forked from jfrog/ide-plugins-common
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
🐛 - fixed issue regarding Yarn1 impact tree
- Loading branch information
1 parent
cd6a068
commit 84c39ba
Showing
2 changed files
with
23 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,7 @@ | |
| import com.fasterxml.jackson.databind.ObjectMapper; | ||
| import com.jfrog.ide.common.deptree.DepTree; | ||
| import com.jfrog.ide.common.deptree.DepTreeNode; | ||
| import com.jfrog.ide.common.nodes.subentities.ImpactTree; | ||
| import org.apache.commons.lang3.StringUtils; | ||
| import org.jfrog.build.api.util.Log; | ||
|
|
||
|
|
@@ -95,25 +96,29 @@ private void addDepTreeNodes(Map<String, DepTreeNode> nodes, JsonNode jsonDep, D | |
| /** | ||
| * Extracts a single dependency path from a raw dependency string. | ||
| * | ||
| * @param rawDependencyPath - The raw dependency path string. | ||
| * @param rawDependencyPaths - The raw dependency path string. | ||
| * @return The extracted dependency path. | ||
| */ | ||
|
|
||
| private List<List<String>> extractMultiplePaths(String packageFullName, List<String> rawDependencyPath) { | ||
| private List<List<String>> extractMultiplePaths(String projectRootId, String packageFullName, List<String> rawDependencyPaths) { | ||
| List<List<String>> paths = new ArrayList<>(); | ||
| for (String rawDependency : rawDependencyPath) { | ||
| List<String> path = extractSinglePath(packageFullName, rawDependency); | ||
| int limit = rawDependencyPaths.size() < ImpactTree.IMPACT_PATHS_LIMIT ? rawDependencyPaths.size() : 50; | ||
| for (int i = 0; i < limit; i++) { | ||
| List<String> path = extractSinglePath(projectRootId, packageFullName, rawDependencyPaths.get(i)); | ||
| if (path != null) { | ||
| paths.add(path); | ||
| } | ||
| } | ||
| return paths; | ||
| } | ||
|
|
||
| private List<String> extractSinglePath(String packageFullName, String rawDependency) { | ||
| private List<String> extractSinglePath(String projectRootId, String packageFullName, String rawDependency) { | ||
| List<String> pathResult = new ArrayList<>(); | ||
| pathResult.add(projectRootId); | ||
| if (StringUtils.contains(rawDependency, "Specified in")) { | ||
| // return the package name | ||
| return Collections.singletonList(packageFullName); | ||
| // This is a direct dependency | ||
| pathResult.add(packageFullName); | ||
| return pathResult; | ||
| } | ||
| int startIndex = StringUtils.indexOf(rawDependency, '"'); | ||
| int endIndex = StringUtils.indexOf(rawDependency, '"', startIndex + 1); | ||
|
|
@@ -127,7 +132,8 @@ private List<String> extractSinglePath(String packageFullName, String rawDepende | |
| splitPath = Arrays.copyOf(splitPath, splitPath.length + 1); | ||
| } | ||
| splitPath[splitPath.length - 1] = packageFullName; | ||
| return Arrays.asList(splitPath); | ||
| pathResult.addAll(Arrays.asList(splitPath)); | ||
| return pathResult; | ||
| } | ||
| return null; | ||
| } | ||
|
|
@@ -148,7 +154,7 @@ private List<String> extractSinglePath(String packageFullName, String rawDepende | |
| * @param packageVersions - The package versions. | ||
| * @return A list of vulnerable dependency chains to the root. | ||
| */ | ||
| public DepTree findDependencyPath(Log logger, String packageName, Set<String> packageVersions) throws IOException { | ||
| public Map<String, List<List<String>>> findDependencyImpactPaths(Log logger, String projectRootId, String packageName, Set<String> packageVersions) throws IOException { | ||
| JsonNode[] yarnWhyItem = yarnDriver.why(projectDir.toFile(), packageName); | ||
| if (yarnWhyItem[0].has("problems")) { | ||
| logger.warn("Errors occurred during building the yarn dependency tree. " + | ||
|
|
@@ -170,21 +176,20 @@ public DepTree findDependencyPath(Log logger, String packageName, Set<String> pa | |
| yarnWhyVersion = StringUtils.substringAfter(yarnWhyPackage, "@"); | ||
| packageFullName = packageName + ":" + yarnWhyVersion; | ||
| } else if (dataNodeAsText.contains("This module exists because") && packageVersions.contains(yarnWhyVersion)) { | ||
| packageImpactPaths.put(packageFullName, extractMultiplePaths(packageFullName, Collections.singletonList(dataNodeAsText))); | ||
| packageImpactPaths.put(packageFullName, extractMultiplePaths(projectRootId, packageFullName, Collections.singletonList(dataNodeAsText))); | ||
| } | ||
| break; | ||
| case "list": | ||
| if (packageVersions.contains(yarnWhyVersion)) { | ||
| JsonNode itemsNode = getJsonField(dataNode, "items"); | ||
| List<String> items = new ArrayList<>(); | ||
| itemsNode.elements().forEachRemaining(item -> items.add(item.asText())); | ||
| packageImpactPaths.put(packageFullName, extractMultiplePaths(packageFullName, items)); | ||
| packageImpactPaths.put(packageFullName, extractMultiplePaths(projectRootId, packageFullName, items)); | ||
| } | ||
| break; | ||
| } | ||
| } | ||
| System.out.println(packageImpactPaths); | ||
| return new DepTree("123", new HashMap<>()); | ||
| return packageImpactPaths; | ||
| } | ||
| /** | ||
| * Convert Yarn's package name (e.g. @scope/[email protected]) to Xray's component ID (e.g. @scope/comp:1.0.0). | ||
|
|
||