@dxworks/depinder 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +108 -0
- package/dist/assets/.gitkeep +0 -0
- package/dist/assets/depinder.docker-compose.yml +68 -0
- package/dist/assets/init-mongo.d.ts +0 -0
- package/dist/assets/init-mongo.js +16 -0
- package/dist/assets/init-mongo.js.map +1 -0
- package/dist/cache/cache.d.ts +9 -0
- package/dist/cache/cache.js +18 -0
- package/dist/cache/cache.js.map +1 -0
- package/dist/cache/json-cache.d.ts +2 -0
- package/dist/cache/json-cache.js +45 -0
- package/dist/cache/json-cache.js.map +1 -0
- package/dist/cache/mongo-cache.d.ts +5 -0
- package/dist/cache/mongo-cache.js +97 -0
- package/dist/cache/mongo-cache.js.map +1 -0
- package/dist/commands/analyse.d.ts +8 -0
- package/dist/commands/analyse.js +215 -0
- package/dist/commands/analyse.js.map +1 -0
- package/dist/commands/cache.d.ts +11 -0
- package/dist/commands/cache.js +83 -0
- package/dist/commands/cache.js.map +1 -0
- package/dist/commands/info.d.ts +0 -0
- package/dist/commands/info.js +190 -0
- package/dist/commands/info.js.map +1 -0
- package/dist/commands/update.d.ts +3 -0
- package/dist/commands/update.js +85 -0
- package/dist/commands/update.js.map +1 -0
- package/dist/depinder.d.ts +2 -0
- package/dist/depinder.js +16 -0
- package/dist/depinder.js.map +1 -0
- package/dist/extension-points/code-impact.d.ts +14 -0
- package/dist/extension-points/code-impact.js +3 -0
- package/dist/extension-points/code-impact.js.map +1 -0
- package/dist/extension-points/extract.d.ts +36 -0
- package/dist/extension-points/extract.js +3 -0
- package/dist/extension-points/extract.js.map +1 -0
- package/dist/extension-points/plugin-loader.d.ts +2 -0
- package/dist/extension-points/plugin-loader.js +18 -0
- package/dist/extension-points/plugin-loader.js.map +1 -0
- package/dist/extension-points/plugin.d.ts +13 -0
- package/dist/extension-points/plugin.js +3 -0
- package/dist/extension-points/plugin.js.map +1 -0
- package/dist/extension-points/registrar.d.ts +41 -0
- package/dist/extension-points/registrar.js +59 -0
- package/dist/extension-points/registrar.js.map +1 -0
- package/dist/extension-points/vulnerability-checker.d.ts +21 -0
- package/dist/extension-points/vulnerability-checker.js +3 -0
- package/dist/extension-points/vulnerability-checker.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.js +7 -0
- package/dist/index.js.map +1 -0
- package/dist/info/php/parser.d.ts +80 -0
- package/dist/info/php/parser.js +61 -0
- package/dist/info/php/parser.js.map +1 -0
- package/dist/plugins/dotnet/index.d.ts +11 -0
- package/dist/plugins/dotnet/index.js +146 -0
- package/dist/plugins/dotnet/index.js.map +1 -0
- package/dist/plugins/index.d.ts +3 -0
- package/dist/plugins/index.js +35 -0
- package/dist/plugins/index.js.map +1 -0
- package/dist/plugins/java/google.registrar.d.ts +0 -0
- package/dist/plugins/java/google.registrar.js +59 -0
- package/dist/plugins/java/google.registrar.js.map +1 -0
- package/dist/plugins/java/index.d.ts +7 -0
- package/dist/plugins/java/index.js +152 -0
- package/dist/plugins/java/index.js.map +1 -0
- package/dist/plugins/java/parsers/maven.d.ts +2 -0
- package/dist/plugins/java/parsers/maven.js +51 -0
- package/dist/plugins/java/parsers/maven.js.map +1 -0
- package/dist/plugins/javascript/index.d.ts +4 -0
- package/dist/plugins/javascript/index.js +151 -0
- package/dist/plugins/javascript/index.js.map +1 -0
- package/dist/plugins/php/index.d.ts +9 -0
- package/dist/plugins/php/index.js +131 -0
- package/dist/plugins/php/index.js.map +1 -0
- package/dist/plugins/php/php-interfaces.d.ts +117 -0
- package/dist/plugins/php/php-interfaces.js +67 -0
- package/dist/plugins/php/php-interfaces.js.map +1 -0
- package/dist/plugins/python/index.d.ts +15 -0
- package/dist/plugins/python/index.js +235 -0
- package/dist/plugins/python/index.js.map +1 -0
- package/dist/plugins/ruby/index.d.ts +4 -0
- package/dist/plugins/ruby/index.js +142 -0
- package/dist/plugins/ruby/index.js.map +1 -0
- package/dist/utils/blacklist.d.ts +1 -0
- package/dist/utils/blacklist.js +13 -0
- package/dist/utils/blacklist.js.map +1 -0
- package/dist/utils/npm.d.ts +8 -0
- package/dist/utils/npm.js +19 -0
- package/dist/utils/npm.js.map +1 -0
- package/dist/utils/utils.d.ts +10 -0
- package/dist/utils/utils.js +58 -0
- package/dist/utils/utils.js.map +1 -0
- package/dist/utils/vulnerabilities.d.ts +5 -0
- package/dist/utils/vulnerabilities.js +103 -0
- package/dist/utils/vulnerabilities.js.map +1 -0
