snyk-nuget-plugin 2.7.16 → 2.7.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +4 -4
- package/dist/index.js.map +1 -1
- package/dist/nuget-parser/cli/dotnet.d.ts +1 -0
- package/dist/nuget-parser/cli/dotnet.js +16 -3
- package/dist/nuget-parser/cli/dotnet.js.map +1 -1
- package/dist/nuget-parser/index.d.ts +1 -1
- package/dist/nuget-parser/index.js +29 -12
- package/dist/nuget-parser/index.js.map +1 -1
- package/dist/nuget-parser/parsers/dotnet-core-v2-parser.d.ts +1 -1
- package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js +41 -31
- package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js.map +1 -1
- package/dist/nuget-parser/runtime-assembly-v2.d.ts +2 -0
- package/dist/nuget-parser/runtime-assembly-v2.js +92 -0
- package/dist/nuget-parser/runtime-assembly-v2.js.map +1 -0
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -60,14 +60,14 @@ async function inspect(root, targetFile, options) {
|
|
|
60
60
|
}
|
|
61
61
|
if (options['dotnet-runtime-resolution']) {
|
|
62
62
|
if (manifestType !== types_1.ManifestType.DOTNET_CORE) {
|
|
63
|
-
return Promise.reject(new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions
|
|
63
|
+
return Promise.reject(new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions 6 and higher, all versions of .NET Core and all versions of .NET Standard projects. Supplied project type was parsed as ${manifestType}.`));
|
|
64
64
|
}
|
|
65
65
|
console.warn(`
|
|
66
66
|
\x1b[33m⚠ WARNING\x1b[0m: Testing a .NET project with runtime resolution enabled.
|
|
67
67
|
This should be considered experimental and not relied upon for production use.
|
|
68
|
-
Please report issues with this beta feature by submitting a support
|
|
69
|
-
with the debug (-d) flag at \x1b[
|
|
70
|
-
const results = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], options['project-name-prefix'], options['dotnet-target-framework']);
|
|
68
|
+
Please report issues with this beta feature by submitting a support case, and attach the output of running this command
|
|
69
|
+
with the debug (-d) flag at \x1b[4mhttp://support.snyk.io\x1b[0m.`);
|
|
70
|
+
const results = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], options['useFixForImprovedDotnetFalsePositives'] || false, options['project-name-prefix'], options['dotnet-target-framework']);
|
|
71
71
|
// Construct a MultiProjectResult to send to either the CLI or the SCM scanner.
|
|
72
72
|
const multiProjectResult = {
|
|
73
73
|
plugin: {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;AAkCA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;AAkCA,0BA4GC;AA9ID,8CAA8C;AAC9C,6BAA6B;AAC7B,iDAAiD;AACjD,gDAAoD;AAEpD,qCAIkB;AAGlB,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,oBAAY,CAAC,YAAY,CAAC;QACnC,CAAC;QACD,KAAK,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC3C,OAAO,oBAAY,CAAC,WAAW,CAAC;QAClC,CAAC;QACD,KAAK,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACvC,OAAO,oBAAY,CAAC,eAAe,CAAC;QACtC,CAAC;QACD,KAAK,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC1C,OAAO,oBAAY,CAAC,KAAK,CAAC;QAC5B,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,IAAI,0BAAiB,CACzB,wCAAwC,GAAG,QAAQ,CACpD,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,IAAI,EACJ,UAAU,EACV,OAAQ;IAER,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IACxB,IAAI,YAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAiC,EAAE;QACnE,MAAM,eAAe,GAAG,OAAO,CAAC,IAAI;YAClC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe;YAC9B,CAAC,CAAC,SAAS,CAAC;QACd,OAAO,OAAO,CAAC,IAAI,CAAC;QACpB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;gBACV,aAAa,EAAE,eAAe;aAC/B;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,IAAI,YAAY,KAAK,oBAAY,CAAC,KAAK,EAAE,CAAC;QACxC,OAAO,WAAW;aACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC,EACjD,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,gDAAgD;QACvF,OAAO,CAAC,MAAM,CACf;aACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC7B,CAAC;IAED,IACE,OAAO,CAAC,yBAAyB,CAAC;QAClC,CAAC,OAAO,CAAC,2BAA2B,CAAC,EACrC,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,wBAAe,CACjB,2IAA2I,CAC5I,CACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,2BAA2B,CAAC,EAAE,CAAC;QACzC,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE,CAAC;YAC9C,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,gCAAuB,CACzB,kMAAkM,YAAY,GAAG,CAClN,CACF,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;;;;kEAIiD,CAAC,CAAC;QAEhE,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,sBAAsB,CACtD,IAAI,EACJ,UAAU,EACV,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,uCAAuC,CAAC,IAAI,KAAK,EACzD,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,yBAAyB,CAAC,CACnC,CAAC;QAEF,+EAA+E;QAC/E,MAAM,kBAAkB,GAAuB;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;aACX;YACD,eAAe,EAAE,EAAE;SACpB,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,kBAAkB,CAAC,eAAe,CAAC,IAAI,CAAC;gBACtC,UAAU,EAAE,UAAU;gBACtB,QAAQ,EAAE,MAAM,CAAC,eAAe;gBAChC,IAAI,EAAE;oBACJ,aAAa,EAAE,MAAM,CAAC,eAAe;iBACtC;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,OAAO,WAAW;SACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,OAAO,CAAC,cAAc,EACtB,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,qBAAqB,CAAC,CAC/B;SACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;AAC7B,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export declare function validate(): Promise<string>;
|
|
2
|
+
export declare function execute(args: string[], projectPath: string): Promise<string>;
|
|
2
3
|
export declare function restore(projectPath: string): Promise<void>;
|
|
3
4
|
export declare function run(projectPath: string, options: string[]): Promise<string>;
|
|
4
5
|
export declare function publish(projectPath: string, targetFramework?: string): Promise<string>;
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.validate = validate;
|
|
4
|
+
exports.execute = execute;
|
|
4
5
|
exports.restore = restore;
|
|
5
6
|
exports.run = run;
|
|
6
7
|
exports.publish = publish;
|
|
@@ -11,10 +12,11 @@ const subprocess = require("./subprocess");
|
|
|
11
12
|
const fs = require("fs");
|
|
12
13
|
const os = require("os");
|
|
13
14
|
const debug = debugModule('snyk');
|
|
14
|
-
async function handle(operation, command, args) {
|
|
15
|
+
async function handle(operation, command, args, projectPath) {
|
|
15
16
|
debug(`running dotnet command: ${operation}: ${command}`);
|
|
17
|
+
const options = projectPath ? { cwd: projectPath } : {};
|
|
16
18
|
try {
|
|
17
|
-
return await subprocess.execute(command, args);
|
|
19
|
+
return await subprocess.execute(command, args, options);
|
|
18
20
|
}
|
|
19
21
|
catch (error) {
|
|
20
22
|
if (!(typeof error === 'object' &&
|
|
@@ -23,7 +25,7 @@ async function handle(operation, command, args) {
|
|
|
23
25
|
'stderr' in error)) {
|
|
24
26
|
throw new errors_1.CliCommandError(`dotnet ${operation} failed with error: ${error}`);
|
|
25
27
|
}
|
|
26
|
-
const message = error.
