From 720946222b771dc641a5072bde0c31c165e991a5 Mon Sep 17 00:00:00 2001 From: "andrzej.janczak" Date: Mon, 31 Mar 2025 17:01:47 +0200 Subject: [PATCH 1/5] feat: Add trivy along with Add support for download-based tools and enhance installation logic --- .codacy/codacy.yaml | 1 + config/tools-installer.go | 154 ++++++++++++++++++++++-- config/tools-installer_test.go | 77 ++++++++++-- plugins/tool-utils.go | 206 ++++++++++++++++++++++++++------ plugins/tool-utils_test.go | 86 +++++++++++++ plugins/tools/trivy/plugin.yaml | 21 ++++ utils/extract.go | 9 +- 7 files changed, 497 insertions(+), 57 deletions(-) create mode 100644 plugins/tools/trivy/plugin.yaml diff --git a/.codacy/codacy.yaml b/.codacy/codacy.yaml index efc9a772..edbfe4a1 100644 --- a/.codacy/codacy.yaml +++ b/.codacy/codacy.yaml @@ -2,3 +2,4 @@ runtimes: - node@22.2.0 tools: - eslint@9.3.0 + - trivy@0.50.0 \ No newline at end of file diff --git a/config/tools-installer.go b/config/tools-installer.go index eb194168..5cba5c65 100644 --- a/config/tools-installer.go +++ b/config/tools-installer.go @@ -3,10 +3,13 @@ package config import ( "bytes" "codacy/cli-v2/plugins" + "codacy/cli-v2/utils" "fmt" + "io" "log" "os" "os/exec" + "path/filepath" "strings" "text/template" ) @@ -30,18 +33,26 @@ func InstallTool(name string, toolInfo *plugins.ToolInfo) error { return nil } - // Get the runtime for this tool - runtimeInfo, ok := Config.Runtimes()[toolInfo.Runtime] - if !ok { - return fmt.Errorf("required runtime %s not found for tool %s", toolInfo.Runtime, name) - } - // Make sure the installation directory exists err := os.MkdirAll(toolInfo.InstallDir, 0755) if err != nil { return fmt.Errorf("failed to create installation directory: %w", err) } + // Check if this is a download-based tool (like trivy) or a runtime-based tool (like eslint) + if toolInfo.DownloadURL != "" { + // This is a download-based tool + return installDownloadBasedTool(toolInfo) + } + + // This is a runtime-based tool, proceed with regular installation + + // Get the runtime for this tool + runtimeInfo, ok := Config.Runtimes()[toolInfo.Runtime] + if !ok { + return fmt.Errorf("required runtime %s not found for tool %s", toolInfo.Runtime, name) + } + // Prepare template data templateData := map[string]string{ "InstallDir": toolInfo.InstallDir, @@ -80,7 +91,7 @@ func InstallTool(name string, toolInfo *plugins.ToolInfo) error { // Execute the installation command using the package manager cmd := exec.Command(packageManagerBinary, strings.Split(installCmd, " ")...) - + log.Printf("Installing %s v%s...\n", toolInfo.Name, toolInfo.Version) output, err := cmd.CombinedOutput() if err != nil { @@ -91,6 +102,131 @@ func InstallTool(name string, toolInfo *plugins.ToolInfo) error { return nil } +// installDownloadBasedTool installs a tool by downloading and extracting it +func installDownloadBasedTool(toolInfo *plugins.ToolInfo) error { + // Create a file name for the downloaded archive + fileName := filepath.Base(toolInfo.DownloadURL) + downloadPath := filepath.Join(Config.ToolsDirectory(), fileName) + + // Check if the file already exists + _, err := os.Stat(downloadPath) + if os.IsNotExist(err) { + // Download the file + log.Printf("Downloading %s v%s...\n", toolInfo.Name, toolInfo.Version) + downloadPath, err = utils.DownloadFile(toolInfo.DownloadURL, Config.ToolsDirectory()) + if err != nil { + return fmt.Errorf("failed to download tool: %w", err) + } + } else if err != nil { + return fmt.Errorf("error checking for existing download: %w", err) + } else { + log.Printf("Using existing download for %s v%s\n", toolInfo.Name, toolInfo.Version) + } + + // Open the downloaded file + file, err := os.Open(downloadPath) + if err != nil { + return fmt.Errorf("failed to open downloaded file: %w", err) + } + defer file.Close() + + // Create a temporary extraction directory + tempExtractDir := filepath.Join(Config.ToolsDirectory(), fmt.Sprintf("%s-%s-temp", toolInfo.Name, toolInfo.Version)) + + // Clean up any previous extraction attempt + os.RemoveAll(tempExtractDir) + + // Create the temporary extraction directory + err = os.MkdirAll(tempExtractDir, 0755) + if err != nil { + return fmt.Errorf("failed to create temporary extraction directory: %w", err) + } + + // Extract to the temporary directory first + log.Printf("Extracting %s v%s...\n", toolInfo.Name, toolInfo.Version) + if strings.HasSuffix(fileName, ".zip") { + err = utils.ExtractZip(file.Name(), tempExtractDir) + } else { + err = utils.ExtractTarGz(file, tempExtractDir) + } + + if err != nil { + return fmt.Errorf("failed to extract tool: %w", err) + } + + // Create the final installation directory + err = os.MkdirAll(toolInfo.InstallDir, 0755) + if err != nil { + return fmt.Errorf("failed to create installation directory: %w", err) + } + + // Find and copy the tool binaries + for binName, binPath := range toolInfo.Binaries { + // Get the base name of the binary (without the path) + binBaseName := filepath.Base(binPath) + + // Try to find the binary in the extracted files + foundPath := "" + + // First check if it's at the expected location directly + expectedPath := filepath.Join(tempExtractDir, binBaseName) + if _, err := os.Stat(expectedPath); err == nil { + foundPath = expectedPath + } else { + // Look for the binary anywhere in the extracted directory + err := filepath.Walk(tempExtractDir, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if !info.IsDir() && filepath.Base(path) == binBaseName { + foundPath = path + return io.EOF // Stop the walk + } + return nil + }) + + // io.EOF is expected when we find the file and stop the walk + if err != nil && err != io.EOF { + return fmt.Errorf("error searching for %s binary: %w", binName, err) + } + } + + if foundPath == "" { + return fmt.Errorf("could not find %s binary in extracted files", binName) + } + + // Make sure the destination directory exists + err = os.MkdirAll(filepath.Dir(binPath), 0755) + if err != nil { + return fmt.Errorf("failed to create directory for binary: %w", err) + } + + // Copy the binary to the installation directory + input, err := os.Open(foundPath) + if err != nil { + return fmt.Errorf("failed to open %s binary: %w", binName, err) + } + defer input.Close() + + output, err := os.OpenFile(binPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755) + if err != nil { + return fmt.Errorf("failed to create destination file for %s: %w", binName, err) + } + defer output.Close() + + _, err = io.Copy(output, input) + if err != nil { + return fmt.Errorf("failed to copy %s binary: %w", binName, err) + } + } + + // Clean up the temporary directory + os.RemoveAll(tempExtractDir) + + log.Printf("Successfully installed %s v%s\n", toolInfo.Name, toolInfo.Version) + return nil +} + // isToolInstalled checks if a tool is already installed by checking for the binary func isToolInstalled(toolInfo *plugins.ToolInfo) bool { // If there are no binaries, check the install directory @@ -116,12 +252,12 @@ func executeToolTemplate(tmplStr string, data map[string]string) (string, error) if err != nil { return "", err } - + var buf bytes.Buffer err = tmpl.Execute(&buf, data) if err != nil { return "", err } - + return buf.String(), nil } diff --git a/config/tools-installer_test.go b/config/tools-installer_test.go index abd76060..f9eaf9fc 100644 --- a/config/tools-installer_test.go +++ b/config/tools-installer_test.go @@ -13,17 +13,17 @@ func TestAddTools(t *testing.T) { // Set up a temporary config for testing originalConfig := Config defer func() { Config = originalConfig }() // Restore original config after test - + tempDir, err := os.MkdirTemp("", "codacy-tools-test") assert.NoError(t, err) defer os.RemoveAll(tempDir) - + // Initialize config with test directories Config = ConfigType{ toolsDirectory: tempDir, tools: make(map[string]*plugins.ToolInfo), } - + // Create a list of tool configs for testing configs := []plugins.ToolConfig{ { @@ -31,22 +31,22 @@ func TestAddTools(t *testing.T) { Version: "8.38.0", }, } - + // Add tools to the config err = Config.AddTools(configs) assert.NoError(t, err) - + // Assert we have the expected tool in the config assert.Contains(t, Config.Tools(), "eslint") - + // Get the eslint tool info eslintInfo := Config.Tools()["eslint"] - + // Assert the basic tool info is correct assert.Equal(t, "eslint", eslintInfo.Name) assert.Equal(t, "8.38.0", eslintInfo.Version) assert.Equal(t, "node", eslintInfo.Runtime) - + // Assert the install directory is correct expectedInstallDir := filepath.Join(tempDir, "eslint@8.38.0") assert.Equal(t, expectedInstallDir, eslintInfo.InstallDir) @@ -67,7 +67,7 @@ func TestExecuteToolTemplate(t *testing.T) { // Test conditional registry template registryTemplateStr := "{{if .Registry}}config set registry {{.Registry}}{{end}}" - + // With registry dataWithRegistry := map[string]string{ "Registry": "https://registry.npmjs.org/", @@ -75,10 +75,65 @@ func TestExecuteToolTemplate(t *testing.T) { resultWithRegistry, err := executeToolTemplate(registryTemplateStr, dataWithRegistry) assert.NoError(t, err) assert.Equal(t, "config set registry https://registry.npmjs.org/", resultWithRegistry) - + // Without registry dataWithoutRegistry := map[string]string{} resultWithoutRegistry, err := executeToolTemplate(registryTemplateStr, dataWithoutRegistry) assert.NoError(t, err) assert.Equal(t, "", resultWithoutRegistry) -} \ No newline at end of file +} + +func TestAddDownloadBasedTool(t *testing.T) { + // Set up a temporary config for testing + originalConfig := Config + defer func() { Config = originalConfig }() // Restore original config after test + + tempDir, err := os.MkdirTemp("", "codacy-tools-test") + assert.NoError(t, err) + defer os.RemoveAll(tempDir) + + // Initialize config with test directories + Config = ConfigType{ + toolsDirectory: tempDir, + tools: make(map[string]*plugins.ToolInfo), + } + + // Create a list of tool configs for testing + configs := []plugins.ToolConfig{ + { + Name: "trivy", + Version: "0.37.3", + }, + } + + // Add tools to the config + err = Config.AddTools(configs) + assert.NoError(t, err) + + // Assert we have the expected tool in the config + assert.Contains(t, Config.Tools(), "trivy") + + // Get the trivy tool info + trivyInfo := Config.Tools()["trivy"] + + // Assert the basic tool info is correct + assert.Equal(t, "trivy", trivyInfo.Name) + assert.Equal(t, "0.37.3", trivyInfo.Version) + + // Make sure it has a download URL + assert.NotEmpty(t, trivyInfo.DownloadURL) + assert.Contains(t, trivyInfo.DownloadURL, "aquasecurity/trivy/releases/download") + assert.Contains(t, trivyInfo.DownloadURL, "0.37.3") + + // Assert the install directory is correct + expectedInstallDir := filepath.Join(tempDir, "trivy@0.37.3") + assert.Equal(t, expectedInstallDir, trivyInfo.InstallDir) + + // Assert binary paths are set + assert.NotEmpty(t, trivyInfo.Binaries) + assert.Contains(t, trivyInfo.Binaries, "trivy") + + // Assert the binary path is correct (should point to the extracted binary) + expectedBinaryPath := filepath.Join(expectedInstallDir, "trivy") + assert.Equal(t, expectedBinaryPath, trivyInfo.Binaries["trivy"]) +} diff --git a/plugins/tool-utils.go b/plugins/tool-utils.go index ab1009c7..10723319 100644 --- a/plugins/tool-utils.go +++ b/plugins/tool-utils.go @@ -1,10 +1,13 @@ package plugins import ( + "bytes" "embed" "fmt" "path" "path/filepath" + "runtime" + "text/template" "gopkg.in/yaml.v3" ) @@ -47,17 +50,33 @@ type RuntimeBinaries struct { Execution string `yaml:"execution"` } +// ExtensionConfig defines the file extension based on OS +type ExtensionConfig struct { + Windows string `yaml:"windows"` + Default string `yaml:"default"` +} + +// DownloadConfig holds the download configuration for directly downloading tools +type DownloadConfig struct { + URLTemplate string `yaml:"url_template"` + FileNameTemplate string `yaml:"file_name_template"` + Extension ExtensionConfig `yaml:"extension"` + ArchMapping map[string]string `yaml:"arch_mapping"` + OSMapping map[string]string `yaml:"os_mapping"` +} + // ToolPluginConfig holds the structure of the tool plugin.yaml file type ToolPluginConfig struct { - Name string `yaml:"name"` - Description string `yaml:"description"` - Runtime string `yaml:"runtime"` - RuntimeBinaries RuntimeBinaries `yaml:"runtime_binaries"` + Name string `yaml:"name"` + Description string `yaml:"description"` + Runtime string `yaml:"runtime"` + RuntimeBinaries RuntimeBinaries `yaml:"runtime_binaries"` Installation InstallationConfig `yaml:"installation"` - Binaries []ToolBinary `yaml:"binaries"` - Formatters []Formatter `yaml:"formatters"` - OutputOptions OutputOptions `yaml:"output_options"` - AnalysisOptions AnalysisOptions `yaml:"analysis_options"` + Download DownloadConfig `yaml:"download"` + Binaries []ToolBinary `yaml:"binaries"` + Formatters []Formatter `yaml:"formatters"` + OutputOptions OutputOptions `yaml:"output_options"` + AnalysisOptions AnalysisOptions `yaml:"analysis_options"` } // ToolConfig represents configuration for a tool @@ -69,57 +88,61 @@ type ToolConfig struct { // ToolInfo contains all processed information about a tool type ToolInfo struct { - Name string - Version string - Runtime string - InstallDir string - Binaries map[string]string // Map of binary name to full path - Formatters map[string]string // Map of formatter name to flag - OutputFlag string - AutofixFlag string - DefaultPath string + Name string + Version string + Runtime string + InstallDir string + Binaries map[string]string // Map of binary name to full path + Formatters map[string]string // Map of formatter name to flag + OutputFlag string + AutofixFlag string + DefaultPath string // Runtime binaries - PackageManager string + PackageManager string ExecutionBinary string // Installation info InstallCommand string RegistryCommand string + // Download info for binary tools + DownloadURL string + FileName string + Extension string } // ProcessTools processes a list of tool configurations and returns a map of tool information func ProcessTools(configs []ToolConfig, toolDir string) (map[string]*ToolInfo, error) { result := make(map[string]*ToolInfo) - + for _, config := range configs { // Load the tool plugin pluginPath := filepath.Join("tools", config.Name, "plugin.yaml") - + // Read from embedded filesystem data, err := toolsFS.ReadFile(pluginPath) if err != nil { return nil, fmt.Errorf("error reading plugin.yaml for %s: %w", config.Name, err) } - + var pluginConfig ToolPluginConfig err = yaml.Unmarshal(data, &pluginConfig) if err != nil { return nil, fmt.Errorf("error parsing plugin.yaml for %s: %w", config.Name, err) } - + // Create the install directory path installDir := path.Join(toolDir, fmt.Sprintf("%s@%s", config.Name, config.Version)) - + // Create ToolInfo with basic information info := &ToolInfo{ - Name: config.Name, - Version: config.Version, - Runtime: pluginConfig.Runtime, - InstallDir: installDir, - Binaries: make(map[string]string), - Formatters: make(map[string]string), - OutputFlag: pluginConfig.OutputOptions.FileFlag, - AutofixFlag: pluginConfig.AnalysisOptions.AutofixFlag, - DefaultPath: pluginConfig.AnalysisOptions.DefaultPath, + Name: config.Name, + Version: config.Version, + Runtime: pluginConfig.Runtime, + InstallDir: installDir, + Binaries: make(map[string]string), + Formatters: make(map[string]string), + OutputFlag: pluginConfig.OutputOptions.FileFlag, + AutofixFlag: pluginConfig.AnalysisOptions.AutofixFlag, + DefaultPath: pluginConfig.AnalysisOptions.DefaultPath, // Store runtime binary information PackageManager: pluginConfig.RuntimeBinaries.PackageManager, ExecutionBinary: pluginConfig.RuntimeBinaries.Execution, @@ -127,20 +150,131 @@ func ProcessTools(configs []ToolConfig, toolDir string) (map[string]*ToolInfo, e InstallCommand: pluginConfig.Installation.Command, RegistryCommand: pluginConfig.Installation.RegistryTemplate, } - + + // Handle download configuration for directly downloaded tools + if pluginConfig.Download.URLTemplate != "" { + // Get the mapped architecture + mappedArch := getMappedArch(pluginConfig.Download.ArchMapping, runtime.GOARCH) + + // Get the mapped OS + mappedOS := getMappedOS(pluginConfig.Download.OSMapping, runtime.GOOS) + + // Get the appropriate extension + extension := getExtension(pluginConfig.Download.Extension, runtime.GOOS) + info.Extension = extension + + // Get the filename using the template + fileName := getFileName(pluginConfig.Download.FileNameTemplate, config.Version, mappedArch, runtime.GOOS) + info.FileName = fileName + + // Get the download URL using the template + downloadURL := getDownloadURL(pluginConfig.Download.URLTemplate, fileName, config.Version, mappedArch, mappedOS, extension) + info.DownloadURL = downloadURL + } + // Process binary paths for _, binary := range pluginConfig.Binaries { binaryPath := path.Join(installDir, binary.Path) info.Binaries[binary.Name] = binaryPath } - + // Process formatters for _, formatter := range pluginConfig.Formatters { info.Formatters[formatter.Name] = formatter.Flag } - + result[config.Name] = info } - + return result, nil } + +// Helper functions for processing download configuration + +// getMappedArch returns the architecture mapping for the current system +func getMappedArch(archMapping map[string]string, goarch string) string { + // Check if there's a mapping for this architecture + if mappedArch, ok := archMapping[goarch]; ok { + return mappedArch + } + // Return the original architecture if no mapping exists + return goarch +} + +// getMappedOS returns the OS mapping for the current system +func getMappedOS(osMapping map[string]string, goos string) string { + // Check if there's a mapping for this OS + if mappedOS, ok := osMapping[goos]; ok { + return mappedOS + } + // Return the original OS if no mapping exists + return goos +} + +// getExtension returns the appropriate file extension based on the OS +func getExtension(extensionConfig ExtensionConfig, goos string) string { + if goos == "windows" { + return extensionConfig.Windows + } + return extensionConfig.Default +} + +// getFileName generates the filename based on the template +func getFileName(fileNameTemplate string, version string, mappedArch string, goos string) string { + // Prepare template data + data := struct { + Version string + OS string + Arch string + }{ + Version: version, + OS: goos, + Arch: mappedArch, + } + + // Execute template substitution for filename + tmpl, err := template.New("filename").Parse(fileNameTemplate) + if err != nil { + return "" + } + + var buf bytes.Buffer + err = tmpl.Execute(&buf, data) + if err != nil { + return "" + } + + return buf.String() +} + +// getDownloadURL generates the download URL based on the template +func getDownloadURL(urlTemplate string, fileName string, version string, mappedArch string, mappedOS string, extension string) string { + // Prepare template data + data := struct { + Version string + FileName string + OS string + Arch string + Extension string + }{ + Version: version, + FileName: fileName, + OS: mappedOS, + Arch: mappedArch, + Extension: extension, + } + + // Execute template substitution for URL + tmpl, err := template.New("url").Parse(urlTemplate) + if err != nil { + return "" + } + + var buf bytes.Buffer + err = tmpl.Execute(&buf, data) + if err != nil { + return "" + } + + return buf.String() +} diff --git a/plugins/tool-utils_test.go b/plugins/tool-utils_test.go index a6bd7661..915d8137 100644 --- a/plugins/tool-utils_test.go +++ b/plugins/tool-utils_test.go @@ -2,6 +2,7 @@ package plugins import ( "path/filepath" + "runtime" "testing" "github.com/stretchr/testify/assert" @@ -66,3 +67,88 @@ func TestProcessTools(t *testing.T) { assert.Equal(t, "install --prefix {{.InstallDir}} {{.PackageName}}@{{.Version}} @microsoft/eslint-formatter-sarif", eslintInfo.InstallCommand) assert.Equal(t, "{{if .Registry}}config set registry {{.Registry}}{{end}}", eslintInfo.RegistryCommand) } + +func TestProcessToolsWithDownload(t *testing.T) { + // Create a list of tool configs for testing + configs := []ToolConfig{ + { + Name: "trivy", + Version: "0.37.3", + }, + } + + // Define a test tool directory + toolDir := "/test/tools" + + // Process the tools + toolInfos, err := ProcessTools(configs, toolDir) + + // Assert no errors occurred + assert.NoError(t, err, "ProcessTools should not return an error") + + // Assert we have the expected tool in the results + assert.Contains(t, toolInfos, "trivy") + + // Get the trivy tool info + trivyInfo := toolInfos["trivy"] + + // Assert the basic tool info is correct + assert.Equal(t, "trivy", trivyInfo.Name) + assert.Equal(t, "0.37.3", trivyInfo.Version) + + // Assert the install directory is correct + expectedInstallDir := filepath.Join(toolDir, "trivy@0.37.3") + assert.Equal(t, expectedInstallDir, trivyInfo.InstallDir) + + // Assert download information is correctly set + assert.NotEmpty(t, trivyInfo.DownloadURL) + assert.NotEmpty(t, trivyInfo.FileName) + assert.NotEmpty(t, trivyInfo.Extension) + + // Assert the correct file extension based on OS + if runtime.GOOS == "windows" { + assert.Equal(t, "zip", trivyInfo.Extension) + } else { + assert.Equal(t, "tar.gz", trivyInfo.Extension) + } + + // Assert binary paths are correctly set + assert.NotNil(t, trivyInfo.Binaries) + assert.Greater(t, len(trivyInfo.Binaries), 0) + + // Check if trivy binary is present + trivyBinary := filepath.Join(expectedInstallDir, "trivy") + assert.Equal(t, trivyBinary, trivyInfo.Binaries["trivy"]) + + // Verify URL components + assert.Contains(t, trivyInfo.DownloadURL, "aquasecurity/trivy/releases/download") + assert.Contains(t, trivyInfo.DownloadURL, trivyInfo.Version) + + // Test OS mapping + var expectedOS string + if runtime.GOOS == "darwin" { + expectedOS = "macOS" + } else if runtime.GOOS == "linux" { + expectedOS = "Linux" + } else if runtime.GOOS == "windows" { + expectedOS = "Windows" + } else { + expectedOS = runtime.GOOS + } + assert.Contains(t, trivyInfo.DownloadURL, expectedOS) + + // Test architecture mapping + var expectedArch string + if runtime.GOARCH == "386" { + expectedArch = "32bit" + } else if runtime.GOARCH == "amd64" { + expectedArch = "64bit" + } else if runtime.GOARCH == "arm" { + expectedArch = "ARM" + } else if runtime.GOARCH == "arm64" { + expectedArch = "ARM64" + } else { + expectedArch = runtime.GOARCH + } + assert.Contains(t, trivyInfo.DownloadURL, expectedArch) +} diff --git a/plugins/tools/trivy/plugin.yaml b/plugins/tools/trivy/plugin.yaml new file mode 100644 index 00000000..d5e522d9 --- /dev/null +++ b/plugins/tools/trivy/plugin.yaml @@ -0,0 +1,21 @@ +name: trivy +description: Trivy vulnerability scanner +download: + url_template: "https://github.com/aquasecurity/trivy/releases/download/v{{.Version}}/trivy_{{.Version}}_{{.OS}}-{{.Arch}}.