- package/package.json +109 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"update.js","sourceRoot":"","sources":["../../src/commands/update.ts"],"names":[],"mappings":";;;;;;AAAA,yCAAiC;AACjC,oDAAuC;AACvC,kDAAyB;AACzB,mCAAqD;AACrD,sDAAiE;AACjE,oDAAqC;AACrC,wCAA8C;AAC9C,8DAAqE;AACrE,+CAA+C;AAGlC,QAAA,aAAa,GAAG,IAAI,mBAAO,EAAE;KACrC,IAAI,CAAC,QAAQ,CAAC;KACd,QAAQ,CAAC,kBAAkB,EAAE,oDAAoD,CAAC;KAClF,QAAQ,CAAC,cAAc,EAAE,+CAA+C,CAAC;KACzE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvB,KAAK,UAAU,4BAA4B,CAAC,WAAqB,EAAE,eAAyB;IACxF,MAAM,WAAW,GAAG,IAAI,wBAAS,CAAC;QAC9B,MAAM,EAAE,YAAY,GAAG,eAAK,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,qEAAqE;KACtH,EAAE,sBAAO,CAAC,WAAW,CAAC,CAAA;IACvB,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAC,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAC,CAAC,CAAA;IACnE,MAAM,kBAAkB,CAAC,eAAe,EAAE,WAAW,EAAE,WAAW,CAAC,CAAA;IACnE,WAAW,CAAC,IAAI,EAAE,CAAA;AACtB,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,cAAsB,EAAE,OAAiB;IAEtE,MAAM,MAAM,GAAG,IAAA,qCAA6B,GAAE,CAAA;IAC9C,IAAI,MAAM,KAAK,SAAS,EAAE;QACtB,gBAAG,CAAC,IAAI,CAAC,eAAK,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC,CAAA;QAC3D,gBAAG,CAAC,IAAI,CAAC,6BAA6B,eAAK,CAAC,MAAM,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAA;QAC1E,OAAM;KACT;IAGD,MAAM,gBAAgB,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,gBAAM,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAA,gBAAM,GAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAA;IAEhG,wBAAU,CAAC,IAAI,EAAE,CAAA;IACjB,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC,gBAAgB,CAAC,CAAA;IAEzD,MAAM,eAAe,GAAG,IAAA,6BAAmB,EAAC,OAAO,CAAC,CAAA;IAEpD,MAAM,WAAW,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAA;IACtG,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QACxB,gBAAG,CAAC,IAAI,CAAC,YAAY,WAAW,CAAC,MAAM,OAAO,GAAG,CAAC,MAAM,eAAe,CAAC,CAAA;QACxE,MAAM,4BAA4B,CAAC,WAAW,EAAE,eAAe,CAAC,CAAA;KACnE;SAAM;QACH,gBAAG,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;KACtC;IAED,wBAAU,CAAC,KAAK,EAAE,CAAA;AACtB,CAAC;AA1BD,gCA0BC;AAED,KAAK,UAAU,qBAAqB,CAAC,gBAAwB;IACzD,IAAI;QACA,MAAM,KAAK,GAAG,EAAC,SAAS,EAAE,EAAC,GAAG,EAAE,gBAAgB,CAAC,MAAM,EAAE,EAAC,EAAC,CAAA;QAE3D,MAAM,IAAI,GAAG,MAAM,8BAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QACtD,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAA;KAC7C;IAAC,OAAO,GAAG,EAAE;QACV,gBAAG,CAAC,KAAK,CAAC,0DAA0D,EAAE,GAAG,CAAC,CAAA;QAC1E,OAAO,EAAE,CAAA;KACZ;AACL,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,eAAyB,EAAE,WAAqB,EAAE,WAAsB;;IACtG,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE;QAClC,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAA;QAE/E,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;YACzB,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;gBAC3B,MAAM,WAAW,GAAG,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;gBACxD,IAAI;oBACA,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;oBACxD,IAAI,MAAA,MAAM,CAAC,OAAO,0CAAE,+BAA+B,EAAE;wBACjD,GAAG,CAAC,eAAe,GAAG,MAAM,IAAA,8CAA4B,EAAC,MAAM,CAAC,OAAO,CAAC,+BAA+B,EAAE,GAAG,CAAC,IAAI,CAAC,CAAA;qBACrH;oBACD,MAAM,wBAAU,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;iBAChC;gBAAC,OAAO,CAAM,EAAE;oBACb,gBAAG,CAAC,IAAI,CAAC,qCAAqC,WAAW,EAAE,CAAC,CAAA;oBAC5D,gBAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;iBACf;gBACD,WAAW,CAAC,SAAS,CAAC,EAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAC,CAAC,CAAA;aACrE;SACJ;KACJ;AACL,CAAC"}
|
package/dist/depinder.js
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.mainCommand = void 0;
|
|
4
|
+
const commander_1 = require("commander");
|
|
5
|
+
const utils_1 = require("./utils/utils");
|
|
6
|
+
const analyse_1 = require("./commands/analyse");
|
|
7
|
+
const cache_1 = require("./commands/cache");
|
|
8
|
+
const update_1 = require("./commands/update");
|
|
9
|
+
exports.mainCommand = new commander_1.Command()
|
|
10
|
+
.name('depinder')
|
|
11
|
+
.description(utils_1._package.description)
|
|
12
|
+
.version(utils_1._package.version, '-v, -version, --version, -V')
|
|
13
|
+
.addCommand(analyse_1.analyseCommand)
|
|
14
|
+
.addCommand(update_1.updateCommand)
|
|
15
|
+
.addCommand(cache_1.cacheCommand);
|
|
16
|
+
//# sourceMappingURL=depinder.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"depinder.js","sourceRoot":"","sources":["../src/depinder.ts"],"names":[],"mappings":";;;AAAA,yCAAiC;AACjC,yCAAsC;AACtC,gDAAiD;AACjD,4CAA6C;AAC7C,8CAA+C;AAElC,QAAA,WAAW,GAAG,IAAI,mBAAO,EAAE;KACnC,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,gBAAQ,CAAC,WAAW,CAAC;KACjC,OAAO,CAAC,gBAAQ,CAAC,OAAO,EAAE,6BAA6B,CAAC;KACxD,UAAU,CAAC,wBAAc,CAAC;KAC1B,UAAU,CAAC,sBAAa,CAAC;KACzB,UAAU,CAAC,oBAAY,CAAC,CAAA"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { DepinderDependency, DepinderProject } from './extract';
|
|
2
|
+
export interface CodeFinder {
|
|
3
|
+
findFiles(project: DepinderProject, allFiles: string[]): Promise<string[]>;
|
|
4
|
+
extractUsages?(project: DepinderProject): Promise<LibraryUsage[]>;
|
|
5
|
+
languages: string[];
|
|
6
|
+
getDeclaredEntities?(library: DepinderDependency): Promise<string[]>;
|
|
7
|
+
checkUsage(library: DepinderDependency, importedEntity: string): Promise<boolean>;
|
|
8
|
+
}
|
|
9
|
+
export interface LibraryUsage {
|
|
10
|
+
file: string;
|
|
11
|
+
importedEntity: string;
|
|
12
|
+
used: boolean;
|
|
13
|
+
language: string;
|
|
14
