@coana-tech/cli 15.0.2 → 15.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +3 -3
- package/package.json +1 -1
- package/reachability-analyzers-cli.mjs +25 -15
- package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
- package/repos/coana-tech/javap-service/javap-service.jar +0 -0
- package/repos/coana-tech/spar/sparjs-aarch64-apple-darwin.gz +0 -0
- package/repos/coana-tech/spar/sparjs-aarch64-unknown-linux-musl.gz +0 -0
- package/repos/coana-tech/spar/sparjs-x86_64-apple-darwin.gz +0 -0
- package/repos/coana-tech/spar/sparjs-x86_64-unknown-linux-musl.gz +0 -0
package/cli.mjs
CHANGED
|
@@ -234861,7 +234861,7 @@ async function computeFixesAndUpgradePurls(path9, options, logFile) {
|
|
|
234861
234861
|
}
|
|
234862
234862
|
if (upgrades.size === 0) {
|
|
234863
234863
|
if (autofixRunId) {
|
|
234864
|
-
await getSocketAPI().finalizeAutofixRun(autofixRunId, "fixed-none");
|
|
234864
|
+
await getSocketAPI().finalizeAutofixRun(autofixRunId, "fixed-none", void 0, await logger.getLogContent(logFile));
|
|
234865
234865
|
}
|
|
234866
234866
|
throw new Error(`Unable to compute fixes for any of the requested vulnerabilities: ${prettyApplyFixesTo(options.applyFixesTo)}`);
|
|
234867
234867
|
}
|
|
@@ -234879,7 +234879,7 @@ async function computeFixesAndUpgradePurls(path9, options, logFile) {
|
|
|
234879
234879
|
}, autofixRunId) ?? "fixed-all";
|
|
234880
234880
|
if (autofixRunId) {
|
|
234881
234881
|
const allGhsasFailed = fixesFound.length === 0;
|
|
234882
|
-
await getSocketAPI().finalizeAutofixRun(autofixRunId, ghsasWithFailedArtifacts.length === 0 && applyFixesStatus === "fixed-all" ? "fixed-all" : allGhsasFailed || applyFixesStatus === "fixed-none" ? "fixed-none" : "fixed-some");
|
|
234882
|
+
await getSocketAPI().finalizeAutofixRun(autofixRunId, ghsasWithFailedArtifacts.length === 0 && applyFixesStatus === "fixed-all" ? "fixed-all" : allGhsasFailed || applyFixesStatus === "fixed-none" ? "fixed-none" : "fixed-some", void 0, await logger.getLogContent(logFile));
|
|
234883
234883
|
}
|
|
234884
234884
|
return {
|
|
234885
234885
|
type: "applied-fixes",
|
|
@@ -251822,7 +251822,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
251822
251822
|
}
|
|
251823
251823
|
|
|
251824
251824
|
// dist/version.js
|
|
251825
|
-
var version3 = "15.0.
|
|
251825
|
+
var version3 = "15.0.4";
|
|
251826
251826
|
|
|
251827
251827
|
// dist/cli-core.js
|
|
251828
251828
|
var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
|
package/package.json
CHANGED
|
@@ -110925,7 +110925,7 @@ function tarjanAndCondensation(packageMetadatas) {
|
|
|
110925
110925
|
|
|
110926
110926
|
// dist/whole-program-code-aware-vulnerability-scanner/js/dependency-preparation.js
|
|
110927
110927
|
async function prepareNpmDependencies(subprojectDir, workspaceDir, artifactIdToArtifact, directDependencies, packageNamesToInstall, preinstallDir) {
|
|
110928
|
-
if (existsSync11(resolve12(subprojectDir, "node_modules")))
|
|
110928
|
+
if (existsSync11(resolve12(subprojectDir, "node_modules")) || existsSync11(resolve12(workspaceDir, "node_modules")))
|
|
110929
110929
|
return { failedPackages: [], installedPackages: [] };
|
|
110930
110930
|
const artifactToOriginal = /* @__PURE__ */ new Map();
|
|
110931
110931
|
const transitiveDependenciesToInstall = Object.fromEntries(Object.entries(artifactIdToArtifact).filter(([_, dep]) => packageNamesToInstall.includes(getPackageName(dep))).map(([depId, dep]) => {
|
|
@@ -110960,6 +110960,9 @@ async function validateNpmDependencyDownloads(artifactIdToArtifact, packageNames
|
|
|
110960
110960
|
}
|
|
110961
110961
|
|
|
110962
110962
|
// dist/whole-program-code-aware-vulnerability-scanner/js/heuristics.js
|
|
110963
|
+
var largeIndirectionBoundOptions = {
|
|
110964
|
+
maxIndirections: 1024
|
|
110965
|
+
};
|
|
110963
110966
|
var lazyIndirectionBoundOptions = {
|
|
110964
110967
|
maxIndirections: 5
|
|
110965
110968
|
};
|
|
@@ -111895,11 +111898,14 @@ var SparJSAnalysisEngine = class extends JSAnalysisEngine {
|
|
|
111895
111898
|
--reachable-json ${affectedPackagesFile}
|
|
111896
111899
|
