From cb717634aeb71721e7fdbe0d39baef8d80489f53 Mon Sep 17 00:00:00 2001 From: Bradley Meck Farias Date: Tue, 22 Aug 2023 18:03:40 -0500 Subject: [PATCH] make argv parsing more tolerant and align with GH --- lib/utils/path-resolve.js | 129 ++++++++++++++++---------------------- package-lock.json | 5 +- package.json | 1 - test/path-resolve.test.js | 22 ++----- 4 files changed, 62 insertions(+), 95 deletions(-) diff --git a/lib/utils/path-resolve.js b/lib/utils/path-resolve.js index cbf15ed..1938e14 100644 --- a/lib/utils/path-resolve.js +++ b/lib/utils/path-resolve.js @@ -5,7 +5,6 @@ import { globby } from 'globby' import ignore from 'ignore' // @ts-ignore This package provides no types import { directories } from 'ignore-by-default' -import micromatch from 'micromatch' import { ErrorWithCause } from 'pony-cause' import { InputError } from './errors.js' @@ -94,85 +93,65 @@ export async function mapGlobResultToFiles (entries, supportedFiles) { * @throws {InputError} */ export async function mapGlobEntryToFiles (entry, supportedFiles) { - /** @type {string|undefined} */ - let pkgJSFile - /** @type {string[]} */ - let jsLockFiles = [] - /** @type {string[]} */ - let pyFiles = [] - /** @type {string|undefined} */ - let pkgGoFile - /** @type {string[]} */ - let goExtraFiles = [] - const jsSupported = supportedFiles['npm'] || {} - const jsLockFilePatterns = Object.keys(jsSupported) - .filter(key => key !== 'packagejson') - .map(key => /** @type {{ pattern: string }} */ (jsSupported[key]).pattern) + const jsLockFilePatterns = Object.values(jsSupported) + // .filter(key => key !== 'packagejson') + .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`) const pyFilePatterns = Object.values(supportedFiles['pypi'] || {}) - .map(p => /** @type {{ pattern: string }} */ (p).pattern) + .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`) const goSupported = supportedFiles['go'] || {} - const goSupplementalPatterns = Object.keys(goSupported) - .filter(key => key !== 'gomod') - .map(key => /** @type {{ pattern: string }} */ (goSupported[key]).pattern) - - if (entry.endsWith('/')) { - // If the match is a folder and that folder contains a package.json file, then include it - const jsPkg = path.resolve(entry, 'package.json') - if (await fileExists(jsPkg)) pkgJSFile = jsPkg - - const goPkg = path.resolve(entry, 'go.mod') - if (await fileExists(goPkg)) pkgGoFile = goPkg - - pyFiles = await globby(pyFilePatterns, { - ...BASE_GLOBBY_OPTS, - cwd: entry - }) - } else { - const entryFile = path.basename(entry) - - if (entryFile === 'package.json') { - // If the match is a package.json file, then include it - pkgJSFile = entry - } else if (micromatch.isMatch(entryFile, jsLockFilePatterns)) { - jsLockFiles = [entry] - pkgJSFile = path.resolve(path.dirname(entry), 'package.json') - if (!(await fileExists(pkgJSFile))) return [] - } else if (entryFile === 'go.mod') { - pkgGoFile = entry - } else if (micromatch.isMatch(entryFile, goSupplementalPatterns)) { - goExtraFiles = [entry] - pkgGoFile = path.resolve(path.dirname(entry), 'go.mod') - } else if (micromatch.isMatch(entryFile, pyFilePatterns)) { - pyFiles = [entry] - } - } - - // If we will include a package.json file but don't already have a corresponding lockfile, then look for one - if (!jsLockFiles.length && pkgJSFile) { - const pkgDir = path.dirname(pkgJSFile) - - jsLockFiles = await globby(jsLockFilePatterns, { - ...BASE_GLOBBY_OPTS, - cwd: pkgDir - }) - } - - if (!goExtraFiles.length && pkgGoFile) { - // get go.sum whenever possible - const pkgDir = path.dirname(pkgGoFile) - - goExtraFiles = await globby(goSupplementalPatterns, { - ...BASE_GLOBBY_OPTS, - cwd: pkgDir - }) - } - - return [...jsLockFiles, ...pyFiles, ...goExtraFiles] - .concat(pkgJSFile ? [pkgJSFile] : []) - .concat(pkgGoFile ? [pkgGoFile] : []) + const goSupplementalPatterns = Object.values(goSupported) + // .filter(key => key !== 'gomod') + .