snyk-nuget-plugin 2.7.17 → 2.7.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +3 -3
- package/dist/index.js.map +1 -1
- package/dist/nuget-parser/cli/dotnet.d.ts +1 -0
- package/dist/nuget-parser/cli/dotnet.js +16 -3
- package/dist/nuget-parser/cli/dotnet.js.map +1 -1
- package/dist/nuget-parser/index.d.ts +1 -1
- package/dist/nuget-parser/index.js +28 -11
- package/dist/nuget-parser/index.js.map +1 -1
- package/dist/nuget-parser/parsers/dotnet-core-v2-parser.d.ts +1 -1
- package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js +45 -32
- package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js.map +1 -1
- package/dist/nuget-parser/runtime-assembly-v2.d.ts +2 -0
- package/dist/nuget-parser/runtime-assembly-v2.js +92 -0
- package/dist/nuget-parser/runtime-assembly-v2.js.map +1 -0
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -65,9 +65,9 @@ async function inspect(root, targetFile, options) {
|
|
|
65
65
|
console.warn(`
|
|
66
66
|
\x1b[33m⚠ WARNING\x1b[0m: Testing a .NET project with runtime resolution enabled.
|
|
67
67
|
This should be considered experimental and not relied upon for production use.
|
|
68
|
-
Please report issues with this beta feature by submitting a support
|
|
69
|
-
with the debug (-d) flag at \x1b[
|
|
70
|
-
const results = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], options['project-name-prefix'], options['dotnet-target-framework']);
|
|
68
|
+
Please report issues with this beta feature by submitting a support case, and attach the output of running this command
|
|
69
|
+
with the debug (-d) flag at \x1b[4mhttp://support.snyk.io\x1b[0m.`);
|
|
70
|
+
const results = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], options['useFixForImprovedDotnetFalsePositives'] || false, options['project-name-prefix'], options['dotnet-target-framework']);
|
|
71
71
|
// Construct a MultiProjectResult to send to either the CLI or the SCM scanner.
|
|
72
72
|
const multiProjectResult = {
|
|
73
73
|
plugin: {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;AAkCA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;AAkCA,0BA4GC;AA9ID,8CAA8C;AAC9C,6BAA6B;AAC7B,iDAAiD;AACjD,gDAAoD;AAEpD,qCAIkB;AAGlB,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,oBAAY,CAAC,YAAY,CAAC;QACnC,CAAC;QACD,KAAK,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC3C,OAAO,oBAAY,CAAC,WAAW,CAAC;QAClC,CAAC;QACD,KAAK,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACvC,OAAO,oBAAY,CAAC,eAAe,CAAC;QACtC,CAAC;QACD,KAAK,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC1C,OAAO,oBAAY,CAAC,KAAK,CAAC;QAC5B,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,IAAI,0BAAiB,CACzB,wCAAwC,GAAG,QAAQ,CACpD,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,IAAI,EACJ,UAAU,EACV,OAAQ;IAER,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IACxB,IAAI,YAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAiC,EAAE;QACnE,MAAM,eAAe,GAAG,OAAO,CAAC,IAAI;YAClC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe;YAC9B,CAAC,CAAC,SAAS,CAAC;QACd,OAAO,OAAO,CAAC,IAAI,CAAC;QACpB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;gBACV,aAAa,EAAE,eAAe;aAC/B;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,IAAI,YAAY,KAAK,oBAAY,CAAC,KAAK,EAAE,CAAC;QACxC,OAAO,WAAW;aACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC,EACjD,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,gDAAgD;QACvF,OAAO,CAAC,MAAM,CACf;aACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC7B,CAAC;IAED,IACE,OAAO,CAAC,yBAAyB,CAAC;QAClC,CAAC,OAAO,CAAC,2BAA2B,CAAC,EACrC,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,wBAAe,CACjB,2IAA2I,CAC5I,CACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,2BAA2B,CAAC,EAAE,CAAC;QACzC,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE,CAAC;YAC9C,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,gCAAuB,CACzB,kMAAkM,YAAY,GAAG,CAClN,CACF,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;;;;kEAIiD,CAAC,CAAC;QAEhE,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,sBAAsB,CACtD,IAAI,EACJ,UAAU,EACV,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,uCAAuC,CAAC,IAAI,KAAK,EACzD,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,yBAAyB,CAAC,CACnC,CAAC;QAEF,+EAA+E;QAC/E,MAAM,kBAAkB,GAAuB;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;aACX;YACD,eAAe,EAAE,EAAE;SACpB,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,kBAAkB,CAAC,eAAe,CAAC,IAAI,CAAC;gBACtC,UAAU,EAAE,UAAU;gBACtB,QAAQ,EAAE,MAAM,CAAC,eAAe;gBAChC,IAAI,EAAE;oBACJ,aAAa,EAAE,MAAM,CAAC,eAAe;iBACtC;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,OAAO,WAAW;SACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,OAAO,CAAC,cAAc,EACtB,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,qBAAqB,CAAC,CAC/B;SACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;AAC7B,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export declare function validate(): Promise<string>;
|
|
2
|
+
export declare function execute(args: string[], projectPath: string): Promise<string>;
|
|
2
3
|
export declare function restore(projectPath: string): Promise<void>;
|
|
3
4
|
export declare function run(projectPath: string, options: string[]): Promise<string>;
|
|
4
5
|
export declare function publish(projectPath: string, targetFramework?: string): Promise<string>;
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.validate = validate;
|
|
4
|
+
exports.execute = execute;
|
|
4
5
|
exports.restore = restore;
|
|
5
6
|
exports.run = run;
|
|
6
7
|
exports.publish = publish;
|
|
@@ -11,10 +12,11 @@ const subprocess = require("./subprocess");
|
|
|
11
12
|
const fs = require("fs");
|
|
12
13
|
const os = require("os");
|
|
13
14
|
const debug = debugModule('snyk');
|
|
14
|
-
async function handle(operation, command, args) {
|
|
15
|
+
async function handle(operation, command, args, projectPath) {
|
|
15
16
|
debug(`running dotnet command: ${operation}: ${command}`);
|
|
17
|
+
const options = projectPath ? { cwd: projectPath } : {};
|
|
16
18
|
try {
|
|
17
|
-
return await subprocess.execute(command, args);
|
|
19
|
+
return await subprocess.execute(command, args, options);
|
|
18
20
|
}
|
|
19
21
|
catch (error) {
|
|
20
22
|
if (!(typeof error === 'object' &&
|
|
@@ -23,7 +25,7 @@ async function handle(operation, command, args) {
|
|
|
23
25
|
'stderr' in error)) {
|
|
24
26
|
throw new errors_1.CliCommandError(`dotnet ${operation} failed with error: ${error}`);
|
|
25
27
|
}
|
|
26
|
-
const message = error.