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"code-impact.js","sourceRoot":"","sources":["../../src/extension-points/code-impact.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { SemVer } from 'semver';
|
|
2
|
+
import { LibraryInfo } from './registrar';
|
|
3
|
+
import { Vulnerability } from './vulnerability-checker';
|
|
4
|
+
export interface Extractor {
|
|
5
|
+
files: string[];
|
|
6
|
+
filter?: (file: string) => boolean;
|
|
7
|
+
createContexts: (files: string[]) => DependencyFileContext[];
|
|
8
|
+
}
|
|
9
|
+
export interface Parser {
|
|
10
|
+
parseDependencyTree: ParseDependencyTree;
|
|
11
|
+
}
|
|
12
|
+
export type ParseDependencyTree = (context: DependencyFileContext) => DepinderProject | Promise<DepinderProject>;
|
|
13
|
+
export interface DependencyFileContext {
|
|
14
|
+
root: string;
|
|
15
|
+
manifestFile?: string;
|
|
16
|
+
lockFile: string;
|
|
17
|
+
type?: string;
|
|
18
|
+
}
|
|
19
|
+
export interface DepinderProject {
|
|
20
|
+
name: string;
|
|
21
|
+
version: string;
|
|
22
|
+
path: string;
|
|
23
|
+
dependencies: {
|
|
24
|
+
[dependencyId: string]: DepinderDependency;
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
export interface DepinderDependency {
|
|
28
|
+
id: string;
|
|
29
|
+
name: string;
|
|
30
|
+
version: string;
|
|
31
|
+
semver: SemVer | null;
|
|
32
|
+
type?: string;
|
|
33
|
+
requestedBy: string[];
|
|
34
|
+
libraryInfo?: LibraryInfo;
|
|
35
|
+
vulnerabilities?: Vulnerability[];
|
|
36
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extract.js","sourceRoot":"","sources":["../../src/extension-points/extract.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.defaultPlugins = void 0;
|
|
4
|
+
const javascript_1 = require("../plugins/javascript");
|
|
5
|
+
const ruby_1 = require("../plugins/ruby");
|
|
6
|
+
const java_1 = require("../plugins/java");
|
|
7
|
+
const python_1 = require("../plugins/python");
|
|
8
|
+
const dotnet_1 = require("../plugins/dotnet");
|
|
9
|
+
const php_1 = require("../plugins/php");
|
|
10
|
+
exports.defaultPlugins = [
|
|
11
|
+
javascript_1.javascript,
|
|
12
|
+
ruby_1.ruby,
|
|
13
|
+
java_1.java,
|
|
14
|
+
python_1.python,
|
|
15
|
+
php_1.php,
|
|
16
|
+
dotnet_1.dotnet,
|
|
17
|
+
];
|
|
18
|
+
//# sourceMappingURL=plugin-loader.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"plugin-loader.js","sourceRoot":"","sources":["../../src/extension-points/plugin-loader.ts"],"names":[],"mappings":";;;AAAA,sDAAgD;AAEhD,0CAAoC;AACpC,0CAAoC;AACpC,8CAAwC;AACxC,8CAAwC;AACxC,wCAAkC;AAErB,QAAA,cAAc,GAAa;IACpC,uBAAU;IACV,WAAI;IACJ,WAAI;IACJ,eAAM;IACN,SAAG;IACH,eAAM;CACT,CAAA"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { Extractor, Parser } from './extract';
|
|
2
|
+
import { Registrar } from './registrar';
|
|
3
|
+
import { VulnerabilityChecker } from './vulnerability-checker';
|
|
4
|
+
import { CodeFinder } from './code-impact';
|
|
5
|
+
export interface Plugin {
|
|
6
|
+
name: string;
|
|
7
|
+
aliases?: string[];
|
|
8
|
+
extractor: Extractor;
|
|
9
|
+
parser?: Parser;
|
|
10
|
+
registrar: Registrar;
|
|
11
|
+
checker?: VulnerabilityChecker;
|
|
12
|
+
codeFinder?: CodeFinder;
|
|
13
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../../src/extension-points/plugin.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { Vulnerability } from './vulnerability-checker';
|
|
2
|
+
export interface Registrar {
|
|
3
|
+
retrieve: RegistryRetriever;
|
|
4
|
+
}
|
|
5
|
+
export type RegistryRetriever = (libraryName: string) => LibraryInfo | Promise<LibraryInfo>;
|
|
6
|
+
interface LibraryVersion {
|
|
7
|
+
version: string;
|
|
8
|
+
timestamp: number;
|
|
9
|
+
licenses?: string | string[];
|
|
10
|
+
downloads?: number;
|
|
11
|
+
latest: boolean;
|
|
12
|
+
}
|
|
13
|
+
export interface LibraryInfo {
|
|
14
|
+
name: string;
|
|
15
|
+
description?: string;
|
|
16
|
+
versions: LibraryVersion[];
|
|
17
|
+
licenses: string[];
|
|
18
|
+
keywords?: string[];
|
|
19
|
+
issuesUrl?: string[];
|
|
20
|
+
reposUrl?: string[];
|
|
21
|
+
homepageUrl?: string;
|
|
22
|
+
documentationUrl?: string;
|
|
23
|
+
packageUrl?: string;
|
|
24
|
+
downloads?: number;
|
|
25
|
+
authors?: string[];
|
|
26
|
+
vulnerabilities?: Vulnerability[];
|
|
27
|
+
requiresLicenseAcceptance?: boolean;
|
|
28
|
+
}
|
|
29
|
+
export declare abstract class AbstractRegistrar implements Registrar {
|
|
30
|
+
private readonly next;
|
|
31
|
+
constructor(next?: Registrar | null);
|
|
32
|
+
retrieve(libraryName: string): Promise<LibraryInfo>;
|
|
33
|
+
abstract retrieveFromRegistry(libraryName: string): LibraryInfo | Promise<LibraryInfo>;
|
|
34
|
+
}
|
|
35
|
+
export type RegistryType = 'maven' | 'npm' | 'pypi' | 'nuget' | 'packagist';
|
|
36
|
+
export declare class LibrariesIORegistrar extends AbstractRegistrar {
|
|
37
|
+
private readonly registryType;
|
|
38
|
+
constructor(registryType: RegistryType);
