@eui/tools 6.3.18 → 6.3.19

package/.version.properties

@@ -1 +1 @@
-6.3.18
+6.3.19

package/CHANGELOG.md

@@ -1,3 +1,12 @@
+## 6.3.19 (2023-02-06)
+
+##### Chores
+
+* **other:**
+  * add dependencies gates for v15.x - updated resolutions and yarn.lock for 14.x - EUI-6844 [EUI-6844](https://webgate.ec.europa.eu/CITnet/jira/browse/EUI-6844)  ([cb2762ec](https://webgate.ec.europa.eu/CITnet/stash/scm/csdr/eui-tools.git/commits/cb2762ec53a6abe437fc845879c4bf9490e2db60))
+
+* * *
+* * *
 ## 6.3.18 (2023-02-06)
 
 ##### Bug Fixes

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@eui/tools",
-    "version": "6.3.18",
+    "version": "6.3.19",
     "tag": "latest",
     "license": "EUPL-1.1",
     "description": "eUI common tools and scripts",

package/sandbox.js

@@ -1057,8 +1057,8 @@ const versionUtils = require('./scripts/csdr/version/version-utils');
 //     return injectionUtils.routesReplacement.buildRoutes(project, 'TST', true);
 //   })
 
-Promise.resolve()
-  .then(() => {
+// Promise.resolve()
+//   .then(() => {
     // const prjName = 'my-workplace-host';
     // const prj = configUtils.projects.getCsdrProject(prjName);
 
@@ -1071,45 +1071,65 @@ Promise.resolve()
     // }
     // console.log(pkg);
 
-    const f = {
-      name: 'sedia-ecs-eui10-remote-el-ui',
-      version: '1.1.0',
-      date: '20230111-11:43',
-      npmPkg: '@sedia/ecs-eui10-remote-el',
-      duration: 463832,
-      envTarget: 'TST',
-      dependencies: {
-        '@eui/deps-base': '10.6.14',
-        '@csdr/core': '2.3.13',
-        '@csdr/integration': '2.0.46',
-        '@ecs/global': '4.0.3',
-        '@ecs/person-data': '4.0.3'
-      }
-    };
-    const t = {
-      name: 'sedia-ecs-eui10-remote-el-ui',
-      version: '1.5.0',
-      date: '20230202-09:41',
-      npmPkg: '@sedia/ecs-eui10-remote-el',
-      duration: 356556,
-      envTarget: 'TST',
-      dependencies: {
-        '@eui/deps-base': '10.6.16',
-        '@csdr/core': '2.3.13',
-        '@csdr/integration': '2.0.46',
-        '@ecs/global': '4.0.4',
-        '@ecs/person-data': '4.0.4'
-      }
-    };
-    return metadataUtils.packageHistory.getDiffBetweenBuildVersions(null, f, t);
-  })
+  //   const f = {
+  //     name: 'sedia-ecs-eui10-remote-el-ui',
+  //     version: '1.1.0',
+  //     date: '20230111-11:43',
+  //     npmPkg: '@sedia/ecs-eui10-remote-el',
+  //     duration: 463832,
+  //     envTarget: 'TST',
+  //     dependencies: {
+  //       '@eui/deps-base': '10.6.14',
+  //       '@csdr/core': '2.3.13',
+  //       '@csdr/integration': '2.0.46',
+  //       '@ecs/global': '4.0.3',
+  //       '@ecs/person-data': '4.0.3'
+  //     }
+  //   };
+  //   const t = {
+  //     name: 'sedia-ecs-eui10-remote-el-ui',
+  //     version: '1.5.0',
+  //     date: '20230202-09:41',
+  //     npmPkg: '@sedia/ecs-eui10-remote-el',
+  //     duration: 356556,
+  //     envTarget: 'TST',
+  //     dependencies: {
+  //       '@eui/deps-base': '10.6.16',
+  //       '@csdr/core': '2.3.13',
+  //       '@csdr/integration': '2.0.46',
+  //       '@ecs/global': '4.0.4',
+  //       '@ecs/person-data': '4.0.4'
+  //     }
+  //   };
+  //   return metadataUtils.packageHistory.getDiffBetweenBuildVersions(null, f, t);
+  // })
 
