@mongodb-js/sbom-tools 0.5.13 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/dist/bin.d.ts.map +1 -1
- package/dist/bin.js +4 -0
- package/dist/bin.js.map +1 -1
- package/dist/commands/fetch-codeql-results.d.ts +16 -0
- package/dist/commands/fetch-codeql-results.d.ts.map +1 -0
- package/dist/commands/fetch-codeql-results.js +237 -0
- package/dist/commands/fetch-codeql-results.js.map +1 -0
- package/dist/commands/sarif-to-markdown.d.ts +6 -0
- package/dist/commands/sarif-to-markdown.d.ts.map +1 -0
- package/dist/commands/sarif-to-markdown.js +43 -0
- package/dist/commands/sarif-to-markdown.js.map +1 -0
- package/dist/get-package-info.d.ts +5 -2
- package/dist/get-package-info.d.ts.map +1 -1
- package/dist/get-package-info.js.map +1 -1
- package/dist/util.d.ts +3 -0
- package/dist/util.d.ts.map +1 -0
- package/dist/util.js +21 -0
- package/dist/util.js.map +1 -0
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -11,6 +11,8 @@ And exposes a `mongodb-sbom-tools` binary providing the following commands:
|
|
|
11
11
|
- `generate-vulnerability-report`: Generates a report of vulnerabilities from the output of snyk test and a dependencies json file containing all the dependencies.
|
|
12
12
|
- `generate-3rd-party-notices`: Generates a 3rd party notices file based on the licenses information collected by the WebpackDependenciesPlugin. Also validates the licenses.
|
|
13
13
|
- `scan-node-js`: A script to produce a list of vulnerabilities affecting a Node.js version in the same format as snyk test (useful as we are redistributing Node.js with mongosh).
|
|
14
|
+
- `fetch-codeql-results`: A script to fetch CodeQL results from GitHub.
|
|
15
|
+
- `sarif-to-markdown`: Convert SARIF CodeQL results to markdown.
|
|
14
16
|
|
|
15
17
|
### `WebpackDependenciesPlugin`
|
|
16
18
|
|
package/dist/bin.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bin.d.ts","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"bin.d.ts","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":"AAOA,wBAAgB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAOzC"}
|
package/dist/bin.js
CHANGED
|
@@ -5,10 +5,14 @@ const commander_1 = require("commander");
|
|
|
5
5
|
const generate_third_party_notices_1 = require("./commands/generate-third-party-notices");
|
|
6
6
|
const generate_vulnerability_report_1 = require("./commands/generate-vulnerability-report");
|
|
7
7
|
const scan_node_js_1 = require("./commands/scan-node-js");
|
|
8
|
+
const fetch_codeql_results_1 = require("./commands/fetch-codeql-results");
|
|
9
|
+
const sarif_to_markdown_1 = require("./commands/sarif-to-markdown");
|
|
8
10
|
function main(argv) {
|
|
9
11
|
commander_1.program.addCommand(generate_vulnerability_report_1.command);
|
|
10
12
|
commander_1.program.addCommand(generate_third_party_notices_1.command);
|
|
11
13
|
commander_1.program.addCommand(scan_node_js_1.command);
|
|
14
|
+
commander_1.program.addCommand(fetch_codeql_results_1.command);
|
|
15
|
+
commander_1.program.addCommand(sarif_to_markdown_1.command);
|
|
12
16
|
commander_1.program.parse(argv);
|
|
13
17
|
}
|
|
14
18
|
exports.main = main;
|
package/dist/bin.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bin.js","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,0FAA6F;AAC7F,4FAAkG;AAClG,0DAAgE;
|
|
1
|
+
{"version":3,"file":"bin.js","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,0FAA6F;AAC7F,4FAAkG;AAClG,0DAAgE;AAChE,0EAAgF;AAChF,oEAA0E;AAE1E,SAAgB,IAAI,CAAC,IAAc;IACjC,mBAAO,CAAC,UAAU,CAAC,uCAA2B,CAAC,CAAC;IAChD,mBAAO,CAAC,UAAU,CAAC,sCAAuB,CAAC,CAAC;IAC5C,mBAAO,CAAC,UAAU,CAAC,sBAAU,CAAC,CAAC;IAC/B,mBAAO,CAAC,UAAU,CAAC,8BAAkB,CAAC,CAAC;IACvC,mBAAO,CAAC,UAAU,CAAC,2BAAe,CAAC,CAAC;IACpC,mBAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AAPD,oBAOC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { Octokit } from '@octokit/rest';
|
|
2
|
+
import { Command } from 'commander';
|
|
3
|
+
type ResolvedCommitInformation = {
|
|
4
|
+
owner: string;
|
|
5
|
+
repo: string;
|
|
6
|
+
forPackage?: string;
|
|
7
|
+
commit: string;
|
|
8
|
+
};
|
|
9
|
+
export declare function fetchCodeQLResults(octokit: Octokit, { dependencyFiles, excludeRepos, currentRepo, }: {
|
|
10
|
+
dependencyFiles: string[];
|
|
11
|
+
excludeRepos: string[];
|
|
12
|
+
currentRepo?: Partial<ResolvedCommitInformation>;
|
|
13
|
+
}): Promise<unknown>;
|
|
14
|
+
export declare const command: Command;
|
|
15
|
+
export {};
|
|
16
|
+