|
|
28
|
+
const message = error.stderr || error.stdout;
|
|
27
29
|
throw new errors_1.CliCommandError(`dotnet ${operation} failed with error: ${message}`);
|
|
28
30
|
}
|
|
29
31
|
}
|
|
@@ -39,6 +41,17 @@ async function validate() {
|
|
|
39
41
|
throw error;
|
|
40
42
|
}
|
|
41
43
|
}
|
|
44
|
+
async function execute(args, projectPath) {
|
|
45
|
+
const command = `dotnet`;
|
|
46
|
+
try {
|
|
47
|
+
const result = await handle('execute', command, args, projectPath);
|
|
48
|
+
return result.stdout.trim();
|
|
49
|
+
}
|
|
50
|
+
catch (error) {
|
|
51
|
+
debug('dotnet tool not found, did you install dotnet core?');
|
|
52
|
+
throw error;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
42
55
|
async function restore(projectPath) {
|
|
43
56
|
const command = 'dotnet';
|
|
44
57
|
const args = [
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../lib/nuget-parser/cli/dotnet.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../lib/nuget-parser/cli/dotnet.ts"],"names":[],"mappings":";;AA0CA,4BAWC;AAED,0BAaC;AAED,0BAaC;AAED,kBAWC;AAED,0BAqDC;AAvJD,qCAAqC;AACrC,yCAA+C;AAC/C,6BAA6B;AAC7B,2CAA2C;AAC3C,yBAAyB;AACzB,yBAAyB;AAEzB,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,KAAK,UAAU,MAAM,CACnB,SAAiB,EACjB,OAAe,EACf,IAAc,EACd,WAAoB;IAEpB,KAAK,CAAC,2BAA2B,SAAS,KAAK,OAAO,EAAE,CAAC,CAAC;IAE1D,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAExD,IAAI,CAAC;QACH,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IACE,CAAC,CACC,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,QAAQ,IAAI,KAAK;YACjB,QAAQ,IAAI,KAAK,CAClB,EACD,CAAC;YACD,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,KAAK,EAAE,CAClD,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC;QAC7C,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,OAAO,EAAE,CACpD,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,QAAQ;IAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAE3B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACtD,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,IAAc,EACd,WAAmB;IAEnB,MAAM,OAAO,GAAG,QAAQ,CAAC;IAEzB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QACnE,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAAC,WAAmB;IAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG;QACX,SAAS;QACT,kFAAkF;QAClF,kFAAkF;QAClF,aAAa;QACb,QAAQ;QACR,IAAI,WAAW,GAAG;QAClB,mDAAmD;KACpD,CAAC;IACF,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACvC,OAAO;AACT,CAAC;AAEM,KAAK,UAAU,GAAG,CACvB,WAAmB,EACnB,OAAiB;IAEjB,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC/B,OAAO,MAAM,CAAC,KAAK,CACjB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CACjE,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,WAAmB,EACnB,eAAwB;IAExB,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACrC,sGAAsG;IACtG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAElB,0DAA0D;IAC1D,qFAAqF;IACrF,oGAAoG;IACpG,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAEnC,yHAAyH;IACzH,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC7B,CAAC;IAED,0GAA0G;IAC1G,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAC5B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,mCAAmC,CAAC,CAC5D,CAAC;IAEF,iDAAiD;IACjD,mIAAmI;IACnI,iDAAiD;IAEjD,uHAAuH;IACvH,2EAA2E;IAC3E,iFAAiF;IAEjF,+GAA+G;IAC/G,yCAAyC;IACzC,4FAA4F;IAE5F,yIAAyI;IACzI,iIAAiI;IAEjI,iHAAiH;IACjH,2HAA2H;IAC3H,IAAI,CAAC,IAAI,CACP,kBAAkB,OAAO,kJAAkJ,CAC5K,CAAC;IAEF,0EAA0E;IAC1E,oFAAoF;IACpF,IAAI,CAAC,IAAI,CAAC,IAAI,WAAW,GAAG,CAAC,CAAC;IAE9B,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAEvC,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import { DotnetCoreV2Results, ManifestType } from './types';
|
|
2
|
-
export declare function buildDepGraphFromFiles(root: string | undefined, targetFile: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, projectNamePrefix?: string, targetFramework?: string): Promise<DotnetCoreV2Results>;
|
|
2
|
+
export declare function buildDepGraphFromFiles(root: string | undefined, targetFile: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, useFixForImprovedDotnetFalsePositives: boolean, projectNamePrefix?: string, targetFramework?: string): Promise<DotnetCoreV2Results>;
|
|
3
3
|
export declare function buildDepTreeFromFiles(root: string | undefined, targetFile: string | undefined, packagesFolderPath: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, projectNamePrefix?: string): Promise<any>;
|
|
@@ -16,6 +16,7 @@ const errors_1 = require("../errors");
|
|
|
16
16
|
const types_1 = require("./types");
|
|
17
17
|
const dotnet = require("./cli/dotnet");
|
|
18
18
|
const nugetFrameworksParser = require("./csharp/nugetframeworks_parser");
|
|
19
|
+
const runtimeAssemblyV2 = require("./runtime-assembly-v2");
|
|
19
20
|
const runtimeAssembly = require("./runtime-assembly");
|
|
20
21
|
const debug = debugModule('snyk');
|
|
21
22
|
const PARSERS = {
|
|
@@ -99,7 +100,7 @@ function findDepsFileInPublishDir(dir, filename) {
|
|
|
99
100
|
}
|
|
100
101
|
return renamedFile || null;
|
|
101
102
|
}
|
|
102
|
-