-  .then((diffMetadata) => {
-    console.log(diffMetadata);
+  // .then((diffMetadata) => {
+  //   console.log(diffMetadata);
+
+  //   return metadataUtils.packageHistory.flattenDiffMetadata(diffMetadata);
+  // })
+
+  // .then((flatDiffMetadata) => {
+  //   console.log(flatDiffMetadata);
+  // })
 
-    return metadataUtils.packageHistory.flattenDiffMetadata(diffMetadata);
-  })
 
-  .then((flatDiffMetadata) => {
-    console.log(flatDiffMetadata);
+Promise.resolve()
+  .then(() => {
+    return auditUtils.yarn.audit(null);
+  })
+  .catch((e) => {
+    console.log(e);
   })
+
+// Promise.resolve()
+//   .then(() => {
+//     const prjName = 'my-workplace-host';
+//     const project = configUtils.projects.getCsdrProject(prjName);
+//     // console.log(project);
+//     return preBuildUtils.projects.processCustomEnvScriptInjection(project, "dev");
+//   })
+//   .catch((e) => {
+//     console.log(e);
+//   })

package/scripts/csdr/audit/yarn.js

@@ -7,6 +7,8 @@ const execa = require('execa');
 // LOCAL
 const tools = require('../../utils/tools');
 const notificationUtils = require('../../utils/notification/notification-utils');
+const configUtils = require('../config/config-utils');
+const initUtils = require('../init/init-utils');
 
 // GET ARGS
 const { dryRun } = tools.getArgs();
@@ -25,7 +27,10 @@ const getVulnerabilitiesList = () => {
   }
 
   let auditContentArray = [];
-  let vulnerabilitiesFound = {};
+  let parsedOutput = {
+    "auditSummary": {},
+    "vulnerabilities": {}
+  };
 
   // yarn audit output uses a specific json-lines format, we need to split it first
   auditContentArray = auditContent.split('\n');
@@ -34,13 +39,30 @@ const getVulnerabilitiesList = () => {
   auditContentArray.forEach((c) => {
     try {
       const parsedContent = JSON.parse(c);
-      if (parsedContent && parsedContent.type === 'auditSummary') {
-        vulnerabilitiesFound = parsedContent.data.vulnerabilities;
+      if (parsedContent) {
+        if (parsedContent.type === 'auditSummary') {
+          parsedOutput['auditSummary'] = parsedContent.data.vulnerabilities;
+        } else {
+          // console.log(parsedContent);
+          const auditData = parsedContent.data;
+
+          parsedOutput.vulnerabilities[`${auditData.resolution.id} ${auditData.advisory.module_name} ${auditData.resolution.path}`] =  {
+            "module_name": auditData.advisory.module_name,
+            "severity": auditData.advisory.severity,
+            "path": auditData.resolution.path,
+            "title": auditData.advisory.title,
+            "recommendation": auditData.advisory.recommendation,
+            "patched_versions":auditData.advisory.patched_versions,
+            "vulnerable_versions": auditData.advisory.vulnerable_versions
+          }
+        }
       }
-    } catch(e) {} // it can fail
+    } catch(e) {
+      // console.log(e);
+    } // it can fail
   })
 
-  return vulnerabilitiesFound;
+  return parsedOutput;
 }
 
 
@@ -49,18 +71,10 @@ module.exports.audit = (pkg) => {
 
   tools.logTitle('Yarn auditing package');
 
-  return Promise.resolve()
-
-    // first pass to display the visual report into the CI logs
-    .then(() => {
-      return Promise.resolve()
-        .then(() => {
-          return execa.shellSync('yarn audit --level high', { cwd: process.cwd(), stdio: 'inherit' });
-        })
-        .catch((e) => {}) // it can fail
-    })
+  let outReport;
 