|
|
39
|
+
retrieveFromRegistry(libraryName: string): Promise<LibraryInfo>;
|
|
40
|
+
}
|
|
41
|
+
export {};
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.LibrariesIORegistrar = exports.AbstractRegistrar = void 0;
|
|
7
|
+
const node_fetch_1 = __importDefault(require("node-fetch"));
|
|
8
|
+
const moment_1 = __importDefault(require("moment/moment"));
|
|
9
|
+
const utils_1 = require("../utils/utils");
|
|
10
|
+
class AbstractRegistrar {
|
|
11
|
+
constructor(next = null) {
|
|
12
|
+
this.next = null;
|
|
13
|
+
this.next = next;
|
|
14
|
+
}
|
|
15
|
+
async retrieve(libraryName) {
|
|
16
|
+
try {
|
|
17
|
+
return await this.retrieveFromRegistry(libraryName);
|
|
18
|
+
}
|
|
19
|
+
catch (e) {
|
|
20
|
+
if (this.next) {
|
|
21
|
+
return this.next.retrieve(libraryName);
|
|
22
|
+
}
|
|
23
|
+
else
|
|
24
|
+
throw e;
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
exports.AbstractRegistrar = AbstractRegistrar;
|
|
29
|
+
class LibrariesIORegistrar extends AbstractRegistrar {
|
|
30
|
+
constructor(registryType) {
|
|
31
|
+
super();
|
|
32
|
+
this.registryType = registryType;
|
|
33
|
+
}
|
|
34
|
+
async retrieveFromRegistry(libraryName) {
|
|
35
|
+
var _a, _b, _c;
|
|
36
|
+
await (0, utils_1.delay)(500);
|
|
37
|
+
const librariesIoURL = `https://libraries.io/api/${this.registryType}/${libraryName}?api_key=${process.env.LIBRARIES_IO_API_KEY}`;
|
|
38
|
+
const librariesIoResponse = await (0, node_fetch_1.default)(librariesIoURL);
|
|
39
|
+
const libIoData = await librariesIoResponse.json();
|
|
40
|
+
return {
|
|
41
|
+
name: libraryName,
|
|
42
|
+
versions: libIoData.versions.map((it) => {
|
|
43
|
+
return {
|
|
44
|
+
version: it.number,
|
|
45
|
+
timestamp: (0, moment_1.default)(it.published_at).valueOf(),
|
|
46
|
+
latest: it.number === libIoData.latest_release_number,
|
|
47
|
+
licenses: [],
|
|
48
|
+
};
|
|
49
|
+
}),
|
|
50
|
+
description: (_a = libIoData === null || libIoData === void 0 ? void 0 : libIoData.description) !== null && _a !== void 0 ? _a : '',
|
|
51
|
+
licenses: libIoData.licenses ? [libIoData.licenses] : [],
|
|
52
|
+
homepageUrl: (_b = libIoData === null || libIoData === void 0 ? void 0 : libIoData.homepage) !== null && _b !== void 0 ? _b : '',
|
|
53
|
+
keywords: (_c = libIoData === null || libIoData === void 0 ? void 0 : libIoData.keywords) !== null && _c !== void 0 ? _c : [],
|
|
54
|
+
reposUrl: (libIoData === null || libIoData === void 0 ? void 0 : libIoData.repository_url) ? [libIoData.repository_url] : [],
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
exports.LibrariesIORegistrar = LibrariesIORegistrar;
|
|
59
|
+
//# sourceMappingURL=registrar.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registrar.js","sourceRoot":"","sources":["../../src/extension-points/registrar.ts"],"names":[],"mappings":";;;;;;AACA,4DAA8B;AAC9B,2DAAkC;AAClC,0CAAoC;AAiCpC,MAAsB,iBAAiB;IAInC,YAAY,OAAyB,IAAI;QAFxB,SAAI,GAAqB,IAAI,CAAA;QAG1C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,WAAmB;QACrC,IAAI;YACA,OAAO,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAA;SACtD;QAAC,OAAO,CAAC,EAAE;YACR,IAAI,IAAI,CAAC,IAAI,EAAE;gBACX,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;aACzC;;gBACI,MAAM,CAAC,CAAA;SACf;IACL,CAAC;CAEJ;AAnBD,8CAmBC;AAKD,MAAa,oBAAqB,SAAQ,iBAAiB;IAGvD,YAAY,YAA0B;QAClC,KAAK,EAAE,CAAA;QACP,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;IACpC,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,WAAmB;;QAC1C,MAAM,IAAA,aAAK,EAAC,GAAG,CAAC,CAAA;QAChB,MAAM,cAAc,GAAG,4BAA4B,IAAI,CAAC,YAAY,IAAI,WAAW,YAAY,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAA;QACjI,MAAM,mBAAmB,GAAQ,MAAM,IAAA,oBAAK,EAAC,cAAc,CAAC,CAAA;QAC5D,MAAM,SAAS,GAAG,MAAM,mBAAmB,CAAC,IAAI,EAAE,CAAA;QAElD,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAO,EAAE,EAAE;gBACzC,OAAO;oBACH,OAAO,EAAE,EAAE,CAAC,MAAM;oBAClB,SAAS,EAAE,IAAA,gBAAM,EAAC,EAAE,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE;oBAC5C,MAAM,EAAE,EAAE,CAAC,MAAM,KAAK,SAAS,CAAC,qBAAqB;oBACrD,QAAQ,EAAE,EAAE;iBACf,CAAA;YACL,CAAC,CAAC;YACF,WAAW,EAAE,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,WAAW,mCAAI,EAAE;YACzC,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;YACxD,WAAW,EAAE,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,QAAQ,mCAAI,EAAE;YACtC,QAAQ,EAAE,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,QAAQ,mCAAI,EAAE;YACnC,QAAQ,EAAE,CAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,cAAc,EAAC,CAAC,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE;SACxE,CAAA;IACL,CAAC;CAEJ;AAhCD,oDAgCC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export interface VulnerabilityChecker {
|
|
2
|
+
githubSecurityAdvisoryEcosystem?: string;
|
|
3
|
+
getPURL?: (libName: string, version: string) => string;
|
|
4
|
+
check?: (libName: string) => Vulnerability[];
|
|
5
|
+
}
|
|
6
|
+
export interface Vulnerability {
|
|
7
|
+
severity: string;
|
|
8
|
+
score?: number;
