snyk-nuget-plugin 1.27.0 → 1.29.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/index.js +6 -4
- package/dist/index.js.map +1 -1
- package/dist/nuget-parser/cli/dotnet.js +3 -3
- package/dist/nuget-parser/cli/dotnet.js.map +1 -1
- package/dist/nuget-parser/index.js +24 -7
- package/dist/nuget-parser/index.js.map +1 -1
- package/dist/nuget-parser/parsers/csproj-parser.js +13 -12
- package/dist/nuget-parser/parsers/csproj-parser.js.map +1 -1
- package/dist/nuget-parser/parsers/dotnet-core-parser.js +43 -41
- package/dist/nuget-parser/parsers/dotnet-core-parser.js.map +1 -1
- package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js +38 -15
- package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js.map +1 -1
- package/dist/nuget-parser/parsers/dotnet-framework-parser.js +8 -7
- package/dist/nuget-parser/parsers/dotnet-framework-parser.js.map +1 -1
- package/dist/nuget-parser/parsers/nuspec-parser.js +94 -96
- package/dist/nuget-parser/parsers/nuspec-parser.js.map +1 -1
- package/dist/nuget-parser/parsers/project-json-parser.js.map +1 -1
- package/dist/nuget-parser/runtime-assembly.js +124 -0
- package/dist/nuget-parser/runtime-assembly.js.map +1 -0
- package/dist/nuget-parser/types.js +1 -1
- package/dist/nuget-parser/types.js.map +1 -1
- package/package.json +19 -17
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
|
|
2
2
|
|
|
3
|
-
[](https://dl.circleci.com/status-badge/redirect/gh/snyk/snyk-nuget-plugin/tree/main)
|
|
4
4
|
|
|
5
5
|
***
|
|
6
6
|
|
package/dist/index.js
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.inspect = void 0;
|
|
4
|
-
const path = require("path");
|
|
5
4
|
const nugetParser = require("./nuget-parser");
|
|
5
|
+
const path = require("path");
|
|
6
6
|
const paketParser = require("snyk-paket-parser");
|
|
7
|
-
const errors_1 = require("./errors");
|
|
8
7
|
const types_1 = require("./nuget-parser/types");
|
|
8
|
+
const errors_1 = require("./errors");
|
|
9
9
|
function determineManifestType(filename) {
|
|
10
10
|
switch (true) {
|
|
11
11
|
case /project.json$/.test(filename): {
|
|
@@ -56,9 +56,11 @@ async function inspect(root, targetFile, options) {
|
|
|
56
56
|
}
|
|
57
57
|
if (options['dotnet-runtime-resolution']) {
|
|
58
58
|
if (manifestType !== types_1.ManifestType.DOTNET_CORE) {
|
|
59
|
-
return Promise.reject(new
|
|
59
|
+
return Promise.reject(new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions 5 and higher, all versions of .NET Core and all versions of .NET Standard projects. Supplied project type was parsed as ${manifestType}.`));
|
|
60
60
|
}
|
|
61
|
-
|
|
61
|
+
// TODO: Replaced by a CLI argument when project is stabilized
|
|
62
|
+
const useRuntimeDependencies = true;
|
|
63
|
+
const result = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], useRuntimeDependencies, options['project-name-prefix']);
|
|
62
64
|
return {
|
|
63
65
|
dependencyGraph: result.dependencyGraph,
|
|
64
66
|
package: 'n/a',
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;AAAA,6BAA6B;AAC7B,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;AAAA,8CAA8C;AAC9C,6BAA6B;AAC7B,iDAAiD;AACjD,gDAAmE;AACnE,qCAAsE;AAEtE,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,QAAQ,IAAI,EAAE;QACZ,KAAK,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnC,OAAO,oBAAY,CAAC,YAAY,CAAC;SAClC;QACD,KAAK,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC1C,OAAO,oBAAY,CAAC,WAAW,CAAC;SACjC;QACD,KAAK,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtC,OAAO,oBAAY,CAAC,eAAe,CAAC;SACrC;QACD,KAAK,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACzC,OAAO,oBAAY,CAAC,KAAK,CAAC;SAC3B;QACD,OAAO,CAAC,CAAC;YACP,MAAM,IAAI,0BAAiB,CACzB,wCAAwC,GAAG,QAAQ,CACpD,CAAC;SACH;KACF;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,IAAI,EACJ,UAAU,EACV,OAAQ;IAER,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IACxB,IAAI,YAA0B,CAAC;IAC/B,IAAI;QACF,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC;KACzE;IAAC,OAAO,KAAc,EAAE;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC9B;IAED,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,EAAE;QACpC,MAAM,eAAe,GAAG,OAAO,CAAC,IAAI;YAClC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe;YAC9B,CAAC,CAAC,SAAS,CAAC;QACd,OAAO,OAAO,CAAC,IAAI,CAAC;QACpB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;gBACV,aAAa,EAAE,eAAe;aAC/B;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,IAAI,YAAY,KAAK,oBAAY,CAAC,KAAK,EAAE;QACvC,OAAO,WAAW;aACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC,EACjD,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,gDAAgD;QACvF,OAAO,CAAC,MAAM,CACf;aACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;KAC5B;IAED,IAAI,OAAO,CAAC,2BAA2B,CAAC,EAAE;QACxC,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE;YAC7C,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,gCAAuB,CACzB,kMAAkM,YAAY,GAAG,CAClN,CACF,CAAC;SACH;QAED,8DAA8D;QAC9D,MAAM,sBAAsB,GAAG,IAAI,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,sBAAsB,CACrD,IAAI,EACJ,UAAU,EACV,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,sBAAsB,EACtB,OAAO,CAAC,qBAAqB,CAAC,CAC/B,CAAC;QACF,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,OAAO,EAAE,KAAK;YACd,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;gBACV,aAAa,EAAE,MAAM,CAAC,eAAe;aACtC;SACF,CAAC;KACH;IAED,OAAO,WAAW;SACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,OAAO,CAAC,cAAc,EACtB,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,qBAAqB,CAAC,CAC/B;SACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;AAC7B,CAAC;AAhFD,0BAgFC"}
|
|
@@ -36,7 +36,7 @@ async function validate() {
|
|
|
36
36
|
}
|
|
37
37
|
exports.validate = validate;
|
|
38
38
|
async function restore(projectPath) {
|
|
39
|
-
const command = `dotnet restore ${projectPath}`;
|
|
39
|
+
const command = `dotnet restore --no-cache ${projectPath}`;
|
|
40
40
|
await handle('restore', command);
|
|
41
41
|
return;
|
|
42
42
|
}
|
|
@@ -64,12 +64,12 @@ async function publish(projectPath) {
|
|
|
64
64
|
const publishDirLine = response.stdout
|
|
65
65
|
.split(/[\r\n]+/)
|
|
66
66
|
// TODO: For multiple target frameworks, replace `find` with a map or something of that kind to return more than the first.
|
|
67
|
-
// The first thing to get published ought to be the project's own .dll.
|
|
67
|
+
// The first thing to get published ought to be the project's own .dll or .exe file, depending on the architecture.
|
|
68
68
|
// E.g., something like:
|
|
69
69
|
// dotnet_6 -> /foo/bar/project/bin/Debug/net6.0/osx-arm64/project_name.dll
|
|
70
70
|
// Either way, since we're forcing a publish of a self-contained project, all .dlls should be placed there.
|
|
71
71
|
// This logic does seem a bit popsicle and duct-tape ish, but I have yet to find a more stable solution. PRs welcome!
|
|
72
|
-
.find((line) => line.endsWith('.dll'));
|
|
72
|
+
.find((line) => line.endsWith('.dll') || line.endsWith('.exe'));
|
|
73
73
|
if (!publishDirLine) {
|
|
74
74
|
const err = `Could not find a valid publish path while reading stdout: ${response.stdout}`;
|
|
75
75
|
debug(err);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../lib/nuget-parser/cli/dotnet.ts"],"names":[],"mappings":";;;AAAA,6BAA6B;AAC7B,qCAAqC;AACrC,8CAA8C;AAC9C,yCAA+C;AAC/C,6BAA6B;AAE7B,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;AAO/C,KAAK,UAAU,MAAM,CAAC,SAAiB,EAAE,OAAe;IACtD,KAAK,CAAC,2BAA2B,SAAS,KAAK,OAAO,EAAE,CAAC,CAAC;IAE1D,IAAI;QACF,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;KAC5B;IAAC,OAAO,KAAc,EAAE;QACvB,IACE,CAAC,CACC,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,QAAQ,IAAI,KAAK;YACjB,QAAQ,IAAI,KAAK,CAClB,EACD;YACA,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,KAAK,EAAE,CAClD,CAAC;SACH;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC;QAC7C,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,OAAO,EAAE,CACpD,CAAC;KACH;AACH,CAAC;AAEM,KAAK,UAAU,QAAQ;IAC5B,MAAM,OAAO,GAAG,kBAAkB,CAAC;IAEnC,IAAI;QACF,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;KAClC;IAAC,OAAO,KAAc,EAAE;QACvB,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;KACb;AACH,CAAC;AATD,4BASC;AAEM,KAAK,UAAU,OAAO,CAAC,WAAmB;IAC/C,MAAM,OAAO,GAAG,
|
|
1
|
+
{"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../lib/nuget-parser/cli/dotnet.ts"],"names":[],"mappings":";;;AAAA,6BAA6B;AAC7B,qCAAqC;AACrC,8CAA8C;AAC9C,yCAA+C;AAC/C,6BAA6B;AAE7B,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;AAO/C,KAAK,UAAU,MAAM,CAAC,SAAiB,EAAE,OAAe;IACtD,KAAK,CAAC,2BAA2B,SAAS,KAAK,OAAO,EAAE,CAAC,CAAC;IAE1D,IAAI;QACF,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;KAC5B;IAAC,OAAO,KAAc,EAAE;QACvB,IACE,CAAC,CACC,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,QAAQ,IAAI,KAAK;YACjB,QAAQ,IAAI,KAAK,CAClB,EACD;YACA,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,KAAK,EAAE,CAClD,CAAC;SACH;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC;QAC7C,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,OAAO,EAAE,CACpD,CAAC;KACH;AACH,CAAC;AAEM,KAAK,UAAU,QAAQ;IAC5B,MAAM,OAAO,GAAG,kBAAkB,CAAC;IAEnC,IAAI;QACF,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;KAClC;IAAC,OAAO,KAAc,EAAE;QACvB,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;KACb;AACH,CAAC;AATD,4BASC;AAEM,KAAK,UAAU,OAAO,CAAC,WAAmB;IAC/C,MAAM,OAAO,GAAG,6BAA6B,WAAW,EAAE,CAAC;IAC3D,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACjC,OAAO;AACT,CAAC;AAJD,0BAIC;AAEM,KAAK,UAAU,OAAO,CAAC,WAAmB;;IAC/C,IAAI,OAAO,GAAG,0BAA0B,CAAC;IACzC,sGAAsG;IACtG,OAAO,IAAI,OAAO,CAAC;IACnB,0EAA0E;IAC1E,oFAAoF;IACpF,OAAO,IAAI,WAAW,CAAC;IAEvB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAElD,wGAAwG;IACxG,0GAA0G;IAC1G,8GAA8G;IAC9G,eAAe;IACf,kHAAkH;IAClH,6GAA6G;IAC7G,6GAA6G;IAC7G,yCAAyC;IAEzC,sHAAsH;IACtH,iHAAiH;IACjH,gEAAgE;IAChE,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM;SACnC,KAAK,CAAC,SAAS,CAAC;QACjB,2HAA2H;QAC3H,mHAAmH;QACnH,wBAAwB;QACxB,2EAA2E;QAC3E,2GAA2G;QAC3G,qHAAqH;SACpH,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAElE,IAAI,CAAC,cAAc,EAAE;QACnB,MAAM,GAAG,GAAG,6DAA6D,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC3F,KAAK,CAAC,GAAG,CAAC,CAAC;QACX,MAAM,IAAI,wBAAe,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;KACnE;IAED,kHAAkH;IAClH,MAAM,CAAC,EAAE,gBAAgB,CAAC,GAAG,MAAA,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,mCAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,gBAAgB,EAAE;QACrB,MAAM,GAAG,GAAG,gEAAgE,cAAc,EAAE,CAAC;QAC7F,KAAK,CAAC,GAAG,CAAC,CAAC;QACX,MAAM,IAAI,wBAAe,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;KACnE;IAED,+GAA+G;IAC/G,uDAAuD;IACvD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC;IACtD,OAAO,OAAO,CAAC;AACjB,CAAC;AAlDD,0BAkDC"}
|
|
@@ -12,6 +12,8 @@ const projectJsonParser = require("./parsers/project-json-parser");
|
|
|
12
12
|
const packagesConfigParser = require("./parsers/packages-config-parser");
|
|
13
13
|
const errors_1 = require("../errors");
|
|
14
14
|
const types_1 = require("./types");
|
|
15
|
+
const dotnet = require("./cli/dotnet");
|
|
16
|
+
const runtimeAssembly = require("./runtime-assembly");
|
|
15
17
|
const debug = debugModule('snyk');
|
|
16
18
|
const PARSERS = {
|
|
17
19
|
'dotnet-core': {
|
|
@@ -53,7 +55,7 @@ function getFileContents(fileContentPath) {
|
|
|
53
55
|
throw new errors_1.FileNotProcessableError(error);
|
|
54
56
|
}
|
|
55
57
|
}
|
|
56
|
-
async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, projectNamePrefix) {
|
|
58
|
+
async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, useRuntimeDependencies, projectNamePrefix) {
|
|
57
59
|
var _a, _b;
|
|
58
60
|
const safeRoot = root || '.';
|
|
59
61
|
const safeTargetFile = targetFile || '.';
|
|
@@ -61,21 +63,36 @@ async function buildDepGraphFromFiles(root, targetFile, manifestType, useProject
|
|
|
61
63
|
const fileContent = getFileContents(fileContentPath);
|
|
62
64
|
const projectRootFolder = path.resolve(fileContentPath, '../../');
|
|
63
65
|
const targetFramework = await csProjParser.getTargetFrameworksFromProjFile(projectRootFolder);
|
|
66
|
+
if (!targetFramework) {
|
|
67
|
+
throw new errors_1.FileNotProcessableError(`unable to detect a target framework in ${projectRootFolder}, a valid one is needed to continue down this path.`);
|
|
68
|
+
}
|
|
64
69
|
const parser = PARSERS['dotnet-core-v2'];
|
|
65
70
|
const manifest = await parser.fileContentParser.parse(fileContent);
|
|
66
71
|
let resolvedProjectName = getRootName(root, projectRootFolder, projectNamePrefix);
|
|
72
|
+
const projectNameFromManifestFile = (_b = (_a = manifest === null || manifest === void 0 ? void 0 : manifest.project) === null || _a === void 0 ? void 0 : _a.restore) === null || _b === void 0 ? void 0 : _b.projectName;
|
|
67
73
|
if (manifestType === types_1.ManifestType.DOTNET_CORE &&
|
|
68
74
|
useProjectNameFromAssetsFile) {
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
resolvedProjectName = projectName;
|
|
75
|
+
if (projectNameFromManifestFile) {
|
|
76
|
+
resolvedProjectName = projectNameFromManifestFile;
|
|
72
77
|
}
|
|
73
78
|
else {
|
|
74
|
-
debug(
|
|
75
|
-
|
|
79
|
+
debug(`project.assets.json file doesn't contain a value for 'projectName'. Using default value: ${resolvedProjectName}`);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
let assemblyVersions = {};
|
|
83
|
+
if (useRuntimeDependencies) {
|
|
84
|
+
if (!runtimeAssembly.isSupported(targetFramework)) {
|
|
85
|
+
throw new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions 5 and higher, all versions of .NET Core and all versions of .NET Standard projects. Supplied versions was parsed as: ${targetFramework === null || targetFramework === void 0 ? void 0 : targetFramework.framework}.`);
|
|
76
86
|
}
|
|
87
|
+
// Ensure `dotnet` is installed on the system or fail trying.
