Merge pull request #47 from SocketDev/python-cli

Python CLI support

Author: 101arrowz

lib/commands/report/create.js

@@ -181,7 +181,17 @@ async function setupCommand (name, description, argv, importMeta) {
       }
     })
 
-  const packagePaths = await getPackageFiles(cwd, cli.input, config, debugLog)
+  // TODO: setupSdk(getDefaultKey() || FREE_API_KEY)
+  const socketSdk = await setupSdk()
+  const supportedFiles = await socketSdk.getReportSupportedFiles()
+    .then(res => {
+      if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, ora())
+      return res.data
+    }).catch(cause => {
+      throw new ErrorWithCause('Failed getting supported files for report', { cause })
+    })
+
+  const packagePaths = await getPackageFiles(cwd, cli.input, config, supportedFiles, debugLog)
 
   return {
     config,

lib/utils/api-helpers.js

@@ -8,7 +8,7 @@ import { AuthError } from './errors.js'
  * @param {T} _name
  * @param {import('@socketsecurity/sdk').SocketSdkErrorType<T>} result
  * @param {import('ora').Ora} spinner
- * @returns {void}
+ * @returns {never}
  */
 export function handleUnsuccessfulApiResponse (_name, result, spinner) {
   const resultError = 'error' in result && result.error && typeof result.error === 'object' ? result.error : {}

lib/utils/path-resolve.js

@@ -5,57 +5,55 @@ import { globby } from 'globby'
 import ignore from 'ignore'
 // @ts-ignore This package provides no types
 import { directories } from 'ignore-by-default'
+import micromatch from 'micromatch'
 import { ErrorWithCause } from 'pony-cause'
 
 import { InputError } from './errors.js'
 import { isErrnoException } from './type-helpers.js'
 
-/** @type {readonly string[]} */
-const SUPPORTED_LOCKFILES = [
-  'package-lock.json',
-  'yarn.lock',
-]
-
 /**
  * There are a lot of possible folders that we should not be looking in and "ignore-by-default" helps us with defining those
  *
  * @type {readonly string[]}
  */
 const ignoreByDefault = directories()
 
-/** @type {readonly string[]} */
-const GLOB_IGNORE = [
-  ...ignoreByDefault.map(item => '**/' + item)
-]
+/** @type {import('globby').Options} */
+const BASE_GLOBBY_OPTS = {
+  absolute: true,
+  expandDirectories: false,
+  gitignore: true,
+  ignore: [
+    ...ignoreByDefault.map(item => '**/' + item)
+  ],
+  markDirectories: true,
+  unique: true,
+}
 
 /**
  * Resolves package.json and lockfiles from (globbed) input paths, applying relevant ignores
  *
  * @param {string} cwd The working directory to use when resolving paths
  * @param {string[]} inputPaths A list of paths to folders, package.json files and/or recognized lockfiles. Supports globs.
  * @param {import('@socketsecurity/config').SocketYml|undefined} config
+ * @param {import('@socketsecurity/sdk').SocketSdkReturnType<"getReportSupportedFiles">['data']} supportedFiles
  * @param {typeof console.error} debugLog
  * @returns {Promise<string[]>}
  * @throws {InputError}
  */
-export async function getPackageFiles (cwd, inputPaths, config, debugLog) {
+export async function getPackageFiles (cwd, inputPaths, config, supportedFiles, debugLog) {
   debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths)
 
   // TODO: Does not support `~/` paths
   const entries = await globby(inputPaths, {
-    absolute: true,
+    ...BASE_GLOBBY_OPTS,
     cwd,
-    expandDirectories: false,
-    gitignore: true,
-    ignore: [...GLOB_IGNORE],
-    markDirectories: true,
-    onlyFiles: false,
-    unique: true,
+    onlyFiles: false
   })
 
   debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries)
 
-  const packageFiles = await mapGlobResultToFiles(entries)
+  const packageFiles = await mapGlobResultToFiles(entries, supportedFiles)
 
   debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles)
 
@@ -73,11 +71,14 @@ export async function getPackageFiles (cwd, inputPaths, config, debugLog) {
  * Takes paths to folders, package.json and/or recognized lock files and resolves them to package.json + lockfile pairs (where possible)
  *
  * @param {string[]} entries
+ * @param {import('@socketsecurity/sdk').SocketSdkReturnType<"getReportSupportedFiles">['data']} supportedFiles
  * @returns {Promise<string[]>}
  * @throws {InputError}
  */
-export async function mapGlobResultToFiles (entries) {
-  const packageFiles = await Promise.all(entries.map(mapGlobEntryToFiles))
+export async function mapGlobResultToFiles (entries, supportedFiles) {
+  const packageFiles = await Promise.all(
+    entries.map(entry => mapGlobEntryToFiles(entry, supportedFiles))
+  )
 
   const uniquePackageFiles = [...new Set(packageFiles.flat())]
 