|
|
9
|
+
description: string;
|
|
10
|
+
summary?: string;
|
|
11
|
+
timestamp?: number;
|
|
12
|
+
permalink: string;
|
|
13
|
+
identifiers?: {
|
|
14
|
+
value: string;
|
|
15
|
+
type: string;
|
|
16
|
+
}[];
|
|
17
|
+
references?: string[];
|
|
18
|
+
vulnerableRange?: string;
|
|
19
|
+
vulnerableVersions?: string[];
|
|
20
|
+
firstPatchedVersion?: string;
|
|
21
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vulnerability-checker.js","sourceRoot":"","sources":["../../src/extension-points/vulnerability-checker.ts"],"names":[],"mappings":""}
|
package/dist/index.d.ts
ADDED
package/dist/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAEA,yCAAsC;AAEtC,sBAAW;KACN,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
import { IPackagistPackageVersionDetails } from '../../plugins/php/php-interfaces';
|
|
2
|
+
export interface ComposerSupport {
|
|
3
|
+
email?: string;
|
|
4
|
+
issues?: string;
|
|
5
|
+
forum?: string;
|
|
6
|
+
wiki?: string;
|
|
7
|
+
irc?: string;
|
|
8
|
+
source?: string;
|
|
9
|
+
docs?: string;
|
|
10
|
+
rss?: string;
|
|
11
|
+
chat?: string;
|
|
12
|
+
}
|
|
13
|
+
export interface Composer {
|
|
14
|
+
name: string;
|
|
15
|
+
type: string;
|
|
16
|
+
version?: string;
|
|
17
|
+
description?: string;
|
|
18
|
+
repository?: string;
|
|
19
|
+
keywords?: string[];
|
|
20
|
+
require?: {
|
|
21
|
+
[key: string]: string;
|
|
22
|
+
};
|
|
23
|
+
'require-dev'?: {
|
|
24
|
+
[key: string]: string;
|
|
25
|
+
};
|
|
26
|
+
conflict?: {
|
|
27
|
+
[key: string]: string;
|
|
28
|
+
};
|
|
29
|
+
replace?: {
|
|
30
|
+
[key: string]: string;
|
|
31
|
+
};
|
|
32
|
+
provide?: {
|
|
33
|
+
[key: string]: string;
|
|
34
|
+
};
|
|
35
|
+
suggest?: {
|
|
36
|
+
[key: string]: string;
|
|
37
|
+
};
|
|
38
|
+
homepage?: string;
|
|
39
|
+
readme?: string;
|
|
40
|
+
license?: string;
|
|
41
|
+
support?: ComposerSupport;
|
|
42
|
+
time?: string;
|
|
43
|
+
}
|
|
44
|
+
export interface ComposerLock {
|
|
45
|
+
packages: ComposerPackage[];
|
|
46
|
+
'packages-dev': ComposerPackage[];
|
|
47
|
+
_readme: string;
|
|
48
|
+
'minimum-stability': string;
|
|
49
|
+
}
|
|
50
|
+
export interface ComposerPackageLocation {
|
|
51
|
+
type: string;
|
|
52
|
+
url: string;
|
|
53
|
+
reference: string;
|
|
54
|
+
}
|
|
55
|
+
export interface ComposerPackage extends Composer {
|
|
56
|
+
source?: ComposerPackageLocation;
|
|
57
|
+
dist?: ComposerPackageLocation;
|
|
58
|
+
versions: {
|
|
59
|
+
[version: string]: IPackagistPackageVersionDetails;
|
|
60
|
+
};
|
|
61
|
+
github_stars?: number;
|
|
62
|
+
github_watchers?: number;
|
|
63
|
+
github_forks?: number;
|
|
64
|
+
github_open_issues?: number;
|
|
65
|
+
language?: string;
|
|
66
|
+
dependents: number;
|
|
67
|
+
suggesters: number;
|
|
68
|
+
downloads: {
|
|
69
|
+
total: number;
|
|
70
|
+
monthly: number;
|
|
71
|
+
daily: number;
|
|
72
|
+
};
|
|
73
|
+
favers: number;
|
|
74
|
+
vulnerabilities?: any[];
|
|
75
|
+
allVulnerabilities?: any[];
|
|
76
|
+
}
|
|
77
|
+
export declare function parseComposerFile(file: string): Composer;
|
|
78
|
+
export declare function parseComposerLockFile(file: string): ComposerLock;
|
|
79
|
+
export declare function getAllDependenciesFromLock(deps: ComposerPackage[]): Promise<ComposerPackage[]>;
|
|
80
|
+
export declare function getAllDependenciesFromComposerJson(deps: string[]): Promise<ComposerPackage[]>;
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
+
exports.getAllDependenciesFromComposerJson = exports.getAllDependenciesFromLock = exports.parseComposerLockFile = exports.parseComposerFile = void 0;
|
|
27
|
+
const fs = __importStar(require("fs"));
|
|
28
|
+
const php_interfaces_1 = require("../../plugins/php/php-interfaces");
|
|
29
|
+
function parseComposerFile(file) {
|
|
30
|
+
return JSON.parse(fs.readFileSync(file).toString());
|
|
31
|
+
}
|
|
32
|
+
exports.parseComposerFile = parseComposerFile;
|
|
33
|
+
function parseComposerLockFile(file) {
|
|
34
|
+
return JSON.parse(fs.readFileSync(file).toString());
|
|
35
|
+
}
|
|
36
|
+
exports.parseComposerLockFile = parseComposerLockFile;
|
|
37
|
+
async function addVersions(it) {
|
|
38
|
+
const response = await (0, php_interfaces_1.getPackageDetails)(it.name);
|
|
39
|
+
if (!response)
|
|
40
|
+
return null;
|
|
41
|
+
it.versions = response.versions;
|
|
42
|
+
it.github_watchers = response.github_watchers;
|
|
43
|
+
it.github_stars = response.github_starts;
|
|
44
|
+
it.github_forks = response.github_forks;
|
|
45
|
+
it.github_open_issues = response.github_open_issues;
|
|
46
|
+
it.language = response.language;
|
|
47
|
+
it.dependents = response.dependents;
|
|
48
|
+
it.suggesters = response.suggesters;
|
|
49
|
+
it.downloads = response.downloads;
|
|
50
|
+
it.favers = response.favers;
|
|
51
|
+
return it;
|
|
52
|
+
}
|
|
53
|
+
async function getAllDependenciesFromLock(deps) {
|
|
54
|
+