//# sourceMappingURL=fetch-codeql-results.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fetch-codeql-results.d.ts","sourceRoot":"","sources":["../../src/commands/fetch-codeql-results.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AASxC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,KAAK,yBAAyB,GAAG;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AA6KF,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,OAAO,EAChB,EACE,eAAe,EACf,YAAY,EACZ,WAAW,GACZ,EAAE;IACD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC,yBAAyB,CAAC,CAAC;CAClD,GACA,OAAO,CAAC,OAAO,CAAC,CAgHlB;AAMD,eAAO,MAAM,OAAO,SAsChB,CAAC"}
|
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.command = exports.fetchCodeQLResults = void 0;
|
|
7
|
+
const rest_1 = require("@octokit/rest");
|
|
8
|
+
const node_fetch_1 = __importDefault(require("node-fetch"));
|
|
9
|
+
const promises_1 = __importDefault(require("fs/promises"));
|
|
10
|
+
const path_1 = __importDefault(require("path"));
|
|
11
|
+
const util_1 = require("../util");
|
|
12
|
+
const load_dependency_files_1 = require("../load-dependency-files");
|
|
13
|
+
const child_process_1 = require("child_process");
|
|
14
|
+
const util_2 = require("util");
|
|
15
|
+
const commander_1 = require("commander");
|
|
16
|
+
const firstPartyAuthorEmail = 'compass@mongodb.com';
|
|
17
|
+
const firstPartyGithubOrg = '/mongodb-js/';
|
|
18
|
+
async function getSingleCommitSarif(octokit, { owner, repo, commit }) {
|
|
19
|
+
const reportIds = new Set();
|
|
20
|
+
for (let page = 0;; page++) {
|
|
21
|
+
const { data } = await octokit.codeScanning.listRecentAnalyses({
|
|
22
|
+
owner,
|
|
23
|
+
repo,
|
|
24
|
+
page,
|
|
25
|
+
});
|
|
26
|
+
const previousPageAlreadyHadSomeData = reportIds.size > 0;
|
|
27
|
+
for (const item of data) {
|
|
28
|
+
if (item.commit_sha === commit) {
|
|
29
|
+
reportIds.add(item.id);
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
if (previousPageAlreadyHadSomeData || data.length === 0) {
|
|
33
|
+
break;
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
return Promise.all([...reportIds].map(async (analysis_id) => {
|
|
37
|
+
return (await octokit.codeScanning.getAnalysis({
|
|
38
|
+
owner,
|
|
39
|
+
repo,
|
|
40
|
+
analysis_id,
|
|
41
|
+
headers: { accept: 'application/sarif+json' },
|
|
42
|
+
})).data;
|
|
43
|
+
}));
|
|
44
|
+
}
|
|
45
|
+
function repoForPackageJSON(packageJson, atPath) {
|
|
46
|
+
const repoUrl = typeof packageJson.repository === 'string'
|
|
47
|
+
? packageJson.repository
|
|
48
|
+
: packageJson.repository?.url;
|
|
49
|
+
if (!repoUrl)
|
|
50
|
+
throw new Error(`Could not find repository information for package.json file at ${atPath}`);
|
|
51
|
+
const { owner, repo } = repoUrl.match(/github\.com\/(?<owner>[^/]+)\/(?<repo>[^/.]+)(?:.git)?$/)
|
|
52
|
+
?.groups ?? {};
|
|
53
|
+
if (!owner || !repo)
|
|
54
|
+
throw new Error(`Could not parse repository information for package.json file at ${atPath}`);
|
|
55
|
+
return { owner, repo };
|
|
56
|
+
}
|
|
57
|
+
async function listFirstPartyDependencies(dependencyFiles) {
|
|
58
|
+
const dependencies = await (0, load_dependency_files_1.loadDependencyFiles)(dependencyFiles);
|
|
59
|
+
const repos = [];
|
|
60
|
+
for (const dependency of dependencies) {
|
|
61
|
+
const packageJson = JSON.parse(await promises_1.default.readFile(path_1.default.join(dependency.path, 'package.json'), 'utf8'));
|
|
62
|
+
if (JSON.stringify(packageJson.author)?.includes(firstPartyAuthorEmail) ||
|
|
63
|
+
JSON.stringify(packageJson.repository)?.includes(firstPartyGithubOrg)) {
|
|
64
|
+
repos.push({
|
|
65
|
+
...repoForPackageJSON(packageJson, dependency.path),
|
|
66
|
+
forPackage: dependency.name,
|
|
67
|
+
packageVersion: packageJson.version,
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
return repos;
|
|
72
|
+
}
|
|
73
|
+
async function resolveVersionSpecifier(octokit, repo) {
|
|
74
|
+
if (repo.commit) {
|
|
75
|
+
return repo;
|
|
76
|
+
}
|
|
77
|
+
if (!repo.packageVersion) {
|
|
78
|
+
throw new Error(`Need either 'commit' or 'packageVersion' in repo information, got ${JSON.stringify(repo)}`);
|
|
79
|
+
}
|
|
80
|
+
let object;
|
|
81
|
+
const errors = [];
|
|
82
|
+
for (const ref of [
|
|
83
|
+
`tags/v${repo.packageVersion}`,
|
|
84
|
+
`tags/${repo.packageVersion}`,
|
|
85
|
+
repo.forPackage && `tags/${repo.forPackage}@${repo.packageVersion}`,
|
|
86
|
+
]) {
|
|
87
|
+
if (!ref)
|
|
88
|
+
continue;
|
|
89
|
+
try {
|
|
90
|
+
({
|
|
91
|
+
data: { object },
|
|
92
|
+
} = await octokit.git.getRef({
