@coana-tech/cli 15.0.4 → 15.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +242 -82
- package/package.json +1 -1
- package/reachability-analyzers-cli.mjs +60 -24
- package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
- package/repos/coana-tech/javap-service/javap-service.jar +0 -0
- package/repos/coana-tech/spar/sparjs-aarch64-apple-darwin.gz +0 -0
- package/repos/coana-tech/spar/sparjs-aarch64-unknown-linux-musl.gz +0 -0
- package/repos/coana-tech/spar/sparjs-x86_64-apple-darwin.gz +0 -0
- package/repos/coana-tech/spar/sparjs-x86_64-unknown-linux-musl.gz +0 -0
- package/repos/coana-tech/spar/sparphp-aarch64-apple-darwin.gz +0 -0
- package/repos/coana-tech/spar/sparphp-aarch64-unknown-linux-musl.gz +0 -0
- package/repos/coana-tech/spar/sparphp-x86_64-apple-darwin.gz +0 -0
- package/repos/coana-tech/spar/sparphp-x86_64-unknown-linux-musl.gz +0 -0
package/cli.mjs
CHANGED
|
@@ -16020,9 +16020,9 @@ var require_picomatch = __commonJS({
|
|
|
16020
16020
|
var utils = require_utils();
|
|
16021
16021
|
var constants4 = require_constants();
|
|
16022
16022
|
var isObject2 = (val2) => val2 && typeof val2 === "object" && !Array.isArray(val2);
|
|
16023
|
-
var
|
|
16023
|
+
var picomatch12 = (glob2, options, returnState = false) => {
|
|
16024
16024
|
if (Array.isArray(glob2)) {
|
|
16025
|
-
const fns = glob2.map((input) =>
|
|
16025
|
+
const fns = glob2.map((input) => picomatch12(input, options, returnState));
|
|
16026
16026
|
const arrayMatcher = (str) => {
|
|
16027
16027
|
for (const isMatch4 of fns) {
|
|
16028
16028
|
const state2 = isMatch4(str);
|
|
@@ -16038,16 +16038,16 @@ var require_picomatch = __commonJS({
|
|
|
16038
16038
|
}
|
|
16039
16039
|
const opts = options || {};
|
|
16040
16040
|
const posix3 = opts.windows;
|
|
16041
|
-
const regex = isState ?
|
|
16041
|
+
const regex = isState ? picomatch12.compileRe(glob2, options) : picomatch12.makeRe(glob2, options, false, true);
|
|
16042
16042
|
const state = regex.state;
|
|
16043
16043
|
delete regex.state;
|
|
16044
16044
|
let isIgnored = () => false;
|
|
16045
16045
|
if (opts.ignore) {
|
|
16046
16046
|
const ignoreOpts = { ...options, ignore: null, onMatch: null, onResult: null };
|
|
16047
|
-
isIgnored =
|
|
16047
|
+
isIgnored = picomatch12(opts.ignore, ignoreOpts, returnState);
|
|
16048
16048
|
}
|
|
16049
16049
|
const matcher = (input, returnObject = false) => {
|
|
16050
|
-
const { isMatch: isMatch4, match: match2, output } =
|
|
16050
|
+
const { isMatch: isMatch4, match: match2, output } = picomatch12.test(input, regex, options, { glob: glob2, posix: posix3 });
|
|
16051
16051
|
const result = { glob: glob2, state, regex, posix: posix3, input, output, match: match2, isMatch: isMatch4 };
|
|
16052
16052
|
if (typeof opts.onResult === "function") {
|
|
16053
16053
|
opts.onResult(result);
|
|
@@ -16073,7 +16073,7 @@ var require_picomatch = __commonJS({
|
|
|
16073
16073
|
}
|
|
16074
16074
|
return matcher;
|
|
16075
16075
|
};
|
|
16076
|
-
|
|
16076
|
+
picomatch12.test = (input, regex, options, { glob: glob2, posix: posix3 } = {}) => {
|
|
16077
16077
|
if (typeof input !== "string") {
|
|
16078
16078
|
throw new TypeError("Expected input to be a string");
|
|
16079
16079
|
}
|
|
@@ -16090,24 +16090,24 @@ var require_picomatch = __commonJS({
|
|
|
16090
16090
|
}
|
|
16091
16091
|
if (match2 === false || opts.capture === true) {
|
|
16092
16092
|
if (opts.matchBase === true || opts.basename === true) {
|
|
16093
|
-
match2 =
|
|
16093
|
+
match2 = picomatch12.matchBase(input, regex, options, posix3);
|
|
16094
16094
|
} else {
|
|
16095
16095
|
match2 = regex.exec(output);
|
|
16096
16096
|
}
|
|
16097
16097
|
}
|
|
16098
16098
|
return { isMatch: Boolean(match2), match: match2, output };
|
|
16099
16099
|
};
|
|
16100
|
-
|
|
16101
|
-
const regex = glob2 instanceof RegExp ? glob2 :
|
|
16100
|
+
picomatch12.matchBase = (input, glob2, options) => {
|
|
16101
|
+
const regex = glob2 instanceof RegExp ? glob2 : picomatch12.makeRe(glob2, options);
|
|
16102
16102
|
return regex.test(utils.basename(input));
|
|
16103
16103
|
};
|
|
16104
|
-
|
|
16105
|
-
|
|
16106
|
-
if (Array.isArray(pattern)) return pattern.map((p3) =>
|
|
16104
|
+
picomatch12.isMatch = (str, patterns, options) => picomatch12(patterns, options)(str);
|
|
16105
|
+
picomatch12.parse = (pattern, options) => {
|
|
16106
|
+
if (Array.isArray(pattern)) return pattern.map((p3) => picomatch12.parse(p3, options));
|
|
16107
16107
|
return parse16(pattern, { ...options, fastpaths: false });
|
|
16108
16108
|
};
|
|
16109
|
-
|
|
16110
|
-
|
|
16109
|
+
picomatch12.scan = (input, options) => scan(input, options);
|
|
16110
|
+
picomatch12.compileRe = (state, options, returnOutput = false, returnState = false) => {
|
|
16111
16111
|
if (returnOutput === true) {
|
|
16112
16112
|
return state.output;
|
|
16113
16113
|
}
|
|
@@ -16118,13 +16118,13 @@ var require_picomatch = __commonJS({
|
|
|
16118
16118
|
if (state && state.negated === true) {
|
|
16119
16119
|
source = `^(?!${source}).*$`;
|
|
16120
16120
|
}
|
|
16121
|
-
const regex =
|
|
16121
|
+
const regex = picomatch12.toRegex(source, options);
|
|
16122
16122
|
if (returnState === true) {
|
|
16123
16123
|
regex.state = state;
|
|
16124
16124
|
}
|
|
16125
16125
|
return regex;
|
|
16126
16126
|
};
|
|
16127
|
-
|
|
16127
|
+
picomatch12.makeRe = (input, options = {}, returnOutput = false, returnState = false) => {
|
|
16128
16128
|
if (!input || typeof input !== "string") {
|
|
16129
16129
|
throw new TypeError("Expected a non-empty string");
|
|
16130
16130
|
}
|
|
@@ -16135,9 +16135,9 @@ var require_picomatch = __commonJS({
|
|
|
16135
16135
|
if (!parsed.output) {
|
|
16136
16136
|
parsed = parse16(input, options);
|
|
16137
16137
|
}
|
|
16138
|
-
return
|
|
16138
|
+
return picomatch12.compileRe(parsed, options, returnOutput, returnState);
|
|
16139
16139
|
};
|
|
16140
|
-
|
|
16140
|
+
picomatch12.toRegex = (source, options) => {
|
|
16141
16141
|
try {
|
|
16142
16142
|
const opts = options || {};
|
|
16143
16143
|
return new RegExp(source, opts.flags || (opts.nocase ? "i" : ""));
|
|
@@ -16146,8 +16146,8 @@ var require_picomatch = __commonJS({
|
|
|
16146
16146
|
return /$^/;
|
|
16147
16147
|
}
|
|
16148
16148
|
};
|
|
16149
|
-
|
|
16150
|
-
module2.exports =
|
|
16149
|
+
picomatch12.constants = constants4;
|
|
16150
|
+
module2.exports = picomatch12;
|
|
16151
16151
|
}
|
|
16152
16152
|
});
|
|
16153
16153
|
|
|
@@ -16157,14 +16157,14 @@ var require_picomatch2 = __commonJS({
|
|
|
16157
16157
|
"use strict";
|
|
16158
16158
|
var pico = require_picomatch();
|
|
16159
16159
|
var utils = require_utils();
|
|
16160
|
-
function
|
|
16160
|
+
function picomatch12(glob2, options, returnState = false) {
|
|
16161
16161
|
if (options && (options.windows === null || options.windows === void 0)) {
|
|
16162
16162
|
options = { ...options, windows: utils.isWindows() };
|
|
16163
16163
|
}
|
|
16164
16164
|
return pico(glob2, options, returnState);
|
|
16165
16165
|
}
|
|
16166
|
-
Object.assign(
|
|
16167
|
-
module2.exports =
|
|
16166
|
+
Object.assign(picomatch12, pico);
|
|
16167
|
+
module2.exports = picomatch12;
|
|
16168
16168
|
}
|
|
16169
16169
|
});
|
|
16170
16170
|
|
|
@@ -39550,9 +39550,9 @@ var require_picomatch3 = __commonJS({
|
|
|
39550
39550
|
var utils = require_utils3();
|
|
39551
39551
|
var constants4 = require_constants3();
|
|
39552
39552
|
var isObject2 = (val2) => val2 && typeof val2 === "object" && !Array.isArray(val2);
|
|
39553
|
-
var
|
|
39553
|
+
var picomatch12 = (glob2, options, returnState = false) => {
|
|
39554
39554
|
if (Array.isArray(glob2)) {
|
|
39555
|
-
const fns = glob2.map((input) =>
|
|
39555
|
+
const fns = glob2.map((input) => picomatch12(input, options, returnState));
|
|
39556
39556
|
const arrayMatcher = (str) => {
|
|
39557
39557
|
for (const isMatch4 of fns) {
|
|
39558
39558
|
const state2 = isMatch4(str);
|
|
@@ -39568,16 +39568,16 @@ var require_picomatch3 = __commonJS({
|
|
|
39568
39568
|
}
|
|
39569
39569
|
const opts = options || {};
|
|
39570
39570
|
const posix3 = utils.isWindows(options);
|
|
39571
|
-
const regex = isState ?
