@socketsecurity/cli-with-sentry 1.0.95 → 1.0.97

package/external/@coana-tech/cli/reachability-analyzers-cli.mjs

@@ -68747,7 +68747,7 @@ var {
 } = import_index.default;
 
 // dist/reachability-analyzers-cli.js
-import { readFile as readFile11, writeFile as writeFile9 } from "fs/promises";
+import { readFile as readFile12, writeFile as writeFile9 } from "fs/promises";
 
 // ../web-compat-utils/src/logger-singleton.ts
 var import_winston = __toESM(require_winston(), 1);
@@ -68768,6 +68768,7 @@ function utilFormatter() {
 }
 
 // ../web-compat-utils/src/logger-singleton.ts
+import { readFile } from "fs/promises";
 var CLILogger = class {
   logger = console;
   writeStream;
@@ -68847,6 +68848,16 @@ var CLILogger = class {
       });
     });
   }
+  async getLogContent(logFilePath) {
+    await this.finish();
+    let logContent;
+    try {
+      logContent = await readFile(logFilePath, "utf-8");
+    } catch (e) {
+      console.error("Error reading log file", e);
+    }
+    return logContent;
+  }
   set silent(silent) {
     if (!(this.logger instanceof import_winston.Logger)) throw new Error("Cannot set silent mode on console logger");
     this.logger.silent = silent;
@@ -73185,7 +73196,7 @@ function getCoanaAPI() {
 
 // ../utils/src/dashboard-api/socket-api.ts
 var import_form_data2 = __toESM(require_form_data2(), 1);
-import { readFile } from "fs/promises";
+import { readFile as readFile2 } from "fs/promises";
 import { join } from "path";
 
 // ../web-compat-utils/src/ghsa.ts
@@ -73388,6 +73399,62 @@ async function getLatestBucketsSocket(subprojectPath, workspacePath) {
     return void 0;
   }
 }
+async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
+    const data2 = {
+      manifestsTarHash,
+      repositoryName,
+      options,
+      cliCommand
+    };
+    const response = await axios2.post(url2, data2, { headers: getAuthHeaders() });
+    return response.data.id;
+  } catch (error) {
+    handleError(error, "Error registering autofix or upgrade purl run", false);
+  }
+}
+async function finalizeAutofixRun(autofixRunId, status, stackTrace, logFileContent) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/finalize-autofix-run`);
+    const data2 = {
+      autofixRunId,
+      status,
+      stackTrace,
+      logFileContent
+    };
+    await axios2.post(url2, data2, { headers: getAuthHeaders() });
+  } catch (error) {
+    handleError(error, "Error finalizing autofix run", false);
+  }
+}
+async function registerUpgradePurlRun(autofixRunId, upgradeSpecs) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-upgrade-purl-run`);
+    const data2 = {
+      cliRunId: autofixRunId,
+      upgradeSpecs
+    };
+    const response = await axios2.post(url2, data2, { headers: getAuthHeaders() });
+    return response.data.id;
+  } catch (error) {
+    handleError(error, "Error registering upgrade purl run", false);
+  }
+}
+async function finalizeUpgradePurlRun(upgradePurlRunId, status, stackTrace, logFileContent) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/finalize-upgrade-purl-run`);
+    const data2 = {
+      upgradePurlRunId,
+      status,
+      stackTrace,
+      logFileContent
+    };
+    await axios2.post(url2, data2, { headers: getAuthHeaders() });
+  } catch (error) {
+    handleError(error, "Error finalizing upgrade purl run", false);
+  }
+}
 function getSocketAPI() {
   return {
     createSocketTier1Scan,
@@ -73395,7 +73462,11 @@ function getSocketAPI() {
     registerSubprojectsSocket,
     registerCLIProgressSocket,
     registerAnalysisMetadataSocket,
-    getLatestBucketsSocket
+    getLatestBucketsSocket,
+    registerAutofixOrUpgradePurlRun,
+    finalizeAutofixRun,
+    registerUpgradePurlRun,
+    finalizeUpgradePurlRun
   };
 }
 