|
|
88
|
+
await dotnet.validate();
|
|
89
|
+
// Run `dotnet publish` to create a self-contained publishable binary with included .dlls for assembly version inspection.
|
|
90
|
+
const publishDir = await dotnet.publish(projectRootFolder);
|
|
91
|
+
// Then inspect the dependency graph for the runtimepackage's assembly versions.
|
|
92
|
+
const depsFile = path.resolve(publishDir, `${projectNameFromManifestFile}.deps.json`);
|
|
93
|
+
assemblyVersions = runtimeAssembly.generateRuntimeAssemblies(depsFile);
|
|
77
94
|
}
|
|
78
|
-
const depGraph = parser.depParser.parse(resolvedProjectName, manifest);
|
|
95
|
+
const depGraph = parser.depParser.parse(resolvedProjectName, manifest, assemblyVersions);
|
|
79
96
|
return {
|
|
80
97
|
dependencyGraph: depGraph,
|
|
81
98
|
targetFramework: targetFramework === null || targetFramework === void 0 ? void 0 : targetFramework.original,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/nuget-parser/index.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAC7B,wDAAwD;AACxD,qCAAqC;AACrC,iEAAiE;AACjE,sEAAsE;AACtE,2EAA2E;AAC3E,mEAAmE;AACnE,yEAAyE;AACzE,sCAAoD;AACpD,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/nuget-parser/index.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAC7B,wDAAwD;AACxD,qCAAqC;AACrC,iEAAiE;AACjE,sEAAsE;AACtE,2EAA2E;AAC3E,mEAAmE;AACnE,yEAAyE;AACzE,sCAAoD;AACpD,mCAA0E;AAE1E,uCAAuC;AACvC,sDAAsD;AAEtD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,OAAO,GAAG;IACd,aAAa,EAAE;QACb,SAAS,EAAE,gBAAgB;QAC3B,iBAAiB,EAAE,IAAI;KACxB;IACD,gBAAgB,EAAE;QAChB,SAAS,EAAE,kBAAkB;QAC7B,iBAAiB,EAAE,IAAI;KACxB;IACD,iBAAiB,EAAE;QACjB,SAAS,EAAE,qBAAqB;QAChC,iBAAiB,EAAE,oBAAoB;KACxC;IACD,cAAc,EAAE;QACd,SAAS,EAAE,qBAAqB;QAChC,iBAAiB,EAAE,iBAAiB;KACrC;CACF,CAAC;AAEF,SAAS,iBAAiB,CAAC,cAAc,EAAE,iBAAiB;IAC1D,IAAI,cAAc,EAAE;QAClB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;KACpD;IACD,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,WAAW,CAClB,IAAa,EACb,iBAA0B,EAC1B,iBAA0B;IAE1B,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,iBAAiB,IAAI,EAAE,CAAC,CAAC;IACvE,IAAI,iBAAiB,EAAE;QACrB,OAAO,iBAAiB,GAAG,eAAe,CAAC;KAC5C;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,eAAuB;IAC9C,IAAI;QACF,KAAK,CAAC,sBAAsB,eAAe,EAAE,CAAC,CAAC;QAC/C,OAAO,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;KAClD;IAAC,OAAO,KAAc,EAAE;QACvB,MAAM,IAAI,gCAAuB,CAAC,KAAK,CAAC,CAAC;KAC1C;AACH,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,IAAwB,EACxB,UAA8B,EAC9B,YAA0B,EAC1B,4BAAqC,EACrC,sBAA+B,EAC/B,iBAA0B;;IAK1B,MAAM,QAAQ,GAAG,IAAI,IAAI,GAAG,CAAC;IAC7B,MAAM,cAAc,GAAG,UAAU,IAAI,GAAG,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;IACrD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,eAAe,GAAG,MAAM,YAAY,CAAC,+BAA+B,CACxE,iBAAiB,CAClB,CAAC;IAEF,IAAI,CAAC,eAAe,EAAE;QACpB,MAAM,IAAI,gCAAuB,CAC/B,0CAA0C,iBAAiB,qDAAqD,CACjH,CAAC;KACH;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAEnE,IAAI,mBAAmB,GAAG,WAAW,CACnC,IAAI,EACJ,iBAAiB,EACjB,iBAAiB,CAClB,CAAC;IAEF,MAAM,2BAA2B,GAAG,MAAA,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,0CAAE,OAAO,0CAAE,WAAW,CAAC;IAC5E,IACE,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,4BAA4B,EAC5B;QACA,IAAI,2BAA2B,EAAE;YAC/B,mBAAmB,GAAG,2BAA2B,CAAC;SACnD;aAAM;YACL,KAAK,CACH,4FAA4F,mBAAmB,EAAE,CAClH,CAAC;SACH;KACF;IAED,IAAI,gBAAgB,GAAqB,EAAE,CAAC;IAC5C,IAAI,sBAAsB,EAAE;QAC1B,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE;YACjD,MAAM,IAAI,gCAAuB,CAC/B,+LAA+L,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,SAAS,GAAG,CAC7N,CAAC;SACH;QAED,6DAA6D;QAC7D,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;QAExB,0HAA0H;QAC1H,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC3D,gFAAgF;QAChF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAC3B,UAAU,EACV,GAAG,2BAA2B,YAAY,CAC3C,CAAC;QACF,gBAAgB,GAAG,eAAe,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;KACxE;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CACrC,mBAAmB,EACnB,QAAQ,EACR,gBAAgB,CACjB,CAAC;IACF,OAAO;QACL,eAAe,EAAE,QAAQ;QACzB,eAAe,EAAE,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,QAAQ;KAC3C,CAAC;AACJ,CAAC;AA/ED,wDA+EC;AAEM,KAAK,UAAU,qBAAqB,CACzC,IAAwB,EACxB,UAA8B,EAC9B,kBAAsC,EACtC,YAA0B,EAC1B,4BAAqC,EACrC,iBAA0B;;IAE1B,MAAM,QAAQ,GAAG,IAAI,IAAI,GAAG,CAAC;IAC7B,MAAM,cAAc,GAAG,UAAU,IAAI,GAAG,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;IACrD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,iBAAiB,CACtC,kBAAkB,EAClB,iBAAiB,CAClB,CAAC;IAEF,MAAM,IAAI,GAAG;QACX,YAAY,EAAE,EAAE;QAChB,IAAI,EAAE,EAAE;QACR,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,iBAAiB,EAAE,iBAAiB,CAAC;QAC7D,oBAAoB,EAAE,aAAa;QACnC,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,IAAI,eAA4C,CAAC;IACjD,IAAI;QACF,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE;YAC7C,eAAe,GAAG,MAAM,YAAY,CAAC,+BAA+B,CAClE,iBAAiB,CAClB,CAAC;SACH;aAAM;YACL,sEAAsE;YACtE,MAAM,0BAA0B,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;YACxE,eAAe,GAAG,MAAM,YAAY,CAAC,+BAA+B,CAClE,0BAA0B,CAC3B,CAAC;YAEF,+FAA+F;YAC/F,IAAI,CAAC,eAAe,EAAE;gBACpB,+CAA+C;gBAC/C,IAAI,YAAY,KAAK,oBAAY,CAAC,eAAe,EAAE;oBACjD,eAAe;wBACb,MAAM,oBAAoB,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC;iBACrE;aACF;SACF;KACF;IAAC,OAAO,KAAc,EAAE;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC9B;IAED,IAAI,CAAC,IAAI,GAAG;QACV,eAAe,EAAE,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,EAAE,sCAAsC;KAChH,CAAC;IAEF,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAEzE,IACE,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,4BAA4B,EAC5B;QACA,MAAM,WAAW,GAAG,MAAA,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,0CAAE,OAAO,0CAAE,WAAW,CAAC;QAE5D,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;SACzB;aAAM;YACL,KAAK,CACH,2FAA2F;gBACzF,IAAI,CAAC,IAAI,CACZ,CAAC;SACH;KACF;IAED,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,CAC3B,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,cAAc,CACf,CAAC;AACJ,CAAC;AAjFD,sDAiFC"}
|
|
@@ -8,6 +8,19 @@ const parseXML = require("xml2js");
|
|
|
8
8
|
const debugModule = require("debug");
|
|
9
9
|
const framework_1 = require("../framework");
|
|
10
10
|
const debug = debugModule('snyk');
|
|
11
|
+
function findFile(rootDir, filter) {
|
|
12
|
+
if (!fs.existsSync(rootDir)) {
|
|
13
|
+
throw new errors_1.FileNotFoundError('No such path: ' + rootDir);
|
|
14
|
+
}
|
|
15
|
+
const files = fs.readdirSync(rootDir);
|
|
16
|
+
for (const file of files) {
|
|
17
|
+
const filename = path.resolve(rootDir, file);
|
|
18
|
+
if (filter.test(filename)) {
|
|
19
|
+
return filename;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
return;
|
|
23
|
+
}
|
|
11
24
|
async function getTargetFrameworksFromProjFile(rootDir) {
|
|
12
25
|
return new Promise((resolve, reject) => {
|
|
13
26
|
debug('Looking for your .csproj file in ' + rootDir);
|
|
@@ -53,16 +66,4 @@ async function getTargetFrameworksFromProjFile(rootDir) {
|
|
|
53
66
|
});
|
|
54
67
|
}
|
|
55
68
|
exports.getTargetFrameworksFromProjFile = getTargetFrameworksFromProjFile;
|
|
56
|
-
function findFile(rootDir, filter) {
|
|
57
|
-
if (!fs.existsSync(rootDir)) {
|
|
58
|
-
throw new errors_1.FileNotFoundError('No such path: ' + rootDir);
|
|
59
|
-
}
|
|
60
|
-
const files = fs.readdirSync(rootDir);
|
|
61
|
-
for (const file of files) {
|
|
62
|
-
const filename = path.resolve(rootDir, file);
|
|
63
|
-
if (filter.test(filename)) {
|
|
64
|
-
return filename;
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
}
|
|
68
69
|
//# sourceMappingURL=csproj-parser.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csproj-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/csproj-parser.ts"],"names":[],"mappings":";;;AAAA,yCAA0E;AAE1E,yBAAyB;AACzB,6BAA6B;AAC7B,mCAAmC;AACnC,qCAAqC;AAErC,4CAAmD;
|
|
1
|
+
{"version":3,"file":"csproj-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/csproj-parser.ts"],"names":[],"mappings":";;;AAAA,yCAA0E;AAE1E,yBAAyB;AACzB,6BAA6B;AAC7B,mCAAmC;AACnC,qCAAqC;AAErC,4CAAmD;AAEnD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,SAAS,QAAQ,CAAC,OAAO,EAAE,MAAM;IAC/B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QAC3B,MAAM,IAAI,0BAAiB,CAAC,gBAAgB,GAAG,OAAO,CAAC,CAAC;KACzD;IACD,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAE7C,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YACzB,OAAO,QAAQ,CAAC;SACjB;KACF;IACD,OAAO;AACT,CAAC;AAEM,KAAK,UAAU,+BAA+B,CACnD,OAAe;IAEf,OAAO,IAAI,OAAO,CAA8B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClE,KAAK,CAAC,mCAAmC,GAAG,OAAO,CAAC,CAAC;QACrD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE;YACf,KAAK,CAAC,4BAA4B,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC;YACpD,OAAO,CAAC,SAAS,CAAC,CAAC;YACnB,OAAO;SACR;QAED,KAAK,CAAC,kDAAkD,GAAG,UAAU,CAAC,CAAC;QAEvE,MAAM,cAAc,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAEnD,IAAI,gBAAgB,GAAoC,EAAE,CAAC;QAC3D,QAAQ,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,GAAG,EAAE,oBAAoB,EAAE,EAAE;;YACjE,IAAI,GAAG,EAAE;gBACP,MAAM,CAAC,IAAI,gCAAuB,CAAC,GAAG,CAAC,CAAC,CAAC;gBACzC,OAAO;aACR;YAED,MAAM,sBAAsB,GAC1B,CAAA,MAAA,MAAA,oBAAoB,aAApB,oBAAoB,uBAApB,oBAAoB,CAAE,OAAO,0CAAE,aAAa,0CAAE,MAAM,CAClD,CAAC,gBAAgB,EAAE,aAAa,EAAE,EAAE;;gBAClC,MAAM,qBAAqB,GACzB,CAAA,MAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,sBAAsB,0CAAG,CAAC,CAAC;qBAC1C,MAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,eAAe,0CAAG,CAAC,CAAC,CAAA;qBACnC,MAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,gBAAgB,0CAAG,CAAC,CAAC,CAAA;oBACpC,EAAE,CAAC;gBAEL,OAAO,gBAAgB;qBACpB,MAAM,CAAC,qBAAqB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;qBACxC,MAAM,CAAC,OAAO,CAAC,CAAC;YACrB,CAAC,EACD,EAAE,CACH,KAAI,EAAE,CAAC;YAEV,IAAI,sBAAsB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACrC,KAAK,CACH,uDAAuD;oBACrD,kEAAkE;oBAClE,mBAAmB,CACtB,CAAC;aACH;YACD,gBAAgB,GAAG,sBAAsB;iBACtC,GAAG,CAAC,+BAAmB,CAAC;iBACxB,MAAM,CAAC,OAAO,CAAC,CAAC;YACnB,IAAI,sBAAsB,CAAC,MAAM,GAAG,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACpE,KAAK,CACH,uEAAuE;oBACrE,UAAU,CACb,CAAC;aACH;YACD,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AA1DD,0EA0DC"}
|
|
@@ -17,6 +17,13 @@ function initFreqDepsDict() {
|
|
|
17
17
|
freqDeps['System.Reflection'] = false;
|
|
18
18
|
freqDeps['System.Globalization'] = false;
|
|
19
19
|
}
|
|
20
|
+
function isScanned(nodes, pkg) {
|
|
21
|
+
const node = nodes.find((elem) => elem.name === pkg.name && elem.version === pkg.version);
|
|
22
|
+
return !!node;
|
|
23
|
+
}
|
|
24
|
+
