@vltpkg/query 0.0.0-8 → 0.0.0-9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -6
- package/dist/esm/id.d.ts.map +1 -1
- package/dist/esm/id.js +20 -6
- package/dist/esm/id.js.map +1 -1
- package/dist/esm/index.d.ts +7 -2
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +168 -8
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/parser.d.ts +15 -0
- package/dist/esm/parser.d.ts.map +1 -0
- package/dist/esm/parser.js +92 -0
- package/dist/esm/parser.js.map +1 -0
- package/dist/esm/pseudo/attr.d.ts.map +1 -1
- package/dist/esm/pseudo/attr.js +10 -2
- package/dist/esm/pseudo/attr.js.map +1 -1
- package/dist/esm/pseudo/cve.js +1 -1
- package/dist/esm/pseudo/cve.js.map +1 -1
- package/dist/esm/pseudo/cwe.js +1 -1
- package/dist/esm/pseudo/cwe.js.map +1 -1
- package/dist/esm/pseudo/dev.d.ts +6 -0
- package/dist/esm/pseudo/dev.d.ts.map +1 -0
- package/dist/esm/pseudo/dev.js +15 -0
- package/dist/esm/pseudo/dev.js.map +1 -0
- package/dist/esm/pseudo/empty.d.ts +7 -0
- package/dist/esm/pseudo/empty.d.ts.map +1 -0
- package/dist/esm/pseudo/empty.js +14 -0
- package/dist/esm/pseudo/empty.js.map +1 -0
- package/dist/esm/pseudo/helpers.d.ts +9 -1
- package/dist/esm/pseudo/helpers.d.ts.map +1 -1
- package/dist/esm/pseudo/helpers.js +19 -0
- package/dist/esm/pseudo/helpers.js.map +1 -1
- package/dist/esm/pseudo/link.d.ts +9 -0
- package/dist/esm/pseudo/link.d.ts.map +1 -0
- package/dist/esm/pseudo/link.js +25 -0
- package/dist/esm/pseudo/link.js.map +1 -0
- package/dist/esm/pseudo/malware.d.ts +2 -0
- package/dist/esm/pseudo/malware.d.ts.map +1 -1
- package/dist/esm/pseudo/malware.js +115 -7
- package/dist/esm/pseudo/malware.js.map +1 -1
- package/dist/esm/pseudo/missing.d.ts +8 -0
- package/dist/esm/pseudo/missing.d.ts.map +1 -0
- package/dist/esm/pseudo/missing.js +15 -0
- package/dist/esm/pseudo/missing.js.map +1 -0
- package/dist/esm/pseudo/optional.d.ts +6 -0
- package/dist/esm/pseudo/optional.d.ts.map +1 -0
- package/dist/esm/pseudo/optional.js +15 -0
- package/dist/esm/pseudo/optional.js.map +1 -0
- package/dist/esm/pseudo/outdated.d.ts +1 -1
- package/dist/esm/pseudo/outdated.d.ts.map +1 -1
- package/dist/esm/pseudo/outdated.js +33 -27
- package/dist/esm/pseudo/outdated.js.map +1 -1
- package/dist/esm/pseudo/peer.d.ts +6 -0
- package/dist/esm/pseudo/peer.d.ts.map +1 -0
- package/dist/esm/pseudo/peer.js +15 -0
- package/dist/esm/pseudo/peer.js.map +1 -0
- package/dist/esm/pseudo/private.d.ts +7 -0
- package/dist/esm/pseudo/private.d.ts.map +1 -0
- package/dist/esm/pseudo/private.js +16 -0
- package/dist/esm/pseudo/private.js.map +1 -0
- package/dist/esm/pseudo/prod.d.ts +6 -0
- package/dist/esm/pseudo/prod.d.ts.map +1 -0
- package/dist/esm/pseudo/prod.js +15 -0
- package/dist/esm/pseudo/prod.js.map +1 -0
- package/dist/esm/pseudo/published.d.ts +40 -0
- package/dist/esm/pseudo/published.d.ts.map +1 -0
- package/dist/esm/pseudo/published.js +159 -0
- package/dist/esm/pseudo/published.js.map +1 -0
- package/dist/esm/pseudo/scanned.d.ts +4 -2
- package/dist/esm/pseudo/scanned.d.ts.map +1 -1
- package/dist/esm/pseudo/scanned.js +10 -5
- package/dist/esm/pseudo/scanned.js.map +1 -1
- package/dist/esm/pseudo/score.d.ts +15 -0
- package/dist/esm/pseudo/score.d.ts.map +1 -0
- package/dist/esm/pseudo/score.js +119 -0
- package/dist/esm/pseudo/score.js.map +1 -0
- package/dist/esm/pseudo/semver.d.ts.map +1 -1
- package/dist/esm/pseudo/semver.js +11 -25
- package/dist/esm/pseudo/semver.js.map +1 -1
- package/dist/esm/pseudo/severity.d.ts +2 -0
- package/dist/esm/pseudo/severity.d.ts.map +1 -1
- package/dist/esm/pseudo/severity.js +110 -7
- package/dist/esm/pseudo/severity.js.map +1 -1
- package/dist/esm/pseudo/squat.d.ts +2 -0
- package/dist/esm/pseudo/squat.d.ts.map +1 -1
- package/dist/esm/pseudo/squat.js +114 -7
- package/dist/esm/pseudo/squat.js.map +1 -1
- package/dist/esm/pseudo/workspace.d.ts +6 -0
- package/dist/esm/pseudo/workspace.d.ts.map +1 -0
- package/dist/esm/pseudo/workspace.js +15 -0
- package/dist/esm/pseudo/workspace.js.map +1 -0
- package/dist/esm/pseudo.d.ts.map +1 -1
- package/dist/esm/pseudo.js +24 -40
- package/dist/esm/pseudo.js.map +1 -1
- package/dist/esm/types.d.ts +74 -5
- package/dist/esm/types.d.ts.map +1 -1
- package/dist/esm/types.js +12 -13
- package/dist/esm/types.js.map +1 -1
- package/package.json +9 -8
- package/dist/esm/class.d.ts +0 -6
- package/dist/esm/class.d.ts.map +0 -1
- package/dist/esm/class.js +0 -131
- package/dist/esm/class.js.map +0 -1
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
import { error } from '@vltpkg/error-cause';
|
|
2
|
+
import { asPostcssNodeWithChildren, asStringNode, asTagNode, isStringNode, isTagNode, } from "../types.js";
|
|
3
|
+
import { assertSecurityArchive, removeDanglingEdges, removeNode, removeQuotes, } from "./helpers.js";
|
|
4
|
+
const kinds = new Set([
|
|
5
|
+
'overall',
|
|
6
|
+
'license',
|
|
7
|
+
'maintenance',
|
|
8
|
+
'quality',
|
|
9
|
+
'supplyChain',
|
|
10
|
+
'vulnerability',
|
|
11
|
+
undefined,
|
|
12
|
+
]);
|
|
13
|
+
export const isScoreKind = (value) => kinds.has(value);
|
|
14
|
+
export const asScoreKind = (value) => {
|
|
15
|
+
if (!isScoreKind(value)) {
|
|
16
|
+
throw error('Expected a valid score kind', {
|
|
17
|
+
found: value,
|
|
18
|
+
validOptions: Array.from(kinds),
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
return value;
|
|
22
|
+
};
|
|
23
|
+
export const parseInternals = (nodes) => {
|
|
24
|
+
let rateStr = '';
|
|
25
|
+
let comparator = '=';
|
|
26
|
+
let kind = 'overall';
|
|
27
|
+
// Parse the first parameter (rate with optional comparator)
|
|
28
|
+
if (isStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {
|
|
29
|
+
rateStr = removeQuotes(asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])
|
|
30
|
+
.value);
|
|
31
|
+
}
|
|
32
|
+
else if (isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {
|
|
33
|
+
const tagNode = asTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0]);
|
|
34
|
+
rateStr = tagNode.value;
|
|
35
|
+
}
|
|
36
|
+
// Extract comparator if present
|
|
37
|
+
if (rateStr.startsWith('>=')) {
|
|
38
|
+
comparator = '>=';
|
|
39
|
+
rateStr = rateStr.substring(2);
|
|
40
|
+
}
|
|
41
|
+
else if (rateStr.startsWith('<=')) {
|
|
42
|
+
comparator = '<=';
|
|
43
|
+
rateStr = rateStr.substring(2);
|
|
44
|
+
}
|
|
45
|
+
else if (rateStr.startsWith('>')) {
|
|
46
|
+
comparator = '>';
|
|
47
|
+
rateStr = rateStr.substring(1);
|
|
48
|
+
}
|
|
49
|
+
else if (rateStr.startsWith('<')) {
|
|
50
|
+
comparator = '<';
|
|
51
|
+
rateStr = rateStr.substring(1);
|
|
52
|
+
}
|
|
53
|
+
// Parse rate as number
|
|
54
|
+
let rate = parseFloat(rateStr);
|
|
55
|
+
// Normalize to 0-1 range if needed
|
|
56
|
+
if (rate > 1) {
|
|
57
|
+
rate = rate / 100;
|
|
58
|
+
}
|
|
59
|
+
// Validate rate is in acceptable range
|
|
60
|
+
if (rate < 0 || rate > 1) {
|
|
61
|
+
throw error('Expected rate to be between 0 and 100', {
|
|
62
|
+
found: rateStr,
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
// Parse the second parameter (kind) if present
|
|
66
|
+
if (nodes.length > 1) {
|
|
67
|
+
if (isStringNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])) {
|
|
68
|
+
kind = asScoreKind(removeQuotes(asStringNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])
|
|
69
|
+
.value));
|
|
70
|
+
}
|
|
71
|
+
else if (isTagNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])) {
|
|
72
|
+
kind = asScoreKind(asTagNode(asPostcssNodeWithChildren(nodes[1]).nodes[0]).value);
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
return { comparator, rate, kind };
|
|
76
|
+
};
|
|
77
|
+
export const score = async (state) => {
|
|
78
|
+
assertSecurityArchive(state, 'score');
|
|
79
|
+
let internals;
|
|
80
|
+
try {
|
|
81
|
+
internals = parseInternals(asPostcssNodeWithChildren(state.current).nodes);
|
|
82
|
+
}
|
|
83
|
+
catch (err) {
|
|
84
|
+
throw error('Failed to parse :score selector', { cause: err });
|
|
85
|
+
}
|
|
86
|
+
const { comparator, rate, kind } = internals;
|
|
87
|
+
for (const node of state.partial.nodes) {
|
|
88
|
+
const report = state.securityArchive.get(node.id);
|
|
89
|
+
if (!report) {
|
|
90
|
+
removeNode(state, node);
|
|
91
|
+
continue;
|
|
92
|
+
}
|
|
93
|
+
const scoreValue = report.score[kind];
|
|
94
|
+
let exclude = false;
|
|
95
|
+
switch (comparator) {
|
|
96
|
+
case '>':
|
|
97
|
+
exclude = scoreValue <= rate;
|
|
98
|
+
break;
|
|
99
|
+