{{.Extension}}" + file_name_template: "trivy_{{.Version}}_{{.OS}}_{{.Arch}}" + extension: + windows: "zip" + default: "tar.gz" + arch_mapping: + "386": "32bit" + "amd64": "64bit" + "arm": "ARM" + "arm64": "ARM64" + os_mapping: + "darwin": "macOS" + "linux": "Linux" + "windows": "Windows" + +binaries: + - name: trivy + path: "trivy" diff --git a/utils/extract.go b/utils/extract.go index 0e077dd0..f4d43cf4 100644 --- a/utils/extract.go +++ b/utils/extract.go @@ -2,10 +2,11 @@ package utils import ( "context" - "github.com/mholt/archiver/v4" "io" "os" "path/filepath" + + "github.com/mholt/archiver/v4" ) func ExtractTarGz(archive *os.File, targetDir string) error { @@ -39,6 +40,12 @@ func ExtractTarGz(archive *os.File, targetDir string) error { return nil } + // Ensure parent directory exists + err := os.MkdirAll(filepath.Dir(path), 0777) + if err != nil { + return err + } + // write a file w, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, f.Mode()) if err != nil { From 0301fa91f09e23cec449f34bf2fdd65aae3e46a4 Mon Sep 17 00:00:00 2001 From: "andrzej.janczak" Date: Mon, 31 Mar 2025 17:14:46 +0200 Subject: [PATCH 2/5] refactor: Simplify tool installation logic by removing temporary extraction directory - Changed installation process to extract files directly to the installation directory. - Removed unnecessary creation and cleanup of a temporary extraction directory. - Added logic to ensure all binaries are executable after installation. - Updated error messages for clarity. --- config/tools-installer.go | 90 ++++----------------------------- plugins/tools/trivy/plugin.yaml | 7 +++ 2 files changed, 18 insertions(+), 79 deletions(-) diff --git a/config/tools-installer.go b/config/tools-installer.go index 5cba5c65..ab841453 100644 --- a/config/tools-installer.go +++ b/config/tools-installer.go @@ -5,7 +5,6 @@ import ( "codacy/cli-v2/plugins" "codacy/cli-v2/utils" "fmt" - "io" "log" "os" "os/exec" @@ -130,99 +129,32 @@ func installDownloadBasedTool(toolInfo *plugins.ToolInfo) error { } defer file.Close() - // Create a temporary extraction directory - tempExtractDir := filepath.Join(Config.ToolsDirectory(), fmt.Sprintf("%s-%s-temp", toolInfo.Name, toolInfo.Version)) - - // Clean up any previous extraction attempt - os.RemoveAll(tempExtractDir) - - // Create the temporary extraction directory - err = os.MkdirAll(tempExtractDir, 0755) + // Create the installation directory + err = os.MkdirAll(toolInfo.InstallDir, 0755) if err != nil { - return fmt.Errorf("failed to create temporary extraction directory: %w", err) + return fmt.Errorf("failed to create installation directory: %w", err) } - // Extract to the temporary directory first + // Extract directly to the installation directory log.Printf("Extracting %s v%s...\n", toolInfo.Name, toolInfo.Version) if strings.HasSuffix(fileName, ".zip") { - err = utils.ExtractZip(file.Name(), tempExtractDir) + err = utils.ExtractZip(file.Name(), toolInfo.InstallDir) } else { - err = utils.ExtractTarGz(file, tempExtractDir) + err = utils.ExtractTarGz(file, toolInfo.InstallDir) } if err != nil { return fmt.Errorf("failed to extract tool: %w", err) } - // Create the final installation directory - err = os.MkdirAll(toolInfo.InstallDir, 0755) - if err != nil { - return fmt.Errorf("failed to create installation directory: %w", err) - } - - // Find and copy the tool binaries - for binName, binPath := range toolInfo.Binaries { - // Get the base name of the binary (without the path) - binBaseName := filepath.Base(binPath) - - // Try to find the binary in the extracted files - foundPath := "" - - // First check if it's at the expected location directly - expectedPath := filepath.Join(tempExtractDir, binBaseName) - if _, err := os.Stat(expectedPath); err == nil { - foundPath = expectedPath - } else { - // Look for the binary anywhere in the extracted directory - err := filepath.Walk(tempExtractDir, func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if !info.IsDir() && filepath.Base(path) == binBaseName { - foundPath = path - return io.EOF // Stop the walk - } - return nil - }) - - // io.EOF is expected when we find the file and stop the walk - if err != nil && err != io.EOF { - return fmt.Errorf("error searching for %s binary: %w", binName, err) - } - } - - if foundPath == "" { - return fmt.Errorf("could not find %s binary in extracted files", binName) - } - - // Make sure the destination directory exists - err = os.MkdirAll(filepath.Dir(binPath), 0755) - if err != nil { - return fmt.Errorf("failed to create directory for binary: %w", err) - } - - // Copy the binary to the installation directory - input, err := os.Open(foundPath) - if err != nil { - return fmt.Errorf("failed to open %s binary: %w", binName, err) - } - defer input.Close() - - output, err := os.OpenFile(binPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755) - if err != nil { - return fmt.Errorf("failed to create destination file for %s: %w", binName, err) - } - defer output.Close() - - _, err = io.Copy(output, input) - if err != nil { - return fmt.Errorf("failed to copy %s binary: %w", binName, err) + // Make sure all binaries are executable + for _, binaryPath := range toolInfo.Binaries { + err = os.Chmod(filepath.Join(toolInfo.InstallDir, filepath.Base(binaryPath)), 0755) + if err != nil && !os.IsNotExist(err) { + return fmt.Errorf("failed to make binary executable: %w", err) } } - // Clean up the temporary directory - os.RemoveAll(tempExtractDir) - log.Printf("Successfully installed %s v%s\n", toolInfo.Name, toolInfo.Version) return nil } diff --git a/plugins/tools/trivy/plugin.yaml b/plugins/tools/trivy/plugin.yaml index d5e522d9..c913b022 100644 --- a/plugins/tools/trivy/plugin.yaml +++ b/plugins/tools/trivy/plugin.yaml @@ -19,3 +19,10 @@ download: binaries: - name: trivy path: "trivy" +formatters: + - name: sarif + flag: "--format sarif" +output_options: + file_flag: "-o" +analysis_options: + default_path: "." From 9604a07e1bba0bbb59becb6b394013e8d999b5b8 Mon Sep 17 00:00:00 2001 From: "andrzej.janczak" Date: Mon, 31 Mar 2025 17:15:59 +0200 Subject: [PATCH 3/5] chore: Remove unused formatters and output options from trivy plugin configuration --- plugins/tools/trivy/plugin.