snyk-nuget-plugin 1.40.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +14 -4
- package/dist/index.js.map +1 -1
- package/dist/nuget-parser/cli/dotnet.js +1 -1
- package/dist/nuget-parser/cli/dotnet.js.map +1 -1
- package/dist/nuget-parser/index.d.ts +2 -6
- package/dist/nuget-parser/index.js +38 -33
- package/dist/nuget-parser/index.js.map +1 -1
- package/dist/nuget-parser/types.d.ts +6 -0
- package/dist/nuget-parser/types.js.map +1 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -67,15 +67,25 @@ async function inspect(root, targetFile, options) {
|
|
|
67
67
|
This should be considered experimental and not relied upon for production use.
|
|
68
68
|
Please report issues with this beta feature by submitting a support ticket, and attach the output of running this command
|
|
69
69
|
with the debug (-d) flag at \x1b[4mhttps://support.snyk.io/hc/en-us/requests/new\x1b[0m.`);
|
|
70
|
-
const
|
|
71
|
-
|
|
72
|
-
|
|
70
|
+
const results = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], options['project-name-prefix'], options['dotnet-target-framework']);
|
|
71
|
+
// Construct a MultiProjectResult to send to either the CLI or the SCM scanner.
|
|
72
|
+
const multiProjectResult = {
|
|
73
73
|
plugin: {
|
|
74
74
|
name: 'snyk-nuget-plugin',
|
|
75
75
|
targetFile,
|
|
76
|
-
targetRuntime: result.targetFramework,
|
|
77
76
|
},
|
|
77
|
+
scannedProjects: [],
|
|
78
78
|
};
|
|
79
|
+
for (const result of results) {
|
|
80
|
+
multiProjectResult.scannedProjects.push({
|
|
81
|
+
targetFile: targetFile,
|
|
82
|
+
depGraph: result.dependencyGraph,
|
|
83
|
+
meta: {
|
|
84
|
+
targetRuntime: result.targetFramework,
|
|
85
|
+
},
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
return multiProjectResult;
|
|
79
89
|
}
|
|
80
90
|
return nugetParser
|
|
81
91
|
.buildDepTreeFromFiles(root, targetFile, options.packagesFolder, manifestType, options['assets-project-name'], options['project-name-prefix'])
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;AAAA,8CAA8C;AAC9C,6BAA6B;AAC7B,iDAAiD;AACjD,gDAAoD;AAEpD,qCAIkB;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;;AAAA,8CAA8C;AAC9C,6BAA6B;AAC7B,iDAAiD;AACjD,gDAAoD;AAEpD,qCAIkB;AAGlB,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,QAAQ,IAAI,EAAE;QACZ,KAAK,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnC,OAAO,oBAAY,CAAC,YAAY,CAAC;SAClC;QACD,KAAK,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC1C,OAAO,oBAAY,CAAC,WAAW,CAAC;SACjC;QACD,KAAK,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtC,OAAO,oBAAY,CAAC,eAAe,CAAC;SACrC;QACD,KAAK,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACzC,OAAO,oBAAY,CAAC,KAAK,CAAC;SAC3B;QACD,OAAO,CAAC,CAAC;YACP,MAAM,IAAI,0BAAiB,CACzB,wCAAwC,GAAG,QAAQ,CACpD,CAAC;SACH;KACF;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,IAAI,EACJ,UAAU,EACV,OAAQ;IAER,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IACxB,IAAI,YAA0B,CAAC;IAC/B,IAAI;QACF,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC;KACzE;IAAC,OAAO,KAAc,EAAE;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC9B;IAED,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAiC,EAAE;QACnE,MAAM,eAAe,GAAG,OAAO,CAAC,IAAI;YAClC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe;YAC9B,CAAC,CAAC,SAAS,CAAC;QACd,OAAO,OAAO,CAAC,IAAI,CAAC;QACpB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;gBACV,aAAa,EAAE,eAAe;aAC/B;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,IAAI,YAAY,KAAK,oBAAY,CAAC,KAAK,EAAE;QACvC,OAAO,WAAW;aACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC,EACjD,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,gDAAgD;QACvF,OAAO,CAAC,MAAM,CACf;aACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;KAC5B;IAED,IACE,OAAO,CAAC,yBAAyB,CAAC;QAClC,CAAC,OAAO,CAAC,2BAA2B,CAAC,EACrC;QACA,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,wBAAe,CACjB,2IAA2I,CAC5I,CACF,CAAC;KACH;IAED,IAAI,OAAO,CAAC,2BAA2B,CAAC,EAAE;QACxC,