snyk-nuget-plugin 2.7.10 → 2.7.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import * as depGraphLib from '@snyk/dep-graph';
|
|
2
2
|
import { AssemblyVersions, ProjectAssets, PublishedProjectDeps } from '../types';
|
|
3
3
|
export declare const FILTERED_DEPENDENCY_PREFIX: string[];
|
|
4
|
+
export declare function extractLocalProjects(libs: Record<string, any>): string[];
|
|
4
5
|
export declare function parse(projectName: string, projectAssets: ProjectAssets, publishedProjectDeps: PublishedProjectDeps, runtimeAssembly: AssemblyVersions): depGraphLib.DepGraph;
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.FILTERED_DEPENDENCY_PREFIX = void 0;
|
|
4
|
+
exports.extractLocalProjects = extractLocalProjects;
|
|
4
5
|
exports.parse = parse;
|
|
5
6
|
const debugModule = require("debug");
|
|
6
7
|
const dep_graph_1 = require("@snyk/dep-graph");
|
|
@@ -56,7 +57,24 @@ function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAsse
|
|
|
56
57
|
recursivelyPopulateNodes(depGraphBuilder, targetDeps, childNode, runtimeAssembly, localVisited);
|
|
57
58
|
}
|
|
58
59
|
}
|
|
60
|
+
function getRestoredProjectName(publishedProjectDeps, runtimeTarget, projectName) {
|
|
61
|
+
return Object.keys(publishedProjectDeps.targets[runtimeTarget]).find((f) => f.startsWith(projectName));
|
|
62
|
+
}
|
|
63
|
+
function extractLocalProjects(libs) {
|
|
64
|
+
const localPackages = [];
|
|
65
|
+
for (const [key, value] of Object.entries(libs)) {
|
|
66
|
+
if (!key.includes('runtimepack')) {
|
|
67
|
+
// Local projects (.csproj files) don't have values declared for these two properties.
|
|
68
|
+
// https://github.com/dotnet/sdk/blob/main/documentation/specs/runtime-configuration-file.md#libraries-section-depsjson
|
|
69
|
+
if (!value.serviceable && !value.sha512 && value.type === 'project') {
|
|
70
|
+
localPackages.push(key);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
return localPackages;
|
|
75
|
+
}
|
|
59
76
|
function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly) {
|
|
77
|
+
var _a;
|
|
60
78
|
const depGraphBuilder = new dep_graph_1.DepGraphBuilder({ name: 'nuget' }, {
|
|
61
79
|
name: projectName,
|
|
62
80
|
version: projectAssets.project.version,
|
|
@@ -74,9 +92,12 @@ function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAss
|
|
|
74
92
|
// What `dotnet` wants to call this project is not always the same as what Snyk wants to call it, and the version
|
|
75
93
|
// postfix is not the same as what's defined in `project.assets.json` due to NuGet version normalization, which is
|
|
76
94
|
// not applied during publish, only during restore. So we have to rely on the fact that the name is enough.
|
|
77
|
-
const restoreProjectName =
|
|
95
|
+
const restoreProjectName = getRestoredProjectName(publishedProjectDeps, runtimeTarget, projectAssets.project.restore.projectName) ||
|
|
96
|
+
// Last attempt to find the target using the .csproj filename.
|
|
97
|
+
// <PackageId> property overrides most of the naming when restoring, but when publishing, the actual filename is used as the target.
|
|
98
|
+
getRestoredProjectName(publishedProjectDeps, runtimeTarget, projectName);
|
|
78
99
|
if (!restoreProjectName) {
|
|
79
|
-
throw new errors_1.InvalidManifestError(`no project name containing ${projectAssets.project.restore.projectName} found in ${runtimeTarget} object, cannot continue without it`);
|
|
100
|
+
throw new errors_1.InvalidManifestError(`no project name containing ${projectAssets.project.restore.projectName} or ${projectName} found in ${runtimeTarget} object, cannot continue without it`);
|
|
80
101
|
}
|
|
81
102
|
// Find names and versions of all dependencies of the root package. These are already structured correctly in
|
|
82
103
|
// the deps.json generated by `dotnet publish`.
|
|
@@ -91,6 +112,22 @@ function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAss
|
|
|
91
112
|
type: 'root',
|
|
92
113
|
dependencies: topLevelDepPackages,
|
|
93
114
|
};
|
|
115
|
+
// runtimeAssembly doesn't have entries if the target framework is `netstandard`
|
|
116
|
+
if (Object.keys(runtimeAssembly).length > 0) {
|
|
117
|
+
const localPackagesNames = extractLocalProjects(publishedProjectDeps.libraries);
|
|
118
|
+
// Overwriting the runtime versions with the versions declared in the manifest files.
