npm run prepare

This commit is contained in:
Chad Bentz
2023-05-05 00:47:37 -04:00
parent eea402190d
commit cdeac4436f
2 changed files with 252 additions and 251 deletions
Generated Vendored
+251 -250
View File
@@ -23274,195 +23274,196 @@ function wrappy (fn, cb) {
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
const github = __importStar(__nccwpck_require__(5438));
const core = __importStar(__nccwpck_require__(2186));
const dependency_submission_toolkit_1 = __nccwpck_require__(9810);
const cross_fetch_1 = __importDefault(__nccwpck_require__(9805));
const fs_1 = __importDefault(__nccwpck_require__(7147));
const exec = __importStar(__nccwpck_require__(1514));
const dotenv_1 = __importDefault(__nccwpck_require__(2437));
dotenv_1.default.config();
class ComponentDetection {
// This is the default entry point for this class.
static scanAndGetManifests(path) {
return __awaiter(this, void 0, void 0, function* () {
yield this.downloadLatestRelease();
yield this.runComponentDetection(path);
return yield this.getManifestsFromResults();
});
}
// Get the latest release from the component-detection repo, download the tarball, and extract it
static downloadLatestRelease() {
return __awaiter(this, void 0, void 0, function* () {
try {
core.debug("Downloading latest release");
const downloadURL = yield this.getLatestReleaseURL();
const blob = yield (yield (0, cross_fetch_1.default)(new URL(downloadURL))).blob();
const arrayBuffer = yield blob.arrayBuffer();
const buffer = Buffer.from(arrayBuffer);
// Write the blob to a file
core.debug("Writing binary to file");
yield fs_1.default.writeFileSync(this.componentDetectionPath, buffer, { mode: 0o777, flag: 'w' });
}
catch (error) {
core.error(error);
}
});
}
// Run the component-detection CLI on the path specified
static runComponentDetection(path) {
return __awaiter(this, void 0, void 0, function* () {
core.info("Running component-detection");
try {
yield exec.exec(`${this.componentDetectionPath} scan --SourceDirectory ${path} --ManifestFile ${this.outputPath} ${this.getComponentDetectionParameters()}`);
}
catch (error) {
core.error(error);
}
});
}
static getComponentDetectionParameters() {
var parameters = "";
parameters += (core.getInput('directoryExclusionList')) ? ` --DirectoryExclusionList ${core.getInput('directoryExclusionList')}` : "";
parameters += (core.getInput('detectorArgs')) ? ` --DetectorArgs ${core.getInput('detectorArgs')}` : "";
parameters += (core.getInput('detectorsFilter')) ? ` --DetectorsFilter ${core.getInput('detectorsFilter')}` : "";
parameters += (core.getInput('dockerImagesToScan')) ? ` --DockerImagesToScan ${core.getInput('dockerImagesToScan')}` : "";
return parameters;
}
static getManifestsFromResults() {
return __awaiter(this, void 0, void 0, function* () {
core.info("Getting manifests from results");
// Parse the result file and add the packages to the package cache
const packageCache = new dependency_submission_toolkit_1.PackageCache();
const packages = [];
const results = yield fs_1.default.readFileSync(this.outputPath, 'utf8');
var json = JSON.parse(results);
json.componentsFound.forEach((component) => __awaiter(this, void 0, void 0, function* () {
const packageUrl = ComponentDetection.makePackageUrl(component.component.packageUrl);
if (!packageCache.hasPackage(packageUrl)) {
const pkg = new ComponentDetectionPackage(packageUrl, component.component.id, component.isDevelopmentDependency, component.topLevelReferrers, component.locationsFoundAt, component.containerDetailIds, component.containerLayerIds);
packageCache.addPackage(pkg);
packages.push(pkg);
}
}));