|
|
28
|
+
const message = error.stderr || error.stdout;
|
|
27
29
|
throw new errors_1.CliCommandError(`dotnet ${operation} failed with error: ${message}`);
|
|
28
30
|
}
|
|
29
31
|
}
|
|
@@ -39,6 +41,17 @@ async function validate() {
|
|
|
39
41
|
throw error;
|
|
40
42
|
}
|
|
41
43
|
}
|
|
44
|
+
async function execute(args, projectPath) {
|
|
45
|
+
const command = `dotnet`;
|
|
46
|
+
try {
|
|
47
|
+
const result = await handle('execute', command, args, projectPath);
|
|
48
|
+
return result.stdout.trim();
|
|
49
|
+
}
|
|
50
|
+
catch (error) {
|
|
51
|
+
debug('dotnet tool not found, did you install dotnet core?');
|
|
52
|
+
throw error;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
42
55
|
async function restore(projectPath) {
|
|
43
56
|
const command = 'dotnet';
|
|
44
57
|
const args = [
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../lib/nuget-parser/cli/dotnet.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../lib/nuget-parser/cli/dotnet.ts"],"names":[],"mappings":";;AA0CA,4BAWC;AAED,0BAaC;AAED,0BAaC;AAED,kBAWC;AAED,0BAqDC;AAvJD,qCAAqC;AACrC,yCAA+C;AAC/C,6BAA6B;AAC7B,2CAA2C;AAC3C,yBAAyB;AACzB,yBAAyB;AAEzB,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,KAAK,UAAU,MAAM,CACnB,SAAiB,EACjB,OAAe,EACf,IAAc,EACd,WAAoB;IAEpB,KAAK,CAAC,2BAA2B,SAAS,KAAK,OAAO,EAAE,CAAC,CAAC;IAE1D,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAExD,IAAI,CAAC;QACH,OAAO,MAAM,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IACE,CAAC,CACC,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,QAAQ,IAAI,KAAK;YACjB,QAAQ,IAAI,KAAK,CAClB,EACD,CAAC;YACD,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,KAAK,EAAE,CAClD,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC;QAC7C,MAAM,IAAI,wBAAe,CACvB,UAAU,SAAS,uBAAuB,OAAO,EAAE,CACpD,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,QAAQ;IAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAE3B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACtD,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,IAAc,EACd,WAAmB;IAEnB,MAAM,OAAO,GAAG,QAAQ,CAAC;IAEzB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QACnE,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAAC,WAAmB;IAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG;QACX,SAAS;QACT,kFAAkF;QAClF,kFAAkF;QAClF,aAAa;QACb,QAAQ;QACR,IAAI,WAAW,GAAG;QAClB,mDAAmD;KACpD,CAAC;IACF,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACvC,OAAO;AACT,CAAC;AAEM,KAAK,UAAU,GAAG,CACvB,WAAmB,EACnB,OAAiB;IAEjB,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC/B,OAAO,MAAM,CAAC,KAAK,CACjB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CACjE,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,WAAmB,EACnB,eAAwB;IAExB,MAAM,OAAO,GAAG,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACrC,sGAAsG;IACtG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAElB,0DAA0D;IAC1D,qFAAqF;IACrF,oGAAoG;IACpG,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAEnC,yHAAyH;IACzH,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC7B,CAAC;IAED,0GAA0G;IAC1G,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAC5B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,mCAAmC,CAAC,CAC5D,CAAC;IAEF,iDAAiD;IACjD,mIAAmI;IACnI,iDAAiD;IAEjD,uHAAuH;IACvH,2EAA2E;IAC3E,iFAAiF;IAEjF,+GAA+G;IAC/G,yCAAyC;IACzC,4FAA4F;IAE5F,yIAAyI;IACzI,iIAAiI;IAEjI,iHAAiH;IACjH,2HAA2H;IAC3H,IAAI,CAAC,IAAI,CACP,kBAAkB,OAAO,kJAAkJ,CAC5K,CAAC;IAEF,0EAA0E;IAC1E,oFAAoF;IACpF,IAAI,CAAC,IAAI,CAAC,IAAI,WAAW,GAAG,CAAC,CAAC;IAE9B,MAAM,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAEvC,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import { DotnetCoreV2Results, ManifestType } from './types';
|
|
2
|
-
export declare function buildDepGraphFromFiles(root: string | undefined, targetFile: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, projectNamePrefix?: string, targetFramework?: string): Promise<DotnetCoreV2Results>;
|
|
2
|
+
export declare function buildDepGraphFromFiles(root: string | undefined, targetFile: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, useFixForImprovedDotnetFalsePositives: boolean, projectNamePrefix?: string, targetFramework?: string): Promise<DotnetCoreV2Results>;
|
|
3
3
|
export declare function buildDepTreeFromFiles(root: string | undefined, targetFile: string | undefined, packagesFolderPath: string | undefined, manifestType: ManifestType, useProjectNameFromAssetsFile: boolean, projectNamePrefix?: string): Promise<any>;
|
|
@@ -16,6 +16,7 @@ const errors_1 = require("../errors");
|
|
|
16
16
|
const types_1 = require("./types");
|
|
17
17
|
const dotnet = require("./cli/dotnet");
|
|
18
18
|
const nugetFrameworksParser = require("./csharp/nugetframeworks_parser");
|
|
19
|
+
const runtimeAssemblyV2 = require("./runtime-assembly-v2");
|
|
19
20
|
const runtimeAssembly = require("./runtime-assembly");
|
|
20
21
|
const debug = debugModule('snyk');
|
|
21
22
|
const PARSERS = {
|
|
@@ -99,7 +100,7 @@ function findDepsFileInPublishDir(dir, filename) {
|
|
|
99
100
|
}
|
|
100
101
|
return renamedFile || null;
|
|
101
102
|
}
|
|
102
|
-
async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, projectNamePrefix, targetFramework) {
|
|
103
|
+
async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, useFixForImprovedDotnetFalsePositives, projectNamePrefix, targetFramework) {
|
|
103
104
|
const safeRoot = root || '.';
|
|
104
105
|
const safeTargetFile = targetFile || '.';
|
|
105
106
|
const fileContentPath = path.resolve(safeRoot, safeTargetFile);
|
|
@@ -168,15 +169,6 @@ Will attempt to build dependency graph anyway, but the operation might fail.`);
|
|
|
168
169
|
throw new errors_1.CliCommandError(`unable to locate ${filename} anywhere inside ${publishDir}, file is needed for runtime resolution to occur, aborting`);
|
|
169
170
|
}
|
|
170
171
|
const publishedProjectDeps = JSON.parse(depsFile.toString('utf-8'));
|
|
171
|
-
let assemblyVersions = {};
|
|
172
|
-
// Specifically targeting .NET Standard frameworks will not provide any specific runtime assembly information in
|
|
173
|
-
// the published artifacts files, and can thus not be read more precisely than the .deps file will tell us up-front.
