@socketsecurity/cli-with-sentry 1.1.8 → 1.1.9

package/dist/utils.js

@@ -11,21 +11,21 @@ var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
 var spinner = require('../external/@socketsecurity/registry/lib/spinner');
 var words = require('../external/@socketsecurity/registry/lib/words');
-var Module = require('node:module');
-var path = require('node:path');
 var flags = require('./flags.js');
+var path = require('node:path');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var fs = require('../external/@socketsecurity/registry/lib/fs');
+var Module = require('node:module');
 var shadowNpmBin = require('./shadow-npm-bin.js');
 var fs$1 = require('node:fs');
+var require$$13 = require('../external/@socketsecurity/registry/lib/url');
 var promises = require('node:timers/promises');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
 var globs = require('../external/@socketsecurity/registry/lib/globs');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
 var streams = require('../external/@socketsecurity/registry/lib/streams');
-var require$$13 = require('../external/@socketsecurity/registry/lib/url');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 const sensitiveConfigKeyLookup = new Set(['apiToken']);
@@ -256,6 +256,22 @@ function updateConfigValue(configKey, value) {
   };
 }
 
+const require$2 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
+let _requirements;
+function getRequirements() {
+  if (_requirements === undefined) {
+    _requirements = /*@__PURE__*/require$2(path.join(constants.default.rootPath, 'requirements.json'));
+  }
+  return _requirements;
+}
+
+/**
+ * Convert command path to requirements key.
+ */
+function getRequirementsKey(cmdPath) {
+  return cmdPath.replace(/^socket[: ]/, '').replace(/ +/g, ':');
+}
+
 const TOKEN_PREFIX = 'sktsec_';
 const TOKEN_PREFIX_LENGTH = TOKEN_PREFIX.length;
 const TOKEN_VISIBLE_LENGTH = 5;
@@ -330,10 +346,14 @@ async function setupSdk(options) {
   return {
     ok: true,
     data: new vendor.distExports.SocketSdk(apiToken, {
-      agent: apiProxy ? new ProxyAgent({
-        proxy: apiProxy
-      }) : undefined,
-      baseUrl: apiBaseUrl,
+      ...(apiProxy ? {
+        agent: new ProxyAgent({
+          proxy: apiProxy
+        })
+      } : {}),
+      ...(apiBaseUrl ? {
+        baseUrl: apiBaseUrl
+      } : {}),
       timeout: constants.default.ENV.SOCKET_CLI_API_TIMEOUT,
       userAgent: vendor.distExports.createUserAgentFromPkgJson({
         name: constants.default.ENV.INLINED_SOCKET_CLI_NAME,
@@ -345,6 +365,32 @@ async function setupSdk(options) {
 }
 
 const NO_ERROR_MESSAGE = 'No error message returned';
+/**
+ * Get command requirements from requirements.json based on command path.
+ */
+function getCommandRequirements(cmdPath) {
+  if (!cmdPath) {
+    return undefined;
+  }
+  const requirements = getRequirements();
+  const key = getRequirementsKey(cmdPath);
+  return requirements.api[key] || undefined;
+}
+
+/**
+ * Log required permissions for a command when encountering 403 errors.
+ */
+function logPermissionsFor403(cmdPath) {
+  const requirements = getCommandRequirements(cmdPath);
+  if (!requirements?.permissions?.length) {
+    return;
+  }
+  logger.logger.error('This command requires the following API permissions:');
+  for (const permission of requirements.permissions) {
+    logger.logger.error(`  - ${permission}`);
+  }
+  logger.logger.error('Please ensure your API token has the required permissions.');
+}
 
