Skip to content

Commit

Permalink
feat(deps): add yarn lock dependency tree (#3348)
Browse files Browse the repository at this point in the history
  • Loading branch information
VaismanLior authored Dec 29, 2022
1 parent 4d59a1e commit 025e509
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 14 deletions.
2 changes: 1 addition & 1 deletion docs/docs/vulnerability/examples/report.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ This flag is only available with the `--format table` flag.
The following packages/languages are currently supported:

- OS packages (apk, dpkg and rpm)
- Node.js (package-lock.json)
- Node.js (package-lock.json and yarn.lock)
- Nuget lock files (packages.lock.json)
- Rust Binaries built with [cargo-auditable][cargo-auditable]

Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ require (
github.com/alicebob/miniredis/v2 v2.23.0
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/defsec v0.82.7-0.20221229120130-2bc18528da1c
github.com/aquasecurity/go-dep-parser v0.0.0-20221227140654-09a64a5d9b51
github.com/aquasecurity/go-dep-parser v0.0.0-20221229114138-e380bc98c4ea
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
Expand Down Expand Up @@ -73,7 +73,7 @@ require (
github.com/twitchtv/twirp v8.1.2+incompatible
github.com/xlab/treeprint v1.1.0
go.etcd.io/bbolt v1.3.6
go.uber.org/zap v1.23.0
go.uber.org/zap v1.24.0
golang.org/x/exp v0.0.0-20220823124025-807a23277127
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
google.golang.org/protobuf v1.28.1
Expand Down
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -195,8 +195,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.82.7-0.20221229120130-2bc18528da1c h1:Z7Uj3+zo6NJa9SFtMgGItZSqDMT3F7fPfCfXTdS3hKI=
github.com/aquasecurity/defsec v0.82.7-0.20221229120130-2bc18528da1c/go.mod h1:sUdW6pzASralDcs+CDOE+QpWfBJt3/PY1Qbg8CS5flg=
github.com/aquasecurity/go-dep-parser v0.0.0-20221227140654-09a64a5d9b51 h1:1mbTWnP/NzDrbyYaDzS2xIxuoAuhY3N62qZCTuSqfSo=
github.com/aquasecurity/go-dep-parser v0.0.0-20221227140654-09a64a5d9b51/go.mod h1:ZCiGJgdQxCateSw3nPMwZvp9J/+nU8/3DcGY/NO71e4=
github.com/aquasecurity/go-dep-parser v0.0.0-20221229114138-e380bc98c4ea h1:/CRzdg2jhJYMWS08xjocn3UgaXMuQl/TwjTZfz4HhbM=
github.com/aquasecurity/go-dep-parser v0.0.0-20221229114138-e380bc98c4ea/go.mod h1:sVaiFgCEAOD3REZ8yamINqBf+BKiV/jt60DhG2rvKEo=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20220726154943-99847deb62b0 h1:tihCUjLWkF0b1SAjAKcFltUs3SpsqGrLtI+Frye0D10=
Expand Down Expand Up @@ -1618,8 +1618,8 @@ go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY=
go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY=
go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
Expand Down
13 changes: 10 additions & 3 deletions integration/testdata/yarn.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -21,42 +21,49 @@
"Type": "yarn",
"Packages": [
{
"ID": "asap@2.0.6",
"Name": "asap",
"Version": "2.0.6",
"Layer": {},
"Locations": [
{
"StartLine": 5,
"EndLine": 5
"EndLine": 8
}
]
},
{
"ID": "jquery@3.2.1",
"Name": "jquery",
"Version": "3.2.1",
"Layer": {},
"Locations": [
{
"StartLine": 10,
"EndLine": 10
"EndLine": 13
}
]
},
{
"ID": "promise@8.0.3",
"Name": "promise",
"Version": "8.0.3",
"DependsOn": [
"asap@2.0.6"
],
"Layer": {},
"Locations": [
{
"StartLine": 15,
"EndLine": 15
"EndLine": 20
}
]
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2019-11358",
"PkgId": "jquery@3.2.1",
"PkgName": "jquery",
"InstalledVersion": "3.2.1",
"FixedVersion": "3.4.0",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
asap@~2.0.6:
asap@unsupported:~2.0.6:
version "2.0.6"
12 changes: 9 additions & 3 deletions pkg/fanal/analyzer/language/nodejs/yarn/yarn_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,34 +29,40 @@ func Test_yarnLibraryAnalyzer_Analyze(t *testing.T) {
FilePath: "testdata/happy_yarn.lock",
Libraries: []types.Package{
{
ID: "asap@2.0.6",
Name: "asap",
Version: "2.0.6",
Locations: []types.Location{
{
StartLine: 5,
EndLine: 5,
EndLine: 8,
},
},
},
{
ID: "jquery@3.4.1",
Name: "jquery",
Version: "3.4.1",
Locations: []types.Location{
{
StartLine: 10,
EndLine: 10,
EndLine: 13,
},
},
},
{
ID: "promise@8.0.3",
Name: "promise",
Version: "8.0.3",
Locations: []types.Location{
{
StartLine: 15,
EndLine: 15,
EndLine: 20,
},
},
DependsOn: []string{
"asap@2.0.6",
},
},
},
},
Expand Down

0 comments on commit 025e509

Please sign in to comment.