function isFreqDep(packageName) {
|
|
25
|
+
return packageName in freqDeps;
|
|
26
|
+
}
|
|
20
27
|
function pick(obj, keys) {
|
|
21
28
|
const pickedObj = {};
|
|
22
29
|
Object.keys(obj).forEach((k) => {
|
|
@@ -31,46 +38,6 @@ function convertFromPathSyntax(path) {
|
|
|
31
38
|
name = name.split('\\').join('@'); // windows
|
|
32
39
|
return name;
|
|
33
40
|
}
|
|
34
|
-
function collectFlatList(targetObj) {
|
|
35
|
-
const names = Object.keys(targetObj);
|
|
36
|
-
return names.map((name) => {
|
|
37
|
-
name = convertFromPathSyntax(name);
|
|
38
|
-
return name;
|
|
39
|
-
});
|
|
40
|
-
}
|
|
41
|
-
function buildBfsTree(targetDeps, roots) {
|
|
42
|
-
let queue = [...roots];
|
|
43
|
-
const nodes = [];
|
|
44
|
-
const links = [];
|
|
45
|
-
while (queue.length > 0) {
|
|
46
|
-
const dep = queue.shift();
|
|
47
|
-
const foundPackage = findPackage(targetDeps, dep);
|
|
48
|
-
if (foundPackage && !isScanned(nodes, foundPackage)) {
|
|
49
|
-
nodes.push(foundPackage);
|
|
50
|
-
if (foundPackage.dependencies) {
|
|
51
|
-
addPackageDepLinks(links, foundPackage);
|
|
52
|
-
queue = queue.concat(Object.keys(foundPackage.dependencies));
|
|
53
|
-
}
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
|
-
return constructTree(roots, nodes, links);
|
|
57
|
-
}
|
|
58
|
-
function isScanned(nodes, pkg) {
|
|
59
|
-
const node = nodes.find((elem) => elem.name === pkg.name && elem.version === pkg.version);
|
|
60
|
-
return !!node;
|
|
61
|
-
}
|
|
62
|
-
function isFreqDep(packageName) {
|
|
63
|
-
return packageName in freqDeps;
|
|
64
|
-
}
|
|
65
|
-
function addPackageDepLinks(links, pkg) {
|
|
66
|
-
if (pkg && pkg.dependencies) {
|
|
67
|
-
const from = { name: pkg.name, version: pkg.version };
|
|
68
|
-
for (const name of Object.keys(pkg.dependencies)) {
|
|
69
|
-
const to = { name, version: pkg.dependencies[name] };
|
|
70
|
-
links.push({ from, to });
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
}
|
|
74
41
|
function findPackage(targetDeps, depName) {
|
|
75
42
|
debug(`Looking for ${depName}`);
|
|
76
43
|
const depNameLowerCase = depName.toLowerCase();
|
|
@@ -101,7 +68,9 @@ function constructTree(roots, nodes, links) {
|
|
|
101
68
|
const parentNode = treeMap[parentName];
|
|
102
69
|
const childNode = treeMap[childName];
|
|
103
70
|
if (!isFreqDep(childName)) {
|
|
104
|
-
parentNode.dependencies[childName] =
|
|
71
|
+
parentNode.dependencies[childName] = {
|
|
72
|
+
...childNode,
|
|
73
|
+
};
|
|
105
74
|
}
|
|
106
75
|
}
|
|
107
76
|
const tree = pick(treeMap, roots);
|
|
@@ -115,6 +84,39 @@ function constructTree(roots, nodes, links) {
|
|
|
115
84
|
}
|
|
116
85
|
return tree;
|
|
117
86
|
}
|
|
87
|
+
function collectFlatList(targetObj) {
|
|
88
|
+
const names = Object.keys(targetObj);
|
|
89
|
+
return names.map((name) => {
|
|
90
|
+
name = convertFromPathSyntax(name);
|
|
91
|
+
return name;
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
function addPackageDepLinks(links, pkg) {
|
|
95
|
+
if (pkg && pkg.dependencies) {
|
|
96
|
+
const from = { name: pkg.name, version: pkg.version };
|
|
97
|
+
for (const name of Object.keys(pkg.dependencies)) {
|
|
98
|
+
const to = { name, version: pkg.dependencies[name] };
|
|
99
|
+
links.push({ from, to });
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
function buildBfsTree(targetDeps, roots) {
|
|
104
|
+
let queue = [...roots];
|
|
105
|
+
const nodes = [];
|
|
106
|
+
const links = [];
|
|
107
|
+
while (queue.length > 0) {
|
|
108
|
+
const dep = queue.shift();
|
|
109
|
+
const foundPackage = findPackage(targetDeps, dep);
|
|
110
|
+
if (foundPackage && !isScanned(nodes, foundPackage)) {
|
|
111
|
+
nodes.push(foundPackage);
|
|
112
|
+
if (foundPackage.dependencies) {
|
|
113
|
+
addPackageDepLinks(links, foundPackage);
|
|
114
|
+
queue = queue.concat(Object.keys(foundPackage.dependencies));
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
return constructTree(roots, nodes, links);
|
|
119
|
+
}
|
|
118
120
|
function getFrameworkToRun(manifest) {
|
|
119
121
|
var _a;
|
|
120
122
|
const frameworks = (_a = manifest === null || manifest === void 0 ? void 0 : manifest.project) === null || _a === void 0 ? void 0 : _a.frameworks;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-parser.ts"],"names":[],"mappings":";;;AAAA,yCAAoD;AACpD,qCAAqC;AAErC,4BAA4B;
|
|
1
|
+
{"version":3,"file":"dotnet-core-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-parser.ts"],"names":[],"mappings":";;;AAAA,yCAAoD;AACpD,qCAAqC;AAErC,4BAA4B;AAE5B,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAkB9B,MAAM,QAAQ,GAAa,EAAE,CAAC;AAE9B,SAAS,gBAAgB;IACvB,QAAQ,CAAC,6BAA6B,CAAC,GAAG,KAAK,CAAC;IAChD,QAAQ,CAAC,2BAA2B,CAAC,GAAG,KAAK,CAAC;IAC9C,QAAQ,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC;IACnC,QAAQ,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;IAC9B,QAAQ,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC;IACzC,QAAQ,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC;IAC3C,QAAQ,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC;IACtC,QAAQ,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC;AAC3C,CAAC;AAED,SAAS,SAAS,CAAC,KAAmB,EAAE,GAAe;IACrD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CACrB,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,GAAG,CAAC,OAAO,CACjE,CAAC;IACF,OAAO,CAAC,CAAC,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,SAAS,CAAC,WAAmB;IACpC,OAAO,WAAW,IAAI,QAAQ,CAAC;AACjC,CAAC;AAED,SAAS,IAAI,CAAC,GAA4B,EAAE,IAAc;IACxD,MAAM,SAAS,GAA4B,EAAE,CAAC;IAE9C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;QAC7B,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YACpB,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;SACvB;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAI;IACjC,IAAI,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ;IAC9C,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IAC7C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,UAAU,EAAE,OAAe;IAC9C,KAAK,CAAC,eAAe,OAAO,EAAE,CAAC,CAAC;IAChC,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAC/C,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;QAChD,MAAM,mBAAmB,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;QAC9D,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GACvC,mBAAmB,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC/C,IAAI,cAAc,CAAC,WAAW,EAAE,KAAK,gBAAgB,EAAE;YACrD,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,iBAAiB;gBAC1B,YAAY,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC,YAAY;aAClD,CAAC;SACH;KACF;IACD,KAAK,CAAC,kBAAkB,OAAO,EAAE,CAAC,CAAC;IACnC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,aAAa,CAAC,KAAe,EAAE,KAAmB,EAAE,KAAgB;IAC3E,MAAM,OAAO,GAAG,EAAE,CAAC;IACnB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QAC/B,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC;KAC1B;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;QAC/B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QACrC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;YACzB,UAAU,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG;gBACnC,GAAG,SAAS;aACb,CAAC;SACH;KACF;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAClC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;QACvC,IAAI,CAAC,wBAAwB,CAAC,GAAG;YAC/B,IAAI,EAAE,wBAAwB;YAC9B,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,WAAW;SAC1B,CAAC;KACH;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,SAAS;IAChC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACxB,IAAI,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAgB,EAAE,GAAe;IAC3D,IAAI,GAAG,IAAI,GAAG,CAAC,YAAY,EAAE;QAC3B,MAAM,IAAI,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;QACtD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YAChD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;SAC1B;KACF;AACH,CAAC;AAED,SAAS,YAAY,CAAC,UAAU,EAAE,KAAK;IACrC,IAAI,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IACvB,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAc,EAAE,CAAC;IAC5B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACvB,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAClD,IAAI,YAAY,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,EAAE;YACnD,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACzB,IAAI,YAAY,CAAC,YAAY,EAAE;gBAC7B,kBAAkB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;gBACxC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC;aAC9D;SACF;KACF;IACD,OAAO,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAQ;;IACjC,MAAM,UAAU,GAAG,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,0CAAE,UAAU,CAAC;IAEjD,KAAK,CAAC,0BAA0B,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAE5D,oEAAoE;IACpE,0BAA0B;IAC1B,MAAM,oBAAoB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IACxD,KAAK,CAAC,wBAAwB,oBAAoB,GAAG,CAAC,CAAC;IACvD,OAAO,oBAAoB,CAAC;AAC9B,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAQ;IACjC,KAAK,CAAC,uBAAuB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE/D,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,KAAK,CAAC,qBAAqB,iBAAiB,GAAG,CAAC,CAAC;IACjD,iEAAiE;IACjE,0BAA0B;IAC1B,OAAO,QAAQ,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAQ;IAChC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE;QACrB,MAAM,IAAI,6BAAoB,CAC5B,oDAAoD,CACrD,CAAC;KACH;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE;QAChC,MAAM,IAAI,6BAAoB,CAC5B,iDAAiD,CAClD,CAAC;KACH;IAED,IACE,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU;QAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EACrD;QACA,MAAM,IAAI,6BAAoB,CAC5B,gDAAgD,CACjD,CAAC;KACH;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE;QACrB,MAAM,IAAI,6BAAoB,CAC5B,8CAA8C,CAC/C,CAAC;KACH;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;QACnE,MAAM,IAAI,6BAAoB,CAC5B,6CAA6C,CAC9C,CAAC;KACH;AACH,CAAC;AAEM,KAAK,UAAU,KAAK,CAAC,IAAI,EAAE,QAAQ;IACxC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAE9C,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAE3B,IAAI,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE;QAC5B,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC;KACzC;IAED,6FAA6F;IAC7F,KAAK;IACL,qEAAqE;IACrE,8DAA8D;IAC9D,IACE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe;QAC1B,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,SAAS,EACpE;QACA,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;KACzD;IACD,MAAM,oBAAoB,GACxB,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAEzD,qFAAqF;IACrF,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAEtD,gBAAgB,EAAE,CAAC;IAEnB,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,YAAY;QAC1D,CAAC,CAAC,eAAe,CAAC,oBAAoB,CAAC,YAAY,CAAC;QACpD,CAAC,CAAC,EAAE,CAAC;IACP,KAAK,CAAC,wBAAwB,kBAAkB,GAAG,CAAC,CAAC;IAErD,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,CAAC;IACxE,sDAAsD;IACtD,yBAAyB;IAEzB,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC;AACd,CAAC;AAtCD,sBAsCC"}