|
|
39571
|
+
const regex = isState ? picomatch12.compileRe(glob2, options) : picomatch12.makeRe(glob2, options, false, true);
|
|
39572
39572
|
const state = regex.state;
|
|
39573
39573
|
delete regex.state;
|
|
39574
39574
|
let isIgnored = () => false;
|
|
39575
39575
|
if (opts.ignore) {
|
|
39576
39576
|
const ignoreOpts = { ...options, ignore: null, onMatch: null, onResult: null };
|
|
39577
|
-
isIgnored =
|
|
39577
|
+
isIgnored = picomatch12(opts.ignore, ignoreOpts, returnState);
|
|
39578
39578
|
}
|
|
39579
39579
|
const matcher = (input, returnObject = false) => {
|
|
39580
|
-
const { isMatch: isMatch4, match: match2, output } =
|
|
39580
|
+
const { isMatch: isMatch4, match: match2, output } = picomatch12.test(input, regex, options, { glob: glob2, posix: posix3 });
|
|
39581
39581
|
const result = { glob: glob2, state, regex, posix: posix3, input, output, match: match2, isMatch: isMatch4 };
|
|
39582
39582
|
if (typeof opts.onResult === "function") {
|
|
39583
39583
|
opts.onResult(result);
|
|
@@ -39603,7 +39603,7 @@ var require_picomatch3 = __commonJS({
|
|
|
39603
39603
|
}
|
|
39604
39604
|
return matcher;
|
|
39605
39605
|
};
|
|
39606
|
-
|
|
39606
|
+
picomatch12.test = (input, regex, options, { glob: glob2, posix: posix3 } = {}) => {
|
|
39607
39607
|
if (typeof input !== "string") {
|
|
39608
39608
|
throw new TypeError("Expected input to be a string");
|
|
39609
39609
|
}
|
|
@@ -39620,24 +39620,24 @@ var require_picomatch3 = __commonJS({
|
|
|
39620
39620
|
}
|
|
39621
39621
|
if (match2 === false || opts.capture === true) {
|
|
39622
39622
|
if (opts.matchBase === true || opts.basename === true) {
|
|
39623
|
-
match2 =
|
|
39623
|
+
match2 = picomatch12.matchBase(input, regex, options, posix3);
|
|
39624
39624
|
} else {
|
|
39625
39625
|
match2 = regex.exec(output);
|
|
39626
39626
|
}
|
|
39627
39627
|
}
|
|
39628
39628
|
return { isMatch: Boolean(match2), match: match2, output };
|
|
39629
39629
|
};
|
|
39630
|
-
|
|
39631
|
-
const regex = glob2 instanceof RegExp ? glob2 :
|
|
39630
|
+
picomatch12.matchBase = (input, glob2, options, posix3 = utils.isWindows(options)) => {
|
|
39631
|
+
const regex = glob2 instanceof RegExp ? glob2 : picomatch12.makeRe(glob2, options);
|
|
39632
39632
|
return regex.test(path9.basename(input));
|
|
39633
39633
|
};
|
|
39634
|
-
|
|
39635
|
-
|
|
39636
|
-
if (Array.isArray(pattern)) return pattern.map((p3) =>
|
|
39634
|
+
picomatch12.isMatch = (str, patterns, options) => picomatch12(patterns, options)(str);
|
|
39635
|
+
picomatch12.parse = (pattern, options) => {
|
|
39636
|
+
if (Array.isArray(pattern)) return pattern.map((p3) => picomatch12.parse(p3, options));
|
|
39637
39637
|
return parse16(pattern, { ...options, fastpaths: false });
|
|
39638
39638
|
};
|
|
39639
|
-
|
|
39640
|
-
|
|
39639
|
+
picomatch12.scan = (input, options) => scan(input, options);
|
|
39640
|
+
picomatch12.compileRe = (state, options, returnOutput = false, returnState = false) => {
|
|
39641
39641
|
if (returnOutput === true) {
|
|
39642
39642
|
return state.output;
|
|
39643
39643
|
}
|
|
@@ -39648,13 +39648,13 @@ var require_picomatch3 = __commonJS({
|
|
|
39648
39648
|
if (state && state.negated === true) {
|
|
39649
39649
|
source = `^(?!${source}).*$`;
|
|
39650
39650
|
}
|
|
39651
|
-
const regex =
|
|
39651
|
+
const regex = picomatch12.toRegex(source, options);
|
|
39652
39652
|
if (returnState === true) {
|
|
39653
39653
|
regex.state = state;
|
|
39654
39654
|
}
|
|
39655
39655
|
return regex;
|
|
39656
39656
|
};
|
|
39657
|
-
|
|
39657
|
+
picomatch12.makeRe = (input, options = {}, returnOutput = false, returnState = false) => {
|
|
39658
39658
|
if (!input || typeof input !== "string") {
|
|
39659
39659
|
throw new TypeError("Expected a non-empty string");
|
|
39660
39660
|
}
|
|
@@ -39665,9 +39665,9 @@ var require_picomatch3 = __commonJS({
|
|
|
39665
39665
|
if (!parsed.output) {
|
|
39666
39666
|
parsed = parse16(input, options);
|
|
39667
39667
|
}
|
|
39668
|
-
return
|
|
39668
|
+
return picomatch12.compileRe(parsed, options, returnOutput, returnState);
|
|
39669
39669
|
};
|
|
39670
|
-
|
|
39670
|
+
picomatch12.toRegex = (source, options) => {
|
|
39671
39671
|
try {
|
|
39672
39672
|
const opts = options || {};
|
|
39673
39673
|
return new RegExp(source, opts.flags || (opts.nocase ? "i" : ""));
|
|
@@ -39676,8 +39676,8 @@ var require_picomatch3 = __commonJS({
|
|
|
39676
39676
|
return /$^/;
|
|
39677
39677
|
}
|
|
39678
39678
|
};
|
|
39679
|
-
|
|
39680
|
-
module2.exports =
|
|
39679
|
+
picomatch12.constants = constants4;
|
|
39680
|
+
module2.exports = picomatch12;
|
|
39681
39681
|
}
|
|
39682
39682
|
});
|
|
39683
39683
|
|
|
@@ -39695,7 +39695,7 @@ var require_micromatch = __commonJS({
|
|
|
39695
39695
|
"use strict";
|
|
39696
39696
|
var util5 = __require("util");
|
|
39697
39697
|
var braces = require_braces();
|
|
39698
|
-
var
|
|
39698
|
+
var picomatch12 = require_picomatch4();
|
|
39699
39699
|
var utils = require_utils3();
|
|
39700
39700
|
var isEmptyString = (val2) => val2 === "" || val2 === "./";
|
|
39701
39701
|
var micromatch4 = (list2, patterns, options) => {
|
|
@@ -39712,7 +39712,7 @@ var require_micromatch = __commonJS({
|
|
|
39712
39712
|
}
|
|
39713
39713
|
};
|
|
39714
39714
|
for (let i7 = 0; i7 < patterns.length; i7++) {
|
|
39715
|
-
let isMatch4 =
|
|
39715
|
+
let isMatch4 = picomatch12(String(patterns[i7]), { ...options, onResult }, true);
|
|
39716
39716
|
let negated = isMatch4.state.negated || isMatch4.state.negatedExtglob;
|
|
39717
39717
|
if (negated) negatives++;
|
|
39718
39718
|
for (let item of list2) {
|
|
@@ -39740,8 +39740,8 @@ var require_micromatch = __commonJS({
|
|
|
39740
39740
|
return matches;
|
|
39741
39741
|
};
|
|
39742
39742
|
micromatch4.match = micromatch4;
|
|
39743
|
-
micromatch4.matcher = (pattern, options) =>
|
|
39744
|
-
micromatch4.isMatch = (str, patterns, options) =>
|
|
39743
|
+
micromatch4.matcher = (pattern, options) => picomatch12(pattern, options);
|
|
39744
|
+
micromatch4.isMatch = (str, patterns, options) => picomatch12(patterns, options)(str);
|
|
39745
39745
|
micromatch4.any = micromatch4.isMatch;
|
|
39746
39746
|
micromatch4.not = (list2, patterns, options = {}) => {
|
|
39747
39747
|
patterns = [].concat(patterns).map(String);
|
|
@@ -39788,7 +39788,7 @@ var require_micromatch = __commonJS({
|
|
|
39788
39788
|
micromatch4.some = (list2, patterns, options) => {
|
|
39789
39789
|
let items = [].concat(list2);
|
|
39790
39790
|
for (let pattern of [].concat(patterns)) {
|
|
39791
|
-
let isMatch4 =
|
|
39791
|
+
let isMatch4 = picomatch12(String(pattern), options);
|
|
39792
39792
|
if (items.some((item) => isMatch4(item))) {
|
|
39793
39793
|
return true;
|
|
39794
39794
|
}
|
|
@@ -39798,7 +39798,7 @@ var require_micromatch = __commonJS({
|
|
|
39798
39798
|
micromatch4.every = (list2, patterns, options) => {
|
|
39799
39799
|
let items = [].concat(list2);
|
|
39800
39800
|
for (let pattern of [].concat(patterns)) {
|
|
39801
|
-
let isMatch4 =
|
|
39801
|
+
let isMatch4 = picomatch12(String(pattern), options);
|
|
39802
39802
|
if (!items.every((item) => isMatch4(item))) {
|
|
39803
39803
|
return false;
|
|
39804
39804
|
}
|
|
@@ -39809,23 +39809,23 @@ var require_micromatch = __commonJS({
|
|
|
39809
39809
|
if (typeof str !== "string") {
|
|
39810
39810
|
throw new TypeError(`Expected a string: "${util5.inspect(str)}"`);
|
|
39811
39811
|
}
|
|
39812
|
-
return [].concat(patterns).every((p3) =>
|
|
39812
|
+
return [].concat(patterns).every((p3) => picomatch12(p3, options)(str));
|
|
39813
39813
|
};
|
|
39814
39814
|
micromatch4.capture = (glob2, input, options) => {
|
|
39815
39815
|
let posix3 = utils.isWindows(options);
|
|
39816
|
-
let regex =
|
|
39816
|
+
let regex = picomatch12.makeRe(String(glob2), { ...options, capture: true });
|
|
39817
39817
|
let match2 = regex.exec(posix3 ? utils.toPosixSlashes(input) : input);
|
|
39818
39818
|
if (match2) {
|
|
39819
39819
|
return match2.slice(1).map((v) => v === void 0 ? "" : v);
|
|
39820
39820
|
}
|
|
39821
39821
|
};
|
|
39822
|
-
micromatch4.makeRe = (...args2) =>
|
|
39823
|
-
micromatch4.scan = (...args2) =>
|
|
39822
|
+
micromatch4.makeRe = (...args2) => picomatch12.makeRe(...args2);
|
|
39823
|
+
micromatch4.scan = (...args2) => picomatch12.scan(...args2);
|
|
39824
39824
|
micromatch4.parse = (patterns, options) => {
|
|
39825
39825
|
let res = [];
|
|
39826
39826
|