async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, projectNamePrefix, targetFramework) {
|
|
103
|
+
async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, useFixForImprovedDotnetFalsePositives, projectNamePrefix, targetFramework) {
|
|
103
104
|
const safeRoot = root || '.';
|
|
104
105
|
const safeTargetFile = targetFile || '.';
|
|
105
106
|
const fileContentPath = path.resolve(safeRoot, safeTargetFile);
|
|
@@ -136,7 +137,7 @@ Will attempt to build dependency graph anyway, but the operation might fail.`);
|
|
|
136
137
|
? [targetFramework]
|
|
137
138
|
: targetFrameworks.filter((framework) => {
|
|
138
139
|
if (!depsParser.isSupportedByV2GraphGeneration(framework)) {
|
|
139
|
-
console.warn(`\x1b[33m⚠ WARNING\x1b[0m: The runtime resolution flag is currently only supported for the following TargetFrameworks: .NET versions
|
|
140
|
+
console.warn(`\x1b[33m⚠ WARNING\x1b[0m: The runtime resolution flag is currently only supported for the following TargetFrameworks: .NET versions 6 and higher, all versions of .NET Core and all versions of .NET Standard. Detected a TargetFramework: \x1b[1m${framework}\x1b[0m, which will be skipped.`);
|
|
140
141
|
return false;
|
|
141
142
|
}
|
|
142
143
|
return true;
|
|
@@ -168,15 +169,6 @@ Will attempt to build dependency graph anyway, but the operation might fail.`);
|
|
|
168
169
|
throw new errors_1.CliCommandError(`unable to locate ${filename} anywhere inside ${publishDir}, file is needed for runtime resolution to occur, aborting`);
|
|
169
170
|
}
|
|
170
171
|
const publishedProjectDeps = JSON.parse(depsFile.toString('utf-8'));
|
|
171
|
-
let assemblyVersions = {};
|
|
172
|
-
// Specifically targeting .NET Standard frameworks will not provide any specific runtime assembly information in
|
|
173
|
-
// the published artifacts files, and can thus not be read more precisely than the .deps file will tell us up-front.
|
|
174
|
-
// This probably makes sense when looking at https://dotnet.microsoft.com/en-us/platform/dotnet-standard#versions.
|
|
175
|
-
// As such, we don't generate any runtime assemblies and generate the dependency graph without it.
|
|
176
|
-
if (!decidedTargetFramework.includes('netstandard')) {
|
|
177
|
-
assemblyVersions =
|
|
178
|
-
runtimeAssembly.generateRuntimeAssemblies(publishedProjectDeps);
|
|
179
|
-
}
|
|
180
172
|
// Parse the TargetFramework using Nuget.Frameworks itself, instead of trying to reinvent the wheel, thus ensuring
|
|
181
173
|
// we have maximum context to use later when building the depGraph.
|
|
182
174
|
const response = await dotnet.run(nugetFrameworksParserLocation, [
|
|
@@ -186,7 +178,32 @@ Will attempt to build dependency graph anyway, but the operation might fail.`);
|
|
|
186
178
|
if (targetFrameworkInfo.IsUnsupported) {
|
|
187
179
|
throw new errors_1.InvalidManifestError(`dotnet was not able to parse the target framework ${decidedTargetFramework}, it was reported unsupported by the dotnet runtime`);
|
|
188
180
|
}
|
|
189
|
-
|
|
181
|
+
let assemblyVersions = {};
|
|
182
|
+
// Specifically targeting .NET Standard frameworks will not provide any specific runtime assembly information in
|
|
183
|
+
// the published artifacts files, and can thus not be read more precisely than the .deps file will tell us up-front.
|
|
184
|
+
// This probably makes sense when looking at https://dotnet.microsoft.com/en-us/platform/dotnet-standard#versions.
|
|
185
|
+
// As such, we don't generate any runtime assemblies and generate the dependency graph without it.
|
|
186
|
+
if (useFixForImprovedDotnetFalsePositives) {
|
|
187
|
+
if (!decidedTargetFramework.includes('netstandard')) {
|
|
188
|
+
let projectFolder = '';
|
|
189
|
+
// Get the project folder path
|
|
190
|
+
if (projectPath) {
|
|
191
|
+
projectFolder = path.dirname(projectPath);
|
|
192
|
+
}
|
|
193
|
+
// An important failure point here will be a reference to a version of the dotnet SDK that is
|
|
194
|
+
// not installed in the environment. Ex: global.json specifies 6.0.100, but the only version install in the env is 8.0.100
|
|
195
|
+
// https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet#options-for-displaying-environment-information-and-available-commands
|
|
196
|
+
await dotnet.execute(['--version'], projectFolder);
|
|
197
|
+
assemblyVersions = await runtimeAssemblyV2.generateRuntimeAssemblies(projectFolder || safeRoot);
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
else {
|
|
201
|
+
if (!decidedTargetFramework.includes('netstandard')) {
|
|
202
|
+
assemblyVersions =
|
|
203
|
+
runtimeAssembly.generateRuntimeAssemblies(publishedProjectDeps);
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
const depGraph = parser.depParser.parse(resolvedProjectName, projectAssets, publishedProjectDeps, assemblyVersions, useFixForImprovedDotnetFalsePositives);
|
|
190
207
|
results.push({
|
|
191
208
|
dependencyGraph: depGraph,
|
|
192
209
|
