@vyuhlabs/dxkit 2.4.6 → 2.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +885 -0
- package/README.md +131 -26
- package/dist/analysis-result.d.ts +112 -0
- package/dist/analysis-result.d.ts.map +1 -0
- package/dist/analysis-result.js +52 -0
- package/dist/analysis-result.js.map +1 -0
- package/dist/analyzers/bom/detailed.d.ts.map +1 -1
- package/dist/analyzers/bom/detailed.js +19 -0
- package/dist/analyzers/bom/detailed.js.map +1 -1
- package/dist/analyzers/bom/gather.d.ts +27 -26
- package/dist/analyzers/bom/gather.d.ts.map +1 -1
- package/dist/analyzers/bom/gather.js +26 -87
- package/dist/analyzers/bom/gather.js.map +1 -1
- package/dist/analyzers/bom/index.d.ts +0 -7
- package/dist/analyzers/bom/index.d.ts.map +1 -1
- package/dist/analyzers/bom/index.js +98 -48
- package/dist/analyzers/bom/index.js.map +1 -1
- package/dist/analyzers/bom/types.d.ts +11 -13
- package/dist/analyzers/bom/types.d.ts.map +1 -1
- package/dist/analyzers/cache.d.ts +95 -0
- package/dist/analyzers/cache.d.ts.map +1 -0
- package/dist/analyzers/cache.js +309 -0
- package/dist/analyzers/cache.js.map +1 -0
- package/dist/analyzers/coverage-runner.d.ts +56 -0
- package/dist/analyzers/coverage-runner.d.ts.map +1 -0
- package/dist/analyzers/coverage-runner.js +72 -0
- package/dist/analyzers/coverage-runner.js.map +1 -0
- package/dist/analyzers/dashboard/index.d.ts +24 -0
- package/dist/analyzers/dashboard/index.d.ts.map +1 -0
- package/dist/analyzers/dashboard/index.js +666 -0
- package/dist/analyzers/dashboard/index.js.map +1 -0
- package/dist/analyzers/developer/gather.d.ts.map +1 -1
- package/dist/analyzers/developer/gather.js +205 -37
- package/dist/analyzers/developer/gather.js.map +1 -1
- package/dist/analyzers/developer/index.d.ts +1 -1
- package/dist/analyzers/developer/index.d.ts.map +1 -1
- package/dist/analyzers/developer/index.js +19 -8
- package/dist/analyzers/developer/index.js.map +1 -1
- package/dist/analyzers/dispatcher.d.ts +37 -0
- package/dist/analyzers/dispatcher.d.ts.map +1 -1
- package/dist/analyzers/dispatcher.js +56 -9
- package/dist/analyzers/dispatcher.js.map +1 -1
- package/dist/analyzers/docs/shallow.d.ts +17 -5
- package/dist/analyzers/docs/shallow.d.ts.map +1 -1
- package/dist/analyzers/docs/shallow.js +65 -2
- package/dist/analyzers/docs/shallow.js.map +1 -1
- package/dist/analyzers/dx/shallow.d.ts +17 -5
- package/dist/analyzers/dx/shallow.d.ts.map +1 -1
- package/dist/analyzers/dx/shallow.js +66 -2
- package/dist/analyzers/dx/shallow.js.map +1 -1
- package/dist/analyzers/health/actions.d.ts +1 -1
- package/dist/analyzers/health/actions.d.ts.map +1 -1
- package/dist/analyzers/health/actions.js +27 -9
- package/dist/analyzers/health/actions.js.map +1 -1
- package/dist/analyzers/health/detailed.d.ts +2 -1
- package/dist/analyzers/health/detailed.d.ts.map +1 -1
- package/dist/analyzers/health/detailed.js +11 -7
- package/dist/analyzers/health/detailed.js.map +1 -1
- package/dist/analyzers/health.d.ts +27 -0
- package/dist/analyzers/health.d.ts.map +1 -1
- package/dist/analyzers/health.js +271 -33
- package/dist/analyzers/health.js.map +1 -1
- package/dist/analyzers/licenses/gather.d.ts +35 -8
- package/dist/analyzers/licenses/gather.d.ts.map +1 -1
- package/dist/analyzers/licenses/gather.js +70 -13
- package/dist/analyzers/licenses/gather.js.map +1 -1
- package/dist/analyzers/licenses/index.d.ts +1 -1
- package/dist/analyzers/licenses/index.d.ts.map +1 -1
- package/dist/analyzers/licenses/index.js +52 -11
- package/dist/analyzers/licenses/index.js.map +1 -1
- package/dist/analyzers/licenses/types.d.ts +15 -0
- package/dist/analyzers/licenses/types.d.ts.map +1 -1
- package/dist/analyzers/maintainability/shallow.d.ts +17 -5
- package/dist/analyzers/maintainability/shallow.d.ts.map +1 -1
- package/dist/analyzers/maintainability/shallow.js +80 -2
- package/dist/analyzers/maintainability/shallow.js.map +1 -1
- package/dist/analyzers/quality/detailed.d.ts.map +1 -1
- package/dist/analyzers/quality/detailed.js +4 -6
- package/dist/analyzers/quality/detailed.js.map +1 -1
- package/dist/analyzers/quality/gather.d.ts +1 -14
- package/dist/analyzers/quality/gather.d.ts.map +1 -1
- package/dist/analyzers/quality/gather.js +48 -137
- package/dist/analyzers/quality/gather.js.map +1 -1
- package/dist/analyzers/quality/index.d.ts +9 -2
- package/dist/analyzers/quality/index.d.ts.map +1 -1
- package/dist/analyzers/quality/index.js +189 -117
- package/dist/analyzers/quality/index.js.map +1 -1
- package/dist/analyzers/quality/shallow.d.ts +50 -5
- package/dist/analyzers/quality/shallow.d.ts.map +1 -1
- package/dist/analyzers/quality/shallow.js +155 -2
- package/dist/analyzers/quality/shallow.js.map +1 -1
- package/dist/analyzers/quality/types.d.ts +14 -0
- package/dist/analyzers/quality/types.d.ts.map +1 -1
- package/dist/analyzers/security/actions.d.ts +11 -4
- package/dist/analyzers/security/actions.d.ts.map +1 -1
- package/dist/analyzers/security/actions.js +87 -37
- package/dist/analyzers/security/actions.js.map +1 -1
- package/dist/analyzers/security/aggregator.d.ts +236 -0
- package/dist/analyzers/security/aggregator.d.ts.map +1 -0
- package/dist/analyzers/security/aggregator.js +347 -0
- package/dist/analyzers/security/aggregator.js.map +1 -0
- package/dist/analyzers/security/detailed.d.ts +2 -2
- package/dist/analyzers/security/detailed.d.ts.map +1 -1
- package/dist/analyzers/security/detailed.js +10 -9
- package/dist/analyzers/security/detailed.js.map +1 -1
- package/dist/analyzers/security/gather.d.ts +103 -1
- package/dist/analyzers/security/gather.d.ts.map +1 -1
- package/dist/analyzers/security/gather.js +281 -9
- package/dist/analyzers/security/gather.js.map +1 -1
- package/dist/analyzers/security/index.d.ts +15 -0
- package/dist/analyzers/security/index.d.ts.map +1 -1
- package/dist/analyzers/security/index.js +463 -50
- package/dist/analyzers/security/index.js.map +1 -1
- package/dist/analyzers/security/shallow.d.ts +50 -6
- package/dist/analyzers/security/shallow.d.ts.map +1 -1
- package/dist/analyzers/security/shallow.js +154 -2
- package/dist/analyzers/security/shallow.js.map +1 -1
- package/dist/analyzers/security/types.d.ts +51 -0
- package/dist/analyzers/security/types.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.js +2 -3
- package/dist/analyzers/tests/detailed.js.map +1 -1
- package/dist/analyzers/tests/gather.d.ts +2 -1
- package/dist/analyzers/tests/gather.d.ts.map +1 -1
- package/dist/analyzers/tests/gather.js +98 -69
- package/dist/analyzers/tests/gather.js.map +1 -1
- package/dist/analyzers/tests/index.d.ts +11 -2
- package/dist/analyzers/tests/index.d.ts.map +1 -1
- package/dist/analyzers/tests/index.js +83 -18
- package/dist/analyzers/tests/index.js.map +1 -1
- package/dist/analyzers/tests/shallow.d.ts +19 -5
- package/dist/analyzers/tests/shallow.d.ts.map +1 -1