@@ -74116,7 +74187,7 @@ import { resolve as resolve13 } from "path";
 
 // ../utils/src/pip-utils.ts
 import { existsSync as existsSync2 } from "fs";
-import { readFile as readFile3 } from "fs/promises";
+import { readFile as readFile4 } from "fs/promises";
 import { resolve as resolve3 } from "path";
 import util4 from "util";
 
@@ -74125,7 +74196,7 @@ var import_lodash4 = __toESM(require_lodash(), 1);
 var import_semver = __toESM(require_semver2(), 1);
 import { execFileSync } from "child_process";
 import { constants as constants2 } from "fs";
-import { access as access2, readFile as readFile2 } from "fs/promises";
+import { access as access2, readFile as readFile3 } from "fs/promises";
 import { join as join4, resolve as resolve2 } from "path";
 import util3 from "util";
 var { once } = import_lodash4.default;
@@ -74164,7 +74235,7 @@ var PythonVersionsManager = class _PythonVersionsManager {
     const pyenvRoot = process.env.PYENV_ROOT ?? await runCommandResolveStdOut("pyenv root");
     if (pyenvOrigin !== join4(pyenvRoot, "version"))
       try {
-        return [(await readFile2(pyenvOrigin, "utf-8")).split("\n")[0].trim()];
+        return [(await readFile3(pyenvOrigin, "utf-8")).split("\n")[0].trim()];
       } catch (e) {
         if (e.code !== "ENOENT") logger.warn("Failed to read python version file with error", e);
       }
@@ -74351,7 +74422,7 @@ function addPathToTrie(root3, vulnPath) {
 var import_lodash14 = __toESM(require_lodash(), 1);
 import assert6 from "assert";
 import { existsSync as existsSync10 } from "fs";
-import { cp as cp5, readdir as readdir3, readFile as readFile9, rm as rm5, writeFile as writeFile8 } from "fs/promises";
+import { cp as cp5, readdir as readdir3, readFile as readFile10, rm as rm5, writeFile as writeFile8 } from "fs/promises";
 import { basename as basename9, dirname as dirname12, join as join20, resolve as resolve11, sep as sep3 } from "path";
 import util5 from "util";
 
@@ -74518,7 +74589,7 @@ function assertDefined(value) {
 
 // dist/whole-program-code-aware-vulnerability-scanner/dotnet/dotnet-code-aware-vulnerability-scanner.js
 var import_adm_zip = __toESM(require_adm_zip(), 1);
-import { mkdir, readFile as readFile4, writeFile as writeFile3 } from "fs/promises";
+import { mkdir, readFile as readFile5, writeFile as writeFile3 } from "fs/promises";
 var import_packageurl_js4 = __toESM(require_packageurl_js(), 1);
 import { randomUUID } from "crypto";
 
