Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: depGraph snyk-test for npm and yarn #459

Closed
wants to merge 4 commits into from
Closed

feat: depGraph snyk-test for npm and yarn #459

wants to merge 4 commits into from

Conversation

orsagie
Copy link
Contributor

@orsagie orsagie commented Apr 29, 2019
edited
Loading

  • Ready for review
  • Follows CONTRIBUTING rules
  • Reviewed by Snyk internal team

What does this PR do?

  • Refactors the snyk-test/npm path.
  • sends a depGraph to vuln test-dep-graph endpoint and converts the result back to a depTree

@orsagie orsagie force-pushed the refactor/snyk-test-npm branch 10 times, most recently from 85e7787 to a1129d6 Compare May 5, 2019 13:43
@orsagie orsagie changed the title refactor: typescript snyk-test for npm and yarn feat: depGraph snyk-test for npm and yarn May 5, 2019
@orsagie orsagie force-pushed the refactor/snyk-test-npm branch from a1129d6 to fbad1a6 Compare May 6, 2019 06:58
@orsagie orsagie force-pushed the refactor/snyk-test-npm branch from fbad1a6 to a798a2e Compare May 6, 2019 12:17
@orsagie orsagie closed this May 6, 2019
@orsagie orsagie reopened this May 6, 2019
@orsagie orsagie mentioned this pull request May 6, 2019
Merged
3 tasks
@orsagie orsagie closed this May 6, 2019
@orsagie orsagie reopened this May 6, 2019
@orsagie orsagie closed this May 6, 2019
@orsagie orsagie reopened this May 6, 2019
@orsagie orsagie closed this May 6, 2019
@orsagie orsagie reopened this May 6, 2019
@orsagie orsagie closed this May 6, 2019
@orsagie orsagie reopened this May 6, 2019
@orsagie orsagie closed this May 6, 2019
@orsagie orsagie requested review from lili2311, kyegupov and miiila May 7, 2019 10:07
kyegupov
kyegupov reviewed May 7, 2019
View reviewed changes
src/lib/snyk-test/index.js Outdated Show resolved Hide resolved
src/lib/snyk-test/npm-plugin/index.ts Outdated Show resolved Hide resolved
src/lib/snyk-test/npm-plugin/npm-lock-parser.ts Outdated

if (!manifestFileFullPath && lockFileFullPath) {
throw new Error('Detected a lockfile at location: '
+ lockFileFullPath + '\n However the package.json is missing!');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

misleading message: it appears to be not missing, but rather unspecified

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that I look at it, there is no way for it to not be specified. And we already check that it exists earlier, so will altogether remove this check.

src/lib/snyk-test/npm-plugin/npm-lock-parser.ts Outdated Show resolved Hide resolved
src/lib/snyk-test/npm-plugin/npm-lock-parser.ts Outdated
import * as fs from 'fs';
import * as lockFileParser from 'snyk-nodejs-lockfile-parser';

export async function parse(root, targetFile, options) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you specify the parameter and return types please? it's very useful for exported functions

src/lib/snyk-test/npm/index.ts Show resolved Hide resolved
src/lib/snyk-test/npm/index.ts Show resolved Hide resolved
src/lib/snyk-test/npm/index.ts

function countUniqueVulns(vulns: AnnotatedIssue[]): number {
const seen = {};
const count = vulns.reduce((acc, curr) => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd much rather use for..of and Object.keys(seen).length instead of reduce and acc

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code is mostly copied from what it was, and is going away in next PR.

src/lib/snyk-test/npm/index.ts

return {
method: 'POST',
// options.vulnEndpoint is only used for file system tests
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this comment belongs above, where options.vulnEndpoint is actually used?
Also, I think, vulnEndpoint itself could use more explanation. When is it set, what does it mean, can the code between those two calls be shared?

src/lib/snyk-test/npm/index.ts
return assembleRemotePayload(root, options);
}

function assembleRemotePayload(root: string, options): Payload {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assembleRemotePayload is not immediately understandable. Maybe rename it to payloadForTestingRepositoryPackages? and the other one payloadForTestingLocalPackages?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will do it for the next PR

@kyegupov kyegupov mentioned this pull request May 7, 2019
Closed
3 tasks
@orsagie orsagie force-pushed the refactor/snyk-test-npm branch from fcf95e9 to 6ccd088 Compare May 8, 2019 09:43
miiila
miiila approved these changes May 8, 2019
View reviewed changes
Copy link
Contributor

@miiila miiila left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the review and testing of this version, everything seems to be OK. Please consider all @kyegupov's comments, I haven't repeated them.

src/lib/snyk-test/npm/index.ts
analytics.add('vulns-pre-policy', res.vulnerabilities.length);

res.filesystemPolicy = filesystemPolicy;
res.filesystemPolicy = !!payloadPolicy;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is filesystemPolicy even used somewhere? :-)

@kyegupov
Copy link
Contributor

kyegupov commented May 8, 2019

Superseded by #494

@kyegupov kyegupov closed this May 8, 2019
@kyegupov kyegupov mentioned this pull request May 8, 2019
Merged
3 tasks
@orsagie orsagie deleted the refactor/snyk-test-npm branch May 12, 2019 08:43
@leongold leongold mentioned this pull request Nov 30, 2022
Open
This was referenced Nov 30, 2022
Open
Open
@david-j-bailey david-j-bailey mentioned this pull request Nov 30, 2022
Open
This was referenced Nov 30, 2022
Open
Open
Open
@froscheimer froscheimer mentioned this pull request Dec 1, 2022
Open
@sapans30 sapans30 mentioned this pull request Dec 1, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Dec 1, 2022
Open
@hiep98 hiep98 mentioned this pull request Dec 1, 2022
Open
This was referenced Dec 1, 2022
Open
Open
@romathur romathur mentioned this pull request Dec 1, 2022
Open
This was referenced Dec 1, 2022
Open
Open
@RotemMiara RotemMiara mentioned this pull request Dec 1, 2022
Open
@robin-qualityengineer robin-qualityengineer mentioned this pull request Dec 2, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kyegupov kyegupov kyegupov left review comments

@miiila miiila miiila approved these changes

@lili2311 lili2311 Awaiting requested review from lili2311

Assignees

@orsagie orsagie

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@orsagie @kyegupov @miiila