@coana-tech/cli 14.12.7 → 14.12.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +8 -3
- package/package.json +1 -1
- package/reachability-analyzers-cli.mjs +10 -2
- package/repos/coana-tech/alucard/alucard.jar +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
package/cli.mjs
CHANGED
|
@@ -210393,6 +210393,11 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
|
|
|
210393
210393
|
const ecosystemToWorkspaceToVulnerabilities = {};
|
|
210394
210394
|
const purlsFailedToFindWorkspace = /* @__PURE__ */ new Set();
|
|
210395
210395
|
for (const artifact of artifacts) {
|
|
210396
|
+
let processToplevelAncestors2 = function(artifact2) {
|
|
210397
|
+
const allAncestorIds = getAllToplevelAncestors(artifactMap, artifact2.id);
|
|
210398
|
+
allAncestorIds.forEach((ancestorId) => artifactMap.get(ancestorId)?.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file)));
|
|
210399
|
+
};
|
|
210400
|
+
var processToplevelAncestors = processToplevelAncestors2;
|
|
210396
210401
|
const ecosystem = getAdvisoryEcosystemFromPurlType(artifact.type);
|
|
210397
210402
|
if (!ecosystem)
|
|
210398
210403
|
continue;
|
|
@@ -210411,12 +210416,12 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
|
|
|
210411
210416
|
if (pipArtifactToRepresentativeManifest[sPurl]) {
|
|
210412
210417
|
manifestFiles.push(...(pipArtifactToRepresentativeManifest[sPurl].manifestFiles ?? []).map((ref) => ref.file));
|
|
210413
210418
|
}
|
|
210419
|
+
processToplevelAncestors2(artifact);
|
|
210414
210420
|
break;
|
|
210415
210421
|
}
|
|
210416
210422
|
default: {
|
|
210417
210423
|
artifact.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file));
|
|
210418
|
-
|
|
210419
|
-
allAncestorIds.forEach((ancestorId) => artifactMap.get(ancestorId)?.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file)));
|
|
210424
|
+
processToplevelAncestors2(artifact);
|
|
210420
210425
|
break;
|
|
210421
210426
|
}
|
|
210422
210427
|
}
|
|
@@ -225604,7 +225609,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
225604
225609
|
}
|
|
225605
225610
|
|
|
225606
225611
|
// dist/version.js
|
|
225607
|
-
var version2 = "14.12.
|
|
225612
|
+
var version2 = "14.12.9";
|
|
225608
225613
|
|
|
225609
225614
|
// dist/cli-core.js
|
|
225610
225615
|
var { mapValues, omit, partition, pick } = import_lodash15.default;
|
package/package.json
CHANGED
|
@@ -96993,11 +96993,12 @@ function getPreInstalledDepInfos(workspaceData) {
|
|
|
96993
96993
|
var { groupBy } = import_lodash17.default;
|
|
96994
96994
|
var CLI_VERSION_TO_USE_CACHING_FROM = { PIP: "14.9.15" };
|
|
96995
96995
|
var CLI_VERSION_TO_USE_CACHING_FROM_DEFAULT = "13.16.6";
|
|
96996
|
+
var SOCKET_MODE = process.env.SOCKET_MODE === "true";
|
|
96996
96997
|
function assertVulnChainDetails(vs) {
|
|
96997
96998
|
assert8(vs.every((v) => v.vulnChainDetails));
|
|
96998
96999
|
}
|
|
96999
97000
|
var apiKey = COANA_API_KEY ? { type: "present", value: COANA_API_KEY } : { type: "missing" };
|
|
97000
|
-
var dashboardAPI = new DashboardAPI(
|
|
97001
|
+
var dashboardAPI = new DashboardAPI(SOCKET_MODE, process.env.DISABLE_ANALYTICS_SHARING === "true");
|
|
97001
97002
|
async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecomputeForTimeoutsAndAborts, codeAwareScanner, analysisMetadataCollector, statusUpdater) {
|
|
97002
97003
|
logger.debug("Starting analyzeWithHeuristics");
|
|
97003
97004
|
assertVulnChainDetails(vulns);
|
|
@@ -97085,7 +97086,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
97085
97086
|
}
|
|
97086
97087
|
}
|
|
97087
97088
|
async function getBucketsBasedOnPreviousResults() {
|
|
97088
|
-
if (
|
|
97089
|
+
if (!SOCKET_MODE && (!COANA_REPORT_ID || apiKey.type === "missing"))
|
|
97089
97090
|
return void 0;
|
|
97090
97091
|
const bucketsFromLastAnalysisAndCliVersion = await dashboardAPI.getBucketsForLastReport(relative5(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
|
|
97091
97092
|
if (!bucketsFromLastAnalysisAndCliVersion)
|
|
@@ -97321,6 +97322,13 @@ function augmentVulnsWithDetectedOccurrences(vulns, codeAwareScanner, heuristic,
|
|
|
97321
97322
|
for (const v of vulns) {
|
|
97322
97323
|
const detectedOccurrences = result.computeDetectedOccurrences(v);
|
|
97323
97324
|
if (Array.isArray(detectedOccurrences) ? detectedOccurrences.length === 0 : detectedOccurrences.stacks.length === 0) {
|
|
97325
|
+
if (SOCKET_MODE && result.terminatedEarly && !result.reachedDependencies && Object.keys(v.vulnChainDetails.transitiveDependencies).length > 1) {
|
|
97326
|
+
v.results = {
|
|
97327
|
+
type: "analysisError",
|
|
97328
|
+
message: "Analysis terminated early and did not reach any dependencies"
|
|
97329
|
+
};
|
|
97330
|
+
continue;
|
|
97331
|
+
}
|
|
97324
97332
|
const packageOnPathFailedToInstall = Object.values(v.vulnChainDetails.transitiveDependencies).map((p) => p.packageName).find((p) => packagesFailedToInstall.includes(p));
|
|
97325
97333
|
if (packageOnPathFailedToInstall) {
|
|
97326
97334
|
v.results = {
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|