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.parse = void 0;
|
|
4
4
|
const debugModule = require("debug");
|
|
5
5
|
const dep_graph_1 = require("@snyk/dep-graph");
|
|
6
|
+
const errors_1 = require("../../errors");
|
|
6
7
|
const debug = debugModule('snyk');
|
|
7
8
|
// Dependencies that starts with these are discarded
|
|
8
9
|
const FILTERED_DEPENDENCY_PREFIX = ['runtime'];
|
|
@@ -11,22 +12,33 @@ function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAsse
|
|
|
11
12
|
for (const depNode of Object.entries(node.dependencies || {})) {
|
|
12
13
|
const localVisited = visited || new Set();
|
|
13
14
|
const name = depNode[0];
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
15
|
+
const version = depNode[1];
|
|
16
|
+
const childNode = {
|
|
17
|
+
...targetDeps[`${name}/${version}`],
|
|
18
|
+
name,
|
|
19
|
+
version,
|
|
20
|
+
};
|
|
20
21
|
const childId = `${childNode.name}@${childNode.version}`;
|
|
22
|
+
// If we've supplied runtime assembly versions for self-contained dlls, overwrite the dependency version
|
|
23
|
+
// we've found in the graph with those from the runtime assembly, as they take precedence.
|
|
24
|
+
let assemblyVersion = version;
|
|
25
|
+
if (runtimeAssembly) {
|
|
26
|
+
// The RuntimeAssembly type contains the name with a .dll suffix, as this is how .NET represents them in the
|
|
27
|
+
// dependency file. This must be stripped in order to match the elements during depGraph construction.
|
|
28
|
+
const dll = `${name}.dll`;
|
|
29
|
+
if (dll in runtimeAssembly) {
|
|
30
|
+
assemblyVersion = runtimeAssembly[dll];
|
|
31
|
+
}
|
|
32
|
+
}
|
|
21
33
|
if (localVisited.has(childId)) {
|
|
22
34
|
const prunedId = `${childId}:pruned`;
|
|
23
|
-
depGraphBuilder.addPkgNode({ name: childNode.name, version:
|
|
35
|
+
depGraphBuilder.addPkgNode({ name: childNode.name, version: assemblyVersion }, prunedId, {
|
|
24
36
|
labels: { pruned: 'true' },
|
|
25
37
|
});
|
|
26
38
|
depGraphBuilder.connectDep(parentId, prunedId);
|
|
27
39
|
continue;
|
|
28
40
|
}
|
|
29
|
-
depGraphBuilder.addPkgNode({ name: childNode.name, version:
|
|
41
|
+
depGraphBuilder.addPkgNode({ name: childNode.name, version: assemblyVersion }, childId);
|
|
30
42
|
depGraphBuilder.connectDep(parentId, childId);
|
|
31
43
|
localVisited.add(childId);
|
|
32
44
|
recursivelyPopulateNodes(depGraphBuilder, targetDeps, childNode, runtimeAssembly, localVisited);
|
|
@@ -37,16 +49,27 @@ function buildGraph(projectName, projectAssets, runtimeAssembly) {
|
|
|
37
49
|
name: projectName,
|
|
38
50
|
version: projectAssets.project.version,
|
|
39
51
|
});
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
const
|
|
52
|
+
if (Object.keys(projectAssets.project.frameworks).length <= 0) {
|
|
53
|
+
throw new errors_1.FileNotProcessableError('no target frameworks found in assets file');
|
|
54
|
+
}
|
|
55
|
+
const targetFramework = Object.keys(projectAssets.project.frameworks)[0]; // FIXME: Multiple frameworks
|
|
56
|
+
const topLevelDeps = Object.keys(projectAssets.project.frameworks[targetFramework].dependencies);
|
|
57
|
+
// The list of targets gets decorated differently depending on version of the TargetFramework, (.NET 5+ versions
|
|
58
|
+
// just have their key as the target (net6.0), but .NET Standard append a version, such as .NETStandard,Version=VN.N.N).
|
|
59
|
+
if (Object.keys(projectAssets.targets).length <= 0) {
|
|
60
|
+
throw new errors_1.FileNotProcessableError('no target dependencies in found in assets file');
|
|
61
|
+
}
|
|
62
|
+
// FIXME: As mentioned all over the place, we just access the first target framework we come across. There should be
|
|
63
|
+
// at least one, regardless.
|
|
64
|
+
const targetFrameworkDependencies = Object.values(projectAssets.targets)[0];
|
|
65
|
+
// Iterate over all the dependencies found in the target dependency list, and build the depGraph based off of that.
|
|
66
|
+
const targetDeps = Object.entries(targetFrameworkDependencies).reduce((acc, entry) => {
|
|
45
67
|
const [nameWithVersion, pkg] = entry;
|
|
68
|
+
// Ignore packages with specific prefixes, which for one reason or the other are no interesting and pollutes the graph.
|
|
46
69
|
if (FILTERED_DEPENDENCY_PREFIX.some((prefix) => nameWithVersion.startsWith(prefix))) {
|
|
47
70
|
return acc;
|
|
48
71
|
}
|
|
49
|
-
return
|
|
72
|
+
return { ...acc, [nameWithVersion]: pkg };
|
|
50
73
|
}, {});
|
|
51
74
|
const topLevelDepPackages = topLevelDeps.reduce((acc, topLevelDepName) => {
|
|
52
75
|
const nameWithVersion = Object.keys(targetDeps).find((targetDep) => targetDep.startsWith(topLevelDepName));
|
|
@@ -54,7 +77,7 @@ function buildGraph(projectName, projectAssets, runtimeAssembly) {
|
|
|
54
77
|
throw new Error("cant find a name and a version in assets file, something's very malformed");
|
|
55
78
|
}
|
|
56
79
|
const [name, version] = nameWithVersion.split('/');
|
|
57
|
-
return
|
|
80
|
+
return { ...acc, [name]: version };
|
|
58
81
|
}, {});
|
|
59
82
|
const rootNode = {
|
|
60
83
|
type: 'root',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AAErC,+CAAkD;AAElD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AAErC,+CAAkD;AAElD,yCAAuD;AAEvD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAiBlC,oDAAoD;AACpD,MAAM,0BAA0B,GAAG,CAAC,SAAS,CAAC,CAAC;AAE/C,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,UAAyC,EACzC,IAAmB,EACnB,eAAkC,EAClC,OAAqB;IAErB,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;IAEtE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE;QAC7D,MAAM,YAAY,GAAG,OAAO,IAAI,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE3B,MAAM,SAAS,GAAG;YAChB,GAAG,UAAU,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;YACnC,IAAI;YACJ,OAAO;SACR,CAAC;QAEF,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QAEzD,wGAAwG;QACxG,0FAA0F;QAC1F,IAAI,eAAe,GAAG,OAAO,CAAC;QAC9B,IAAI,eAAe,EAAE;YACnB,4GAA4G;YAC5G,sGAAsG;YACtG,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;YAC1B,IAAI,GAAG,IAAI,eAAe,EAAE;gBAC1B,eAAe,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;aACxC;SACF;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;YAC7B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,SAAS;SACV;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,wBAAwB,CACtB,eAAe,EACf,UAAU,EACV,SAAS,EACT,eAAe,EACf,YAAY,CACb,CAAC;KACH;AACH,CAAC;AAED,SAAS,UAAU,CACjB,WAAmB,EACnB,aAA4B,EAC5B,eAAkC;IAElC,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE;QAC7D,MAAM,IAAI,gCAAuB,CAC/B,2CAA2C,CAC5C,CAAC;KACH;IAED,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,6BAA6B;IACvG,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAC9B,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,YAAY,CAC/D,CAAC;IAEF,gHAAgH;IAChH,wHAAwH;IACxH,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE;QAClD,MAAM,IAAI,gCAAuB,CAC/B,gDAAgD,CACjD,CAAC;KACH;IAED,oHAAoH;IACpH,6BAA6B;IAC7B,MAAM,2BAA2B,GAAG,MAAM,CAAC,MAAM,CAC/C,aAAa,CAAC,OAAO,CACtB,CAAC,CAAC,CAAkC,CAAC;IAEtC,mHAAmH;IACnH,MAAM,UAAU,GAAkC,MAAM,CAAC,OAAO,CAC9D,2BAA2B,CAC5B,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACtB,MAAM,CAAC,eAAe,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;QAErC,uHAAuH;QACvH,IACE,0BAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACzC,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,CACnC,EACD;YACA,OAAO,GAAG,CAAC;SACZ;QAED,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC;IAC5C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,mBAAmB,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,eAAe,EAAE,EAAE;QACvE,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CACjE,SAAS,CAAC,UAAU,CAAC,eAAe,CAAC,CACtC,CAAC;QACF,IAAI,CAAC,eAAe,EAAE;YACpB,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;SACH;QAED,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEnD,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC;IACrC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,mBAAmB;KACjB,CAAC;IAEnB,wBAAwB,CACtB,eAAe,EACf,UAAU,EACV,QAAQ,EACR,eAAe,CAChB,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,aAA4B,EAC5B,eAAkC;IAElC,KAAK,CAAC,6DAA6D,CAAC,CAAC;IAErE,IAAI,MAAM,CAAC;IACX,IAAI,CAAC,eAAe,EAAE;QACpB,MAAM,GAAG,UAAU,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;KACjD;SAAM;QACL,MAAM,GAAG,UAAU,CAAC,WAAW,EAAE,aAAa,EAAE,eAAe,CAAC,CAAC;KAClE;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAdD,sBAcC"}
|
|
@@ -3,8 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.parse = exports.fromFolderName = exports.cloneShallow = void 0;
|
|
4
4
|
const fs = require("fs");
|
|
5
5
|
const path = require("path");
|
|
6
|
-
const nuspec_parser_1 = require("./nuspec-parser");
|
|
7
6
|
const debugModule = require("debug");
|
|
7
|
+
const nuspec_parser_1 = require("./nuspec-parser");
|
|
8
8
|
const invalid_folder_format_error_1 = require("../../errors/invalid-folder-format-error");
|
|
9
9
|
const debug = debugModule('snyk');
|
|
10
10
|
function cloneShallow(dep) {
|
|
@@ -64,9 +64,10 @@ function scanInstalled(installedPackages, packagesFolder) {
|
|
|
64
64
|
try {
|
|
65
65
|
return fromFolderName(folderName);
|
|
66
66
|
}
|
|
67
|
-
catch (
|
|
67
|
+
catch (error) {
|
|
68
68
|
debug('Unable to parse dependency from folder');
|
|
69
|
-
debug(
|
|
69
|
+
debug(error);
|
|
70
|
+
return;
|
|
70
71
|
}
|
|
71
72
|
})
|
|
72
73
|
.forEach((dep) => {
|
|
@@ -89,9 +90,9 @@ function scanInstalled(installedPackages, packagesFolder) {
|
|
|
89
90
|
}
|
|
90
91
|
});
|
|
91
92
|
}
|
|
92
|
-
catch (
|
|
93
|
+
catch (error) {
|
|
93
94
|
debug('Could not complete packages folder scanning');
|
|
94
|
-
debug(
|
|
95
|
+
debug(error);
|
|
95
96
|
}
|
|
96
97
|
return flattenedPackageList;
|
|
97
98
|
}
|
|
@@ -109,8 +110,8 @@ async function fetchNugetInformationFromPackages(flattenedPackageList, targetFra
|
|
|
109
110
|
catch (e) {
|
|
110
111
|
debug('Failed parsing nuspec file');
|
|
111
112
|
debug(e);
|
|
112
|
-
//log but make sure to rethrow the error
|
|
113
|
-
//why? if we cannot parse nuspec file, we got nothing to do!