return (await Promise.all(deps.map(it => addVersions(it)))).filter(it => it != null).map(it => it);
|
|
55
|
+
}
|
|
56
|
+
exports.getAllDependenciesFromLock = getAllDependenciesFromLock;
|
|
57
|
+
async function getAllDependenciesFromComposerJson(deps) {
|
|
58
|
+
return (await Promise.all(deps.map(it => (0, php_interfaces_1.getPackageDetails)(it)))).filter(it => it !== null).map(it => it);
|
|
59
|
+
}
|
|
60
|
+
exports.getAllDependenciesFromComposerJson = getAllDependenciesFromComposerJson;
|
|
61
|
+
//# sourceMappingURL=parser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../../src/info/php/parser.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAwB;AACxB,qEAAmG;AAwEnG,SAAgB,iBAAiB,CAAC,IAAY;IAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAa,CAAA;AACnE,CAAC;AAFD,8CAEC;AAED,SAAgB,qBAAqB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAiB,CAAA;AACvE,CAAC;AAFD,sDAEC;AAED,KAAK,UAAU,WAAW,CAAC,EAAmB;IAC1C,MAAM,QAAQ,GAAG,MAAM,IAAA,kCAAiB,EAAC,EAAE,CAAC,IAAI,CAAC,CAAA;IACjD,IAAG,CAAC,QAAQ;QACR,OAAO,IAAI,CAAA;IACf,EAAE,CAAC,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAA;IAC/B,EAAE,CAAC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAA;IAC7C,EAAE,CAAC,YAAY,GAAG,QAAQ,CAAC,aAAa,CAAA;IACxC,EAAE,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAA;IACvC,EAAE,CAAC,kBAAkB,GAAG,QAAQ,CAAC,kBAAkB,CAAA;IACnD,EAAE,CAAC,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAA;IAC/B,EAAE,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAA;IACnC,EAAE,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAA;IACnC,EAAE,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAA;IACjC,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAA;IAC3B,OAAO,EAAE,CAAA;AACb,CAAC;AAEM,KAAK,UAAU,0BAA0B,CAAC,IAAuB;IACpE,OAAO,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAqB,CAAC,CAAA;AACzH,CAAC;AAFD,gEAEC;AAGM,KAAK,UAAU,kCAAkC,CAAC,IAAc;IACnE,OAAO,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,IAAA,kCAAiB,EAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAqB,CAAC,CAAA;AAChI,CAAC;AAFD,gFAEC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { Plugin } from '../../extension-points/plugin';
|
|
2
|
+
import { AbstractRegistrar, LibraryInfo, Registrar } from '../../extension-points/registrar';
|
|
3
|
+
import { DependencyFileContext, DepinderProject } from '../../extension-points/extract';
|
|
4
|
+
export declare function runNugetInspector(context: DependencyFileContext): Promise<DepinderProject>;
|
|
5
|
+
export declare class NugetRegistrar extends AbstractRegistrar {
|
|
6
|
+
protected baseURL: string;
|
|
7
|
+
retrieveFromRegistry(libraryName: string): Promise<LibraryInfo>;
|
|
8
|
+
parseData(responseData: any): LibraryInfo;
|
|
9
|
+
}
|
|
10
|
+
export declare const registrar: Registrar;
|
|
11
|
+
export declare const dotnet: Plugin;
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.dotnet = exports.registrar = exports.NugetRegistrar = exports.runNugetInspector = void 0;
|
|
7
|
+
const axios_1 = __importDefault(require("axios"));
|
|
8
|
+
const registrar_1 = require("../../extension-points/registrar");
|
|
9
|
+
const moment_1 = __importDefault(require("moment"));
|
|
10
|
+
const nuget_inspector_1 = require("@dxworks/nuget-inspector");
|
|
11
|
+
const fs_1 = __importDefault(require("fs"));
|
|
12
|
+
const path_1 = __importDefault(require("path"));
|
|
13
|
+
const utils_1 = require("../../utils/utils");
|
|
14
|
+
const cli_common_1 = require("@dxworks/cli-common");
|
|
15
|
+
const extractor = {
|
|
16
|
+
files: ['*.csproj', '*.fsproj', '*.vbproj'],
|
|
17
|
+
createContexts: (files) => files.map(it => ({
|
|
18
|
+
root: path_1.default.dirname(it),
|
|
19
|
+
manifestFile: it,
|
|
20
|
+
})),
|
|
21
|
+
};
|
|
22
|
+
function transformNugetInspectorResult(result) {
|
|
23
|
+
const project = result.Containers[0];
|
|
24
|
+
const projectId = `${project.Name}@${project.Version}`;
|
|
25
|
+
if (!project) {
|
|
26
|
+
throw new Error('Parsing NuGet Inspector result failed.');
|
|
27
|
+
}
|
|
28
|
+
const depMap = new Map();
|
|
29
|
+
project.Packages.forEach((pack) => {
|
|
30
|
+
const packageId = `${pack.PackageId.Name}@${pack.PackageId.Version}`;
|
|
31
|
+
if (!depMap.has(packageId)) {
|
|
32
|
+
depMap.set(packageId, {
|
|
33
|
+
name: pack.PackageId.Name,
|
|
34
|
+
version: pack.PackageId.Version,
|
|
35
|
+
id: packageId,
|
|
36
|
+
semver: (0, utils_1.getPackageSemver)(pack.PackageId.Version),
|
|
37
|
+
requestedBy: [],
|
|
38
|
+
type: 'library',
|
|
39
|
+
});
|
|
40
|
+
}
|
|
41
|
+
pack.Dependencies.forEach((dep) => {
|
|
42
|
+
const depId = `${dep.Name}@${dep.Version}`;
|
|
43
|
+
if (!depMap.has(depId)) {
|
|
44
|
+
depMap.set(depId, {
|
|
45
|
+
name: dep.Name,
|
|
46
|
+
version: dep.Version,
|
|
47
|
+
id: depId,
|
|
48
|
+
semver: (0, utils_1.getPackageSemver)(dep.Version),
|
|
49
|
+
requestedBy: [packageId],
|
|
50
|
+
type: 'library',
|
|
51
|
+
});
|
|
52
|
+
