npm - @netlify/build - Versions diffs - 34.0.0 → 34.0.1 - Mend

@netlify/build 34.0.0 → 34.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/plugins_core/secrets_scanning/index.js +0 -2
package/lib/plugins_core/secrets_scanning/utils.d.ts +1 -2
package/lib/plugins_core/secrets_scanning/utils.js +8 -126
package/package.json +6 -6

package/lib/plugins_core/secrets_scanning/index.js CHANGED Viewed

@@ -12,7 +12,6 @@ const coreStep = async function ({ buildDir, logs, netlifyConfig, explicitSecret
     // When the flag is disabled, we may still run the scan if a secrets scan would otherwise take place anyway
     // In this case, we hide any output to the user and simply gather the information in our logs
     const enhancedScanShouldRunInActiveMode = featureFlags?.enhanced_secret_scan_impacts_builds ?? false;
-    const useMinimalChunks = featureFlags?.secret_scanning_minimal_chunks;
     systemLog?.({ passedSecretKeys, buildDir });
     if (!isSecretsScanningEnabled(envVars)) {
         logSecretsScanSkipMessage(logs, 'Secrets scanning disabled via SECRETS_SCAN_ENABLED flag set to false.');
@@ -63,7 +62,6 @@ const coreStep = async function ({ buildDir, logs, netlifyConfig, explicitSecret
             filePaths,
             enhancedScanning: enhancedScanShouldRun,
             omitValuesFromEnhancedScan: getOmitValuesFromEnhancedScanForEnhancedScanFromEnv(envVars),
-            useMinimalChunks,
         });
         secretMatches = scanResults.matches.filter((match) => !match.enhancedMatch);
         enhancedSecretMatches = scanResults.matches.filter((match) => match.enhancedMatch);

package/lib/plugins_core/secrets_scanning/utils.d.ts CHANGED Viewed

@@ -9,7 +9,6 @@ interface ScanArgs {
     filePaths: string[];
     enhancedScanning?: boolean;
     omitValuesFromEnhancedScan?: unknown[];
-    useMinimalChunks: boolean;
 }
 interface MatchResult {
     lineNumber: number;
@@ -98,7 +97,7 @@ export declare function getFilePathsToScan({ env, base }: {
  * @param scanArgs {ScanArgs} scan options
  * @returns promise with all of the scan results, if any
  */
-export declare function scanFilesForKeyValues({ env, keys, filePaths, base, enhancedScanning, omitValuesFromEnhancedScan, useMinimalChunks, }: ScanArgs): Promise<ScanResults>;
+export declare function scanFilesForKeyValues({ env, keys, filePaths, base, enhancedScanning, omitValuesFromEnhancedScan, }: ScanArgs): Promise<ScanResults>;
 /**
  * ScanResults are all of the finds for all keys and their disparate locations. Scanning is
  * async in streams so order can change a lot. Some matches are the result of an env var explictly being marked as secret,

package/lib/plugins_core/secrets_scanning/utils.js CHANGED Viewed

@@ -1,6 +1,5 @@
 import { createReadStream, promises as fs, existsSync } from 'node:fs';
 import path from 'node:path';
-import { createInterface } from 'node:readline';
 import { fdir } from 'fdir';
 import { minimatch } from 'minimatch';
 import { LIKELY_SECRET_PREFIXES, SAFE_LISTED_VALUES } from './secret_prefixes.js';
@@ -221,7 +220,7 @@ const omitPathMatches = (relativePath, omitPaths) => {
  * @param scanArgs {ScanArgs} scan options
  * @returns promise with all of the scan results, if any
  */
-export async function scanFilesForKeyValues({ env, keys, filePaths, base, enhancedScanning, omitValuesFromEnhancedScan = [], useMinimalChunks = false, }) {
+export async function scanFilesForKeyValues({ env, keys, filePaths, base, enhancedScanning, omitValuesFromEnhancedScan = [], }) {
     const scanResults = {
         matches: [],
         scannedFilesCount: 0,
@@ -242,14 +241,19 @@ export async function scanFilesForKeyValues({ env, keys, filePaths, base, enhanc
     }, {});
     scanResults.scannedFilesCount = filePaths.length;
     let settledPromises = [];
-    const searchStream = useMinimalChunks ? searchStreamMinimalChunks : searchStreamReadline;
     // process the scanning in batches to not run into memory issues by
     // processing all files at the same time.
     while (filePaths.length > 0) {
         const chunkSize = 200;
         const batch = filePaths.splice(0, chunkSize);
         settledPromises = settledPromises.concat(await Promise.allSettled(batch.map((file) => {
-            return searchStream({ basePath: base, file, keyValues, enhancedScanning, omitValuesFromEnhancedScan });
+            return searchStreamMinimalChunks({
+                basePath: base,
+                file,
+                keyValues,
+                enhancedScanning,
+                omitValuesFromEnhancedScan,
+            });
         })));
     }
     settledPromises.forEach((result) => {
@@ -259,125 +263,6 @@ export async function scanFilesForKeyValues({ env, keys, filePaths, base, enhanc
     });
     return scanResults;
 }
-/**
- * Search stream implementation using node:readline
- */
-const searchStreamReadline = ({ basePath, file, keyValues, enhancedScanning, omitValuesFromEnhancedScan = [], }) => {
-    return new Promise((resolve, reject) => {
-        const filePath = path.resolve(basePath, file);
-        const inStream = createReadStream(filePath);
-        const rl = createInterface({ input: inStream, terminal: false });
-        const matches = [];
-        const keyVals = [].concat(...Object.values(keyValues));
-        function getKeyForValue(val) {
-            let key = '';
-            for (const [secretKeyName, valuePermutations] of Object.entries(keyValues)) {
-                if (valuePermutations.includes(val)) {
-                    key = secretKeyName;
-                }
-            }
-            return key;
-        }
-        // how many lines is the largest multiline string
-        let maxMultiLineCount = 1;
-        keyVals.forEach((valVariant) => {
-            maxMultiLineCount = Math.max(maxMultiLineCount, valVariant.split('\n').length);
-        });
-        const lines = [];
-        let lineNumber = 0;
-        rl.on('line', function (line) {
-            // iterating here so the first line will always appear as line 1 to be human friendly
-            // and match what an IDE would show for a line number.
-            lineNumber++;
-            if (typeof line === 'string') {
-                if (enhancedScanning) {
-                    matches.push(...findLikelySecrets({ text: line, omitValuesFromEnhancedScan }).map(({ prefix }) => ({
-                        key: prefix,
-                        file,
-                        lineNumber,
-                        enhancedMatch: true,
-                    })));
-                }
-                if (maxMultiLineCount > 1) {
-                    lines.push(line);
-                }
-                // only track the max number of lines needed to match our largest
-                // multiline value. If we get above that remove the first value from the list
-                if (lines.length > maxMultiLineCount) {
-                    lines.shift();
-                }
-                keyVals.forEach((valVariant) => {
-                    // matching of single/whole values
-                    if (line.includes(valVariant)) {
-                        matches.push({
-                            file,
-                            lineNumber,
-                            key: getKeyForValue(valVariant),
-                            enhancedMatch: false,
-                        });
-                        return;
-                    }
-                    // matching of multiline values
-                    if (isMultiLineVal(valVariant)) {
-                        // drop empty values at beginning and end
-                        const multiStringLines = valVariant.split('\n');
-                        // drop early if we don't have enough lines for all values
-                        if (lines.length < multiStringLines.length) {
-                            return;
-                        }
-                        let stillMatches = true;
-                        let fullMatch = false;
-                        multiStringLines.forEach((valLine, valIndex) => {
-                            if (valIndex === 0) {
-                                // first lines have to end with the line value
-                                if (!lines[valIndex].endsWith(valLine)) {
-                                    stillMatches = false;
-                                }
-                            }
-                            else if (valIndex !== multiStringLines.length - 1) {
-                                // middle lines have to have full line match
-                                // middle lines
-                                if (lines[valIndex] !== valLine) {
-                                    stillMatches = false;
-                                }
-                            }
-                            else {
-                                // last lines have start with the value
-                                if (!lines[valIndex].startsWith(valLine)) {
-                                    stillMatches = false;
-                                }
-                                if (stillMatches === true) {
-                                    fullMatch = true;
-                                }
-                            }
-                        });
-                        if (fullMatch) {
-                            matches.push({
-                                file,
-                                lineNumber: lineNumber - lines.length + 1,
-                                key: getKeyForValue(valVariant),
-                                enhancedMatch: false,
-                            });
-                            return;
-                        }
-                    }
-                });
-            }
-        });
-        rl.on('error', function (error) {
-            if (error?.code === 'EISDIR') {
-                // file path is a directory - do nothing
-                resolve(matches);
-            }
-            else {
-                reject(error);
-            }
-        });
-        rl.on('close', function () {
-            resolve(matches);
-        });
-    });
-};
 /**
  * Search stream implementation using just read stream that allows to buffer less content
  */
@@ -610,6 +495,3 @@ export function groupScanResultsByKeyAndScanType(scanResults) {
     sortMatches(enhancedSecretMatchesByKeys);
     return { secretMatches: secretMatchesByKeys, enhancedSecretMatches: enhancedSecretMatchesByKeys };
 }
-function isMultiLineVal(v) {
-    return typeof v === 'string' && v.includes('\n');
-}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@netlify/build",
-  "version": "34.0.0",
+  "version": "34.0.1",
   "description": "Netlify build module",
   "type": "module",
   "exports": "./lib/index.js",
@@ -67,16 +67,16 @@
   "license": "MIT",
   "dependencies": {
     "@bugsnag/js": "^8.0.0",
-    "@netlify/blobs": "^10.0.3",
+    "@netlify/blobs": "^10.0.4",
     "@netlify/cache-utils": "^6.0.3",
     "@netlify/config": "^23.1.0",
-    "@netlify/edge-bundler": "14.0.6",
-    "@netlify/functions-utils": "^6.0.14",
+    "@netlify/edge-bundler": "14.0.7",
+    "@netlify/functions-utils": "^6.0.15",
     "@netlify/git-utils": "^6.0.2",
     "@netlify/opentelemetry-utils": "^2.0.1",
     "@netlify/plugins-list": "^6.80.0",
     "@netlify/run-utils": "^6.0.2",
-    "@netlify/zip-it-and-ship-it": "13.0.0",
+    "@netlify/zip-it-and-ship-it": "13.0.1",
     "@sindresorhus/slugify": "^2.0.0",
     "ansi-escapes": "^7.0.0",
     "chalk": "^5.0.0",
@@ -156,5 +156,5 @@
   "engines": {
     "node": ">=18.14.0"
   },
-  "gitHead": "cc8bccf13040e0e43282845c5a3a6d17db659ce8"
+  "gitHead": "e471abe7b07fb8a34110d06bd8857c89f1d84142"
 }