- package/dist/analyzers/tests/shallow.js +89 -2
- package/dist/analyzers/tests/shallow.js.map +1 -1
- package/dist/analyzers/tests/types.d.ts +41 -1
- package/dist/analyzers/tests/types.d.ts.map +1 -1
- package/dist/analyzers/tools/autogen-header.d.ts +8 -0
- package/dist/analyzers/tools/autogen-header.d.ts.map +1 -0
- package/dist/analyzers/tools/autogen-header.js +107 -0
- package/dist/analyzers/tools/autogen-header.js.map +1 -0
- package/dist/analyzers/tools/cloc.d.ts.map +1 -1
- package/dist/analyzers/tools/cloc.js +36 -5
- package/dist/analyzers/tools/cloc.js.map +1 -1
- package/dist/analyzers/tools/debug-statements.d.ts +17 -0
- package/dist/analyzers/tools/debug-statements.d.ts.map +1 -0
- package/dist/analyzers/tools/debug-statements.js +58 -0
- package/dist/analyzers/tools/debug-statements.js.map +1 -0
- package/dist/analyzers/tools/default-exclusions.gitignore +28 -0
- package/dist/analyzers/tools/exclusions.d.ts +33 -6
- package/dist/analyzers/tools/exclusions.d.ts.map +1 -1
- package/dist/analyzers/tools/exclusions.js +95 -26
- package/dist/analyzers/tools/exclusions.js.map +1 -1
- package/dist/analyzers/tools/generic.d.ts +17 -2
- package/dist/analyzers/tools/generic.d.ts.map +1 -1
- package/dist/analyzers/tools/generic.js +206 -109
- package/dist/analyzers/tools/generic.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +48 -1
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/tools/graphify.d.ts +30 -2
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +131 -15
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/jscpd.d.ts +12 -2
- package/dist/analyzers/tools/jscpd.d.ts.map +1 -1
- package/dist/analyzers/tools/jscpd.js +129 -6
- package/dist/analyzers/tools/jscpd.js.map +1 -1
- package/dist/analyzers/tools/minified-detection.d.ts +9 -0
- package/dist/analyzers/tools/minified-detection.d.ts.map +1 -0
- package/dist/analyzers/tools/minified-detection.js +147 -0
- package/dist/analyzers/tools/minified-detection.js.map +1 -0
- package/dist/analyzers/tools/nuget-package-reference.d.ts +131 -0
- package/dist/analyzers/tools/nuget-package-reference.d.ts.map +1 -0
- package/dist/analyzers/tools/nuget-package-reference.js +175 -0
- package/dist/analyzers/tools/nuget-package-reference.js.map +1 -0
- package/dist/analyzers/tools/osv-scanner-deps.d.ts +3 -2
- package/dist/analyzers/tools/osv-scanner-deps.d.ts.map +1 -1
- package/dist/analyzers/tools/osv-scanner-deps.js +32 -14
- package/dist/analyzers/tools/osv-scanner-deps.js.map +1 -1
- package/dist/analyzers/tools/osv.d.ts +36 -0
- package/dist/analyzers/tools/osv.d.ts.map +1 -1
- package/dist/analyzers/tools/osv.js +26 -0
- package/dist/analyzers/tools/osv.js.map +1 -1
- package/dist/analyzers/tools/parallel.d.ts +1 -1
- package/dist/analyzers/tools/parallel.d.ts.map +1 -1
- package/dist/analyzers/tools/parallel.js +2 -2
- package/dist/analyzers/tools/parallel.js.map +1 -1
- package/dist/analyzers/tools/risk-score.d.ts +7 -0
- package/dist/analyzers/tools/risk-score.d.ts.map +1 -1
- package/dist/analyzers/tools/risk-score.js +9 -2
- package/dist/analyzers/tools/risk-score.js.map +1 -1
- package/dist/analyzers/tools/run-tests-helper.d.ts +43 -0
- package/dist/analyzers/tools/run-tests-helper.d.ts.map +1 -0
- package/dist/analyzers/tools/run-tests-helper.js +156 -0
- package/dist/analyzers/tools/run-tests-helper.js.map +1 -0
- package/dist/analyzers/tools/runner.d.ts.map +1 -1
- package/dist/analyzers/tools/runner.js +75 -12
- package/dist/analyzers/tools/runner.js.map +1 -1
- package/dist/analyzers/tools/semgrep.d.ts +39 -2
- package/dist/analyzers/tools/semgrep.d.ts.map +1 -1
- package/dist/analyzers/tools/semgrep.js +131 -9
- package/dist/analyzers/tools/semgrep.js.map +1 -1
- package/dist/analyzers/tools/timing.d.ts +17 -3
- package/dist/analyzers/tools/timing.d.ts.map +1 -1
- package/dist/analyzers/tools/timing.js +36 -14
- package/dist/analyzers/tools/timing.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +11 -1
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/analyzers/tools/tools-unavailable-prose.d.ts +18 -0
- package/dist/analyzers/tools/tools-unavailable-prose.d.ts.map +1 -0
- package/dist/analyzers/tools/tools-unavailable-prose.js +69 -0
- package/dist/analyzers/tools/tools-unavailable-prose.js.map +1 -0
- package/dist/analyzers/tools/upgrade-plan-resolver.d.ts.map +1 -1
- package/dist/analyzers/tools/upgrade-plan-resolver.js +7 -0
- package/dist/analyzers/tools/upgrade-plan-resolver.js.map +1 -1
- package/dist/analyzers/tools/vendored-advisor.d.ts +43 -0
- package/dist/analyzers/tools/vendored-advisor.d.ts.map +1 -0
- package/dist/analyzers/tools/vendored-advisor.js +107 -0
- package/dist/analyzers/tools/vendored-advisor.js.map +1 -0
- package/dist/analyzers/tools/walk-paths.d.ts +78 -0
- package/dist/analyzers/tools/walk-paths.d.ts.map +1 -0
- package/dist/analyzers/tools/walk-paths.js +150 -0
- package/dist/analyzers/tools/walk-paths.js.map +1 -0
- package/dist/analyzers/tools/walk-source-files.d.ts +70 -0
- package/dist/analyzers/tools/walk-source-files.d.ts.map +1 -0
- package/dist/analyzers/tools/walk-source-files.js +369 -0
- package/dist/analyzers/tools/walk-source-files.js.map +1 -0
- package/dist/analyzers/types.d.ts +204 -4
- package/dist/analyzers/types.d.ts.map +1 -1
- package/dist/analyzers/xlsx/bom.d.ts.map +1 -1
- package/dist/analyzers/xlsx/bom.js +8 -1
- package/dist/analyzers/xlsx/bom.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +557 -189
- package/dist/cli.js.map +1 -1
- package/dist/detect.d.ts.map +1 -1
- package/dist/detect.js +24 -7
- package/dist/detect.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +103 -53
- package/dist/doctor.js.map +1 -1
- package/dist/languages/capabilities/provider.d.ts +130 -1
- package/dist/languages/capabilities/provider.d.ts.map +1 -1
- package/dist/languages/capabilities/types.d.ts +68 -7
- package/dist/languages/capabilities/types.d.ts.map +1 -1
- package/dist/languages/csharp.d.ts +15 -1
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +624 -146
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +89 -11
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +131 -2
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +206 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +113 -26
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +132 -26
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +149 -44
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts +39 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +178 -44
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +103 -16
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +228 -5
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +201 -14
- package/dist/languages/typescript.js.map +1 -1
- package/dist/scoring/dimensions/documentation.d.ts +53 -0