targetFramework: decidedTargetFramework,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/nuget-parser/index.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/nuget-parser/index.ts"],"names":[],"mappings":";;AA6HA,wDA8KC;AAED,sDAuFC;AApYD,yBAAyB;AACzB,6BAA6B;AAC7B,wDAAwD;AACxD,qCAAqC;AACrC,iDAAiD;AACjD,iEAAiE;AACjE,sEAAsE;AACtE,2EAA2E;AAC3E,mEAAmE;AACnE,yEAAyE;AACzE,sCAImB;AACnB,mCAQiB;AACjB,uCAAuC;AACvC,yEAAyE;AACzE,2DAA2D;AAC3D,sDAAsD;AAEtD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,OAAO,GAAG;IACd,aAAa,EAAE;QACb,SAAS,EAAE,gBAAgB;QAC3B,iBAAiB,EAAE,IAAI;KACxB;IACD,gBAAgB,EAAE;QAChB,SAAS,EAAE,kBAAkB;QAC7B,iBAAiB,EAAE,IAAI;KACxB;IACD,iBAAiB,EAAE;QACjB,SAAS,EAAE,qBAAqB;QAChC,iBAAiB,EAAE,oBAAoB;KACxC;IACD,cAAc,EAAE;QACd,SAAS,EAAE,qBAAqB;QAChC,iBAAiB,EAAE,iBAAiB;KACrC;CACF,CAAC;AAEF,SAAS,iBAAiB,CAAC,cAAc,EAAE,iBAAiB;IAC1D,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,WAAW,CAClB,IAAa,EACb,iBAA0B,EAC1B,iBAA0B;IAE1B,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,iBAAiB,IAAI,EAAE,CAAC,CAAC;IACvE,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO,iBAAiB,GAAG,eAAe,CAAC;IAC7C,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,eAAuB;IAC9C,IAAI,CAAC;QACH,KAAK,CAAC,sBAAsB,eAAe,EAAE,CAAC,CAAC;QAC/C,OAAO,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,IAAI,gCAAuB,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW,EAAE,QAAgB;IACvD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;IAChC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,iGAAiG;QACjG,4CAA4C;QAC5C,6DAA6D;IAC/D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iHAAiH;AACjH,gHAAgH;AAChH,wGAAwG;AACxG,SAAS,wBAAwB,CAAC,GAAW,EAAE,QAAQ;IACrD,IAAI,WAAW,GAAkB,IAAI,CAAC;IAEtC,qCAAqC;IACrC,MAAM,SAAS,GAAG,kBAAkB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpD,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAEtC,yFAAyF;QACzF,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YACzC,SAAS;QACX,CAAC;QAED,sDAAsD;QACtD,MAAM,SAAS,GAAG,wBAAwB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC/D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,WAAW,IAAI,IAAI,CAAC;AAC7B,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,IAAwB,EACxB,UAA8B,EAC9B,YAA0B,EAC1B,4BAAqC,EACrC,qCAA8C,EAC9C,iBAA0B,EAC1B,eAAwB;IAExB,MAAM,QAAQ,GAAG,IAAI,IAAI,GAAG,CAAC;IAC7B,MAAM,cAAc,GAAG,UAAU,IAAI,GAAG,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACzC,MAAM,aAAa,GACjB,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAEpD,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;QACvC,MAAM,IAAI,gCAAuB,CAC/B,0DAA0D,cAAc,qDAAqD,CAC9H,CAAC;IACJ,CAAC;IAED,0GAA0G;IAC1G,wGAAwG;IACxG,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAC3E,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CACrE,CAAC;IAEF,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,gCAAuB,CAC/B,0CAA0C,cAAc,qDAAqD,CAC9G,CAAC;IACJ,CAAC;IAED,IAAI,eAAe,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACnE,OAAO,CAAC,IAAI,CAAC,6DAA6D,eAAe;gEAC7B,gBAAgB,CAAC,IAAI,CAC/E,GAAG,CACJ;6EACwE,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,mBAAmB,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IAEzE,MAAM,2BAA2B,GAC/B,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,CAAC;IAC/C,IACE,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,4BAA4B,EAC5B,CAAC;QACD,IAAI,2BAA2B,EAAE,CAAC;YAChC,mBAAmB,GAAG,2BAA2B,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,KAAK,CACH,4FAA4F,mBAAmB,EAAE,CAClH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,kGAAkG;IAClG,MAAM,uBAAuB,GAAG,eAAe;QAC7C,CAAC,CAAC,CAAC,eAAe,CAAC;QACnB,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE;YACpC,IAAI,CAAC,UAAU,CAAC,8BAA8B,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC1D,OAAO,CAAC,IAAI,CACV,qPAAqP,SAAS,iCAAiC,CAChS,CAAC;gBACF,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IAEP,IAAI,uBAAuB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,6BAAoB,CAC5B,uEAAuE,CACxE,CAAC;IACJ,CAAC;IAED,6DAA6D;IAC7D,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;IAExB,0FAA0F;IAC1F,MAAM,6BAA6B,GAAG,qBAAqB,CAAC,QAAQ,EAAE,CAAC;IACvE,MAAM,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAEpD,yGAAyG;IACzG,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;IAC9D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CACV,mLAAmL,CACpL,CAAC;IACJ,CAAC;IAED,uFAAuF;IACvF,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,sBAAsB,IAAI,uBAAuB,EAAE,CAAC;QAC7D,0HAA0H;QAC1H,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,OAAO;QACrC,gKAAgK;QAChK,WAAW,IAAI,QAAQ,EACvB,sBAAsB,CACvB,CAAC;QAEF,gFAAgF;QAChF,MAAM,QAAQ,GAAG,GAAG,2BAA2B,YAAY,CAAC;QAC5D,MAAM,QAAQ,GAAG,wBAAwB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEhE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,wBAAe,CACvB,oBAAoB,QAAQ,oBAAoB,UAAU,4DAA4D,CACvH,CAAC;QACJ,CAAC;QAED,MAAM,oBAAoB,GAAyB,IAAI,CAAC,KAAK,CAC3D,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC3B,CAAC;QAEF,kHAAkH;QAClH,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,6BAA6B,EAAE;YAC/D,sBAAsB;SACvB,CAAC,CAAC;QACH,MAAM,mBAAmB,GAAwB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,mBAAmB,CAAC,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