}
|
|
53
|
+
else {
|
|
54
|
+
const cachedDep = depMap.get(depId);
|
|
55
|
+
if (cachedDep) {
|
|
56
|
+
cachedDep.requestedBy.push(packageId);
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
});
|
|
61
|
+
project.Dependencies.forEach((dep) => {
|
|
62
|
+
const depId = `${dep.Name}@${dep.Version}`;
|
|
63
|
+
if (depMap.has(depId)) {
|
|
64
|
+
const cachedDep = depMap.get(depId);
|
|
65
|
+
if (cachedDep) {
|
|
66
|
+
cachedDep.requestedBy.push(projectId);
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
});
|
|
70
|
+
return {
|
|
71
|
+
name: project.Name,
|
|
72
|
+
version: project.Version,
|
|
73
|
+
path: project.SourcePath,
|
|
74
|
+
dependencies: Object.fromEntries(depMap),
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
async function runNugetInspector(context) {
|
|
78
|
+
const tempFile = path_1.default.resolve(`${context.manifestFile}.json`);
|
|
79
|
+
if (!fs_1.default.existsSync(tempFile)) {
|
|
80
|
+
try {
|
|
81
|
+
await (0, nuget_inspector_1.runNuGetInspectorProgrammatically)(context.root, tempFile, process.cwd());
|
|
82
|
+
}
|
|
83
|
+
catch (e) {
|
|
84
|
+
cli_common_1.log.error(e);
|
|
85
|
+
throw new Error(`NuGet Inspector failed for project ${context.root}`);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
const result = JSON.parse(fs_1.default.readFileSync(tempFile).toString());
|
|
89
|
+
return transformNugetInspectorResult(result);
|
|
90
|
+
}
|
|
91
|
+
exports.runNugetInspector = runNugetInspector;
|
|
92
|
+
const parser = {
|
|
93
|
+
parseDependencyTree: runNugetInspector,
|
|
94
|
+
};
|
|
95
|
+
const checker = {
|
|
96
|
+
githubSecurityAdvisoryEcosystem: 'NUGET',
|
|
97
|
+
getPURL: (lib, ver) => `pkg:nuget/${lib.replace('@', '%40')}@${ver}`,
|
|
98
|
+
};
|
|
99
|
+
class NugetRegistrar extends registrar_1.AbstractRegistrar {
|
|
100
|
+
constructor() {
|
|
101
|
+
super(...arguments);
|
|
102
|
+
this.baseURL = 'https://api.nuget.org/v3/registration5-gz-semver1';
|
|
103
|
+
}
|
|
104
|
+
async retrieveFromRegistry(libraryName) {
|
|
105
|
+
const response = await axios_1.default.get(`${this.baseURL}/${libraryName.toLowerCase()}/index.json`);
|
|
106
|
+
return this.parseData(response.data);
|
|
107
|
+
}
|
|
108
|
+
parseData(responseData) {
|
|
109
|
+
var _a;
|
|
110
|
+
const versions = ((_a = responseData === null || responseData === void 0 ? void 0 : responseData.items) === null || _a === void 0 ? void 0 : _a.flatMap((it) => it.items)) || [];
|
|
111
|
+
versions.sort((a, b) => (0, moment_1.default)(b.catalogEntry.published).valueOf() - (0, moment_1.default)(a.catalogEntry.published).valueOf());
|
|
112
|
+
const latestVersion = versions[0].catalogEntry.version;
|
|
113
|
+
// if(versions) {
|
|
114
|
+
return {
|
|
115
|
+
name: versions[0].catalogEntry.id,
|
|
116
|
+
versions: versions === null || versions === void 0 ? void 0 : versions.map(it => {
|
|
117
|
+
var _a, _b;
|
|
118
|
+
return {
|
|
119
|
+
version: it.catalogEntry.version,
|
|
120
|
+
licenses: `${((_a = it.catalogEntry) === null || _a === void 0 ? void 0 : _a.licenseExpression) || ''} ${(_b = it.catalogEntry) === null || _b === void 0 ? void 0 : _b.licenseUrl}`.trim(),
|
|
121
|
+
timestamp: (0, moment_1.default)(it.catalogEntry.published).valueOf(),
|
|
122
|
+
latest: it.catalogEntry.version === latestVersion,
|
|
123
|
+
};
|
|
124
|
+
}),
|
|
125
|
+
licenses: [...new Set(versions.map(it => { var _a, _b; return `${((_a = it.catalogEntry) === null || _a === void 0 ? void 0 : _a.licenseExpression) || ''} ${(_b = it.catalogEntry) === null || _b === void 0 ? void 0 : _b.licenseUrl}`.trim(); }))],
|
|
126
|
+
requiresLicenseAcceptance: versions.some(it => it.catalogEntry.requireLicenseAcceptance),
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
exports.NugetRegistrar = NugetRegistrar;
|
|
131
|
+
class NugetRegistrarSemver2 extends NugetRegistrar {
|
|
132
|
+
constructor() {
|
|
133
|
+
super(...arguments);
|
|
134
|
+
this.baseURL = 'https://api.nuget.org/v3/registration5-gz-semver2';
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
exports.registrar = new NugetRegistrar(new NugetRegistrarSemver2(new registrar_1.LibrariesIORegistrar('nuget')));
|
|
138
|
+
exports.dotnet = {
|
|
139
|
+
name: 'dotnet',
|
|
140
|
+
aliases: ['.net', 'c#', 'csharp', 'nuget'],
|
|
141
|
+
extractor,
|
|
142
|
+
parser,
|
|
143
|
+
registrar: exports.registrar,
|
|
144
|
+
checker,
|
|
145
|
+
};
|
|
146