|
|
93
|
+
owner: repo.owner,
|
|
94
|
+
repo: repo.repo,
|
|
95
|
+
ref,
|
|
96
|
+
}));
|
|
97
|
+
}
|
|
98
|
+
catch (err) {
|
|
99
|
+
errors.push(err);
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
if (!object)
|
|
103
|
+
throw new AggregateError(errors, `Unable to resolve version ${JSON.stringify(repo)}`);
|
|
104
|
+
if (object.type !== 'commit') {
|
|
105
|
+
if (object.type !== 'tag')
|
|
106
|
+
throw new Error(`Mismatched object type: ${JSON.stringify(object)} (wanted tag or commit)`);
|
|
107
|
+
({
|
|
108
|
+
data: { object },
|
|
109
|
+
} = await octokit.git.getTag({
|
|
110
|
+
owner: repo.owner,
|
|
111
|
+
repo: repo.repo,
|
|
112
|
+
tag_sha: object.sha,
|
|
113
|
+
}));
|
|
114
|
+
}
|
|
115
|
+
if (object.type !== 'commit')
|
|
116
|
+
throw new Error(`Mismatched object type: ${JSON.stringify(object)} (wanted commit)`);
|
|
117
|
+
return {
|
|
118
|
+
...repo,
|
|
119
|
+
commit: object.sha,
|
|
120
|
+
};
|
|
121
|
+
}
|
|
122
|
+
async function getCurrentRepo() {
|
|
123
|
+
const commit = (await (0, util_2.promisify)(child_process_1.execFile)('git', ['rev-parse', 'HEAD'], {
|
|
124
|
+
encoding: 'utf8',
|
|
125
|
+
})).stdout.trim();
|
|
126
|
+
const repo = repoForPackageJSON(JSON.parse(await promises_1.default.readFile('package.json', 'utf8')), '<root>');
|
|
127
|
+
return { ...repo, commit };
|
|
128
|
+
}
|
|
129
|
+
async function fetchCodeQLResults(octokit, { dependencyFiles, excludeRepos, currentRepo, }) {
|
|
130
|
+
if (!dependencyFiles?.length) {
|
|
131
|
+
throw new Error('Missing required argument: --dependencies');
|
|
132
|
+
}
|
|
133
|
+
let resolvedCurrentRepo;
|
|
134
|
+
if (!currentRepo?.owner || !currentRepo.repo || !currentRepo.commit) {
|
|
135
|
+
resolvedCurrentRepo = { ...(await getCurrentRepo()), ...currentRepo };
|
|
136
|
+
}
|
|
137
|
+
else {
|
|
138
|
+
resolvedCurrentRepo = currentRepo;
|
|
139
|
+
}
|
|
140
|
+
let repos = await listFirstPartyDependencies(dependencyFiles);
|
|
141
|
+
excludeRepos.push(`${resolvedCurrentRepo.owner}/${resolvedCurrentRepo.repo}`);
|
|
142
|
+
repos = repos.filter((repo) => !excludeRepos.includes(`${repo.owner}/${repo.repo}`));
|
|
143
|
+
repos.push(resolvedCurrentRepo);
|
|
144
|
+
repos = (0, util_1.deduplicateArray)(repos);
|
|
145
|
+
let resolvedRepos = await Promise.all(repos.map(async (repo) => await resolveVersionSpecifier(octokit, repo)));
|
|
146
|
+
resolvedRepos = (0, util_1.deduplicateArray)(resolvedRepos, ['owner', 'repo', 'commit']);
|
|
147
|
+
const sarifs = (await Promise.all(resolvedRepos.map(async (repo) => {
|
|
148
|
+
try {
|
|
149
|
+
const reports = await getSingleCommitSarif(octokit, repo);
|
|
150
|
+
if (reports.length === 0) {
|
|
151
|
+
throw new Error('Could not find any reports');
|
|
152
|
+
}
|
|
153
|
+
return reports;
|
|
154
|
+
}
|
|
155
|
+
catch (err) {
|
|
156
|
+
throw new Error(`Failed to get SARIF for repository ${JSON.stringify(repo)}: ${String(err)}`, { cause: err });
|
|
157
|
+
}
|
|
158
|
+
}))).flat();
|
|
159
|
+
const { runs, ...rest } = sarifs[0];
|
|
160
|
+
for (const otherSarif of sarifs.slice(1)) {
|
|
161
|
+
const { runs: otherRuns, ...otherRest } = otherSarif;
|
|
162
|
+
if ((0, util_1.deduplicateArray)([rest, otherRest]).length > 1) {
|
|
163
|
+
throw new Error(`Incompatible SARIF metadata between reports: ${JSON.stringify(rest)} vs ${JSON.stringify(otherRest)}`);
|
|
164
|
+
}
|
|
165
|
+
runs.push(...otherRuns);
|
|
166
|
+
}
|
|
167
|
+
const alertLookups = Object.create(null);
|
|
168
|
+
const finalReport = { runs, ...rest };
|
|
169
|
+
for (const { results, versionControlProvenance: [versionControlProvenance], } of finalReport.runs) {
|
|
170
|
+
const repoInfo = {
|
|
171
|
+
...versionControlProvenance,
|
|
172
|
+
repos: resolvedRepos.filter((repo) => repo.commit === versionControlProvenance.revisionId),
|
|
173
|
+
};
|
|
174
|
+
for (const { properties } of results) {
|
|
175
|
+
const url = properties['github/alertUrl'];
|
|
176
|
+
const data = (alertLookups[url] ??= (await octokit.request({ url })).data);
|
|
177
|
+
const alertState = (0, util_1.pick)(data, [
|
|
178
|
+
'created_at',
|
|
179
|
+
'updated_at',
|
|
180
|
+
'fixed_at',
|
|
181
|
+
'state',
|
|
182
|
+
'dismissed_at',
|
|
183
|
+
'dismissed_reason',
|
|
184
|
+
'dismissed_comment',
|
|
185
|
+
]);
|
|
186
|
+
alertState.repos = repoInfo;
|
|
187
|
+
alertState.rule = (0, util_1.pick)(data.rule, [
|
|
188
|
+
'id',
|
|
189
|
+
'description',
|
|
190
|
+