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/plugins/tools/trivy/plugin.yaml b/plugins/tools/trivy/plugin.yaml index c913b022..d5e522d9 100644 --- a/plugins/tools/trivy/plugin.yaml +++ b/plugins/tools/trivy/plugin.yaml @@ -19,10 +19,3 @@ download: binaries: - name: trivy path: "trivy" -formatters: - - name: sarif - flag: "--format sarif" -output_options: - file_flag: "-o" -analysis_options: - default_path: "." From c0193aea8cdd7deb31f3bfffe1529233ee64d27a Mon Sep 17 00:00:00 2001 From: Joao Machado <13315199+machadoit@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:15:11 +0200 Subject: [PATCH 4/5] feature: Add trivy as a runner --- cmd/analyze.go | 48 +- .../repositories/trivy/expected.sarif | 80 + .../repositories/trivy/src/package-lock.json | 1700 +++++++++++++++++ .../repositories/trivy/src/trivy.yaml | 10 + tools/trivyRunner.go | 33 + tools/trivyRunner_test.go | 56 + 6 files changed, 1909 insertions(+), 18 deletions(-) create mode 100644 tools/testdata/repositories/trivy/expected.sarif create mode 100644 tools/testdata/repositories/trivy/src/package-lock.json create mode 100644 tools/testdata/repositories/trivy/src/trivy.yaml create mode 100644 tools/trivyRunner.go create mode 100644 tools/trivyRunner_test.go diff --git a/cmd/analyze.go b/cmd/analyze.go index 02caf12e..2f5b0115 100644 --- a/cmd/analyze.go +++ b/cmd/analyze.go @@ -184,6 +184,25 @@ func getToolName(toolName string, version string) string { return toolName } +func runEslintAnalysis(workDirectory string, pathsToCheck []string, autoFix bool, outputFile string, outputFormat string) { + eslint := config.Config.Tools()["eslint"] + eslintInstallationDirectory := eslint.InstallDir + nodeRuntime := config.Config.Runtimes()["node"] + nodeBinary := nodeRuntime.Binaries["node"] + + tools.RunEslint(workDirectory, eslintInstallationDirectory, nodeBinary, pathsToCheck, autoFix, outputFile, outputFormat) +} + +func runTrivyAnalysis(workDirectory string, pathsToCheck []string, outputFile string, outputFormat string) { + trivy := config.Config.Tools()["trivy"] + trivyBinary := trivy.Binaries["trivy"] + + err := tools.RunTrivy(workDirectory, trivyBinary, pathsToCheck, outputFile, outputFormat) + if err != nil { + log.Fatalf("Error running Trivy: %v", err) + } +} + var analyzeCmd = &cobra.Command{ Use: "analyze", Short: "Runs all linters.", @@ -194,30 +213,23 @@ var analyzeCmd = &cobra.Command{ log.Fatal(err) } - // TODO add more tools here - switch toolToAnalyze { - case "eslint": - // nothing - case "": - log.Fatal("You need to specify a tool to run analysis with, e.g., '--tool eslint'", toolToAnalyze) - default: - log.Fatal("Trying to run unsupported tool: ", toolToAnalyze) - } - - eslint := config.Config.Tools()["eslint"] - eslintInstallationDirectory := eslint.InstallDir - nodeRuntime := config.Config.Runtimes()["node"] - nodeBinary := nodeRuntime.Binaries["node"] - log.Printf("Running %s...\n", toolToAnalyze) if outputFormat == "sarif" { log.Println("Output will be in SARIF format") } - if outputFile != "" { log.Println("Output will be available at", outputFile) } - tools.RunEslint(workDirectory, eslintInstallationDirectory, nodeBinary, args, autoFix, outputFile, outputFormat) + switch toolToAnalyze { + case "eslint": + runEslintAnalysis(workDirectory, args, autoFix, outputFile, outputFormat) + case "trivy": + runTrivyAnalysis(workDirectory, args, outputFile, outputFormat) + case "": + log.Fatal("You need to specify a tool to run analysis with, e.g., '--tool eslint'") + default: + log.Fatal("Trying to run unsupported tool: ", toolToAnalyze) + } }, -} \ No newline at end of file +} diff --git a/tools/testdata/repositories/trivy/expected.sarif b/tools/testdata/repositories/trivy/expected.sarif new file mode 100644 index 00000000..83beae44 --- /dev/null +++ b/tools/testdata/repositories/trivy/expected.sarif @@ -0,0 +1,80 @@ +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "fullName": "Trivy Vulnerability Scanner", + "informationUri": "https://github.com/aquasecurity/trivy", + "name": "Trivy", + "rules": [ + { + "id": "CVE-2024-21538", + "name": "LanguageSpecificPackageVulnerability", + "shortDescription": { + "text": "cross-spawn: regular expression denial of service" + }, + "fullDescription": { + "text": "Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://avd.aquasec.com/nvd/cve-2024-21538", + "help": { + "text": "Vulnerability CVE-2024-21538\nSeverity: HIGH\nPackage: cross-spawn\nFixed Version: 7.0.5, 6.0.6\nLink: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)\nVersions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.", + "markdown": "**Vulnerability CVE-2024-21538**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|cross-spawn|7.0.5, 6.0.6|[CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)|\n\nVersions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string." + }, + "properties": { + "precision": "very-high", + "security-severity": "7.5", + "tags": [ + "vulnerability", + "security", + "HIGH" + ] + } + } + ], + "version": "0.50.0" + } + }, + "results": [ + { + "ruleId": "CVE-2024-21538", + "ruleIndex": 0, + "level": "error", + "message": { + "text": "Package: cross-spawn\nInstalled Version: 7.0.3\nVulnerability CVE-2024-21538\nSeverity: HIGH\nFixed Version: 7.0.5, 6.0.6\nLink: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "package-lock.json", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 515, + "startColumn": 1, + "endLine": 527, + "endColumn": 1 + } + }, + "message": { + "text": "package-lock.json: cross-spawn@7.0.3" + } + } + ] + } + ], + "columnKind": "utf16CodeUnits", + "originalUriBaseIds": { + "ROOTPATH": { + "uri": "testdata/repositories/trivy/src/" + } + } + } + ] +} diff --git a/tools/testdata/repositories/trivy/src/package-lock.json b/tools/testdata/repositories/trivy/src/package-lock.json new file mode 100644 index 00000000..a8cda8a4 --- /dev/null +++ b/tools/testdata/repositories/trivy/src/package-lock.json @@ -0,0 +1,1700 @@ +{ + "name": "1", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "1", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "eslint-config-prettier": "^9.1.0" + }, + "devDependencies": { + "@eslint/js": "^9.3.0", + "eslint": "^9.3.0", + "eslint-plugin-unicorn": "^53.0.0", + "globals": "^15.3.0" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.24.2", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "integrity": "sha512-y5+tLQyV8pg3fsiln67BVLD1P13Eg4lh5RW9mF0zUuvLrv9uIQ4MCL+CRT+FTsBlBjcIan6PGsLcBN0m3ClUyQ==", + "dev": true, + "dependencies": { + "@babel/highlight": "^7.24.2", + "picocolors": "^1.0.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.5.tgz", + "integrity": "sha512-3q93SSKX2TWCG30M2G2kwaKeTYgEUp5Snjuj8qm729SObL6nbtUldAi37qbxkD5gg3xnBio+f9nqpSepGZMvxA==", + "dev": true, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/highlight": { + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.5.tgz", + "integrity": "sha512-8lLmua6AVh/8SLJRRVD6V8p73Hir9w5mJrhE+IPpILG31KKlI9iz5zmBYKcWPS59qSfgP9RaSBQSHHE81WKuEw==", + "dev": true, + "dependencies": { + "@babel/helper-validator-identifier": "^7.24.5", + "chalk": "^2.4.2", + "js-tokens": "^4.0.0", + "picocolors": "^1.0.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/highlight/node_modules/ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dev": true, + "dependencies": { + "color-convert": "^1.9.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dev": true, + "dependencies": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dev": true, + "dependencies": { + "color-name": "1.1.3" + } + }, + "node_modules/@babel/highlight/node_modules/color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==", + "dev": true + }, + "node_modules/@babel/highlight/node_modules/escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "dev": true, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/@babel/highlight/node_modules/has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/@babel/highlight/node_modules/supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "dependencies": { + "has-flag": "^3.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@eslint-community/eslint-utils": { + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "integrity": "sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==", + "dependencies": { + "eslint-visitor-keys": "^3.