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE;YAC7C,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,gCAAuB,CACzB,kMAAkM,YAAY,GAAG,CAClN,CACF,CAAC;SACH;QAED,OAAO,CAAC,GAAG,CAAC;;;;yFAIyE,CAAC,CAAC;QAEvF,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,sBAAsB,CACtD,IAAI,EACJ,UAAU,EACV,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,yBAAyB,CAAC,CACnC,CAAC;QAEF,+EAA+E;QAC/E,MAAM,kBAAkB,GAAuB;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;aACX;YACD,eAAe,EAAE,EAAE;SACpB,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;YAC5B,kBAAkB,CAAC,eAAe,CAAC,IAAI,CAAC;gBACtC,UAAU,EAAE,UAAU;gBACtB,QAAQ,EAAE,MAAM,CAAC,eAAe;gBAChC,IAAI,EAAE;oBACJ,aAAa,EAAE,MAAM,CAAC,eAAe;iBACtC;aACF,CAAC,CAAC;SACJ;QAED,OAAO,kBAAkB,CAAC;KAC3B;IAED,OAAO,WAAW;SACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,OAAO,CAAC,cAAc,EACtB,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,qBAAqB,CAAC,CAC/B;SACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;AAC7B,CAAC;AA3GD,0BA2GC"}
|
|
@@ -81,7 +81,7 @@ async function publish(projectPath, targetFramework) {
|
|
|
81
81
|
// E.g., something like:
|
|
82
82
|
// dotnet_6 -> /foo/bar/project/bin/Debug/net6.0/osx-arm64/project_name.dll
|
|
83
83
|
// Either way, since we're forcing a publish of a self-contained project, all .dlls should be placed there.
|
|
84
|
-
//
|
|
84
|
+
// PRs are welcome!
|
|
85
85
|
.find((line) => line.endsWith('.dll') || line.endsWith('.exe'));
|
|
86
86
|
if (!publishDirLine) {
|
|
87
87
|
const err = `Could not find a valid publish path while reading stdout: ${response.stdout}`;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../lib/nuget-parser/cli/dotnet.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AACrC,yCAA+C;AAC/C,6BAA6B;AAC7B,2CAA2C;AAE3C,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,KAAK,UAAU,MAAM,CACnB,SAAiB,EACjB,OAAe,EACf,IAAc;IAEd,KAAK,CAAC,2BAA2B,SAAS,KAAK,OAAO,EAAE,CAAC,CAAC;IAE1D,IAAI;QACF,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;KAChD;IAAC,OAAO,KAAc,EAAE;QACvB,IACE,CAAC,CACC,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,QAAQ,IAAI,KAAK;YACjB,QAAQ,IAAI,KAAK,CAClB,EACD;YACA,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,KAAK,EAAE,CAClD,CAAC;SACH;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC;QAC7C,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,OAAO,EAAE,CACpD,CAAC;KACH;AACH,CAAC;AAEM,KAAK,UAAU,QAAQ;IAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAE3B,IAAI;QACF,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;KACxC;IAAC,OAAO,KAAc,EAAE;QACvB,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;KACb;AACH,CAAC;AAVD,4BAUC;AAEM,KAAK,UAAU,OAAO,CAAC,WAAmB;IAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IACpD,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACvC,OAAO;AACT,CAAC;AALD,0BAKC;AAEM,KAAK,UAAU,GAAG,CACvB,WAAmB,EACnB,OAAiB;IAEjB,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACpD,OAAO,QAAQ,CAAC,MAAM,CAAC;AACzB,CAAC;AARD,kBAQC;AAEM,KAAK,UAAU,OAAO,CAC3B,WAAmB,EACnB,eAAwB;;IAExB,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACrC,sGAAsG;IACtG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAElB,yHAAyH;IACzH,IAAI,eAAe,EAAE;QACnB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;KAC5B;IAED,0EAA0E;IAC1E,oFAAoF;IACpF,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAEvB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAExD,wGAAwG;IACxG,0GAA0G;IAC1G,8GAA8G;IAC9G,eAAe;IACf,kHAAkH;IAClH,6GAA6G;IAC7G,6GAA6G;IAC7G,yCAAyC;IAEzC,sHAAsH;IACtH,iHAAiH;IACjH,gEAAgE;IAChE,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM;SACnC,KAAK,CAAC,SAAS,CAAC;QACjB,2HAA2H;QAC3H,mHAAmH;QACnH,wBAAwB;QACxB,2EAA2E;QAC3E,2GAA2G;QAC3G,
|
|
1
|
+
{"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../lib/nuget-parser/cli/dotnet.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AACrC,yCAA+C;AAC/C,6BAA6B;AAC7B,2CAA2C;AAE3C,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,KAAK,UAAU,MAAM,CACnB,SAAiB,EACjB,OAAe,EACf,IAAc;IAEd,KAAK,CAAC,2BAA2B,SAAS,KAAK,OAAO,EAAE,CAAC,CAAC;IAE1D,IAAI;QACF,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;KAChD;IAAC,OAAO,KAAc,EAAE;QACvB,IACE,CAAC,CACC,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,QAAQ,IAAI,KAAK;YACjB,QAAQ,IAAI,KAAK,CAClB,EACD;YACA,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,KAAK,EAAE,CAClD,CAAC;SACH;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC;QAC7C,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,OAAO,EAAE,CACpD,CAAC;KACH;AACH,CAAC;AAEM,KAAK,UAAU,QAAQ;IAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAE3B,IAAI;QACF,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;KACxC;IAAC,OAAO,KAAc,EAAE;QACvB,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;KACb;AACH,CAAC;AAVD,4BAUC;AAEM,KAAK,UAAU,OAAO,CAAC,WAAmB;IAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IACpD,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACvC,OAAO;AACT,CAAC;AALD,0BAKC;AAEM,KAAK,UAAU,GAAG,CACvB,WAAmB,EACnB,OAAiB;IAEjB,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACpD,OAAO,QAAQ,CAAC,MAAM,CAAC;AACzB,CAAC;AARD,kBAQC;AAEM,KAAK,UAAU,OAAO,CAC3B,WAAmB,EACnB,eAAwB;;IAExB,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACrC,sGAAsG;IACtG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAElB,yHAAyH;IACzH,IAAI,eAAe,EAAE;QACnB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;KAC5B;IAED,0EAA0E;IAC1E,oFAAoF;IACpF,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAEvB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAExD,wGAAwG;IACxG,0GAA0G;IAC1G,8GAA8G;IAC9G,eAAe;IACf,kHAAkH;IAClH,6GAA6G;IAC7G,6GAA6G;IAC7G,yCAAyC;IAEzC,sHAAsH;IACtH,iHAAiH;IACjH,gEAAgE;IAChE,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM;SACnC,KAAK,CAAC,SAAS,CAAC;QACjB,2HAA2H;QAC3H,mHAAmH;QACnH,wBAAwB;QACxB,2EAA2E;QAC3E,2GAA2G;QAC3G,mBAAmB;SAClB,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAElE,IAAI,CAAC,cAAc,EAAE;QACnB,MAAM,GAAG,GAAG,6DAA6D,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC3F,KAAK,CAAC,GAAG,CAAC,CAAC;QACX,MAAM,IAAI,wBAAe,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;KACnE;IAED,kHAAkH;IAClH,MAAM,CAAC,EAAE,gBAAgB,CAAC,GAAG,MAAA,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,mCAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,gBAAgB,EAAE;QACrB,MAAM,GAAG,GAAG,gEAAgE,cAAc,EAAE,CAAC;QAC7F,KAAK,CAAC,GAAG,CAAC,CAAC;QACX,MAAM,IAAI,wBAAe,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;KACnE;IAED,+GAA+G;IAC/G,uDAAuD;IACvD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC;IACtD,OAAO,OAAO,CAAC;AACjB,CAAC;AA7DD,0BA6DC"}
|
|
@@ -1,7 +1,3 @@
|
|
|
1
|
-
import { ManifestType } from './types';
|
|
2
|
-
|
|
3
|
-
export declare function buildDepGraphFromFiles(root: string | undefined, targetFile: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, projectNamePrefix?: string, targetFramework?: string): Promise<{
|
|
4
|
-
dependencyGraph: depGraphLib.DepGraph;
|
|
5
|
-
targetFramework: string | undefined;
|
|
6
|
-
}>;
|
|
1
|
+
import { DotnetCoreV2Results, ManifestType } from './types';
|
|
2
|
+
export declare function buildDepGraphFromFiles(root: string | undefined, targetFile: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, projectNamePrefix?: string, targetFramework?: string): Promise<DotnetCoreV2Results>;
|
|
7
3
|
export declare function buildDepTreeFromFiles(root: string | undefined, targetFile: string | undefined, packagesFolderPath: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, projectNamePrefix?: string): Promise<any>;
|
|
@@ -89,40 +89,44 @@ Will attempt to build dependency graph anyway, but the operation might fail.`);
|
|
|
89
89
|
debug(`project.assets.json file doesn't contain a value for 'projectName'. Using default value: ${resolvedProjectName}`);
|
|
90
90
|
}
|
|
91
91
|
}
|
|
92
|
-
//
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
if (
|
|
103
|
-
throw new errors_1.