${getExcludes(mainProjectRoot, projectRoot, reachabilityAnalysisOptions)}
|
|
111897
111900
|
--diagnostics-json ${diagnosticsFile}
|
|
111898
|
-
--max-indirections
|
|
111901
|
+
--max-indirections=${/* XXX: maxIndirections is tuned for --lazy mode, which SparJS doesn't support,
|
|
111902
|
+
* so we use a value that's better for non-lazy analysis. */
|
|
111903
|
+
maxIndirections ? largeIndirectionBoundOptions.maxIndirections : void 0}
|
|
111899
111904
|
${!!includePackages && (includePackages.length ? ["--include-packages", ...includePackages] : ["--ignore-dependencies"])}
|
|
111900
111905
|
${/* XXX: Requires Node 22+ */
|
|
111901
111906
|
approx && "--approx"}
|
|
111902
111907
|
--callstacks-json ${callStackFile}
|
|
111908
|
+
--escape-patch-resolved-reads
|
|
111903
111909
|
--unresolved-non-vulnerable
|
|
111904
111910
|
${parseShellArgs(process.env.COANA_SPARJS_ADDITIONAL_FLAGS ?? "")}
|
|
111905
111911
|
${filesToAnalyze}
|
|
@@ -111945,12 +111951,14 @@ var SparJSAnalysisEngine = class extends JSAnalysisEngine {
|
|
|
111945
111951
|
for (const match2 of Object.values(matches))
|
|
111946
111952
|
match2.affectedPackages = uniq5(match2.stacks.flatMap((stack) => map3(stack, "package")));
|
|
111947
111953
|
const affectedPackages = JSON.parse(await readFile11(affectedPackagesFile, "utf-8")).packages;
|
|
111954
|
+
const aborted = analysisDiagnostics.solver.aborted;
|
|
111948
111955
|
return {
|
|
111949
111956
|
matches,
|
|
111950
111957
|
analysisDiagnostics: {
|
|
111951
111958
|
...analysisDiagnostics,
|
|
111952
|
-
aborted:
|
|
111953
|
-
timeout:
|
|
111959
|
+
aborted: !!aborted,
|
|
111960
|
+
timeout: aborted === "timeout",
|
|
111961
|
+
lowmemory: aborted === "out_of_memory",
|
|
111954
111962
|
timings: {
|
|
111955
111963
|
analysisTime: (analysisDiagnostics.totalTime - analysisDiagnostics.patternMatchingTime) / 1e3,
|
|
111956
111964
|
patternMatchingTime: analysisDiagnostics.patternMatchingTime / 1e3,
|
|
@@ -112066,7 +112074,7 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
|
|
|
112066
112074
|
...new Set(state.vulnerabilities.flatMap((v) => Object.values(v.vulnChainDetails?.transitiveDependencies ?? {}).filter((d) => d.vulnerable === true).map((d) => d.packageName)))
|
|
112067
112075
|
];
|
|
112068
112076
|
const packagesToInstall = !includePackages ? state.workspaceData.type === "coana" ? Object.values(state.workspaceData.data.dependencyTree.transitiveDependencies).map((dep) => getPackageName(dep)) : state.workspaceData.data.artifacts.map((dep) => getPackageName(dep)) : [.../* @__PURE__ */ new Set([...includePackages, ...vulnerablePackageNames])];
|
|
112069
|
-
const { failedPackages } = await prepareNpmDependencies(state.
|
|
112077
|
+
const { failedPackages } = await prepareNpmDependencies(state.subprojectDir, this.projectDir, state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.transitiveDependencies : Object.fromEntries(state.workspaceData.data.artifacts.map((d) => [d.id, d])), state.workspaceData.type === "coana" ? state.workspaceData.data.dependencyTree.dependencies ?? [] : state.workspaceData.data.artifacts.filter((a2) => a2.direct).map((a2) => a2.id), packagesToInstall, state.preinstallDir);
|
|
112070
112078
|
this.packagesExcludedUnrelatedToHeuristic = failedPackages.map((p) => getPackageName(p));
|
|
112071
112079
|
}
|
|
112072
112080
|
async runAnalysis(vulnerabilities, heuristic, timeoutInSeconds, experiment, telemetryHandler, analyzerTelemetryHandler) {
|
|
@@ -112075,7 +112083,7 @@ var JSCodeAwareVulnerabilityScanner = class _JSCodeAwareVulnerabilityScanner {
|
|
|
112075
112083
|
analysisOptionsFromHeuristic.approx = process.env.JELLY_APPROX === "true" || experiment === "JELLY_APPROX";
|
|
112076
112084
|
const analysisRes = await this.resolveEngine(experiment).runAnalysis(this.mainProjectDir, this.projectDir, analysisOptionsFromHeuristic, this.options, timeoutInSeconds, vulnerabilities, experiment, telemetryHandler, analyzerTelemetryHandler);
|
|
112077
112085
|
const { analysisDiagnostics: diagnostics, matches } = analysisRes;
|
|
112078
|
-
const terminatedEarly = diagnostics.