|
|
174
|
-
// This probably makes sense when looking at https://dotnet.microsoft.com/en-us/platform/dotnet-standard#versions.
|
|
175
|
-
// As such, we don't generate any runtime assemblies and generate the dependency graph without it.
|
|
176
|
-
if (!decidedTargetFramework.includes('netstandard')) {
|
|
177
|
-
assemblyVersions =
|
|
178
|
-
runtimeAssembly.generateRuntimeAssemblies(publishedProjectDeps);
|
|
179
|
-
}
|
|
180
172
|
// Parse the TargetFramework using Nuget.Frameworks itself, instead of trying to reinvent the wheel, thus ensuring
|
|
181
173
|
// we have maximum context to use later when building the depGraph.
|
|
182
174
|
const response = await dotnet.run(nugetFrameworksParserLocation, [
|
|
@@ -186,7 +178,32 @@ Will attempt to build dependency graph anyway, but the operation might fail.`);
|
|
|
186
178
|
if (targetFrameworkInfo.IsUnsupported) {
|
|
187
179
|
throw new errors_1.InvalidManifestError(`dotnet was not able to parse the target framework ${decidedTargetFramework}, it was reported unsupported by the dotnet runtime`);
|
|
188
180
|
}
|
|
189
|
-
|
|
181
|
+
let assemblyVersions = {};
|
|
182
|
+
// Specifically targeting .NET Standard frameworks will not provide any specific runtime assembly information in
|
|
183
|
+
// the published artifacts files, and can thus not be read more precisely than the .deps file will tell us up-front.
|
|
184
|
+
// This probably makes sense when looking at https://dotnet.microsoft.com/en-us/platform/dotnet-standard#versions.
|
|
185
|
+
// As such, we don't generate any runtime assemblies and generate the dependency graph without it.
|
|
186
|
+
if (useFixForImprovedDotnetFalsePositives) {
|
|
187
|
+
if (!decidedTargetFramework.includes('netstandard')) {
|
|
188
|
+
let projectFolder = '';
|
|
189
|
+
// Get the project folder path
|
|
190
|
+
if (projectPath) {
|
|
191
|
+
projectFolder = path.dirname(projectPath);
|
|
192
|
+
}
|
|
193
|
+
// An important failure point here will be a reference to a version of the dotnet SDK that is
|
|
194
|
+
// not installed in the environment. Ex: global.json specifies 6.0.100, but the only version install in the env is 8.0.100
|
|
195
|
+
// https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet#options-for-displaying-environment-information-and-available-commands
|
|
196
|
+
await dotnet.execute(['--version'], projectFolder);
|
|
197
|
+
assemblyVersions = await runtimeAssemblyV2.generateRuntimeAssemblies(projectFolder || safeRoot);
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
else {
|
|
201
|
+
if (!decidedTargetFramework.includes('netstandard')) {
|
|
202
|
+
assemblyVersions =
|
|
203
|
+
runtimeAssembly.generateRuntimeAssemblies(publishedProjectDeps);
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
const depGraph = parser.depParser.parse(resolvedProjectName, projectAssets, publishedProjectDeps, assemblyVersions, useFixForImprovedDotnetFalsePositives);
|
|
190
207
|
results.push({
|
|
191
208
|
dependencyGraph: depGraph,
|
|
192
209
|
targetFramework: decidedTargetFramework,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/nuget-parser/index.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/nuget-parser/index.ts"],"names":[],"mappings":";;AA6HA,wDA8KC;AAED,sDAuFC;AApYD,yBAAyB;AACzB,6BAA6B;AAC7B,wDAAwD;AACxD,qCAAqC;AACrC,iDAAiD;AACjD,iEAAiE;AACjE,sEAAsE;AACtE,2EAA2E;AAC3E,mEAAmE;AACnE,yEAAyE;AACzE,sCAImB;AACnB,mCAQiB;AACjB,uCAAuC;AACvC,yEAAyE;AACzE,2DAA2D;AAC3D,sDAAsD;AAEtD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,MAAM,OAAO,GAAG;IACd,aAAa,EAAE;QACb,SAAS,EAAE,gBAAgB;QAC3B,iBAAiB,EAAE,IAAI;KACxB;IACD,gBAAgB,EAAE;QAChB,SAAS,EAAE,kBAAkB;QAC7B,iBAAiB,EAAE,IAAI;KACxB;IACD,iBAAiB,EAAE;QACjB,SAAS,EAAE,qBAAqB;QAChC,iBAAiB,EAAE,oBAAoB;KACxC;IACD,cAAc,EAAE;QACd,SAAS,EAAE,qBAAqB;QAChC,iBAAiB,EAAE,iBAAiB;KACrC;CACF,CAAC;AAEF,SAAS,iBAAiB,CAAC,cAAc,EAAE,iBAAiB;IAC1D,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,WAAW,CAClB,IAAa,EACb,iBAA0B,EAC1B,iBAA0B;IAE1B,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,iBAAiB,IAAI,EAAE,CAAC,CAAC;IACvE,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO,iBAAiB,GAAG,eAAe,CAAC;IAC7C,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,eAAuB;IAC9C,IAAI,CAAC;QACH,KAAK,CAAC,sBAAsB,eAAe,EAAE,CAAC,CAAC;QAC/C,OAAO,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,IAAI,gCAAuB,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW,EAAE,QAAgB;IACvD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;IAChC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,iGAAiG;QACjG,4CAA4C;QAC5C,6DAA6D;IAC/D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iHAAiH;AACjH,gHAAgH;AAChH,wGAAwG;AACxG,SAAS,wBAAwB,CAAC,GAAW,EAAE,QAAQ;IACrD,IAAI,WAAW,GAAkB,IAAI,CAAC;IAEtC,qCAAqC;IACrC,MAAM,SAAS,GAAG,kBAAkB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpD,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAEtC,yFAAyF;QACzF,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YACzC,SAAS;QACX,CAAC;QAED,sDAAsD;QACtD,MAAM,SAAS,GAAG,wBAAwB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC/D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,WAAW,IAAI,IAAI,CAAC;AAC7B,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,IAAwB,EACxB,UAA8B,EAC9B,YAA0B,EAC1B,4BAAqC,EACrC,qCAA8C,EAC9C,iBAA0B,EAC1B,eAAwB;IAExB,MAAM,QAAQ,GAAG,IAAI,IAAI,GAAG,CAAC;IAC7B,MAAM,cAAc,GAAG,UAAU,IAAI,GAAG,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACzC,MAAM,aAAa,GACjB,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAEpD,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;QACvC,MAAM,IAAI,gCAAuB,CAC/B,0DAA0D,cAAc,qDAAqD,CAC9H,CAAC;IACJ,CAAC;IAED,0GAA0G;IAC1G,wGAAwG;IACxG,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAC3E,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CACrE,CAAC;IAEF,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,gCAAuB,CAC/B,0CAA0C,cAAc,qDAAqD,CAC9G,CAAC;IACJ,CAAC;IAED,IAAI,eAAe,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACnE,OAAO,CAAC,IAAI,CAAC,6DAA6D,eAAe;gEAC7B,gBAAgB,CAAC,IAAI,CAC/E,GAAG,CACJ;6EACwE,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,mBAAmB,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IAEzE,MAAM,2BAA2B,GAC/B,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,CAAC;IAC/C,IACE,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,4BAA4B,EAC5B,CAAC;QACD,IAAI,2BAA2B,EAAE,CAAC;YAChC,mBAAmB,GAAG,2BAA2B,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,KAAK,CACH,4FAA4F,mBAAmB,EAAE,CAClH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,kGAAkG;IAClG,MAAM,uBAAuB,GAAG,eAAe;QAC7C,CAAC,CAAC,CAAC,eAAe,CAAC;QACnB,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE;YACpC,IAAI,CAAC,UAAU,CAAC,8BAA8B,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC1D,OAAO,CAAC,IAAI,CACV,qPAAqP,SAAS,iCAAiC,CAChS,CAAC;gBACF,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IAEP,IAAI,uBAAuB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,6BAAoB,CAC5B,uEAAuE,CACxE,CAAC;IACJ,CAAC;IAED,6DAA6D;IAC7D,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;IAExB,0FAA0F;IAC1F,MAAM,6BAA6B,GAAG,qBAAqB,CAAC,QAAQ,EAAE,CAAC;IACvE,MAAM,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAEpD,yGAAyG;IACzG,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;IAC9D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CACV,mLAAmL,CACpL,CAAC;IACJ,CAAC;IAED,uFAAuF;IACvF,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,sBAAsB,IAAI,uBAAuB,EAAE,CAAC;QAC7D,0HAA0H;QAC1H,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,OAAO;QACrC,gKAAgK;QAChK,WAAW,IAAI,QAAQ,EACvB,sBAAsB,CACvB,CAAC;QAEF,gFAAgF;QAChF,MAAM,QAAQ,GAAG,GAAG,2BAA2B,YAAY,CAAC;QAC5D,MAAM,QAAQ,GAAG,wBAAwB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEhE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,wBAAe,CACvB,oBAAoB,QAAQ,oBAAoB,UAAU,4DAA4D,CACvH,CAAC;QACJ,CAAC;QAED,MAAM,oBAAoB,GAAyB,IAAI,CAAC,KAAK,CAC3D,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC3B,CAAC;QAEF,kHAAkH;QAClH,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,6BAA6B,EAAE;YAC/D,sBAAsB;SACvB,CAAC,CAAC;QACH,MAAM,mBAAmB,GAAwB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,mBAAmB,CAAC,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,6BAAoB,CAC5B,qDAAqD,sBAAsB,qDAAqD,CACjI,CAAC;QACJ,CAAC;QAED,IAAI,gBAAgB,GAAqB,EAAE,CAAC;QAE5C,gHAAgH;QAChH,oHAAoH;QACpH,kHAAkH;QAClH,kGAAkG;QAClG,IAAI,qCAAqC,EAAE,CAAC;YAC1C,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACpD,IAAI,aAAa,GAAW,EAAE,CAAC;gBAC/B,8BAA8B;gBAC9B,IAAI,WAAW,EAAE,CAAC;oBAChB,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;gBAC5C,CAAC;gBACD,6FAA6F;gBAC7F,0HAA0H;gBAC1H,mIAAmI;gBACnI,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,EAAE,aAAa,CAAC,CAAC;gBAEnD,gBAAgB,GAAG,MAAM,iBAAiB,CAAC,yBAAyB,CAClE,aAAa,IAAI,QAAQ,CAC1B,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACpD,gBAAgB;oBACd,eAAe,CAAC,yBAAyB,CAAC,oBAAoB,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CACrC,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,gBAAgB,EAChB,qCAAqC,CACtC,CAAC;QAEF,OAAO,CAAC,IAAI,CAAC;YACX,eAAe,EAAE,QAAQ;YACzB,eAAe,EAAE,sBAAsB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAEM,KAAK,UAAU,qBAAqB,CACzC,IAAwB,EACxB,UAA8B,EAC9B,kBAAsC,EACtC,YAA0B,EAC1B,4BAAqC,EACrC,iBAA0B;IAE1B,MAAM,QAAQ,GAAG,IAAI,IAAI,GAAG,CAAC;IAC7B,MAAM,cAAc,GAAG,UAAU,IAAI,GAAG,CAAC;IACzC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,eAAe,CAAC,eAAe,CAAC,CAAC;IACrD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,iBAAiB,CACtC,kBAAkB,EAClB,iBAAiB,CAClB,CAAC;IAEF,MAAM,IAAI,GAAG;QACX,YAAY,EAAE,EAAE;QAChB,IAAI,EAAE,EAAE;QACR,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,iBAAiB,EAAE,iBAAiB,CAAC;QAC7D,oBAAoB,EAAE,aAAa;QACnC,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,IAAI,gBAAmC,CAAC;IACxC,IAAI,CAAC;QACH,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE,CAAC;YAC9C,gBAAgB;gBACd,YAAY,CAAC,+BAA+B,CAAC,iBAAiB,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,sEAAsE;YACtE,MAAM,0BAA0B,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;YACxE,gBAAgB,GAAG,YAAY,CAAC,+BAA+B,CAC7D,0BAA0B,CAC3B,CAAC;YAEF,+FAA+F;YAC/F,IAAI,gBAAgB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACjC,+CAA+C;gBAC/C,IAAI,YAAY,KAAK,oBAAY,CAAC,eAAe,EAAE,CAAC;oBAClD,MAAM,sBAAsB,GAC1B,MAAM,oBAAoB,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC;oBACpE,IAAI,sBAAsB,EAAE,CAAC;wBAC3B,gBAAgB,GAAG,CAAC,sBAAsB,CAAC,CAAC;oBAC9C,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,mDAAmD;IACnD,4FAA4F;IAC5F,MAAM,eAAe,GACnB,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IACzE,IAAI,CAAC,IAAI,GAAG;QACV,eAAe,EAAE,eAAe;KACjC,CAAC;IAEF,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAEzE,IACE,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,4BAA4B,EAC5B,CAAC;QACD,MAAM,WAAW,GAAG,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,CAAC;QAE5D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,KAAK,CACH,2FAA2F;gBACzF,IAAI,CAAC,IAAI,CACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,CAC3B,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,cAAc,CACf,CAAC;AACJ,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import * as depGraphLib from '@snyk/dep-graph';
|
|
2
2
|
import { AssemblyVersions, ProjectAssets, PublishedProjectDeps } from '../types';
|
|
3
3
|
export declare const FILTERED_DEPENDENCY_PREFIX: string[];
|
|
4
|
-
export declare function parse(projectName: string, projectAssets: ProjectAssets, publishedProjectDeps: PublishedProjectDeps, runtimeAssembly: AssemblyVersions): depGraphLib.DepGraph;
|
|
4
|
+
export declare function parse(projectName: string, projectAssets: ProjectAssets, publishedProjectDeps: PublishedProjectDeps, runtimeAssembly: AssemblyVersions, useFixForImprovedDotnetFalsePositives: boolean): depGraphLib.DepGraph;
|
|
@@ -5,6 +5,7 @@ exports.parse = parse;
|
|
|
5
5
|
const debugModule = require("debug");
|
|
6
6
|
const dep_graph_1 = require("@snyk/dep-graph");
|
|
7
7
|
const errors_1 = require("../../errors");
|
|
8
|
+
const path_1 = require("path");
|
|
8
9
|
const debug = debugModule('snyk');
|
|
9
10
|
// Dependencies that starts with these are discarded
|
|
10
11
|
exports.FILTERED_DEPENDENCY_PREFIX = [
|
|
@@ -15,7 +16,7 @@ exports.FILTERED_DEPENDENCY_PREFIX = [
|
|
|
15
16
|
// dependencies are causing noise for the customers and are not of interested.
|
|
16
17
|
'runtime',
|
|
17
18
|
];
|
|
18
|
-
function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAssembly, visited) {
|
|
19
|
+
function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAssembly, useFixForImprovedDotnetFalsePositives, visited) {
|
|
19
20
|
const parentId = node.type === 'root' ? 'root-node' : `${node.name}@${node.version}`;
|
|
20
21
|
for (const depNode of Object.entries(node.dependencies || {})) {
|
|
21
22
|
const localVisited = visited || new Set();
|
|
@@ -36,11 +37,18 @@ function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAsse
|
|
|
36
37
|
// If we're looking at a runtime assembly version for self-contained dlls, overwrite the dependency version
|
|
37
38
|
// we've found in the graph with those from the runtime assembly, as they take precedence.
|
|
38
39
|
let assemblyVersion = version;
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
40
|
+
if (useFixForImprovedDotnetFalsePositives) {
|
|
41
|
+
if (name in runtimeAssembly) {
|
|
42
|
+
assemblyVersion = runtimeAssembly[name];
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
else {
|
|
46
|
+
// The RuntimeAssembly type contains the name with a .dll suffix, as this is how .NET represents them in the
|
|
47
|
+
// dependency file. This must be stripped in order to match the elements during depGraph construction.
|
|
48
|
+
const dll = `${name}.dll`;
|
|
49
|
+
if (dll in runtimeAssembly) {
|
|
50
|
+
assemblyVersion = runtimeAssembly[dll];
|
|
51
|
+
}
|
|
44
52
|
}
|
|
45
53
|
if (localVisited.has(childId)) {
|
|
46
54
|
const prunedId = `${childId}:pruned`;
|
|
@@ -53,7 +61,7 @@ function recursivelyPopulateNodes(depGraphBuilder, targetDeps, node, runtimeAsse
|
|
|
53
61
|
depGraphBuilder.addPkgNode({ name: childNode.name, version: assemblyVersion }, childId);
|
|
54
62
|
depGraphBuilder.connectDep(parentId, childId);
|
|
55
63
|
localVisited.add(childId);
|
|
56
|
-
recursivelyPopulateNodes(depGraphBuilder, targetDeps, childNode, runtimeAssembly, localVisited);
|
|
64
|
+
recursivelyPopulateNodes(depGraphBuilder, targetDeps, childNode, runtimeAssembly, useFixForImprovedDotnetFalsePositives, localVisited);
|
|
57
65
|
}
|
|
58
66
|
}
|
|
59
67
|
function getRestoredProjectName(publishedProjectDeps, runtimeTarget, projectName) {
|
|
@@ -75,7 +83,7 @@ function extractLocalProjects(libs) {
|
|
|
75
83
|
function getDllName(depName) {
|
|
76
84
|
return `${depName}.dll`;
|
|
77
85
|
}
|
|
78
|
-
function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly) {
|
|
86
|
+
function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly, useFixForImprovedDotnetFalsePositives) {
|
|
79
87
|
const depGraphBuilder = new dep_graph_1.DepGraphBuilder({ name: 'nuget' }, {
|
|
80
88
|
name: projectName,
|
|
81
89
|
version: projectAssets.project.version,
|
|
@@ -93,7 +101,9 @@ function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAss
|
|
|
93
101
|
// What `dotnet` wants to call this project is not always the same as what Snyk wants to call it, and the version
|
|
94
102
|
// postfix is not the same as what's defined in `project.assets.json` due to NuGet version normalization, which is
|
|
95
103
|
// not applied during publish, only during restore. So we have to rely on the fact that the name is enough.
|
|
96
|
-
const
|
|
104
|
+
const csprojPath = projectAssets.project.restore.projectUniqueName;
|
|
105
|
+
const csprojFileName = (0, path_1.basename)(csprojPath, (0, path_1.extname)(csprojPath));
|
|
106
|
+
const restoreProjectName = getRestoredProjectName(publishedProjectDeps, runtimeTarget, csprojFileName) ||
|
|
97
107
|
// Last attempt to find the target using the .csproj filename.
|
|
98
108
|
// <PackageId> property overrides most of the naming when restoring, but when publishing, the actual filename is used as the target.
|
|
99
109
|
getRestoredProjectName(publishedProjectDeps, runtimeTarget, projectName);
|
|
@@ -113,39 +123,42 @@ function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAss
|
|
|
113
123
|
type: 'root',
|
|
114
124
|
dependencies: topLevelDepPackages,
|
|
115
125
|
};
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
const
|
|
125
|
-
|
|
126
|
-
runtimeAssembly[dllName]
|
|
126
|
+
if (!useFixForImprovedDotnetFalsePositives) {
|
|
127
|
+
// runtimeAssembly doesn't have entries if the target framework is `netstandard`
|
|
128
|
+
if (Object.keys(runtimeAssembly).length > 0) {
|
|
129
|
+
const localPackagesNames = extractLocalProjects(publishedProjectDeps.libraries);
|
|
130
|
+
const targets = publishedProjectDeps.targets[runtimeTarget];
|
|
131
|
+
// Overwriting the runtime versions with the values used in local projects.
|
|
132
|
+
for (const pgkName of localPackagesNames) {
|
|
133
|
+
if (targets[pgkName]?.dependencies) {
|
|
134
|
+
for (const [key, value] of Object.entries(targets[pgkName].dependencies)) {
|
|
135
|
+
const dllName = getDllName(key);
|
|
136
|
+
if (runtimeAssembly[dllName]) {
|
|
137
|
+
runtimeAssembly[dllName] = value;
|
|
138
|
+
}
|
|
127
139
|
}
|
|
128
140
|
}
|
|
129
141
|
}
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
142
|
+
// Overwriting the runtime versions with the values used in fetched packages.
|
|
143
|
+
for (const [key, value] of Object.entries(targets)) {
|
|
144
|
+
if (value && Object.keys(value).length === 0) {
|
|
145
|
+
const [depName, depVersion] = key.split('/');
|
|
146
|
+
const dllName = getDllName(depName);
|
|
147
|
+
// NuGet’s dependency resolution mechanism will choose the higher available version.
|
|
148
|
+
if (runtimeAssembly[dllName] &&
|
|
149
|
+
depVersion > runtimeAssembly[dllName]) {
|
|
150
|
+
runtimeAssembly[dllName] = depVersion;
|
|
151
|
+
}
|
|
139
152
|
}
|
|
140
153
|
}
|
|
141
154
|
}
|
|
142
155
|
}
|
|
143
|
-
recursivelyPopulateNodes(depGraphBuilder, targetDependencies, rootNode, runtimeAssembly);
|
|
156
|
+
recursivelyPopulateNodes(depGraphBuilder, targetDependencies, rootNode, runtimeAssembly, useFixForImprovedDotnetFalsePositives);
|
|
144
157
|
return depGraphBuilder.build();
|
|
145
158
|
}
|
|
146
|
-
function parse(projectName, projectAssets, publishedProjectDeps, runtimeAssembly) {
|
|
159
|
+
function parse(projectName, projectAssets, publishedProjectDeps, runtimeAssembly, useFixForImprovedDotnetFalsePositives) {
|
|
147
160
|
debug('Trying to parse .net core manifest with v2 depGraph builder');
|
|
148
|
-
const result = buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly);
|
|
161
|
+
const result = buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAssembly, useFixForImprovedDotnetFalsePositives);
|
|
149
162
|
return result;
|
|
150
163
|
}
|
|
151
164
|
//# sourceMappingURL=dotnet-core-v2-parser.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;AAyQA,sBAiBC;AA1RD,qCAAqC;AAErC,+CAAkD;AAMlD,yCAAoD;AACpD,+BAAyC;AAEzC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAYlC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,UAAyC,EACzC,IAAmB,EACnB,eAAiC,EACjC,qCAA8C,EAC9C,OAAqB;IAErB,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;IAEtE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,IAAI,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE3B,gHAAgH;QAChH,+FAA+F;QAC/F,IAAI,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACzE,KAAK,CAAC,GAAG,IAAI,kDAAkD,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG;YAChB,GAAG,UAAU,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;YACnC,IAAI;YACJ,OAAO;SACR,CAAC;QAEF,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QAEzD,2GAA2G;QAC3G,0FAA0F;QAC1F,IAAI,eAAe,GAAG,OAAO,CAAC;QAE9B,IAAI,qCAAqC,EAAE,CAAC;YAC1C,IAAI,IAAI,IAAI,eAAe,EAAE,CAAC;gBAC5B,eAAe,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,4GAA4G;YAC5G,sGAAsG;YACtG,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;YAC1B,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;gBAC3B,eAAe,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,wBAAwB,CACtB,eAAe,EACf,UAAU,EACV,SAAS,EACT,eAAe,EACf,qCAAqC,EACrC,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,oBAA0C,EAC1C,aAAqB,EACrB,WAAmB;IAEnB,OAAO,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACzE,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAC1B,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAyB;IACrD,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,sFAAsF;YACtF,uHAAuH;YACvH,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACpE,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,GAAG,OAAO,MAAM,CAAC;AAC1B,CAAC;AAED,SAAS,UAAU,CACjB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC,EACjC,qCAA8C;IAE9C,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,iHAAiH;IACjH,qDAAqD;IACrD,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAC,IAAI,CAAC;IAE9D,oFAAoF;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,6BAAoB,CAC5B,2HAA2H,CAC5H,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,aAAa,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,6BAAoB,CAC5B,MAAM,aAAa,sDAAsD,CAC1E,CAAC;IACJ,CAAC;IAED,iHAAiH;IACjH,kHAAkH;IAClH,2GAA2G;IAC3G,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC;IACnE,MAAM,cAAc,GAAG,IAAA,eAAQ,EAAC,UAAU,EAAE,IAAA,cAAO,EAAC,UAAU,CAAC,CAAC,CAAC;IACjE,MAAM,kBAAkB,GACtB,sBAAsB,CACpB,oBAAoB,EACpB,aAAa,EACb,cAAc,CACf;QACD,8DAA8D;QAC9D,oIAAoI;QACpI,sBAAsB,CAAC,oBAAoB,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;IAE3E,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,6BAAoB,CAC5B,8BAA8B,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,OAAO,WAAW,aAAa,aAAa,qCAAqC,CACzJ,CAAC;IACJ,CAAC;IAED,6GAA6G;IAC7G,+CAA+C;IAC/C,MAAM,mBAAmB,GACvB,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,kBAAkB,CAAC;SAC5D,YAAY,CAAC;IAElB,mHAAmH;IACnH,MAAM,kBAAkB,GAAkC,MAAM,CAAC,OAAO,CACtE,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAC5C,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACtB,MAAM,CAAC,eAAe,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;QACrC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC;IAC5C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,mBAAmB;KACjB,CAAC;IAEnB,IAAI,CAAC,qCAAqC,EAAE,CAAC;QAC3C,gFAAgF;QAChF,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,MAAM,kBAAkB,GAAG,oBAAoB,CAC7C,oBAAoB,CAAC,SAAS,CAC/B,CAAC;YAEF,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAE5D,2EAA2E;YAC3E,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;gBACzC,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;oBACnC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CACvC,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,CAC9B,EAAE,CAAC;wBACF,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;wBAChC,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC7B,eAAe,CAAC,OAAO,CAAC,GAAG,KAAe,CAAC;wBAC7C,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,6EAA6E;YAC7E,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,IAAI,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC7C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;oBACpC,oFAAoF;oBACpF,IACE,eAAe,CAAC,OAAO,CAAC;wBACxB,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,EACrC,CAAC;wBACD,eAAe,CAAC,OAAO,CAAC,GAAG,UAAoB,CAAC;oBAClD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wBAAwB,CACtB,eAAe,EACf,kBAAkB,EAClB,QAAQ,EACR,eAAe,EACf,qCAAqC,CACtC,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC,EACjC,qCAA8C;IAE9C,KAAK,CAAC,6DAA6D,CAAC,CAAC;IAErE,MAAM,MAAM,GAAG,UAAU,CACvB,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,eAAe,EACf,qCAAqC,CACtC,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.generateRuntimeAssemblies = generateRuntimeAssemblies;
|
|
4
|
+
const errors_1 = require("../errors");
|
|
5
|
+
const debugModule = require("debug");
|
|
6
|
+
const dotnet = require("./cli/dotnet");
|
|
7
|
+
const fs = require("fs");
|
|
8
|
+
const path = require("path");
|
|
9
|
+
const debug = debugModule('snyk');
|
|
10
|
+
const DOTNET_DEPS_JSON = 'dotnet.deps.json';
|
|
11
|
+
const PACKAGE_OVERRIDES_FILE = 'data/PackageOverrides.txt';
|
|
12
|
+
const PACKS_PATH = '/packs/Microsoft.NETCore.App.Ref/';
|
|
13
|
+
// Relying on dotnet to fetch the right version that the project will use.
|
|
14
|
+
// Details: https://learn.microsoft.com/en-us/dotnet/core/versions/selection#the-sdk-uses-the-latest-installed-version
|
|
15
|
+
// And here: https://learn.microsoft.com/en-us/dotnet/core/tools/global-json#matching-rules
|
|
16
|
+
async function extractSdkInfo(projectPath) {
|
|
17
|
+
const infoOutput = await dotnet.execute(['--info'], projectPath);
|
|
18
|
+
const regex = /Version:\s*([\d.]+).*?\.NET SDKs installed:\s*([\s\S]*?)(?:\n\s*\1\s+\[(.*?)\])/s;
|
|
19
|
+
const match = infoOutput.match(regex);
|
|
20
|
+
if (!match) {
|
|
21
|
+
throw new errors_1.CliCommandError(`Could not fetch details about the dotnet SDK. Cannot continue without it.
|
|
22
|
+
Dotnet info output: ${infoOutput}`);
|
|
23
|
+
}
|
|
24
|
+
return { sdkVersion: match[1], sdkPath: match[3] };
|
|
25
|
+
}
|
|
26
|
+
function findLatestMatchingVersion(input, sdkVersion) {
|
|
27
|
+
const majorSdkVersion = sdkVersion.split('.')[0];
|
|
28
|
+
const regex = new RegExp(`Microsoft\\.NETCore\\.App ${majorSdkVersion}\\.(\\d+\\.\\d+) \\[`, 'g');
|
|
29
|
+
let lastMatchVersion = null;
|
|
30
|
+
let match;
|
|
31
|
+
while ((match = regex.exec(input)) !== null) {
|
|
32
|
+
lastMatchVersion = `${majorSdkVersion}.${match[1]}`;
|
|
33
|
+
}
|
|
34
|
+
if (!lastMatchVersion) {
|
|
35
|
+
throw new errors_1.CliCommandError(`Could not fetch details about the dotnet runtime. Cannot continue without it.
|
|
36
|
+
Dotnet list-runtimes output: ${input}`);
|
|
37
|
+
}
|
|
38
|
+
return lastMatchVersion;
|
|
39
|
+
}
|
|
40
|
+
// The Nuget dependency resolution rule of lowest applicable version
|
|
41
|
+
// (see https://learn.microsoft.com/en-us/nuget/concepts/dependency-resolution#lowest-applicable-version)
|
|
42
|
+
// does not apply to runtime dependencies. If you resolve a dependency graph of some package, that depends on
|
|
43
|
+
// System.Http.Net 4.0.0, you might still very well end up using System.Http.Net 7.0.0 if you are running your
|
|
44
|
+
// executable on .net7.0.
|
|
45
|
+
// The libraries and package overrides defined in the current sdk will give a good estimate of what runtime dependencies are going to be used,
|
|
46
|
+
// so we inspect that for information.
|
|
47
|
+
// See https://natemcmaster.com/blog/2017/12/21/netcore-primitives/ for a good overview.
|
|
48
|
+
// And https://github.com/dotnet/sdk/blob/main/documentation/specs/runtime-configuration-file.md for the official
|
|
49
|
+
// explanation of what the `deps.json` file is doing that we are traversing.
|
|
50
|
+
async function generateRuntimeAssemblies(projectPath) {
|
|
51
|
+
debug(`Extracting runtime assemblies`);
|
|
52
|
+
const runtimeAssemblyVersions = {};
|
|
53
|
+
const { sdkVersion, sdkPath } = await extractSdkInfo(projectPath);
|
|
54
|
+
try {
|
|
55
|
+
const sdkDataPath = `${sdkPath}/${sdkVersion}/${DOTNET_DEPS_JSON}`;
|
|
56
|
+
const sdkData = fs.readFileSync(sdkDataPath, 'utf-8');
|
|
57
|
+
const assemblies = JSON.parse(sdkData);
|
|
58
|
+
for (const [assemblyName, value] of Object.entries(assemblies.libraries)) {
|
|
59
|
+
// We're only insterested in packages that are part of the NuGet Gallery
|
|
60
|
+
// https://github.com/dotnet/sdk/blob/main/documentation/specs/runtime-configuration-file.md#libraries-section-depsjson
|
|
61
|
+
if (value.serviceable && value.sha512) {
|
|
62
|
+
const [name, version] = assemblyName.split('/');
|
|
63
|
+
runtimeAssemblyVersions[name] = version;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
catch (err) {
|
|
68
|
+
throw new errors_1.FileNotProcessableError(`Failed to process dotnet.deps.json, error: ${err}`);
|
|
69
|
+
}
|
|
70
|
+
const localRuntimes = await dotnet.execute(['--list-runtimes'], projectPath);
|
|
71
|
+
const runtimeVersion = findLatestMatchingVersion(localRuntimes, sdkVersion);
|
|
72
|
+
try {
|
|
73
|
+
const overridesPath = `${path.dirname(sdkPath)}${PACKS_PATH}${runtimeVersion}/${PACKAGE_OVERRIDES_FILE}`;
|
|
74
|
+
const overridesAssemblies = fs.readFileSync(overridesPath, 'utf-8');
|
|
75
|
+
for (const pkg of overridesAssemblies.split('\n')) {
|
|
76
|
+
if (pkg) {
|
|
77
|
+
const [name, version] = pkg.split('|');
|
|
78
|
+
// Trim any carriage return
|
|
79
|
+
runtimeAssemblyVersions[name] = version.trim();
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
catch (err) {
|
|
84
|
+
throw new errors_1.FileNotProcessableError(`Failed to read PackageOverrides.txt, error: ${err}`);
|
|
85
|
+
}
|
|
86
|
+
if (Object.keys(runtimeAssemblyVersions).length === 0) {
|
|
87
|
+
throw new errors_1.FileNotProcessableError('Runtime assembly versions collection is empty');
|
|
88
|
+
}
|
|
89
|
+
debug(`Finished extracting runtime assemblies`);
|
|
90
|
+
return runtimeAssemblyVersions;
|
|
91
|
+
}
|
|
92
|
+
//# sourceMappingURL=runtime-assembly-v2.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"runtime-assembly-v2.js","sourceRoot":"","sources":["../../lib/nuget-parser/runtime-assembly-v2.ts"],"names":[],"mappings":";;AAsEA,8DAsDC;AA3HD,sCAAqE;AACrE,qCAAqC;AACrC,uCAAuC;AACvC,yBAAyB;AACzB,6BAA6B;AAE7B,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAOlC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AAC5C,MAAM,sBAAsB,GAAG,2BAA2B,CAAC;AAC3D,MAAM,UAAU,GAAG,mCAAmC,CAAC;AAEvD,0EAA0E;AAC1E,sHAAsH;AACtH,2FAA2F;AAC3F,KAAK,UAAU,cAAc,CAAC,WAAmB;IAC/C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC;IACjE,MAAM,KAAK,GACT,kFAAkF,CAAC;IACrF,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEtC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,wBAAe,CACvB;4BACsB,UAAU,EAAE,CACnC,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAa,EAAE,UAAkB;IAClE,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,6BAA6B,eAAe,sBAAsB,EAClE,GAAG,CACJ,CAAC;IACF,IAAI,gBAAgB,GAAkB,IAAI,CAAC;IAC3C,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,gBAAgB,GAAG,GAAG,eAAe,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACtD,CAAC;IAED,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,wBAAe,CACvB;qCAC+B,KAAK,EAAE,CACvC,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,oEAAoE;AACpE,yGAAyG;AACzG,6GAA6G;AAC7G,8GAA8G;AAC9G,yBAAyB;AACzB,8IAA8I;AAC9I,sCAAsC;AACtC,wFAAwF;AACxF,iHAAiH;AACjH,4EAA4E;AACrE,KAAK,UAAU,yBAAyB,CAC7C,WAAmB;IAEnB,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAEvC,MAAM,uBAAuB,GAAqB,EAAE,CAAC;IAErD,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,CAAC;IAClE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,GAAG,OAAO,IAAI,UAAU,IAAI,gBAAgB,EAAE,CAAC;QACnE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACtD,MAAM,UAAU,GAAyB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE7D,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACzE,wEAAwE;YACxE,uHAAuH;YACvH,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAChD,uBAAuB,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,gCAAuB,CAC/B,8CAA8C,GAAG,EAAE,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,iBAAiB,CAAC,EAAE,WAAW,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,yBAAyB,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IAE5E,IAAI,CAAC;QACH,MAAM,aAAa,GAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,UAAU,GAAG,cAAc,IAAI,sBAAsB,EAAE,CAAC;QACjH,MAAM,mBAAmB,GAAW,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC5E,KAAK,MAAM,GAAG,IAAI,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvC,2BAA2B;gBAC3B,uBAAuB,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,gCAAuB,CAC/B,+CAA+C,GAAG,EAAE,CACrD,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,gCAAuB,CAC/B,+CAA+C,CAChD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAChD,OAAO,uBAAuB,CAAC;AACjC,CAAC"}
|
package/package.json
CHANGED