for (let pattern of [].concat(patterns || [])) {
|
|
39827
39827
|
for (let str of braces(String(pattern), options)) {
|
|
39828
|
-
res.push(
|
|
39828
|
+
res.push(picomatch12.parse(str, options));
|
|
39829
39829
|
}
|
|
39830
39830
|
}
|
|
39831
39831
|
return res;
|
|
@@ -147531,7 +147531,7 @@ var require_micromatch2 = __commonJS({
|
|
|
147531
147531
|
"use strict";
|
|
147532
147532
|
var util5 = __require("util");
|
|
147533
147533
|
var braces = require_braces2();
|
|
147534
|
-
var
|
|
147534
|
+
var picomatch12 = require_picomatch4();
|
|
147535
147535
|
var utils = require_utils3();
|
|
147536
147536
|
var isEmptyString = (v) => v === "" || v === "./";
|
|
147537
147537
|
var hasBraces = (v) => {
|
|
@@ -147552,7 +147552,7 @@ var require_micromatch2 = __commonJS({
|
|
|
147552
147552
|
}
|
|
147553
147553
|
};
|
|
147554
147554
|
for (let i7 = 0; i7 < patterns.length; i7++) {
|
|
147555
|
-
let isMatch4 =
|
|
147555
|
+
let isMatch4 = picomatch12(String(patterns[i7]), { ...options, onResult }, true);
|
|
147556
147556
|
let negated = isMatch4.state.negated || isMatch4.state.negatedExtglob;
|
|
147557
147557
|
if (negated) negatives++;
|
|
147558
147558
|
for (let item of list2) {
|
|
@@ -147580,8 +147580,8 @@ var require_micromatch2 = __commonJS({
|
|
|
147580
147580
|
return matches;
|
|
147581
147581
|
};
|
|
147582
147582
|
micromatch4.match = micromatch4;
|
|
147583
|
-
micromatch4.matcher = (pattern, options) =>
|
|
147584
|
-
micromatch4.isMatch = (str, patterns, options) =>
|
|
147583
|
+
micromatch4.matcher = (pattern, options) => picomatch12(pattern, options);
|
|
147584
|
+
micromatch4.isMatch = (str, patterns, options) => picomatch12(patterns, options)(str);
|
|
147585
147585
|
micromatch4.any = micromatch4.isMatch;
|
|
147586
147586
|
micromatch4.not = (list2, patterns, options = {}) => {
|
|
147587
147587
|
patterns = [].concat(patterns).map(String);
|
|
@@ -147628,7 +147628,7 @@ var require_micromatch2 = __commonJS({
|
|
|
147628
147628
|
micromatch4.some = (list2, patterns, options) => {
|
|
147629
147629
|
let items = [].concat(list2);
|
|
147630
147630
|
for (let pattern of [].concat(patterns)) {
|
|
147631
|
-
let isMatch4 =
|
|
147631
|
+
let isMatch4 = picomatch12(String(pattern), options);
|
|
147632
147632
|
if (items.some((item) => isMatch4(item))) {
|
|
147633
147633
|
return true;
|
|
147634
147634
|
}
|
|
@@ -147638,7 +147638,7 @@ var require_micromatch2 = __commonJS({
|
|
|
147638
147638
|
micromatch4.every = (list2, patterns, options) => {
|
|
147639
147639
|
let items = [].concat(list2);
|
|
147640
147640
|
for (let pattern of [].concat(patterns)) {
|
|
147641
|
-
let isMatch4 =
|
|
147641
|
+
let isMatch4 = picomatch12(String(pattern), options);
|
|
147642
147642
|
if (!items.every((item) => isMatch4(item))) {
|
|
147643
147643
|
return false;
|
|
147644
147644
|
}
|
|
@@ -147649,23 +147649,23 @@ var require_micromatch2 = __commonJS({
|
|
|
147649
147649
|
if (typeof str !== "string") {
|
|
147650
147650
|
throw new TypeError(`Expected a string: "${util5.inspect(str)}"`);
|
|
147651
147651
|
}
|
|
147652
|
-
return [].concat(patterns).every((p3) =>
|
|
147652
|
+
return [].concat(patterns).every((p3) => picomatch12(p3, options)(str));
|
|
147653
147653
|
};
|
|
147654
147654
|
micromatch4.capture = (glob2, input, options) => {
|
|
147655
147655
|
let posix3 = utils.isWindows(options);
|
|
147656
|
-
let regex =
|
|
147656
|
+
let regex = picomatch12.makeRe(String(glob2), { ...options, capture: true });
|
|
147657
147657
|
let match2 = regex.exec(posix3 ? utils.toPosixSlashes(input) : input);
|
|
147658
147658
|
if (match2) {
|
|
147659
147659
|
return match2.slice(1).map((v) => v === void 0 ? "" : v);
|
|
147660
147660
|
}
|
|
147661
147661
|
};
|
|
147662
|
-
micromatch4.makeRe = (...args2) =>
|
|
147663
|
-
micromatch4.scan = (...args2) =>
|
|
147662
|
+
micromatch4.makeRe = (...args2) => picomatch12.makeRe(...args2);
|
|
147663
|
+
micromatch4.scan = (...args2) => picomatch12.scan(...args2);
|
|
147664
147664
|
micromatch4.parse = (patterns, options) => {
|
|
147665
147665
|
let res = [];
|
|
147666
147666
|
for (let pattern of [].concat(patterns || [])) {
|
|
147667
147667
|
for (let str of braces(String(pattern), options)) {
|
|
147668
|
-
res.push(
|
|
147668
|
+
res.push(picomatch12.parse(str, options));
|
|
147669
147669
|
}
|
|
147670
147670
|
}
|
|
147671
147671
|
return res;
|
|
@@ -205359,6 +205359,7 @@ var AnalyzerTelemetryServer = class {
|
|
|
205359
205359
|
|
|
205360
205360
|
// ../utils/src/command-utils.ts
|
|
205361
205361
|
var DEFAULT_TIMEOUT_MS = 30 * 60 * 1e3;
|
|
205362
|
+
var DEFAULT_KILL_GRACE_PERIOD_MS = 60 * 1e3;
|
|
205362
205363
|
async function execAndLogOnFailure(cmd, dir, options, logLevel = "info") {
|
|
205363
205364
|
const result = await execNeverFail(cmd, dir, options);
|
|
205364
205365
|
if (result.error) logCommandOutput(result, cmd, dir, logLevel);
|
|
@@ -205431,7 +205432,7 @@ function wrapWithMemoryLimit(cmd, options) {
|
|
|
205431
205432
|
2
|
|
205432
205433
|
)} MiB). Terminating process.`
|
|
205433
205434
|
);
|
|
205434
|
-
subprocess.kill(
|
|
205435
|
+
subprocess.kill("SIGTERM");
|
|
205435
205436
|
subprocess = void 0;
|
|
205436
205437
|
}
|
|
205437
205438
|
prevHandler?.onTelemetry(metrics);
|
|
@@ -205467,15 +205468,38 @@ async function execNeverFail(cmd, dir, options) {
|
|
|
205467
205468
|
let args2;
|
|
205468
205469
|
if (typeof cmd !== "string") [cmd, ...args2] = cmd;
|
|
205469
205470
|
const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
|
|
205471
|
+
const killGracePeriodMs = options?.killGracePeriodMs ?? DEFAULT_KILL_GRACE_PERIOD_MS;
|
|
205470
205472
|
const env = analyzerTelemetryFilePath ? { ...options?.env ?? process.env, ANALYZER_TELEMETRY_FILE_PATH: analyzerTelemetryFilePath } : options?.env;
|
|
205473
|
+
let sigtermTimer;
|
|
205474
|
+
let sigkillTimer;
|
|
205471
205475
|
const childProcess = execFile2(
|
|
205472
205476
|
cmd,
|
|
205473
205477
|
args2,
|
|
205474
|
-
{ ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout },
|
|
205478
|
+
{ ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout: 0 },
|
|
205475
205479
|
(error, stdout, stderr) => {
|
|
205480
|
+
if (sigtermTimer) clearTimeout(sigtermTimer);
|
|
205481
|
+
if (sigkillTimer) clearTimeout(sigkillTimer);
|
|
205476
205482
|
resolve45({ error, stdout, stderr });
|
|
205477
205483
|
}
|
|
205478
205484
|
);
|
|
205485
|
+
if (timeout > 0) {
|
|
205486
|
+
sigtermTimer = setTimeout(() => {
|
|
205487
|
+
if (childProcess.exitCode !== null || childProcess.signalCode !== null) return;
|
|
205488
|
+
childProcess.kill();
|
|
205489
|
+
if (killGracePeriodMs > 0) {
|
|
205490
|
+
sigkillTimer = setTimeout(() => {
|
|
205491
|
+
if (childProcess.exitCode === null && childProcess.signalCode === null) {
|
|
205492
|
+
logger.debug(
|
|
205493
|
+
`Process (pid ${childProcess.pid}) did not exit within ${killGracePeriodMs}ms of SIGTERM; escalating to SIGKILL`
|
|
205494
|
+
);
|
|
205495
|
+
childProcess.kill("SIGKILL");
|
|
205496
|
+
}
|
|
205497
|
+
}, killGracePeriodMs);
|
|
205498
|
+
sigkillTimer.unref?.();
|
|
205499
|
+
}
|
|
205500
|
+
}, timeout);
|
|
205501
|
+
sigtermTimer.unref?.();
|
|
205502
|
+
}
|
|
205479
205503
|
if (options?.telemetryHandler && childProcess.pid)
|
|
205480
205504
|
stopTelemetry = startTelemetry(childProcess, options.telemetryHandler);
|
|
205481
205505
|
if (options?.pipe) {
|
|
@@ -205655,6 +205679,11 @@ async function getFilesRelative(dir, excludeDirs) {
|
|
|
205655
205679
|
if (!excludeDirs?.includes(item.name)) await helper(itemPath, arrayOfFiles);
|
|
205656
205680
|
} else if (item.isFile()) {
|
|
205657
205681
|
arrayOfFiles.push(itemPath);
|
|
205682
|
+
} else if (item.isSymbolicLink()) {
|
|
205683
|
+
try {
|
|
205684
|
+
if ((await stat(join3(dir, itemPath))).isFile()) arrayOfFiles.push(itemPath);
|
|
205685
|
+
} catch {
|
|
205686
|
+
}
|
|
205658
205687
|
}
|
|
205659
205688
|
}
|
|
205660
205689
|
return arrayOfFiles;
|
|
@@ -224785,6 +224814,7 @@ var AnalyzerTelemetryServer2 = class {
|
|
|
224785
224814
|
|
|
224786
224815
|
// ../utils/dist/command-utils.js
|
|
224787
224816
|
var DEFAULT_TIMEOUT_MS2 = 30 * 60 * 1e3;
|
|
224817
|
+
var DEFAULT_KILL_GRACE_PERIOD_MS2 = 60 * 1e3;
|
|
224788
224818
|
async function execAndLogOnFailure3(cmd, dir, options, logLevel = "info") {
|
|
224789
224819
|
const result = await execNeverFail3(cmd, dir, options);
|
|
224790