@@ -74547,7 +74618,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
   }
   static initFromDependencyTree(dependencyTree, timeoutInSeconds, statusUpdater) {
     return new _DotnetCodeAwareVulnerabilityScanner({
-      [randomUUID()]: {
+      [serializeNugetDependencyToPackageUrl(dependencyTree)]: {
         src: dependencyTree.src,
         bin: dependencyTree.bin,
         ecosystemSpecificPackageInfo: {
@@ -74611,7 +74682,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       try {
         const nugetDependencyChain = await convertDependencyChain(dependencyChain, tmpDir);
         const scanner = new _DotnetCodeAwareVulnerabilityScanner({
-          [randomUUID()]: {
+          [serializeNugetDependencyToPackageUrl(nugetDependencyChain[0])]: {
             src: nugetDependencyChain[0].src,
             bin: nugetDependencyChain[0].bin,
             ecosystemSpecificPackageInfo: {
@@ -74653,8 +74724,8 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${cocoaPath} --tree-sitter-c-sharp ${treeSitterCSharpPath}`);
       if (result.error)
         return void 0;
-      const directNodes = JSON.parse(await readFile4(outputFile, "utf-8")).result;
-      return directNodes?.filter((node) => !Object.hasOwn(this.apps, node.packageId))?.map((node) => parsePackageUrlToNugetDependency(node.packageId).packageName);
+      const packageIds = JSON.parse(await readFile5(outputFile, "utf-8")).result;
+      return packageIds?.filter((packageId) => !Object.hasOwn(this.apps, packageId))?.map((packageId) => parsePackageUrlToNugetDependency(packageId).packageName);
     });
   }
   async runAnalysis(vulnerabilities, heuristic, _analyzesAllVulns, _experiment) {
@@ -74684,7 +74755,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${cocoaPath} --tree-sitter-c-sharp ${treeSitterCSharpPath}`);
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
-      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile4(outputFile, "utf-8")).result;
+      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile5(outputFile, "utf-8")).result;
       if (!success)
         return { type: "error", message: error ?? "unknown error" };
       return {
@@ -74692,19 +74763,18 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
         diagnostics,
         terminatedEarly: diagnostics.timeout,
         reachedDependencies: true,
-        computeDetectedOccurrences: ({ vulnerabilityAccessPaths: vulnerabilityAccessPaths2 }) => _DotnetCodeAwareVulnerabilityScanner.computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerabilityAccessPaths2)
+        computeDetectedOccurrences: ({ vulnerabilityAccessPaths: vulnerabilityAccessPaths2 }) => _DotnetCodeAwareVulnerabilityScanner.computeDetectedOccurrences(appPackageIds, vulnerablePaths, i(vulnerabilityAccessPaths2.map((vulnerabilityAccessPath) => vulnerabilityAccessPath.slice(1).split(":")[0])))
       };
     });
   }
-  static computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerableAccessPaths) {
+  static computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerableClasses) {
     const affectedPackages = /* @__PURE__ */ new Set();
     const classStacks = [];
-    for (const vulnerableMethod of vulnerableAccessPaths) {
-      const classForVulnerableMethod = vulnerableMethod.slice(1).split(":")[0];
-      const vulnerablePathsForMethod = vulnerablePaths[classForVulnerableMethod];
-      if (!vulnerablePathsForMethod)
+    for (const vulnerableClass of vulnerableClasses) {
+      const vulnerablePathsForClass = vulnerablePaths[vulnerableClass];
+      if (!vulnerablePathsForClass)
         continue;
-      classStacks.push(...vulnerablePathsForMethod.map((vulnPath) => {
+      classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
         if (vulnPath.length < 2)
           throw new Error("The path should always have length at least two.");
         return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
@@ -74713,7 +74783,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
           confidence
         }));
       }));
-      vulnerablePathsForMethod.flatMap((vulnPath) => vulnPath.slice(1).map(({ packageId }) => parsePackageUrlToNugetDependency(packageId))).forEach((node) => affectedPackages.add(`${node.packageName}@${node.version}`));
+      vulnerablePathsForClass.flatMap((vulnPath) => vulnPath).filter(({ packageId }) => !appPackageIds.has(packageId)).map(({ packageId }) => parsePackageUrlToNugetDependency(packageId)).forEach((node) => affectedPackages.add(`${node.packageName}@${node.version}`));
     }
     return {
       analysisLevel: "class-level",
@@ -74783,7 +74853,7 @@ async function convertSocketArtifacts(artifacts, tmpDir) {
 // dist/whole-program-code-aware-vulnerability-scanner/java/java-code-aware-vulnerability-scanner.js
 var import_lodash8 = __toESM(require_lodash(), 1);
 import { existsSync as existsSync7 } from "fs";
-import { mkdir as mkdir2, readFile as readFile5, writeFile as writeFile4 } from "fs/promises";
+import { mkdir as mkdir2, readFile as readFile6, writeFile as writeFile4 } from "fs/promises";
 import { basename as basename5, dirname as dirname4, join as join14 } from "path";
 
