fix: conditional node module scan if the option is set in the parameters

snyk · Apr 12, 2024 · 32a626a · 32a626a
1 parent b8deaa3
commit 32a626a
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 6 deletions.
diff --git a/lib/analyzer/applications/node-modules-utils.ts b/lib/analyzer/applications/node-modules-utils.ts
@@ -1,7 +1,7 @@
+import * as Debug from "debug";
 import * as fs from "fs";
 import * as path from "path";
 import * as tmp from "tmp";
-import * as Debug from "debug";
 import { FilePathToContent, FilesByDir } from "./types";
 const debug = Debug("snyk");
 
@@ -64,7 +64,9 @@ async function createFile(filePath, fileContent) {
     // Write content to the file
     await fs.writeFileSync(filePath, JSON.stringify(fileContentJson), "utf-8");
   } catch (error) {
-    debug(`An error occurred while analysing creating node_modules dir: ${error.message}`);
+    debug(
+      `An error occurred while analysing creating node_modules dir: ${error.message}`,
+    );
   }
 }
 

diff --git a/lib/analyzer/applications/node.ts b/lib/analyzer/applications/node.ts
@@ -1,9 +1,9 @@
 import { legacy } from "@snyk/dep-graph";
+import * as Debug from "debug";
 import * as path from "path";
 import * as lockFileParser from "snyk-nodejs-lockfile-parser";
 import * as resolveDeps from "snyk-resolve-deps";
 import { DepGraphFact, TestedFilesFact } from "../../facts";
-import * as Debug from "debug";
 
 const debug = Debug("snyk");
 
@@ -26,6 +26,7 @@ interface ManifestLockPathPair {
 
 export async function nodeFilesToScannedProjects(
   filePathToContent: FilePathToContent,
+  scanNodeModules: boolean = false,
 ): Promise<AppDepsScanResultWithoutTarget[]> {
   /**
    * TODO: Add support for Yarn workspaces!
@@ -42,7 +43,7 @@ export async function nodeFilesToScannedProjects(
     fileNamesGroupedByDirectory,
   );
 
-  if (manifestFilePairs.length === 0) {
+  if (manifestFilePairs.length === 0 && scanNodeModules) {
     return depGraphFromNodeModules(
       filePathToContent,
       fileNamesGroupedByDirectory,
@@ -87,7 +88,9 @@ async function depGraphFromNodeModules(
       },
     });
   } catch (error) {
-    debug(`An error occurred while analysing creating node_modules dir: ${error.message}`);
+    debug(
+      `An error occurred while analysing creating node_modules dir: ${error.message}`,
+    );
   }
 
   await cleanupAppNodeModules(appRootPath);

diff --git a/lib/analyzer/static-analyzer.ts b/lib/analyzer/static-analyzer.ts
@@ -103,7 +103,7 @@ export async function analyze(
   }
 
   const appScan = !isTrue(options["exclude-app-vulns"]);
-
+  const scanNodeModules = isTrue(options["scan-node-modules"]) || false;
   if (appScan) {
     staticAnalysisActions.push(
       ...[
@@ -193,6 +193,7 @@ export async function analyze(
   if (appScan) {
     const nodeDependenciesScanResults = await nodeFilesToScannedProjects(
       getFileContent(extractedLayers, getNodeAppFileContentAction.actionName),
+      scanNodeModules,
     );
     const phpDependenciesScanResults = await phpFilesToScannedProjects(
       getFileContent(extractedLayers, getPhpAppFileContentAction.actionName),

diff --git a/lib/types.ts b/lib/types.ts
@@ -214,6 +214,7 @@ export interface PluginOptions {
    */
   "nested-jars-depth": boolean | string;
   "shaded-jars-depth": boolean | string;
+  "scan-node-modules": boolean | string;
 
   /** The default is "false". */
   "exclude-base-image-vulns": boolean | string;