224820
|
if (result.error)
|
|
@@ -224853,7 +224883,7 @@ function wrapWithMemoryLimit2(cmd, options) {
|
|
|
224853
224883
|
onTelemetry(metrics) {
|
|
224854
224884
|
if (subprocess?.exitCode === null && metrics.rss >= memoryLimitKiB * 1024) {
|
|
224855
224885
|
logger.debug(`Memory limit of ${options.memoryLimitInMB} MiB exceeded (RSS: ${(metrics.rss / 1024 / 1024).toFixed(2)} MiB). Terminating process.`);
|
|
224856
|
-
subprocess.kill(
|
|
224886
|
+
subprocess.kill("SIGTERM");
|
|
224857
224887
|
subprocess = void 0;
|
|
224858
224888
|
}
|
|
224859
224889
|
prevHandler?.onTelemetry(metrics);
|
|
@@ -224888,10 +224918,34 @@ async function execNeverFail3(cmd, dir, options) {
|
|
|
224888
224918
|
if (typeof cmd !== "string")
|
|
224889
224919
|
[cmd, ...args2] = cmd;
|
|
224890
224920
|
const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS2;
|
|
224921
|
+
const killGracePeriodMs = options?.killGracePeriodMs ?? DEFAULT_KILL_GRACE_PERIOD_MS2;
|
|
224891
224922
|
const env = analyzerTelemetryFilePath ? { ...options?.env ?? process.env, ANALYZER_TELEMETRY_FILE_PATH: analyzerTelemetryFilePath } : options?.env;
|
|
224892
|
-
|
|
224923
|
+
let sigtermTimer;
|
|
224924
|
+
let sigkillTimer;
|
|
224925
|
+
const childProcess = execFile4(cmd, args2, { ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout: 0 }, (error, stdout, stderr) => {
|
|
224926
|
+
if (sigtermTimer)
|
|
224927
|
+
clearTimeout(sigtermTimer);
|
|
224928
|
+
if (sigkillTimer)
|
|
224929
|
+
clearTimeout(sigkillTimer);
|
|
224893
224930
|
resolve45({ error, stdout, stderr });
|
|
224894
224931
|
});
|
|
224932
|
+
if (timeout > 0) {
|
|
224933
|
+
sigtermTimer = setTimeout(() => {
|
|
224934
|
+
if (childProcess.exitCode !== null || childProcess.signalCode !== null)
|
|
224935
|
+
return;
|
|
224936
|
+
childProcess.kill();
|
|
224937
|
+
if (killGracePeriodMs > 0) {
|
|
224938
|
+
sigkillTimer = setTimeout(() => {
|
|
224939
|
+
if (childProcess.exitCode === null && childProcess.signalCode === null) {
|
|
224940
|
+
logger.debug(`Process (pid ${childProcess.pid}) did not exit within ${killGracePeriodMs}ms of SIGTERM; escalating to SIGKILL`);
|
|
224941
|
+
childProcess.kill("SIGKILL");
|
|
224942
|
+
}
|
|
224943
|
+
}, killGracePeriodMs);
|
|
224944
|
+
sigkillTimer.unref?.();
|
|
224945
|
+
}
|
|
224946
|
+
}, timeout);
|
|
224947
|
+
sigtermTimer.unref?.();
|
|
224948
|
+
}
|
|
224895
224949
|
if (options?.telemetryHandler && childProcess.pid)
|
|
224896
224950
|
stopTelemetry = startTelemetry2(childProcess, options.telemetryHandler);
|
|
224897
224951
|
if (options?.pipe) {
|
|
@@ -225800,14 +225854,25 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
|
|
|
225800
225854
|
([pkgIdentifier, pkgObj2]) => pkgIdentifier.startsWith(`${fix.dependencyName}@`) && pkgObj2.version === fix.currentVersion
|
|
225801
225855
|
);
|
|
225802
225856
|
if (!packageToFix) return;
|
|
225803
|
-
const [, pkgObj] = packageToFix;
|
|
225857
|
+
const [oldKey, pkgObj] = packageToFix;
|
|
225804
225858
|
const packageDetails = await getPackageVersionDetailsFromNpm(fix.dependencyName, fix.fixedVersion);
|
|
225805
|
-
|
|
225806
|
-
|
|
225807
|
-
|
|
225808
|
-
|
|
225809
|
-
});
|
|
225859
|
+
pkgObj.version = fix.fixedVersion;
|
|
225860
|
+
pkgObj.resolution = `${fix.dependencyName}@npm:${fix.fixedVersion}`;
|
|
225861
|
+
setOrDelete(pkgObj, "dependencies", withBerryNpmDescriptors(packageDetails.dependencies));
|
|
225862
|
+
setOrDelete(pkgObj, "optionalDependencies", withBerryNpmDescriptors(packageDetails.optionalDependencies));
|
|
225810
225863
|
delete pkgObj.checksum;
|
|
225864
|
+
const exactOldKey = `${fix.dependencyName}@npm:${fix.currentVersion}`;
|
|
225865
|
+
const newKey = `${fix.dependencyName}@npm:${fix.fixedVersion}`;
|
|
225866
|
+
if (oldKey === exactOldKey && newKey !== oldKey) {
|
|
225867
|
+
const lock = yarnLock;
|
|
225868
|
+
if (lock[newKey] !== void 0 && lock[newKey] !== pkgObj) {
|
|
225869
|
+
throw new Error(
|
|
225870
|
+
`Cannot rename lockfile entry "${oldKey}" to "${newKey}": target key already exists with different contents`
|
|
225871
|
+
);
|
|
225872
|
+
}
|
|
225873
|
+
lock[newKey] = pkgObj;
|
|
225874
|
+
delete lock[oldKey];
|
|
225875
|
+
}
|
|
225811
225876
|
});
|
|
225812
225877
|
await this.writeYarnObj(yarnLock, yarnLockLocation);
|
|
225813
225878
|
}
|
|
@@ -225852,6 +225917,21 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
|
|
|
225852
225917
|
}
|
|
225853
225918
|
}
|
|
225854
225919
|
};
|
|
225920
|
+
function withBerryNpmDescriptors(deps) {
|
|
225921
|
+
if (!deps) return deps;
|
|
225922
|
+
const result = {};
|
|
225923
|
+
for (const [name2, range2] of Object.entries(deps)) {
|
|
225924
|
+
result[name2] = /^[a-z][a-z0-9+.-]*:/i.test(range2) ? range2 : `npm:${range2}`;
|
|
225925
|
+
}
|
|
225926
|
+
return result;
|
|
225927
|
+
}
|
|
225928
|
+
function setOrDelete(obj, key, value2) {
|
|
225929
|
+
if (value2 === void 0) {
|
|
225930
|
+
delete obj[key];
|
|
225931
|
+
} else {
|
|
225932
|
+
obj[key] = value2;
|
|
225933
|
+
}
|
|
225934
|
+
}
|
|
225855
225935
|
async function checkForYarnResolutions(packageJsonPath, fixes) {
|
|
225856
225936
|
if (!existsSync16(packageJsonPath)) return;
|
|
225857
225937
|
const content = await readFile19(packageJsonPath, "utf-8");
|
|
@@ -229685,11 +229765,13 @@ var PipSocketUpgradeManager = class {
|
|
|
229685
229765
|
);
|
|
229686
229766
|
pyprojectTomlMatcher = (0, import_picomatch8.default)("pyproject.toml", { basename: true });
|
|
229687
229767
|
uvLockMatcher = (0, import_picomatch8.default)("uv.lock", { basename: true });
|
|
229768
|
+
poetryLockMatcher = (0, import_picomatch8.default)("poetry.lock", { basename: true });
|
|
229688
229769
|
async applySocketArtifactUpgrades(ctxt) {
|
|
229689
229770
|
const pyprojectTomlFiles = ctxt.manifestFiles.filter((f6) => this.pyprojectTomlMatcher(f6));
|
|
229690
229771
|
const patches = [];
|
|
229691
229772
|
const uvLockFilesToValidate = /* @__PURE__ */ new Set();
|
|
229692
229773
|
const lockFileToDepTree = /* @__PURE__ */ new Map();
|
|
229774
|
+
const poetryLockArtifacts = /* @__PURE__ */ new Map();
|
|
229693
229775
|
for (const [idx, upgradeVersion] of ctxt.upgrades) {
|
|
229694
229776
|
const artifact = ctxt.artifacts[idx];
|
|
229695
229777
|
assert13(artifact.name);
|
|
@@ -229761,6 +229843,10 @@ var PipSocketUpgradeManager = class {
|
|
|
229761
229843
|
patches.push(...await this.createUvLockPatches(mf.file, idx, upgradeVersion, ctxt));
|
|
229762
229844
|
uvLockFilesToValidate.add(mf.file);
|
|
229763
229845
|
patches.push(...await this.createOverrideDependencyUpdatePatches(rootTomlFile, idx, upgradeVersion, ctxt));
|
|
229846
|
+
} else if (this.poetryLockMatcher(mf.file)) {
|
|
229847
|
+
const existing = poetryLockArtifacts.get(mf.file) ?? [];
|
|
229848
|
+
existing.push(idx);
|
|
229849
|
+
poetryLockArtifacts.set(mf.file, existing);
|
|
229764
229850
|
} else {
|
|
229765
229851
|
ctxt.statusUpdater?.({
|
|
229766
229852
|
status: "error",
|
|
@@ -229780,6 +229866,14 @@ var PipSocketUpgradeManager = class {
|
|
|
229780
229866
|
}
|
|
229781
229867
|
}
|
|
229782
229868
|
}
|
|
229869
|
+
for (const [file, artifacts] of poetryLockArtifacts) {
|
|
229870
|
+
ctxt.statusUpdater?.({
|
|
229871
|
+
status: "error",
|
|
229872
|
+
file,
|
|
229873
|
+
artifacts,
|
|
229874
|
+
message: "The Poetry package manager is not currently supported for upgrades"
|
|
229875
|
+
});
|
|
229876
|
+
}
|
|
229783
229877
|
await applyPatches("PIP", this.rootDir, patches, ctxt);
|
|
229784
229878
|
for (const lockFile of uvLockFilesToValidate) {
|
|
229785
229879
|
const upgradesForLockFile = [];
|
|
@@ -234965,6 +235059,7 @@ import { existsSync as existsSync30, writeFileSync as writeFileSync3 } from "fs"
|
|
|
234965
235059
|
import { mkdir as mkdir6, rm as rm3, writeFile as writeFile15 } from "fs/promises";
|
|
234966
235060
|
var import_lodash15 = __toESM(require_lodash(), 1);
|
|
234967
235061
|
import os2 from "os";
|
|
235062
|
+
var import_picomatch11 = __toESM(require_picomatch2(), 1);
|
|
234968
235063
|
import { join as join34, relative as relative22, resolve as resolve42 } from "path";
|
|
234969
235064
|
|
|
234970
235065
|
// ../utils/src/dashboard-api/shared-api.ts
|
|
@@ -251822,7 +251917,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
251822
251917
|
}
|
|
251823
251918
|
|
|
251824
251919
|
// dist/version.js
|
|
251825
|
-
var version3 = "15.0.