,6BAAoB,CAC5B,qDAAqD,sBAAsB,qDAAqD,CACjI,CAAC;QACJ,CAAC;QAED,IAAI,gBAAgB,GAAqB,EAAE,CAAC;QAE5C,gHAAgH;QAChH,oHAAoH;QACpH,kHAAkH;QAClH,kGAAkG;QAClG,IAAI,qCAAqC,EAAE,CAAC;YAC1C,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACpD,IAAI,aAAa,GAAW,EAAE,CAAC;gBAC/B,8BAA8B;gBAC9B,IAAI,WAAW,EAAE,CAAC;oBAChB,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;gBAC5C,CAAC;gBACD,6FAA6F;gBAC7F,0HAA0H;gBAC1H,mIAAmI;gBACnI,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,EAAE,aAAa,CAAC,CAAC;gBAEnD,gBAAgB,GAAG,MAAM,iBAAiB,CAAC,yBAAyB,CAClE,aAAa,IAAI,QAAQ,CAC1B,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACpD,gBAAgB;oBACd,eAAe,CAAC,yBAAyB,CAAC,oBAAoB,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CACrC,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,gBAAgB,EAChB,qCAAqC,CACtC,CAAC;QAEF,OAAO,CAAC,IAAI,CAAC;YACX,eAAe,EAAE,QAAQ;YACzB,eAAe,EAAE,sBAAsB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAEM,KAAK,UAAU,qBAAqB,CACzC,IAAwB,EACxB,UAA8B,EAC9B,kBAAsC,EACtC,YAA0B,EAC1B,4BAAqC,EACrC,iBAA0B;IAE1B,MAAM,QAAQ,GAAG,IAAI,IAAI,GAAG,CAAC;IAC7B,MAAM,cAAc,GAAG,UAAU,IAAI,GAAG,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;IACrD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,iBAAiB,CACtC,kBAAkB,EAClB,iBAAiB,CAClB,CAAC;IAEF,MAAM,IAAI,GAAG;QACX,YAAY,EAAE,EAAE;QAChB,IAAI,EAAE,EAAE;QACR,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,iBAAiB,EAAE,iBAAiB,CAAC;QAC7D,oBAAoB,EAAE,aAAa;QACnC,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,IAAI,gBAAmC,CAAC;IACxC,IAAI,CAAC;QACH,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE,CAAC;YAC9C,gBAAgB;gBACd,YAAY,CAAC,+BAA+B,CAAC,iBAAiB,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,sEAAsE;YACtE,MAAM,0BAA0B,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;YACxE,gBAAgB,GAAG,YAAY,CAAC,+BAA+B,CAC7D,0BAA0B,CAC3B,CAAC;YAEF,+FAA+F;YAC/F,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACjC,+CAA+C;gBAC/C,IAAI,YAAY,KAAK,oBAAY,CAAC,eAAe,EAAE,CAAC;oBAClD,MAAM,sBAAsB,GAC1B,MAAM,oBAAoB,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC;oBACpE,IAAI,sBAAsB,EAAE,CAAC;wBAC3B,gBAAgB,GAAG,CAAC,sBAAsB,CAAC,CAAC;oBAC9C,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,mDAAmD;IACnD,4FAA4F;IAC5F,MAAM,eAAe,GACnB,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IACzE,IAAI,CAAC,IAAI,GAAG;QACV,eAAe,EAAE,eAAe;KACjC,CAAC;IAEF,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAEzE,IACE,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,4BAA4B,EAC5B,CAAC;QACD,MAAM,WAAW,GAAG,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,CAAC;QAE5D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,KAAK,CACH,2FAA2F;gBACzF,IAAI,CAAC,IAAI,CACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,CAC3B,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,cAAc,CACf,CAAC;AACJ,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import * as depGraphLib from '@snyk/dep-graph';
|
|
2
2
|
import { AssemblyVersions, ProjectAssets, PublishedProjectDeps } from '../types';
|
|
3
3
|
export declare const FILTERED_DEPENDENCY_PREFIX: string[];
|
|
4
|
-
export declare function parse(projectName: string, projectAssets: ProjectAssets, publishedProjectDeps: PublishedProjectDeps, runtimeAssembly: AssemblyVersions): depGraphLib.DepGraph;
|
|
4
|
+
export declare function parse(projectName: string, projectAssets: ProjectAssets, publishedProjectDeps: PublishedProjectDeps, runtimeAssembly: AssemblyVersions, useFixForImprovedDotnetFalsePositives: boolean): depGraphLib.DepGraph;
|
|
@@ -15,7 +15,7 @@ exports.FILTERED_DEPENDENCY_PREFIX = [
|
|
|
15
15
|
// dependencies are causing noise for the customers and are not of interested.
|
|
16
16
|
'runtime',
|
|
17
17
|
];
|
|
18
|
-
function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAssembly, visited) {
|
|
18
|
+
function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAssembly, useFixForImprovedDotnetFalsePositives, visited) {
|
|
19
19
|
const parentId = node.type === 'root' ? 'root-node' : `${node.name}@${node.version}`;
|
|
20
20
|
for (const depNode of Object.entries(node.dependencies || {})) {
|
|
21
21
|
const localVisited = visited || new Set();
|
|
@@ -36,11 +36,18 @@ function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAsse
|
|
|
36
36
|
// If we're looking at a runtime assembly version for self-contained dlls, overwrite the dependency version
|
|
37
37
|
// we've found in the graph with those from the runtime assembly, as they take precedence.
|
|
38
38
|
let assemblyVersion = version;
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
39
|
+
if (useFixForImprovedDotnetFalsePositives) {
|
|
40
|
+
if (name in runtimeAssembly) {
|
|
41
|
+
assemblyVersion = runtimeAssembly[name];
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
else {
|
|
45
|
+
// The RuntimeAssembly type contains the name with a .dll suffix, as this is how .NET represents them in the
|
|
46
|
+
// dependency file. This must be stripped in order to match the elements during depGraph construction.
