject ${subproject.subprojectPath}${options.glob ? `matching glob ${options.glob}` : ""}:
218543
218550
  ${workspacePathsMatchingGlob.map((wsPath) => ` ${wsPath}`).join("\n")}`);
218544
218551
  const fixingData = await otherModulesCommunicator.getFixingData(subproject.packageManagerName, subproject.subprojectPath, workspacePathsMatchingGlob);
218545
218552
  const workspaceToFixes = {};
@@ -218659,7 +218666,7 @@ async function computeFixesAndUpgradePurls(path2, options, logFile) {
218659
218666
  runWithoutDocker: options.runWithoutDocker,
218660
218667
  manifestsTarHash: options.manifestsTarHash,
218661
218668
  concurrency: "1",
218662
- globPattern: options.globPattern,
218669
+ glob: options.glob,
218663
218670
  rangeStyle: options.rangeStyle
218664
218671
  }, void 0, autofixRunId, socketFactArtifacts) ?? "fixed-all";
218665
218672
  if (autofixRunId) {
@@ -219383,30 +219390,32 @@ function toSocketFacts(report, dependencyTrees, subPjToWsPathToDirectDependencie
219383
219390
  };
219384
219391
  }
219385
219392
  function toSocketReachabilitySchema(vulnerability) {
219386
- if (vulnerability.codeAwareScanResult.type === "missingVulnerabilityPattern") {
219393
+ const codeAwareScanResult = vulnerability.codeAwareScanResult;
219394
+ if (codeAwareScanResult.type === "missingVulnerabilityPattern") {
219387
219395
  return { type: "missing_support" };
219388
219396
  }
219389
- if (vulnerability.codeAwareScanResult.type === "noAnalysisCheck") {
219397
+ if (codeAwareScanResult.type === "noAnalysisCheck") {
219390
219398
  return { type: "undeterminable_reachability" };
219391
219399
  }
219392
- if (vulnerability.codeAwareScanResult.type === "analysisError") {
219393
- return { type: "error", error: vulnerability.codeAwareScanResult.message };
219400
+ if (codeAwareScanResult.type === "analysisError") {
219401
+ return { type: "error", error: codeAwareScanResult.message };
219394
219402
  }
219395
- if (vulnerability.codeAwareScanResult.type === "otherError") {
219396
- if (vulnerability.codeAwareScanResult.message.includes("Reachability analysis for languages using"))
219397
- return { type: "unknown" };
219398
- return { type: "error", error: vulnerability.codeAwareScanResult.message };
219403
+ if (codeAwareScanResult.type === "otherError") {
219404
+ if (codeAwareScanResult.message.includes("Reachability analysis for languages using"))
219405
+ return { type: "unknown", reason: codeAwareScanResult.message };
219406
+ return { type: "error", error: codeAwareScanResult.message };
219399
219407
  }
219400
- if (vulnerability.codeAwareScanResult.type === "success") {
219401
- if (Array.isArray(vulnerability.codeAwareScanResult.detectedOccurrences)) {
219402
- if (vulnerability.codeAwareScanResult.detectedOccurrences.length === 0) {
219403
- return { type: "unreachable" };
219408
+ if (codeAwareScanResult.type === "success") {
219409
+ const affectedPurls = codeAwareScanResult.affectedPurls;
219410
+ if (Array.isArray(codeAwareScanResult.detectedOccurrences)) {
219411
+ if (codeAwareScanResult.detectedOccurrences.length === 0) {
219412
+ return { type: "unreachable", affectedPurls };
219404
219413
  }
219405
219414
  throw new Error("Detected occurrences is an array with elements. This is a bug.");
219406
219415
  }
219407
- const detOccWithStacks = vulnerability.codeAwareScanResult.detectedOccurrences;
219416
+ const detOccWithStacks = codeAwareScanResult.detectedOccurrences;
219408
219417
  if (detOccWithStacks.stacks.length === 0) {
219409
- return { type: "unreachable" };
219418
+ return { type: "unreachable", affectedPurls };
219410
219419
  }
219411
219420
  const shouldTruncate = detOccWithStacks.stacks.length > MAX_STACKS_TO_SEND;
219412
219421
  if (shouldTruncate) {
@@ -234350,7 +234359,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
234350
234359
  }
234351
234360
 
234352
234361
  // dist/version.js
234353
- var version2 = "14.12.50";
234362
+ var version2 = "14.12.52";
234354
234363
 
234355
234364
  // dist/cli-core.js
234356
234365
  var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -234544,7 +234553,15 @@ var CliCore = class {
234544
234553
  otherModulesCommunicator,
234545
234554
  this.rootWorkingDirectory,
234546
234555
  ecosystem,
234547
- ["NPM", "PIP", "GO", "MAVEN", "NUGET", "RUST"].includes(ecosystem) && isEcosystemToAnalyze,
234556
+ [
234557
+ "NPM",
234558
+ "PIP",
234559
+ "GO",
234560
+ "MAVEN",
234561
+ "NUGET",
234562
+ "RUST"
234563
+ /*, 'RUBYGEMS' */
234564
+ ].includes(ecosystem) && isEcosystemToAnalyze,
234548
234565
  (workspaceName, workspaceNumber, totalWorkspacesForCurrentEcosystem) => {
234549
234566
  currentOverallWorkspace++;
234550
234567
  logger.info(bold(`Analyzing ecosystem ${ecosystem} for project ${workspaceName} (${workspaceNumber}/${totalWorkspacesForCurrentEcosystem}) - Overall progress: Project ${currentOverallWorkspace}/${totalWorkspaces}, ecosystem ${ecosystemIndex + 1}/${totalEcosystems}`));
@@ -235123,7 +235140,7 @@ async function initializeComputeFixesAndUpgradePurls(path2, options) {
235123
235140
  "silent",
235124
235141
  "applyFixesTo",
235125
235142
  "dryRun",
235126
- "globPattern",
235143
+ "glob",
235127
235144
  "manifestsTarHash",
235128
235145
  "rangeStyle",
235129
235146
  "disableMajorUpdates",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coana-tech/cli",
3
- "version": "14.12.50",
3
+ "version": "14.12.52",
4
4
  "description": "Coana CLI",
5
5
  "type": "module",
6
6
  "bin": {