|
|
113
|
+
// log but make sure to rethrow the error
|
|
114
|
+
// why? if we cannot parse nuspec file, we got nothing to do!
|
|
114
115
|
throw e;
|
|
115
116
|
}
|
|
116
117
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-framework-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-framework-parser.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAC7B,
|
|
1
|
+
{"version":3,"file":"dotnet-framework-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-framework-parser.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAC7B,qCAAqC;AACrC,mDAA8C;AAE9C,0FAAoF;AAEpF,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,SAAgB,YAAY,CAAC,GAAe;IAC1C,kCAAkC;IAClC,OAAO;QACL,YAAY,EAAE,EAAE;QAChB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC;AACJ,CAAC;AAPD,oCAOC;AAED,SAAS,6BAA6B,CAAC,UAAU;IAC/C,MAAM,gBAAgB,GACpB,gEAAgE,CAAC,IAAI,CACnE,UAAU,CACX,CAAC;IAEJ,IAAI,gBAAgB,IAAI,IAAI,EAAE;QAC5B,KAAK,CACH,8CAA8C,UAAU,uIAAuI,CAChM,CAAC;QACF,MAAM,IAAI,sDAAwB,CAChC,6EAA6E,UAAU,EAAE,CAC1F,CAAC;KACH;IAED,MAAM,UAAU,GAAG,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAG,CAAC,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,OAAO;QACL,IAAI;QACJ,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;KAC7B,CAAC;AACJ,CAAC;AAED,SAAgB,cAAc,CAAC,UAAU;IACvC,KAAK,CAAC,4BAA4B,GAAG,UAAU,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,6BAA6B,CAAC,UAAU,CAAC,CAAC;IACvD,OAAO;QACL,YAAY,EAAE,EAAE;QAChB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AARD,wCAQC;AAED,SAAS,UAAU,CAAC,GAAG,EAAE,cAAc;IACrC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,SAAS;QACtB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,SAAS,CAAC;QAC7C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,GAAG,CAAC,SAAS,EAAE;QACjB,OAAO,GAAG,CAAC,SAAS,CAAC;KACtB;AACH,CAAC;AAED,SAAS,aAAa,CAAC,iBAAiB,EAAE,cAAc;IACtD,MAAM,oBAAoB,GAAG,EAAE,CAAC;IAChC,KAAK,CAAC,UAAU,GAAG,iBAAiB,CAAC,MAAM,GAAG,uBAAuB,CAAC,CAAC;IACvE,iBAAiB,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QAClC,UAAU,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QAClC,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC;YAC9B,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;QAC5C,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,IAAI,GAAG,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IACH,IAAI;QACF,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAC1C,KAAK,CAAC,iDAAiD,GAAG,cAAc,CAAC,CAAC;QAC1E,EAAE,CAAC,WAAW,CAAC,cAAc,CAAC;aAC3B,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE;YAClB,IAAI;gBACF,OAAO,cAAc,CAAC,UAAU,CAAC,CAAC;aACnC;YAAC,OAAO,KAAc,EAAE;gBACvB,KAAK,CAAC,wCAAwC,CAAC,CAAC;gBAChD,KAAK,CAAC,KAAK,CAAC,CAAC;gBACb,OAAO;aACR;QACH,CAAC,CAAC;aACD,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACf,IAAI,GAAG,EAAE;gBACP,UAAU,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;gBAChC,kEAAkE;gBAClE,IACE,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC;oBAC9B,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,CAAC,OAAO,EACtD;oBACA,wDAAwD;oBACxD,KAAK,CACH,cAAc;wBACZ,GAAG,CAAC,IAAI;wBACR,eAAe;wBACf,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO;wBACtC,oCAAoC;wBACpC,uCAAuC;wBACvC,GAAG,CAAC,OAAO;wBACX,2BAA2B,CAC9B,CAAC;oBACF,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;iBACtC;aACF;QACH,CAAC,CAAC,CAAC;KACN;IAAC,OAAO,KAAc,EAAE;QACvB,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACrD,KAAK,CAAC,KAAK,CAAC,CAAC;KACd;IACD,OAAO,oBAAoB,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,iCAAiC,CAC9C,oBAAoB,EACpB,eAAe;IAEf,MAAM,uBAAuB,GAAU,EAAE,CAAC;IAC1C,uEAAuE;IACvE,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACzC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE;QACpD,IAAI;YACF,MAAM,GAAG,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;YACpB,MAAM,QAAQ,GAAG,MAAM,IAAA,2BAAW,EAAC,GAAG,EAAE,eAAe,CAAC,CAAC;YACzD,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SACxC;QAAC,OAAO,CAAC,EAAE;YACV,KAAK,CAAC,4BAA4B,CAAC,CAAC;YACpC,KAAK,CAAC,CAAC,CAAC,CAAC;YACT,yCAAyC;YACzC,6DAA6D;YAC7D,MAAM,CAAC,CAAC;SACT;KACF;IACD,OAAO,uBAAuB,CAAC;AACjC,CAAC;AAED,SAAS,uBAAuB,CAAC,qBAAqB;IACpD,MAAM,iBAAiB,GAAG,EAAE,CAAC;IAC7B,qBAAqB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;QAC3C,IAAI,CAAC,UAAU,EAAE;YACf,OAAO;SACR,CAAC,cAAc;QAChB,KAAK,CAAC,uBAAuB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QACjD,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;IAClD,CAAC,CAAC,CAAC;IACH,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,SAAS,SAAS,CAChB,IAAI,EACJ,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB;IAEjB,KAAK,MAAM,aAAa,IAAI,gBAAgB,EAAE;QAC5C,IAAI,oBAAgC,CAAC;QACrC,IAAI,oBAAoB,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE;YAC5C,kBAAkB;YAClB,oBAAoB,GAAG,YAAY,CACjC,oBAAoB,CAAC,aAAa,CAAC,IAAI,CAAC,CACzC,CAAC;SACH;aAAM;YACL,8BAA8B;YAC9B,oBAAoB,GAAG;gBACrB,YAAY,EAAE,EAAE;gBAChB,IAAI,EAAE,aAAa,CAAC,IAAI;gBACxB,OAAO,EAAE,aAAa,CAAC,OAAO;aAC/B,CAAC;SACH;QACD,MAAM,kBAAkB,GACtB,CAAC,iBAAiB,CAAC,oBAAoB,CAAC,IAAI,CAAC;YAC3C,iBAAiB,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;YACxD,EAAE,CAAC;QACL,SAAS,CACP,oBAAoB,EACpB,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,CAClB,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC;KACrE;AACH,CAAC;AAEM,KAAK,UAAU,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,eAAe,EAAE,cAAc;IACzE,IAAI,CAAC,eAAe,EAAE;QACpB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;KAC3D;IAED,MAAM,oBAAoB,GAAG,aAAa,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACrE,MAAM,uBAAuB,GAAG,MAAM,iCAAiC,CACrE,oBAAoB,EACpB,eAAe,CAChB,CAAC;IACF,MAAM,iBAAiB,GAAG,uBAAuB,CAAC,uBAAuB,CAAC,CAAC;IAC3E,uEAAuE;IACvE,gDAAgD;IAChD,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAElC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QACxD,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,YAAY,CAC3C,oBAAoB,CAAC,WAAW,CAAC,CAClC,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE;QACxB,iDAAiD;QACjD,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE;YAC3B,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,YAAY,CAAC,oBAAoB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;YACjE,SAAS,CACP,IAAI,EACJ,UAAU,CAAC,QAAQ,EACnB,oBAAoB,EACpB,iBAAiB,CAClB,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;SACrC;KACF;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AApCD,sBAoCC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.parseNuspec = exports.parse = void 0;
|
|
4
4
|
const JSZip = require("jszip");
|
|
5
5
|
const fs = require("fs");
|
|
6
6
|
const path = require("path");
|
|
@@ -8,100 +8,33 @@ const parseXML = require("xml2js");
|
|
|
8
8
|
const debugModule = require("debug");
|
|
9
9
|
const debug = debugModule('snyk');
|
|
10
10
|
const targetFrameworkRegex = /([.a-zA-Z]+)([.0-9]+)/;
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
if (!