- package/dist/scoring/dimensions/documentation.d.ts.map +1 -0
- package/dist/scoring/dimensions/documentation.js +106 -0
- package/dist/scoring/dimensions/documentation.js.map +1 -0
- package/dist/scoring/dimensions/dx.d.ts +53 -0
- package/dist/scoring/dimensions/dx.d.ts.map +1 -0
- package/dist/scoring/dimensions/dx.js +105 -0
- package/dist/scoring/dimensions/dx.js.map +1 -0
- package/dist/scoring/dimensions/maintainability.d.ts +53 -0
- package/dist/scoring/dimensions/maintainability.d.ts.map +1 -0
- package/dist/scoring/dimensions/maintainability.js +101 -0
- package/dist/scoring/dimensions/maintainability.js.map +1 -0
- package/dist/scoring/dimensions/quality.d.ts +108 -0
- package/dist/scoring/dimensions/quality.d.ts.map +1 -0
- package/dist/scoring/dimensions/quality.js +174 -0
- package/dist/scoring/dimensions/quality.js.map +1 -0
- package/dist/scoring/dimensions/security.d.ts +84 -0
- package/dist/scoring/dimensions/security.d.ts.map +1 -0
- package/dist/scoring/dimensions/security.js +135 -0
- package/dist/scoring/dimensions/security.js.map +1 -0
- package/dist/scoring/dimensions/testing.d.ts +56 -0
- package/dist/scoring/dimensions/testing.d.ts.map +1 -0
- package/dist/scoring/dimensions/testing.js +98 -0
- package/dist/scoring/dimensions/testing.js.map +1 -0
- package/dist/scoring/evaluator.d.ts +27 -0
- package/dist/scoring/evaluator.d.ts.map +1 -0
- package/dist/scoring/evaluator.js +124 -0
- package/dist/scoring/evaluator.js.map +1 -0
- package/dist/scoring/format.d.ts +34 -0
- package/dist/scoring/format.d.ts.map +1 -0
- package/dist/scoring/format.js +63 -0
- package/dist/scoring/format.js.map +1 -0
- package/dist/scoring/index.d.ts +37 -0
- package/dist/scoring/index.d.ts.map +1 -0
- package/dist/scoring/index.js +57 -0
- package/dist/scoring/index.js.map +1 -0
- package/dist/scoring/overall.d.ts +54 -0
- package/dist/scoring/overall.d.ts.map +1 -0
- package/dist/scoring/overall.js +76 -0
- package/dist/scoring/overall.js.map +1 -0
- package/dist/scoring/result.d.ts +111 -0
- package/dist/scoring/result.d.ts.map +1 -0
- package/dist/scoring/result.js +14 -0
- package/dist/scoring/result.js.map +1 -0
- package/dist/scoring/spec.d.ts +76 -0
- package/dist/scoring/spec.d.ts.map +1 -0
- package/dist/scoring/spec.js +22 -0
- package/dist/scoring/spec.js.map +1 -0
- package/dist/scoring/thresholds.d.ts +56 -0
- package/dist/scoring/thresholds.d.ts.map +1 -0
- package/dist/scoring/thresholds.js +75 -0
- package/dist/scoring/thresholds.js.map +1 -0
- package/dist/tools-cli.d.ts.map +1 -1
- package/dist/tools-cli.js +21 -2
- package/dist/tools-cli.js.map +1 -1
- package/dist/types.d.ts +16 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/templates/.claude/commands/dashboard.md +17 -9
- package/dist/analyzers/scoring.d.ts +0 -49
- package/dist/analyzers/scoring.d.ts.map +0 -1
- package/dist/analyzers/scoring.js +0 -422
- package/dist/analyzers/scoring.js.map +0 -1
- package/dist/analyzers/security/scoring.d.ts +0 -29
- package/dist/analyzers/security/scoring.d.ts.map +0 -1
- package/dist/analyzers/security/scoring.js +0 -40
- package/dist/analyzers/security/scoring.js.map +0 -1
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.runTestsWithCoverage = runTestsWithCoverage;
|
|
37
|
+
/**
|
|
38
|
+
* Shared spawn helper for per-pack `runTests()` implementations (D021).
|
|
39
|
+
*
|
|
40
|
+
* Each language pack's `coverage` capability declares an optional
|
|
41
|
+
* `runTests()` method that materializes the on-disk artifact its
|
|
42
|
+
* `gather()` later reads. The actual mechanics — spawn a shell
|
|
43
|
+
* command, bracket with Date.now() for duration, surface exit code +
|
|
44
|
+
* post-run artifact check, format the `RunTestsOutcome` discriminated
|
|
45
|
+
* union — are identical across packs. This module owns those mechanics
|
|
46
|
+
* so per-pack code stays compact (just "what command + what artifact").
|
|
47
|
+
*
|
|
48
|
+
* Stdio is inherited so the user sees test output stream live —
|
|
49
|
+
* `vyuh-dxkit coverage` is a side-effecting CLI command, the user is
|
|
50
|
+
* watching their test suite run, not consuming JSON.
|
|
51
|
+
*/
|
|
52
|
+
const child_process_1 = require("child_process");
|
|
53
|
+
const fs = __importStar(require("fs"));
|
|
54
|
+
const path = __importStar(require("path"));
|
|
55
|
+
/**
|
|
56
|
+
* Spawn a test-with-coverage command, time it, classify the outcome.
|
|
57
|
+
*
|
|
58
|
+
* Outcome rules:
|
|
59
|
+
* - `preflight` returned a reason → `unavailable`
|
|
60
|
+
* - spawn signals ENOENT (binary missing) → `unavailable`
|
|
61
|
+
* - exit non-zero (test fail / compile err) → `failed`
|
|
62
|
+
* - exit zero AND artifact present → `success`
|
|
63
|
+
* - exit zero BUT artifact missing → `failed`
|
|
64
|
+
* (the user ran the right command but it didn't produce coverage —
|
|
65
|
+
* usually means simplecov / coverage-py / similar isn't actually
|
|
66
|
+
* wired into the test setup. The hint they need is "your test
|
|
67
|
+
* run succeeded but produced no coverage report" not "no test
|
|
68
|
+
* runner found.")
|
|
69
|
+
*/
|
|
70
|
+
function runTestsWithCoverage(args) {
|
|
71
|
+
const { pack, cmd, cwd, artifact, timeoutMs = 600_000, preflight } = args;
|
|
72
|
+
if (preflight) {
|
|
73
|
+
const reason = preflight(cwd);
|
|
74
|
+
if (reason) {
|
|
75
|
+
return { kind: 'unavailable', reason };
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
const start = Date.now();
|
|
79
|
+
const result = (0, child_process_1.spawnSync)('/bin/bash', ['-c', cmd], {
|
|
80
|
+
cwd,
|
|
81
|
+
stdio: 'inherit',
|
|
82
|
+
timeout: timeoutMs,
|
|
83
|
+
// Some test runners parse TTY-ness for colorized output. Inheriting
|
|
84
|
+
// stdio already plumbs TTY status through naturally.
|
|
85
|
+
});
|
|
86
|
+
const durationMs = Date.now() - start;
|
|
87
|
+
// spawn-level failure: usually means /bin/bash is missing, or the
|
|
88
|
+
// command's first token isn't on PATH. We treat these as "unavailable"
|
|
89
|
+
// because they describe an environment problem the user can fix —
|
|
90
|
+
// distinct from "tests ran and failed."
|
|
91
|
+
if (result.error) {
|
|
92
|
+
const err = result.error;
|
|
93
|
+
if (err.code === 'ENOENT') {
|
|
94
|
+
return {
|
|
95
|
+
kind: 'unavailable',
|
|
96
|
+
reason: `command not found: ${cmd.split(/\s+/)[0]}`,
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
return {
|
|
100
|
+
kind: 'failed',
|
|
101
|
+
reason: `spawn error: ${err.message}`,
|
|
102
|
+
durationMs,
|
|
103
|
+
};
|
|
104
|
+
}
|
|
105
|
+
// Test runner returned non-zero. Could be compile failure, test
|
|
106
|
+
// failure, or coverage-config errors. The user already saw the
|
|
107
|
+
// output (inherited stdio); we just record the disposition.