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`) + + const files = await globby([ + ...jsLockFilePatterns, + ...pyFilePatterns, + ...goSupplementalPatterns + ], { + ...BASE_GLOBBY_OPTS, + onlyFiles: true, + cwd: path.resolve((await stat(entry)).isDirectory() ? entry : path.dirname(entry)) + }) + return files + + // if (entry.endsWith('/')) { + // // If the match is a folder and that folder contains a package.json file, then include it + // const jsPkg = path.resolve(entry, 'package.json') + // if (await fileExists(jsPkg)) pkgJSFile = jsPkg + + // const goPkg = path.resolve(entry, 'go.mod') + // if (await fileExists(goPkg)) pkgGoFile = goPkg + + // pyFiles = await globby(pyFilePatterns, { + // ...BASE_GLOBBY_OPTS, + // cwd: entry + // }) + // } else { + // const entryFile = path.basename(entry) + + // if (entryFile === 'package.json') { + // // If the match is a package.json file, then include it + // pkgJSFile = entry + // } else if (micromatch.isMatch(entryFile, jsLockFilePatterns)) { + // jsLockFiles = [entry] + // pkgJSFile = path.resolve(path.dirname(entry), 'package.json') + // if (!(await fileExists(pkgJSFile))) return [] + // } else if (entryFile === 'go.mod') { + // pkgGoFile = entry + // } else if (micromatch.isMatch(entryFile, goSupplementalPatterns)) { + // goExtraFiles = [entry] + // pkgGoFile = path.resolve(path.dirname(entry), 'go.mod') + // } else if (micromatch.isMatch(entryFile, pyFilePatterns)) { + // pyFiles = [entry] + // } + // } + + // return [...jsLockFiles, ...pyFiles, ...goExtraFiles] + // .concat(pkgJSFile ? [pkgJSFile] : []) + // .concat(pkgGoFile ? [pkgGoFile] : []) } /** diff --git a/package-lock.json b/package-lock.json index 3858e33..df10174 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@socketsecurity/cli", - "version": "0.8.0", + "version": "0.8.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@socketsecurity/cli", - "version": "0.8.0", + "version": "0.8.1", "license": "MIT", "dependencies": { "@apideck/better-ajv-errors": "^0.3.6", @@ -20,7 +20,6 @@ "is-interactive": "^2.0.0", "is-unicode-supported": "^1.3.0", "meow": "^12.0.1", - "micromatch": "^4.0.5", "ora": "^6.1.2", "pony-cause": "^2.1.8", "prompts": "^2.4.2", diff --git a/package.json b/package.json index f1e7933..872b2df 100644 --- a/package.json +++ b/package.json @@ -91,7 +91,6 @@ "is-interactive": "^2.0.0", "is-unicode-supported": "^1.3.0", "meow": "^12.0.1", - "micromatch": "^4.0.5", "ora": "^6.1.2", "pony-cause": "^2.1.8", "prompts": "^2.4.2", diff --git a/test/path-resolve.test.js b/test/path-resolve.test.js index 15f7195..134995a 100644 --- a/test/path-resolve.test.js +++ b/test/path-resolve.test.js @@ -124,13 +124,11 @@ describe('Path Resolve', () => { assert.deepEqual(await sortedMapGlobEntry('/foo.txt', globPatterns), []) }) - it('should throw on errors', async () => { + it('should be lenient on oddities', async () => { mockFs({ '/package.json': { /* Empty directory */ }, }) - await assert.rejects(sortedMapGlobEntry('/', globPatterns), (e) => { - return e instanceof InputError && e.message.includes('Expected \'/package.json\' to be a file') - }) + await assert.deepEqual(await sortedMapGlobEntry('/', globPatterns), []) }) }) @@ -157,7 +155,7 @@ describe('Path Resolve', () => { mockFs({ '/package-lock.json': '{}', }) - assert.deepEqual(await sortedMapGlobEntry('/', globPatterns), []) + assert.deepEqual(await sortedMapGlobEntry('/', globPatterns), ['/package-lock.json']) }) it('should support alternative lock files', async () => { @@ -191,19 +189,11 @@ describe('Path Resolve', () => { assert.strict.deepEqual(await sortedMapGlobEntry('/package.json', globPatterns), ['/package.json']) }) - it('should not validate the input file', async () => { + it('should validate the input file', async () => { mockFs({}) - assert.deepEqual(await sortedMapGlobEntry('/package.json', globPatterns), ['/package.json']) - }) - - it('should not validate the input file, but still add a complementary lock file', async () => { - mockFs({ - '/package-lock.json': '{}', + return assert.rejects(sortedMapGlobEntry('/package.json', globPatterns), (err) => { + return err instanceof Error && err.message.includes('ENOENT') }) - assert.deepEqual(await sortedMapGlobEntry('/package.json', globPatterns), [ - '/package-lock.json', - '/package.json' - ]) }) it('should support alternative lock files', async () => {