'security_severity_level',
|
|
191
|
+
]);
|
|
192
|
+
if (alertState.state !== 'dismissed') {
|
|
193
|
+
throw new Error(`Found bad (not dismissed) alert: ${JSON.stringify(properties)} from run at ${JSON.stringify(repoInfo)}`);
|
|
194
|
+
}
|
|
195
|
+
properties['mongodb/alertState'] = alertState;
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
finalReport.properties = {
|
|
199
|
+
...finalReport.properties,
|
|
200
|
+
'mongodb/creationParams': {
|
|
201
|
+
fromRepo: resolvedCurrentRepo,
|
|
202
|
+
excludeRepos,
|
|
203
|
+
timestamp: new Date().toISOString(),
|
|
204
|
+
},
|
|
205
|
+
};
|
|
206
|
+
return finalReport;
|
|
207
|
+
}
|
|
208
|
+
exports.fetchCodeQLResults = fetchCodeQLResults;
|
|
209
|
+
function commaSeparatedList(value) {
|
|
210
|
+
return value.split(',');
|
|
211
|
+
}
|
|
212
|
+
exports.command = new commander_1.Command('fetch-codeql-results')
|
|
213
|
+
.description('Fetch CodeQL results')
|
|
214
|
+
.option('--dependencies <paths>', 'Comma-separated list of dependency files', commaSeparatedList, [])
|
|
215
|
+
.option('--exclude-repos <repos>', 'Comma-separated list of repositories excluded from CodeQL searches', commaSeparatedList, [])
|
|
216
|
+
.option('--current-repo <repos>', 'Explicitly specify the current target repository in owner/repo#commit form', (str) => {
|
|
217
|
+
const [owner, repocommit] = str.split('/');
|
|
218
|
+
const [repo, commit] = repocommit.split('#');
|
|
219
|
+
return { owner, repo, commit };
|
|
220
|
+
})
|
|
221
|
+
.option('--sarif-dest <file>', 'JSON SARIF file output')
|
|
222
|
+
.action(async (options) => {
|
|
223
|
+
const octokit = new rest_1.Octokit({
|
|
224
|
+
auth: process.env.GITHUB_TOKEN,
|
|
225
|
+
request: { fetch: node_fetch_1.default },
|
|
226
|
+
});
|
|
227
|
+
if (!options.sarifDest) {
|
|
228
|
+
throw new Error('Missing required argument: --sarif-dest');
|
|
229
|
+
}
|
|
230
|
+
const finalReport = await fetchCodeQLResults(octokit, {
|
|
231
|
+
dependencyFiles: options.dependencies,
|
|
232
|
+
excludeRepos: options.excludeRepos,
|
|
233
|
+
currentRepo: options.currentRepo,
|
|
234
|
+
});
|
|
235
|
+
await promises_1.default.writeFile(options.sarifDest, JSON.stringify(finalReport, null, 2));
|
|
236
|
+
});
|
|
237
|
+
//# sourceMappingURL=fetch-codeql-results.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fetch-codeql-results.js","sourceRoot":"","sources":["../../src/commands/fetch-codeql-results.ts"],"names":[],"mappings":";;;;;;AAAA,wCAAwC;AACxC,4DAA+B;AAC/B,2DAA6B;AAC7B,gDAAwB;AACxB,kCAAiD;AAEjD,oEAA+D;AAC/D,iDAAyC;AACzC,+BAAiC;AACjC,yCAAoC;AAEpC,MAAM,qBAAqB,GAAG,qBAAqB,CAAC;AACpD,MAAM,mBAAmB,GAAG,cAAc,CAAC;AAa3C,KAAK,UAAU,oBAAoB,CACjC,OAAgB,EAChB,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAA6B;IAElD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,KAAK,IAAI,IAAI,GAAG,CAAC,GAAI,IAAI,EAAE,EAAE;QAC3B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,kBAAkB,CAAC;YAC7D,KAAK;YACL,IAAI;YACJ,IAAI;SACL,CAAC,CAAC;QACH,MAAM,8BAA8B,GAAG,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;QAC1D,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE;YACvB,IAAI,IAAI,CAAC,UAAU,KAAK,MAAM,EAAE;gBAC9B,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;aACxB;SACF;QACD,IAAI,8BAA8B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;YAGvD,MAAM;SACP;KACF;IACD,OAAO,OAAO,CAAC,GAAG,CAChB,CAAC,GAAG,SAAS,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE;QACvC,OAAO,CACL,MAAM,OAAO,CAAC,YAAY,CAAC,WAAW,CAAC;YACrC,KAAK;YACL,IAAI;YACJ,WAAW;YACX,OAAO,EAAE,EAAE,MAAM,EAAE,wBAAwB,EAAE;SAC9C,CAAC,CACH,CAAC,IAAI,CAAC;IACT,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,WAAwB,EACxB,MAAc;IAEd,MAAM,OAAO,GACX,OAAO,WAAW,CAAC,UAAU,KAAK,QAAQ;QACxC,CAAC,CAAC,WAAW,CAAC,UAAU;QACxB,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC;IAClC,IAAI,CAAC,OAAO;QACV,MAAM,IAAI,KAAK,CACb,kEAAkE,MAAM,EAAE,CAC3E,CAAC;IACJ,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GACnB,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC;QACtE,EAAE,MAAM,IAAI,EAAE,CAAC;IACnB,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI;QACjB,MAAM,IAAI,KAAK,CACb,mEAAmE,MAAM,EAAE,CAC5E,CAAC;IACJ,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAGD,KAAK,UAAU,0BAA0B,CACvC,eAAyB;IAEzB,MAAM,YAAY,GAAG,MAAM,IAAA,2CAAmB,EAAU,eAAe,CAAC,CAAC;IAEzE,MAAM,KAAK,GAAgC,EAAE,CAAC;IAC9C,KAAK,MAAM,UAAU,IAAI,YAAY,EAAE;QACrC,MAAM,WAAW,GAAgB,IAAI,CAAC,KAAK,CACzC,MAAM,kBAAE,CAAC,QAAQ,CAAC,cAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CACtE,CAAC;QACF,IACE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,qBAAqB,CAAC;YACnE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EACrE;YACA,KAAK,CAAC,IAAI,CAAC;gBACT,GAAG,kBAAkB,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC;gBACnD,UAAU,EAAE,UAAU,CAAC,IAAI;gBAC3B,cAAc,EAAE,WAAW,CAAC,OAAO;aACpC,CAAC,CAAC;SACJ;KACF;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAOD,KAAK,UAAU,uBAAuB,CACpC,OAAgB,EAChB,IAA+B;IAE/B,IAAI,IAAI,CAAC,MAAM,EAAE;QACf,OAAO,IAAiC,CAAC;KAC1C;IACD,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;QACxB,MAAM,IAAI,KAAK,CACb,qEAAqE,IAAI,CAAC,SAAS,CACjF,IAAI,CACL,EAAE,CACJ,CAAC;KACH;IACD,IAAI,MAAiD,CAAC;IACtD,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,KAAK,MAAM,GAAG,IAAI;QAChB,SAAS,IAAI,CAAC,cAAc,EAAE;QAC9B,QAAQ,IAAI,CAAC,cAAc,EAAE;QAC7B,IAAI,CAAC,UAAU,IAAI,QAAQ,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,cAAc,EAAE;KACpE,EAAE;QACD,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,IAAI;YACF,CAAC;gBACC,IAAI,EAAE,EAAE,MAAM,EAAE;aACjB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;gBAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,GAAG;aACJ,CAAC,CAAC,CAAC;SACL;QAAC,OAAO,GAAY,EAAE;YACrB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;SAClB;KACF;IACD,IAAI,CAAC,MAAM;QACT,MAAM,IAAI,cAAc,CACtB,MAAM,EACN,6BAA6B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CACpD,CAAC;IACJ,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE;QAC5B,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK;YACvB,MAAM,IAAI,KAAK,CACb,2BAA2B,IAAI,CAAC,SAAS,CACvC,MAAM,CACP,yBAAyB,CAC3B,CAAC;QAEJ,CAAC;YACC,IAAI,EAAE,EAAE,MAAM,EAAE;SACjB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,MAAM,CAAC,GAAG;SACpB,CAAC,CAAC,CAAC;KACL;IACD,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ;QAC1B,MAAM,IAAI,KAAK,CACb,2BAA2B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,kBAAkB,CACpE,CAAC;IACJ,OAAO;QACL,GAAG,IAAI;QACP,MAAM,EAAE,MAAM,CAAC,GAAG;KACnB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,cAAc;IAC3B,MAAM,MAAM,GAAG,CACb,MAAM,IAAA,gBAAS,EAAC,wBAAQ,CAAC,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE;QACtD,QAAQ,EAAE,MAAM;KACjB,CAAC,CACH,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAChB,MAAM,IAAI,GAAG,kBAAkB,CAC7B,IAAI,CAAC,KAAK,CAAC,MAAM,kBAAE,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,EACrD,QAAQ,CACT,CAAC;IACF,OAAO,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,CAAC;AAC7B,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,OAAgB,EAChB,EACE,eAAe,EACf,YAAY,EACZ,WAAW,GAKZ;IAED,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAC9D;IAGD,IAAI,mBAA8C,CAAC;IACnD,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;QACnE,mBAAmB,GAAG,EAAE,GAAG,CAAC,MAAM,cAAc,EAAE,CAAC,EAAE,GAAG,WAAW,EAAE,CAAC;KACvE;SAAM;QACL,mBAAmB,GAAG,WAAwC,CAAC;KAChE;IACD,IAAI,KAAK,GAAG,MAAM,0BAA0B,CAAC,eAAe,CAAC,CAAC;IAE9D,YAAY,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,KAAK,IAAI,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9E,KAAK,GAAG,KAAK,CAAC,MAAM,CAClB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAC/D,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,GAAG,IAAA,uBAAgB,EAAC,KAAK,CAAC,CAAC;IAChC,IAAI,aAAa,GAAG,MAAM,OAAO,CAAC,GAAG,CACnC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,uBAAuB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CACxE,CAAC;IAEF,aAAa,GAAG,IAAA,uBAAgB,EAAC,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE7E,MAAM,MAAM,GAAG,CACb,MAAM,OAAO,CAAC,GAAG,CACf,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC/B,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC1D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;gBACxB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;aAC/C;YACD,OAAO,OAAO,CAAC;SAChB;QAAC,OAAO,GAAY,EAAE;YACrB,MAAM,IAAI,KAAK,CACb,sCAAsC,IAAI,CAAC,SAAS,CAClD,IAAI,CACL,KAAK,MAAM,CAAC,GAAG,CAAC,EAAE,EAEnB,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;SACH;IACH,CAAC,CAAC,CACH,CACF,CAAC,IAAI,EAAE,CAAC;IAET,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,CAAC,CAAQ,CAAC;IAC3C,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;QACxC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,SAAS,EAAE,GAAG,UAAiB,CAAC;QAC5D,IAAI,IAAA,uBAAgB,EAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;YAClD,MAAM,IAAI,KAAK,CACb,gDAAgD,IAAI,CAAC,SAAS,CAC5D,IAAI,CACL,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CACpC,CAAC;SACH;QACD,IAAI,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;KACzB;IAED,MAAM,YAAY,GAAwC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC9E,MAAM,WAAW,GAAG,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;IACtC,KAAK,MAAM,EACT,OAAO,EACP,wBAAwB,EAAE,CAAC,wBAAwB,CAAC,GACrD,IAAI,WAAW,CAAC,IAAI,EAAE;QACrB,MAAM,QAAQ,GAAG;YACf,GAAG,wBAAwB;YAC3B,KAAK,EAAE,aAAa,CAAC,MAAM,CACzB,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,KAAK,wBAAwB,CAAC,UAAU,CAC9D;SACF,CAAC;QACF,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,OAAO,EAAE;YACpC,MAAM,GAAG,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAClC,MAAM,OAAO,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,CAC/B,CAAC,IAAI,CAAC,CAAC;YACR,MAAM,UAAU,GAA4B,IAAA,WAAI,EAAC,IAAI,EAAE;gBACrD,YAAY;gBACZ,YAAY;gBACZ,UAAU;gBACV,OAAO;gBACP,cAAc;gBACd,kBAAkB;gBAClB,mBAAmB;aACpB,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,GAAG,QAAQ,CAAC;YAC5B,UAAU,CAAC,IAAI,GAAG,IAAA,WAAI,EAAC,IAAI,CAAC,IAAI,EAAE;gBAChC,IAAI;gBACJ,aAAa;gBACb,yBAAyB;aAC1B,CAAC,CAAC;YACH,IAAI,UAAU,CAAC,KAAK,KAAK,WAAW,EAAE;gBACpC,MAAM,IAAI,KAAK,CACb,oCAAoC,IAAI,CAAC,SAAS,CAChD,UAAU,CACX,gBAAgB,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAC5C,CAAC;aACH;YACD,UAAU,CAAC,oBAAoB,CAAC,GAAG,UAAU,CAAC;SAC/C;KACF;IACD,WAAW,CAAC,UAAU,GAAG;QACvB,GAAG,WAAW,CAAC,UAAU;QACzB,wBAAwB,EAAE;YACxB,QAAQ,EAAE,mBAAmB;YAC7B,YAAY;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC;KACF,CAAC;IACF,OAAO,WAAW,CAAC;AACrB,CAAC;AA3HD,gDA2HC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAEY,QAAA,OAAO,GAAG,IAAI,mBAAO,CAAC,sBAAsB,CAAC;KACvD,WAAW,CAAC,sBAAsB,CAAC;KACnC,MAAM,CACL,wBAAwB,EACxB,0CAA0C,EAC1C,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CACL,yBAAyB,EACzB,oEAAoE,EACpE,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CACL,wBAAwB,EACxB,4EAA4E,EAC5E,CAAC,GAAW,EAA6B,EAAE;IACzC,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7C,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AACjC,CAAC,CACF;KACA,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,OAAO,GAAG,IAAI,cAAO,CAAC;QAC1B,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;QAC9B,OAAO,EAAE,EAAE,KAAK,EAAL,oBAAK,EAAE;KACnB,CAAC,CAAC;IACH,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IACD,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE;QACpD,eAAe,EAAE,OAAO,CAAC,YAAY;QACrC,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC,CAAC;IACH,MAAM,kBAAE,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC9E,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sarif-to-markdown.d.ts","sourceRoot":"","sources":["../../src/commands/sarif-to-markdown.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,wBAAgB,eAAe,CAAC,EAAE,KAAK,EAAE,EAAE;IAAE,KAAK,EAAE,GAAG,CAAA;CAAE,GAAG,MAAM,CAmCjE;AAED,eAAO,MAAM,OAAO,SAShB,CAAC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.command = exports.sarifToMarkdown = void 0;
|
|
7
|
+
const commander_1 = require("commander");
|
|
8
|
+
const promises_1 = __importDefault(require("fs/promises"));
|
|
9
|
+
function sarifToMarkdown({ sarif }) {
|
|
10
|
+
const creationParams = sarif.properties['mongodb/creationParams'];
|
|
11
|
+
let markdown = `
|
|
12
|
+
Static analysis results for ${creationParams.fromRepo.owner}/${creationParams.fromRepo.repo} at \`${creationParams.fromRepo.commit}\`
|
|
13
|
+
created at ${creationParams.timestamp}:
|
|
14
|
+
|
|
15
|
+
| Tool | Repository | Finding | Description | State | Category |
|
|
16
|
+
| --- | --- | --- | --- | --- | --- |
|
|
17
|
+
`;
|
|
18
|
+
for (const { results, versionControlProvenance: [versionControlProvenance], tool: { driver }, } of sarif.runs) {
|
|
19
|
+
const repository = `${versionControlProvenance.repositoryUri} at \`${versionControlProvenance.revisionId}\``;
|
|
20
|
+
const tool = `${driver.name} ${driver.semanticVersion || ''}`;
|
|
21
|
+
for (const { properties } of results) {
|
|
22
|
+
const alertState = properties['mongodb/alertState'];
|
|
23
|
+
markdown +=
|
|
24
|
+
`| ${tool} | ${repository} | #${properties['github/alertNumber']} | ${alertState.rule.description} | ${alertState.state}: ${alertState.dismissed_reason}\n${alertState.dismissed_comment || ''} | ${alertState.rule.security_severity_level} |`.replace(/\n/g, '<br/>') + '\n';
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
markdown += `
|
|
28
|
+
|
|
29
|
+
`;
|
|
30
|
+
return markdown;
|
|
31
|
+
}
|
|
32
|
+
exports.sarifToMarkdown = sarifToMarkdown;
|
|
33
|
+
exports.command = new commander_1.Command('sarif-to-markdown')
|
|
34
|
+
.description('Convert SARIF CodeQL results to markdown')
|
|
35
|
+
.option('--sarif <file>', 'JSON SARIF file input')
|
|
36
|
+
.option('--md <file>', 'Markdown file output')
|
|
37
|
+
.action(async (options) => {
|
|
38
|
+
const markdown = sarifToMarkdown({
|
|
39
|
+
sarif: JSON.parse(await promises_1.default.readFile(options.sarif, 'utf8')),
|
|
40
|
+
});
|
|
41
|
+
await promises_1.default.writeFile(options.md, markdown);
|
|
42
|
+
});
|
|
43
|
+
//# sourceMappingURL=sarif-to-markdown.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sarif-to-markdown.js","sourceRoot":"","sources":["../../src/commands/sarif-to-markdown.ts"],"names":[],"mappings":";;;;;;AAEA,yCAAoC;AACpC,2DAA6B;AAE7B,SAAgB,eAAe,CAAC,EAAE,KAAK,EAAkB;IACvD,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAClE,IAAI,QAAQ,GAAG;gCACe,cAAc,CAAC,QAAQ,CAAC,KAAK,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,SAAS,cAAc,CAAC,QAAQ,CAAC,MAAM;eACrH,cAAc,CAAC,SAAS;;;;CAItC,CAAC;IAEA,KAAK,MAAM,EACT,OAAO,EACP,wBAAwB,EAAE,CAAC,wBAAwB,CAAC,EACpD,IAAI,EAAE,EAAE,MAAM,EAAE,GACjB,IAAI,KAAK,CAAC,IAAI,EAAE;QACf,MAAM,UAAU,GAAG,GAAG,wBAAwB,CAAC,aAAa,SAAS,wBAAwB,CAAC,UAAU,IAAI,CAAC;QAC7G,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,eAAe,IAAI,EAAE,EAAE,CAAC;QAC9D,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,OAAO,EAAE;YACpC,MAAM,UAAU,GAAG,UAAU,CAAC,oBAAoB,CAAC,CAAC;YACpD,QAAQ;gBACN,KAAK,IAAI,MAAM,UAAU,OAAO,UAAU,CAAC,oBAAoB,CAAC,MAC9D,UAAU,CAAC,IAAI,CAAC,WAClB,MAAM,UAAU,CAAC,KAAK,KAAK,UAAU,CAAC,gBAAgB,KACpD,UAAU,CAAC,iBAAiB,IAAI,EAClC,MAAM,UAAU,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,OAAO,CACvD,KAAK,EACL,OAAO,CACR,GAAG,IAAI,CAAC;SACZ;KACF;IAED,QAAQ,IAAI;;CAEb,CAAC;IACA,OAAO,QAAQ,CAAC;AAClB,CAAC;AAnCD,0CAmCC;AAEY,QAAA,OAAO,GAAG,IAAI,mBAAO,CAAC,mBAAmB,CAAC;KACpD,WAAW,CAAC,0CAA0C,CAAC;KACvD,MAAM,CAAC,gBAAgB,EAAE,uBAAuB,CAAC;KACjD,MAAM,CAAC,aAAa,EAAE,sBAAsB,CAAC;KAC7C,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,QAAQ,GAAG,eAAe,CAAC;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,kBAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;KAC5D,CAAC,CAAC;IACH,MAAM,kBAAE,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC3C,CAAC,CAAC,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
interface PackageJSON {
|
|
1
|
+
export interface PackageJSON {
|
|
2
2
|
name: string;
|
|
3
3
|
version: string;
|
|
4
4
|
description?: string;
|
|
@@ -25,6 +25,10 @@ interface PackageJSON {
|
|
|
25
25
|
url?: string;
|
|
26
26
|
})[];
|
|
27
27
|
private?: boolean;
|
|
28
|
+
repository?: string | {
|
|
29
|
+
type: string;
|
|
30
|
+
url: string;
|
|
31
|
+
};
|
|
28
32
|
}
|
|
29
33
|
export interface Package extends PackageJSON {
|
|
30
34
|
path: string;
|
|
@@ -34,5 +38,4 @@ export interface Package extends PackageJSON {
|
|
|
34
38
|
}[];
|
|
35
39
|
}
|
|
36
40
|
export declare function getPackageInfo(modulePath: string): Promise<Package>;
|
|
37
|
-
export {};
|
|
38
41
|
//# sourceMappingURL=get-package-info.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-package-info.d.ts","sourceRoot":"","sources":["../src/get-package-info.ts"],"names":[],"mappings":"AAMA,
|
|
1
|
+
{"version":3,"file":"get-package-info.d.ts","sourceRoot":"","sources":["../src/get-package-info.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACpC,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC9B,YAAY,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IACzC,oBAAoB,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IACjD,MAAM,CAAC,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACjE,YAAY,CAAC,EAAE,CAAC,MAAM,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,EAAE,CAAC;IAC3E,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;CACrD;AAED,MAAM,WAAW,OAAQ,SAAQ,WAAW;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACvD;AA6CD,wBAAsB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAoCzE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-package-info.js","sourceRoot":"","sources":["../src/get-package-info.ts"],"names":[],"mappings":";;;;;;AAAA,2BAAoC;AACpC,gDAAwB;AACxB,sDAA6B;
|
|
1
|
+