-    // second pass to extract the audit summary lines
+  return Promise.resolve()
+    // extract the audit summary lines
     .then(() => {
       return Promise.resolve()
         .then(() => {
@@ -80,26 +94,88 @@ module.exports.audit = (pkg) => {
 
     // sending output to slack channel
     .then((vulnerabilityReport) => {
+
+      outReport = vulnerabilityReport;
+
       if (!vulnerabilityReport) {
         tools.logSuccess('OK, no vulnerabilities detected');
 
-        return notificationUtils.package.sendPackageMessage({
-          package: pkg,
-          text: 'Dependencies audit : NO vulnerabilities detected'
-        });
+        if (pkg) {
+          return notificationUtils.package.sendPackageMessage({
+            package: pkg,
+            text: 'Dependencies audit : NO vulnerabilities detected'
+          });
+        }
 
       } else {
         tools.logWarning(JSON.stringify(vulnerabilityReport));
 
         let message = '';
-        Object.entries(vulnerabilityReport).forEach((v) => {
+        Object.entries(vulnerabilityReport.auditSummary).forEach((v) => {
           message += `${v[0]}:*${v[1]}* `;
         });
 
-        return notificationUtils.package.sendPackageMessage({
-          package: pkg,
-          text: `Dependencies audit detected vulnerabilities : ${message}`
-        });
+        if (pkg) {
+          return notificationUtils.package.sendPackageMessage({
+            package: pkg,
+            text: `Dependencies audit detected vulnerabilities : ${message}`
+          });
+        }
+      }
+    })
+
+    .then(() => {
+      // getting config options for gates defined
+      const configOptions = configUtils.global.getConfigOptions();
+
+      // getting local csdr euiVersion
+      const euiVersion = initUtils.global.getLocalEuiVersion();
+
+      // if eUI version not found, no action
+      if (!euiVersion) {
+        return;
       }
+
+      // getting gates for euiVersion found
+      const gates = configOptions.AUDIT_DEPENDENCIES_GATES[euiVersion];
+
+      tools.logTitle(`Checking audit dependencies gates for local euiVersion : ${euiVersion}`);
+
+      // if no gates found for corresponding version, no action
+      if (!gates) {
+        tools.logInfo('No gates found for local eUI version...skipping');
+        return;
+      }
+
+      tools.logInfo(`Based on summary : ${JSON.stringify(outReport.auditSummary)}`);
+      tools.logInfo(`Gates found : ${JSON.stringify(gates)}`);
+
+      // checking gates level if any
+      let gatesPassed = true;
+
+      Object.keys(outReport.auditSummary).forEach((level) => {
+        tools.logInfo(`Checking audit level : ${level} - item found ${outReport.auditSummary[level]}`);
+
+        if (gates[level] === undefined) {
+          tools.logInfo(`No gates found for level`);
+          tools.logInfo(`===> PASSED`);
+        } else {
+          tools.logInfo(`Gates found for level maxium allowed : ${gates[level]}`);
+          if (outReport.auditSummary[level] > gates[level]) {
+            tools.logError(`===> FAILED`);
+            gatesPassed = false;
+          } else {
+            tools.logInfo(`===> PASSED`);
+          }
+        }
+      })
+
+      if (!gatesPassed) {
+        throw new Error('AUDIT_DEPENDENCIES_GATES_FAILED');
+      }
+    })
+
+    .catch((e) => {
+      throw e;
     })
 }

package/scripts/csdr/config/global.js

@@ -200,6 +200,7 @@ module.exports.getConfigOptions = () => {
     SLACK_CHANNEL_BACKEND: null,
     SLACK_CHANNEL_PROJECT: null,
     API_HOST: null,
+    AUDIT_DEPENDENCIES_GATES: null,
   }
 
   // getting devops metadata options
@@ -336,6 +337,26 @@ module.exports.getConfigOptions = () => {
     }
   }
 