|
|
18
|
-
|
|
19
|
-
}
|
|
20
|
-
const nuspecContent = await loadNuspecFromAsync(dep);
|
|
21
|
-
if (nuspecContent === null) {
|
|
22
|
-
debug('failed to load nuspec content');
|
|
23
|
-
return null;
|
|
24
|
-
}
|
|
25
|
-
return await parse(nuspecContent, targetFramework, dep.name);
|
|
26
|
-
}
|
|
27
|
-
exports.parseNuspec = parseNuspec;
|
|
28
|
-
async function loadNuspecFromAsync(dep) {
|
|
29
|
-
const nupkgPath = path.resolve(dep.path, dep.name + '.' + dep.version + '.nupkg');
|
|
30
|
-
let nupkgData;
|
|
31
|
-
try {
|
|
32
|
-
nupkgData = fs.readFileSync(nupkgPath);
|
|
33
|
-
}
|
|
34
|
-
catch (err) {
|
|
35
|
-
if (err.code == 'ENOENT') {
|
|
36
|
-
debug('No nupkg file found at ' + nupkgPath);
|
|
37
|
-
return null; //this is needed not to break existing code flow
|
|
38
|
-
}
|
|
39
|
-
else {
|
|
40
|
-
throw err;
|
|
41
|
-
}
|
|
11
|
+
var SupportedEncodings;
|
|
12
|
+
(function (SupportedEncodings) {
|
|
13
|
+
SupportedEncodings["UTF8"] = "utf-8";
|
|
14
|
+
SupportedEncodings["UTF16LE"] = "utf-16le";
|
|
15
|
+
})(SupportedEncodings || (SupportedEncodings = {}));
|
|
16
|
+
function extractDepsForPlainGroups(rawDependency) {
|
|
17
|
+
if (!rawDependency.group) {
|
|
18
|
+
return [];
|
|
42
19
|
}
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
return
|
|
20
|
+
return rawDependency.group.filter((group) => {
|
|
21
|
+
// valid group with no attributes or no `targetFramework` attribute
|
|
22
|
+
return group && !(group.$ && group.$.targetFramework);
|
|
46
23
|
});
|
|
47
|
-
if (!nuspecFile) {
|
|
48
|
-
throw new Error('`failed to read nupkg file from: ${nupkgPath}`');
|
|
49
|
-
}
|
|
50
|
-
if (!nuspecZipData) {
|
|
51
|
-
throw new Error(`failed to open nupkg file as an archive from: ${nupkgPath}`);
|
|
52
|
-
}
|
|
53
|
-
const rawNuspecContent = await nuspecZipData.files[nuspecFile].async('text');
|
|
54
|
-
const encoding = detectNuspecContentEncoding(rawNuspecContent);
|
|
55
|
-
const encoder = new TextEncoder();
|
|
56
|
-
const encoded = encoder.encode(rawNuspecContent);
|
|
57
|
-
const decoder = new TextDecoder(encoding);
|
|
58
|
-
const encodedNuspecContent = decoder.decode(encoded);
|
|
59
|
-
return removePotentialUtf16Characters(encodedNuspecContent);
|
|
60
24
|
}
|
|
61
|
-
async function parse(nuspecContent, targetFramework, depName) {
|
|
62
|
-
var _a;
|
|
63
|
-
const parsedNuspec = await parseXML.parseStringPromise(nuspecContent);
|
|
64
|
-
let ownDeps = [];
|
|
65
|
-
//note: this will throw if assertion fails
|
|
66
|
-
assertNuspecSchema(nuspecContent, parsedNuspec);
|
|
67
|
-
for (const metadata of parsedNuspec.package.metadata) {
|
|
68
|
-
(_a = metadata.dependencies) === null || _a === void 0 ? void 0 : _a.forEach((rawDependency) => {
|
|
69
|
-
// Find and add target framework version specific dependencies
|
|
70
|
-
const depsForTargetFramework = extractDepsForTargetFramework(rawDependency, targetFramework);
|
|
71
|
-
if (depsForTargetFramework && depsForTargetFramework.group) {
|
|
72
|
-
ownDeps = ownDeps.concat(extractDepsFromRaw(depsForTargetFramework.group.dependency));
|
|
73
|
-
}
|
|
74
|
-
// Find all groups with no targetFramework attribute
|
|
75
|
-
// add their deps
|
|
76
|
-
const depsFromPlainGroups = extractDepsForPlainGroups(rawDependency);
|
|
77
|
-
if (depsFromPlainGroups) {
|
|
78
|
-
depsFromPlainGroups.forEach((depGroup) => {
|
|
79
|
-
ownDeps = ownDeps.concat(extractDepsFromRaw(depGroup.dependency));
|
|
80
|
-
});
|
|
81
|
-
}
|
|
82
|
-
// Add the default dependencies
|
|
83
|
-
ownDeps = ownDeps.concat(extractDepsFromRaw(rawDependency.dependency));
|
|
84
|
-
});
|
|
85
|
-
}
|
|
86
|
-
return {
|
|
87
|
-
children: ownDeps,
|
|
88
|
-
name: depName,
|
|
89
|
-
};
|
|
90
|
-
}
|
|
91
|
-
exports.parse = parse;
|
|
92
25
|
function assertNuspecSchema(nuspecContent, parsedNuspec) {
|
|
93
26
|
var _a;
|
|
94
27
|
if (!((_a = parsedNuspec.package) === null || _a === void 0 ? void 0 : _a.metadata)) {
|
|
95
28
|
throw new Error('This is an invalid nuspec file. Package or Metadata xml section is missing. This is a required element. See https://docs.microsoft.com/en-us/nuget/reference/nuspec. The nuspec in question: ' +
|
|
96
29
|
nuspecContent);
|
|
97
30
|
}
|
|
98
|
-
//just in case, this should *not* happen
|
|
31
|
+
// just in case, this should *not* happen
|
|
99
32
|
if (!Array.isArray(parsedNuspec.package.metadata)) {
|
|
100
33
|
throw new Error('This is an invalid nuspec file; the metadata tag is supposed to be a collection of objects but it is not! The nuspec in question: ' +
|
|
101
34
|
nuspecContent);
|
|
102
35
|
}
|
|
103
36
|
for (const metadata of parsedNuspec.package.metadata) {
|
|
104
|
-
//just in case, this shouldn't happen as this would indicate invalid/malformed nuspec file
|
|
37
|
+
// just in case, this shouldn't happen as this would indicate invalid/malformed nuspec file
|
|
105
38
|
if (metadata == null || typeof metadata !== 'object') {
|
|
106
39
|
throw new Error('Expected elements in a "metadata" tag to be objects, but they were ' +
|
|
107
40
|
typeof metadata +
|
|
@@ -109,7 +42,7 @@ function assertNuspecSchema(nuspecContent, parsedNuspec) {
|
|
|
109
42
|
nuspecContent);
|
|
110
43
|
}
|
|
111
44
|
if (metadata.dependencies) {
|
|
112
|
-
//just in case, error would indicate malformed nuspec
|
|
45
|
+
// just in case, error would indicate malformed nuspec
|
|
113
46
|
if (!Array.isArray(metadata.dependencies)) {
|
|
114
47
|
throw new Error('Expected that "dependencies" tag would be an array but it isn\'t. This is not supposed to happen and is likely due to malformed nuspec file! The nuspec in question: ' +
|
|
115
48
|
nuspecContent);
|
|
@@ -117,15 +50,6 @@ function assertNuspecSchema(nuspecContent, parsedNuspec) {
|
|
|
117
50
|
}
|
|
118
51
|
}
|
|
119
52
|
}
|
|
120
|
-
function extractDepsForPlainGroups(rawDependency) {
|
|
121
|
-
if (!rawDependency.group) {
|
|
122
|
-
return [];
|
|
123
|
-
}
|
|
124
|
-
return rawDependency.group.filter((group) => {
|
|
125
|
-
// valid group with no attributes or no `targetFramework` attribute
|
|
126
|
-
return group && !(group.$ && group.$.targetFramework);
|
|
127
|
-
});
|
|
128
|
-
}
|
|
129
53
|
function extractDepsForTargetFramework(rawDependency, targetFramework) {
|
|
130
54
|
if (!rawDependency || !rawDependency.group) {
|
|
131
55
|
return;
|
|
@@ -171,11 +95,6 @@ function extractDepsFromRaw(rawDependencies) {
|
|
|
171
95
|
});
|
|
172
96
|
return deps;
|
|
173
97
|
}
|
|
174
|
-
var SupportedEncodings;
|
|
175
|
-
(function (SupportedEncodings) {
|
|
176
|
-
SupportedEncodings["UTF8"] = "utf-8";
|
|
177
|
-
SupportedEncodings["UTF16LE"] = "utf-16le";
|
|
178
|
-
})(SupportedEncodings || (SupportedEncodings = {}));
|
|
179
98
|
function detectNuspecContentEncoding(nuspecContent) {
|
|
180
99
|
// 65533 is a code for replacement character that is unique to UTF-16
|
|
181
100
|
// https://www.unicodepedia.com/unicode/specials/fffd/replacement-character/
|
|
@@ -191,4 +110,83 @@ function removePotentialUtf16Characters(input) {
|
|
|
191
110
|
.replace(/\uBDBF/g, '')
|
|
192
111
|
.replace(/\uEFBD/g, '');
|
|
193
112
|
}
|
|
113
|
+
async function parse(nuspecContent, targetFramework, depName) {
|
|
114
|
+
var _a;
|
|
115
|
+
const parsedNuspec = await parseXML.parseStringPromise(nuspecContent);
|
|
116
|
+
let ownDeps = [];
|
|
117
|
+
// note: this will throw if assertion fails
|
|
118
|
+
assertNuspecSchema(nuspecContent, parsedNuspec);
|
|
119
|
+
for (const metadata of parsedNuspec.package.metadata) {
|
|
120
|
+
(_a = metadata.dependencies) === null || _a === void 0 ? void 0 : _a.forEach((rawDependency) => {
|
|
121
|
+
// Find and add target framework version specific dependencies
|
|
122
|
+
const depsForTargetFramework = extractDepsForTargetFramework(rawDependency, targetFramework);
|
|
123
|
+
if (depsForTargetFramework && depsForTargetFramework.group) {
|
|
124
|
+
ownDeps = ownDeps.concat(extractDepsFromRaw(depsForTargetFramework.group.dependency));
|
|
125
|
+
}
|
|
126
|
+
// Find all groups with no targetFramework attribute
|
|
127
|
+
// add their deps
|
|
128
|
+
const depsFromPlainGroups = extractDepsForPlainGroups(rawDependency);
|
|
129
|
+
if (depsFromPlainGroups) {
|
|
130
|
+
depsFromPlainGroups.forEach((depGroup) => {
|
|
131
|
+
ownDeps = ownDeps.concat(extractDepsFromRaw(depGroup.dependency));
|
|
132
|
+
});
|
|
133
|
+
}
|
|
134
|
+
// Add the default dependencies
|
|
135
|
+
ownDeps = ownDeps.concat(extractDepsFromRaw(rawDependency.dependency));
|
|
136
|
+
});
|
|
137
|
+
}
|
|
138
|
+
return {
|
|
139
|
+
children: ownDeps,
|
|
140
|
+
name: depName,
|
|
141
|
+
};
|
|
142
|
+
}
|
|
143
|
+
exports.parse = parse;
|
|
144
|
+
async function loadNuspecFromAsync(dep) {
|
|
145
|
+
const nupkgPath = path.resolve(dep.path, dep.name + '.' + dep.version + '.nupkg');
|
|
146
|
+
let nupkgData;
|
|
147
|
+
try {
|
|
148
|
+
nupkgData = fs.readFileSync(nupkgPath);
|
|
149
|
+
}
|
|
150
|
+
catch (error) {
|
|
151
|
+
if (error.code == 'ENOENT') {
|
|
152
|
+
debug('No nupkg file found at ' + nupkgPath);
|
|
153
|
+
return null; // this is needed not to break existing code flow
|
|
154
|
+
}
|
|
155
|
+
throw error;
|
|
156
|
+
}
|
|
157
|
+
const nuspecZipData = await JSZip.loadAsync(nupkgData);
|
|
158
|
+
const nuspecFile = Object.keys(nuspecZipData.files).find((file) => {
|
|
159
|
+
return path.extname(file) === '.nuspec';
|
|
160
|
+
});
|
|
161
|
+
if (!nuspecFile) {
|
|
162
|
+
throw new Error(`failed to read nupkg file from: ${nupkgPath}`);
|
|
163
|
+
}
|
|
164
|
+
if (!nuspecZipData) {
|
|
165
|
+
throw new Error(`failed to open nupkg file as an archive from: ${nupkgPath}`);
|
|
166
|
+
}
|
|
167
|
+
const rawNuspecContent = await nuspecZipData.files[nuspecFile].async('text');
|
|
168
|
+
const encoding = detectNuspecContentEncoding(rawNuspecContent);
|
|
169
|
+
const encoder = new TextEncoder();
|
|
170
|
+
const encoded = encoder.encode(rawNuspecContent);
|
|
171
|
+
const decoder = new TextDecoder(encoding);
|
|
172
|
+
const encodedNuspecContent = decoder.decode(encoded);
|
|
173
|
+
return removePotentialUtf16Characters(encodedNuspecContent);
|
|
174
|
+
}
|
|
175
|
+
async function parseNuspec(dep, targetFramework) {
|
|
176
|
+
// precaution
|
|
177
|
+
if (!dep) {
|
|
178
|
+
throw new Error('expected DependencyInfo parameter to have value but found it undefined');
|
|
179
|
+
}
|
|
180
|
+
// another precaution
|
|
181
|
+
if (!targetFramework) {
|
|
182
|
+
throw new Error('expected TargetFramework parameter to have value but found it undefined');
|
|
183
|
+
}
|
|
184
|
+
const nuspecContent = await loadNuspecFromAsync(dep);
|
|
185
|
+
if (nuspecContent === null) {
|
|
186
|
+
debug('failed to load nuspec content');
|
|
187
|
+
return null;
|
|
188
|
+
}
|
|
189
|
+
return await parse(nuspecContent, targetFramework, dep.name);
|
|
190
|
+
}
|
|
191
|
+
exports.parseNuspec = parseNuspec;
|
|
194
192
|