|
|
108
|
+
//
|
|
109
|
+
// Special cases by bash convention: 127 = "command not found",
|
|
110
|
+
// 126 = "found but not executable". These describe an environment
|
|
111
|
+
// problem (a binary is missing from PATH) rather than a test failure,
|
|
112
|
+
// so they get the `unavailable` framing — same as the direct-spawn
|
|
113
|
+
// ENOENT path above. Without this re-mapping, the user sees
|
|
114
|
+
// "test command exited with status 127" which is opaque; routing
|
|
115
|
+
// through `unavailable` surfaces the actual binary name in the
|
|
116
|
+
// CLI table.
|
|
117
|
+
if (typeof result.status === 'number' && result.status !== 0) {
|
|
118
|
+
const firstWord = cmd.trim().split(/\s+/)[0];
|
|
119
|
+
if (result.status === 127) {
|
|
120
|
+
return { kind: 'unavailable', reason: `command not found: ${firstWord}` };
|
|
121
|
+
}
|
|
122
|
+
if (result.status === 126) {
|
|
123
|
+
return { kind: 'unavailable', reason: `command not executable: ${firstWord}` };
|
|
124
|
+
}
|
|
125
|
+
return {
|
|
126
|
+
kind: 'failed',
|
|
127
|
+
reason: `${pack}: test command exited with status ${result.status}`,
|
|
128
|
+
durationMs,
|
|
129
|
+
};
|
|
130
|
+
}
|
|
131
|
+
// Signal-terminated (timeout, SIGKILL, ...).
|
|
132
|
+
if (result.signal) {
|
|
133
|
+
return {
|
|
134
|
+
kind: 'failed',
|
|
135
|
+
reason: `${pack}: test command killed by signal ${result.signal}`,
|
|
136
|
+
durationMs,
|
|
137
|
+
};
|
|
138
|
+
}
|
|
139
|
+
// Locate the artifact. Function form takes precedence over string
|
|
140
|
+
// form so packs with non-deterministic output paths can implement
|
|
141
|
+
// arbitrary discovery logic.
|
|
142
|
+
const artifactPath = typeof artifact === 'function' ? artifact(cwd) : artifact;
|
|
143
|
+
if (!artifactPath || !fs.existsSync(path.join(cwd, artifactPath))) {
|
|
144
|
+
return {
|
|
145
|
+
kind: 'failed',
|
|
146
|
+
reason: `${pack}: test command succeeded but no coverage artifact was produced. ` +
|
|
147
|
+
`Expected ${typeof artifact === 'function' ? '<computed at runtime>' : artifact}. ` +
|
|
148
|
+
`If this is a Ruby project, simplecov must be required + started in spec_helper.rb. ` +
|
|
149
|
+
`If TypeScript, the test script may not be passing --coverage to the runner. ` +
|
|
150
|
+
`If Python, ensure pytest --cov is configured.`,
|
|
151
|
+
durationMs,
|
|
152
|
+
};
|
|
153
|
+
}
|
|
154
|
+
return { kind: 'success', artifact: artifactPath, durationMs };
|
|
155
|
+
}
|
|
156
|
+
//# sourceMappingURL=run-tests-helper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"run-tests-helper.js","sourceRoot":"","sources":["../../../src/analyzers/tools/run-tests-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6DA,oDA6FC;AA1JD;;;;;;;;;;;;;;GAcG;AACH,iDAA0C;AAC1C,uCAAyB;AACzB,2CAA6B;AA6B7B;;;;;;;;;;;;;;GAcG;AACH,SAAgB,oBAAoB,CAAC,IAAkB;IACrD,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,GAAG,OAAO,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IAE1E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,MAAM,GAAG,IAAA,yBAAS,EAAC,WAAW,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE;QACjD,GAAG;QACH,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,SAAS;QAClB,oEAAoE;QACpE,qDAAqD;KACtD,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;IAEtC,kEAAkE;IAClE,uEAAuE;IACvE,kEAAkE;IAClE,wCAAwC;IACxC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,GAAG,GAAG,MAAM,CAAC,KAA8B,CAAC;QAClD,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,sBAAsB,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;aACpD,CAAC;QACJ,CAAC;QACD,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,gBAAgB,GAAG,CAAC,OAAO,EAAE;YACrC,UAAU;SACX,CAAC;IACJ,CAAC;IAED,gEAAgE;IAChE,+DAA+D;IAC/D,4DAA4D;IAC5D,EAAE;IACF,+DAA+D;IAC/D,kEAAkE;IAClE,sEAAsE;IACtE,mEAAmE;IACnE,4DAA4D;IAC5D,iEAAiE;IACjE,+DAA+D;IAC/D,aAAa;IACb,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,sBAAsB,SAAS,EAAE,EAAE,CAAC;QAC5E,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,2BAA2B,SAAS,EAAE,EAAE,CAAC;QACjF,CAAC;QACD,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,GAAG,IAAI,qCAAqC,MAAM,CAAC,MAAM,EAAE;YACnE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,6CAA6C;IAC7C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,GAAG,IAAI,mCAAmC,MAAM,CAAC,MAAM,EAAE;YACjE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,kEAAkE;IAClE,kEAAkE;IAClE,6BAA6B;IAC7B,MAAM,YAAY,GAAG,OAAO,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC/E,IAAI,CAAC,YAAY,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC;QAClE,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,MAAM,EACJ,GAAG,IAAI,kEAAkE;gBACzE,YAAY,OAAO,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,QAAQ,IAAI;gBACnF,qFAAqF;gBACrF,8EAA8E;gBAC9E,+CAA+C;YACjD,UAAU;SACX,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACjE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/runner.ts"],"names":[],"mappings":"AAOA;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,CAqCtD;AAED,wEAAwE;AACxE,wBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/runner.ts"],"names":[],"mappings":"AAOA;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,CAqCtD;AAED,wEAAwE;AACxE,wBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,MAAM,CA0BvE;AAED,8CAA8C;AAC9C,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,MAAM,CAY/E;AAED,uEAAuE;AACvE,wBAAgB,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,CAAC,GAAG,IAAI,CAQhF;AAED,qCAAqC;AACrC,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAI3D;AAED,uCAAuC;AACvC,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED,8CAA8C;AAC9C,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAEnE;AAED;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAsB,WAAW,CAC/B,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM,EAAE,EACd,IAAI,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GACvC,OAAO,CAAC,kBAAkB,CAAC,CAuG7B"}
|
|
@@ -108,6 +108,16 @@ function run(cmd, cwd, timeoutMs = 30000) {
|
|
|
108
108
|
encoding: 'utf-8',
|
|
109
109
|
stdio: ['pipe', 'pipe', 'pipe'],
|
|
110
110
|
timeout: timeoutMs,
|
|
111
|
+
// Node's default `maxBuffer` is 1MB. Tools that produce large
|
|
112
|
+
// outputs on enterprise codebases (jscpd's 25MB report on
|
|
113
|
+
// dpl-studio, semgrep on a huge ruleset, gitleaks on a leaky
|
|
114
|
+
// repo, npm audit on deep dep trees) silently truncated past
|
|
115
|
+
// that cap pre-fix — execSync threw `ENOBUFS`, the catch below
|
|
116
|
+
// returned empty string, and the calling gather function
|
|
117
|
+
// reported the tool as "unavailable" with reason "no output."
|
|
118
|
+
// 64MB handles the dpl-studio-class observation (25MB) plus
|
|
119
|
+
// ~2x headroom without inviting runaway-tool memory explosion.
|
|
120
|
+
maxBuffer: 64 * 1024 * 1024,
|
|
111
121
|
}).trim();
|
|
112
122
|
}
|
|
113
123
|
catch (err) {
|
|
@@ -194,20 +204,53 @@ function fileExists(cwd, ...paths) {
|
|
|
194
204
|
*/
|
|
195
205
|
async function runDetached(cmd, args, opts) {
|
|
196
206
|
return new Promise((resolve) => {
|
|
207
|
+
let settled = false;
|
|
208
|
+
let stdout = '';
|
|
209
|
+
let stderr = '';
|
|
210
|
+
let timedOut = false;
|
|
211
|
+
// Single-resolve guard. The Promise resolves on exit / error /
|
|
212
|
+
// safety-deadline; whichever fires first wins and the rest are
|
|
213
|
+
// no-ops. Pre-fix the Promise relied solely on `exit` / `error`
|
|
214
|
+
// events — under resource pressure (web-client convergence audit:
|
|
215
|
+
// jscpd + semgrep + graphify all concurrently spawning
|
|
216
|
+
// grandchildren) one of those events occasionally never fired,
|
|
217
|
+
// and the Promise stayed pending forever. Node's event loop then
|
|
218
|
+
// emptied (no more pending operations), beforeExit fired with
|
|
219
|
+
// code=0, and the parent observed a silent rc=0 with no work
|
|
220
|
+
// completed — D134. The settle() wrapper ensures the Promise
|
|
221
|
+
// ALWAYS resolves and the dispatcher above can never hang.