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" + } + }, + "node_modules/@eslint-community/eslint-utils/node_modules/eslint-visitor-keys": { + "version": "3.4.3", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@eslint-community/regexpp": { + "version": "4.10.0", + "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "integrity": "sha512-Cu96Sd2By9mCNTx2iyKOmq10v22jUVQv0lQnlGNy16oE9589yE+QADPbrMGCkA51cKZSg3Pu/aTJVTGfL/qjUA==", + "engines": { + "node": "^12.0.0 || ^14.0.0 || >=16.0.0" + } + }, + "node_modules/@eslint/eslintrc": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.1.0.tgz", + "integrity": "sha512-4Bfj15dVJdoy3RfZmmo86RK1Fwzn6SstsvK9JS+BaVKqC6QQQQyXekNaC+g+LKNgkQ+2VhGAzm6hO40AhMR3zQ==", + "dependencies": { + "ajv": "^6.12.4", + "debug": "^4.3.2", + "espree": "^10.0.1", + "globals": "^14.0.0", + "ignore": "^5.2.0", + "import-fresh": "^3.2.1", + "js-yaml": "^4.1.0", + "minimatch": "^3.1.2", + "strip-json-comments": "^3.1.1" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@eslint/eslintrc/node_modules/globals": { + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz", + "integrity": "sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@eslint/js": { + "version": "9.3.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.3.0.tgz", + "integrity": "sha512-niBqk8iwv96+yuTwjM6bWg8ovzAPF9qkICsGtcoa5/dmqcEMfdwNAX7+/OHcJHc7wj7XqPxH98oAHytFYlw6Sw==", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@humanwhocodes/config-array": { + "version": "0.13.0", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.13.0.tgz", + "integrity": "sha512-DZLEEqFWQFiyK6h5YIeynKx7JlvCYWL0cImfSRXZ9l4Sg2efkFGTuFf6vzXjK1cq6IYkU+Eg/JizXw+TD2vRNw==", + "dependencies": { + "@humanwhocodes/object-schema": "^2.0.3", + "debug": "^4.3.1", + "minimatch": "^3.0.5" + }, + "engines": { + "node": ">=10.10.0" + } + }, + "node_modules/@humanwhocodes/module-importer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==", + "engines": { + "node": ">=12.22" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@humanwhocodes/object-schema": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "integrity": "sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==" + }, + "node_modules/@humanwhocodes/retry": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.3.0.tgz", + "integrity": "sha512-d2CGZR2o7fS6sWB7DG/3a95bGKQyHMACZ5aW8qGkkqQpUoZV6C0X7Pc7l4ZNMZkfNBf4VWNe9E1jRsf0G146Ew==", + "engines": { + "node": ">=18.18" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@types/normalize-package-data": { + "version": "2.4.4", + "resolved": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==", + "dev": true + }, + "node_modules/acorn": { + "version": "8.11.3", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "integrity": "sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg==", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/browserslist": { + "version": "4.23.0", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "integrity": "sha512-QW8HiM1shhT2GuzkvklfjcKDiWFXHOeFCIA/huJPwHsslwcydgk7X+z2zXpEijP98UCY7HbubZt5J2Zgvf0CaQ==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { + "caniuse-lite": "^1.0.30001587", + "electron-to-chromium": "^1.4.668", + "node-releases": "^2.0.14", + "update-browserslist-db": "^1.0.13" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/builtin-modules": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "integrity": "sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==", + "dev": true, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "engines": { + "node": ">=6" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001620", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001620.tgz", + "integrity": "sha512-WJvYsOjd1/BYUY6SNGUosK9DUidBPDTnOARHp3fSmFO1ekdxaY6nKRttEVrfMmYi80ctS0kz1wiWmm14fVc3ew==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ] + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/ci-info": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "integrity": "sha512-TdHqgGf9odd8SXNuxtUBVx8Nv+qZOejE6qyqiy5NtbYYQOeFa6zmHkxlPzmaLxWWHsU6nJmB7AETdVPi+2NBUg==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/sibiraj-s" + } + ], + "engines": { + "node": ">=8" + } + }, + "node_modules/clean-regexp": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "integrity": "sha512-GfisEZEJvzKrmGWkvfhgzcz/BllN1USeqD2V6tg14OAOgaCD2Z/PUEuxnAZ/nPvmaHRG7a8y77p1T/IRQ4D1Hw==", + "dev": true, + "dependencies": { + "escape-string-regexp": "^1.0.5" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/clean-regexp/node_modules/escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "dev": true, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==" + }, + "node_modules/core-js-compat": { + "version": "3.37.1", + "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.1.tgz", + "integrity": "sha512-9TNiImhKvQqSUkOvk/mMRZzOANTiEVC7WaBNhHcKM7x+/5E1l5NvsysR19zuDQScE8k+kfQXWRN3AtS/eOSHpg==", + "dev": true, + "dependencies": { + "browserslist": "^4.23.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==" + }, + "node_modules/electron-to-chromium": { + "version": "1.4.776", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.776.tgz", + "integrity": "sha512-s694bi3+gUzlliqxjPHpa9NRTlhzTgB34aan+pVKZmOTGy2xoZXl+8E1B8i5p5rtev3PKMK/H4asgNejC+YHNg==", + "dev": true + }, + "node_modules/error-ex": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==", + "dev": true, + "dependencies": { + "is-arrayish": "^0.2.1" + } + }, + "node_modules/escalade": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint": { + "version": "9.3.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.3.0.tgz", + "integrity": "sha512-5Iv4CsZW030lpUqHBapdPo3MJetAPtejVW8B84GIcIIv8+ohFaddXsrn1Gn8uD9ijDb+kcYKFUVmC8qG8B2ORQ==", + "dependencies": { + "@eslint-community/eslint-utils": "^4.2.0", + "@eslint-community/regexpp": "^4.6.1", + "@eslint/eslintrc": "^3.1.0", + "@eslint/js": "9.3.0", + "@humanwhocodes/config-array": "^0.13.0", + "@humanwhocodes/module-importer": "^1.0.1", + "@humanwhocodes/retry": "^0.3.0", + "@nodelib/fs.walk": "^1.2.8", + "ajv": "^6.12.4", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.2", + "debug": "^4.3.2", + "escape-string-regexp": "^4.0.0", + "eslint-scope": "^8.0.1", + "eslint-visitor-keys": "^4.0.0", + "espree": "^10.0.1", + "esquery": "^1.4.2", + "esutils": "^2.0.2", + "fast-deep-equal": "^3.1.3", + "file-entry-cache": "^8.0.0", + "find-up": "^5.0.0", + "glob-parent": "^6.0.2", + "ignore": "^5.2.0", + "imurmurhash": "^0.1.4", + "is-glob": "^4.0.0", + "is-path-inside": "^3.0.3", + "json-stable-stringify-without-jsonify": "^1.0.1", + "levn": "^0.4.1", + "lodash.merge": "^4.6.2", + "minimatch": "^3.1.2", + "natural-compare": "^1.4.0", + "optionator": "^0.9.3", + "strip-ansi": "^6.0.1", + "text-table": "^0.2.0" + }, + "bin": { + "eslint": "bin/eslint.js" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-config-prettier": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz", + "integrity": "sha512-NSWl5BFQWEPi1j4TjVNItzYV7dZXZ+wP6I6ZhrBGpChQhZRUaElihE9uRRkcbRnNb76UMKDF3r+WTmNcGPKsqw==", + "bin": { + "eslint-config-prettier": "bin/cli.js" + }, + "peerDependencies": { + "eslint": ">=7.0.0" + } + }, + "node_modules/eslint-plugin-unicorn": { + "version": "53.0.