 // ../../node_modules/.pnpm/cheerio@1.0.0-rc.12/node_modules/cheerio/lib/esm/options.js
@@ -88392,7 +88462,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
   }
   static initFromDependencyTree(dependencyTree, timeoutInSeconds, statusUpdater) {
     return new _JavaCodeAwareVulnerabilityScanner({
-      [randomUUID2()]: {
+      [serializeMavenDependencyToPackageUrl(dependencyTree)]: {
         src: dependencyTree.src,
         bin: dependencyTree.bin,
         ecosystemSpecificPackageInfo: {
@@ -88456,7 +88526,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       try {
         const mavenDependencyChain = await convertDependencyChain2(dependencyChain, tmpDir);
         const scanner = new _JavaCodeAwareVulnerabilityScanner({
-          [randomUUID2()]: {
+          [serializeMavenDependencyToPackageUrl(mavenDependencyChain[0])]: {
             src: mavenDependencyChain[0].src,
             bin: mavenDependencyChain[0].bin,
             ecosystemSpecificPackageInfo: {
@@ -88498,8 +88568,8 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --alucard ${alucardPath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`);
       if (result.error)
         return void 0;
-      const directNodes = JSON.parse(await readFile5(outputFile, "utf-8")).result;
-      return directNodes?.filter((node) => !Object.hasOwn(this.apps, node.packageId))?.map((node) => parsePackageUrlToMavenDependency(node.packageId).packageName);
+      const packageIds = JSON.parse(await readFile6(outputFile, "utf-8")).result;
+      return packageIds?.filter((packageId) => !Object.hasOwn(this.apps, packageId))?.map((packageId) => parsePackageUrlToMavenDependency(packageId).packageName);
     });
   }
   async runAnalysis(vulnerabilities, heuristic, _analyzesAllVulns, _experiment) {
@@ -88529,7 +88599,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --alucard ${alucardPath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`);
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
-      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile5(outputFile, "utf-8")).result;
+      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile6(outputFile, "utf-8")).result;
       if (!success)
         return { type: "error", message: error ?? "unknown error" };
       return {
@@ -88537,19 +88607,18 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
         diagnostics,
         terminatedEarly: diagnostics.timeout,
         reachedDependencies: true,
-        computeDetectedOccurrences: ({ vulnerabilityAccessPaths: vulnerabilityAccessPaths2 }) => _JavaCodeAwareVulnerabilityScanner.computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerabilityAccessPaths2)
+        computeDetectedOccurrences: ({ vulnerabilityAccessPaths: vulnerabilityAccessPaths2 }) => _JavaCodeAwareVulnerabilityScanner.computeDetectedOccurrences(appPackageIds, vulnerablePaths, i(vulnerabilityAccessPaths2.map((vulnerabilityAccessPath) => vulnerabilityAccessPath.slice(1).split(":")[0])))
       };
     });
   }
-  static computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerableAccessPaths) {
+  static computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerableClasses) {
     const affectedPackages = /* @__PURE__ */ new Set();
     const classStacks = [];
-    for (const vulnerableMethod of vulnerableAccessPaths) {
-      const classForVulnerableMethod = vulnerableMethod.slice(1).split(":")[0];
-      const vulnerablePathsForMethod = vulnerablePaths[classForVulnerableMethod];
-      if (!vulnerablePathsForMethod)
+    for (const vulnerableClass of vulnerableClasses) {
+      const vulnerablePathsForClass = vulnerablePaths[vulnerableClass];
+      if (!vulnerablePathsForClass)
         continue;
-      classStacks.push(...vulnerablePathsForMethod.map((vulnPath) => {
+      classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
         if (vulnPath.length < 2)
           throw new Error("The path should always have length at least two.");
         return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
@@ -88558,7 +88627,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
           confidence
         }));
       }));
-      vulnerablePathsForMethod.flatMap((vulnPath) => vulnPath.slice(1).map(({ packageId }) => parsePackageUrlToMavenDependency(packageId))).forEach((node) => affectedPackages.add(`${node.packageName}@${node.version}`));
+      vulnerablePathsForClass.flatMap((vulnPath) => vulnPath).filter(({ packageId }) => !appPackageIds.has(packageId)).map(({ packageId }) => parsePackageUrlToMavenDependency(packageId)).forEach((node) => affectedPackages.add(`${node.packageName}@${node.version}`));
     }
     return {
       analysisLevel: "class-level",
@@ -88645,7 +88714,7 @@ async function convertSocketArtifacts2(artifacts, tmpDir) {
 