|
|
92
|
+
// If a specific targetFramework has been requested, only query that, otherwise try to do them all
|
|
93
|
+
const decidedTargetFrameworks = targetFramework
|
|
94
|
+
? [targetFramework]
|
|
95
|
+
: targetFrameworks.filter((framework) => {
|
|
96
|
+
if (!depsParser.isSupportedByV2GraphGeneration(framework)) {
|
|
97
|
+
console.log(`\x1b[33m⚠ WARNING\x1b[0m: The runtime resolution flag is currently only supported for the following TargetFrameworks: .NET versions 5 and higher, all versions of .NET Core and all versions of .NET Standard. Detected a TargetFramework: \x1b[1m${framework}\x1b[0m, which will be skipped.`);
|
|
98
|
+
return false;
|
|
99
|
+
}
|
|
100
|
+
return true;
|
|
101
|
+
});
|
|
102
|
+
if (decidedTargetFrameworks.length == 0) {
|
|
103
|
+
throw new errors_1.InvalidManifestError(`Was not able to find any supported TargetFrameworks to scan, aborting`);
|
|
104
104
|
}
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
105
|
+
const results = [];
|
|
106
|
+
for (const decidedTargetFramework of decidedTargetFrameworks) {
|
|
107
|
+
// Ensure `dotnet` is installed on the system or fail trying.
|
|
108
|
+
await dotnet.validate();
|
|
109
|
+
// Run `dotnet publish` to create a self-contained publishable binary with included .dlls for assembly version inspection.
|
|
110
|
+
const publishDir = await dotnet.publish(projectRootFolder, decidedTargetFramework);
|
|
111
|
+
// Then inspect the dependency graph for the runtimepackage's assembly versions.
|
|
112
|
+
const depsFile = path.resolve(publishDir, `${projectNameFromManifestFile}.deps.json`);
|
|
113
|
+
const assemblyVersions = runtimeAssembly.generateRuntimeAssemblies(depsFile);
|
|
114
|
+
// Parse the TargetFramework using Nuget.Frameworks itself, instead of trying to reinvent the wheel, thus ensuring
|
|
115
|
+
// we have maximum context to use later when building the depGraph.
