diff --git a/package-lock.json b/package-lock.json index ceddfbc8bb1..2432f7e44a9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -68,7 +68,7 @@ "semver": "^6.0.0", "snyk-config": "^5.0.0", "snyk-cpp-plugin": "2.24.0", - "snyk-docker-plugin": "6.10.4", + "snyk-docker-plugin": "github:snyk/snyk-docker-plugin#feat/npm-scan-without-lockfiles", "snyk-go-plugin": "1.23.0", "snyk-gradle-plugin": "4.1.0", "snyk-module": "3.1.0", @@ -20597,9 +20597,8 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-docker-plugin": { - "version": "6.10.4", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-6.10.4.tgz", - "integrity": "sha512-KYQKKa2dh2owS//PkQ7phLRNMOha2S1k4tO1hs918kBgASYFl+Wy/OuBMmq84rddB6abIv+KsH8MEndcoaFRJg==", + "resolved": "git+ssh://git@github.com/snyk/snyk-docker-plugin.git#7838430d88197eb2bf3f87f71e1241346cc3e2ee", + "license": "Apache-2.0", "dependencies": { "@snyk/composer-lockfile-parser": "^1.4.1", "@snyk/dep-graph": "^2.8.1", @@ -20617,7 +20616,7 @@ "gunzip-maybe": "^1.4.2", "mkdirp": "^1.0.4", "packageurl-js": "1.2.0", - "semver": "^7.5.4", + "semver": "^7.6.0", "shescape": "^1.7.4", "snyk-nodejs-lockfile-parser": "^1.52.11", "snyk-poetry-lockfile-parser": "^1.4.0", @@ -20631,17 +20630,6 @@ "node": ">=12" } }, - "node_modules/snyk-docker-plugin/node_modules/lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=10" - } - }, "node_modules/snyk-docker-plugin/node_modules/mkdirp": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", @@ -20668,12 +20656,9 @@ } }, "node_modules/snyk-docker-plugin/node_modules/semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", - "dependencies": { - "lru-cache": "^6.0.0" - }, + "version": "7.6.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", "bin": { "semver": "bin/semver.js" }, @@ -20717,11 +20702,6 @@ "node": ">= 8" } }, - "node_modules/snyk-docker-plugin/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, "node_modules/snyk-go-parser": { "version": "1.13.0", "resolved": "https://registry.npmjs.org/snyk-go-parser/-/snyk-go-parser-1.13.0.tgz", @@ -40049,9 +40029,8 @@ } }, "snyk-docker-plugin": { - "version": "6.10.4", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-6.10.4.tgz", - "integrity": "sha512-KYQKKa2dh2owS//PkQ7phLRNMOha2S1k4tO1hs918kBgASYFl+Wy/OuBMmq84rddB6abIv+KsH8MEndcoaFRJg==", + "version": "git+ssh://git@github.com/snyk/snyk-docker-plugin.git#7838430d88197eb2bf3f87f71e1241346cc3e2ee", + "from": "snyk-docker-plugin@github:snyk/snyk-docker-plugin#feat/npm-scan-without-lockfiles", "requires": { "@snyk/composer-lockfile-parser": "^1.4.1", "@snyk/dep-graph": "^2.8.1", @@ -40069,7 +40048,7 @@ "gunzip-maybe": "^1.4.2", "mkdirp": "^1.0.4", "packageurl-js": "1.2.0", - "semver": "^7.5.4", + "semver": "^7.6.0", "shescape": "^1.7.4", "snyk-nodejs-lockfile-parser": "^1.52.11", "snyk-poetry-lockfile-parser": "^1.4.0", @@ -40080,14 +40059,6 @@ "varint": "^6.0.0" }, "dependencies": { - "lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "requires": { - "yallist": "^4.0.0" - } - }, "mkdirp": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", @@ -40102,12 +40073,9 @@ } }, "semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", - "requires": { - "lru-cache": "^6.0.0" - } + "version": "7.6.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==" }, "shescape": { "version": "1.7.4", @@ -40132,11 +40100,6 @@ "requires": { "isexe": "^2.0.0" } - }, - "yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" } } }, diff --git a/package.json b/package.json index cbfb6e7153c..5ddbd652ed9 100644 --- a/package.json +++ b/package.json @@ -116,7 +116,7 @@ "semver": "^6.0.0", "snyk-config": "^5.0.0", "snyk-cpp-plugin": "2.24.0", - "snyk-docker-plugin": "6.10.4", + "snyk-docker-plugin": "github:snyk/snyk-docker-plugin#feat/npm-scan-without-lockfiles", "snyk-go-plugin": "1.23.0", "snyk-gradle-plugin": "4.1.0", "snyk-module": "3.1.0", diff --git a/test/fixtures/container-projects/npm7-with-package-lock-file.tar b/test/fixtures/container-projects/npm7-with-package-lock-file.tar new file mode 100644 index 00000000000..fd1e3c55da7 Binary files /dev/null and b/test/fixtures/container-projects/npm7-with-package-lock-file.tar differ diff --git a/test/fixtures/container-projects/npm7-without-package-and-lock-file.tar