case '<':
|
|
100
|
+
exclude = scoreValue >= rate;
|
|
101
|
+
break;
|
|
102
|
+
case '>=':
|
|
103
|
+
exclude = scoreValue < rate;
|
|
104
|
+
break;
|
|
105
|
+
case '<=':
|
|
106
|
+
exclude = scoreValue > rate;
|
|
107
|
+
break;
|
|
108
|
+
default: // '='
|
|
109
|
+
exclude = scoreValue !== rate;
|
|
110
|
+
break;
|
|
111
|
+
}
|
|
112
|
+
if (exclude) {
|
|
113
|
+
removeNode(state, node);
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
removeDanglingEdges(state);
|
|
117
|
+
return state;
|
|
118
|
+
};
|
|
119
|
+
//# sourceMappingURL=score.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"score.js","sourceRoot":"","sources":["../../../src/pseudo/score.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EACL,yBAAyB,EACzB,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,SAAS,GACV,MAAM,aAAa,CAAA;AAEpB,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,UAAU,EACV,YAAY,GACb,MAAM,cAAc,CAAA;AAarB,MAAM,KAAK,GAAG,IAAI,GAAG,CAAyB;IAC5C,SAAS;IACT,SAAS;IACT,aAAa;IACb,SAAS;IACT,aAAa;IACb,eAAe;IACf,SAAS;CACV,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAc,EAAuB,EAAE,CACjE,KAAK,CAAC,GAAG,CAAC,KAAmB,CAAC,CAAA;AAEhC,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAc,EAAc,EAAE;IACxD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,CAAC,6BAA6B,EAAE;YACzC,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SAChC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAoB,EAKpB,EAAE;IACF,IAAI,OAAO,GAAG,EAAE,CAAA;IAChB,IAAI,UAAU,GAAoB,GAAG,CAAA;IACrC,IAAI,IAAI,GAAe,SAAS,CAAA;IAEhC,4DAA4D;IAC5D,IAAI,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,OAAO,GAAG,YAAY,CACpB,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACvD,KAAK,CACT,CAAA;IACH,CAAC;SAAM,IACL,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EACvD,CAAC;QACD,MAAM,OAAO,GAAG,SAAS,CACvB,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAC7C,CAAA;QACD,OAAO,GAAG,OAAO,CAAC,KAAK,CAAA;IACzB,CAAC;IAED,gCAAgC;IAChC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,UAAU,GAAG,IAAI,CAAA;QACjB,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAChC,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,UAAU,GAAG,IAAI,CAAA;QACjB,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAChC,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,UAAU,GAAG,GAAG,CAAA;QAChB,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAChC,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,UAAU,GAAG,GAAG,CAAA;QAChB,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAChC,CAAC;IAED,uBAAuB;IACvB,IAAI,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAA;IAE9B,mCAAmC;IACnC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,IAAI,GAAG,IAAI,GAAG,GAAG,CAAA;IACnB,CAAC;IAED,uCAAuC;IACvC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,KAAK,CAAC,uCAAuC,EAAE;YACnD,KAAK,EAAE,OAAO;SACf,CAAC,CAAA;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,IAAI,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,IAAI,GAAG,WAAW,CAChB,YAAY,CACV,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;iBACvD,KAAK,CACT,CACF,CAAA;QACH,CAAC;aAAM,IACL,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EACvD,CAAC;YACD,IAAI,GAAG,WAAW,CAChB,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAC9D,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AACnC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE;IAChD,qBAAqB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAErC,IAAI,SAAS,CAAA;IACb,IAAI,CAAC;QACH,SAAS,GAAG,cAAc,CACxB,yBAAyB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAC/C,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,iCAAiC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,SAAS,CAAA;IAC5C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACvB,SAAQ;QACV,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAErC,IAAI,OAAO,GAAG,KAAK,CAAA;QACnB,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,GAAG;gBACN,OAAO,GAAG,UAAU,IAAI,IAAI,CAAA;gBAC5B,MAAK;YACP,KAAK,GAAG;gBACN,OAAO,GAAG,UAAU,IAAI,IAAI,CAAA;gBAC5B,MAAK;YACP,KAAK,IAAI;gBACP,OAAO,GAAG,UAAU,GAAG,IAAI,CAAA;gBAC3B,MAAK;YACP,KAAK,IAAI;gBACP,OAAO,GAAG,UAAU,GAAG,IAAI,CAAA;gBAC3B,MAAK;YACP,SAAS,MAAM;gBACb,OAAO,GAAG,UAAU,KAAK,IAAI,CAAA;gBAC7B,MAAK;QACT,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAE1B,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["import { error } from '@vltpkg/error-cause'\nimport {\n asPostcssNodeWithChildren,\n asStringNode,\n asTagNode,\n isStringNode,\n isTagNode,\n} from '../types.ts'\nimport type { ParserState, PostcssNode } from '../types.ts'\nimport {\n assertSecurityArchive,\n removeDanglingEdges,\n removeNode,\n removeQuotes,\n} from './helpers.ts'\nimport type { PackageScore } from '@vltpkg/security-archive'\n\nexport type ScoreKinds = keyof PackageScore\n\nexport type ScoreComparator =\n | '>'\n | '<'\n | '>='\n | '<='\n | '='\n | undefined\n\nconst kinds = new Set<ScoreKinds | undefined>([\n 'overall',\n 'license',\n 'maintenance',\n 'quality',\n 'supplyChain',\n 'vulnerability',\n undefined,\n])\n\nexport const isScoreKind = (value?: string): value is ScoreKinds =>\n kinds.has(value as ScoreKinds)\n\nexport const asScoreKind = (value?: string): ScoreKinds => {\n if (!isScoreKind(value)) {\n throw error('Expected a valid score kind', {\n found: value,\n validOptions: Array.from(kinds),\n })\n }\n return value\n}\n\nexport const parseInternals = (\n nodes: PostcssNode[],\n): {\n comparator: ScoreComparator\n rate: number\n kind: ScoreKinds\n} => {\n let rateStr = ''\n let comparator: ScoreComparator = '='\n let kind: ScoreKinds = 'overall'\n\n // Parse the first parameter (rate with optional comparator)\n if (isStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {\n rateStr = removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n .value,\n )\n } else if (\n isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n ) {\n const tagNode = asTagNode(\n asPostcssNodeWithChildren(nodes[0]).nodes[0],\n )\n rateStr = tagNode.value\n }\n\n // Extract comparator if present\n if (rateStr.startsWith('>=')) {\n comparator = '>='\n rateStr = rateStr.substring(2)\n } else if (rateStr.startsWith('<=')) {\n comparator = '<='\n rateStr = rateStr.substring(2)\n } else if (rateStr.startsWith('>')) {\n comparator = '>'\n rateStr = rateStr.substring(1)\n } else if (rateStr.startsWith('<')) {\n comparator = '<'\n rateStr = rateStr.substring(1)\n }\n\n // Parse rate as number\n let rate = parseFloat(rateStr)\n\n // Normalize to 0-1 range if needed\n if (rate > 1) {\n rate = rate / 100\n }\n\n // Validate rate is in acceptable range\n if (rate < 0 || rate > 1) {\n throw error('Expected rate to be between 0 and 100', {\n found: rateStr,\n })\n }\n\n // Parse the second parameter (kind) if present\n if (nodes.length > 1) {\n if (isStringNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])) {\n kind = asScoreKind(\n removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])\n .value,\n ),\n )\n } else if (\n isTagNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])\n ) {\n kind = asScoreKind(\n asTagNode(asPostcssNodeWithChildren(nodes[1]).nodes[0]).value,\n )\n }\n }\n\n return { comparator, rate, kind }\n}\n\nexport const score = async (state: ParserState) => {\n assertSecurityArchive(state, 'score')\n\n let internals\n try {\n internals = parseInternals(\n asPostcssNodeWithChildren(state.current).nodes,\n )\n } catch (err) {\n throw error('Failed to parse :score selector', { cause: err })\n }\n\n const { comparator, rate, kind } = internals\n for (const node of state.partial.nodes) {\n const report = state.securityArchive.get(node.id)\n if (!report) {\n removeNode(state, node)\n continue\n }\n\n const scoreValue = report.score[kind]\n\n let exclude = false\n switch (comparator) {\n case '>':\n exclude = scoreValue <= rate\n break\n case '<':\n exclude = scoreValue >= rate\n break\n case '>=':\n exclude = scoreValue < rate\n break\n case '<=':\n exclude = scoreValue > rate\n break\n default: // '='\n exclude = scoreValue !== rate\n break\n }\n\n if (exclude) {\n removeNode(state, node)\n }\n }\n\n removeDanglingEdges(state)\n\n return state\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"semver.d.ts","sourceRoot":"","sources":["../../../src/pseudo/semver.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAA;AAG7C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;
|
|
1
|
+