|
|
251920
|
+
var version3 = "15.0.7";
|
|
251826
251921
|
|
|
251827
251922
|
// dist/cli-core.js
|
|
251828
251923
|
var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
|
|
@@ -252088,11 +252183,50 @@ var CliCore = class {
|
|
|
252088
252183
|
logger.info(bold(` ${ecosystem} (${workspaces.length}):`));
|
|
252089
252184
|
workspaces.forEach((workspace) => logger.info(bold(` ${workspace}`)));
|
|
252090
252185
|
});
|
|
252186
|
+
const ecosystemToWorkspaceToAnalysisDataForPreinstall = {};
|
|
252187
|
+
const ecosystemToWorkspaceToVulnerabilitiesForPreinstall = {};
|
|
252188
|
+
for (const [ecosystem, workspaceToAnalysisData] of Object.entries(ecosystemToWorkspaceToAnalysisData)) {
|
|
252189
|
+
if (this.options.purlTypes && !this.options.purlTypes.some((purlType) => getAdvisoryEcosystemFromPurlType(purlType) === ecosystem)) {
|
|
252190
|
+
continue;
|
|
252191
|
+
}
|
|
252192
|
+
const includeDirs = this.options.includeDirs ?? [];
|
|
252193
|
+
const filteredWorkspaces = {};
|
|
252194
|
+
for (const [workspace, analysisData] of Object.entries(workspaceToAnalysisData)) {
|
|
252195
|
+
const resolvedWorkspace = resolve42(this.rootWorkingDirectory, workspace);
|
|
252196
|
+
const shouldExclude = shouldIgnoreDueToExcludeDirsOrChangedFiles({
|
|
252197
|
+
mainProjectDir: this.rootWorkingDirectory,
|
|
252198
|
+
excludeDirs: this.options.excludeDirs ?? [],
|
|
252199
|
+
changedFiles: this.options.changedFiles,
|
|
252200
|
+
includeDirs
|
|
252201
|
+
}, resolvedWorkspace);
|
|
252202
|
+
if (shouldExclude)
|
|
252203
|
+
continue;
|
|
252204
|
+
if (includeDirs.length > 0) {
|
|
252205
|
+
const relPath = relative22(this.rootWorkingDirectory, resolvedWorkspace);
|
|
252206
|
+
if (!import_picomatch11.default.isMatch(relPath, includeDirs))
|
|
252207
|
+
continue;
|
|
252208
|
+
}
|
|
252209
|
+
filteredWorkspaces[workspace] = analysisData;
|
|
252210
|
+
}
|
|
252211
|
+
if (Object.keys(filteredWorkspaces).length > 0) {
|
|
252212
|
+
ecosystemToWorkspaceToAnalysisDataForPreinstall[ecosystem] = filteredWorkspaces;
|
|
252213
|
+
const ecosystemVulns = ecosystemToWorkspaceToVulnerabilities[ecosystem];
|
|
252214
|
+
if (ecosystemVulns) {
|
|
252215
|
+
const filteredVulns = {};
|
|
252216
|
+
for (const workspace of Object.keys(filteredWorkspaces)) {
|
|
252217
|
+
if (ecosystemVulns[workspace]) {
|
|
252218
|
+
filteredVulns[workspace] = ecosystemVulns[workspace];
|
|
252219
|
+
}
|
|
252220
|
+
}
|
|
252221
|
+
ecosystemToWorkspaceToVulnerabilitiesForPreinstall[ecosystem] = filteredVulns;
|
|
252222
|
+
}
|
|
252223
|
+
}
|
|
252224
|
+
}
|
|
252091
252225
|
let preinstallDir;
|
|
252092
252226
|
try {
|
|
252093
252227
|
logger.info(bold("Pre-installing dependencies for all projects..."));
|
|
252094
252228
|
preinstallDir = await createTmpDirectory("coana-preinstall");
|
|
252095
|
-
await this.preInstallAllDependencies(preinstallDir,
|
|
252229
|
+
await this.preInstallAllDependencies(preinstallDir, ecosystemToWorkspaceToAnalysisDataForPreinstall, ecosystemToWorkspaceToVulnerabilitiesForPreinstall, otherModulesCommunicator);
|
|
252096
252230
|
logger.info(bold("All dependencies pre-installed successfully"));
|
|
252097
252231
|
} catch (e) {
|
|
252098
252232
|
if (this.options.reachContinueOnInstallErrors) {
|
|
@@ -252171,6 +252305,15 @@ var CliCore = class {
|
|
|
252171
252305
|
vuln.reachability = "UNKNOWN";
|
|
252172
252306
|
}
|
|
252173
252307
|
}
|
|
252308
|
+
if (!this.options.reachContinueOnNoSourceFiles) {
|
|
252309
|
+
const workspacesWithNoSource = allWorkspaceDiagnostics.filter((entry) => entry.diagnostics.sourceFilesDetected === "NO").map((entry) => `${entry.subprojectPath} (${entry.purl_type})`).sort();
|
|
252310
|
+
if (workspacesWithNoSource.length > 0) {
|
|
252311
|
+
this.logNoSourceFilesError(workspacesWithNoSource);
|
|
252312
|
+
throw new AnalysisHaltError([
|
|
252313
|
+
`No source files detected for: ${workspacesWithNoSource.join(", ")}`
|
|
252314
|
+
]);
|
|
252315
|
+
}
|
|
252316
|
+
}
|
|
252174
252317
|
if (!this.options.reachContinueOnAnalysisErrors) {
|
|
252175
252318
|
const isInstallError = (msg) => msg.startsWith(FAILED_TO_INSTALL_PACKAGE_KEY);
|
|
252176
252319
|
const errorMessages = vulnsWithResults.filter((v) => v.codeAwareScanResult.type === "analysisError" || v.codeAwareScanResult.type === "otherError").map((v) => v.codeAwareScanResult.message).filter((msg) => !this.options.reachContinueOnInstallErrors || !isInstallError(msg));
|
|
@@ -252644,7 +252787,7 @@ Subproject: ${subproject}`);
|
|
|
252644
252787
|
const allFailures = [];
|
|
252645
252788
|
await asyncMap(installTasks, async ({ ecosystem, workspace, analysisData, vulnerabilities, installDir }) => {
|
|
252646
252789
|
try {
|
|
252647
|
-
const result = await otherModulesCommunicator.installDependencies(
|
|
252790
|
+
const result = await otherModulesCommunicator.installDependencies(this.rootWorkingDirectory, workspace, analysisData, ecosystem, vulnerabilities, {
|
|
252648
252791
|
timeoutSeconds: {
|
|
252649
252792
|
allVulnRuns: this.analysisTimeoutInSeconds,
|
|
252650
252793
|
bucketedRuns: bucketedAnalysisTimeoutInSeconds
|
|
@@ -252654,14 +252797,14 @@ Subproject: ${subproject}`);
|
|
|
252654
252797
|
haltOnInstallErrors: false
|
|
252655
252798
|
}, installDir);
|
|
252656
252799
|
if (result.failedPackages.length > 0) {
|
|
252657
|
-
logger.info(` ${ecosystem}
|
|
252800
|
+
logger.info(` ${ecosystem}:${workspace}: failed to install ${result.failedPackages.join(", ")}`);
|
|
252658
252801
|
allFailures.push({ ecosystem, workspace, failedPackages: result.failedPackages });
|
|
252659
252802
|
} else {
|
|
252660
|
-
logger.info(` ${ecosystem}
|
|
252803
|
+
logger.info(` ${ecosystem}:${workspace}: all packages installed successfully`);
|
|
252661
252804
|
}
|
|
252662
252805
|
} catch (e) {
|
|
252663
252806
|
const message2 = e instanceof Error ? e.message : String(e);
|
|
252664
|
-
logger.info(` ${ecosystem}
|
|
252807
|
+
logger.info(` ${ecosystem}:${workspace}: pre-install failed (${message2})`);
|
|
252665
252808
|
allFailures.push({ ecosystem, workspace, failedPackages: [`(pre-install error: ${message2})`] });
|
|
252666
252809
|
}
|
|
252667
252810
|
}, Number(this.options.concurrency));
|
|
@@ -252734,6 +252877,23 @@ Subproject: ${subproject}`);
|
|
|
252734
252877
|
];
|
|
252735
252878
|
logger.error(displayLines.join("\n"));
|
|
252736
252879
|
}
|
|
252880
|
+
logNoSourceFilesError(workspaces) {
|
|
252881
|
+
const workspaceLines = workspaces.slice(0, 20).map((ws) => ` - ${ws}`);
|
|
252882
|
+
if (workspaces.length > 20) {
|
|
252883
|
+
workspaceLines.push(` ... and ${workspaces.length - 20} more`);
|
|
252884
|
+
}
|
|
252885
|
+
const displayLines = [
|
|
252886
|
+
"",
|
|
252887
|
+
kleur_default.red().bold("No Source Files"),
|
|
252888
|
+
`Reachability analysis halted because the following ${workspaces.length === 1 ? "workspace contains" : "workspaces contain"} no source files:`,
|
|
252889
|
+
...workspaceLines,
|
|
252890
|
+
"",
|
|
252891
|
+
"Make sure to run the Tier 1 analysis in a folder that also contains the project source files.",
|
|
252892
|
+
"Use --reach-continue-on-no-source-files to continue when source files are missing (e.g., an empty subproject in a monorepo).",
|
|
252893
|
+
""
|
|
252894
|
+
];
|
|
252895
|
+
logger.error(displayLines.join("\n"));
|
|
252896
|
+
}
|
|
252737
252897
|
logAnalysisErrors(totalErrorCount, uniqueErrors) {
|
|
252738
252898
|
const errorLines = uniqueErrors.slice(0, 20).map((msg) => ` - ${msg}`);
|
|
252739
252899
|
if (uniqueErrors.length > 20) {
|
|
@@ -253082,7 +253242,7 @@ async function writeAnalysisDebugInfo(outputFilePath, ecosystemToWorkspaceToVuln
|
|
|
253082
253242
|
handleNexeBinaryMode();
|
|
253083
253243
|
var program2 = new Command();
|
|
253084
253244
|
var run2 = new Command();
|
|
253085
|
-
run2.name("run").argument("<path>", "File system path to folder containing the project").option("-o, --output-dir <path>", "Write json report to <path>/coana-report.json").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).option("-p, --print-report", "Print the report to the console", false).option("--offline-database <path>", "Path to a coana-offline-db.json file for running the CLI without internet connectivity", void 0).option("-t, --timeout <timeout>", "Set API <timeout> in milliseconds to Coana backend.", "300000").option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.", "1").option("--api-key <key>", "Set the Coana dashboard API key. By setting you also enable the dashboard integration.").addOption(new Option("--write-report-to-file", "Write the report dashboard-compatible report to dashboard-report.json. This report may help the Coana team debug issues with the report insertion mechanism.").default(false).hideHelp()).option("--project-name <repoName>", "Set the name of the repository. Used for dashboard integration.").option("--repo-url <repoUrl>", "Set the URL of the repository. Used for dashboard integration.").option("--include-dirs <relativeDirs...>", "globs for directories to include from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, projects that are not included may still be scanned if they are referenced from included projects.").option("--exclude-dirs <relativeDirs...>", "globs for directories to exclude from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, excluded projects may still be scanned if they are referenced from non-excluded projects.").option("--disable-analysis-splitting", "Limits Coana to at most 1 reachability analysis run per workspace").option("--print-analysis-log-file", "Store log output from the JavaScript/TypeScript reachability analysis in the file js-analysis.log file in the root of each workspace", false).option("--entry-points <entryPoints...