|
|
116
|
+
const location = nugetFrameworksParser.generate();
|
|
117
|
+
await dotnet.restore(location);
|
|
118
|
+
const response = await dotnet.run(location, [decidedTargetFramework]);
|
|
119
|
+
const targetFrameworkInfo = JSON.parse(response);
|
|
120
|
+
if (targetFrameworkInfo.IsUnsupported) {
|
|
121
|
+
throw new errors_1.InvalidManifestError(`dotnet was not able to parse the target framework ${decidedTargetFramework}, it was reported unsupported by the dotnet runtime`);
|
|
122
|
+
}
|
|
123
|
+
const depGraph = parser.depParser.parse(resolvedProjectName, manifest, assemblyVersions, targetFrameworkInfo);
|
|
124
|
+
results.push({
|
|
125
|
+
dependencyGraph: depGraph,
|
|
126
|
+
targetFramework: decidedTargetFramework,
|
|
127
|
+
});
|
|
120
128
|
}
|
|
121
|
-
|
|
122
|
-
return {
|
|
123
|
-
dependencyGraph: depGraph,
|
|
124
|
-
targetFramework: decidedTargetFramework,
|
|
125
|
-
};
|
|
129
|
+
return results;
|
|
126
130
|
}
|
|
127
131
|
exports.buildDepGraphFromFiles = buildDepGraphFromFiles;
|
|
128
132
|
async function buildDepTreeFromFiles(root, targetFile, packagesFolderPath, manifestType, useProjectNameFromAssetsFile, projectNamePrefix) {
|
|
@@ -165,7 +169,8 @@ async function buildDepTreeFromFiles(root, targetFile, packagesFolderPath, manif
|
|
|
165
169
|
catch (error) {
|
|
166
170
|
return Promise.reject(error);
|
|
167
171
|
}
|
|
168
|
-
//
|
|
172
|
+
// Only supports the first targetFramework we find.
|
|
173
|
+
// Use the newer `buildDepGraphFromFiles` for better support for multiple target frameworks.
|
|
169
174
|
const targetFramework = targetFrameworks.length > 0 ? targetFrameworks[0].original : undefined;
|
|
170
175
|
tree.meta = {
|
|
171
176
|
targetFramework: targetFramework,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/nuget-parser/index.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAC7B,wDAAwD;AACxD,qCAAqC;AACrC,iDAAiD;AACjD,iEAAiE;AACjE,sEAAsE;AACtE,2EAA2E;AAC3E,mEAAmE;AACnE,yEAAyE;AACzE,sCAA0E;AAC1E,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/nuget-parser/index.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAC7B,wDAAwD;AACxD,qCAAqC;AACrC,iDAAiD;AACjD,iEAAiE;AACjE,sEAAsE;AACtE,2EAA2E;AAC3E,mEAAmE;AACnE,yEAAyE;AACzE,sCAA0E;AAC1E,mCAMiB;AACjB,uCAAuC;AACvC,yEAAyE;AACzE,sDAAsD;AAEtD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,OAAO,GAAG;IACd,aAAa,EAAE;QACb,SAAS,EAAE,gBAAgB;QAC3B,iBAAiB,EAAE,IAAI;KACxB;IACD,gBAAgB,EAAE;QAChB,SAAS,EAAE,kBAAkB;QAC7B,iBAAiB,EAAE,IAAI;KACxB;IACD,iBAAiB,EAAE;QACjB,SAAS,EAAE,qBAAqB;QAChC,iBAAiB,EAAE,oBAAoB;KACxC;IACD,cAAc,EAAE;QACd,SAAS,EAAE,qBAAqB;QAChC,iBAAiB,EAAE,iBAAiB;KACrC;CACF,CAAC;AAEF,SAAS,iBAAiB,CAAC,cAAc,EAAE,iBAAiB;IAC1D,IAAI,cAAc,EAAE;QAClB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;KACpD;IACD,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,WAAW,CAClB,IAAa,EACb,iBAA0B,EAC1B,iBAA0B;IAE1B,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,iBAAiB,IAAI,EAAE,CAAC,CAAC;IACvE,IAAI,iBAAiB,EAAE;QACrB,OAAO,iBAAiB,GAAG,eAAe,CAAC;KAC5C;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,eAAuB;IAC9C,IAAI;QACF,KAAK,CAAC,sBAAsB,eAAe,EAAE,CAAC,CAAC;QAC