{"version":3,"file":"semver.d.ts","sourceRoot":"","sources":["../../../src/pseudo/semver.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAA;AAG7C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AAa9C,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAG3D,MAAM,MAAM,eAAe,GAAG;IAC5B,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,kBAAkB,CAAA;IAClC,gBAAgB,EAAE,sBAAsB,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAC3B,WAAW,GACX,IAAI,GACJ,KAAK,GACL,IAAI,GACJ,KAAK,GACL,IAAI,GACJ,KAAK,CAAA;AACT,MAAM,MAAM,kBAAkB,GAAG,CAC/B,OAAO,EAAE,OAAO,GAAG,MAAM,EACzB,KAAK,EAAE,MAAM,KACV,OAAO,CAAA;AACZ,MAAM,MAAM,sBAAsB,GAC9B,IAAI,CAAC,aAAa,EAAE,WAAW,GAAG,YAAY,CAAC,GAC/C,SAAS,CAAA;AAWb,eAAO,MAAM,oBAAoB,SACzB,MAAM,KACX,IAAI,IAAI,mBAAoD,CAAA;AAE/D,eAAO,MAAM,oBAAoB,SACzB,MAAM,KACX,mBAQF,CAAA;AAeD,eAAO,MAAM,cAAc,UAClB,WAAW,EAAE,SACb,OAAO,KACb,eAkGF,CAAA;AAED,eAAO,MAAM,YAAY,UAAiB,WAAW,yBAyDpD,CAAA"}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { satisfies, gt, gte, lt, lte, eq, neq, parse, parseRange, } from '@vltpkg/semver';
|
|
2
|
-
import { error } from '@vltpkg/error-cause';
|
|
2
|
+
import { asError, error } from '@vltpkg/error-cause';
|
|
3
3
|
import { parseInternals as parseAttrInternals } from "./attr.js";
|
|
4
4
|
import { getManifestPropertyValues } from "../attribute.js";
|
|
5
|
-
import { asAttributeNode, asPostcssNodeWithChildren, asPseudoNode, asStringNode, asTagNode, isAttributeNode,
|
|
5
|
+
import { asAttributeNode, asPostcssNodeWithChildren, asPseudoNode, asStringNode, asTagNode, isAttributeNode, isPseudoNode, isStringNode, isTagNode, } from "../types.js";
|
|
6
6
|
import { removeNode, removeQuotes } from "./helpers.js";
|
|
7
7
|
const semverFunctionNames = new Set([
|
|
8
8
|
'satisfies',
|
|
@@ -32,34 +32,21 @@ const semverFunctions = new Map([
|
|
|
32
32
|
['eq', eq],
|
|
33
33
|
['neq', neq],
|
|
34
34
|
]);
|
|
35
|
-
// list a few css combinators that should never have
|
|
36
|
-
// spaces around when parsing as a semver range
|
|
37
|
-
const unspacedCombinators = new Set([' ', '+']);
|
|
38
35
|
export const parseInternals = (nodes, loose) => {
|
|
39
36
|
// tries to parse the first param as a string node, otherwise defaults
|
|
40
37
|
// to reading all postcss nodes as just strings, since it just means
|
|
41
38
|
// the value was defined as an unquoted string
|
|
42
|
-
let semverValue;
|
|
39
|
+
let semverValue = '';
|
|
43
40
|
try {
|
|
44
41
|
semverValue = removeQuotes(asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])
|
|
45
42
|
.value);
|
|
46
43
|
}
|
|
47
|
-
catch (
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
semverValue += '.';
|
|
54
|
-
}
|
|
55
|
-
else if (isCombinatorNode(node) &&
|
|
56
|
-
!unspacedCombinators.has(node.value)) {
|
|
57
|
-
semverValue += ' ';
|
|
58
|
-
}
|
|
59
|
-
if (node.value) {
|
|
60
|
-
semverValue += node.value;
|
|
61
|
-
}
|
|
62
|
-
}
|
|
44
|
+
catch (err) {
|
|
45
|
+
if (asError(err).message === 'Mismatching query node' &&
|
|
46
|
+
isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {
|
|
47
|
+
// Handle tag node (unquoted values like >=2.0.0)
|
|
48
|
+
const tagNode = asTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0]);
|
|
49
|
+
semverValue = tagNode.value;
|
|
63
50
|
}
|
|
64
51
|
else {
|
|
65
52
|
throw err;
|
|
@@ -76,9 +63,8 @@ export const parseInternals = (nodes, loose) => {
|
|
|
76
63
|
fnName = asSemverFunctionName(removeQuotes(asStringNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])
|
|
77
64
|
.value));
|
|
78
65
|
}
|
|
79
|
-
catch (
|
|
80
|
-
|
|
81
|
-
if (err.message === 'Mismatching query node') {
|
|
66
|
+
catch (err) {
|
|
67
|
+
if (asError(err).message === 'Mismatching query node') {
|
|
82
68
|
fnName = asSemverFunctionName(asTagNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])
|
|
83
69
|
.value);
|
|
84
70
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"semver.js","sourceRoot":"","sources":["../../../src/pseudo/semver.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,EAAE,EACF,GAAG,EACH,EAAE,EACF,GAAG,EACH,EAAE,EACF,GAAG,EACH,KAAK,EACL,UAAU,GACX,MAAM,gBAAgB,CAAA;AAEvB,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EAAE,cAAc,IAAI,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAEhE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,eAAe,EACf,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,YAAY,GACb,MAAM,aAAa,CAAA;AAEpB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAwBvD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,WAAW;IACX,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;CACN,CAAC,CAAA;AACF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,IAAY,EACiB,EAAE,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;AAE/D,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,IAAY,EACS,EAAE;IACvB,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,KAAK,CAAC,8BAA8B,EAAE;YAC1C,KAAK,EAAE,IAAI;YACX,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC;SAC9C,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,IAAI,GAAG,CAG7B;IACA,CAAC,WAAW,EAAE,SAAS,CAAC;IACxB,CAAC,IAAI,EAAE,EAAE,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,IAAI,EAAE,EAAE,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,IAAI,EAAE,EAAE,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;CACb,CAAC,CAAA;AAEF,oDAAoD;AACpD,+CAA+C;AAC/C,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAA;AAEvD,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAoB,EACpB,KAAc,EACG,EAAE;IACnB,sEAAsE;IACtE,oEAAoE;IACpE,8CAA8C;IAC9C,IAAI,WAAW,CAAA;IACf,IAAI,CAAC;QACH,WAAW,GAAG,YAAY,CACxB,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACvD,KAAK,CACT,CAAA;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAU,CAAA;QACtB,IAAI,GAAG,CAAC,OAAO,KAAK,wBAAwB,EAAE,CAAC;YAC7C,WAAW,GAAG,EAAE,CAAA;YAChB,KAAK,MAAM,IAAI,IAAI,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;gBAC7D,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtB,WAAW,IAAI,GAAG,CAAA;gBACpB,CAAC;qBAAM,IACL,gBAAgB,CAAC,IAAI,CAAC;oBACtB,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EACpC,CAAC;oBACD,WAAW,IAAI,GAAG,CAAA;gBACpB,CAAC;gBAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,WAAW,IAAI,IAAI,CAAC,KAAK,CAAA;gBAC3B,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,IAAI,MAAM,GAAwB,WAAW,CAAA;IAC7C,IAAI,CAAC;QACH,sEAAsE;QACtE,wEAAwE;QACxE,uCAAuC;QACvC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,oBAAoB,CAC3B,YAAY,CACV,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;qBACvD,KAAK,CACT,CACF,CAAA;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,GAAG,GAAG,CAAU,CAAA;gBACtB,IAAI,GAAG,CAAC,OAAO,KAAK,wBAAwB,EAAE,CAAC;oBAC7C,MAAM,GAAG,oBAAoB,CAC3B,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;yBACpD,KAAK,CACT,CAAA;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,2EAA2E;QAC3E,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,CAAA;QACT,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IAClD,yEAAyE;IACzE,yDAAyD;IACzD,qBAAqB;IACrB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,KAAK,CAAC,8BAA8B,EAAE;YAC1C,KAAK,EAAE,MAAM;YACb,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACjD,CAAC,CAAA;IACJ,CAAC;IACD,oBAAoB;IAEpB,4CAA4C;IAC5C,IAAI,gBAAwC,CAAA;IAC5C,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACb,MAAM,UAAU,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QACtD,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACpC,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,MAAM,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAA;YAC/C,gBAAgB,GAAG;gBACjB,SAAS;gBACT,UAAU,EAAE,CAAC,SAAS,CAAC;aACxB,CAAA;QACH,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,gBAAgB,GAAG,kBAAkB,CACnC,YAAY,CAAC,QAAQ,CAAC,CAAC,KAAK,CAC7B,CAAA;QACH,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAA;YAC5D,gBAAgB,GAAG;gBACjB,SAAS;gBACT,UAAU,EAAE,CAAC,SAAS,CAAC;aACxB,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW;QACX,cAAc;QACd,gBAAgB;KACjB,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE;IACvD,IAAI,SAAS,CAAA;IACb,IAAI,CAAC;QACH,SAAS,GAAG,cAAc,CACxB,yBAAyB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,EAC9C,CAAC,CAAC,KAAK,CAAC,KAAK,CACd,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,kCAAkC,EAAE;YAC9C,KAAK,EAAE,GAAG;SACX,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAA;IAEnE,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,aAAa,GAAG,yBAAyB,CAC7C,IAAI,EACJ,gBAAgB,CAAC,UAAU,EAC3B,gBAAgB,CAAC,SAAS,CAC3B,CAAA;YAED,iEAAiE;YACjE,oEAAoE;YACpE,iEAAiE;YACjE,MAAM,YAAY,GAAG,aAAa,EAAE,CAAC,CAAC,CAAC,CAAA;YACvC,MAAM,kBAAkB,GAAG,KAAK,CAAC,WAAW,CAAC,CAAA;YAC7C,MAAM,iBAAiB,GACrB,YAAY,IAAI,UAAU,CAAC,YAAY,CAAC,CAAA;YAC1C,IACE,cAAc,KAAK,SAAS;gBAC5B,kBAAkB;gBAClB,iBAAiB,EACjB,CAAC;gBACD,IAAI,CAAC,SAAS,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,EAAE,CAAC;oBACtD,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;gBACzB,CAAC;gBACD,iEAAiE;YACnE,CAAC;iBAAM,IACL,CAAC,YAAY;gBACb,CAAC,cAAc,CAAC,YAAY,EAAE,WAAW,CAAC,EAC1C,CAAC;gBACD,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACzB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAA;YAC9C,IACE,CAAC,eAAe;gBAChB,CAAC,cAAc,CAAC,eAAe,EAAE,WAAW,CAAC,EAC7C,CAAC;gBACD,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["import {\n satisfies,\n gt,\n gte,\n lt,\n lte,\n eq,\n neq,\n parse,\n parseRange,\n} from '@vltpkg/semver'\nimport type { Version } from '@vltpkg/semver'\nimport { error } from '@vltpkg/error-cause'\nimport { parseInternals as parseAttrInternals } from './attr.ts'\nimport type { AttrInternals } from './attr.ts'\nimport { getManifestPropertyValues } from '../attribute.ts'\nimport {\n asAttributeNode,\n asPostcssNodeWithChildren,\n asPseudoNode,\n asStringNode,\n asTagNode,\n isAttributeNode,\n isClassNode,\n isCombinatorNode,\n isPseudoNode,\n isStringNode,\n} from '../types.ts'\nimport type { ParserState, PostcssNode } from '../types.ts'\nimport { removeNode, removeQuotes } from './helpers.ts'\n\nexport type SemverInternals = {\n semverValue: string\n semverFunction: SemverComparatorFn\n compareAttribute: SemverCompareAttribute\n}\n\nexport type SemverFunctionNames =\n | 'satisfies'\n | 'gt'\n | 'gte'\n | 'lt'\n | 'lte'\n | 'eq'\n | 'neq'\nexport type SemverComparatorFn = (\n version: Version | string,\n range: string,\n) => boolean\nexport type SemverCompareAttribute =\n | Pick<AttrInternals, 'attribute' | 'properties'>\n | undefined\n\nconst semverFunctionNames = new Set([\n 'satisfies',\n 'gt',\n 'gte',\n 'lt',\n 'lte',\n 'eq',\n 'neq',\n])\nexport const isSemverFunctionName = (\n name: string,\n): name is SemverFunctionNames => semverFunctionNames.has(name)\n\nexport const asSemverFunctionName = (\n name: string,\n): SemverFunctionNames => {\n if (!isSemverFunctionName(name)) {\n throw error('Invalid semver function name', {\n found: name,\n validOptions: Array.from(semverFunctionNames),\n })\n }\n return name\n}\n\nconst semverFunctions = new Map<\n SemverFunctionNames,\n SemverComparatorFn\n>([\n ['satisfies', satisfies],\n ['gt', gt],\n ['gte', gte],\n ['lt', lt],\n ['lte', lte],\n ['eq', eq],\n ['neq', neq],\n])\n\n// list a few css combinators that should never have\n// spaces around when parsing as a semver range\nconst unspacedCombinators = new Set<string>([' ', '+'])\n\nexport const parseInternals = (\n nodes: PostcssNode[],\n loose: boolean,\n): SemverInternals => {\n // tries to parse the first param as a string node, otherwise defaults\n // to reading all postcss nodes as just strings, since it just means\n // the value was defined as an unquoted string\n let semverValue\n try {\n semverValue = removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n .value,\n )\n } catch (e) {\n const err = e as Error\n if (err.message === 'Mismatching query node') {\n semverValue = ''\n for (const node of asPostcssNodeWithChildren(nodes[0]).nodes) {\n if (isClassNode(node)) {\n semverValue += '.'\n } else if (\n isCombinatorNode(node) &&\n !unspacedCombinators.has(node.value)\n ) {\n semverValue += ' '\n }\n\n if (node.value) {\n semverValue += node.value\n }\n }\n } else {\n throw err\n }\n }\n\n // second param is the function name\n let fnName: SemverFunctionNames = 'satisfies'\n try {\n // if there is a second node defined, try to parse it as a string node\n // first and if that fails, then parse it as a tag node which just means\n // it was defined as an unquoted string\n if (nodes[1]) {\n try {\n fnName = asSemverFunctionName(\n removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])\n .value,\n ),\n )\n } catch (e) {\n const err = e as Error\n if (err.message === 'Mismatching query node') {\n fnName = asSemverFunctionName(\n asTagNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])\n .value,\n )\n } else {\n throw err\n }\n }\n }\n } catch (e) {\n // allow invalid semver function names in loose mode, defaults to satisfies\n if (!loose) {\n throw e\n }\n }\n\n const semverFunction = semverFunctions.get(fnName)\n // the following should never happen as long as the semver function names\n // type and Set are correctly mirroring each other values\n /* c8 ignore start */\n if (!semverFunction) {\n throw error('Invalid semver function name', {\n found: fnName,\n validOptions: Array.from(semverFunctions.keys()),\n })\n }\n /* c8 ignore stop */\n\n // optional third param is the compare value\n let compareAttribute: SemverCompareAttribute\n if (nodes[2]) {\n const parentNode = asPostcssNodeWithChildren(nodes[2])\n const currNode = parentNode.nodes[0]\n if (isAttributeNode(currNode)) {\n const { attribute } = asAttributeNode(currNode)\n compareAttribute = {\n attribute,\n properties: [attribute],\n }\n } else if (isPseudoNode(currNode)) {\n compareAttribute = parseAttrInternals(\n asPseudoNode(currNode).nodes,\n )\n } else if (isStringNode(currNode)) {\n const attribute = removeQuotes(asStringNode(currNode).value)\n compareAttribute = {\n attribute,\n properties: [attribute],\n }\n }\n }\n\n return {\n semverValue,\n semverFunction,\n compareAttribute,\n }\n}\n\nexport const semverParser = async (state: ParserState) => {\n let internals\n try {\n internals = parseInternals(\n asPostcssNodeWithChildren(state.current).nodes,\n !!state.loose,\n )\n } catch (err) {\n throw error('Failed to parse :semver selector', {\n cause: err,\n })\n }\n\n const { semverValue, semverFunction, compareAttribute } = internals\n\n for (const node of state.partial.nodes) {\n if (compareAttribute) {\n const compareValues = getManifestPropertyValues(\n node,\n compareAttribute.properties,\n compareAttribute.attribute,\n )\n\n // if the provided semver value is a fixed semver version and the\n // compare attribute is resolving to a range value, then we flip the\n // order of comparison, in case it's a \"satisfies\" function check\n const compareValue = compareValues?.[0]\n const semverValueVersion = parse(semverValue)\n const compareValueRange =\n compareValue && parseRange(compareValue)\n if (\n semverFunction === satisfies &&\n semverValueVersion &&\n compareValueRange\n ) {\n if (!satisfies(semverValueVersion, compareValueRange)) {\n removeNode(state, node)\n }\n // otherwise just compares the read attribute to the semver value\n } else if (\n !compareValue ||\n !semverFunction(compareValue, semverValue)\n ) {\n removeNode(state, node)\n }\n } else {\n const manifestVersion = node.manifest?.version\n if (\n !manifestVersion ||\n !semverFunction(manifestVersion, semverValue)\n ) {\n removeNode(state, node)\n }\n }\n }\n\n return state\n}\n"]}
|
|
1
|
+
{"version":3,"file":"semver.js","sourceRoot":"","sources":["../../../src/pseudo/semver.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,EAAE,EACF,GAAG,EACH,EAAE,EACF,GAAG,EACH,EAAE,EACF,GAAG,EACH,KAAK,EACL,UAAU,GACX,MAAM,gBAAgB,CAAA;AAEvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AACpD,OAAO,EAAE,cAAc,IAAI,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAEhE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,SAAS,GACV,MAAM,aAAa,CAAA;AAEpB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAwBvD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,WAAW;IACX,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;CACN,CAAC,CAAA;AACF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,IAAY,EACiB,EAAE,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;AAE/D,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,IAAY,EACS,EAAE;IACvB,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,KAAK,CAAC,8BAA8B,EAAE;YAC1C,KAAK,EAAE,IAAI;YACX,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC;SAC9C,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,IAAI,GAAG,CAG7B;IACA,CAAC,WAAW,EAAE,SAAS,CAAC;IACxB,CAAC,IAAI,EAAE,EAAE,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,IAAI,EAAE,EAAE,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,IAAI,EAAE,EAAE,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;CACb,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAoB,EACpB,KAAc,EACG,EAAE;IACnB,sEAAsE;IACtE,oEAAoE;IACpE,8CAA8C;IAC9C,IAAI,WAAW,GAAG,EAAE,CAAA;IACpB,IAAI,CAAC;QACH,WAAW,GAAG,YAAY,CACxB,