fix: dedup dependencies, ignore docker variables

specfy · Jul 7, 2023 · 7819bd9 · 7819bd9
1 parent 7b3180b
commit 7819bd9
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 59 deletions.
diff --git a/src/analyser/__snapshots__/index.test.ts.snap b/src/analyser/__snapshots__/index.test.ts.snap
@@ -71,16 +71,6 @@ exports[`analyser > should register only component of the same tech 1`] = `
       "pg",
       "1.0.0",
     ],
-    [
-      "docker",
-      "postgres",
-      "15.1-alpine",
-    ],
-    [
-      "npm",
-      "pg",
-      "1.0.0",
-    ],
   ],
   "edges": [],
   "id": "6",
@@ -727,11 +717,6 @@ exports[`analyser > should run correctly 2`] = `
       "react",
       "4.17.0",
     ],
-    [
-      "npm",
-      "typescript",
-      "5.0.4",
-    ],
     [
       "npm",
       "vite",
@@ -767,46 +752,6 @@ exports[`analyser > should run correctly 2`] = `
       "typescript",
       "4.9.5",
     ],
-    [
-      "docker",
-      "postgres",
-      "14.5-alpine",
-    ],
-    [
-      "docker",
-      "redis",
-      "7.0.4-alpine",
-    ],
-    [
-      "docker",
-      "unknown",
-      "7.17.5",
-    ],
-    [
-      "npm",
-      "@typescript-eslint/eslint-plugin",
-      "5.57.1",
-    ],
-    [
-      "npm",
-      "@typescript-eslint/parser",
-      "5.57.1",
-    ],
-    [
-      "npm",
-      "eslint",
-      "8.39.0",
-    ],
-    [
-      "npm",
-      "prettier",
-      "2.8.7",
-    ],
-    [
-      "npm",
-      "typescript",
-      "4.9.5",
-    ],
   ],
   "edges": [],
   "id": "20",

diff --git a/src/payload/index.ts b/src/payload/index.ts
@@ -7,7 +7,7 @@ import type { BaseProvider } from '../provider/base.js';
 import { IGNORED_DIVE_PATHS } from '../provider/base.js';
 import { rulesComponents, rulesTechs } from '../rules.js';
 import { cleanPath } from '../tests/helpers.js';
-import type { Analyser, AnalyserJson } from '../types/index.js';
+import type { Analyser, AnalyserJson, Dependency } from '../types/index.js';
 import type { AllowedKeys } from '../types/techs.js';
 
 import '../rules/index.js';
@@ -240,8 +240,10 @@ export class Payload implements Analyser {
     this.path = [...new Set([...this.path, ...pl.path])];
 
     // Merge dependencies
-    // TODO: dedup
-    this.dependencies = [...this.dependencies, ...pl.dependencies];
+    const dedup = new Map<string, Dependency>();
+    this.dependencies.forEach((dep) => dedup.set(dep.join('_'), dep));
+    pl.dependencies.forEach((dep) => dedup.set(dep.join('_'), dep));
+    this.dependencies = Array.from(dedup.values());
 
     for (const [lang, count] of Object.entries(pl.languages)) {
       this.addLang(lang, count);

diff --git a/src/provider/base.ts b/src/provider/base.ts
@@ -21,6 +21,7 @@ export const IGNORED_DIVE_PATHS = [
   'terraform.tfstate.d',
   'migrations',
   'tests',
+  'e2e',
   '__fixtures__',
   '__snapshots__',
   'tmp',
@@ -47,6 +48,8 @@ export const IGNORED_DIVE_PATHS = [
   '.npm',
   '.nuxt',
   '.react-email',
+  '.release',
+  '.semgrep',
   '.serverless',
   '.svn',
   '.terraform',

diff --git a/src/rules/spec/docker/component.ts b/src/rules/spec/docker/component.ts
@@ -43,6 +43,9 @@ export const detectDockerComponent: ComponentMatcher = async (
       // It's better to have few false positive, than a lot of missing components
       const matched = [...detect([service.image], 'docker')];
       const [imageName, imageVersion] = service.image.split(':');
+      if (imageName.startsWith('$')) {
+        continue;
+      }
 
       pl.addChild(
         new Payload({

diff --git a/src/rules/spec/docker/dependencies.test.ts b/src/rules/spec/docker/dependencies.test.ts
@@ -78,4 +78,24 @@ describe('docker', () => {
       Array.from(flatten(res, { merge: true }).techs).sort()
     ).toStrictEqual([]);
   });
+
+  it('should not extract variables', async () => {
+    const res = await analyser({
+      provider: new FakeProvider({
+        paths: {
+          '/': ['docker-compose.yml'],
+        },
+        files: {
+          '/docker-compose.yml': `version: '3'
+services:
+  boots:
+    image: $BOOTS_IMAGE`,
+        },
+      }),
+    });
+
+    expect(
+      Array.from(flatten(res, { merge: true }).dependencies).sort()
+    ).toStrictEqual([]);
+  });
 });
diff --git a/src/types/index.ts b/src/types/index.ts
@@ -10,6 +10,8 @@ export interface GraphEdge {
   write: boolean;
 }
 
+export type Dependency = [SupportedDeps, string, string];
+
 export interface Analyser {
   /**
    * Unique random id for this payload
@@ -67,7 +69,7 @@ export interface Analyser {
   /**
    * List all dependencies wether or not they matched a rule.
    */
-  dependencies: Array<[SupportedDeps, string, string]>;
+  dependencies: Dependency[];
 }
 
 export type AnalyserJson = Modify<