 // dist/whole-program-code-aware-vulnerability-scanner/js/jelly-runner.js
 var import_lodash9 = __toESM(require_lodash(), 1);
-import { readFile as readFile6, rm as rm2, writeFile as writeFile5 } from "fs/promises";
+import { readFile as readFile7, rm as rm2, writeFile as writeFile5 } from "fs/promises";
 import { relative as relative4, resolve as resolve6 } from "path";
 var { map: map2, uniq: uniq4 } = import_lodash9.default;
 var PRINT_JELLY_COMMAND = false;
@@ -88704,15 +88773,15 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
       experiment && reachabilityAnalysisOptions.timeoutInSeconds ? { timeout: reachabilityAnalysisOptions.timeoutInSeconds * 1e3 * 1.5 } : void 0
     );
     if (reachabilityAnalysisOptions.printLogFile)
-      logger.info("JS analysis log file:", await readFile6(logFile, "utf-8"));
-    const analysisDiagnostics = JSON.parse(await readFile6(diagnosticsFile, "utf-8"));
+      logger.info("JS analysis log file:", await readFile7(logFile, "utf-8"));
+    const analysisDiagnostics = JSON.parse(await readFile7(diagnosticsFile, "utf-8"));
     analysisDiagnostics.time = analysisDiagnostics.analysisTime;
     delete analysisDiagnostics.analysisTime;
     analysisDiagnostics.timings = {
       analysisTime: analysisDiagnostics.time,
       patternMatchingTime: analysisDiagnostics.patternMatchingTime
     };
-    const callStacks = JSON.parse(await readFile6(callStackFile, "utf-8"));
+    const callStacks = JSON.parse(await readFile7(callStackFile, "utf-8"));
     const matches = {};
     for (const { vulnerability, paths } of callStacks) {
       const transformedStacks = transformJellyCallStacks(projectRoot, paths);
@@ -88746,7 +88815,7 @@ async function runJellyPhantomDependencyAnalysis(projectRoot) {
       projectRoot
     ];
     await runCommandResolveStdOut(jellyCmd);
-    return JSON.parse(await readFile6(reachablePackagesFile, "utf-8"));
+    return JSON.parse(await readFile7(reachablePackagesFile, "utf-8"));
   } finally {
     await rm2(tmpFolder, { recursive: true });
   }
@@ -95049,7 +95118,7 @@ function transformSourceLocations(fileMappings, detectedOccurrences) {
 var import_lodash11 = __toESM(require_lodash(), 1);
 import assert4 from "assert";
 import { existsSync as existsSync9, createReadStream, createWriteStream as createWriteStream2 } from "fs";
-import { readFile as readFile7, rm as rm4, cp as cp4 } from "fs/promises";
+import { readFile as readFile8, rm as rm4, cp as cp4 } from "fs/promises";
 import zlib2 from "zlib";
 import { join as join17, resolve as resolve9, sep } from "path";
 import { pipeline } from "stream/promises";
@@ -95102,9 +95171,9 @@ var GoCodeAwareVulnerabilityScanner = class {
       if (stderr)
         logger.debug(`Go code-aware analysis stderr
 ${stderr}`);
-      const diagnostics = JSON.parse(await readFile7(diagnosticsOutputFile, "utf8"));
+      const diagnostics = JSON.parse(await readFile8(diagnosticsOutputFile, "utf8"));
       logger.debug("Diagnostics", diagnostics);
-      const result = JSON.parse(await readFile7(vulnsOutputFile, "utf8"));
+      const result = JSON.parse(await readFile8(vulnsOutputFile, "utf8"));
       logger.debug("Analysis results", result);
       return {
         type: "success",
@@ -95199,7 +95268,7 @@ ${stderr}`);
 