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/dotnet/index.ts"],"names":[],"mappings":";;;;;;AAAA,kDAAyB;AAEzB,gEAAgH;AAShH,oDAA2B;AAE3B,8DAA0E;AAC1E,4CAAmB;AACnB,gDAAuB;AACvB,6CAAkD;AAClD,oDAAuC;AAEvC,MAAM,SAAS,GAAc;IACzB,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC;IAC3C,cAAc,EAAE,CAAC,KAAe,EAAE,EAAE,CAChC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACb,IAAI,EAAE,cAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACtB,YAAY,EAAE,EAAE;KACO,CAAA,CAAC;CACnC,CAAA;AAED,SAAS,6BAA6B,CAAC,MAAW;IAE9C,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IACpC,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAA;IAEtD,IAAI,CAAC,OAAO,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;KAC5D;IAED,MAAM,MAAM,GAAoC,IAAI,GAAG,EAA8B,CAAA;IACrF,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAS,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;QACpE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE;YACxB,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE;gBAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;gBACzB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO;gBAC/B,EAAE,EAAE,SAAS;gBACb,MAAM,EAAE,IAAA,wBAAgB,EAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;gBAChD,WAAW,EAAE,EAAE;gBACf,IAAI,EAAE,SAAS;aAClB,CAAC,CAAA;SACL;QACD,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,GAAQ,EAAE,EAAE;YACnC,MAAM,KAAK,GAAG,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAA;YAC1C,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;gBACpB,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE;oBACd,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,IAAA,wBAAgB,EAAC,GAAG,CAAC,OAAO,CAAC;oBACrC,WAAW,EAAE,CAAC,SAAS,CAAC;oBACxB,IAAI,EAAE,SAAS;iBAClB,CAAC,CAAA;aACL;iBAAM;gBACH,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;gBACnC,IAAI,SAAS,EAAE;oBACX,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;iBACxC;aACJ;QACL,CAAC,CAAC,CAAA;IACN,CAAC,CAAC,CAAA;IACF,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,GAAQ,EAAE,EAAE;QACtC,MAAM,KAAK,GAAG,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAA;QAC1C,IAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YAClB,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;YACnC,IAAI,SAAS,EAAE;gBACX,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;aACxC;SACJ;IACL,CAAC,CAAC,CAAA;IAEF,OAAO;QACH,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,IAAI,EAAE,OAAO,CAAC,UAAU;QACxB,YAAY,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC;KAC3C,CAAA;AACL,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,OAA8B;IAClE,MAAM,QAAQ,GAAG,cAAI,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,YAAY,OAAO,CAAC,CAAA;IAC7D,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;QAC1B,IAAI;YACA,MAAM,IAAA,mDAAiC,EAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;SACjF;QAAC,OAAO,CAAC,EAAE;YACR,gBAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YACZ,MAAM,IAAI,KAAK,CAAC,sCAAsC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;SACxE;KACJ;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAE/D,OAAO,6BAA6B,CAAC,MAAM,CAAC,CAAA;AAChD,CAAC;AAdD,8CAcC;AAED,MAAM,MAAM,GAAW;IACnB,mBAAmB,EAAE,iBAAiB;CACzC,CAAA;AAGD,MAAM,OAAO,GAAyB;IAClC,+BAA+B,EAAE,OAAO;IACxC,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,aAAa,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,GAAG,EAAE;CACvE,CAAA;AAED,MAAa,cAAe,SAAQ,6BAAiB;IAArD;;QACc,YAAO,GAAG,mDAAmD,CAAA;IA4B3E,CAAC;IA1BG,KAAK,CAAC,oBAAoB,CAAC,WAAmB;QAC1C,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,IAAI,WAAW,CAAC,WAAW,EAAE,aAAa,CAAC,CAAA;QAC3F,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACxC,CAAC;IAED,SAAS,CAAC,YAAiB;;QACvB,MAAM,QAAQ,GAAU,CAAA,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,KAAK,0CAAE,OAAO,CAAC,CAAC,EAAO,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,KAAI,EAAE,CAAA;QAEjF,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAA,gBAAM,EAAC,CAAC,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAA,gBAAM,EAAC,CAAC,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,CAAA;QAEhH,MAAM,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAA;QACtD,iBAAiB;QACjB,OAAO;YACH,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE;YACjC,QAAQ,EAAE,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,GAAG,CAAC,EAAE,CAAC,EAAE;;gBACzB,OAAO;oBACH,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,OAAO;oBAChC,QAAQ,EAAE,GAAG,CAAA,MAAA,EAAE,CAAC,YAAY,0CAAE,iBAAiB,KAAI,EAAE,IAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,UAAU,EAAE,CAAC,IAAI,EAAE;oBAC7F,SAAS,EAAE,IAAA,gBAAM,EAAC,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE;oBACtD,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,OAAO,KAAK,aAAa;iBACpD,CAAA;YACL,CAAC,CAAC;YACF,QAAQ,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,eAAC,OAAA,GAAG,CAAA,MAAA,EAAE,CAAC,YAAY,0CAAE,iBAAiB,KAAI,EAAE,IAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,UAAU,EAAE,CAAC,IAAI,EAAE,CAAA,EAAA,CAAC,CAAC,CAAC;YAC/H,yBAAyB,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,YAAY,CAAC,wBAAwB,CAAC;SAC3F,CAAA;IACL,CAAC;CACJ;AA7BD,wCA6BC;AAED,MAAM,qBAAsB,SAAQ,cAAc;IAAlD;;QACc,YAAO,GAAG,mDAAmD,CAAA;IAC3E,CAAC;CAAA;AAEY,QAAA,SAAS,GAAc,IAAI,cAAc,CAAC,IAAI,qBAAqB,CAAC,IAAI,gCAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;AAEvG,QAAA,MAAM,GAAW;IAC1B,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC;IAC1C,SAAS;IACT,MAAM;IACN,SAAS,EAAT,iBAAS;IACT,OAAO;CACV,CAAA"}
|