@@ -88,46 +89,58 @@ export async function mapGlobResultToFiles (entries) {
  * Takes a single path to a folder, package.json or a recognized lock file and resolves to a package.json + lockfile pair (where possible)
  *
  * @param {string} entry
+ * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getReportSupportedFiles'>['data']} supportedFiles
  * @returns {Promise<string[]>}
  * @throws {InputError}
  */
-export async function mapGlobEntryToFiles (entry) {
+export async function mapGlobEntryToFiles (entry, supportedFiles) {
   /** @type {string|undefined} */
-  let pkgFile
-  /** @type {string|undefined} */
-  let lockFile
-
+  let pkgJSFile
+  /** @type {string[]} */
+  let jsLockFiles = []
+  /** @type {string[]} */
+  let pyFiles = []
+
+  const jsSupported = supportedFiles['npm'] || {}
+  const jsLockFilePatterns = Object.keys(jsSupported)
+    .filter(key => key !== 'packagejson')
+    .map(key => /** @type {{ pattern: string }} */ (jsSupported[key]).pattern)
+
+  const pyFilePatterns = Object.values(supportedFiles['pypi'] || {}).map(p => p.pattern)
   if (entry.endsWith('/')) {
     // If the match is a folder and that folder contains a package.json file, then include it
     const filePath = path.resolve(entry, 'package.json')
-    pkgFile = await fileExists(filePath) ? filePath : undefined
-  } else if (path.basename(entry) === 'package.json') {
-    // If the match is a package.json file, then include it
-    pkgFile = entry
-  } else if (SUPPORTED_LOCKFILES.includes(path.basename(entry))) {
-    // If the match is a lock file, include both it and the corresponding package.json file
-    lockFile = entry
-    pkgFile = path.resolve(path.dirname(entry), 'package.json')
+    if (await fileExists(filePath)) pkgJSFile = filePath
+    pyFiles = await globby(pyFilePatterns, {
+      ...BASE_GLOBBY_OPTS,
+      cwd: entry
+    })
+  } else {
+    const entryFile = path.basename(entry)
+
+    if (entryFile === 'package.json') {
+      // If the match is a package.json file, then include it
+      pkgJSFile = entry
+    } else if (micromatch.isMatch(entryFile, jsLockFilePatterns)) {
+      jsLockFiles = [entry]
+      pkgJSFile = path.resolve(path.dirname(entry), 'package.json')
+      if (!(await fileExists(pkgJSFile))) return []
+    } else if (micromatch.isMatch(entryFile, pyFilePatterns)) {
+      pyFiles = [entry]
+    }
   }
 
   // If we will include a package.json file but don't already have a corresponding lockfile, then look for one
-  if (!lockFile && pkgFile) {
-    const pkgDir = path.dirname(pkgFile)
-
-    for (const name of SUPPORTED_LOCKFILES) {
-      const lockFileAlternative = path.resolve(pkgDir, name)
-      if (await fileExists(lockFileAlternative)) {
-        lockFile = lockFileAlternative
-        break
-      }
-    }
-  }
+  if (!jsLockFiles.length && pkgJSFile) {
+    const pkgDir = path.dirname(pkgJSFile)
 
-  if (pkgFile && lockFile) {
-    return [pkgFile, lockFile]
+    jsLockFiles = await globby(jsLockFilePatterns, {
+      ...BASE_GLOBBY_OPTS,
+      cwd: pkgDir
+    })
   }
 
-  return pkgFile ? [pkgFile] : []
+  return [...jsLockFiles, ...pyFiles].concat(pkgJSFile ? [pkgJSFile] : [])
 }
 
 /**

package.json

@@ -47,6 +47,7 @@
     "@tsconfig/node14": "^1.0.3",
     "@types/chai": "^4.3.3",
     "@types/chai-as-promised": "^7.1.5",
+    "@types/micromatch": "^4.0.2",
     "@types/mocha": "^10.0.1",
     "@types/mock-fs": "^4.13.1",
     "@types/node": "^14.18.31",
@@ -84,7 +85,7 @@
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",
     "@socketsecurity/config": "^2.0.0",
-    "@socketsecurity/sdk": "^0.5.4",
+    "@socketsecurity/sdk": "^0.6.0",
     "chalk": "^5.1.2",
     "globby": "^13.1.3",
     "hpagent": "^1.2.0",
@@ -93,6 +94,7 @@
     "is-interactive": "^2.0.0",
     "is-unicode-supported": "^1.3.0",
     "meow": "^11.0.0",
+    "micromatch": "^4.0.5",
     "ora": "^6.1.2",
     "pony-cause": "^2.1.8",
     "prompts": "^2.4.2",