// Set the transitive dependencies
core.debug("Sorting out transitive dependencies");
packages.forEach((pkg) => __awaiter(this, void 0, void 0, function* () {
pkg.topLevelReferrers.forEach((referrer) => __awaiter(this, void 0, void 0, function* () {
const referrerPackage = packageCache.lookupPackage(ComponentDetection.makePackageUrl(referrer.packageUrl));
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
}));
}));
// Create manifests
const manifests = [];
// Check the locationsFoundAt for every package and add each as a manifest
packages.forEach((pkg) => __awaiter(this, void 0, void 0, function* () {
pkg.locationsFoundAt.forEach((location) => __awaiter(this, void 0, void 0, function* () {
var _a, _b;
if (!manifests.find((manifest) => manifest.name == location)) {
const manifest = new dependency_submission_toolkit_1.Manifest(location, location);
manifests.push(manifest);
}
if (pkg.topLevelReferrers.length == 0) {
(_a = manifests.find((manifest) => manifest.name == location)) === null || _a === void 0 ? void 0 : _a.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
else {
(_b = manifests.find((manifest) => manifest.name == location)) === null || _b === void 0 ? void 0 : _b.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
}));
}));
return manifests;
});
}
static getDependencyScope(pkg) {
return pkg.isDevelopmentDependency ? 'development' : 'runtime';
}
static makePackageUrl(packageUrlJson) {
var packageUrl = `${packageUrlJson.Scheme}:${packageUrlJson.Type}/`;
if (packageUrlJson.Namespace) {
packageUrl += `${packageUrlJson.Namespace.replaceAll("@", "%40")}/`;
}
packageUrl += `${packageUrlJson.Name.replaceAll("@", "%40")}`;
if (packageUrlJson.Version) {
packageUrl += `@${packageUrlJson.Version}`;
}
if (packageUrlJson.Qualifiers) {
packageUrl += `?${packageUrlJson.Qualifiers}`;
}
return packageUrl;
}
static getLatestReleaseURL() {
return __awaiter(this, void 0, void 0, function* () {
const githubToken = core.getInput('token') || process.env.GITHUB_TOKEN || "";
const octokit = github.getOctokit(githubToken);
const owner = "microsoft";
const repo = "component-detection";
const latestRelease = yield octokit.rest.repos.getLatestRelease({
owner, repo
});
var downloadURL = "";
latestRelease.data.assets.forEach((asset) => {
if (asset.name === "component-detection-linux-x64") {
downloadURL = asset.browser_download_url;
}
});
return downloadURL;
});
}
}
exports["default"] = ComponentDetection;
ComponentDetection.componentDetectionPath = './component-detection';
ComponentDetection.outputPath = './output.json';
class ComponentDetectionPackage extends dependency_submission_toolkit_1.Package {
constructor(packageUrl, id, isDevelopmentDependency, topLevelReferrers, locationsFoundAt, containerDetailIds, containerLayerIds) {
super(packageUrl);
this.id = id;
this.isDevelopmentDependency = isDevelopmentDependency;
this.topLevelReferrers = topLevelReferrers;
this.locationsFoundAt = locationsFoundAt;
this.containerDetailIds = containerDetailIds;
this.containerLayerIds = containerLayerIds;
}
}
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
const github = __importStar(__nccwpck_require__(5438));
const core = __importStar(__nccwpck_require__(2186));
const dependency_submission_toolkit_1 = __nccwpck_require__(9810);
const cross_fetch_1 = __importDefault(__nccwpck_require__(9805));
const fs_1 = __importDefault(__nccwpck_require__(7147));
const exec = __importStar(__nccwpck_require__(1514));
const dotenv_1 = __importDefault(__nccwpck_require__(2437));
dotenv_1.default.config();
class ComponentDetection {
// This is the default entry point for this class.