/C,OAAO,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;KAClD;IAAC,OAAO,KAAc,EAAE;QACvB,MAAM,IAAI,gCAAuB,CAAC,KAAK,CAAC,CAAC;KAC1C;AACH,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,IAAwB,EACxB,UAA8B,EAC9B,YAA0B,EAC1B,4BAAqC,EACrC,iBAA0B,EAC1B,eAAwB;;IAExB,MAAM,QAAQ,GAAG,IAAI,IAAI,GAAG,CAAC;IAC7B,MAAM,cAAc,GAAG,UAAU,IAAI,GAAG,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;IACrD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAElE,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACzC,MAAM,QAAQ,GACZ,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAEpD,IAAI,CAAC,CAAA,MAAA,QAAQ,CAAC,OAAO,0CAAE,UAAU,CAAA,EAAE;QACjC,MAAM,IAAI,gCAAuB,CAC/B,0DAA0D,cAAc,qDAAqD,CAC9H,CAAC;KACH;IAED,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAClE,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE;QAChC,MAAM,IAAI,gCAAuB,CAC/B,0CAA0C,iBAAiB,qDAAqD,CACjH,CAAC;KACH;IAED,IAAI,eAAe,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE;QAClE,OAAO,CAAC,GAAG,CAAC,6DAA6D,eAAe;gEAC5B,gBAAgB,CAAC,IAAI,CAC/E,GAAG,CACJ;6EACwE,CAAC,CAAC;KAC5E;IAED,IAAI,mBAAmB,GAAG,WAAW,CACnC,IAAI,EACJ,iBAAiB,EACjB,iBAAiB,CAClB,CAAC;IAEF,MAAM,2BAA2B,GAAG,MAAA,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,0CAAE,OAAO,0CAAE,WAAW,CAAC;IAC5E,IACE,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,4BAA4B,EAC5B;QACA,IAAI,2BAA2B,EAAE;YAC/B,mBAAmB,GAAG,2BAA2B,CAAC;SACnD;aAAM;YACL,KAAK,CACH,4FAA4F,mBAAmB,EAAE,CAClH,CAAC;SACH;KACF;IACD,kGAAkG;IAClG,MAAM,uBAAuB,GAAG,eAAe;QAC7C,CAAC,CAAC,CAAC,eAAe,CAAC;QACnB,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE;YACpC,IAAI,CAAC,UAAU,CAAC,8BAA8B,CAAC,SAAS,CAAC,EAAE;gBACzD,OAAO,CAAC,GAAG,CACT,qPAAqP,SAAS,iCAAiC,CAChS,CAAC;gBACF,OAAO,KAAK,CAAC;aACd;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IAEP,IAAI,uBAAuB,CAAC,MAAM,IAAI,CAAC,EAAE;QACvC,MAAM,IAAI,6BAAoB,CAC5B,uEAAuE,CACxE,CAAC;KACH;IAED,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,sBAAsB,IAAI,uBAAuB,EAAE;QAC5D,6DAA6D;QAC7D,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;QAExB,0HAA0H;QAC1H,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,OAAO,CACrC,iBAAiB,EACjB,sBAAsB,CACvB,CAAC;QAEF,gFAAgF;QAChF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAC3B,UAAU,EACV,GAAG,2BAA2B,YAAY,CAC3C,CAAC;QACF,MAAM,gBAAgB,GACpB,eAAe,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QAEtD,kHAAkH;QAClH,mEAAmE;QACnE,MAAM,QAAQ,GAAG,qBAAqB,CAAC,QAAQ,EAAE,CAAC;QAClD,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACtE,MAAM,mBAAmB,GAAwB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,mBAAmB,CAAC,aAAa,EAAE;YACrC,MAAM,IAAI,6BAAoB,CAC5B,qDAAqD,sBAAsB,qDAAqD,CACjI,CAAC;SACH;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CACrC,mBAAmB,EACnB,QAAQ,EACR,gBAAgB,EAChB,mBAAmB,CACpB,CAAC;QACF,OAAO,CAAC,IAAI,CAAC;YACX,eAAe,EAAE,QAAQ;YACzB,eAAe,EAAE,sBAAsB;SACxC,CAAC,CAAC;KACJ;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAzHD,wDAyHC;AAEM,KAAK,UAAU,qBAAqB,CACzC,IAAwB,EACxB,UAA8B,EAC9B,kBAAsC,EACtC,YAA0B,EAC1B,4BAAqC,EACrC,iBAA0B;;IAE1B,MAAM,QAAQ,GAAG,IAAI,IAAI,GAAG,CAAC;IAC7B,MAAM,cAAc,GAAG,UAAU,IAAI,GAAG,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;IACrD