>", "List of files to analyze for root workspace. The reachability analysis automatically analyzes all files used by the entry points. If not provided, all JavaScript and TypeScript files are considered entry points. For non-root workspaces, all JavaScript and TypeScript files are analyzed as well.").option("--include-projects-with-no-reachability-support", "Also runs Coana on projects where we support traditional SCA, but does not yet support reachability analysis.", false).option("--ecosystems <ecosystems...>", "List of ecosystems to analyze (space-separated). Currently NPM, PIP, MAVEN, NUGET and GO are supported. Default is all supported ecosystems.").addOption(new Option("--purl-types <purlTypes...>", "List of PURL types to analyze (space-separated). Currently npm, pypi, maven, nuget, golang and cargo are supported. Default is all supported purl types.").hideHelp()).option("--changed-files <files...>", "List of files that have changed. If provided, Coana only analyzes workspaces and modules that contain changed files.").option("--disable-report-submission", "Disable the submission of the report to the Coana dashboard. Used by the pipeline blocking feature.", false).option("--disable-analytics-sharing", "Disable analytics sharing.", false).option("--provider-project <path>", "File system path to folder containing the provider project (Only supported for Maven, Gradle, and SBT)").option("--provider-workspaces <dirs...>", "List of workspaces that build the provided runtime environment (Only supported for Maven, Gradle, and SBT)", (paths) => paths.split(" ")).option("--lightweight-reachability", "Runs Coana in lightweight mode. This increases analysis speed but also raises the risk of Coana misclassifying the reachability of certain complex vulnerabilities. Recommended only for use with Coana Guardrail mode.", false).addOption(new Option("--run-without-docker", "Run package managers and reachability analyzers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--run-env <env>", "Specifies the environment in which the CLI is run. So far only MANAGED_SCAN and UNKNOWN are supported.").default("UNKNOWN").choices(["UNKNOWN", "MANAGED_SCAN"]).hideHelp()).addOption(new Option("--guardrail-mode", "Run Coana in guardrail mode. This mode is used to prevent new reachable vulnerabilities from being introduced into the codebase. Usually run as a CI check when pushing new commits to a pull request.")).option("--ignore-failing-workspaces", "Continue processing when a workspace fails instead of exiting. Failed workspaces will be logged at termination.", false).option("--reach-continue-on-install-errors", "Continue analysis when package installation fails, falling back to precomputed (Tier 2) reachability results. By default, the CLI halts on installation errors in socket mode.", process.env.COANA_CONTINUE_ON_INSTALL_ERRORS === "true").option("--reach-continue-on-analysis-errors", "Continue analysis when errors occur (timeouts, OOM, parse errors, etc.), falling back to precomputed (Tier 2) reachability results. By default, the CLI halts on analysis errors in socket mode.", false).addOption(new Option("--socket-mode <output-file>", "Run Coana in socket mode and write report to <output-file>").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).option("--skip-cache-usage", "Do not attempt to use cached analysis configuration from previous runs", false).addOption(new Option("--lazy-mode", "Enable lazy analysis mode for JavaScript/TypeScript. This can significantly speed up analysis by only analyzing code that is actually relevant for the vulnerabilities being analyzed.").default(false).hideHelp()).addOption(new Option("--min-severity <severity>", "Set the minimum severity of vulnerabilities to analyze. Supported severities are info, low, moderate, high and critical.").choices(["info", "INFO", "low", "LOW", "moderate", "MODERATE", "high", "HIGH", "critical", "CRITICAL"])).option("--use-unreachable-from-precomputation", "Skip the reachability analysis for vulnerabilities that are already known to be unreachable from the precomputed reachability analysis (Tier 2).", false).addOption(new Option("--use-only-pregenerated-sboms", "Only include artifacts that have CDX or SPDX files in their manifest files.").default(false).hideHelp()).option("--disable-external-tool-checks", "Disable validation of external tools (npm, python, go, etc.) before running analysis.", false).version(version3).configureHelp({ sortOptions: true }).action(async (path9, options) => {
|
|
253245
|
+
run2.name("run").argument("<path>", "File system path to folder containing the project").option("-o, --output-dir <path>", "Write json report to <path>/coana-report.json").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--silent-spinner", "Silence spinner", "CI" in process.env || !process.stdin.isTTY).option("-p, --print-report", "Print the report to the console", false).option("--offline-database <path>", "Path to a coana-offline-db.json file for running the CLI without internet connectivity", void 0).option("-t, --timeout <timeout>", "Set API <timeout> in milliseconds to Coana backend.", "300000").option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available. NPM reachability analysis does not support concurrent execution, so the concurrency level is ignored for NPM.", "1").option("--api-key <key>", "Set the Coana dashboard API key. By setting you also enable the dashboard integration.").addOption(new Option("--write-report-to-file", "Write the report dashboard-compatible report to dashboard-report.json. This report may help the Coana team debug issues with the report insertion mechanism.").default(false).hideHelp()).option("--project-name <repoName>", "Set the name of the repository. Used for dashboard integration.").option("--repo-url <repoUrl>", "Set the URL of the repository. Used for dashboard integration.").option("--include-dirs <relativeDirs...>", "globs for directories to include from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, projects that are not included may still be scanned if they are referenced from included projects.").option("--exclude-dirs <relativeDirs...>", "globs for directories to exclude from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, excluded projects may still be scanned if they are referenced from non-excluded projects.").option("--disable-analysis-splitting", "Limits Coana to at most 1 reachability analysis run per workspace").option("--print-analysis-log-file", "Store log output from the JavaScript/TypeScript reachability analysis in the file js-analysis.log file in the root of each workspace", false).option("--entry-points <entryPoints...>", "List of files to analyze for root workspace. The reachability analysis automatically analyzes all files used by the entry points. If not provided, all JavaScript and TypeScript files are considered entry points. For non-root workspaces, all JavaScript and TypeScript files are analyzed as well.").option("--include-projects-with-no-reachability-support", "Also runs Coana on projects where we support traditional SCA, but does not yet support reachability analysis.", false).option("--ecosystems <ecosystems...>", "List of ecosystems to analyze (space-separated). Currently NPM, PIP, MAVEN, NUGET and GO are supported. Default is all supported ecosystems.").addOption(new Option("--purl-types <purlTypes...>", "List of PURL types to analyze (space-separated). Currently npm, pypi, maven, nuget, golang and cargo are supported. Default is all supported purl types.").hideHelp()).option("--changed-files <files...>", "List of files that have changed. If provided, Coana only analyzes workspaces and modules that contain changed files.").option("--disable-report-submission", "Disable the submission of the report to the Coana dashboard. Used by the pipeline blocking feature.", false).option("--disable-analytics-sharing", "Disable analytics sharing.", false).option("--provider-project <path>", "File system path to folder containing the provider project (Only supported for Maven, Gradle, and SBT)").option("--provider-workspaces <dirs...>", "List of workspaces that build the provided runtime environment (Only supported for Maven, Gradle, and SBT)", (paths) => paths.split(" ")).option("--lightweight-reachability", "Runs Coana in lightweight mode. This increases analysis speed but also raises the risk of Coana misclassifying the reachability of certain complex vulnerabilities. Recommended only for use with Coana Guardrail mode.", false).addOption(new Option("--run-without-docker", "Run package managers and reachability analyzers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--run-env <env>", "Specifies the environment in which the CLI is run. So far only MANAGED_SCAN and UNKNOWN are supported.").default("UNKNOWN").choices(["UNKNOWN", "MANAGED_SCAN"]).hideHelp()).addOption(new Option("--guardrail-mode", "Run Coana in guardrail mode. This mode is used to prevent new reachable vulnerabilities from being introduced into the codebase. Usually run as a CI check when pushing new commits to a pull request.")).option("--ignore-failing-workspaces", "Continue processing when a workspace fails instead of exiting. Failed workspaces will be logged at termination.", false).option("--reach-continue-on-install-errors", "Continue analysis when package installation fails, falling back to precomputed (Tier 2) reachability results. By default, the CLI halts on installation errors in socket mode.", process.env.COANA_CONTINUE_ON_INSTALL_ERRORS === "true").option("--reach-continue-on-analysis-errors", "Continue analysis when errors occur (timeouts, OOM, parse errors, etc.), falling back to precomputed (Tier 2) reachability results. By default, the CLI halts on analysis errors in socket mode.", false).option("--reach-continue-on-no-source-files", "Continue analysis when a workspace contains no source files for its ecosystem. By default, the CLI halts in socket mode.", false).addOption(new Option("--socket-mode <output-file>", "Run Coana in socket mode and write report to <output-file>").