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACvD,KAAK,CACT,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IACE,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,KAAK,wBAAwB;YACjD,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EACvD,CAAC;YACD,iDAAiD;YACjD,MAAM,OAAO,GAAG,SAAS,CACvB,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAC7C,CAAA;YACD,WAAW,GAAG,OAAO,CAAC,KAAK,CAAA;QAC7B,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,IAAI,MAAM,GAAwB,WAAW,CAAA;IAC7C,IAAI,CAAC;QACH,sEAAsE;QACtE,wEAAwE;QACxE,uCAAuC;QACvC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,oBAAoB,CAC3B,YAAY,CACV,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;qBACvD,KAAK,CACT,CACF,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,KAAK,wBAAwB,EAAE,CAAC;oBACtD,MAAM,GAAG,oBAAoB,CAC3B,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;yBACpD,KAAK,CACT,CAAA;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,2EAA2E;QAC3E,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,CAAA;QACT,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IAClD,yEAAyE;IACzE,yDAAyD;IACzD,qBAAqB;IACrB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,KAAK,CAAC,8BAA8B,EAAE;YAC1C,KAAK,EAAE,MAAM;YACb,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;SACjD,CAAC,CAAA;IACJ,CAAC;IACD,oBAAoB;IAEpB,4CAA4C;IAC5C,IAAI,gBAAwC,CAAA;IAC5C,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACb,MAAM,UAAU,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QACtD,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QACpC,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,MAAM,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAA;YAC/C,gBAAgB,GAAG;gBACjB,SAAS;gBACT,UAAU,EAAE,CAAC,SAAS,CAAC;aACxB,CAAA;QACH,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,gBAAgB,GAAG,kBAAkB,CACnC,YAAY,CAAC,QAAQ,CAAC,CAAC,KAAK,CAC7B,CAAA;QACH,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAA;YAC5D,gBAAgB,GAAG;gBACjB,SAAS;gBACT,UAAU,EAAE,CAAC,SAAS,CAAC;aACxB,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW;QACX,cAAc;QACd,gBAAgB;KACjB,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE;IACvD,IAAI,SAAS,CAAA;IACb,IAAI,CAAC;QACH,SAAS,GAAG,cAAc,CACxB,yBAAyB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,EAC9C,CAAC,CAAC,KAAK,CAAC,KAAK,CACd,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,kCAAkC,EAAE;YAC9C,KAAK,EAAE,GAAG;SACX,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAA;IAEnE,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,aAAa,GAAG,yBAAyB,CAC7C,IAAI,EACJ,gBAAgB,CAAC,UAAU,EAC3B,gBAAgB,CAAC,SAAS,CAC3B,CAAA;YAED,iEAAiE;YACjE,oEAAoE;YACpE,iEAAiE;YACjE,MAAM,YAAY,GAAG,aAAa,EAAE,CAAC,CAAC,CAAC,CAAA;YACvC,MAAM,kBAAkB,GAAG,KAAK,CAAC,WAAW,CAAC,CAAA;YAC7C,MAAM,iBAAiB,GACrB,YAAY,IAAI,UAAU,CAAC,YAAY,CAAC,CAAA;YAC1C,IACE,cAAc,KAAK,SAAS;gBAC5B,kBAAkB;gBAClB,iBAAiB,EACjB,CAAC;gBACD,IAAI,CAAC,SAAS,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,EAAE,CAAC;oBACtD,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;gBACzB,CAAC;gBACD,iEAAiE;YACnE,CAAC;iBAAM,IACL,CAAC,YAAY;gBACb,CAAC,cAAc,CAAC,YAAY,EAAE,WAAW,CAAC,EAC1C,CAAC;gBACD,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACzB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAA;YAC9C,IACE,CAAC,eAAe;gBAChB,CAAC,cAAc,CAAC,eAAe,EAAE,WAAW,CAAC,EAC7C,CAAC;gBACD,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["import {\n satisfies,\n gt,\n gte,\n lt,\n lte,\n eq,\n neq,\n parse,\n parseRange,\n} from '@vltpkg/semver'\nimport type { Version } from '@vltpkg/semver'\nimport { asError, error } from '@vltpkg/error-cause'\nimport { parseInternals as parseAttrInternals } from './attr.ts'\nimport type { AttrInternals } from './attr.ts'\nimport { getManifestPropertyValues } from '../attribute.ts'\nimport {\n asAttributeNode,\n asPostcssNodeWithChildren,\n asPseudoNode,\n asStringNode,\n asTagNode,\n isAttributeNode,\n isPseudoNode,\n isStringNode,\n isTagNode,\n} from '../types.ts'\nimport type { ParserState, PostcssNode } from '../types.ts'\nimport { removeNode, removeQuotes } from './helpers.ts'\n\nexport type SemverInternals = {\n semverValue: string\n semverFunction: SemverComparatorFn\n compareAttribute: SemverCompareAttribute\n}\n\nexport type SemverFunctionNames =\n | 'satisfies'\n | 'gt'\n | 'gte'\n | 'lt'\n | 'lte'\n | 'eq'\n | 'neq'\nexport type SemverComparatorFn = (\n version: Version | string,\n range: string,\n) => boolean\nexport type SemverCompareAttribute =\n | Pick<AttrInternals, 'attribute' | 'properties'>\n | undefined\n\nconst semverFunctionNames = new Set([\n 'satisfies',\n 'gt',\n 'gte',\n 'lt',\n 'lte',\n 'eq',\n 'neq',\n])\nexport const isSemverFunctionName = (\n name: string,\n): name is SemverFunctionNames => semverFunctionNames.has(name)\n\nexport const asSemverFunctionName = (\n name: string,\n): SemverFunctionNames => {\n if (!isSemverFunctionName(name)) {\n throw error('Invalid semver function name', {\n found: name,\n validOptions: Array.from(semverFunctionNames),\n })\n }\n return name\n}\n\nconst semverFunctions = new Map<\n SemverFunctionNames,\n SemverComparatorFn\n>([\n ['satisfies', satisfies],\n ['gt', gt],\n ['gte', gte],\n ['lt', lt],\n ['lte', lte],\n ['eq', eq],\n ['neq', neq],\n])\n\nexport const parseInternals = (\n nodes: PostcssNode[],\n loose: boolean,\n): SemverInternals => {\n // tries to parse the first param as a string node, otherwise defaults\n // to reading all postcss nodes as just strings, since it just means\n // the value was defined as an unquoted string\n let semverValue = ''\n try {\n semverValue = removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n .value,\n )\n } catch (err) {\n if (\n asError(err).message === 'Mismatching query node' &&\n isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n ) {\n // Handle tag node (unquoted values like >=2.0.0)\n const tagNode = asTagNode(\n asPostcssNodeWithChildren(nodes[0]).nodes[0],\n )\n semverValue = tagNode.value\n } else {\n throw err\n }\n }\n\n // second param is the function name\n let fnName: SemverFunctionNames = 'satisfies'\n try {\n // if there is a second node defined, try to parse it as a string node\n // first and if that fails, then parse it as a tag node which just means\n // it was defined as an unquoted string\n if (nodes[1]) {\n try {\n fnName = asSemverFunctionName(\n removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])\n .value,\n ),\n )\n } catch (err) {\n if (asError(err).message === 'Mismatching query node') {\n fnName = asSemverFunctionName(\n asTagNode(asPostcssNodeWithChildren(nodes[1]).nodes[0])\n .value,\n )\n } else {\n throw err\n }\n }\n }\n } catch (e) {\n // allow invalid semver function names in loose mode, defaults to satisfies\n if (!loose) {\n throw e\n }\n }\n\n const semverFunction = semverFunctions.get(fnName)\n // the following should never happen as long as the semver function names\n // type and Set are correctly mirroring each other values\n /* c8 ignore start */\n if (!semverFunction) {\n throw error('Invalid semver function name', {\n found: fnName,\n validOptions: Array.from(semverFunctions.keys()),\n })\n }\n /* c8 ignore stop */\n\n // optional third param is the compare value\n let compareAttribute: SemverCompareAttribute\n if (nodes[2]) {\n const parentNode = asPostcssNodeWithChildren(nodes[2])\n const currNode = parentNode.nodes[0]\n if (isAttributeNode(currNode)) {\n const { attribute } = asAttributeNode(currNode)\n compareAttribute = {\n attribute,\n properties: [attribute],\n }\n } else if (isPseudoNode(currNode)) {\n compareAttribute = parseAttrInternals(\n asPseudoNode(currNode).nodes,\n )\n } else if (isStringNode(currNode)) {\n const attribute = removeQuotes(asStringNode(currNode).value)\n compareAttribute = {\n attribute,\n properties: [attribute],\n }\n }\n }\n\n return {\n semverValue,\n semverFunction,\n compareAttribute,\n }\n}\n\nexport const semverParser = async (state: ParserState) => {\n let internals\n try {\n internals = parseInternals(\n asPostcssNodeWithChildren(state.current).nodes,\n !!state.loose,\n )\n } catch (err) {\n throw error('Failed to parse :semver selector', {\n cause: err,\n })\n }\n\n const { semverValue, semverFunction, compareAttribute } = internals\n\n for (const node of state.partial.nodes) {\n if (compareAttribute) {\n const compareValues = getManifestPropertyValues(\n node,\n compareAttribute.properties,\n compareAttribute.attribute,\n )\n\n // if the provided semver value is a fixed semver version and the\n // compare attribute is resolving to a range value, then we flip the\n // order of comparison, in case it's a \"satisfies\" function check\n const compareValue = compareValues?.[0]\n const semverValueVersion = parse(semverValue)\n const compareValueRange =\n compareValue && parseRange(compareValue)\n if (\n semverFunction === satisfies &&\n semverValueVersion &&\n compareValueRange\n ) {\n if (!satisfies(semverValueVersion, compareValueRange)) {\n removeNode(state, node)\n }\n // otherwise just compares the read attribute to the semver value\n } else if (\n !compareValue ||\n !semverFunction(compareValue, semverValue)\n ) {\n removeNode(state, node)\n }\n } else {\n const manifestVersion = node.manifest?.version\n if (\n !manifestVersion ||\n !semverFunction(manifestVersion, semverValue)\n ) {\n removeNode(state, node)\n }\n }\n }\n\n return state\n}\n"]}