 // The Socket API server that should be used for operations.
 function getDefaultApiBaseUrl() {
@@ -355,6 +401,10 @@ function getDefaultApiBaseUrl() {
   const API_V0_URL = constants.default.API_V0_URL;
   return API_V0_URL;
 }
+
+/**
+ * Get user-friendly error message for HTTP status codes.
+ */
 async function getErrorMessageForHttpStatusCode(code) {
   if (code === 400) {
     return 'One of the options passed might be incorrect';
@@ -370,8 +420,12 @@ async function getErrorMessageForHttpStatusCode(code) {
   }
   return `Server responded with status code ${code}`;
 }
+/**
+ * Handle Socket SDK API calls with error handling and permission logging.
+ */
 async function handleApiCall(value, options) {
   const {
+    commandPath,
     description,
     spinner
   } = {
@@ -399,7 +453,7 @@ async function handleApiCall(value, options) {
     spinner?.stop();
     const socketSdkErrorResult = {
       ok: false,
-      message: 'Socket API returned an error',
+      message: 'Socket API error',
       cause: vendor.messageWithCauses(e)
     };
     if (description) {
@@ -430,12 +484,17 @@ async function handleApiCall(value, options) {
     const cause = reason && message !== reason ? `${message} (reason: ${reason})` : message;
     const socketSdkErrorResult = {
       ok: false,
-      message: 'Socket API returned an error',
+      message: 'Socket API error',
       cause,
       data: {
         code: sdkResult.status
       }
     };
+
+    // Log required permissions for 403 errors when in a command context.
+    if (commandPath && sdkResult.status === 403) {
+      logPermissionsFor403(commandPath);
+    }
     return socketSdkErrorResult;
   }
   const socketSdkSuccessResult = {
@@ -454,7 +513,7 @@ async function handleApiCallNoSpinner(value, description) {
       error: e
     });
     const errStr = e ? String(e).trim() : '';
-    const message = 'Socket API returned an error';
+    const message = 'Socket API error';
     const rawCause = errStr || NO_ERROR_MESSAGE;
     const cause = message !== rawCause ? rawCause : '';
     return {
@@ -479,7 +538,7 @@ async function handleApiCallNoSpinner(value, description) {
     const cause = reason && message !== reason ? `${message} (reason: ${reason})` : message;
     return {
       ok: false,
-      message: 'Socket API returned an error',
+      message: 'Socket API error',
       cause,
       data: {
         code: sdkResult.status
@@ -494,9 +553,9 @@ async function handleApiCallNoSpinner(value, description) {
   }
 }
 async function queryApi(path, apiToken) {
-  const baseUrl = getDefaultApiBaseUrl() || '';
+  const baseUrl = getDefaultApiBaseUrl();
   if (!baseUrl) {
-    logger.logger.warn('API endpoint is not set and default was empty. Request is likely to fail.');
+    throw new Error('Socket API endpoint is not configured');
   }
   return await fetch(`${baseUrl}${baseUrl.endsWith('/') ? '' : '/'}${path}`, {
     method: 'GET',
@@ -505,7 +564,11 @@ async function queryApi(path, apiToken) {
     }
   });
 }
-async function queryApiSafeText(path, description) {
+
+/**
+ * Query Socket API endpoint and return text response with error handling.
+ */
+async function queryApiSafeText(path, description, commandPath) {
   const apiToken = getDefaultApiToken();
   if (!apiToken) {
     return {
@@ -550,11 +613,10 @@ async function queryApiSafeText(path, description) {
     const {
       status
     } = result;
-    const reason = await getErrorMessageForHttpStatusCode(status);
     return {
       ok: false,
-      message: 'Socket API returned an error',
-      cause: `${result.statusText} (reason: ${reason})`,
+      message: 'Socket API error',
+      cause: `${result.statusText} (reason: ${await getErrorMessageForHttpStatusCode(status)})`,
       data: {
         code: status
       }
@@ -578,6 +640,10 @@ async function queryApiSafeText(path, description) {
     };
   }
 }
+
+/**
+ * Query Socket API endpoint and return parsed JSON response.
+ */
 async function queryApiSafeJson(path, description = '') {
   const result = await queryApiSafeText(path, description);
   if (!result.ok) {
@@ -592,10 +658,13 @@ async function queryApiSafeJson(path, description = '') {
     return {
       ok: false,
       message: 'Server returned invalid JSON',
-      cause: `Please report this. JSON.parse threw an error over the following response: \`${(result.data?.slice?.(0, 100) || '<empty>').trim() + (result.data?.length > 100 ? '...' : '')}\``
+      cause: `Please report this. JSON.parse threw an error over the following response: \`${(result.data?.slice?.(0, 100) || constants.EMPTY_VALUE).trim() + (result.data?.length > 100 ? '...' : '')}\``
     };
   }
 }
+/**
+ * Send POST/PUT request to Socket API with JSON response handling.
+ */
 async function sendApiRequest(path, options) {
   const apiToken = getDefaultApiToken();
   if (!apiToken) {
@@ -605,12 +674,17 @@ async function sendApiRequest(path, options) {
       cause: 'User must be authenticated to run this command. To log in, run the command `socket login` and enter your Socket API token.'
     };
   }
-  const baseUrl = getDefaultApiBaseUrl() || '';
+  const baseUrl = getDefaultApiBaseUrl();
   if (!baseUrl) {
-    logger.logger.warn('API endpoint is not set and default was empty. Request is likely to fail.');
+    return {
+      ok: false,
+      message: 'Configuration Error',
+      cause: 'Socket API endpoint is not configured. Please check your environment configuration.'
+    };
   }
   const {
     body,
+    commandPath,
     description,
     method
   } = {
@@ -663,11 +737,14 @@ async function sendApiRequest(path, options) {
     const {
       status
     } = result;
-    const reason = await getErrorMessageForHttpStatusCode(status);
+    // Log required permissions for 403 errors when in a command context.
+    if (commandPath && status === 403) {
+      logPermissionsFor403(commandPath);
+    }
     return {
       ok: false,
-      message: 'Socket API returned an error',
-      cause: `${result.statusText} (reason: ${reason})`,
+      message: 'Socket API error',
+      cause: `${result.statusText} (reason: ${await getErrorMessageForHttpStatusCode(status)})`,
       data: {
         code: status
       }
@@ -693,7 +770,7 @@ async function sendApiRequest(path, options) {
 }
 