//# sourceMappingURL=nuspec-parser.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nuspec-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/nuspec-parser.ts"],"names":[],"mappings":";;;AAAA,+BAA+B;AAC/B,yBAAyB;AACzB,6BAA6B;AAC7B,mCAAmC;AACnC,qCAAqC;AAQrC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,oBAAoB,GAAG,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"nuspec-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/nuspec-parser.ts"],"names":[],"mappings":";;;AAAA,+BAA+B;AAC/B,yBAAyB;AACzB,6BAA6B;AAC7B,mCAAmC;AACnC,qCAAqC;AAQrC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,oBAAoB,GAAG,uBAAuB,CAAC;AAErD,IAAK,kBAGJ;AAHD,WAAK,kBAAkB;IACrB,oCAAc,CAAA;IACd,0CAAoB,CAAA;AACtB,CAAC,EAHI,kBAAkB,KAAlB,kBAAkB,QAGtB;AAED,SAAS,yBAAyB,CAAC,aAAa;IAC9C,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE;QACxB,OAAO,EAAE,CAAC;KACX;IAED,OAAO,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QAC1C,mEAAmE;QACnE,OAAO,KAAK,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,aAAqB,EAAE,YAAiB;;IAClE,IAAI,CAAC,CAAA,MAAA,YAAY,CAAC,OAAO,0CAAE,QAAQ,CAAA,EAAE;QACnC,MAAM,IAAI,KAAK,CACb,+LAA+L;YAC7L,aAAa,CAChB,CAAC;KACH;IAED,yCAAyC;IACzC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;QACjD,MAAM,IAAI,KAAK,CACb,oIAAoI;YAClI,aAAa,CAChB,CAAC;KACH;IAED,KAAK,MAAM,QAAQ,IAAI,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE;QACpD,2FAA2F;QAC3F,IAAI,QAAQ,IAAI,IAAI,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YACpD,MAAM,IAAI,KAAK,CACb,qEAAqE;gBACnE,OAAO,QAAQ;gBACf,uGAAuG;gBACvG,aAAa,CAChB,CAAC;SACH;QAED,IAAI,QAAQ,CAAC,YAAY,EAAE;YACzB,sDAAsD;YACtD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;gBACzC,MAAM,IAAI,KAAK,CACb,uKAAuK;oBACrK,aAAa,CAChB,CAAC;aACH;SACF;KACF;AACH,CAAC;AAED,SAAS,6BAA6B,CAAC,aAAa,EAAE,eAAe;IACnE,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE;QAC1C,OAAO;KACR;IAED,OAAO,aAAa,CAAC,KAAK;SACvB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;;QAChB,OAAO,CACL,CAAA,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,CAAC,0CAAE,eAAe;YACzB,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,CACnD,CAAC;IACJ,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACb,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAClE,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;YACnB,KAAK;YACL,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;SAClB,CAAC;IACJ,CAAC,CAAC;SACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,EAAE;YAC/B,OAAO,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SAC9C;QAED,OAAO,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC;SACD,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QACd,OAAO,CACL,eAAe,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS;YAC7C,eAAe,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,kBAAkB,CAAC,eAAe;IACzC,IAAI,CAAC,eAAe,EAAE;QACpB,OAAO,EAAE,CAAC;KACX;IAED,MAAM,IAAI,GAAiB,EAAE,CAAC;IAC9B,eAAe,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9B,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,EAAE;YAChB,IAAI,CAAC,IAAI,CAAC;gBACR,YAAY,EAAE,EAAE;gBAChB,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE;gBACd,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,OAAO;aACvB,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,2BAA2B,CAClC,aAAqB;IAErB,qEAAqE;IACrE,4EAA4E;IAC5E,IAAI,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,KAAK,EAAE;QACzC,OAAO,kBAAkB,CAAC,OAAO,CAAC;KACnC;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,8BAA8B,CAAC,KAAa;IACnD,OAAO,KAAK;SACT,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;SACtB,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;SACtB,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;SACtB,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,KAAK,CACzB,aAAqB,EACrB,eAAgC,EAChC,OAAe;;IAEf,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IACtE,IAAI,OAAO,GAAiB,EAAE,CAAC;IAE/B,2CAA2C;IAC3C,kBAAkB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAEhD,KAAK,MAAM,QAAQ,IAAI,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE;QACpD,MAAA,QAAQ,CAAC,YAAY,0CAAE,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;YAC/C,8DAA8D;YAC9D,MAAM,sBAAsB,GAAG,6BAA6B,CAC1D,aAAa,EACb,eAAe,CAChB,CAAC;YACF,IAAI,sBAAsB,IAAI,sBAAsB,CAAC,KAAK,EAAE;gBAC1D,OAAO,GAAG,OAAO,CAAC,MAAM,CACtB,kBAAkB,CAAC,sBAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,CAC5D,CAAC;aACH;YAED,oDAAoD;YACpD,iBAAiB;YACjB,MAAM,mBAAmB,GAAG,yBAAyB,CAAC,aAAa,CAAC,CAAC;YAErE,IAAI,mBAAmB,EAAE;gBACvB,mBAAmB,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACvC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;gBACpE,CAAC,CAAC,CAAC;aACJ;YAED,+BAA+B;YAC/B,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;KACJ;IAED,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,OAAO;KACd,CAAC;AACJ,CAAC;AA3CD,sBA2CC;AAED,KAAK,UAAU,mBAAmB,CAChC,GAAmB;IAEnB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAC5B,GAAG,CAAC,IAAI,EACR,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC,OAAO,GAAG,QAAQ,CACxC,CAAC;IAEF,IAAI,SAAiB,CAAC;IACtB,IAAI;QACF,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;KACxC;IAAC,OAAO,KAAc,EAAE;QACvB,IAAK,KAA+B,CAAC,IAAI,IAAI,QAAQ,EAAE;YACrD,KAAK,CAAC,yBAAyB,GAAG,SAAS,CAAC,CAAC;YAC7C,OAAO,IAAI,CAAC,CAAC,iDAAiD;SAC/D;QACD,MAAM,KAAK,CAAC;KACb;IACD,MAAM,aAAa,GAAQ,MAAM,KAAK,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAE5D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;QAChE,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,mCAAmC,SAAS,EAAE,CAAC,CAAC;KACjE;IAED,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,IAAI,KAAK,CACb,iDAAiD,SAAS,EAAE,CAC7D,CAAC;KACH;IAED,MAAM,gBAAgB,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAG,2BAA2B,CAAC,gBAAgB,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAEjD,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAErD,OAAO,8BAA8B,CAAC,oBAAoB,CAAC,CAAC;AAC9D,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,GAAmB,EACnB,eAAgC;IAEhC,aAAa;IACb,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;KACH;IAED,qBAAqB;IACrB,IAAI,CAAC,eAAe,EAAE;QACpB,MAAM,IAAI,KAAK,CACb,yEAAyE,CAC1E,CAAC;KACH;IAED,MAAM,aAAa,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,aAAa,KAAK,IAAI,EAAE;QAC1B,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC;KACb;IAED,OAAO,MAAM,KAAK,CAAC,aAAa,EAAE,eAAe,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;AAC/D,CAAC;AAzBD,kCAyBC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"project-json-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/project-json-parser.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AAGrC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"project-json-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/project-json-parser.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AAGrC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAUlC,SAAS,mBAAmB,CAAC,GAAG,EAAE,IAAI;IACpC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAClB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;QAC3B,OAAO,IAAI,CAAC;KACb;IACD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QAClC,IAAI,GAAG,KAAK,cAAc,EAAE;YAC1B,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;YACtC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE;gBAC3C,MAAM,OAAO,GAAG,GAAG,CAAC;gBACpB,IAAI,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;gBAChC,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;oBAC/B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;iBAC3B;gBACD,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE;oBAClC,OAAO,GAAG,SAAS,CAAC;iBACrB;qBAAM;oBACL,OAAO,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;iBAC9B;gBACD,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;aACzB;SACF;aAAM;YACL,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;SACrC;KACF;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,WAAW;IACpC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC3C,MAAM,MAAM,GAA6B;QACvC,YAAY,EAAE,mBAAmB,CAAC,UAAU,EAAE,EAAE,CAAC;KAClD,CAAC;IACF,IAAI,OAAO,UAAU,CAAC,OAAO,KAAK,QAAQ,EAAE;QAC1C,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC;QACxD,MAAM,CAAC,OAAO,GAAG;YACf,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,OAAO;YACjC,IAAI;SACL,CAAC;KACH;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,KAAK,CAAC,WAAW,EAAE,IAAI;IACrC,MAAM,iBAAiB,GAAiB,EAAE,CAAC;IAC3C,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACtD,MAAM,WAAW,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACnD,MAAM,eAAe,GAAG,WAAW,CAAC,YAAY,CAAC;IACjD,KAAK,CAAC,eAAe,CAAC,CAAC;IACvB,IAAI,eAAe,EAAE;QACnB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE;YAC/C,sCAAsC;YACtC,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YACtC,iBAAiB,CAAC,IAAI,CAAC;gBACrB,YAAY,EAAE,EAAE;gBAChB,IAAI;gBACJ,OAAO;aACR,CAAC,CAAC;SACJ;KACF;IACD,IAAI,WAAW,CAAC,OAAO,EAAE;QACvB,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;QACrC,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC;KAC5C;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAtBD,sBAsBC"}
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.generateRuntimeAssemblies = exports.isSupported = void 0;
|
|
4
|
+
const errors = require("../errors/");
|
|
5
|
+
const fs = require("fs");
|
|
6
|
+
const lodash_1 = require("lodash");
|
|
7
|
+
const path = require("path");
|
|
8
|
+
const debugModule = require("debug");
|
|
9
|
+
const debug = debugModule('snyk');
|
|
10
|
+
// At least to keep project development iterative, don't support needle and haystack'ing dependency JSON
|
|
11
|
+
// for target frameworks other than .NET 5+ and .NET Core, as other frameworks generates vastly other types of
|
|
12
|
+
// .json graphs, requiring a whole other parsing strategy to extract tne runtime dependencies.
|
|
13
|
+
// For a list of version naming currently available, see
|
|
14
|
+
// https://learn.microsoft.com/en-us/dotnet/standard/frameworks#supported-target-frameworks
|
|
15
|
+
function isSupported(targetFramework) {
|
|
16
|
+
if (!('original' in targetFramework)) {
|
|
17
|
+
return false;
|
|
18
|
+
}
|
|
19
|
+
// Everything that does not start with 'net' is already game over. E.g. Windows Phone (wp) or silverlight (sl) etc.
|
|
20
|
+
if (!targetFramework.original.startsWith('net')) {
|
|
21
|
+
return false;
|
|
22
|
+
}
|
|
23
|
+
// What's left is:
|
|
24
|
+
// - .NET Core: netcoreappN.N,
|
|
25
|
+
// - .NET 5+ netN.N,
|
|
26
|
+
// - .NET Standard: netstandardN.N and
|
|
27
|
+
// - .NET Framework: netNNN, all of which we support except the latter.
|
|
28
|
+
// So if there's a dot, we're good.
|
|
29
|
+
if (targetFramework.original.includes('.')) {
|
|
30
|
+
return true;
|
|
31
|
+
}
|
|
32
|
+
// Otherwise it's something before .NET 5 and we're out
|
|
33
|
+
return false;
|
|
34
|
+
}
|
|
35
|
+
exports.isSupported = isSupported;
|
|
36
|
+
// The Nuget dependency resolution rule of lowest applicable version
|
|
37
|
+
// (see https://learn.microsoft.com/en-us/nuget/concepts/dependency-resolution#lowest-applicable-version)
|
|
38
|
+
// does not apply to runtime dependencies. If you resolve a dependency graph of some package, that depends on
|
|
39
|
+
// System.Http.Net 4.0.0, you might still very well end up using System.Http.Net 7.0.0 if you are running your
|
|
40
|
+
// executable on .net7.0.
|
|
41
|
+
// The `dotnet publish` will give a good estimate of what runtime dependencies are going to be used, so we inspect
|
|
42
|
+
// that for information.
|
|
43
|
+
// See https://natemcmaster.com/blog/2017/12/21/netcore-primitives/ for a good overview.
|
|
44
|
+
function generateRuntimeAssemblies(filePath) {
|
|
45
|
+
debug('extracting runtime assemblies from ' + filePath);
|
|
46
|
+
const depsFile = fs.readFileSync(filePath);
|
|
47
|
+
const deps = JSON.parse(depsFile.toString('utf-8'));
|
|
48
|
+
if (!deps.targets) {
|
|
49
|
+
throw new errors.FileNotProcessableError('could not find any targets in deps file');
|
|
50
|
+
}
|
|
51
|
+
// Run through all TargetFrameworks, indexed for example
|
|
52
|
+
// .NETCoreApp,Version=v6.0/osx-arm64,
|
|
53
|
+
// .NETCoreApp,Version=v6.0/alpine-armv6
|
|
54
|
+
// ... etc.
|
|
55
|
+
// See all: https://github.com/dotnet/runtime/blob/bd83e17052d3c09022bad1d91dca860ca6b27ab9/src/libraries/Microsoft.NETCore.Platforms/src/runtime.json
|
|
56
|
+
const runtimeAssemblyVersions = {};
|
|
57
|
+
Object.entries(deps.targets).forEach(([target, dependencies]) => {
|
|
58
|
+
// Ignore target frameworks without dependencies, as they hold no dlls and thus no assembly versions to gauge.
|
|
59
|
+
if ((0, lodash_1.isEmpty)(dependencies)) {
|
|
60
|
+
return;
|
|
61
|
+
}
|
|
62
|
+
// The RuntimeIdentifier's (RID) dependencies are located as `runtime` objects under dependencies.
|
|
63
|
+
// Depending on the TargetFramework, they can be located different places, so we need to iterate the whole
|
|
64
|
+
// list of targets for their `runtime` objects
|
|
65
|
+
// E.g., find the first entry in the list of targets as:
|
|
66
|
+
// "your-top-level-project/1.0.0": {...},
|
|
67
|
+
// "Castle.Core/4.4.1": {...},
|
|
68
|
+
// "runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64/6.0.16": { runtime: {...} },
|
|
69
|
+
// ... etc.