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import type { ParserState, PostcssNode } from '../types.ts';
|
|
2
2
|
export type SeverityKinds = '0' | '1' | '2' | '3' | 'critical' | 'high' | 'medium' | 'low' | undefined;
|
|
3
3
|
export type SeverityAlertTypes = 'criticalCVE' | 'cve' | 'potentialVulnerability' | 'mildCVE' | undefined;
|
|
4
|
+
export type SeverityComparator = '>' | '<' | '>=' | '<=' | undefined;
|
|
4
5
|
export declare const isSeverityKind: (value?: string) => value is SeverityKinds;
|
|
5
6
|
export declare const asSeverityKind: (value?: string) => SeverityKinds;
|
|
6
7
|
export declare const parseInternals: (nodes: PostcssNode[]) => {
|
|
7
8
|
kind: SeverityKinds;
|
|
9
|
+
comparator: SeverityComparator;
|
|
8
10
|
};
|
|
9
11
|
export declare const severity: (state: ParserState) => Promise<ParserState & {
|
|
10
12
|
securityArchive: NonNullable<ParserState["securityArchive"]>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"severity.d.ts","sourceRoot":"","sources":["../../../src/pseudo/severity.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAQ3D,MAAM,MAAM,aAAa,GACrB,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,UAAU,GACV,MAAM,GACN,QAAQ,GACR,KAAK,GACL,SAAS,CAAA;AAEb,MAAM,MAAM,kBAAkB,GAC1B,aAAa,GACb,KAAK,GACL,wBAAwB,GACxB,SAAS,GACT,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"severity.d.ts","sourceRoot":"","sources":["../../../src/pseudo/severity.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAQ3D,MAAM,MAAM,aAAa,GACrB,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,UAAU,GACV,MAAM,GACN,QAAQ,GACR,KAAK,GACL,SAAS,CAAA;AAEb,MAAM,MAAM,kBAAkB,GAC1B,aAAa,GACb,KAAK,GACL,wBAAwB,GACxB,SAAS,GACT,SAAS,CAAA;AAEb,MAAM,MAAM,kBAAkB,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,GAAG,SAAS,CAAA;AA2BpE,eAAO,MAAM,cAAc,WACjB,MAAM,KACb,KAAK,IAAI,aAAkD,CAAA;AAE9D,eAAO,MAAM,cAAc,WAAY,MAAM,KAAG,aAQ/C,CAAA;AAED,eAAO,MAAM,cAAc,UAClB,WAAW,EAAE,KACnB;IACD,IAAI,EAAE,aAAa,CAAA;IACnB,UAAU,EAAE,kBAAkB,CAAA;CAqD/B,CAAA;AAED,eAAO,MAAM,QAAQ,UAAiB,WAAW;;EA+FhD,CAAA"}
|
|
@@ -11,6 +11,17 @@ const kindsMap = new Map([
|
|
|
11
11
|
['2', 'potentialVulnerability'],
|
|
12
12
|
['3', 'mildCVE'],
|
|
13
13
|
]);
|
|
14
|
+
// Map numerical values to their respective kinds for comparison operations
|
|
15
|
+
const kindLevelMap = new Map([
|
|
16
|
+
['critical', 0],
|
|
17
|
+
['high', 1],
|
|
18
|
+
['medium', 2],
|
|
19
|
+
['low', 3],
|
|
20
|
+
['0', 0],
|
|
21
|
+
['1', 1],
|
|
22
|
+
['2', 2],
|
|
23
|
+
['3', 3],
|
|
24
|
+
]);
|
|
14
25
|
const kinds = new Set(kindsMap.keys());
|
|
15
26
|
export const isSeverityKind = (value) => kinds.has(value);
|
|
16
27
|
export const asSeverityKind = (value) => {
|
|
@@ -24,14 +35,47 @@ export const asSeverityKind = (value) => {
|
|
|
24
35
|
};
|
|
25
36
|
export const parseInternals = (nodes) => {
|
|
26
37
|
let kind;
|
|
38
|
+
let comparator;
|
|
39
|
+
if (nodes.length === 0) {
|
|
40
|
+
throw error('Missing severity kind parameter');
|
|
41
|
+
}
|
|
42
|
+
let kindValue = '';
|
|
27
43
|
if (isStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {
|
|
28
|
-
|
|
29
|
-
.value)
|
|
44
|
+
kindValue = removeQuotes(asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])
|
|
45
|
+
.value);
|
|
30
46
|
}
|
|
31
47
|
else if (isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {
|
|
32
|
-
|
|
48
|
+
kindValue = asTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0]).value;
|
|
49
|
+
}
|
|
50
|
+
// Extract comparator if present
|
|
51
|
+
if (kindValue.startsWith('>=')) {
|
|
52
|
+
comparator = '>=';
|
|
53
|
+
kindValue = kindValue.substring(2);
|
|
54
|
+
}
|
|
55
|
+
else if (kindValue.startsWith('<=')) {
|
|
56
|
+
comparator = '<=';
|
|
57
|
+
kindValue = kindValue.substring(2);
|
|
33
58
|
}
|
|
34
|
-
|
|
59
|
+
else if (kindValue.startsWith('>')) {
|
|
60
|
+
comparator = '>';
|
|
61
|
+
kindValue = kindValue.substring(1);
|
|
62
|
+
}
|
|
63
|
+
else if (kindValue.startsWith('<')) {
|
|
64
|
+
comparator = '<';
|
|
65
|
+
kindValue = kindValue.substring(1);
|
|
66
|
+
}
|
|
67
|
+
// Parse kind value
|
|
68
|
+
if (kindValue) {
|
|
69
|
+
if (isSeverityKind(kindValue)) {
|
|
70
|
+
kind = kindValue;
|
|
71
|
+
}
|
|
72
|
+
else {
|
|
73
|
+
throw error('Expected a valid severity kind or number between 0-3', {
|
|
74
|
+
found: kindValue,
|
|
75
|
+
});
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
return { kind, comparator };
|
|
35
79
|
};
|
|
36
80
|
export const severity = async (state) => {
|
|
37
81
|
assertSecurityArchive(state, 'severity');
|
|
@@ -42,11 +86,70 @@ export const severity = async (state) => {
|
|
|
42
86
|
catch (err) {
|
|
43
87
|
throw error('Failed to parse :severity selector', { cause: err });
|
|
44
88
|
}
|
|
45
|
-
const { kind } = internals;
|
|
46
|
-
const alertName = kindsMap.get(kind);
|
|
89
|
+
const { kind, comparator } = internals;
|
|
47
90
|
for (const node of state.partial.nodes) {
|
|
48
91
|
const report = state.securityArchive.get(node.id);
|
|
49
|
-
|
|
92
|
+
// Always exclude nodes that don't have security data or alerts
|
|
93
|
+
if (!report?.alerts || report.alerts.length === 0) {
|
|
94
|
+
removeNode(state, node);
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
for (const node of state.partial.nodes) {
|
|
98
|
+
const report = state.securityArchive.get(node.id);
|
|
99
|
+
let exclude = true;
|
|
100
|
+
if (report) {
|
|
101
|
+
if (comparator) {
|
|
102
|
+
// retrieve the value to compare against
|
|
103
|
+
const kindLevel = kindLevelMap.get(kind);
|
|
104
|
+
// the kindLevel value has already been validated at this point
|
|
105
|
+
// and thus can never return an undefined/falsy value but ts doesn't
|
|
106
|
+
// know about that, so we have the extra check here
|
|
107
|
+
/* c8 ignore next - impossible */
|
|
108
|
+
if (!kindLevel)
|
|
109
|
+
break;
|
|
110
|
+
// Check each alert to find any that match our comparison criteria
|
|
111
|
+
for (const alert of report.alerts) {
|
|
112
|
+
// Get the numerical value of the alert type
|
|
113
|
+
const alertType = alert.type;
|
|
114
|
+
// retrieve a key to the current alert level to be compared against
|
|
115
|
+
const currentAlertLevelKey = [...kindsMap.entries()].find(([_, alertValue]) => alertValue === alertType)?.[0];
|
|
116
|
+
// perform the comparison based on the user-provided kindLevel
|
|
117
|
+
if (currentAlertLevelKey) {
|
|
118
|
+
const currentAlertLevel = kindLevelMap.get(currentAlertLevelKey);
|
|
119
|
+
/* c8 ignore next - impossible but ts doesn't know */
|
|
120
|
+
if (currentAlertLevel == null)
|
|
121
|
+
continue;
|
|
122
|
+
switch (comparator) {
|
|
123
|
+
case '>':
|
|
124
|
+
if (currentAlertLevel > kindLevel) {
|
|
125
|
+
exclude = false;
|
|
126
|
+
}
|
|
127
|
+
break;
|
|
128
|
+
case '<':
|
|
129
|
+
if (currentAlertLevel < kindLevel) {
|
|
130
|
+
exclude = false;
|
|
131
|
+
}
|
|
132
|
+
break;
|
|
133
|
+
case '>=':
|
|
134
|
+
if (currentAlertLevel >= kindLevel) {
|
|
135
|
+
exclude = false;
|
|
136
|
+
}
|
|
137
|
+
break;
|
|
138
|
+
case '<=':
|
|
139
|
+
if (currentAlertLevel <= kindLevel) {
|
|
140
|
+
exclude = false;
|
|
141
|
+
}
|
|
142
|
+
break;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
else {
|
|
148
|
+
// Original exact match behavior
|
|
149
|
+
const alertName = kindsMap.get(kind);
|
|
150
|
+
exclude = !report.alerts.some(alert => alert.type === alertName);
|
|
151
|
+
}
|
|
152
|
+
}
|
|
50
153
|
if (exclude) {
|
|
51
154
|
removeNode(state, node);
|
|
52
155