 // dist/whole-program-code-aware-vulnerability-scanner/rust/rust-code-aware-vulnerability-scanner.js
 var import_lodash12 = __toESM(require_lodash(), 1);
-import { readFile as readFile8, writeFile as writeFile7 } from "fs/promises";
+import { readFile as readFile9, writeFile as writeFile7 } from "fs/promises";
 import { basename as basename8, dirname as dirname11, join as join19 } from "path";
 
 // dist/whole-program-code-aware-vulnerability-scanner/rust/heuristics.js
@@ -95940,7 +96009,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
   }
   static initFromDependencyTree(dependencyTree, timeoutInSeconds, statusUpdater) {
     return new _RustCodeAwareVulnerabilityScanner({
-      [randomUUID3()]: {
+      [serializeRustDependencyToPackageUrl(dependencyTree)]: {
         src: dependencyTree.src,
         ecosystemSpecificPackageInfo: {
           type: "RUST",
@@ -96004,7 +96073,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       try {
         const rustDependencyChain = await convertDependencyChain3(dependencyChain, tmpDir);
         const scanner = new _RustCodeAwareVulnerabilityScanner({
-          [randomUUID3()]: {
+          [serializeRustDependencyToPackageUrl(rustDependencyChain[0])]: {
             src: rustDependencyChain[0].src,
             ecosystemSpecificPackageInfo: {
               type: "RUST",
@@ -96046,8 +96115,8 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${treeSitterRustPath}`);
       if (result.error)
         return void 0;
-      const directNodes = JSON.parse(await readFile8(outputFile, "utf-8")).result;
-      return directNodes?.filter((node) => !Object.hasOwn(this.apps, node.packageId))?.map((node) => parsePackageUrlToRustDependency(node.packageId).packageName);
+      const packageIds = JSON.parse(await readFile9(outputFile, "utf-8")).result;
+      return packageIds?.filter((packageId) => !Object.hasOwn(this.apps, packageId))?.map((packageId) => parsePackageUrlToRustDependency(packageId).packageName);
     });
   }
   async runAnalysis(vulnerabilities, heuristic, _analyzesAllVulns) {
@@ -96078,7 +96147,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${treeSitterRustPath}`);
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
-      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile8(outputFile, "utf-8")).result;
+      const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths } = JSON.parse(await readFile9(outputFile, "utf-8")).result;
       if (!success)
         return { type: "error", message: error ?? "unknown error" };
       return {
@@ -96086,19 +96155,21 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
         diagnostics,
         terminatedEarly: diagnostics.timeout,
         reachedDependencies: true,
-        computeDetectedOccurrences: ({ vulnerabilityAccessPaths: vulnerabilityAccessPaths2 }) => _RustCodeAwareVulnerabilityScanner.computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerabilityAccessPaths2)
+        computeDetectedOccurrences: ({ vulnerabilityAccessPaths: vulnerabilityAccessPaths2 }) => _RustCodeAwareVulnerabilityScanner.computeDetectedOccurrences(appPackageIds, vulnerablePaths, i(vulnerabilityAccessPaths2.map(
+          // Note, rust uses '::' as path separator, so we need to split on ': ' and not only ':'
+          (vulnerabilityAccessPath) => vulnerabilityAccessPath.slice(1).split(": ")[0]
+        )))
       };
     });
   }
-  static computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerableAccessPaths) {
+  static computeDetectedOccurrences(appPackageIds, vulnerablePaths, vulnerableClasses) {
     const affectedPackages = /* @__PURE__ */ new Set();
     const classStacks = [];
-    for (const vulnerableMethod of vulnerableAccessPaths) {
-      const classForVulnerableMethod = vulnerableMethod.slice(1).split(": ")[0];
-      const vulnerablePathsForMethod = vulnerablePaths[classForVulnerableMethod];
-      if (!vulnerablePathsForMethod)
+    for (const vulnerableClass of vulnerableClasses) {
+      const vulnerablePathsForClass = vulnerablePaths[vulnerableClass];
+      if (!vulnerablePathsForClass)
         continue;
-      classStacks.push(...vulnerablePathsForMethod.map((vulnPath) => {
+      classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
         if (vulnPath.length < 2)
           throw new Error("The path should always have length at least two.");
         return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
@@ -96107,7 +96178,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
           confidence
         }));
       }));
-      vulnerablePathsForMethod.flatMap((vulnPath) => vulnPath.slice(1).map(({ packageId }) => parsePackageUrlToRustDependency(packageId))).forEach((node) => affectedPackages.add(`${node.packageName}@${node.version}`));
+      vulnerablePathsForClass.flatMap((vulnPath) => vulnPath).filter(({ packageId }) => !appPackageIds.has(packageId)).map(({ packageId }) => parsePackageUrlToRustDependency(packageId)).forEach((node) => affectedPackages.add(`${node.packageName}@${node.version}`));
     }
     return {
       analysisLevel: "class-level",
@@ -96175,7 +96246,7 @@ async function getCrateInfo(cargoTomlPath) {
   let examples;
   let tests;
   const cargoTomlDir = dirname11(cargoTomlPath);
-  const content = await readFile8(cargoTomlPath, "utf-8");
+  const content = await readFile9(cargoTomlPath, "utf-8");
   const parsed = parse14(content);
   if (typeof parsed.package === "object" && "name" in parsed.package) {
     const crateName = parsed.package.name;
@@ -96452,10 +96523,10 @@ ${vulnAccPaths.join("\n")}`);
       if (errors.length > 0)
         logger.info(`Error messages from mambalade:
 ${errors.join("\n")}`);
-      const result = JSON.parse(await readFile9(vulnsOutputFile, "utf-8"));
+      const result = JSON.parse(await readFile10(vulnsOutputFile, "utf-8"));
       logger.debug("Analysis result:", JSON.stringify(result, null, 2));
       logger.debug("About to read diagnostics output file");
-      const { modules, ...mambaladeDiagnosticsOutput } = JSON.parse(await readFile9(diagnosticsOutputFile, "utf-8"));
+      const { modules, ...mambaladeDiagnosticsOutput } = JSON.parse(await readFile10(diagnosticsOutputFile, "utf-8"));
       logger.debug("Done reading diagnostics output file");
       const getTimes = (...keys) => (
         // Mambalade outputs times in seconds, we convert them to milliseconds
@@ -97500,13 +97571,13 @@ async function runReachabilityAnalysis(state) {
 }
 