|
|
222
|
+
const settle = (outcome) => {
|
|
223
|
+
if (settled)
|
|
224
|
+
return;
|
|
225
|
+
settled = true;
|
|
226
|
+
resolve(outcome);
|
|
227
|
+
};
|
|
197
228
|
const child = (0, child_process_1.spawn)(cmd, args, {
|
|
198
229
|
cwd: opts.cwd,
|
|
199
230
|
detached: true, // new process group → enables -pid kill below
|
|
200
231
|
stdio: ['ignore', 'pipe', 'pipe'],
|
|
201
232
|
});
|
|
202
|
-
|
|
203
|
-
|
|
233
|
+
// Register error listener BEFORE any other setup so we never miss
|
|
234
|
+
// a synchronous spawn-time emission ('error' fires on ENOENT,
|
|
235
|
+
// EAGAIN under fd/proc exhaustion, EACCES). EventEmitter throws
|
|
236
|
+
// an unhandled-exception if 'error' fires with no listener — the
|
|
237
|
+
// pre-fix late registration could miss the emission window under
|
|
238
|
+
// pressure.
|
|
239
|
+
child.once('error', () => {
|
|
240
|
+
// spawn-time errors (e.g. ENOENT, EAGAIN). Treat as
|
|
241
|
+
// exit-with-no-output; the caller's parser sees an empty stdout
|
|
242
|
+
// and returns its empty result. Matches `run()`'s
|
|
243
|
+
// graceful-degradation convention.
|
|
244
|
+
clearTimeout(timer);
|
|
245
|
+
clearTimeout(safetyTimer);
|
|
246
|
+
settle({ stdout, stderr, code: null, timedOut: false });
|
|
247
|
+
});
|
|
204
248
|
child.stdout?.on('data', (d) => {
|
|
205
249
|
stdout += d.toString('utf8');
|
|
206
250
|
});
|
|
207
251
|
child.stderr?.on('data', (d) => {
|
|
208
252
|
stderr += d.toString('utf8');
|
|
209
253
|
});
|
|
210
|
-
let timedOut = false;
|
|
211
254
|
const timer = setTimeout(() => {
|
|
212
255
|
timedOut = true;
|
|
213
256
|
try {
|
|
@@ -226,16 +269,36 @@ async function runDetached(cmd, args, opts) {
|
|
|
226
269
|
/* process group already gone — fine */
|
|
227
270
|
}
|
|
228
271
|
}, opts.timeoutMs);
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
272
|
+
// Safety deadline: even if every event source fails (a kernel
|
|
273
|
+
// bug, a libuv corner case, an exotic WSL2 scheduling state),
|
|
274
|
+
// resolve the Promise after timeoutMs + 30s grace. The dispatcher
|
|
275
|
+
// up the stack uses Promise.allSettled which collapses any
|
|
276
|
+
// outcome cleanly, so an extra resolve is harmless; what we
|
|
277
|
+
// never want is an unbounded pending Promise. Pre-fix this was
|
|
278
|
+
// the silent-failure shape D134: the orchestrator's spawnSync
|
|
279
|
+
// health child observed rc=0 with no report written because the
|
|
280
|
+
// capabilities Promise.all hung on a runDetached that never
|
|
281
|
+
// settled — Node exited cleanly when the event loop emptied.
|
|
282
|
+
const safetyTimer = setTimeout(() => {
|
|
283
|
+
try {
|
|
284
|
+
if (child.pid !== undefined) {
|
|
285
|
+
process.kill(-child.pid, 'SIGKILL');
|
|
286
|
+
}
|
|
287
|
+
}
|
|
288
|
+
catch {
|
|
289
|
+
/* process group already gone */
|
|
290
|
+
}
|
|
291
|
+
settle({
|
|
292
|
+
stdout,
|
|
293
|
+
stderr,
|
|
294
|
+
code: null,
|
|
295
|
+
timedOut: true,
|
|
296
|
+
});
|
|
297
|
+
}, opts.timeoutMs + 30_000);
|
|
298
|
+
child.once('exit', (code) => {
|
|
237
299
|
clearTimeout(timer);
|
|
238
|
-
|
|
300
|
+
clearTimeout(safetyTimer);
|
|
301
|
+
settle({ stdout, stderr, code, timedOut });
|
|
239
302
|
});
|
|
240
303
|
});
|
|
241
304
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../../src/analyzers/tools/runner.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA,0CAqCC;AAGD,
|
|
1
|
+
{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../../src/analyzers/tools/runner.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA,0CAqCC;AAGD,kBA0BC;AAGD,kCAYC;AAGD,0BAQC;AAGD,gCAIC;AAGD,sCAEC;AAGD,gCAEC;AA8CD,kCA2GC;AAvRD;;GAEG;AACH,iDAAgD;AAChD,uCAAyB;AACzB,2CAA6B;AAE7B;;;;;;;;;GASG;AACH,SAAgB,eAAe,CAAC,GAAW;IACzC,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC;IACf,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,GAAG,KAAK,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,EAAE,KAAK,IAAI;gBAAE,MAAM,GAAG,IAAI,CAAC;iBAC1B,IAAI,EAAE,KAAK,GAAG;gBAAE,QAAQ,GAAG,KAAK,CAAC;YACtC,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,QAAQ,GAAG,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,IAAI,KAAK,KAAK,CAAC;gBAAE,KAAK,GAAG,CAAC,CAAC;YAC3B,KAAK,EAAE,CAAC;QACV,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,KAAK,EAAE,CAAC;YACR,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC9B,IAAI,CAAC;oBACH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChD,CAAC;gBAAC,MAAM,CAAC;oBACP,4BAA4B;gBAC9B,CAAC;gBACD,KAAK,GAAG,CAAC,CAAC,CAAC;YACb,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,wEAAwE;AACxE,SAAgB,GAAG,CAAC,GAAW,EAAE,GAAW,EAAE,SAAS,GAAG,KAAK;IAC7D,IAAI,CAAC;QACH,OAAO,IAAA,wBAAQ,EAAC,GAAG,EAAE;YACnB,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,OAAO,EAAE,SAAS;YAClB,8DAA8D;YAC9D,0DAA0D;YAC1D,6DAA6D;YAC7D,6DAA6D;YAC7D,+DAA+D;YAC/D,yDAAyD;YACzD,8DAA8D;YAC9D,4DAA4D;YAC5D,+DAA+D;YAC/D,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,4EAA4E;QAC5E,MAAM,CAAC,GAAG,GAA0B,CAAC;QACrC,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACzB,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,SAAgB,WAAW,CAAC,GAAW,EAAE,GAAW,EAAE,SAAS,GAAG,KAAK;IACrE,IAAI,CAAC;QACH,IAAA,wBAAQ,EAAC,GAAG,EAAE;YACZ,GAAG;YACH,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,OAAO,EAAE,SAAS;SACnB,CAAC,CAAC;QACH,OAAO,CAAC,CAAC;IACX,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,CAAC,GAAG,GAA0B,CAAC;QACrC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,SAAgB,OAAO,CAAI,GAAW,EAAE,GAAW,EAAE,SAAS,GAAG,KAAK;IACpE,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAM,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,qCAAqC;AACrC,SAAgB,UAAU,CAAC,GAAW,EAAE,GAAW;IACjD,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM;QAAE,OAAO,CAAC,CAAC;IACtB,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;AAC3D,CAAC;AAED,uCAAuC;AACvC,SAAgB,aAAa,CAAC,GAAW,EAAE,GAAW;IACpD,OAAO,GAAG,CAAC,SAAS,GAAG,cAAc,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC;AACrD,CAAC;AAED,8CAA8C;AAC9C,SAAgB,UAAU,CAAC,GAAW,EAAE,GAAG,KAAe;IACxD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7D,CAAC;AAeD