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-53.0.0.tgz", + "integrity": "sha512-kuTcNo9IwwUCfyHGwQFOK/HjJAYzbODHN3wP0PgqbW+jbXqpNWxNVpVhj2tO9SixBwuAdmal8rVcWKBxwFnGuw==", + "dev": true, + "dependencies": { + "@babel/helper-validator-identifier": "^7.24.5", + "@eslint-community/eslint-utils": "^4.4.0", + "@eslint/eslintrc": "^3.0.2", + "ci-info": "^4.0.0", + "clean-regexp": "^1.0.0", + "core-js-compat": "^3.37.0", + "esquery": "^1.5.0", + "indent-string": "^4.0.0", + "is-builtin-module": "^3.2.1", + "jsesc": "^3.0.2", + "pluralize": "^8.0.0", + "read-pkg-up": "^7.0.1", + "regexp-tree": "^0.1.27", + "regjsparser": "^0.10.0", + "semver": "^7.6.1", + "strip-indent": "^3.0.0" + }, + "engines": { + "node": ">=18.18" + }, + "funding": { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn?sponsor=1" + }, + "peerDependencies": { + "eslint": ">=8.56.0" + } + }, + "node_modules/eslint-scope": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.0.1.tgz", + "integrity": "sha512-pL8XjgP4ZOmmwfFE8mEhSxA7ZY4C+LWyqjQ3o4yWkkmD0qcMT9kkW3zWHOczhWcjTSgqycYAgwSlXvZltv65og==", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-visitor-keys": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.0.0.tgz", + "integrity": "sha512-OtIRv/2GyiF6o/d8K7MYKKbXrOUBIK6SfkIRM4Z0dY3w+LiQ0vy3F57m0Z71bjbyeiWFiHJ8brqnmE6H6/jEuw==", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/espree": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/espree/-/espree-10.0.1.tgz", + "integrity": "sha512-MWkrWZbJsL2UwnjxTX3gG8FneachS/Mwg7tdGXce011sJd5b0JG54vat5KHnfSBODZ3Wvzd2WnjxyzsRoVv+ww==", + "dependencies": { + "acorn": "^8.11.3", + "acorn-jsx": "^5.3.2", + "eslint-visitor-keys": "^4.0.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/esquery": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "integrity": "sha512-YQLXUplAwJgCydQ78IMJywZCceoqk1oH01OERdSAJc/7U2AylwjhSCLDEtqwg811idIS/9fIU5GjG73IgjKMVg==", + "dependencies": { + "estraverse": "^5.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==" + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==" + }, + "node_modules/fastq": { + "version": "1.17.1", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/file-entry-cache": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-8.0.0.tgz", + "integrity": "sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==", + "dependencies": { + "flat-cache": "^4.0.0" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat-cache": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-4.0.1.tgz", + "integrity": "sha512-f7ccFPK3SXFHpx15UIGyRJ/FJQctuKZ0zVuN3frBo4HnK3cay9VEW0R6yPYFHC0AgqhukPzKjq22t5DmAyqGyw==", + "dependencies": { + "flatted": "^3.2.9", + "keyv": "^4.5.4" + }, + "engines": { + "node": ">=16" + } + }, + "node_modules/flatted": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==" + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "dev": true, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/globals": { + "version": "15.3.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-15.3.0.tgz", + "integrity": "sha512-cCdyVjIUVTtX8ZsPkq1oCsOsLmGIswqnjZYMJJTGaNApj1yHtLSymKhwH51ttirREn75z3p4k051clwg7rvNKA==", + "dev": true, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "dev": true, + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/hosted-git-info": { + "version": "2.8.9", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", + "dev": true + }, + "node_modules/ignore": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", + "engines": { + "node": ">= 4" + } + }, + "node_modules/import-fresh": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==", + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-arrayish": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==", + "dev": true + }, + "node_modules/is-builtin-module": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "integrity": "sha512-BSLE3HnV2syZ0FK0iMA/yUGplUeMmNz4AW5fnTunbCIqZi4vG3WjJT9FHMy5D69xmAYBHXQhJdALdpwVxV501A==", + "dev": true, + "dependencies": { + "builtin-modules": "^3.3.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-core-module": { + "version": "2.13.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==", + "dev": true, + "dependencies": { + "hasown": "^2.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-path-inside": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dev": true + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsesc": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "integrity": "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==", + "dev": true, + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/json-buffer": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==" + }, + "node_modules/json-parse-even-better-errors": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", + "dev": true + }, + "node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==" + }, + "node_modules/json-stable-stringify-without-jsonify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==" + }, + "node_modules/keyv": { + "version": "4.5.4", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", + "dependencies": { + "json-buffer": "3.0.1" + } + }, + "node_modules/levn": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", + "dependencies": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/lines-and-columns": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", + "dev": true + }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash.merge": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==" + }, + "node_modules/min-indent": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + }, + "node_modules/natural-compare": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==" + }, + "node_modules/node-releases": { + "version": "2.0.14", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==", + "dev": true + }, + "node_modules/normalize-package-data": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==", + "dev": true, + "dependencies": { + "hosted-git-info": "^2.1.4", + "resolve": "^1.10.0", + "semver": "2 || 3 || 4 || 5", + "validate-npm-package-license": "^3.0.1" + } + }, + "node_modules/normalize-package-data/node_modules/semver": { + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", + "dev": true, + "bin": { + "semver": "bin/semver" + } + }, + "node_modules/optionator": { + "version": "0.9.4", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", + "integrity": "sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==", + "dependencies": { + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0", + "word-wrap": "^1.2.5" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/parse-json": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", + "dev": true, + "dependencies": { + "@babel/code-frame": "^7.0.0", + "error-ex": "^1.3.1", + "json-parse-even-better-errors": "^2.3.0", + "lines-and-columns": "^1.1.6" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dev": true + }, + "node_modules/picocolors": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz", + "integrity": "sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==", + "dev": true + }, + "node_modules/pluralize": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "integrity": "sha512-Nc3IT5yHzflTfbjgqWcCPpo7DaKy4FnpB0l/zCAW0Tc7jxAiuqSxHasntB3D7887LSrA93kDJ9IXovxJYxyLCA==", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/prelude-ls": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "engines": { + "node": ">=6" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/read-pkg": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "integrity": "sha512-Ug69mNOpfvKDAc2Q8DRpMjjzdtrnv9HcSMX+4VsZxD1aZ6ZzrIE7rlzXBtWTyhULSMKg076AW6WR5iZpD0JiOg==", + "dev": true, + "dependencies": { + "@types/normalize-package-data": "^2.4.0", + "normalize-package-data": "^2.5.0", + "parse-json": "^5.0.0", + "type-fest": "^0.6.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/read-pkg-up": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "integrity": "sha512-zK0TB7Xd6JpCLmlLmufqykGE+/TlOePD6qKClNW7hHDKFh/J7/7gCWGR7joEQEW1bKq3a3yUZSObOoWLFQ4ohg==", + "dev": true, + "dependencies": { + "find-up": "^4.1.0", + "read-pkg": "^5.2.0", + "type-fest": "^0.8.