|
|
112086
|
+
const terminatedEarly = diagnostics.rangeError ?? (diagnostics.aborted || diagnostics.timeout || diagnostics.lowmemory);
|
|
112079
112087
|
return {
|
|
112080
112088
|
type: "success",
|
|
112081
112089
|
diagnostics,
|
|
@@ -114004,8 +114012,8 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
114004
114012
|
const bucketsFromLastAnalysisAndCliVersion = await dashboardAPI.getBucketsForLastReport(relative9(state.rootWorkingDir, state.subprojectDir) || ".", state.workspacePath, vulnerabilities[0].ecosystem ?? "NPM", COANA_REPORT_ID, apiKey);
|
|
114005
114013
|
if (!bucketsFromLastAnalysisAndCliVersion)
|
|
114006
114014
|
return void 0;
|
|
114007
|
-
const { cliVersion: cliVersion2, buckets:
|
|
114008
|
-
if (
|
|
114015
|
+
const { cliVersion: cliVersion2, buckets: rawBucketsFromLastAnalysis } = bucketsFromLastAnalysisAndCliVersion;
|
|
114016
|
+
if (rawBucketsFromLastAnalysis.some((b) => b.heuristicName === heuristics.IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3.name))
|
|
114009
114017
|
return;
|
|
114010
114018
|
try {
|
|
114011
114019
|
if ((0, import_semver4.lt)(cliVersion2, CLI_VERSION_TO_USE_CACHING_FROM[ecosystem] ?? CLI_VERSION_TO_USE_CACHING_FROM_DEFAULT))
|
|
@@ -114013,6 +114021,7 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
114013
114021
|
} catch (e) {
|
|
114014
114022
|
return void 0;
|
|
114015
114023
|
}
|
|
114024
|
+
const bucketsFromLastAnalysis = rawBucketsFromLastAnalysis.filter((b) => b.heuristicName !== "IMPORT_REACHABILITY");
|
|
114016
114025
|
const duplicateUrls = findDuplicateVulnsInBuckets(bucketsFromLastAnalysis);
|
|
114017
114026
|
if (duplicateUrls.length > 0) {
|
|
114018
114027
|
sendWarningToDashboard(`Assertion error: Detected bucket(s) with non-unique vulnerability URLs. Non-unique URLs: ${duplicateUrls.join(" ")}.`, {
|
|
@@ -114893,8 +114902,9 @@ var NpmAnalyzer = class {
|
|
|
114893
114902
|
}
|
|
114894
114903
|
async runReachabilityAnalysis(vulns, analysisMetadataCollector, statusUpdater) {
|
|
114895
114904
|
const heuristicsInOrder = this.state.otherAnalysisOptions.lightweightReachability ? [heuristics.IGNORE_DEPENDENCIES_AND_MAX_ROUNDS_3] : [heuristics.ONLY_VULN_PATH_PACKAGES_EXCEPT_VULNERABLE_PACKAGE];
|
|
114896
|
-
const
|
|
114897
|
-
|
|
114905
|
+
const nodeModulesAlreadyExistedInSubprojectDir = existsSync20(resolve25(this.state.subprojectDir, "node_modules"));
|
|
114906
|
+
const nodeModulesAlreadyExistedInProjectDir = existsSync20(resolve25(this.projectDir, "node_modules"));
|
|
114907
|
+
this.preinstalledDependencies = nodeModulesAlreadyExistedInSubprojectDir || nodeModulesAlreadyExistedInProjectDir ? "YES" : "NO";
|
|
114898
114908
|
const wrappedCollector = (metadata) => {
|
|
114899
114909
|
const jellyDiagnostics = metadata.analysisDiagnostics;
|
|
114900
114910
|
if (jellyDiagnostics?.modules !== void 0) {
|
|
@@ -115019,11 +115029,11 @@ ${e.stack}` : String(e),
|
|
|
115019
115029
|
return res;
|
|
115020
115030
|
} finally {
|
|
115021
115031
|
await Promise.all([this.engine.cleanup(), vulnerabilityScanner.cleanup()]);
|
|
115022
|
-
if (!
|
|
115023
|
-
|
|
115024
|
-
|
|
115025
|
-
|
|
115026
|
-
|
|
115032
|
+
if (!nodeModulesAlreadyExistedInSubprojectDir) {
|
|
115033
|
+
await rm11(resolve25(this.state.subprojectDir, "node_modules"), { recursive: true, force: true });
|
|
115034
|
+
}
|
|
115035
|
+
if (!nodeModulesAlreadyExistedInProjectDir) {
|
|
115036
|
+
await rm11(resolve25(this.projectDir, "node_modules"), { recursive: true, force: true });
|
|
115027
115037
|
}
|
|
115028
115038
|
}
|
|
115029
115039
|
}
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|