|
|
47
|
+
const dll = `${name}.dll`;
|
|
48
|
+
if (dll in runtimeAssembly) {
|
|
49
|
+
assemblyVersion = runtimeAssembly[dll];
|
|
50
|
+
}
|
|
44
51
|
}
|
|
45
52
|
if (localVisited.has(childId)) {
|
|
46
53
|
const prunedId = `${childId}:pruned`;
|
|
@@ -53,7 +60,7 @@ function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAsse
|
|
|
53
60
|
depGraphBuilder.addPkgNode({ name: childNode.name, version: assemblyVersion }, childId);
|
|
54
61
|
depGraphBuilder.connectDep(parentId, childId);
|
|
55
62
|
localVisited.add(childId);
|
|
56
|
-
recursivelyPopulateNodes(depGraphBuilder, targetDeps, childNode, runtimeAssembly, localVisited);
|
|
63
|
+
recursivelyPopulateNodes(depGraphBuilder, targetDeps, childNode, runtimeAssembly, useFixForImprovedDotnetFalsePositives, localVisited);
|
|
57
64
|
}
|
|
58
65
|
}
|
|
59
66
|
function getRestoredProjectName(publishedProjectDeps, runtimeTarget, projectName) {
|
|
@@ -75,7 +82,7 @@ function extractLocalProjects(libs) {
|
|
|
75
82
|
function getDllName(depName) {
|
|
76
83
|
return `${depName}.dll`;
|
|
77
84
|
}
|
|
78
|
-
function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly) {
|
|
85
|
+
function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly, useFixForImprovedDotnetFalsePositives) {
|
|
79
86
|
const depGraphBuilder = new dep_graph_1.DepGraphBuilder({ name: 'nuget' }, {
|
|
80
87
|
name: projectName,
|
|
81
88
|
version: projectAssets.project.version,
|
|
@@ -113,39 +120,42 @@ function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAss
|
|
|
113
120
|
type: 'root',
|
|
114
121
|
dependencies: topLevelDepPackages,
|
|
115
122
|
};
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
const
|
|
125
|
-
|
|
126
|
-
runtimeAssembly[dllName]
|
|
123
|
+
if (!useFixForImprovedDotnetFalsePositives) {
|
|
124
|
+
// runtimeAssembly doesn't have entries if the target framework is `netstandard`
|
|
125
|
+
if (Object.keys(runtimeAssembly).length > 0) {
|
|
126
|
+
const localPackagesNames = extractLocalProjects(publishedProjectDeps.libraries);
|
|
127
|
+
const targets = publishedProjectDeps.targets[runtimeTarget];
|
|
128
|
+
// Overwriting the runtime versions with the values used in local projects.
|
|
129
|
+
for (const pgkName of localPackagesNames) {
|
|
130
|
+
if (targets[pgkName]?.dependencies) {
|
|
131
|
+
for (const [key, value] of Object.entries(targets[pgkName].dependencies)) {
|
|
132
|
+
const dllName = getDllName(key);
|
|
133
|
+
if (runtimeAssembly[dllName]) {
|
|
134
|
+
runtimeAssembly[dllName] = value;
|
|
135
|
+
}
|
|
127
136
|
}
|
|
128
137
|
}
|
|
129
138
|
}
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
+
// Overwriting the runtime versions with the values used in fetched packages.
|
|
140
|
+
for (const [key, value] of Object.entries(targets)) {
|
|
141
|
+
if (value && Object.keys(value).length === 0) {
|
|
142
|
+
const [depName, depVersion] = key.split('/');
|
|
143
|
+
const dllName = getDllName(depName);
|
|
144
|
+
// NuGet’s dependency resolution mechanism will choose the higher available version.
|
|
145
|
+
if (runtimeAssembly[dllName] &&
|
|
146
|
+
depVersion > runtimeAssembly[dllName]) {
|
|
147
|
+
runtimeAssembly[dllName] = depVersion;
|
|
148
|
+
}
|
|
139
149
|
}
|
|
140
150
|
}
|
|
141
151
|
}
|
|
142
152
|
}
|
|
143
|
-
recursivelyPopulateNodes(depGraphBuilder, targetDependencies, rootNode, runtimeAssembly);
|
|
153
|
+
recursivelyPopulateNodes(depGraphBuilder, targetDependencies, rootNode, runtimeAssembly, useFixForImprovedDotnetFalsePositives);
|
|
144
154
|
return depGraphBuilder.build();
|
|
145
155
|
}
|
|
146
|
-
function parse(projectName, projectAssets, publishedProjectDeps, runtimeAssembly) {
|
|
156
|
+
function parse(projectName, projectAssets, publishedProjectDeps, runtimeAssembly, useFixForImprovedDotnetFalsePositives) {
|
|
147
157
|
debug('Trying to parse .net core manifest with v2 depGraph builder');
|
|
148
|
-
const result = buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly);
|
|
158
|
+
const result = buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly, useFixForImprovedDotnetFalsePositives);
|
|
149
159
|
return result;
|
|
150
160
|
}
|
|
151
161
|
//# sourceMappingURL=dotnet-core-v2-parser.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;AAsQA,sBAiBC;AAvRD,qCAAqC;AAErC,+CAAkD;AAMlD,yCAAoD;AAEpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAYlC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,UAAyC,EACzC,IAAmB,EACnB,eAAiC,EACjC,qCAA8C,EAC9C,OAAqB;IAErB,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;IAEtE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,IAAI,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE3B,gHAAgH;QAChH,+FAA+F;QAC/F,IAAI,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACzE,KAAK,CAAC,GAAG,IAAI,kDAAkD,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG;YAChB,GAAG,UAAU,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;YACnC,IAAI;YACJ,OAAO;SACR,CAAC;QAEF,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QAEzD,2GAA2G;QAC3G,0FAA0F;QAC1F,IAAI,eAAe,GAAG,OAAO,CAAC;QAE9B,IAAI,qCAAqC,EAAE,CAAC;YAC1C,IAAI,IAAI,IAAI,eAAe,EAAE,CAAC;gBAC5B,eAAe,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,4GAA4G;YAC5G,sGAAsG;YACtG,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;YAC1B,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;gBAC3B,eAAe,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,wBAAwB,CACtB,eAAe,EACf,UAAU,EACV,SAAS,EACT,eAAe,EACf,qCAAqC,EACrC,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,oBAA0C,EAC1C,aAAqB,EACrB,WAAmB;IAEnB,OAAO,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACzE,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAC1B,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAyB;IACrD,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,sFAAsF;YACtF,uHAAuH;YACvH,