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).option("--skip-cache-usage", "Do not attempt to use cached analysis configuration from previous runs", false).addOption(new Option("--lazy-mode", "Enable lazy analysis mode for JavaScript/TypeScript. This can significantly speed up analysis by only analyzing code that is actually relevant for the vulnerabilities being analyzed.").default(false).hideHelp()).addOption(new Option("--min-severity <severity>", "Set the minimum severity of vulnerabilities to analyze. Supported severities are info, low, moderate, high and critical.").choices(["info", "INFO", "low", "LOW", "moderate", "MODERATE", "high", "HIGH", "critical", "CRITICAL"])).option("--use-unreachable-from-precomputation", "Skip the reachability analysis for vulnerabilities that are already known to be unreachable from the precomputed reachability analysis (Tier 2).", false).addOption(new Option("--use-only-pregenerated-sboms", "Only include artifacts that have CDX or SPDX files in their manifest files.").default(false).hideHelp()).option("--disable-external-tool-checks", "Disable validation of external tools (npm, python, go, etc.) before running analysis.", false).version(version3).configureHelp({ sortOptions: true }).action(async (path9, options) => {
|
|
253086
253246
|
process.env.DOCKER_IMAGE_TAG ??= version3;
|
|
253087
253247
|
options.ecosystems = options.ecosystems?.map((e) => e.toUpperCase());
|
|
253088
253248
|
options.minSeverity = options.minSeverity?.toUpperCase();
|
package/package.json
CHANGED
|
@@ -87597,6 +87597,7 @@ var AnalyzerTelemetryServer = class {
|
|
|
87597
87597
|
|
|
87598
87598
|
// ../utils/src/command-utils.ts
|
|
87599
87599
|
var DEFAULT_TIMEOUT_MS = 30 * 60 * 1e3;
|
|
87600
|
+
var DEFAULT_KILL_GRACE_PERIOD_MS = 60 * 1e3;
|
|
87600
87601
|
async function execAndLogOnFailure(cmd, dir, options, logLevel = "info") {
|
|
87601
87602
|
const result = await execNeverFail(cmd, dir, options);
|
|
87602
87603
|
if (result.error) logCommandOutput(result, cmd, dir, logLevel);
|
|
@@ -87666,7 +87667,7 @@ function wrapWithMemoryLimit(cmd, options) {
|
|
|
87666
87667
|
2
|
|
87667
87668
|
)} MiB). Terminating process.`
|
|
87668
87669
|
);
|
|
87669
|
-
subprocess.kill(
|
|
87670
|
+
subprocess.kill("SIGTERM");
|
|
87670
87671
|
subprocess = void 0;
|
|
87671
87672
|
}
|
|
87672
87673
|
prevHandler?.onTelemetry(metrics);
|
|
@@ -87702,15 +87703,38 @@ async function execNeverFail(cmd, dir, options) {
|
|
|
87702
87703
|
let args;
|
|
87703
87704
|
if (typeof cmd !== "string") [cmd, ...args] = cmd;
|
|
87704
87705
|
const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
|
|
87706
|
+
const killGracePeriodMs = options?.killGracePeriodMs ?? DEFAULT_KILL_GRACE_PERIOD_MS;
|
|
87705
87707
|
const env = analyzerTelemetryFilePath ? { ...options?.env ?? process.env, ANALYZER_TELEMETRY_FILE_PATH: analyzerTelemetryFilePath } : options?.env;
|
|
87708
|
+
let sigtermTimer;
|
|
87709
|
+
let sigkillTimer;
|
|
87706
87710
|
const childProcess = execFile2(
|
|
87707
87711
|
cmd,
|
|
87708
87712
|
args,
|
|
87709
|
-
{ ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args === void 0, timeout },
|
|
87713
|
+
{ ...options, env, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args === void 0, timeout: 0 },
|
|
87710
87714
|
(error, stdout, stderr) => {
|
|
87715
|
+
if (sigtermTimer) clearTimeout(sigtermTimer);
|
|
87716
|
+
if (sigkillTimer) clearTimeout(sigkillTimer);
|
|
87711
87717
|
resolve28({ error, stdout, stderr });
|
|
87712
87718
|
}
|
|
87713
87719
|
);
|
|
87720
|
+
if (timeout > 0) {
|
|
87721
|
+
sigtermTimer = setTimeout(() => {
|
|
87722
|
+
if (childProcess.exitCode !== null || childProcess.signalCode !== null) return;
|
|
87723
|
+
childProcess.kill();
|
|
87724
|
+
if (killGracePeriodMs > 0) {
|
|
87725
|
+
sigkillTimer = setTimeout(() => {
|
|
87726
|
+
if (childProcess.exitCode === null && childProcess.signalCode === null) {
|
|
87727
|
+
logger.debug(
|
|
87728
|
+
`Process (pid ${childProcess.pid}) did not exit within ${killGracePeriodMs}ms of SIGTERM; escalating to SIGKILL`
|
|
87729
|
+
);
|
|
87730
|
+
childProcess.kill("SIGKILL");
|
|
87731
|
+
}
|
|
87732
|
+
}, killGracePeriodMs);
|
|
87733
|
+
sigkillTimer.unref?.();
|
|
87734
|
+
}
|
|
87735
|
+
}, timeout);
|
|
87736
|
+
sigtermTimer.unref?.();
|
|
87737
|
+
}
|
|
87714
87738
|
if (options?.telemetryHandler && childProcess.pid)
|
|
87715
87739
|
stopTelemetry = startTelemetry(childProcess, options.telemetryHandler);
|
|
87716
87740
|
if (options?.pipe) {
|
|
@@ -87961,6 +87985,11 @@ async function getFiles(dir, excludeDirs) {
|
|
|
87961
87985
|
if (!excludeDirs?.includes(item.name)) await helper(itemPath, arrayOfFiles);
|
|
87962
87986
|
} else if (item.isFile()) {
|
|
87963
87987
|
arrayOfFiles.push(itemPath);
|
|
87988
|
+
} else if (item.isSymbolicLink()) {
|
|
87989
|
+
try {
|
|
87990
|
+
if ((await stat(itemPath)).isFile()) arrayOfFiles.push(itemPath);
|
|
87991
|
+
} catch {
|
|
87992
|
+
}
|
|
87964
87993
|
}
|
|
87965
87994
|
}
|
|
87966
87995
|
return arrayOfFiles;
|
|
@@ -88747,7 +88776,7 @@ var ToolPathResolver = class {
|
|
|
88747
88776
|
"darwin-arm64": "aarch64-apple-darwin",
|
|
88748
88777
|
"darwin-x64": "x86_64-apple-darwin"
|
|
88749
88778
|
}[`${platform7}-${arch === "arm" ? "arm64" : arch}`];
|
|
88750
|
-
return resolve6(COANA_REPOS_PATH(), "spar", `
|
|
88779
|
+
return resolve6(COANA_REPOS_PATH(), "spar", `sparphp-${name2}.gz`);
|
|
88751
88780
|
}
|
|
88752
88781
|
/**
|
|
88753
88782
|
* Get the path to the Node.js executable
|
|
@@ -96286,7 +96315,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
|
|
|
96286
96315
|
const outputFile = resolve9(tmpDir, "output.json");
|
|
96287
96316
|
await writeFile5(inputFile, JSON.stringify(options));
|
|
96288
96317
|
const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
|
|
96289
|
-
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs,
|
|
96318
|
+
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.dotnet });
|
|
96290
96319
|
if (result.error)
|
|
96291
96320
|
return void 0;
|
|
96292
96321
|
const packageIds = JSON.parse(await readFile7(outputFile, "utf-8")).result;
|
|
@@ -96327,7 +96356,6 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
|
|
|
96327
96356
|
const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
|
|
96328
96357
|
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, {
|
|
96329
96358
|
timeout: timeoutMs,
|
|
96330
|
-
killSignal: "SIGKILL",
|
|
96331
96359
|
heartbeat: HEARTBEATS.dotnet,
|
|
96332
96360
|
telemetryHandler,
|
|
96333
96361
|
analyzerTelemetryHandler
|
|
@@ -110365,7 +110393,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
|
|
|
110365
110393
|
const outputFile = resolve10(tmpDir, "output.json");
|
|
110366
110394
|
await writeFile6(inputFile, JSON.stringify(options));
|
|
110367
110395
|
const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
|
|
110368
|
-
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs,
|
|
110396
|
+
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.java });
|
|
110369
110397
|
if (result.error)
|
|
110370
110398
|
return void 0;
|
|
110371
110399
|
const packageIds = JSON.parse(await readFile8(outputFile, "utf-8")).result;
|
|
@@ -110404,7 +110432,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
|
|
|
110404
110432
|
const outputFile = resolve10(tmpDir, "output.json");
|
|
110405
110433
|
await writeFile6(inputFile, JSON.stringify(options));
|
|
110406
110434
|
const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
|
|
110407
|
-
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs,
|
|
110435
|
+
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.java, telemetryHandler, analyzerTelemetryHandler });
|
|
110408
110436
|
if (result.error)
|
|
110409
110437
|
return { type: "error", message: result.error.message ?? "unknown error" };
|
|
110410
110438
|
const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile8(outputFile, "utf-8")).result;
|
|
@@ -111039,7 +111067,6 @@ var JSAnalysisEngine = class {
|
|
|
111039
111067
|
${options.entryPoints ?? projectRoot}`;
|
|
111040
111068
|
await runCommandResolveStdOut2(cmd, void 0, {
|
|
111041
111069
|
timeout: options.timeoutSeconds.allVulnRuns * 1e3,
|
|
111042
|
-
killSignal: "SIGKILL",
|
|
111043
111070
|
heartbeat: HEARTBEATS.js,
|
|
111044
111071
|
telemetryHandler,
|
|
111045
111072
|
analyzerTelemetryHandler
|
|
@@ -111134,10 +111161,11 @@ var JellyJSAnalysisEngine = class extends JSAnalysisEngine {
|
|
|
111134
111161
|
await runCommandResolveStdOut2(
|
|
111135
111162
|
cmdToRun,
|
|
111136
111163
|
void 0,
|
|
111137
|
-
//
|
|
111164
|
+
// Terminate if the process exceeds 1.5x the timeout (e.g., due to GC pressure making
|
|
111165
|
+
// Jelly's internal timeout checks unreliable). execNeverFail sends SIGTERM first and
|
|
111166
|
+
// escalates to SIGKILL after a grace period if the process remains alive.