+  // audit options
+  const audit = config && config.audit;
+  if (audit) {
+    if (audit.dependencies) {
+      if (audit.dependencies.gates) {
+        configOptions.AUDIT_DEPENDENCIES_GATES = [];
+        Object.keys(audit.dependencies.gates).forEach((v) => {
+          const gatesForVersion = audit.dependencies.gates[v];
+          configOptions.AUDIT_DEPENDENCIES_GATES[v] = {
+            "critical": gatesForVersion.critical,
+            "high": gatesForVersion.high,
+            "moderate": gatesForVersion.moderate
+          };
+        })
+      }
+      console.log(configOptions.AUDIT_DEPENDENCIES_GATES);
+    }
+  }
+
+
   return configOptions;
 }
 

package/scripts/csdr/init/global.js

@@ -9,28 +9,39 @@ const configUtils = require('../config/config-utils');
 
 
 
+const getLocalEuiVersion = module.exports.getLocalEuiVersion = () => {
+  let euiVersionsLocal = [
+    ...configUtils.packages.getLocalPackagesEuiVersion(),
+    ...configUtils.projects.getLocalProjectsEuiVersion(),
+  ];
+  euiVersionsLocal = tools.removeArrayDuplicates(euiVersionsLocal);
+
+  if (euiVersionsLocal.length > 1) {
+    tools.logError('Multiple versions of eUI found in local CSDR...aborting');
+    tools.logError(`Ensure tha you've not installed packages that differs in versions, check the log above to identify which one is problematic`);
+    console.log(euiVersionsLocal);
+    throw new Error('MULTIPLE_LOCAL_EUI_VERSIONS_FOUND');
+
+  } else {
+    tools.logSuccess('eUI version checked OK');
+  }
+
+  if (euiVersionsLocal) {
+    return euiVersionsLocal[0];
+
+  } else {
+    return null;
+  }
+}
+
+
+
 module.exports.processLocalEuiVersions = () => {
  tools.logTitle('Processing injections for local installed eUI versions if needed');
 
   return Promise.resolve()
     .then(() => {
-      let euiVersionsLocal = [
-        ...configUtils.packages.getLocalPackagesEuiVersion(),
-        ...configUtils.projects.getLocalProjectsEuiVersion(),
-      ];
-      euiVersionsLocal = tools.removeArrayDuplicates(euiVersionsLocal);
-
-      if (euiVersionsLocal.length > 1) {
-        tools.logError('Multiple versions of eUI found in local CSDR...aborting');
-        tools.logError(`Ensure tha you've not installed packages that differs in versions, check the log above to identify which one is problematic`);
-        console.log(euiVersionsLocal);
-        throw new Error('MULTIPLE_LOCAL_EUI_VERSIONS_FOUND');
-
-      } else {
-        tools.logSuccess('eUI version checked OK');
-      }
-
-      const euiVersion = euiVersionsLocal[0];
+      const euiVersion = getLocalEuiVersion();
 
       if (!euiVersion || euiVersion === 'DEFAULT') {
         tools.logInfo('Default eUI version found or empty...skipping');
@@ -95,9 +106,7 @@ module.exports.processResolutionsForNodeVersion = () => {
 
       const rootPackageJsonFile = path.join(process.cwd(), 'package.json');
       const rootPackageJson = require(rootPackageJsonFile);
-
       const nodeVersionResource = `nodejs-${nodeVersion}`;
-
       const resolutionsJsonFile = path.join(__dirname, 'resources', nodeVersionResource, 'resolutions.json');
 
       tools.logInfo(`Checking nodejsResolution resource for path: ${resolutionsJsonFile}`);

package/scripts/csdr/init/resources/14.x/resolutions.json

@@ -2,5 +2,6 @@
     "@types/node": ">=14.14.10",
     "https-proxy-agent": ">=2.2.3",
     "mem": ">=4.3.0 <=8.1.1",
-    "zone.js": ">=0.11.5"
+    "zone.js": ">=0.11.5",
+    "nth-check": ">=2.0.1"
 }