Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat/lockfile parser lib #188

Merged
merged 14 commits into from
Aug 16, 2018
Prev Previous commit
refactor: removing non-needed promises + moving to dedicated parameters
  • Loading branch information
Mila Votradovec committed Aug 15, 2018
commit 5cf157c45732699200399b6f5139043abeb5eb56
34 changes: 15 additions & 19 deletions lib/snyk-test/npm/index.js
Original file line number Diff line number Diff line change
@@ -30,14 +30,13 @@ function test(root, options) {
authorization: 'token ' + snyk.api,
},
};
options.hasDevDependencies = false;
options.root = root;
var hasDevDependencies = false;

// if the file exists, let's read the package file and post
// that up to the server.
// if the file exists, let's read the package files and post
// the dependency tree to the server.
// if it doesn't, then we're assuming this is an existing
// module on npm, so send the bare argument
const p = fs.exists(root)
return fs.exists(root)
.then((exists) => {
if (!exists) {
var module = moduleToObject(root);
@@ -74,7 +73,7 @@ function test(root, options) {
policyLocations = policyLocations.concat(pluckPolicies(pkg));
debug('policies found', policyLocations);
analytics.add('policies', policyLocations.length);
options.hasDevDependencies = pkg.hasDevDependencies;
hasDevDependencies = pkg.hasDevDependencies;
payload.method = 'POST';
payload.body = pkg;
payload.qs = common.assembleQueryString(options);
@@ -97,9 +96,10 @@ function test(root, options) {
throw error;
});
});
}).then((data) => {
// modules is either null (as defined) or was updated during the flow using node modules
return queryForVulns(data, modules, hasDevDependencies, root, options);
});

return queryForVulns(p, modules, options);
}

function generateDependenciesFromLockfile(root, options) {
@@ -149,8 +149,6 @@ function generateDependenciesFromLockfile(root, options) {
function getDependenciesFromNodeModules(root, options) {
return fs.exists(path.join(root, 'node_modules'))
.then(function (nodeModulesExist) {
options.hasDevDependencies = false;

if (!nodeModulesExist) {
// throw a custom error
throw new Error('Missing node_modules folder: we can\'t test ' +
@@ -169,14 +167,11 @@ function getDependenciesFromNodeModules(root, options) {
});
}

function queryForVulns(p, modules, options) {
function queryForVulns(data, modules, hasDevDependencies, root, options) {
var lbl = 'Querying vulnerabilities database...';
return p.then(function (data) {
return spinner(lbl).then(function () {
return data;
});
})
.then(function (data) {

return spinner(lbl)
.then(function () {
var filesystemPolicy = data.payload.body && !!data.payload.body.policy;
analytics.add('packageManager', 'npm');
analytics.add('packageName', data.package.name);
@@ -198,7 +193,7 @@ function queryForVulns(p, modules, options) {
// this is the case where a local module has been tested, but
// doesn't have any production deps, but we've noted that they
// have dep deps, so we'll error with a more useful message
if (res.statusCode === 404 && options.hasDevDependencies) {
if (res.statusCode === 404 && hasDevDependencies) {
err.code = 'NOT_FOUND_HAS_DEV_DEPS';
} else {
err.code = res.statusCode;
@@ -217,6 +212,7 @@ function queryForVulns(p, modules, options) {
});
});
}).then(function (res) {
// This branch is valid for node modules flow only
if (modules) {
res.dependencyCount = modules.numDependencies;
if (res.vulnerabilities) {
@@ -249,7 +245,7 @@ function queryForVulns(p, modules, options) {

return snyk.policy.loadFromText(res.policy)
.then(function (policy) {
return policy.filter(res, options.root);
return policy.filter(res, root);
});
}).then(function (res) {
analytics.add('vulns', res.vulnerabilities.length);