|
|
111138
111167
|
{
|
|
111139
111168
|
timeout: timeoutInSeconds * 1e3 * 1.5,
|
|
111140
|
-
killSignal: "SIGKILL",
|
|
111141
111169
|
heartbeat: HEARTBEATS.js,
|
|
111142
111170
|
telemetryHandler,
|
|
111143
111171
|
analyzerTelemetryHandler,
|
|
@@ -111188,7 +111216,6 @@ var JellyJSAnalysisEngine = class extends JSAnalysisEngine {
|
|
|
111188
111216
|
--reachable-json ${reachablePackagesFile} ${projectRoot}`;
|
|
111189
111217
|
await runCommandResolveStdOut2(jellyCmd, void 0, {
|
|
111190
111218
|
timeout: options.timeoutSeconds.allVulnRuns * 1e3,
|
|
111191
|
-
killSignal: "SIGKILL",
|
|
111192
111219
|
heartbeat: HEARTBEATS.js,
|
|
111193
111220
|
telemetryHandler,
|
|
111194
111221
|
analyzerTelemetryHandler
|
|
@@ -111913,10 +111940,10 @@ var SparJSAnalysisEngine = class extends JSAnalysisEngine {
|
|
|
111913
111940
|
await runCommandResolveStdOut2(
|
|
111914
111941
|
cmd,
|
|
111915
111942
|
void 0,
|
|
111916
|
-
//
|
|
111943
|
+
// Terminate if the process exceeds 1.5x the timeout. execNeverFail sends SIGTERM
|
|
111944
|
+
// first and escalates to SIGKILL after a grace period if the process remains alive.
|
|
111917
111945
|
{
|
|
111918
111946
|
timeout: timeoutInSeconds * 1e3 * 1.5,
|
|
111919
|
-
killSignal: "SIGKILL",
|
|
111920
111947
|
heartbeat: HEARTBEATS.js,
|
|
111921
111948
|
telemetryHandler,
|
|
111922
111949
|
analyzerTelemetryHandler,
|
|
@@ -112320,7 +112347,6 @@ var GoCodeAwareVulnerabilityScanner = class {
|
|
|
112320
112347
|
-topk=4 ${heuristic.includeTests && "-tests"}
|
|
112321
112348
|
${this.projectDir} ${vulnAccPaths}`, void 0, {
|
|
112322
112349
|
timeout: timeoutInSeconds * 1e3,
|
|
112323
|
-
killSignal: "SIGKILL",
|
|
112324
112350
|
memoryLimitInMB,
|
|
112325
112351
|
env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${Math.max(Math.ceil(memoryLimitInMB - 256), 0)}MiB` } : void 0,
|
|
112326
112352
|
heartbeat: HEARTBEATS.go,
|
|
@@ -112731,7 +112757,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
|
|
|
112731
112757
|
const outputFile = resolve17(tmpDir, "output.json");
|
|
112732
112758
|
await writeFile10(inputFile, JSON.stringify(options));
|
|
112733
112759
|
const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
|
|
112734
|
-
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs,
|
|
112760
|
+
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.rust });
|
|
112735
112761
|
if (result.error)
|
|
112736
112762
|
return void 0;
|
|
112737
112763
|
const packageIds = JSON.parse(await readFile13(outputFile, "utf-8")).result;
|
|
@@ -112767,7 +112793,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
|
|
|
112767
112793
|
const outputFile = resolve17(tmpDir, "output.json");
|
|
112768
112794
|
await writeFile10(inputFile, JSON.stringify(options));
|
|
112769
112795
|
const timeoutMs = Math.max(effectiveTimeout * 1.5, effectiveTimeout + 30) * 1e3;
|
|
112770
|
-
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs,
|
|
112796
|
+
const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, heartbeat: HEARTBEATS.rust, telemetryHandler, analyzerTelemetryHandler });
|
|
112771
112797
|
if (result.error)
|
|
112772
112798
|
return { type: "error", message: result.error.message ?? "unknown error" };
|
|
112773
112799
|
const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile13(outputFile, "utf-8")).result;
|
|
@@ -113281,9 +113307,8 @@ var PythonCodeAwareVulnerabilityScanner = class {
|
|
|
113281
113307
|
PYPY_GC_MAX: `${memoryLimitInMB ? Math.max(Math.ceil(memoryLimitInMB - 256), 1) : 0}MB`
|
|
113282
113308
|
},
|
|
113283
113309
|
// Forcefully kill the process if the internal timeout mechanism fails.
|
|
113284
|
-
//
|
|
113310
|
+
// execNeverFail sends SIGTERM first and escalates to SIGKILL after a grace period.
|
|
113285
113311
|
timeout: (timeoutInSeconds * 1.5 + 15) * 1e3,
|
|
113286
|
-
killSignal: "SIGKILL",
|
|
113287
113312
|
heartbeat: HEARTBEATS.python,
|
|
113288
113313
|
telemetryHandler,
|
|
113289
113314
|
analyzerTelemetryHandler,
|
|
@@ -113982,9 +114007,22 @@ async function analyzeWithHeuristics(state, vulns, heuristicsInOrder, doNotRecom
|
|
|
113982
114007
|
heuristic: getHeuristicFromName(state, b.heuristicName, ecosystem),
|
|
113983
114008
|
vulnerabilities: b.vulnUrls.map((vUrl) => vulnerabilities.find((v) => v.url === vUrl))
|
|
113984
114009
|
})), analysisMetadataCollector, true);
|
|
114010
|
+
const originalUrlToReachability = transformVulnsToUrlToReachability(resWithoutExperimentalHeuristic.augmentedVulnerabilities);
|
|
114011
|
+
if (expHeuristicName === "SPARJS_EXPERIMENT") {
|
|
114012
|
+
for (const v of resWithoutExperimentalHeuristic.augmentedVulnerabilities) {
|
|
114013
|
+
if (v.results.type !== "success")
|
|
114014
|
+
continue;
|
|
114015
|
+
const { stacks } = v.results.detectedOccurrences;
|
|
114016
|
+
if (!stacks.length)
|
|
114017
|
+
continue;
|
|
114018
|
+
const pkgsInVulnChain = new Set(Object.values(v.vulnChainDetails.transitiveDependencies).map((d) => d.packageName));
|
|
114019
|
+
if (stacks.every((s2) => s2.some((f2, i4) => i4 > 0 && !pkgsInVulnChain.has(f2.package))))
|
|
114020
|
+
ignoredVulnerabilities.add(v.url);
|
|
114021
|
+
}
|
|
114022
|
+
}
|
|
113985
114023
|
await Promise.all([
|
|
113986
114024
|
sendTimeRegressionsToDashboard(expHeuristicName, resWithoutExperimentalHeuristic.analysisMetadata, bucketsToRecompute),
|
|
113987
|
-
sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName,
|
|
114025
|
+
sendReachabilityRegressionsToDashboard(resWithoutExperimentalHeuristic.analysisMetadata[0].heuristicName, expHeuristicName, originalUrlToReachability, experimentalUrlToReachability, ignoredVulnerabilities)
|
|
113988
114026
|
]);
|
|
113989
114027
|
}
|
|
113990
114028
|
const vulnsToGetFromExperimental = bucketsNotToRecompute.flatMap((b) => b.vulnUrls);
|
|
@@ -114292,8 +114330,8 @@ function findDuplicateVulnsInBuckets(bucketsFromLastAnalysis) {
|
|
|
114292
114330
|
}
|
|
114293
114331
|
return duplicateUrls;
|
|
114294
114332
|
}
|
|
114295
|
-
function transformVulnsToUrlToReachability(
|
|
114296
|
-
return Object.fromEntries(
|
|
114333
|
+
function transformVulnsToUrlToReachability(augmentedVulnerabilities) {
|
|
114334
|
+
return Object.fromEntries(augmentedVulnerabilities.map((v) => [
|
|
114297
114335
|
v.url,
|
|
114298
114336
|
{
|
|
114299
114337
|
reachability: getVulnReachability(v.results),
|
|
@@ -114405,7 +114443,7 @@ async function runSparPhpAnalysis(projectDir, vulns, includePackages, timeoutInS
|
|
|
114405
114443
|
const vulnInput = vulns.map((v) => {
|
|
114406
114444
|
const vulnerablePackage = Object.values(v.vulnChainDetails?.transitiveDependencies ?? {}).find((d) => d.vulnerable);
|
|
114407
114445
|
return {
|
|
114408
|
-
|
|
114446
|
+
advisory: { url: v.url, name: vulnerablePackage?.packageName ?? "", range: "*" },
|
|
114409
114447
|
patterns: v.vulnerabilityAccessPaths
|
|
114410
114448
|
};
|
|
114411
114449
|
});
|
|
@@ -114419,7 +114457,6 @@ async function runSparPhpAnalysis(projectDir, vulns, includePackages, timeoutInS
|
|
|
114419
114457
|
${includePackagesArgs}`, void 0, {
|
|
114420
114458
|
timeout: (timeoutInSeconds + 10) * 1e3,
|
|
114421
114459
|
// Give a bit of extra time for spar-php to shut down gracefully
|
|
114422
|
-
killSignal: "SIGKILL",
|
|
114423
114460
|
heartbeat: HEARTBEATS.php,
|
|
114424
114461
|
telemetryHandler,
|
|
114425
114462
|
analyzerTelemetryHandler
|
|
@@ -115228,7 +115265,6 @@ var RubyCodeAwareVulnerabilityScanner = class {
|
|
|
115228
115265
|
this.numberAnalysesRun++;
|
|
115229
115266
|
await exec2(cmd, this.projectDir, {
|
|
115230
115267
|
timeout: (timeoutInSeconds * 1.5 + 10) * 1e3,
|
|
115231
|
-
killSignal: "SIGKILL",
|
|
115232
115268
|
heartbeat: HEARTBEATS.ruby,
|
|
115233
115269
|
telemetryHandler
|
|
115234
115270
|
});
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|