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"severity.js","sourceRoot":"","sources":["../../../src/pseudo/severity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EACL,yBAAyB,EACzB,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,SAAS,GACV,MAAM,aAAa,CAAA;AAEpB,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,UAAU,EACV,YAAY,GACb,MAAM,cAAc,CAAA;AAoBrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAoC;IAC1D,CAAC,UAAU,EAAE,aAAa,CAAC;IAC3B,CAAC,MAAM,EAAE,KAAK,CAAC;IACf,CAAC,QAAQ,EAAE,wBAAwB,CAAC;IACpC,CAAC,KAAK,EAAE,SAAS,CAAC;IAClB,CAAC,GAAG,EAAE,aAAa,CAAC;IACpB,CAAC,GAAG,EAAE,KAAK,CAAC;IACZ,CAAC,GAAG,EAAE,wBAAwB,CAAC;IAC/B,CAAC,GAAG,EAAE,SAAS,CAAC;CACjB,CAAC,CAAA;AACF,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAA;AAEtC,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAc,EACU,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAsB,CAAC,CAAA;AAE9D,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,KAAc,EAAiB,EAAE;IAC9D,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,gCAAgC,EAAE;YAC5C,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SAChC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAoB,EACK,EAAE;IAC3B,IAAI,IAAmB,CAAA;IAEvB,IAAI,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,IAAI,GAAG,cAAc,CACnB,YAAY,CACV,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACvD,KAAK,CACT,CACF,CAAA;IACH,CAAC;SAAM,IACL,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EACvD,CAAC;QACD,IAAI,GAAG,cAAc,CACnB,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAC9D,CAAA;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,CAAA;AACjB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE;IACnD,qBAAqB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;IAExC,IAAI,SAAS,CAAA;IACb,IAAI,CAAC;QACH,SAAS,GAAG,cAAc,CACxB,yBAAyB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAC/C,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,oCAAoC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IACnE,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAA;IAC1B,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IACpC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjD,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAClC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,CAClC,CAAA;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAE1B,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["import { error } from '@vltpkg/error-cause'\nimport {\n asPostcssNodeWithChildren,\n asStringNode,\n asTagNode,\n isStringNode,\n isTagNode,\n} from '../types.ts'\nimport type { ParserState, PostcssNode } from '../types.ts'\nimport {\n assertSecurityArchive,\n removeDanglingEdges,\n removeNode,\n removeQuotes,\n} from './helpers.ts'\n\nexport type SeverityKinds =\n | '0'\n | '1'\n | '2'\n | '3'\n | 'critical'\n | 'high'\n | 'medium'\n | 'low'\n | undefined\n\nexport type SeverityAlertTypes =\n | 'criticalCVE'\n | 'cve'\n | 'potentialVulnerability'\n | 'mildCVE'\n | undefined\n\nconst kindsMap = new Map<SeverityKinds, SeverityAlertTypes>([\n ['critical', 'criticalCVE'],\n ['high', 'cve'],\n ['medium', 'potentialVulnerability'],\n ['low', 'mildCVE'],\n ['0', 'criticalCVE'],\n ['1', 'cve'],\n ['2', 'potentialVulnerability'],\n ['3', 'mildCVE'],\n])\nconst kinds = new Set(kindsMap.keys())\n\nexport const isSeverityKind = (\n value?: string,\n): value is SeverityKinds => kinds.has(value as SeverityKinds)\n\nexport const asSeverityKind = (value?: string): SeverityKinds => {\n if (!isSeverityKind(value)) {\n throw error('Expected a valid severity kind', {\n found: value,\n validOptions: Array.from(kinds),\n })\n }\n return value\n}\n\nexport const parseInternals = (\n nodes: PostcssNode[],\n): { kind: SeverityKinds } => {\n let kind: SeverityKinds\n\n if (isStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {\n kind = asSeverityKind(\n removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n .value,\n ),\n )\n } else if (\n isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n ) {\n kind = asSeverityKind(\n asTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0]).value,\n )\n }\n\n return { kind }\n}\n\nexport const severity = async (state: ParserState) => {\n assertSecurityArchive(state, 'severity')\n\n let internals\n try {\n internals = parseInternals(\n asPostcssNodeWithChildren(state.current).nodes,\n )\n } catch (err) {\n throw error('Failed to parse :severity selector', { cause: err })\n }\n\n const { kind } = internals\n const alertName = kindsMap.get(kind)\n for (const node of state.partial.nodes) {\n const report = state.securityArchive.get(node.id)\n const exclude = !report?.alerts.some(\n alert => alert.type === alertName,\n )\n if (exclude) {\n removeNode(state, node)\n }\n }\n\n removeDanglingEdges(state)\n\n return state\n}\n"]}
|
|
1
|
+
{"version":3,"file":"severity.js","sourceRoot":"","sources":["../../../src/pseudo/severity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EACL,yBAAyB,EACzB,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,SAAS,GACV,MAAM,aAAa,CAAA;AAEpB,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,UAAU,EACV,YAAY,GACb,MAAM,cAAc,CAAA;AAsBrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAoC;IAC1D,CAAC,UAAU,EAAE,aAAa,CAAC;IAC3B,CAAC,MAAM,EAAE,KAAK,CAAC;IACf,CAAC,QAAQ,EAAE,wBAAwB,CAAC;IACpC,CAAC,KAAK,EAAE,SAAS,CAAC;IAClB,CAAC,GAAG,EAAE,aAAa,CAAC;IACpB,CAAC,GAAG,EAAE,KAAK,CAAC;IACZ,CAAC,GAAG,EAAE,wBAAwB,CAAC;IAC/B,CAAC,GAAG,EAAE,SAAS,CAAC;CACjB,CAAC,CAAA;AAEF,2EAA2E;AAC3E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAwB;IAClD,CAAC,UAAU,EAAE,CAAC,CAAC;IACf,CAAC,MAAM,EAAE,CAAC,CAAC;IACX,CAAC,QAAQ,EAAE,CAAC,CAAC;IACb,CAAC,KAAK,EAAE,CAAC,CAAC;IACV,CAAC,GAAG,EAAE,CAAC,CAAC;IACR,CAAC,GAAG,EAAE,CAAC,CAAC;IACR,CAAC,GAAG,EAAE,CAAC,CAAC;IACR,CAAC,GAAG,EAAE,CAAC,CAAC;CACT,CAAC,CAAA;AAEF,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAA;AAEtC,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAc,EACU,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAsB,CAAC,CAAA;AAE9D,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,KAAc,EAAiB,EAAE;IAC9D,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,KAAK,CAAC,gCAAgC,EAAE;YAC5C,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SAChC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAoB,EAIpB,EAAE;IACF,IAAI,IAAmB,CAAA;IACvB,IAAI,UAA8B,CAAA;IAElC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,KAAK,CAAC,iCAAiC,CAAC,CAAA;IAChD,CAAC;IAED,IAAI,SAAS,GAAG,EAAE,CAAA;IAClB,IAAI,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,SAAS,GAAG,YAAY,CACtB,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACvD,KAAK,CACT,CAAA;IACH,CAAC;SAAM,IACL,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EACvD,CAAC;QACD,SAAS,GAAG,SAAS,CACnB,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAC7C,CAAC,KAAK,CAAA;IACT,CAAC;IAED,gCAAgC;IAChC,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,UAAU,GAAG,IAAI,CAAA;QACjB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;SAAM,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,UAAU,GAAG,IAAI,CAAA;QACjB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;SAAM,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,UAAU,GAAG,GAAG,CAAA;QAChB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;SAAM,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,UAAU,GAAG,GAAG,CAAA;QAChB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;IAED,mBAAmB;IACnB,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,IAAI,GAAG,SAAS,CAAA;QAClB,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,CACT,sDAAsD,EACtD;gBACE,KAAK,EAAE,SAAS;aACjB,CACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;AAC7B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE;IACnD,qBAAqB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;IAExC,IAAI,SAAS,CAAA;IACb,IAAI,CAAC;QACH,SAAS,GAAG,cAAc,CACxB,yBAAyB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAC/C,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,oCAAoC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IACnE,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,SAAS,CAAA;IAEtC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjD,+DAA+D;QAC/D,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClD,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjD,IAAI,OAAO,GAAG,IAAI,CAAA;QAElB,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,UAAU,EAAE,CAAC;gBACf,wCAAwC;gBACxC,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;gBACxC,+DAA+D;gBAC/D,oEAAoE;gBACpE,mDAAmD;gBACnD,iCAAiC;gBACjC,IAAI,CAAC,SAAS;oBAAE,MAAK;gBAErB,kEAAkE;gBAClE,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBAClC,4CAA4C;oBAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAA;oBAE5B,mEAAmE;oBACnE,MAAM,oBAAoB,GAAG,CAAC,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CACvD,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,UAAU,KAAK,SAAS,CAC9C,EAAE,CAAC,CAAC,CAAC,CAAA;oBAEN,8DAA8D;oBAC9D,IAAI,oBAAoB,EAAE,CAAC;wBACzB,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CACxC,oBAAoB,CACrB,CAAA;wBACD,qDAAqD;wBACrD,IAAI,iBAAiB,IAAI,IAAI;4BAAE,SAAQ;wBAEvC,QAAQ,UAAU,EAAE,CAAC;4BACnB,KAAK,GAAG;gCACN,IAAI,iBAAiB,GAAG,SAAS,EAAE,CAAC;oCAClC,OAAO,GAAG,KAAK,CAAA;gCACjB,CAAC;gCACD,MAAK;4BACP,KAAK,GAAG;gCACN,IAAI,iBAAiB,GAAG,SAAS,EAAE,CAAC;oCAClC,OAAO,GAAG,KAAK,CAAA;gCACjB,CAAC;gCACD,MAAK;4BACP,KAAK,IAAI;gCACP,IAAI,iBAAiB,IAAI,SAAS,EAAE,CAAC;oCACnC,OAAO,GAAG,KAAK,CAAA;gCACjB,CAAC;gCACD,MAAK;4BACP,KAAK,IAAI;gCACP,IAAI,iBAAiB,IAAI,SAAS,EAAE,CAAC;oCACnC,OAAO,GAAG,KAAK,CAAA;gCACjB,CAAC;gCACD,MAAK;wBACT,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,gCAAgC;gBAChC,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;gBACpC,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAC3B,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,CAClC,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAE1B,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["import { error } from '@vltpkg/error-cause'\nimport {\n asPostcssNodeWithChildren,\n asStringNode,\n asTagNode,\n isStringNode,\n isTagNode,\n} from '../types.ts'\nimport type { ParserState, PostcssNode } from '../types.ts'\nimport {\n assertSecurityArchive,\n removeDanglingEdges,\n removeNode,\n removeQuotes,\n} from './helpers.ts'\n\nexport type SeverityKinds =\n | '0'\n | '1'\n | '2'\n | '3'\n | 'critical'\n | 'high'\n | 'medium'\n | 'low'\n | undefined\n\nexport type SeverityAlertTypes =\n | 'criticalCVE'\n | 'cve'\n | 'potentialVulnerability'\n | 'mildCVE'\n | undefined\n\nexport type SeverityComparator = '>' | '<' | '>=' | '<=' | undefined\n\nconst kindsMap = new Map<SeverityKinds, SeverityAlertTypes>([\n ['critical', 'criticalCVE'],\n ['high', 'cve'],\n ['medium', 'potentialVulnerability'],\n ['low', 'mildCVE'],\n ['0', 'criticalCVE'],\n ['1', 'cve'],\n ['2', 'potentialVulnerability'],\n ['3', 'mildCVE'],\n])\n\n// Map numerical values to their respective kinds for comparison operations\nconst kindLevelMap = new Map<SeverityKinds, number>([\n ['critical', 0],\n ['high', 1],\n ['medium', 2],\n ['low', 3],\n ['0', 0],\n ['1', 1],\n ['2', 2],\n ['3', 3],\n])\n\nconst kinds = new Set(kindsMap.keys())\n\nexport const isSeverityKind = (\n value?: string,\n): value is SeverityKinds => kinds.has(value as SeverityKinds)\n\nexport const asSeverityKind = (value?: string): SeverityKinds => {\n if (!isSeverityKind(value)) {\n throw error('Expected a valid severity kind', {\n found: value,\n validOptions: Array.from(kinds),\n })\n }\n return value\n}\n\nexport const parseInternals = (\n nodes: PostcssNode[],\n): {\n kind: SeverityKinds\n comparator: SeverityComparator\n} => {\n let kind: SeverityKinds\n let comparator: SeverityComparator\n\n if (nodes.length === 0) {\n throw error('Missing severity kind parameter')\n }\n\n let kindValue = ''\n if (isStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {\n kindValue = removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n .value,\n )\n } else if (\n isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n ) {\n kindValue = asTagNode(\n asPostcssNodeWithChildren(nodes[0]).nodes[0],\n ).value\n }\n\n // Extract comparator if present\n if (kindValue.startsWith('>=')) {\n comparator = '>='\n kindValue = kindValue.substring(2)\n } else if (kindValue.startsWith('<=')) {\n comparator = '<='\n kindValue = kindValue.substring(2)\n } else if (kindValue.startsWith('>')) {\n comparator = '>'\n kindValue = kindValue.substring(1)\n } else if (kindValue.startsWith('<')) {\n comparator = '<'\n kindValue = kindValue.substring(1)\n }\n\n // Parse kind value\n if (kindValue) {\n if (isSeverityKind(kindValue)) {\n kind = kindValue\n } else {\n throw error(\n 'Expected a valid severity kind or number between 0-3',\n {\n found: kindValue,\n },\n )\n }\n }\n\n return { kind, comparator }\n}\n\nexport const severity = async (state: ParserState) => {\n assertSecurityArchive(state, 'severity')\n\n let internals\n try {\n internals = parseInternals(\n asPostcssNodeWithChildren(state.current).nodes,\n )\n } catch (err) {\n throw error('Failed to parse :severity selector', { cause: err })\n }\n\n const { kind, comparator } = internals\n\n for (const node of state.partial.nodes) {\n const report = state.securityArchive.get(node.id)\n // Always exclude nodes that don't have security data or alerts\n if (!report?.alerts || report.alerts.length === 0) {\n removeNode(state, node)\n }\n }\n\n for (const node of state.partial.nodes) {\n const report = state.securityArchive.get(node.id)\n let exclude = true\n\n if (report) {\n if (comparator) {\n // retrieve the value to compare against\n const kindLevel = kindLevelMap.get(kind)\n // the kindLevel value has already been validated at this point\n // and thus can never return an undefined/falsy value but ts doesn't\n // know about that, so we have the extra check here\n /* c8 ignore next - impossible */\n if (!kindLevel) break\n\n // Check each alert to find any that match our comparison criteria\n for (const alert of report.alerts) {\n // Get the numerical value of the alert type\n const alertType = alert.type\n\n // retrieve a key to the current alert level to be compared against\n const currentAlertLevelKey = [...kindsMap.entries()].find(\n ([_, alertValue]) => alertValue === alertType,\n )?.[0]\n\n // perform the comparison based on the user-provided kindLevel\n if (currentAlertLevelKey) {\n const currentAlertLevel = kindLevelMap.get(\n currentAlertLevelKey,\n )\n /* c8 ignore next - impossible but ts doesn't know */\n if (currentAlertLevel == null) continue\n\n switch (comparator) {\n case '>':\n if (currentAlertLevel > kindLevel) {\n exclude = false\n }\n break\n case '<':\n if (currentAlertLevel < kindLevel) {\n exclude = false\n }\n break\n case '>=':\n if (currentAlertLevel >= kindLevel) {\n exclude = false\n }\n break\n case '<=':\n if (currentAlertLevel <= kindLevel) {\n exclude = false\n }\n break\n }\n }\n }\n } else {\n // Original exact match behavior\n const alertName = kindsMap.get(kind)\n exclude = !report.alerts.some(\n alert => alert.type === alertName,\n )\n }\n }\n\n if (exclude) {\n removeNode(state, node)\n }\n }\n\n removeDanglingEdges(state)\n\n return state\n}\n"]}
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import type { ParserState, PostcssNode } from '../types.ts';
|
|
2
2
|
export type SquatKinds = '0' | '2' | 'critical' | 'medium' | undefined;
|
|
3
3
|
export type SquatAlertTypes = 'didYouMean' | 'gptDidYouMean' | undefined;
|
|
4
|
+
export type SquatComparator = '>' | '<' | '>=' | '<=' | undefined;
|
|
4
5
|
export declare const isSquatKind: (value?: string) => value is SquatKinds;
|
|
5
6
|
export declare const asSquatKind: (value?: string) => SquatKinds;
|
|
6
7
|
export declare const parseInternals: (nodes: PostcssNode[]) => {
|
|
7
8
|
kind: SquatKinds;
|
|
9
|
+
comparator: SquatComparator;
|
|
8
10
|
};
|
|
9
11
|
export declare const squat: (state: ParserState) => Promise<ParserState & {
|
|
10
12
|
securityArchive: NonNullable<ParserState["securityArchive"]>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"squat.d.ts","sourceRoot":"","sources":["../../../src/pseudo/squat.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAQ3D,MAAM,MAAM,UAAU,GAAG,GAAG,GAAG,GAAG,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAA;AAEtE,MAAM,MAAM,eAAe,GACvB,YAAY,GACZ,eAAe,GACf,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"squat.d.ts","sourceRoot":"","sources":["../../../src/pseudo/squat.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAQ3D,MAAM,MAAM,UAAU,GAAG,GAAG,GAAG,GAAG,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAA;AAEtE,MAAM,MAAM,eAAe,GACvB,YAAY,GACZ,eAAe,GACf,SAAS,CAAA;AAEb,MAAM,MAAM,eAAe,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,GAAG,SAAS,CAAA;AAoBjE,eAAO,MAAM,WAAW,WAAY,MAAM,KAAG,KAAK,IAAI,UACtB,CAAA;AAEhC,eAAO,MAAM,WAAW,WAAY,MAAM,KAAG,UAQ5C,CAAA;AAED,eAAO,MAAM,cAAc,UAClB,WAAW,EAAE,KACnB;IACD,IAAI,EAAE,UAAU,CAAA;IAChB,UAAU,EAAE,eAAe,CAAA;CA+C5B,CAAA;AAED,eAAO,MAAM,KAAK,UAAiB,WAAW;;EAuG7C,CAAA"}
|