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACpE,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,GAAG,OAAO,MAAM,CAAC;AAC1B,CAAC;AAED,SAAS,UAAU,CACjB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC,EACjC,qCAA8C;IAE9C,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,iHAAiH;IACjH,qDAAqD;IACrD,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAC,IAAI,CAAC;IAE9D,oFAAoF;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,6BAAoB,CAC5B,2HAA2H,CAC5H,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,aAAa,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,6BAAoB,CAC5B,MAAM,aAAa,sDAAsD,CAC1E,CAAC;IACJ,CAAC;IAED,iHAAiH;IACjH,kHAAkH;IAClH,2GAA2G;IAC3G,MAAM,kBAAkB,GACtB,sBAAsB,CACpB,oBAAoB,EACpB,aAAa,EACb,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAC1C;QACD,8DAA8D;QAC9D,oIAAoI;QACpI,sBAAsB,CAAC,oBAAoB,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;IAE3E,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,6BAAoB,CAC5B,8BAA8B,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,OAAO,WAAW,aAAa,aAAa,qCAAqC,CACzJ,CAAC;IACJ,CAAC;IAED,6GAA6G;IAC7G,+CAA+C;IAC/C,MAAM,mBAAmB,GACvB,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,kBAAkB,CAAC;SAC5D,YAAY,CAAC;IAElB,mHAAmH;IACnH,MAAM,kBAAkB,GAAkC,MAAM,CAAC,OAAO,CACtE,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAC5C,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACtB,MAAM,CAAC,eAAe,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;QACrC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC;IAC5C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,mBAAmB;KACjB,CAAC;IAEnB,IAAI,CAAC,qCAAqC,EAAE,CAAC;QAC3C,gFAAgF;QAChF,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,MAAM,kBAAkB,GAAG,oBAAoB,CAC7C,oBAAoB,CAAC,SAAS,CAC/B,CAAC;YAEF,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAE5D,2EAA2E;YAC3E,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;gBACzC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;oBACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CACvC,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,CAC9B,EAAE,CAAC;wBACF,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;wBAChC,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC7B,eAAe,CAAC,OAAO,CAAC,GAAG,KAAe,CAAC;wBAC7C,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,6EAA6E;YAC7E,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,IAAI,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC7C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;oBACpC,oFAAoF;oBACpF,IACE,eAAe,CAAC,OAAO,CAAC;wBACxB,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,EACrC,CAAC;wBACD,eAAe,CAAC,OAAO,CAAC,GAAG,UAAoB,CAAC;oBAClD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wBAAwB,CACtB,eAAe,EACf,kBAAkB,EAClB,QAAQ,EACR,eAAe,EACf,qCAAqC,CACtC,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC,EACjC,qCAA8C;IAE9C,KAAK,CAAC,6DAA6D,CAAC,CAAC;IAErE,MAAM,MAAM,GAAG,UAAU,CACvB,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,eAAe,EACf,qCAAqC,CACtC,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.generateRuntimeAssemblies = generateRuntimeAssemblies;
|
|
4
|
+
const errors_1 = require("../errors");
|
|
5
|
+
const debugModule = require("debug");
|
|
6
|
+
const dotnet = require("./cli/dotnet");
|
|
7
|
+
const fs = require("fs");
|
|
8
|
+
const path = require("path");
|
|
9
|
+
const debug = debugModule('snyk');
|
|
10
|
+
const DOTNET_DEPS_JSON = 'dotnet.deps.json';
|
|
11
|
+
const PACKAGE_OVERRIDES_FILE = 'data/PackageOverrides.txt';
|
|
12
|
+
const PACKS_PATH = '/packs/Microsoft.NETCore.App.Ref/';
|
|
13
|
+
// Relying on dotnet to fetch the right version that the project will use.
|
|
14
|
+
// Details: https://learn.microsoft.com/en-us/dotnet/core/versions/selection#the-sdk-uses-the-latest-installed-version
|
|
15
|
+
// And here: https://learn.microsoft.com/en-us/dotnet/core/tools/global-json#matching-rules
|
|
16
|
+
async function extractSdkInfo(projectPath) {
|
|
17
|
+
const infoOutput = await dotnet.execute(['--info'], projectPath);
|
|
18
|
+
const regex = /Version:\s*([\d.]+).*?\.NET SDKs installed:\s*([\s\S]*?)(?:\n\s*\1\s+\[(.*?)\])/s;
|
|
19
|
+
const match = infoOutput.match(regex);
|
|
20
|
+
if (!match) {
|
|
21
|
+
throw new errors_1.CliCommandError(`Could not fetch details about the dotnet SDK. Cannot continue without it.
|
|
22
|
+
Dotnet info output: ${infoOutput}`);
|
|
23
|
+
}
|
|
24
|
+
return { sdkVersion: match[1], sdkPath: match[3] };
|
|
25
|
+
}
|
|
26
|
+
function findLatestMatchingVersion(input, sdkVersion) {
|
|
27
|
+
const majorSdkVersion = sdkVersion.split('.')[0];
|
|
28
|
+
const regex = new RegExp(`Microsoft\\.NETCore\\.App ${majorSdkVersion}\\.(\\d+\\.\\d+) \\[`, 'g');
|
|
29
|
+
let lastMatchVersion = null;
|
|
30
|
+
let match;
|
|
31
|
+
while ((match = regex.exec(input)) !== null) {
|
|
32
|
+
lastMatchVersion = `${majorSdkVersion}.${match[1]}`;
|
|
33
|
+
}
|
|
34
|
+
if (!lastMatchVersion) {
|
|
35
|
+
throw new errors_1.CliCommandError(`Could not fetch details about the dotnet runtime. Cannot continue without it.
|
|
36
|
+
Dotnet list-runtimes output: ${input}`);
|
|
37
|
+
}
|
|
38
|
+
return lastMatchVersion;
|
|
39
|
+
}
|
|
40
|
+
// The Nuget dependency resolution rule of lowest applicable version
|
|
41
|
+
// (see https://learn.microsoft.com/en-us/nuget/concepts/dependency-resolution#lowest-applicable-version)
|
|
42
|
+
// does not apply to runtime dependencies. If you resolve a dependency graph of some package, that depends on
|
|
43
|
+
// System.Http.Net 4.0.0, you might still very well end up using System.Http.Net 7.0.0 if you are running your
|
|
44
|
+
// executable on .net7.0.
|
|
45
|
+
// The libraries and package overrides defined in the current sdk will give a good estimate of what runtime dependencies are going to be used,
|
|
46
|
+
// so we inspect that for information.
