From a51c6e55eaee35a598a9cb1ae02d89754f5c34ed Mon Sep 17 00:00:00 2001 From: Phu Thai Date: Fri, 22 Oct 2021 16:49:00 -0400 Subject: [PATCH] Two seperate commands for identifying and updating outdated packages Signed-off-by: Phu Thai --- Makefile | 10 ++++ tools/python/verify_npm_packages.py | 92 +++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100644 tools/python/verify_npm_packages.py diff --git a/Makefile b/Makefile index 9911a03f..a951b6c7 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,16 @@ help: ## Display the Make targets @grep -E '^[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \ awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-25s\033[0m %s\n", $$1, $$2}' +.PHONY: check_npm_packages +check_npm_packages: ## Verify NPM packages + @python3 tools/python/verify_npm_packages.py 1 + @echo "$@: OK" + +.PHONY: update_npm_packages +update_npm_packages: ## Update NPM packages + @python3 tools/python/verify_npm_packages.py 0 + @echo "$@: OK" + .PHONY: check_doc_links check_doc_links: ## Check Markdown files for valid links @pip3 show requests > /dev/null || pip3 install requests diff --git a/tools/python/verify_npm_packages.py b/tools/python/verify_npm_packages.py new file mode 100644 index 00000000..6cf3f677 --- /dev/null +++ b/tools/python/verify_npm_packages.py @@ -0,0 +1,92 @@ +import sys +from subprocess import PIPE, run + +no_vulnerabilities = "found 0 vulnerabilities" + + +class colorText: + RED = "\033[1;31m" + BLUE = "\033[1;34m" + GREEN = "\033[0;32m" + END = "\033[0;0m" + + +def audit_npm(continue_to_audit: bool): + if not continue_to_audit: + return + + format_vulnerablility_output = "" + audit_npm = ( + run("npm audit fix", cwd="./dashboard/origin-mlx/", stdout=PIPE, shell=True) + .stdout.decode("utf-8") + .split("\n\n") + ) + for message in audit_npm: + format_vulnerablility_output = ( + message if "vulnerabilities" in message else format_vulnerablility_output + ) + if no_vulnerabilities not in audit_npm: + print( + f"\n\n{colorText.RED}Vulnerabilites still present:\n{format_vulnerablility_output}{colorText.END}" + ) + print("\nMaual investigation necessary to prevent breaking changes\n\n") + print( + f"Run:\n\t{colorText.GREEN}npm audit{colorText.END}\nand scroll up to manually manage breaking changes\n\n" + ) + print( + f"Run:\n\t{colorText.GREEN}npm audit fix --force{colorText.END}\nto force update all packages including breaking changes\n\n" + ) + + +def fix_vulnerabilities() -> (bool, str): + continue_audit = False + format_vulnerablility_output = "" + + run(["rm", "package-lock.json"], cwd="./dashboard/origin-mlx/") + update_npm = run( + "npm update", cwd="./dashboard/origin-mlx/", stdout=PIPE, shell=True + ).stdout.decode("utf-8") + + has_vulnerabilities = no_vulnerabilities not in update_npm + return (has_vulnerabilities, update_npm) + + +def identify_remaining_vulnerabilities(identified_vulnerabilities: (bool, str)) -> bool: + has_vulnerabilities, update_npm = identified_vulnerabilities + format_vulnerablility_output = "" + update_npm = update_npm.split("\n") + + if has_vulnerabilities: + for message in update_npm: + format_vulnerablility_output = ( + message + if "vulnerabilities" in message + else format_vulnerablility_output + ) + user_input = input( + f"{colorText.RED}\n\nVulnerabilities found:\n{format_vulnerablility_output}{colorText.END}\n\nWould you like to audit? [y,n]: " + ) + return True if user_input in ["Y", "y"] else False + + +def verify_npm_packages(): + check_outdated = run("npm outdated", cwd="./dashboard/origin-mlx/", shell=True) + packages_outdated = f"\n\nFound outdated npm packages\n\nRun {colorText.BLUE}make update_npm_packages{colorText.END} to update\n" + packages_up_to_date = "All packages up to date" + + print(packages_outdated) if check_outdated.returncode == 1 else print( + packages_up_to_date + ) + + +if __name__ == "__main__": + check_packages = int(sys.argv[-1]) + + if check_packages: + verify_npm_packages() + else: + remaining_vulnerabilities = fix_vulnerabilities() + continue_to_audit = identify_remaining_vulnerabilities( + remaining_vulnerabilities + ) + audit_npm(continue_to_audit)