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACI,KAAK,UAAU,WAAW,CAC/B,GAAW,EACX,IAAc,EACd,IAAwC;IAExC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,+DAA+D;QAC/D,+DAA+D;QAC/D,gEAAgE;QAChE,kEAAkE;QAClE,uDAAuD;QACvD,+DAA+D;QAC/D,iEAAiE;QACjE,8DAA8D;QAC9D,6DAA6D;QAC7D,6DAA6D;QAC7D,2DAA2D;QAC3D,MAAM,MAAM,GAAG,CAAC,OAA2B,EAAQ,EAAE;YACnD,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,OAAO,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC,CAAC;QAEF,MAAM,KAAK,GAAG,IAAA,qBAAK,EAAC,GAAG,EAAE,IAAI,EAAE;YAC7B,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,QAAQ,EAAE,IAAI,EAAE,8CAA8C;YAC9D,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QAEH,kEAAkE;QAClE,8DAA8D;QAC9D,gEAAgE;QAChE,iEAAiE;QACjE,iEAAiE;QACjE,YAAY;QACZ,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE;YACvB,oDAAoD;YACpD,gEAAgE;YAChE,kDAAkD;YAClD,mCAAmC;YACnC,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,YAAY,CAAC,WAAW,CAAC,CAAC;YAC1B,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE;YACrC,MAAM,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE;YACrC,MAAM,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,QAAQ,GAAG,IAAI,CAAC;YAChB,IAAI,CAAC;gBACH,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;oBAC5B,6DAA6D;oBAC7D,+DAA+D;oBAC/D,+DAA+D;oBAC/D,6DAA6D;oBAC7D,4DAA4D;oBAC5D,2DAA2D;oBAC3D,SAAS;oBACT,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,uCAAuC;YACzC,CAAC;QACH,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAEnB,8DAA8D;QAC9D,8DAA8D;QAC9D,kEAAkE;QAClE,2DAA2D;QAC3D,4DAA4D;QAC5D,+DAA+D;QAC/D,8DAA8D;QAC9D,gEAAgE;QAChE,4DAA4D;QAC5D,6DAA6D;QAC7D,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,EAAE;YAClC,IAAI,CAAC;gBACH,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;oBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;YAClC,CAAC;YACD,MAAM,CAAC;gBACL,MAAM;gBACN,MAAM;gBACN,IAAI,EAAE,IAAI;gBACV,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC,EAAE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,CAAC;QAE5B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC1B,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,YAAY,CAAC,WAAW,CAAC,CAAC;YAC1B,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -26,14 +26,51 @@ export type CodePatternsGatherOutcome = {
|
|
|
26
26
|
kind: 'unavailable';
|
|
27
27
|
reason: string;
|
|
28
28
|
};
|
|
29
|
+
/**
|
|
30
|
+
* Map semgrep's severity + impact to the project's four-tier model.
|
|
31
|
+
* Priority: rule metadata `impact` (most meaningful — rule authors
|
|
32
|
+
* tier by business impact) → fall back to semgrep's `severity`.
|
|
33
|
+
*/
|
|
34
|
+
/**
|
|
35
|
+
* Normalize semgrep's `metadata.cwe` into a single CWE identifier.
|
|
36
|
+
*
|
|
37
|
+
* Why: semgrep rule authors write `cwe:` in YAML as either a scalar
|
|
38
|
+
* (`cwe: "CWE-295: Improper Certificate Validation"`) or a list
|
|
39
|
+
* (`cwe: ["CWE-295: ..."]`). Both shapes pass through semgrep's JSON
|
|
40
|
+
* output unchanged. Pre-fix this code did `metadata?.cwe?.[0]` which
|
|
41
|
+
* silently returned the first *character* of the scalar form (e.g.
|
|
42
|
+
* "C" for "CWE-295: ..."). D094 surfaced this on `bypass-tls-
|
|
43
|
+
* verification` rule output.
|
|
44
|
+
*/
|
|
45
|
+
export declare function extractCwe(cwe: string | string[] | undefined): string;
|
|
29
46
|
/**
|
|
30
47
|
* Single source of truth for the semgrep invocation. Consumed by
|
|
31
48
|
* `semgrepProvider` (capability dispatcher).
|
|
49
|
+
*
|
|
50
|
+
* Failure-mode honesty: when semgrep doesn't produce a parseable
|
|
51
|
+
* report, the returned `reason` distinguishes between:
|
|
52
|
+
* - timeout (we hit our wall-clock budget — the customer probably
|
|
53
|
+
* wants to install nothing and instead either prune the scan
|
|
54
|
+
* scope via `.dxkit-ignore` or bump the timeout)
|
|
55
|
+
* - non-zero exit with a captured stderr first line (semgrep
|
|
56
|
+
* itself complained — surface its complaint)
|
|
57
|
+
* - the historical fallback "no output" (rare now; means stderr
|
|
58
|
+
* was empty AND exit was zero AND the report file was missing)
|
|
59
|
+
*
|
|
60
|
+
* Pre-fix every failure collapsed to "no output," masking
|
|
61
|
+
* resource-contention deaths (parallel jscpd + graphify + semgrep
|
|
62
|
+
* on a 700-file repo OOM-killing the youngest), timeouts, and
|
|
63
|
+
* config-parse errors with the same useless string. Switched to
|
|
64
|
+
* runDetached so we capture stderr + exit code + timeout signal
|
|
65
|
+
* separately, and so the wall-clock-deadline kill cleans up
|
|
66
|
+
* grandchildren (semgrep's internal worker pool).
|
|
32
67
|
*/
|
|
33
|
-
export declare function gatherSemgrepResult(cwd: string): CodePatternsGatherOutcome
|
|
68
|
+
export declare function gatherSemgrepResult(cwd: string): Promise<CodePatternsGatherOutcome>;
|
|
34
69
|
/**
|
|
35
70
|
* Capability-shaped provider. Registered in
|
|
36
71
|
* `src/languages/capabilities/global.ts:GLOBAL_CAPABILITIES.codePatterns`.
|
|
37
72
|
*/
|
|
38
|
-
export declare const semgrepProvider: CapabilityProvider<CodePatternsResult
|
|
73
|
+
export declare const semgrepProvider: CapabilityProvider<CodePatternsResult> & {
|
|
74
|
+
gatherOutcome(cwd: string): Promise<CodePatternsGatherOutcome>;
|
|
75
|
+
};
|
|
39
76
|
//# sourceMappingURL=semgrep.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;
|
|
1
|
+
{"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAsB,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AA6BjG;;;;;GAKG;AACH,MAAM,MAAM,yBAAyB,GACjC;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,kBAAkB,CAAA;CAAE,GACjD;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5C;;;;GAIG;AACH;;;;;;;;;;GAUG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,GAAG,MAAM,CAKrE;AA4BD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAuGzF;AAED;;;GAGG;AAMH,eAAO,MAAM,eAAe,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,GAAG;IACrE,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;CAUhE,CAAC"}
|
|
@@ -12,9 +12,44 @@
|
|
|
12
12
|
* rulesets in future is purely declarative: a pack lists them, this
|
|
13
13
|
* provider picks them up via `detectActiveLanguages(cwd)`.