 // dist/reachability-analysis-state.js
-import { readFile as readFile10 } from "fs/promises";
+import { readFile as readFile11 } from "fs/promises";
 async function getReachabilityAnalyzersStateFromInput(rootWorkingDir, subprojectDir, workspacePath, inputFile) {
   return {
     rootWorkingDir,
     subprojectDir,
     workspacePath,
-    ...JSON.parse(await readFile10(inputFile, "utf-8"))
+    ...JSON.parse(await readFile11(inputFile, "utf-8"))
   };
 }
 
@@ -97522,7 +97593,7 @@ var runReachabilityAnalysisCmd = new Command().name("runReachabilityAnalysis").a
   }
 }));
 var runOnDependencyChainCmd = new Command().name("runOnDependencyChain").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--coana-log-path <logPath>", "Coana log path").option("--silent-spinner", "Silence spinner").requiredOption("-i, --input-file <inputFile>", "Input file for data and vulnerabilities").requiredOption("-o, --output-file <outputFile>", "Output directory for the results").configureHelp({ sortSubcommands: true, sortOptions: true }).action(async (options) => withLoggerAndSpinner("Coana Reachability Analyzers", options, async () => {
-  const { ecosystem, dependencyChain, vulnerability } = JSON.parse(await readFile11(options.inputFile, "utf-8"));
+  const { ecosystem, dependencyChain, vulnerability } = JSON.parse(await readFile12(options.inputFile, "utf-8"));
   const result = await analyzePackages(ecosystem, deserializeDependencyChain(ecosystem, dependencyChain), vulnerability);
   if (options.outputFile) {
     logger.debug("Writing result to file", options.outputFile);