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,iBAAiB,CACtC,kBAAkB,EAClB,iBAAiB,CAClB,CAAC;IAEF,MAAM,IAAI,GAAG;QACX,YAAY,EAAE,EAAE;QAChB,IAAI,EAAE,EAAE;QACR,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,iBAAiB,EAAE,iBAAiB,CAAC;QAC7D,oBAAoB,EAAE,aAAa;QACnC,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,IAAI,gBAAmC,CAAC;IACxC,IAAI;QACF,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE;YAC7C,gBAAgB;gBACd,YAAY,CAAC,+BAA+B,CAAC,iBAAiB,CAAC,CAAC;SACnE;aAAM;YACL,sEAAsE;YACtE,MAAM,0BAA0B,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;YACxE,gBAAgB,GAAG,YAAY,CAAC,+BAA+B,CAC7D,0BAA0B,CAC3B,CAAC;YAEF,+FAA+F;YAC/F,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE;gBAChC,+CAA+C;gBAC/C,IAAI,YAAY,KAAK,oBAAY,CAAC,eAAe,EAAE;oBACjD,MAAM,sBAAsB,GAC1B,MAAM,oBAAoB,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC;oBACpE,IAAI,sBAAsB,EAAE;wBAC1B,gBAAgB,GAAG,CAAC,sBAAsB,CAAC,CAAC;qBAC7C;iBACF;aACF;SACF;KACF;IAAC,OAAO,KAAc,EAAE;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC9B;IAED,mDAAmD;IACnD,4FAA4F;IAC5F,MAAM,eAAe,GACnB,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IACzE,IAAI,CAAC,IAAI,GAAG;QACV,eAAe,EAAE,eAAe;KACjC,CAAC;IAEF,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAEzE,IACE,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,4BAA4B,EAC5B;QACA,MAAM,WAAW,GAAG,MAAA,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,0CAAE,OAAO,0CAAE,WAAW,CAAC;QAE5D,IAAI,WAAW,EAAE;YACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;SACzB;aAAM;YACL,KAAK,CACH,2FAA2F;gBACzF,IAAI,CAAC,IAAI,CACZ,CAAC;SACH;KACF;IAED,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,CAC3B,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,cAAc,CACf,CAAC;AACJ,CAAC;AAvFD,sDAuFC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import * as depGraphLib from '@snyk/dep-graph';
|
|
1
2
|
export interface TargetFramework {
|
|
2
3
|
framework: string;
|
|
3
4
|
original: string;
|
|
@@ -62,4 +63,9 @@ export interface DotNetFile {
|
|
|
62
63
|
name: string;
|
|
63
64
|
contents: string;
|
|
64
65
|
}
|
|
66
|
+
export interface DotnetCoreV2Result {
|
|
67
|
+
dependencyGraph: depGraphLib.DepGraph;
|
|
68
|
+
targetFramework: string | undefined;
|
|
69
|
+
}
|
|
70
|
+
export type DotnetCoreV2Results = DotnetCoreV2Result[];
|
|
65
71
|
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../lib/nuget-parser/types.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../lib/nuget-parser/types.ts"],"names":[],"mappings":";;;AAiDA,IAAY,YAKX;AALD,WAAY,YAAY;IACtB,6CAA6B,CAAA;IAC7B,2CAA2B,CAAA;IAC3B,mDAAmC,CAAA;IACnC,+BAAe,CAAA;AACjB,CAAC,EALW,YAAY,4BAAZ,YAAY,QAKvB"}
|
package/package.json
CHANGED
|
@@ -39,7 +39,7 @@
|
|
|
39
39
|
"@snyk/cli-interface": "^2.13.0",
|
|
40
40
|
"@snyk/dep-graph": "^2.7.1",
|
|
41
41
|
"debug": "^4.3.4",
|
|
42
|
-
"dotnet-deps-parser": "5.5.
|
|
42
|
+
"dotnet-deps-parser": "5.5.2",
|
|
43
43
|
"jszip": "3.10.1",
|
|
44
44
|
"lodash": "^4.17.21",
|
|
45
45
|
"node-cache": "^5.1.2",
|
|
@@ -58,5 +58,5 @@
|
|
|
58
58
|
"ts-jest": "^29.1.1",
|
|
59
59
|
"typescript": "^5.1.6"
|
|
60
60
|
},
|
|
61
|
-
"version": "
|
|
61
|
+
"version": "2.0.0"
|
|
62
62
|
}
|