|
|
119
|
+
const targets = publishedProjectDeps.targets[runtimeTarget];
|
|
120
|
+
for (const pgkName of localPackagesNames) {
|
|
121
|
+
if ((_a = targets[pgkName]) === null || _a === void 0 ? void 0 : _a.dependencies) {
|
|
122
|
+
for (const [key, value] of Object.entries(targets[pgkName].dependencies)) {
|
|
123
|
+
const dllName = `${key}.dll`;
|
|
124
|
+
if (runtimeAssembly[dllName]) {
|
|
125
|
+
runtimeAssembly[dllName] = value;
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
}
|
|
94
131
|
recursivelyPopulateNodes(depGraphBuilder, targetDependencies, rootNode, runtimeAssembly);
|
|
95
132
|
return depGraphBuilder.build();
|
|
96
133
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;AAgHA,oDAcC;AAuGD,sBAeC;AApPD,qCAAqC;AAErC,+CAAkD;AAMlD,yCAAoD;AAEpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAYlC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,UAAyC,EACzC,IAAmB,EACnB,eAAiC,EACjC,OAAqB;IAErB,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;IAEtE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,IAAI,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE3B,gHAAgH;QAChH,+FAA+F;QAC/F,IAAI,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACzE,KAAK,CAAC,GAAG,IAAI,kDAAkD,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG;YAChB,GAAG,UAAU,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;YACnC,IAAI;YACJ,OAAO;SACR,CAAC;QAEF,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QAEzD,2GAA2G;QAC3G,0FAA0F;QAC1F,IAAI,eAAe,GAAG,OAAO,CAAC;QAC9B,4GAA4G;QAC5G,sGAAsG;QACtG,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;QAC1B,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;YAC3B,eAAe,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,wBAAwB,CACtB,eAAe,EACf,UAAU,EACV,SAAS,EACT,eAAe,EACf,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,oBAA0C,EAC1C,aAAqB,EACrB,WAAmB;IAEnB,OAAO,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACzE,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAC1B,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB,CAAC,IAAyB;IAC5D,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,sFAAsF;YACtF,uHAAuH;YACvH,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACpE,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,UAAU,CACjB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC;;IAEjC,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,iHAAiH;IACjH,qDAAqD;IACrD,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAC,IAAI,CAAC;IAE9D,oFAAoF;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,6BAAoB,CAC5B,2HAA2H,CAC5H,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,aAAa,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,6BAAoB,CAC5B,MAAM,aAAa,sDAAsD,CAC1E,CAAC;IACJ,CAAC;IAED,iHAAiH;IACjH,kHAAkH;IAClH,2GAA2G;IAC3G,MAAM,kBAAkB,GACtB,sBAAsB,CACpB,oBAAoB,EACpB,aAAa,EACb,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAC1C;QACD,8DAA8D;QAC9D,oIAAoI;QACpI,sBAAsB,CAAC,oBAAoB,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;IAE3E,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,6BAAoB,CAC5B,8BAA8B,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,OAAO,WAAW,aAAa,aAAa,qCAAqC,CACzJ,CAAC;IACJ,CAAC;IAED,6GAA6G;IAC7G,+CAA+C;IAC/C,MAAM,mBAAmB,GACvB,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,kBAAkB,CAAC;SAC5D,YAAY,CAAC;IAElB,mHAAmH;IACnH,MAAM,kBAAkB,GAAkC,MAAM,CAAC,OAAO,CACtE,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAC5C,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACtB,MAAM,CAAC,eAAe,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;QACrC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC;IAC5C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,mBAAmB;KACjB,CAAC;IAEnB,gFAAgF;IAChF,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,MAAM,kBAAkB,GAAG,oBAAoB,CAC7C,oBAAoB,CAAC,SAAS,CAC/B,CAAC;QAEF,qFAAqF;QACrF,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,MAAA,OAAO,CAAC,OAAO,CAAC,0CAAE,YAAY,EAAE,CAAC;gBACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CACvC,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,CAC9B,EAAE,CAAC;oBACF,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC;oBAC7B,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC7B,eAAe,CAAC,OAAO,CAAC,GAAG,KAAe,CAAC;oBAC7C,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wBAAwB,CACtB,eAAe,EACf,kBAAkB,EAClB,QAAQ,EACR,eAAe,CAChB,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC;IAEjC,KAAK,CAAC,6DAA6D,CAAC,CAAC;IAErE,MAAM,MAAM,GAAG,UAAU,CACvB,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,eAAe,CAChB,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED