snyk-nuget-plugin 4.1.1 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js
CHANGED
|
@@ -54,6 +54,11 @@ async function inspect(root, targetFile, options) {
|
|
|
54
54
|
options.strict)
|
|
55
55
|
.then(createPackageTree);
|
|
56
56
|
}
|
|
57
|
+
if (options.cliDotnetRuntimeResolutionEnabled &&
|
|
58
|
+
manifestType === types_1.ManifestType.DOTNET_CORE &&
|
|
59
|
+
options['dotnet-runtime-resolution'] === undefined) {
|
|
60
|
+
options['dotnet-runtime-resolution'] = true;
|
|
61
|
+
}
|
|
57
62
|
if (options['dotnet-target-framework'] &&
|
|
58
63
|
!options['dotnet-runtime-resolution']) {
|
|
59
64
|
return Promise.reject(new errors_1.CliCommandError('target framework flag is currently only supported when also scanning with runtime resolution using the `--dotnet-runtime-resolution` flag'));
|
|
@@ -62,11 +67,6 @@ async function inspect(root, targetFile, options) {
|
|
|
62
67
|
if (manifestType !== types_1.ManifestType.DOTNET_CORE) {
|
|
63
68
|
return Promise.reject(new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions 6 and higher, all versions of .NET Core and all versions of .NET Standard projects. Supplied project type was parsed as ${manifestType}.`));
|
|
64
69
|
}
|
|
65
|
-
console.warn(`
|
|
66
|
-
\x1b[33m⚠ WARNING\x1b[0m: Testing a .NET project with runtime resolution enabled.
|
|
67
|
-
This should be considered experimental and not relied upon for production use.
|
|
68
|
-
Please report issues with this beta feature by submitting a support case, and attach the output of running this command
|
|
69
|
-
with the debug (-d) flag at \x1b[4mhttp://support.snyk.io\x1b[0m.`);
|
|
70
70
|
const results = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], options['project-name-prefix'], options['dotnet-target-framework']);
|
|
71
71
|
// Construct a MultiProjectResult to send to either the CLI or the SCM scanner.
|
|
72
72
|
const multiProjectResult = {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;AAkCA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../lib/index.ts"],"names":[],"mappings":";;AAkCA,0BA6GC;AA/ID,8CAA8C;AAC9C,6BAA6B;AAC7B,iDAAiD;AACjD,gDAAoD;AAEpD,qCAIkB;AAGlB,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACpC,OAAO,oBAAY,CAAC,YAAY,CAAC;QACnC,CAAC;QACD,KAAK,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC3C,OAAO,oBAAY,CAAC,WAAW,CAAC;QAClC,CAAC;QACD,KAAK,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACvC,OAAO,oBAAY,CAAC,eAAe,CAAC;QACtC,CAAC;QACD,KAAK,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC1C,OAAO,oBAAY,CAAC,KAAK,CAAC;QAC5B,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,IAAI,0BAAiB,CACzB,wCAAwC,GAAG,QAAQ,CACpD,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,IAAI,EACJ,UAAU,EACV,OAAQ;IAER,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IACxB,IAAI,YAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAiC,EAAE;QACnE,MAAM,eAAe,GAAG,OAAO,CAAC,IAAI;YAClC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe;YAC9B,CAAC,CAAC,SAAS,CAAC;QACd,OAAO,OAAO,CAAC,IAAI,CAAC;QACpB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;gBACV,aAAa,EAAE,eAAe;aAC/B;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,IAAI,YAAY,KAAK,oBAAY,CAAC,KAAK,EAAE,CAAC;QACxC,OAAO,WAAW;aACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC,EACjD,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,gDAAgD;QACvF,OAAO,CAAC,MAAM,CACf;aACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC7B,CAAC;IAED,IACE,OAAO,CAAC,iCAAiC;QACzC,YAAY,KAAK,oBAAY,CAAC,WAAW;QACzC,OAAO,CAAC,2BAA2B,CAAC,KAAK,SAAS,EAClD,CAAC;QACD,OAAO,CAAC,2BAA2B,CAAC,GAAG,IAAI,CAAC;IAC9C,CAAC;IAED,IACE,OAAO,CAAC,yBAAyB,CAAC;QAClC,CAAC,OAAO,CAAC,2BAA2B,CAAC,EACrC,CAAC;QACD,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,wBAAe,CACjB,2IAA2I,CAC5I,CACF,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,2BAA2B,CAAC,EAAE,CAAC;QACzC,IAAI,YAAY,KAAK,oBAAY,CAAC,WAAW,EAAE,CAAC;YAC9C,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,gCAAuB,CACzB,kMAAkM,YAAY,GAAG,CAClN,CACF,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,sBAAsB,CACtD,IAAI,EACJ,UAAU,EACV,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,yBAAyB,CAAC,CACnC,CAAC;QAEF,+EAA+E;QAC/E,MAAM,kBAAkB,GAAuB;YAC7C,MAAM,EAAE;gBACN,IAAI,EAAE,mBAAmB;gBACzB,UAAU;aACX;YACD,eAAe,EAAE,EAAE;SACpB,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,kBAAkB,CAAC,eAAe,CAAC,IAAI,CAAC;gBACtC,UAAU,EAAE,UAAU;gBACtB,QAAQ,EAAE,MAAM,CAAC,eAAe;gBAChC,IAAI,EAAE;oBACJ,aAAa,EAAE,MAAM,CAAC,eAAe;iBACtC;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,OAAO,WAAW;SACf,qBAAqB,CACpB,IAAI,EACJ,UAAU,EACV,OAAO,CAAC,cAAc,EACtB,YAAY,EACZ,OAAO,CAAC,qBAAqB,CAAC,EAC9B,OAAO,CAAC,qBAAqB,CAAC,CAC/B;SACA,IAAI,CAAC,iBAAiB,CAAC,CAAC;AAC7B,CAAC"}
|
|
@@ -4,6 +4,7 @@ type SdkInfo = {
|
|
|
4
4
|
};
|
|
5
5
|
export declare const PACKAGE_OVERRIDES_FILE = "data/PackageOverrides.txt";
|
|
6
6
|
export declare const PACKS_PATH = "/packs/Microsoft.NETCore.App.Ref/";
|
|
7
|
+
export declare function parseSdkInfoFromDotnetOutput(infoOutput: string): SdkInfo;
|
|
7
8
|
export declare function extractSdkInfo(projectPath: string): Promise<SdkInfo>;
|
|
8
9
|
export declare function findLatestMatchingVersion(input: string, sdkVersion: string): string;
|
|
9
10
|
export {};
|
|
@@ -1,24 +1,28 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.PACKS_PATH = exports.PACKAGE_OVERRIDES_FILE = void 0;
|
|
4
|
+
exports.parseSdkInfoFromDotnetOutput = parseSdkInfoFromDotnetOutput;
|
|
4
5
|
exports.extractSdkInfo = extractSdkInfo;
|
|
5
6
|
exports.findLatestMatchingVersion = findLatestMatchingVersion;
|
|
6
7
|
const errors_1 = require("../errors");
|
|
7
8
|
const dotnet = require("./cli/dotnet");
|
|
8
9
|
exports.PACKAGE_OVERRIDES_FILE = 'data/PackageOverrides.txt';
|
|
9
10
|
exports.PACKS_PATH = '/packs/Microsoft.NETCore.App.Ref/';
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
// And here: https://learn.microsoft.com/en-us/dotnet/core/tools/global-json#matching-rules
|
|
13
|
-
async function extractSdkInfo(projectPath) {
|
|
14
|
-
const infoOutput = await dotnet.execute(['--info'], projectPath);
|
|
15
|
-
const regex = /Version:\s*([\d.]+).*?\.NET SDKs installed:\s*([\s\S]*?)(?:\n\s*\1\s+\[(.*?)\])/s;
|
|
11
|
+
function parseSdkInfoFromDotnetOutput(infoOutput) {
|
|
12
|
+
const regex = /Version:\s*(\d+)\.[\d.]+.*?\.NET SDKs installed:\s*([\s\S]*?)(?:\n\s*\1\.([\d.]+)\s+\[([^\]]*)\])/s;
|
|
16
13
|
const match = infoOutput.match(regex);
|
|
17
14
|
if (!match) {
|
|
18
15
|
throw new errors_1.CliCommandError(`Could not fetch details about the dotnet SDK. Cannot continue without it.
|
|
19
16
|
Dotnet info output: ${infoOutput}`);
|
|
20
17
|
}
|
|
21
|
-
return { sdkVersion: match[1]
|
|
18
|
+
return { sdkVersion: `${match[1]}.${match[3]}`, sdkPath: match[4] };
|
|
19
|
+
}
|
|
20
|
+
// Relying on dotnet to fetch the right version that the project will use.
|
|
21
|
+
// Details: https://learn.microsoft.com/en-us/dotnet/core/versions/selection#the-sdk-uses-the-latest-installed-version
|
|
22
|
+
// And here: https://learn.microsoft.com/en-us/dotnet/core/tools/global-json#matching-rules
|
|
23
|
+
async function extractSdkInfo(projectPath) {
|
|
24
|
+
const infoOutput = await dotnet.execute(['--info'], projectPath);
|
|
25
|
+
return parseSdkInfoFromDotnetOutput(infoOutput);
|
|
22
26
|
}
|
|
23
27
|
function findLatestMatchingVersion(input, sdkVersion) {
|
|
24
28
|
const majorSdkVersion = sdkVersion.split('.')[0];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime-assembly-v2.js","sourceRoot":"","sources":["../../lib/nuget-parser/runtime-assembly-v2.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"runtime-assembly-v2.js","sourceRoot":"","sources":["../../lib/nuget-parser/runtime-assembly-v2.ts"],"names":[],"mappings":";;;AAWA,oEAaC;AAKD,wCAGC;AAED,8DAwBC;AA1DD,sCAA4C;AAC5C,uCAAuC;AAO1B,QAAA,sBAAsB,GAAG,2BAA2B,CAAC;AACrD,QAAA,UAAU,GAAG,mCAAmC,CAAC;AAE9D,SAAgB,4BAA4B,CAAC,UAAkB;IAC7D,MAAM,KAAK,GACT,oGAAoG,CAAC;IACvG,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEtC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,wBAAe,CACvB;4BACsB,UAAU,EAAE,CACnC,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACtE,CAAC;AAED,0EAA0E;AAC1E,sHAAsH;AACtH,2FAA2F;AACpF,KAAK,UAAU,cAAc,CAAC,WAAmB;IACtD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC;IACjE,OAAO,4BAA4B,CAAC,UAAU,CAAC,CAAC;AAClD,CAAC;AAED,SAAgB,yBAAyB,CACvC,KAAa,EACb,UAAkB;IAElB,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,6BAA6B,eAAe,sBAAsB,EAClE,GAAG,CACJ,CAAC;IACF,IAAI,gBAAgB,GAAkB,IAAI,CAAC;IAC3C,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,gBAAgB,GAAG,GAAG,eAAe,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACtD,CAAC;IAED,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,wBAAe,CACvB;qCAC+B,KAAK,EAAE,CACvC,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC"}
|
package/package.json
CHANGED