|
|
14
14
|
*/
|
|
15
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
16
|
+
if (k2 === undefined) k2 = k;
|
|
17
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
18
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
19
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
20
|
+
}
|
|
21
|
+
Object.defineProperty(o, k2, desc);
|
|
22
|
+
}) : (function(o, m, k, k2) {
|
|
23
|
+
if (k2 === undefined) k2 = k;
|
|
24
|
+
o[k2] = m[k];
|
|
25
|
+
}));
|
|
26
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
27
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
28
|
+
}) : function(o, v) {
|
|
29
|
+
o["default"] = v;
|
|
30
|
+
});
|
|
31
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
32
|
+
var ownKeys = function(o) {
|
|
33
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
34
|
+
var ar = [];
|
|
35
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
36
|
+
return ar;
|
|
37
|
+
};
|
|
38
|
+
return ownKeys(o);
|
|
39
|
+
};
|
|
40
|
+
return function (mod) {
|
|
41
|
+
if (mod && mod.__esModule) return mod;
|
|
42
|
+
var result = {};
|
|
43
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
44
|
+
__setModuleDefault(result, mod);
|
|
45
|
+
return result;
|
|
46
|
+
};
|
|
47
|
+
})();
|
|
15
48
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
49
|
exports.semgrepProvider = void 0;
|
|
50
|
+
exports.extractCwe = extractCwe;
|
|
17
51
|
exports.gatherSemgrepResult = gatherSemgrepResult;
|
|
52
|
+
const fs = __importStar(require("fs"));
|
|
18
53
|
const languages_1 = require("../../languages");
|
|
19
54
|
const exclusions_1 = require("./exclusions");
|
|
20
55
|
const paths_1 = require("./paths");
|
|
@@ -26,6 +61,25 @@ const tool_registry_1 = require("./tool-registry");
|
|
|
26
61
|
* Priority: rule metadata `impact` (most meaningful — rule authors
|
|
27
62
|
* tier by business impact) → fall back to semgrep's `severity`.
|
|
28
63
|
*/
|
|
64
|
+
/**
|
|
65
|
+
* Normalize semgrep's `metadata.cwe` into a single CWE identifier.
|
|
66
|
+
*
|
|
67
|
+
* Why: semgrep rule authors write `cwe:` in YAML as either a scalar
|
|
68
|
+
* (`cwe: "CWE-295: Improper Certificate Validation"`) or a list
|
|
69
|
+
* (`cwe: ["CWE-295: ..."]`). Both shapes pass through semgrep's JSON
|
|
70
|
+
* output unchanged. Pre-fix this code did `metadata?.cwe?.[0]` which
|
|
71
|
+
* silently returned the first *character* of the scalar form (e.g.
|
|
72
|
+
* "C" for "CWE-295: ..."). D094 surfaced this on `bypass-tls-
|
|
73
|
+
* verification` rule output.
|
|
74
|
+
*/
|
|
75
|
+
function extractCwe(cwe) {
|
|
76
|
+
if (!cwe)
|
|
77
|
+
return '';
|
|
78
|
+
const raw = Array.isArray(cwe) ? cwe[0] : cwe;
|
|
79
|
+
if (typeof raw !== 'string')
|
|
80
|
+
return '';
|
|
81
|
+
return raw.split(':')[0].trim();
|
|
82
|
+
}
|
|
29
83
|
function mapSemgrepSeverity(sgSeverity, impact) {
|
|
30
84
|
const imp = (impact || '').toUpperCase();
|
|
31
85
|
if (imp === 'HIGH')
|
|
@@ -59,22 +113,82 @@ function collectRulesets(cwd) {
|
|
|
59
113
|
/**
|
|
60
114
|
* Single source of truth for the semgrep invocation. Consumed by
|
|
61
115
|
* `semgrepProvider` (capability dispatcher).
|
|
116
|
+
*
|
|
117
|
+
* Failure-mode honesty: when semgrep doesn't produce a parseable
|
|
118
|
+
* report, the returned `reason` distinguishes between:
|
|
119
|
+
* - timeout (we hit our wall-clock budget — the customer probably
|
|
120
|
+
* wants to install nothing and instead either prune the scan
|
|
121
|
+
* scope via `.dxkit-ignore` or bump the timeout)
|
|
122
|
+
* - non-zero exit with a captured stderr first line (semgrep
|
|
123
|
+
* itself complained — surface its complaint)
|
|
124
|
+
* - the historical fallback "no output" (rare now; means stderr
|
|
125
|
+
* was empty AND exit was zero AND the report file was missing)
|
|
126
|
+
*
|
|
127
|
+
* Pre-fix every failure collapsed to "no output," masking
|
|
128
|
+
* resource-contention deaths (parallel jscpd + graphify + semgrep
|
|
129
|
+
* on a 700-file repo OOM-killing the youngest), timeouts, and
|
|
130
|
+
* config-parse errors with the same useless string. Switched to
|
|
131
|
+
* runDetached so we capture stderr + exit code + timeout signal
|
|
132
|
+
* separately, and so the wall-clock-deadline kill cleans up
|
|
133
|
+
* grandchildren (semgrep's internal worker pool).
|
|
62
134
|
*/
|
|
63
|
-
function gatherSemgrepResult(cwd) {
|
|
135
|
+
async function gatherSemgrepResult(cwd) {
|
|
64
136
|
const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.semgrep, cwd);
|
|
65
137
|
if (!status.available || !status.path)
|
|
66
138
|
return { kind: 'unavailable', reason: 'not installed' };
|
|
67
139
|
const rulesets = collectRulesets(cwd);
|
|
68
140
|
if (rulesets.length === 0)
|
|
69
141
|
return { kind: 'unavailable', reason: 'no rulesets' };
|
|
70
|
-
const configs = rulesets.map((r) => `--config ${r}`).join(' ');
|
|
71
|
-
const excludes = (0, exclusions_1.getSemgrepExcludeFlags)(cwd);
|
|
72
142
|
const reportPath = `/tmp/dxkit-semgrep-${Date.now()}.json`;
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
143
|
+
const args = ['scan'];
|
|
144
|
+
for (const r of rulesets)
|
|
145
|
+
args.push('--config', r);
|
|
146
|
+
args.push('--json', '--quiet', '--output', reportPath);
|
|
147
|
+
// getSemgrepExcludeFlags returns a single space-separated string
|
|
148
|
+
// shaped for execSync (`--exclude foo --exclude bar`). Split it
|
|
149
|
+
// into the array form runDetached expects.
|
|
150
|
+
const excludeFlagString = (0, exclusions_1.getSemgrepExcludeFlags)(cwd);
|
|
151
|
+
if (excludeFlagString) {
|
|
152
|
+
for (const tok of excludeFlagString.split(/\s+/).filter((t) => t.length > 0)) {
|
|
153
|
+
args.push(tok);
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
args.push(cwd);
|
|
157
|
+
const outcome = await (0, runner_1.runDetached)(status.path, args, { cwd, timeoutMs: 300000 });
|
|
158
|
+
let raw;
|
|
159
|
+
try {
|
|
160
|
+
raw = fs.readFileSync(reportPath, 'utf-8');
|
|
161
|
+
}
|
|
162
|
+
catch {
|
|
163
|
+
raw = '';
|
|
164
|
+
}
|
|
165
|
+
// Cleanup: best-effort; failure here is non-fatal.
|
|
166
|
+
try {
|
|
167
|
+
fs.unlinkSync(reportPath);
|
|
168
|
+
}
|
|
169
|
+
catch {
|
|
170
|
+
/* file already gone or never written — fine */
|
|
171
|
+
}
|
|
172
|
+
if (!raw) {
|
|
173
|
+
if (outcome.timedOut) {
|
|
174
|
+
return {
|
|
175
|
+
kind: 'unavailable',
|
|
176
|
+
reason: 'timed out at 300s (try narrowing scan scope via .dxkit-ignore)',
|
|
177
|
+
};
|
|
178
|
+
}
|
|
179
|
+
const stderrFirstLine = outcome.stderr
|
|
180
|
+
.split('\n')
|
|
181
|
+
.map((l) => l.trim())
|
|
182
|
+
.find((l) => l.length > 0);
|
|
183
|
+
if (outcome.code !== 0 && outcome.code !== null) {
|
|
184
|
+
const ctx = stderrFirstLine ? ` (stderr: ${stderrFirstLine})` : '';
|
|
185
|
+
return { kind: 'unavailable', reason: `exit code ${outcome.code}${ctx}` };
|
|
186
|
+
}
|
|
187
|
+
if (stderrFirstLine) {
|
|
188
|
+
return { kind: 'unavailable', reason: `no output (stderr: ${stderrFirstLine})` };
|
|
189
|
+
}
|
|
77
190
|
return { kind: 'unavailable', reason: 'no output' };
|
|
191
|
+
}
|
|
78
192
|
let data;
|
|
79
193
|
try {
|
|
80
194
|
data = JSON.parse(raw);
|
|
@@ -99,7 +213,7 @@ function gatherSemgrepResult(cwd) {
|
|
|
99
213
|
severity: mapSemgrepSeverity(r.extra.severity, r.extra.metadata?.impact),
|
|
100
214
|
rule: r.check_id.split('.').slice(-1)[0],
|
|
101
215
|
title: r.extra.message.split('\n')[0].slice(0, 200),
|
|
102
|
-
cwe: r.extra.metadata?.cwe
|
|
216
|
+
cwe: extractCwe(r.extra.metadata?.cwe),
|
|
103
217
|
file: (0, paths_1.toProjectRelative)(cwd, r.path),
|
|
104
218
|
line: r.start.line,
|
|
105
219
|
}));
|
|
@@ -119,11 +233,19 @@ function gatherSemgrepResult(cwd) {
|
|
|
119
233
|
* Capability-shaped provider. Registered in
|
|
120
234
|
* `src/languages/capabilities/global.ts:GLOBAL_CAPABILITIES.codePatterns`.
|
|
121
235
|
*/
|
|
236
|
+
// Exposes the underlying outcome via `gatherOutcome` so the dispatcher
|
|
237
|
+
// captures semgrep's actual failure reason (timeout / exit code /
|
|
238
|
+
// stderr first line) into `DispatchOutcome.skipReasons`. Without it,
|
|
239
|
+
// every failure modes collapses to the same generic "attempted but
|
|
240
|
+
// produced no output" prose at the renderer layer.
|
|
122
241
|
exports.semgrepProvider = {
|
|
123
242
|
source: 'semgrep',
|
|
124
243
|
async gather(cwd) {
|
|
125
|
-
const outcome = gatherSemgrepResult(cwd);
|
|
244
|
+
const outcome = await gatherSemgrepResult(cwd);
|
|
126
245
|
return outcome.kind === 'success' ? outcome.envelope : null;
|
|
127
246
|
},
|
|
247
|
+
async gatherOutcome(cwd) {
|
|
248
|
+
return gatherSemgrepResult(cwd);
|
|
249
|
+
},
|
|
128
250
|
};
|
|
129
251
|
//# sourceMappingURL=semgrep.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"semgrep.js","sourceRoot":"","sources":["../../../src/analyzers/tools/semgrep.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG
|
|
1
|
+
{"version":3,"file":"semgrep.js","sourceRoot":"","sources":["../../../src/analyzers/tools/semgrep.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4DH,gCAKC;AAkDD,kDAuGC;AAxND,uCAAyB;AACzB,+CAAwD;AAGxD,6CAAsD;AACtD,mCAA4C;AAC5C,qCAAuC;AACvC,iDAAqE;AACrE,mDAAsD;AAkCtD;;;;GAIG;AACH;;;;;;;;;;GAUG;AACH,SAAgB,UAAU,CAAC,GAAkC;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAC9C,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACvC,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,kBAAkB,CAAC,UAAkB,EAAE,MAAe;IAC7D,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,GAAG,KAAK,MAAM;QAAE,OAAO,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;IACxE,IAAI,GAAG,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACtC,IAAI,GAAG,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAChC,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC;IAC1C,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC9C,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACvD,KAAK,MAAM,IAAI,IAAI,IAAA,iCAAqB,EAAC,GAAG,CAAC,EAAE,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,eAAe;YAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACI,KAAK,UAAU,mBAAmB,CAAC,GAAW;IACnD,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAE/F,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IAEjF,MAAM,UAAU,GAAG,sBAAsB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC3D,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IACnD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IACvD,iEAAiE;IACjE,gEAAgE;IAChE,2CAA2C;IAC3C,MAAM,iBAAiB,GAAG,IAAA,mCAAsB,EAAC,GAAG,CAAC,CAAC;IACtD,IAAI,iBAAiB,EAAE,CAAC;QACtB,KAAK,MAAM,GAAG,IAAI,iBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;YAC7E,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEf,MAAM,OAAO,GAAG,MAAM,IAAA,oBAAW,EAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IACjF,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,GAAG,EAAE,CAAC;IACX,CAAC;IACD,mDAAmD;IACnD,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,+CAA+C;IACjD,CAAC;IAED,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,gEAAgE;aACzE,CAAC;QACJ,CAAC;QACD,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM;aACnC,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,GAAG,GAAG,eAAe,CAAC,CAAC,CAAC,aAAa,eAAe,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,EAAE,CAAC;QAC5E,CAAC;QACD,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,sBAAsB,eAAe,GAAG,EAAE,CAAC;QACnF,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACtD,CAAC;IAED,IAAI,IAAmB,CAAC;IACxB,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAuB;YACnC,aAAa,EAAE,CAAC;YAChB,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE,EAAE;YACZ,eAAe,EAAE,CAAC;SACnB,CAAC;QACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,YAAY,GAAyB,IAAI,CAAC,OAAO;QACrD,gEAAgE;QAChE,6BAA6B;SAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC;SAC3E,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACX,QAAQ,EAAE,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC;QACxE,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;QACnD,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,CAAC;QACtC,IAAI,EAAE,IAAA,yBAAiB,EAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC;QACpC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI;KACnB,CAAC,CAAC,CAAC;IAEN,mEAAmE;IACnE,uCAAuC;IACvC,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,IAAA,gCAAiB,EAC5C,YAAY,EACZ,YAAY,CAAC,OAAO,EACpB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EACb,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CACd,CAAC;IAEF,MAAM,QAAQ,GAAuB;QACnC,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,SAAS;QACf,QAAQ,EAAE,IAAI;QACd,eAAe,EAAE,UAAU,CAAC,MAAM;KACnC,CAAC;IACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,uEAAuE;AACvE,kEAAkE;AAClE,qEAAqE;AACrE,mEAAmE;AACnE,mDAAmD;AACtC,QAAA,eAAe,GAExB;IACF,MAAM,EAAE,SAAS;IACjB,KAAK,CAAC,MAAM,CAAC,GAAG;QACd,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,CAAC;IACD,KAAK,CAAC,aAAa,CAAC,GAAG;QACrB,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;CACF,CAAC"}
|
|
@@ -1,8 +1,22 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* Per-step progress + timing for the analyzer pipeline (F-UX-2).
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
4
|
+
* Pre-2.4.7, `timed` / `timedAsync` only emitted output under
|
|
5
|
+
* `--verbose` — and only AFTER the step completed. Real users
|
|
6
|
+
* running `health` on a 1.8GB-node_modules repo (Friction #20) sat
|
|
7
|
+
* for tens of minutes staring at a static banner with no indication
|
|
8
|
+
* whether dxkit was working or hung.
|
|
9
|
+
*
|
|
10
|
+
* Post-F-UX-2, the start of every step always prints a `→ <name>`
|
|
11
|
+
* line to stderr — including in non-verbose mode — so the user can
|
|
12
|
+
* see exactly which step is running. The elapsed time still only
|
|
13
|
+
* prints under `--verbose`. Stdout stays clean so `--json` is
|
|
14
|
+
* unaffected.
|
|
15
|
+
*
|
|
16
|
+
* Scope note: this is the per-top-level-step minimal version from
|
|
17
|
+
* the friction tracker. Fuller streaming inside long capabilities
|
|
18
|
+
* (e.g. semgrep across 8 rulesets, OSV.dev lookups across N
|
|
19
|
+
* advisories) can land in 2.4.8.
|
|
6
20
|
*/
|
|
7
21
|
export declare function timed<T>(name: string, verbose: boolean, fn: () => T): T;
|
|
8
22
|
export declare function timedAsync<T>(name: string, verbose: boolean, fn: () => Promise<T>): Promise<T>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"timing.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/timing.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"timing.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/timing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAcH,wBAAgB,KAAK,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAMvE;AAED,wBAAsB,UAAU,CAAC,CAAC,EAChC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,OAAO,EAChB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GACnB,OAAO,CAAC,CAAC,CAAC,CAMZ"}
|