 function failMsgWithBadge(badge, message) {
-  const prefix = vendor.yoctocolorsCjsExports.bgRed(vendor.yoctocolorsCjsExports.bold(vendor.yoctocolorsCjsExports.white(` ${badge}${message ? ': ' : ''}`)));
+  const prefix = vendor.yoctocolorsCjsExports.bgRedBright(vendor.yoctocolorsCjsExports.bold(vendor.yoctocolorsCjsExports.red(` ${badge}${message ? ': ' : ''}`)));
   const postfix = message ? ` ${vendor.yoctocolorsCjsExports.bold(message)}` : '';
   return `${prefix}${postfix}`;
 }
@@ -887,15 +964,6 @@ function getOutputKind(json, markdown) {
   return constants.OUTPUT_TEXT;
 }
 
-const require$2 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
-let _requirements;
-function getRequirements() {
-  if (_requirements === undefined) {
-    _requirements = /*@__PURE__*/require$2(path.join(constants.default.rootPath, 'requirements.json'));
-  }
-  return _requirements;
-}
-
 function camelToKebab(string) {
   return string.replace(/([a-z])([A-Z])/g, '$1-$2').toLowerCase();
 }
@@ -906,20 +974,21 @@ function getFlagApiRequirementsOutput(cmdPath, options) {
     __proto__: null,
     ...options
   };
-  const key = cmdPath.replace(/^socket[: ]/, '').replace(/ +/g, ':');
+  const key = getRequirementsKey(cmdPath);
   const requirements = getRequirements();
   const data = requirements.api[key];
   let result = '';
   if (data) {
     const quota = data?.quota;
-    const perms = data?.permissions;
+    const rawPerms = data?.permissions;
     const padding = ''.padEnd(indent);
     const lines = [];
-    if (typeof quota === 'number') {
+    if (Number.isFinite(quota) && quota > 0) {
       lines.push(`${padding}- Quota: ${quota} ${words.pluralize('unit', quota)}`);
     }
-    if (Array.isArray(perms) && perms.length) {
-      lines.push(`${padding}- Permissions: ${perms.join(' ')}`);
+    if (Array.isArray(rawPerms) && rawPerms.length) {
+      const perms = rawPerms.slice().sort(sorts.naturalCompare);
+      lines.push(`${padding}- Permissions: ${arrays.joinAnd(perms)}`);
     }
     result += lines.join('\n');
   }
@@ -2959,8 +3028,17 @@ async function enablePrAutoMerge({
 }
 async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()) {
   const {
-    host
-  } = new URL(constants.default.ENV.GITHUB_SERVER_URL);
+    GITHUB_SERVER_URL
+  } = constants.default.ENV;
+  const urlObj = require$$13.parseUrl(GITHUB_SERVER_URL);
+  const host = urlObj?.host;
+  if (!host) {
+    require$$9.debugFn('error', 'invalid: GITHUB_SERVER_URL env var');
+    require$$9.debugDir('inspect', {
+      GITHUB_SERVER_URL
+    });
+    return false;
+  }
   const url = `https://x-access-token:${token}@${host}/${owner}/${repo}`;
   const stdioIgnoreOptions = {
     cwd,
@@ -2980,7 +3058,100 @@ async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()
   return false;
 }
 