|
|
47
|
+
// See https://natemcmaster.com/blog/2017/12/21/netcore-primitives/ for a good overview.
|
|
48
|
+
// And https://github.com/dotnet/sdk/blob/main/documentation/specs/runtime-configuration-file.md for the official
|
|
49
|
+
// explanation of what the `deps.json` file is doing that we are traversing.
|
|
50
|
+
async function generateRuntimeAssemblies(projectPath) {
|
|
51
|
+
debug(`Extracting runtime assemblies`);
|
|
52
|
+
const runtimeAssemblyVersions = {};
|
|
53
|
+
const { sdkVersion, sdkPath } = await extractSdkInfo(projectPath);
|
|
54
|
+
try {
|
|
55
|
+
const sdkDataPath = `${sdkPath}/${sdkVersion}/${DOTNET_DEPS_JSON}`;
|
|
56
|
+
const sdkData = fs.readFileSync(sdkDataPath, 'utf-8');
|
|
57
|
+
const assemblies = JSON.parse(sdkData);
|
|
58
|
+
for (const [assemblyName, value] of Object.entries(assemblies.libraries)) {
|
|
59
|
+
// We're only insterested in packages that are part of the NuGet Gallery
|
|
60
|
+
// https://github.com/dotnet/sdk/blob/main/documentation/specs/runtime-configuration-file.md#libraries-section-depsjson
|
|
61
|
+
if (value.serviceable && value.sha512) {
|
|
62
|
+
const [name, version] = assemblyName.split('/');
|
|
63
|
+
runtimeAssemblyVersions[name] = version;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
catch (err) {
|
|
68
|
+
throw new errors_1.FileNotProcessableError(`Failed to process dotnet.deps.json, error: ${err}`);
|
|
69
|
+
}
|
|
70
|
+
const localRuntimes = await dotnet.execute(['--list-runtimes'], projectPath);
|
|
71
|
+
const runtimeVersion = findLatestMatchingVersion(localRuntimes, sdkVersion);
|
|
72
|
+
try {
|
|
73
|
+
const overridesPath = `${path.dirname(sdkPath)}${PACKS_PATH}${runtimeVersion}/${PACKAGE_OVERRIDES_FILE}`;
|
|
74
|
+
const overridesAssemblies = fs.readFileSync(overridesPath, 'utf-8');
|
|
75
|
+
for (const pkg of overridesAssemblies.split('\n')) {
|
|
76
|
+
if (pkg) {
|
|
77
|
+
const [name, version] = pkg.split('|');
|
|
78
|
+
// Trim any carriage return
|
|
79
|
+
runtimeAssemblyVersions[name] = version.trim();
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
catch (err) {
|
|
84
|
+
throw new errors_1.FileNotProcessableError(`Failed to read PackageOverrides.txt, error: ${err}`);
|
|
85
|
+
}
|
|
86
|
+
if (Object.keys(runtimeAssemblyVersions).length === 0) {
|
|
87
|
+
throw new errors_1.FileNotProcessableError('Runtime assembly versions collection is empty');
|
|
88
|
+
}
|
|
89
|
+
debug(`Finished extracting runtime assemblies`);
|
|
90
|
+
return runtimeAssemblyVersions;
|
|
91
|
+
}
|
|
92
|
+
//# sourceMappingURL=runtime-assembly-v2.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"runtime-assembly-v2.js","sourceRoot":"","sources":["../../lib/nuget-parser/runtime-assembly-v2.ts"],"names":[],"mappings":";;AAsEA,8DAsDC;AA3HD,sCAAqE;AACrE,qCAAqC;AACrC,uCAAuC;AACvC,yBAAyB;AACzB,6BAA6B;AAE7B,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAOlC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AAC5C,MAAM,sBAAsB,GAAG,2BAA2B,CAAC;AAC3D,MAAM,UAAU,GAAG,mCAAmC,CAAC;AAEvD,0EAA0E;AAC1E,sHAAsH;AACtH,2FAA2F;AAC3F,KAAK,UAAU,cAAc,CAAC,WAAmB;IAC/C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC;IACjE,MAAM,KAAK,GACT,kFAAkF,CAAC;IACrF,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEtC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,wBAAe,CACvB;4BACsB,UAAU,EAAE,CACnC,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAa,EAAE,UAAkB;IAClE,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,6BAA6B,eAAe,sBAAsB,EAClE,GAAG,CACJ,CAAC;IACF,IAAI,gBAAgB,GAAkB,IAAI,CAAC;IAC3C,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,gBAAgB,GAAG,GAAG,eAAe,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACtD,CAAC;IAED,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,wBAAe,CACvB;qCAC+B,KAAK,EAAE,CACvC,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,oEAAoE;AACpE,yGAAyG;AACzG,6GAA6G;AAC7G,8GAA8G;AAC9G,yBAAyB;AACzB,8IAA8I;AAC9I,sCAAsC;AACtC,wFAAwF;AACxF,iHAAiH;AACjH,4EAA4E;AACrE,KAAK,UAAU,yBAAyB,CAC7C,WAAmB;IAEnB,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAEvC,MAAM,uBAAuB,GAAqB,EAAE,CAAC;IAErD,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,CAAC;IAClE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,GAAG,OAAO,IAAI,UAAU,IAAI,gBAAgB,EAAE,CAAC;QACnE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACtD,MAAM,UAAU,GAAyB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE7D,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACzE,wEAAwE;YACxE,uHAAuH;YACvH,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAChD,uBAAuB,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,gCAAuB,CAC/B,8CAA8C,GAAG,EAAE,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,iBAAiB,CAAC,EAAE,WAAW,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,yBAAyB,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IAE5E,IAAI,CAAC;QACH,MAAM,aAAa,GAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,UAAU,GAAG,cAAc,IAAI,sBAAsB,EAAE,CAAC;QACjH,MAAM,mBAAmB,GAAW,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC5E,KAAK,MAAM,GAAG,IAAI,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvC,2BAA2B;gBAC3B,uBAAuB,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,gCAAuB,CAC/B,+CAA+C,GAAG,EAAE,CACrD,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,gCAAuB,CAC/B,+CAA+C,CAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAChD,OAAO,uBAAuB,CAAC;AACjC,CAAC"}
|
package/package.json
CHANGED