|
|
70
|
+
const runtimes = {};
|
|
71
|
+
let name;
|
|
72
|
+
let runtime;
|
|
73
|
+
for (const packageInfo of Object.values(dependencies)) {
|
|
74
|
+
if (!('runtime' in packageInfo)) {
|
|
75
|
+
continue;
|
|
76
|
+
}
|
|
77
|
+
// This can be either one or more runtime deps nested under a single leaf.
|
|
78
|
+
runtime = packageInfo.runtime;
|
|
79
|
+
if (runtime && Object.keys(runtime).length > 0) {
|
|
80
|
+
for (const [fullName, version] of Object.entries(runtime)) {
|
|
81
|
+
if ((0, lodash_1.isEmpty)(version)) {
|
|
82
|
+
continue;
|
|
83
|
+
}
|
|
84
|
+
// For some versions of .NET, the dependency version generated can be more than just the System.* name, but a
|
|
85
|
+
// full path-like structure, such as lib/netstandard2.0/System.Buffers.dll, so extract as needed:
|
|
86
|
+
name = path.basename(fullName);
|
|
87
|
+
runtimes[name] = version;
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
if (!runtimes) {
|
|
92
|
+
throw new errors.FileNotProcessableError(`could not find any runtime dependencies in the ${target} dependency`);
|
|
93
|
+
}
|
|
94
|
+
// Dig down into the specific runtimepack which contains all the assembly versions of
|
|
95
|
+
// the bundled DLLs for the given runtime, as:
|
|
96
|
+
// "runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64/6.0.16": {
|
|
97
|
+
// "runtime": {
|
|
98
|
+
// "Microsoft.CSharp.dll": {
|
|
99
|
+
// "assemblyVersion": "6.0.0.0",
|
|
100
|
+
// "fileVersion": "6.0.1623.17311"
|
|
101
|
+
// },
|
|
102
|
+
// "Microsoft.VisualBasic.Core.dll": {
|
|
103
|
+
// "assemblyVersion": "11.0.0.0",
|
|
104
|
+
// "fileVersion": "11.100.1623.17311"
|
|
105
|
+
// },
|
|
106
|
+
// (...)
|
|
107
|
+
// We currently only address assemblyVersions. FileVersion might become relevant, depending
|
|
108
|
+
// on how vulnerabilities are reported in the future.
|
|
109
|
+
runtimeAssemblyVersions[target] = Object.entries(runtimes).reduce((acc, [dll, versions]) => {
|
|
110
|
+
// Take the version number (N.N.N.N) and remove the last element, in order for vulndb to understand anything.
|
|
111
|
+
acc[dll] = versions.assemblyVersion.split('.').slice(0, -1).join('.');
|
|
112
|
+
return acc;
|
|
113
|
+
}, {});
|
|
114
|
+
});
|
|
115
|
+
if ((0, lodash_1.isEmpty)(runtimeAssemblyVersions)) {
|
|
116
|
+
throw new errors.FileNotProcessableError('collection of runtime assembly versions was empty, that should not happen');
|
|
117
|
+
}
|
|
118
|
+
debug('finished extracting runtime assemblies from ' + filePath);
|
|
119
|
+
// FIXME: This has been done to make the future easier, as we probably soon will need to support multiple
|
|
120
|
+
// RIDs. Currently, we are only looking at the first one.
|
|
121
|
+
return Object.values(runtimeAssemblyVersions)[0];
|
|
122
|
+
}
|
|
123
|
+
exports.generateRuntimeAssemblies = generateRuntimeAssemblies;
|
|
124
|
+
//# sourceMappingURL=runtime-assembly.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"runtime-assembly.js","sourceRoot":"","sources":["../../lib/nuget-parser/runtime-assembly.ts"],"names":[],"mappings":";;;AAKA,qCAAqC;AACrC,yBAAyB;AACzB,mCAAiC;AACjC,6BAA6B;AAC7B,qCAAqC;AAErC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAWlC,wGAAwG;AACxG,8GAA8G;AAC9G,8FAA8F;AAC9F,wDAAwD;AACxD,2FAA2F;AAC3F,SAAgB,WAAW,CAAC,eAAgC;IAC1D,IAAI,CAAC,CAAC,UAAU,IAAI,eAAe,CAAC,EAAE;QACpC,OAAO,KAAK,CAAC;KACd;IAED,mHAAmH;IACnH,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE;QAC/C,OAAO,KAAK,CAAC;KACd;IAED,kBAAkB;IAClB,8BAA8B;IAC9B,oBAAoB;IACpB,sCAAsC;IACtC,uEAAuE;IACvE,mCAAmC;IACnC,IAAI,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QAC1C,OAAO,IAAI,CAAC;KACb;IAED,uDAAuD;IACvD,OAAO,KAAK,CAAC;AACf,CAAC;AAtBD,kCAsBC;AAED,oEAAoE;AACpE,yGAAyG;AACzG,6GAA6G;AAC7G,8GAA8G;AAC9G,yBAAyB;AACzB,kHAAkH;AAClH,wBAAwB;AACxB,wFAAwF;AACxF,SAAgB,yBAAyB,CAAC,QAAgB;IACxD,KAAK,CAAC,qCAAqC,GAAG,QAAQ,CAAC,CAAC;IAExD,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAEpD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;QACjB,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,yCAAyC,CAC1C,CAAC;KACH;IAED,wDAAwD;IACxD,sCAAsC;IACtC,wCAAwC;IACxC,WAAW;IACX,sJAAsJ;IACtJ,MAAM,uBAAuB,GAA4B,EAAE,CAAC;IAC5D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE,EAAE;QACzE,8GAA8G;QAC9G,IAAI,IAAA,gBAAO,EAAC,YAAY,CAAC,EAAE;YACzB,OAAO;SACR;QAED,kGAAkG;QAClG,0GAA0G;QAC1G,8CAA8C;QAC9C,wDAAwD;QACxD,0CAA0C;QAC1C,+BAA+B;QAC/B,qFAAqF;QACrF,WAAW;QACX,MAAM,QAAQ,GAAG,EAAE,CAAC;QACpB,IAAI,IAAY,CAAC;QACjB,IAAI,OAAiC,CAAC;QACtC,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;YACrD,IAAI,CAAC,CAAC,SAAS,IAAI,WAAW,CAAC,EAAE;gBAC/B,SAAS;aACV;YAED,0EAA0E;YAC1E,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC;YAE9B,IAAI,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC9C,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;oBACzD,IAAI,IAAA,gBAAO,EAAC,OAAO,CAAC,EAAE;wBACpB,SAAS;qBACV;oBAED,6GAA6G;oBAC7G,iGAAiG;oBACjG,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBAC/B,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;iBAC1B;aACF;SACF;QAED,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,kDAAkD,MAAM,aAAa,CACtE,CAAC;SACH;QAED,qFAAqF;QACrF,8CAA8C;QAC9C,kEAAkE;QAClE,iBAAiB;QACjB,gCAAgC;QAChC,sCAAsC;QACtC,wCAAwC;QACxC,SAAS;QACT,0CAA0C;QAC1C,uCAAuC;QACvC,2CAA2C;QAC3C,SAAS;QACT,SAAS;QACT,2FAA2F;QAC3F,qDAAqD;QACrD,uBAAuB,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAC9C,QAAoB,CACrB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE;YAChC,6GAA6G;YAC7G,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtE,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAAE,CAAC,CAAC;IACT,CAAC,CAAC,CAAC;IAEH,IAAI,IAAA,gBAAO,EAAC,uBAAuB,CAAC,EAAE;QACpC,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,2EAA2E,CAC5E,CAAC;KACH;IAED,KAAK,CAAC,8CAA8C,GAAG,QAAQ,CAAC,CAAC;IAEjE,yGAAyG;IACzG,0DAA0D;IAC1D,OAAO,MAAM,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC;AAlGD,8DAkGC"}
|
|
@@ -7,5 +7,5 @@ var ManifestType;
|
|
|
7
7
|
ManifestType["DOTNET_CORE"] = "dotnet-core";
|
|
8
8
|
ManifestType["PACKAGES_CONFIG"] = "packages.config";
|
|
9
9
|
ManifestType["PAKET"] = "paket";
|
|
10
|
-
})(ManifestType
|
|
10
|
+
})(ManifestType || (exports.ManifestType = ManifestType = {}));
|
|
11
11
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../lib/nuget-parser/types.ts"],"names":[],"mappings":";;;AAgDA,IAAY,YAKX;AALD,WAAY,YAAY;IACtB,6CAA6B,CAAA;IAC7B,2CAA2B,CAAA;IAC3B,mDAAmC,CAAA;IACnC,+BAAe,CAAA;AACjB,CAAC,EALW,YAAY,
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../lib/nuget-parser/types.ts"],"names":[],"mappings":";;;AAgDA,IAAY,YAKX;AALD,WAAY,YAAY;IACtB,6CAA6B,CAAA;IAC7B,2CAA2B,CAAA;IAC3B,mDAAmC,CAAA;IACnC,+BAAe,CAAA;AACjB,CAAC,EALW,YAAY,4BAAZ,YAAY,QAKvB"}
|
package/package.json
CHANGED
|
@@ -4,9 +4,11 @@
|
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"test": "npm run test:unit",
|
|
7
|
-
"test:unit": "jest --coverage",
|
|
8
|
-
"lint": "
|
|
9
|
-
"lint:
|
|
7
|
+
"test:unit": "jest --coverage --runInBand",
|
|
8
|
+
"lint": "npm run lint:prettier && npm run lint:eslint",
|
|
9
|
+
"lint:eslint": "eslint . --ext .ts",
|
|
10
|
+
"lint:prettier": "prettier --check '{lib,test}/**/*.{ts,csproj,json}' --log-level 'warn'",
|
|
11
|
+
"lint:fix": "prettier --write '{lib,test}/**/*.{ts,csproj,json}' && eslint -c .eslintrc --fix '{lib,test}/**/*.ts'",
|
|
10
12
|
"build": "tsc",
|
|
11
13
|
"build:watch": "tsc -w",
|
|
12
14
|
"prepare": "npm run build"
|
|
@@ -23,7 +25,7 @@
|
|
|
23
25
|
"author": "snyk.io",
|
|
24
26
|
"license": "Apache-2.0",
|
|
25
27
|
"engines": {
|
|
26
|
-
"node": ">=
|
|
28
|
+
"node": ">=16"
|
|
27
29
|
},
|
|
28
30
|
"files": [
|
|
29
31
|
"bin",
|
|
@@ -34,25 +36,25 @@
|
|
|
34
36
|
},
|
|
35
37
|
"homepage": "https://github.com/snyk/snyk-nuget-plugin#readme",
|
|
36
38
|
"dependencies": {
|
|
37
|
-
"@snyk/dep-graph": "^2.7.
|
|
39
|
+
"@snyk/dep-graph": "^2.7.1",
|
|
38
40
|
"debug": "^4.3.4",
|
|
39
41
|
"dotnet-deps-parser": "5.3.0",
|
|
40
42
|
"jszip": "3.10.1",
|
|
41
43
|
"lodash": "^4.17.21",
|
|
42
44
|
"snyk-paket-parser": "1.6.0",
|
|
43
|
-
"tslib": "^2.6.
|
|
44
|
-
"xml2js": "^0.6.
|
|
45
|
+
"tslib": "^2.6.1",
|
|
46
|
+
"xml2js": "^0.6.2"
|
|
45
47
|
},
|
|
46
48
|
"devDependencies": {
|
|
47
|
-
"@types/jest": "^
|
|
48
|
-
"@types/node": "^20",
|
|
49
|
-
"@typescript-eslint/eslint-plugin": "^
|
|
50
|
-
"@typescript-eslint/parser": "^
|
|
51
|
-
"eslint": "^8.
|
|
52
|
-
"jest": "^
|
|
53
|
-
"prettier": "^
|
|
54
|
-
"ts-jest": "^
|
|
55
|
-
"typescript": "^
|
|
49
|
+
"@types/jest": "^29.5.3",
|
|
50
|
+
"@types/node": "^20.4.5",
|
|
51
|
+
"@typescript-eslint/eslint-plugin": "^6.2.1",
|
|
52
|
+
"@typescript-eslint/parser": "^6.2.1",
|
|
53
|
+
"eslint": "^8.46.0",
|
|
54
|
+
"jest": "^29.6.2",
|
|
55
|
+
"prettier": "^3.0.0",
|
|
56
|
+
"ts-jest": "^29.1.1",
|
|
57
|
+
"typescript": "^5.1.6"
|
|
56
58
|
},
|
|
57
|
-
"version": "1.
|
|
59
|
+
"version": "1.29.0"
|
|
58
60
|
}
|