-const RangeStyles = ['caret', 'gt', 'gte', 'lt', 'lte', 'pin', 'preserve', 'tilde'];
+/**
+ * Converts CVE IDs to GHSA IDs using GitHub API.
+ */
+async function convertCveToGhsa(cveId) {
+  try {
+    const cacheKey = `cve-to-ghsa-${cveId}`;
+    const octokit = getOctokit();
+    const response = await cacheFetch(cacheKey, () => octokit.rest.securityAdvisories.listGlobalAdvisories({
+      cve_id: cveId,
+      per_page: 1
+    }));
+    if (!response.data.length) {
+      return {
+        ok: false,
+        message: `No GHSA found for CVE ${cveId}`
+      };
+    }
+    return {
+      ok: true,
+      data: response.data[0].ghsa_id
+    };
+  } catch (e) {
+    return {
+      ok: false,
+      message: `Failed to convert CVE to GHSA: ${e instanceof Error ? e.message : 'Unknown error'}`
+    };
+  }
+}
+
+const PURL_TO_GITHUB_ECOSYSTEM_MAPPING = {
+  __proto__: null,
+  // GitHub Advisory Database supported ecosystems
+  cargo: 'rust',
+  composer: 'composer',
+  gem: 'rubygems',
+  go: 'go',
+  golang: 'go',
+  maven: 'maven',
+  npm: 'npm',
+  nuget: 'nuget',
+  pypi: 'pip',
+  swift: 'swift'
+};
+
+/**
+ * Converts PURL to GHSA IDs using GitHub API.
+ */
+async function convertPurlToGhsas(purl) {
+  try {
+    const purlObj = getPurlObject(purl, {
+      throws: false
+    });
+    if (!purlObj) {
+      return {
+        ok: false,
+        message: `Invalid PURL format: ${purl}`
+      };
+    }
+    const {
+      name,
+      type: ecosystem,
+      version
+    } = purlObj;
+
+    // Map PURL ecosystem to GitHub ecosystem.
+    const githubEcosystem = PURL_TO_GITHUB_ECOSYSTEM_MAPPING[ecosystem];
+    if (!githubEcosystem) {
+      return {
+        ok: false,
+        message: `Unsupported PURL ecosystem: ${ecosystem}`
+      };
+    }
+
+    // Search for advisories affecting this package.
+    const cacheKey = `purl-to-ghsa-${ecosystem}-${name}-${version || constants.LATEST}`;
+    const octokit = getOctokit();
+    const affects = version ? `${name}@${version}` : name;
+    const response = await cacheFetch(cacheKey, () => octokit.rest.securityAdvisories.listGlobalAdvisories({
+      ecosystem: githubEcosystem,
+      affects
+    }));
+    return {
+      ok: true,
+      data: response.data.map(a => a.ghsa_id)
+    };
+  } catch (e) {
+    return {
+      ok: false,
+      message: `Failed to convert PURL to GHSA: ${e instanceof Error ? e.message : constants.UNKNOWN_ERROR}`
+    };
+  }
+}
+
+const RangeStyles = ['pin', 'preserve'];
 function getMajor(version) {
   try {
     const coerced = vendor.semverExports.coerce(version);
@@ -4053,6 +4224,8 @@ exports.checkCommandInput = checkCommandInput;
 exports.cmdFlagValueToArray = cmdFlagValueToArray;
 exports.cmdFlagsToString = cmdFlagsToString;
 exports.cmdPrefixMessage = cmdPrefixMessage;
+exports.convertCveToGhsa = convertCveToGhsa;
+exports.convertPurlToGhsas = convertPurlToGhsas;
 exports.createEnum = createEnum;
 exports.detectAndValidatePackageEnvironment = detectAndValidatePackageEnvironment;
 exports.detectDefaultBranch = detectDefaultBranch;
@@ -4138,5 +4311,5 @@ exports.toFilterConfig = toFilterConfig;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=737faea9-c80e-4b25-92fc-cf5802905b27
+//# debugId=60d49a4c-4734-44f0-b9b1-eb6a8f55f7d3
 //# sourceMappingURL=utils.js.map