@coana-tech/cli 15.0.13 → 15.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/cli.mjs +1018 -735
  2. package/package.json +1 -1
  3. package/reachability-analyzers-cli.mjs +31 -10
  4. package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
  5. package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
  6. package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
  7. package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
  8. package/repos/coana-tech/javap-service/javap-service.jar +0 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coana-tech/cli",
3
- "version": "15.0.13",
3
+ "version": "15.1.1",
4
4
  "description": "Coana CLI",
5
5
  "type": "module",
6
6
  "bin": {
package/reachability-analyzers-cli.mjs CHANGED
@@ -80581,12 +80581,16 @@ var DashboardAPI = class {
80581
80581
  }
80582
80582
  async createReport(repoUrl, projectName, cliVersion2, commitSha, branchName, cliOptions, apiKey3, cliRunEnv, systemInformation) {
80583
80583
  if (this.disableAnalyticsSharing) {
80584
- return;
80584
+ return { reportId: void 0, legacyMode: false };
80585
80585
  }
80586
80586
  if (this.socketMode) {
80587
- return (await this.socketAPI.createSocketTier1Scan(cliOptions, cliVersion2, systemInformation)).tier1_reachability_scan_id;
80587
+ const response = await this.socketAPI.createSocketTier1Scan(cliOptions, cliVersion2, systemInformation);
80588
+ return {
80589
+ reportId: response.tier1_reachability_scan_id,
80590
+ legacyMode: response.legacy_mode ?? false
80591
+ };
80588
80592
  } else {
80589
- return await this.coanaAPI.createCoanaReport(
80593
+ const reportId = await this.coanaAPI.createCoanaReport(
80590
80594
  repoUrl,
80591
80595
  projectName,
80592
80596
  cliVersion2,
@@ -80596,6 +80600,7 @@ var DashboardAPI = class {
80596
80600
  apiKey3,
80597
80601
  cliRunEnv
80598
80602
  );
80603
+ return { reportId, legacyMode: false };
80599
80604
  }
80600
80605
  }
80601
80606
  async sendErrorReport(apiKey3, stackTrace, shouldLogSharing, errorType, reportId, repoUrl, projectName, logContent) {
@@ -112082,10 +112087,10 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
112082
112087
  this.options = options;
112083
112088
  this.engineOverride = engineOverride;
112084
112089
  }
112085
- resolveEngine(experiment) {
112086
- if (this.engineOverride === "sparjs" || !this.engineOverride && experiment === "SPARJS_EXPERIMENT")
112087
- return this.sparjsEngine;
112088
- return this.jellyEngine;
112090
+ resolveEngine() {
112091
+ if (this.engineOverride === "jelly")
112092
+ return this.jellyEngine;
112093
+ return this.sparjsEngine;
112089
112094
  }
112090
112095
  async cleanup() {
112091
112096
  await Promise.all([this.jellyEngine.cleanup(), this.sparjsEngine.cleanup()]);
@@ -112108,7 +112113,7 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
112108
112113
  const analysisOptionsFromHeuristic = heuristic.getOptions(vulnerabilities);
112109
112114
  try {
112110
112115
  analysisOptionsFromHeuristic.approx = process.env.JELLY_APPROX === "true" || experiment === "JELLY_APPROX";
112111
- const analysisRes = await this.resolveEngine(experiment).runAnalysis(this.mainProjectDir, this.projectDir, analysisOptionsFromHeuristic, this.options, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler, analyzerTelemetryHandler);
112116
+ const analysisRes = await this.resolveEngine().runAnalysis(this.mainProjectDir, this.projectDir, analysisOptionsFromHeuristic, this.options, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler, analyzerTelemetryHandler);
112112
112117
  const { analysisDiagnostics: diagnostics, matches } = analysisRes;
112113
112118
  const terminatedEarly = diagnostics.rangeError ?? (diagnostics.aborted || diagnostics.timeout || diagnostics.lowmemory);
112114
112119
  return {
@@ -114341,11 +114346,27 @@ function transformVulnsToUrlToReachability(augmentedVulnerabilities) {
114341
114346
  }
114342
114347
 
114343
114348
  // dist/whole-program-code-aware-vulnerability-scanner/php/heuristics.js
114349
+ var INCLUDE_PACKAGE_COMPANIONS = {
114350
+ "guzzlehttp/guzzle": ["guzzlehttp/promises"]
114351
+ };
114352
+ function expandIncludePackageCompanions(packages) {
114353
+ const expanded = new Set(packages);
114354
+ const worklist = [...packages];
114355
+ for (const pkg of worklist) {
114356
+ for (const companion of INCLUDE_PACKAGE_COMPANIONS[pkg] ?? []) {
114357
+ if (!expanded.has(companion)) {
114358
+ expanded.add(companion);
114359
+ worklist.push(companion);
114360
+ }
114361
+ }
114362
+ }
114363
+ return [...expanded];
114364
+ }
114344
114365
  var PhpHeuristics = {
114345
114366
  ONLY_VULN_PATH_PACKAGES: {
114346
114367
  name: "ONLY_VULN_PATH_PACKAGES",
114347
114368
  splitAnalysisInBuckets: true,
114348
- getIncludePackages: (vulns) => computePackagesOnVulnPath(vulns, { includeLeafPackages: true })
114369
+ getIncludePackages: (vulns) => expandIncludePackageCompanions(computePackagesOnVulnPath(vulns, { includeLeafPackages: true }))
114349
114370
  }
114350
114371
  };
114351
114372
 
@@ -114930,7 +114951,7 @@ var NpmAnalyzer = class {
114930
114951
  constructor(state, projectDir) {
114931
114952
  this.state = state;
114932
114953
  this.projectDir = projectDir;
114933
- this.engine = this.state.otherAnalysisOptions.jsAnalysisEngine === "sparjs" ? new SparJSAnalysisEngine() : new JellyJSAnalysisEngine();
114954
+ this.engine = this.state.otherAnalysisOptions.jsAnalysisEngine === "jelly" ? new JellyJSAnalysisEngine() : new SparJSAnalysisEngine();
114934
114955
  }
114935
114956
  async installDependencies(preinstallDir) {
114936
114957
  if (existsSync20(resolve25(this.state.subprojectDir, "node_modules")))