Merge pull request #138 from snyk/fix/remove-reachability

fix: remove reachability
snyk · Oct 6, 2022 · b5d1b31 · b5d1b31
2 parents 41d2614 + 0b968bb
commit b5d1b31
Show file tree

Hide file tree

Showing 10 changed files with 1 addition and 250 deletions.
diff --git a/lib/index.ts b/lib/index.ts
@@ -1,5 +1,4 @@
 import { legacyPlugin } from '@snyk/cli-interface';
-import * as javaCallGraphBuilder from '@snyk/java-call-graph-builder';
 import * as os from 'os';
 import * as fs from 'fs';
 import * as path from 'path';
@@ -13,7 +12,6 @@ import {
   isArchive,
 } from './archive';
 import { formatGenericPluginError } from './error-format';
-import { CallGraph, CallGraphResult } from '@snyk/cli-interface/legacy/common';
 import debugModule = require('debug');
 import { parse } from './parse';
 
@@ -35,8 +33,6 @@ export function debug(...messages: string[]) {
 
 export interface MavenOptions extends legacyPlugin.BaseInspectOptions {
   scanAllUnmanaged?: boolean;
-  reachableVulns?: boolean;
-  callGraphBuilderTimeout?: number;
   allProjects?: boolean;
   mavenAggregateProject?: boolean;
 }
@@ -183,25 +179,6 @@ export async function inspect(
       parseResult = parseTree(result, options.dev);
     }
     const { javaVersion, mavenVersion } = parseVersions(versionResult);
-    let callGraph: CallGraphResult | undefined;
-    let maybeCallGraphMetrics = {};
-    if (options.reachableVulns) {
-      // NOTE[muscar] We get the timeout in seconds, and the call graph builder
-      // wants it in milliseconds
-      const timeout = options?.callGraphBuilderTimeout
-        ? options?.callGraphBuilderTimeout * 1000
-        : undefined;
-
-      callGraph = await getCallGraph(
-        targetPath,
-        timeout, // expects ms
-        options.args,
-      );
-      maybeCallGraphMetrics = {
-        callGraphMetrics: javaCallGraphBuilder.runtimeMetrics(),
-        callGraphBuilderTimeoutSeconds: options?.callGraphBuilderTimeout,
-      };
-    }
     return {
       plugin: {
         name: 'bundled:maven',
@@ -213,11 +190,9 @@ export async function inspect(
               javaVersion,
             },
           },
-          ...maybeCallGraphMetrics,
         },
       },
       ...parseResult,
-      callGraph,
     };
   } catch (err) {
     if (result) debug(`>>> Output from mvn: ${result}`);
@@ -272,27 +247,3 @@ export function buildArgs(
 
   return args;
 }
-
-async function getCallGraph(
-  targetPath: string,
-  timeout?: number,
-  customMavenArgs?: string[],
-): Promise<CallGraphResult> {
-  debug(`getting call graph from path ${targetPath}`);
-  try {
-    const callGraph: CallGraph = await javaCallGraphBuilder.getCallGraphMvn(
-      path.dirname(targetPath),
-      timeout,
-      customMavenArgs,
-    );
-    debug('got call graph successfully');
-    return callGraph;
-  } catch (err) {
-    debug('call graph error: ' + err);
-    const e = err as { message: string; innerError: Error };
-    return {
-      message: e.message,
-      innerError: e.innerError || e,
-    };
-  }
-}
diff --git a/package.json b/package.json
@@ -45,7 +45,6 @@
   "dependencies": {
     "@snyk/cli-interface": "2.11.3",
     "@snyk/dep-graph": "^1.23.1",
-    "@snyk/java-call-graph-builder": "1.23.6",
     "debug": "^4.1.1",
     "glob": "^7.1.6",
     "needle": "^2.5.0",

diff --git a/tests/fixtures/call-graphs/simple.json b/tests/fixtures/call-graphs/simple.json
diff --git a/tests/fixtures/jar-wrong-package-name/expected.json b/tests/fixtures/jar-wrong-package-name/expected.json
@@ -17,6 +17,5 @@
   "plugin": {
     "name": "bundled:maven",
     "runtime": "unknown"
-  },
-  "callGraph": null
+  }
 }
diff --git a/tests/fixtures/maven-with-mvnw/expected.json b/tests/fixtures/maven-with-mvnw/expected.json
@@ -1,6 +1,5 @@
 {
   "plugin": { "name": "bundled:maven", "runtime": "unknown" },
-  "callGraph": null,
   "package": {
     "name": "io.snyk.example:test-project",
     "version": "1.0-SNAPSHOT",

diff --git a/tests/fixtures/path with spaces/expected.json b/tests/fixtures/path with spaces/expected.json
@@ -1,6 +1,5 @@
 {
   "plugin": { "name": "bundled:maven", "runtime": "unknown" },
-  "callGraph": null,
   "package": {
     "name": "io.snyk.example:test-project",
     "version": "1.0-SNAPSHOT",

diff --git a/tests/fixtures/test-project/expected-with-call-graph.json b/tests/fixtures/test-project/expected-with-call-graph.json
@@ -1,11 +1,5 @@
 {
   "plugin": { "name": "bundled:maven", "runtime": "unknown" },
-  "callGraph": {
-    "options": {
-      "directed": true,
-      "multigraph": false,
-      "compound": false
-    },
     "nodes": [
       {
         "v": "com.ibm.wala.FakeRootClass:fakeRootMethod",

diff --git a/tests/fixtures/test-project/expected-with-dev.json b/tests/fixtures/test-project/expected-with-dev.json
@@ -1,6 +1,5 @@
 {
   "plugin": { "name": "bundled:maven", "runtime": "unknown" },
-  "callGraph": null,
   "package": {
     "name": "io.snyk.example:test-project",
     "version": "1.0-SNAPSHOT",

diff --git a/tests/fixtures/test-project/expected.json b/tests/fixtures/test-project/expected.json
@@ -1,6 +1,5 @@
 {
   "plugin": { "name": "bundled:maven", "runtime": "unknown" },
-  "callGraph": null,
   "package": {
     "name": "io.snyk.example:test-project",
     "version": "1.0-SNAPSHOT",

diff --git a/tests/system/plugin-reachable-vulns.test.ts b/tests/system/plugin-reachable-vulns.test.ts