b/test/fixtures/container-projects/npm7-without-package-and-lock-file.tar new file mode 100644 index 00000000000..7b69c6848b3 Binary files /dev/null and b/test/fixtures/container-projects/npm7-without-package-and-lock-file.tar differ diff --git a/test/fixtures/container-projects/npm7-without-package-lock-file.tar b/test/fixtures/container-projects/npm7-without-package-lock-file.tar new file mode 100644 index 00000000000..2ad3136b205 Binary files /dev/null and b/test/fixtures/container-projects/npm7-without-package-lock-file.tar differ diff --git a/test/jest/acceptance/snyk-container/container.spec.ts b/test/jest/acceptance/snyk-container/container.spec.ts index 19122973fd5..dc65ccef3de 100644 --- a/test/jest/acceptance/snyk-container/container.spec.ts +++ b/test/jest/acceptance/snyk-container/container.spec.ts @@ -112,6 +112,42 @@ describe('snyk container', () => { await expect(cli).toDisplay(`yum @ 4.9.0`, { timeout: 60 * 1000 }); }); + it('npm depGraph is generated in an npm image with lockfiles', async () => { + const { code, stdout, stderr } = await runSnykCLIWithDebug( + `container test docker-archive:test/fixtures/container-projects/npm7-with-package-lock-file.tar --print-deps`, + ); + + assertCliExitCode(code, 1, stderr); + expect(stdout).toContain('Package manager: npm'); + }); + + it('npm depGraph is generated in an npm image without package-lock.json file', async () => { + const { code, stdout, stderr } = await runSnykCLIWithDebug( + `container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --print-deps`, + ); + + assertCliExitCode(code, 1, stderr); + expect(stdout).toContain('Package manager: npm'); + }); + + it('npm depGraph is generated in an npm image without package-lock.json and package.json file', async () => { + const { code, stdout, stderr } = await runSnykCLIWithDebug( + `container test docker-archive:test/fixtures/container-projects/npm7-without-package-and-lock-file.tar --print-deps`, + ); + + assertCliExitCode(code, 1, stderr); + expect(stdout).toContain('Package manager: npm'); + }); + + it('npm depGraph is generated in an npm image with lockfiles image', async () => { + const { code, stdout, stderr } = await runSnykCLIWithDebug( + `container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --print-deps`, + ); + + assertCliExitCode(code, 1, stderr); + expect(stdout).toContain('Package manager: npm'); + }); + it('finds dependencies in oci image (library/ubuntu)', async () => { cli = await startSnykCLI( 'container test library/ubuntu@sha256:7a57c69fe1e9d5b97c5fe649849e79f2cfc3bf11d10bbd5218b4eb61716aebe6 --print-deps', diff --git a/test/jest/acceptance/snyk-test/app-vuln-container-project.spec.ts b/test/jest/acceptance/snyk-test/app-vuln-container-project.spec.ts index c56e846f218..9c0efb24191 100644 --- a/test/jest/acceptance/snyk-test/app-vuln-container-project.spec.ts +++ b/test/jest/acceptance/snyk-test/app-vuln-container-project.spec.ts @@ -44,12 +44,29 @@ describe('container test projects behavior with --app-vulns, --file and --exclud ); const jsonOutput = JSON.parse(stdout); expect(Array.isArray(jsonOutput)).toBeFalsy(); - expect(jsonOutput.applications).toBeUndefined(); expect(jsonOutput.ok).toEqual(false); expect(jsonOutput.uniqueCount).toBeGreaterThan(0); expect(code).toEqual(1); }, 30000); + it('should find vulns on an npm project application image without package-lock.json file', async () => { + const { code, stdout } = await runSnykCLI( + `container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --json --app-vulns`, + ); + const jsonOutput = JSON.parse(stdout); + expect(Array.isArray(jsonOutput)).toBeFalsy(); + expect(jsonOutput.uniqueCount).toBeGreaterThan(0); + expect(code).toEqual(1); + }, 60000); + + it('should find vulns on an npm project application image without package.json and package-lock.json file', async () => { + const { code, stdout } = await runSnykCLI( + `container test docker-archive:test/fixtures/container-projects/npm7-without-package-and-lock-file.tar --print-deps --app-vulns`, + ); + expect(code).toEqual(1); + expect(stdout).toContain('Package manager: npm'); + }, 60000); + it('should show app vulns tip when available', async () => { const { stdout } = await runSnykCLI( `container test docker-archive:test/fixtures/container-projects/os-packages-and-app-vulns.tar`,