{"version":3,"file":"get-package-info.js","sourceRoot":"","sources":["../src/get-package-info.ts"],"names":[],"mappings":";;;;;;AAAA,2BAAoC;AACpC,gDAAwB;AACxB,sDAA6B;AAuB7B,MAAM,aAAa,GAAG,+BAA+B,CAAC;AAItD,MAAM,SAAS,GAAoC,EAAE,CAAC;AACtD,SAAS,iBAAiB,CAAC,QAAgB;IACzC,SAAS,CAAC,QAAQ,CAAC,KAAK,aAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,eAAe,GAAG,KAAK,EAC3B,UAAkB,EAC2C,EAAE;IAC/D,MAAM,aAAa,GAAG,MAAM,IAAA,iBAAM,EAAC,cAAc,EAAE;QACjD,GAAG,EAAE,cAAI,CAAC,OAAO,CAAC,UAAU,CAAC;KAC9B,CAAC,CAAC;IAEH,IAAI,CAAC,aAAa,EAAE;QAClB,OAAO;KACR;IAED,IAAI;QACF,MAAM,WAAW,GAAgB,IAAI,CAAC,KAAK,CACzC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CACvC,CAAC;QAEF,IACE,OAAO,WAAW,CAAC,IAAI,KAAK,QAAQ;YACpC,OAAO,WAAW,CAAC,OAAO,KAAK,QAAQ,EACvC;YACA,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;SACtD;KACF;IAAC,OAAO,CAAC,EAAE;KAEX;IAKD,OAAO,MAAM,eAAe,CAAC,cAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;AAC5D,CAAC,CAAC;AAGK,KAAK,UAAU,cAAc,CAAC,UAAkB;IACrD,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,CAAC;IAE1D,IAAI,CAAC,eAAe,EAAE;QACpB,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;KAC7D;IAED,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,eAAe,CAAC;IAExE,MAAM,WAAW,GAAG,cAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAGlD,WAAW,CAAC,YAAY,GAAG;QACzB,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC;KAClE,CAAC,MAAM,CAAC,OAAO,CAAQ,CAAC;IAEzB,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,CACE,MAAM,aAAE,CAAC,OAAO,CAAC,WAAW,CAAC,CAC9B;SACE,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SAClD,IAAI,EAAE;SACN,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACxB,QAAQ;QACR,OAAO,EAAE,MAAM,iBAAiB,CAAC,cAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;KACnE,CAAC,CAAC,CACN,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,OAAO,EAAE,WAAW,CAAC,OAAO;QAC5B,OAAO,EAAE,WAAW,CAAC,OAAO;QAC5B,QAAQ,EAAE,WAAW,CAAC,QAAQ;QAC9B,IAAI,EAAE,WAAW;QACjB,YAAY;KACb,CAAC;AACJ,CAAC;AApCD,wCAoCC"}
|
package/dist/util.d.ts
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export declare function pick<T extends Record<string, unknown>, K extends keyof T>(obj: T, includeKeys: readonly K[]): Pick<T, K>;
|
|
2
|
+
export declare function deduplicateArray<T extends Record<string, unknown>, K extends keyof T = keyof T>(array: readonly T[], byKeys?: readonly K[] | null): T[];
|
|
3
|
+
//# sourceMappingURL=util.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,wBAAgB,IAAI,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,EACvE,GAAG,EAAE,CAAC,EACN,WAAW,EAAE,SAAS,CAAC,EAAE,GACxB,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAIZ;AAED,wBAAgB,gBAAgB,CAC9B,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,CAAC,SAAS,MAAM,CAAC,GAAG,MAAM,CAAC,EAC3B,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,MAAM,GAAE,SAAS,CAAC,EAAE,GAAG,IAAW,GAAG,CAAC,EAAE,CAU9D"}
|
package/dist/util.js
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.deduplicateArray = exports.pick = void 0;
|
|
4
|
+
function pick(obj, includeKeys) {
|
|
5
|
+
return Object.fromEntries(Object.entries(obj).filter(([key]) => includeKeys.includes(key)));
|
|
6
|
+
}
|
|
7
|
+
exports.pick = pick;
|
|
8
|
+
function deduplicateArray(array, byKeys = null) {
|
|
9
|
+
const existingValues = new Set();
|
|
10
|
+
const ret = [];
|
|
11
|
+
for (const item of array) {
|
|
12
|
+
const key = JSON.stringify(byKeys ? pick(item, byKeys) : item);
|
|
13
|
+
if (existingValues.has(key))
|
|
14
|
+
continue;
|
|
15
|
+
existingValues.add(key);
|
|
16
|
+
ret.push(item);
|
|
17
|
+
}
|
|
18
|
+
return ret;
|
|
19
|
+
}
|
|
20
|
+
exports.deduplicateArray = deduplicateArray;
|
|
21
|
+
//# sourceMappingURL=util.js.map
|
package/dist/util.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;;AAAA,SAAgB,IAAI,CAClB,GAAM,EACN,WAAyB;IAEzB,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAQ,CAAC,CAAC,CACxD,CAAC;AAClB,CAAC;AAPD,oBAOC;AAED,SAAgB,gBAAgB,CAG9B,KAAmB,EAAE,SAA8B,IAAI;IACvD,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,MAAM,GAAG,GAAQ,EAAE,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACtC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KAChB;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAbD,4CAaC"}
|
package/package.json
CHANGED
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
"email": "compass@mongodb.com"
|
|
17
17
|
},
|
|
18
18
|
"homepage": "https://github.com/mongodb-js/devtools-shared",
|
|
19
|
-
"version": "0.
|
|
19
|
+
"version": "0.6.1",
|
|
20
20
|
"repository": {
|
|
21
21
|
"type": "git",
|
|
22
22
|
"url": "https://github.com/mongodb-js/devtools-shared.git"
|
|
@@ -74,6 +74,7 @@
|
|
|
74
74
|
"webpack": "^5.82.0"
|
|
75
75
|
},
|
|
76
76
|
"dependencies": {
|
|
77
|
+
"@octokit/rest": "^20.1.1",
|
|
77
78
|
"@pkgjs/nv": "^0.2.1",
|
|
78
79
|
"commander": "^10.0.1",
|
|
79
80
|
"error-stack-parser": "^2.1.4",
|
|
@@ -84,5 +85,5 @@
|
|
|
84
85
|
"snyk-policy": "^2.0.4",
|
|
85
86
|
"spdx-satisfies": "^5.0.1"
|
|
86
87
|
},
|
|
87
|
-
"gitHead": "
|
|
88
|
+
"gitHead": "44624b78a8f9184ce329f95a6169421df769d1ff"
|
|
88
89
|
}
|