static scanAndGetManifests(path) {
return __awaiter(this, void 0, void 0, function* () {
yield this.downloadLatestRelease();
yield this.runComponentDetection(path);
return yield this.getManifestsFromResults();
});
}
// Get the latest release from the component-detection repo, download the tarball, and extract it
static downloadLatestRelease() {
return __awaiter(this, void 0, void 0, function* () {
try {
core.debug(`Downloading latest release for ${process.platform}`);
const downloadURL = yield this.getLatestReleaseURL();
const blob = yield (yield (0, cross_fetch_1.default)(new URL(downloadURL))).blob();
const arrayBuffer = yield blob.arrayBuffer();
const buffer = Buffer.from(arrayBuffer);
// Write the blob to a file
core.debug(`Writing binary to file ${this.componentDetectionPath}`);
yield fs_1.default.writeFileSync(this.componentDetectionPath, buffer, { mode: 0o777, flag: 'w' });
}
catch (error) {
core.error(error);
}
});
}
// Run the component-detection CLI on the path specified
static runComponentDetection(path) {
return __awaiter(this, void 0, void 0, function* () {
core.info("Running component-detection");
try {
yield exec.exec(`${this.componentDetectionPath} scan --SourceDirectory ${path} --ManifestFile ${this.outputPath} ${this.getComponentDetectionParameters()}`);
}
catch (error) {
core.error(error);
}
});
}
static getComponentDetectionParameters() {
var parameters = "";
parameters += (core.getInput('directoryExclusionList')) ? ` --DirectoryExclusionList ${core.getInput('directoryExclusionList')}` : "";
parameters += (core.getInput('detectorArgs')) ? ` --DetectorArgs ${core.getInput('detectorArgs')}` : "";
parameters += (core.getInput('detectorsFilter')) ? ` --DetectorsFilter ${core.getInput('detectorsFilter')}` : "";
parameters += (core.getInput('dockerImagesToScan')) ? ` --DockerImagesToScan ${core.getInput('dockerImagesToScan')}` : "";
return parameters;
}
static getManifestsFromResults() {
return __awaiter(this, void 0, void 0, function* () {
core.info("Getting manifests from results");
// Parse the result file and add the packages to the package cache
const packageCache = new dependency_submission_toolkit_1.PackageCache();
const packages = [];
const results = yield fs_1.default.readFileSync(this.outputPath, 'utf8');
var json = JSON.parse(results);
json.componentsFound.forEach((component) => __awaiter(this, void 0, void 0, function* () {
const packageUrl = ComponentDetection.makePackageUrl(component.component.packageUrl);
if (!packageCache.hasPackage(packageUrl)) {
const pkg = new ComponentDetectionPackage(packageUrl, component.component.id, component.isDevelopmentDependency, component.topLevelReferrers, component.locationsFoundAt, component.containerDetailIds, component.containerLayerIds);
packageCache.addPackage(pkg);
packages.push(pkg);
}
}));
// Set the transitive dependencies
core.debug("Sorting out transitive dependencies");
packages.forEach((pkg) => __awaiter(this, void 0, void 0, function* () {
pkg.topLevelReferrers.forEach((referrer) => __awaiter(this, void 0, void 0, function* () {
const referrerPackage = packageCache.lookupPackage(ComponentDetection.makePackageUrl(referrer.packageUrl));
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
}));
}));
// Create manifests
const manifests = [];
// Check the locationsFoundAt for every package and add each as a manifest
packages.forEach((pkg) => __awaiter(this, void 0, void 0, function* () {
pkg.locationsFoundAt.forEach((location) => __awaiter(this, void 0, void 0, function* () {
var _a, _b;
if (!manifests.find((manifest) => manifest.name == location)) {
const manifest = new dependency_submission_toolkit_1.Manifest(location, location);
manifests.push(manifest);
}
if (pkg.topLevelReferrers.length == 0) {
(_a = manifests.find((manifest) => manifest.name == location)) === null || _a === void 0 ? void 0 : _a.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
else {
(_b = manifests.find((manifest) => manifest.name == location)) === null || _b === void 0 ? void 0 : _b.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
}));
}));
return manifests;
});
}
static getDependencyScope(pkg) {
return pkg.isDevelopmentDependency ? 'development' : 'runtime';
}
static makePackageUrl(packageUrlJson) {
var packageUrl = `${packageUrlJson.Scheme}:${packageUrlJson.Type}/`;
if (packageUrlJson.Namespace) {
packageUrl += `${packageUrlJson.Namespace.replaceAll("@", "%40")}/`;
}
packageUrl += `${packageUrlJson.Name.replaceAll("@", "%40")}`;
if (packageUrlJson.Version) {
packageUrl += `@${packageUrlJson.Version}`;
}
if (packageUrlJson.Qualifiers) {
packageUrl += `?${packageUrlJson.Qualifiers}`;
}
return packageUrl;
}
static getLatestReleaseURL() {
return __awaiter(this, void 0, void 0, function* () {
const githubToken = core.getInput('token') || process.env.GITHUB_TOKEN || "";
const octokit = github.getOctokit(githubToken);
const owner = "microsoft";
const repo = "component-detection";
const latestRelease = yield octokit.rest.repos.getLatestRelease({
owner, repo
});
var downloadURL = "";
const assetName = process.platform === "win32" ? "component-detection-win-x64.exe" : "component-detection-linux-x64";
latestRelease.data.assets.forEach((asset) => {
if (asset.name === assetName) {
downloadURL = asset.browser_download_url;
}
});
return downloadURL;
});
}
}
exports["default"] = ComponentDetection;
ComponentDetection.componentDetectionPath = process.platform === "win32" ? './component-detection.exe' : './component-detection';
ComponentDetection.outputPath = './output.json';
class ComponentDetectionPackage extends dependency_submission_toolkit_1.Package {
constructor(packageUrl, id, isDevelopmentDependency, topLevelReferrers, locationsFoundAt, containerDetailIds, containerLayerIds) {
super(packageUrl);
this.id = id;
this.isDevelopmentDependency = isDevelopmentDependency;
this.topLevelReferrers = topLevelReferrers;
this.locationsFoundAt = locationsFoundAt;
this.containerDetailIds = containerDetailIds;
this.containerLayerIds = containerLayerIds;
}
}
/***/ }),
@@ -23471,67 +23472,67 @@ class ComponentDetectionPackage extends dependency_submission_toolkit_1.Package
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
const core = __importStar(__nccwpck_require__(2186));
const github = __importStar(__nccwpck_require__(5438));
const dependency_submission_toolkit_1 = __nccwpck_require__(9810);
const componentDetection_1 = __importDefault(__nccwpck_require__(4878));
function run() {
return __awaiter(this, void 0, void 0, function* () {
let manifests = yield componentDetection_1.default.scanAndGetManifests(core.getInput('filePath'));
let snapshot = new dependency_submission_toolkit_1.Snapshot({
name: "Component Detection",
version: "0.0.1",
url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
}, github.context, {
correlator: `${github.context.job}`,
id: github.context.runId.toString()
});
core.debug(`Manifests: ${manifests === null || manifests === void 0 ? void 0 : manifests.length}`);
manifests === null || manifests === void 0 ? void 0 : manifests.forEach(manifest => {
core.debug(`Manifest: ${JSON.stringify(manifest)}`);
snapshot.addManifest(manifest);
});
(0, dependency_submission_toolkit_1.submitSnapshot)(snapshot);
});
}
run();
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
const core = __importStar(__nccwpck_require__(2186));
const github = __importStar(__nccwpck_require__(5438));
const dependency_submission_toolkit_1 = __nccwpck_require__(9810);
const componentDetection_1 = __importDefault(__nccwpck_require__(4878));
function run() {
return __awaiter(this, void 0, void 0, function* () {
let manifests = yield componentDetection_1.default.scanAndGetManifests(core.getInput('filePath'));
let snapshot = new dependency_submission_toolkit_1.Snapshot({
name: "Component Detection",
version: "0.0.1",
url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
}, github.context, {
correlator: `${github.context.job}`,
id: github.context.runId.toString()
});
core.debug(`Manifests: ${manifests === null || manifests === void 0 ? void 0 : manifests.length}`);
manifests === null || manifests === void 0 ? void 0 : manifests.forEach(manifest => {
core.debug(`Manifest: ${JSON.stringify(manifest)}`);
snapshot.addManifest(manifest);
});
(0, dependency_submission_toolkit_1.submitSnapshot)(snapshot);
});
}
run();
/***/ }),
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long