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/read-pkg-up/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/read-pkg-up/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/read-pkg-up/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/read-pkg-up/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/read-pkg/node_modules/type-fest": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "integrity": "sha512-q+MB8nYR1KDLrgr4G5yemftpMC7/QLqVndBmEEdqzmNj5dcFOO4Oo8qlwZE3ULT3+Zim1F8Kq4cBnikNhlCMlg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/regexp-tree": { + "version": "0.1.27", + "resolved": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "integrity": "sha512-iETxpjK6YoRWJG5o6hXLwvjYAoW+FEZn9os0PD/b6AP6xQwsa/Y7lCVgIixBbUPMfhu+i2LtdeAqVTgGlQarfA==", + "dev": true, + "bin": { + "regexp-tree": "bin/regexp-tree" + } + }, + "node_modules/regjsparser": { + "version": "0.10.0", + "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "integrity": "sha512-qx+xQGZVsy55CH0a1hiVwHmqjLryfh7wQyF5HO07XJ9f7dQMY/gPQHhlyDkIzJKC+x2fUCpCcUODUUUFrm7SHA==", + "dev": true, + "dependencies": { + "jsesc": "~0.5.0" + }, + "bin": { + "regjsparser": "bin/parser" + } + }, + "node_modules/regjsparser/node_modules/jsesc": { + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "integrity": "sha512-uZz5UnB7u4T9LvwmFqXii7pZSouaRPorGs5who1Ip7VO0wxanFvBL7GkM6dTHlgX+jhBApRetaWpnDabOeTcnA==", + "dev": true, + "bin": { + "jsesc": "bin/jsesc" + } + }, + "node_modules/resolve": { + "version": "1.22.8", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==", + "dev": true, + "dependencies": { + "is-core-module": "^2.13.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "engines": { + "node": ">=4" + } + }, + "node_modules/reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/semver": { + "version": "7.6.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", + "dev": true, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "engines": { + "node": ">=8" + } + }, + "node_modules/spdx-correct": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "integrity": "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA==", + "dev": true, + "dependencies": { + "spdx-expression-parse": "^3.0.0", + "spdx-license-ids": "^3.0.0" + } + }, + "node_modules/spdx-exceptions": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "integrity": "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w==", + "dev": true + }, + "node_modules/spdx-expression-parse": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==", + "dev": true, + "dependencies": { + "spdx-exceptions": "^2.1.0", + "spdx-license-ids": "^3.0.0" + } + }, + "node_modules/spdx-license-ids": { + "version": "3.0.17", + "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "integrity": "sha512-sh8PWc/ftMqAAdFiBu6Fy6JUOYjqDJBJvIhpfDMyHrr0Rbp5liZqd4TjtQ/RgfLjKFZb+LMx5hpml5qOWy0qvg==", + "dev": true + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-indent": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "integrity": "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==", + "dev": true, + "dependencies": { + "min-indent": "^1.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "dev": true, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/text-table": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==" + }, + "node_modules/type-check": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", + "dependencies": { + "prelude-ls": "^1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/type-fest": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/update-browserslist-db": { + "version": "1.0.16", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.16.tgz", + "integrity": "sha512-KVbTxlBYlckhF5wgfyZXTWnMn7MMZjMu9XG8bPlliUOP9ThaF4QnhP8qrjrH7DRzHfSk0oQv1wToW+iA5GajEQ==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { + "escalade": "^3.1.2", + "picocolors": "^1.0.1" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" + } + }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/validate-npm-package-license": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==", + "dev": true, + "dependencies": { + "spdx-correct": "^3.0.0", + "spdx-expression-parse": "^3.0.0" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/word-wrap": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", + "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + } + } + } + \ No newline at end of file diff --git a/tools/testdata/repositories/trivy/src/trivy.yaml b/tools/testdata/repositories/trivy/src/trivy.yaml new file mode 100644 index 00000000..c785541c --- /dev/null +++ b/tools/testdata/repositories/trivy/src/trivy.yaml @@ -0,0 +1,10 @@ +severity: + - LOW + - MEDIUM + - HIGH + - CRITICAL + +scan: + scanners: + - vuln + - secret diff --git a/tools/trivyRunner.go b/tools/trivyRunner.go new file mode 100644 index 00000000..784a65bb --- /dev/null +++ b/tools/trivyRunner.go @@ -0,0 +1,33 @@ +package tools + +import ( + "os" + "os/exec" +) + +// RunTrivy executes Trivy vulnerability scanner with the specified options +func RunTrivy(repositoryToAnalyseDirectory string, trivyBinary string, pathsToCheck []string, outputFile string, outputFormat string) error { + cmd := exec.Command(trivyBinary, "fs") + + // Add format options + if outputFile != "" { + cmd.Args = append(cmd.Args, "--output", outputFile) + } + + if outputFormat == "sarif" { + cmd.Args = append(cmd.Args, "--format", "sarif") + } + + // Add specific targets or use current directory + if len(pathsToCheck) > 0 { + cmd.Args = append(cmd.Args, pathsToCheck...) + } else { + cmd.Args = append(cmd.Args, ".") + } + + cmd.Dir = repositoryToAnalyseDirectory + cmd.Stderr = os.Stderr + cmd.Stdout = os.Stdout + + return cmd.Run() +} diff --git a/tools/trivyRunner_test.go b/tools/trivyRunner_test.go new file mode 100644 index 00000000..b83b6b86 --- /dev/null +++ b/tools/trivyRunner_test.go @@ -0,0 +1,56 @@ +package tools + +import ( + "fmt" + "log" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestRunTrivyToFile(t *testing.T) { + homeDirectory, err := os.UserHomeDir() + if err != nil { + log.Fatal(err.Error()) + } + currentDirectory, err := os.Getwd() + if err != nil { + log.Fatal(err.Error()) + } + + testDirectory := "testdata/repositories/trivy" + tempResultFile := filepath.Join(os.TempDir(), "trivy.sarif") + defer os.Remove(tempResultFile) + + repositoryToAnalyze := filepath.Join(testDirectory, "src") + + trivyBinary := filepath.Join(homeDirectory, ".cache/codacy/tools/trivy@0.50.0/trivy") + + err = RunTrivy(repositoryToAnalyze, trivyBinary, nil, tempResultFile, "sarif") + if err != nil { + t.Fatalf("Failed to run trivy: %v", err) + } + + // Check if the output file was created + obtainedSarifBytes, err := os.ReadFile(tempResultFile) + if err != nil { + t.Fatalf("Failed to read output file: %v", err) + } + obtainedSarif := string(obtainedSarifBytes) + filePrefix := "file://" + currentDirectory + "/" + fmt.Println(filePrefix) + actualSarif := strings.ReplaceAll(obtainedSarif, filePrefix, "") + + // Read the expected SARIF + expectedSarifFile := filepath.Join(testDirectory, "expected.sarif") + expectedSarifBytes, err := os.ReadFile(expectedSarifFile) + if err != nil { + log.Fatal(err) + } + expectedSarif := strings.TrimSpace(string(expectedSarifBytes)) + + assert.Equal(t, expectedSarif, actualSarif, "output did not match expected") +} From a6279a9b957fa3eff217fca95671522037e28c6f Mon Sep 17 00:00:00 2001 From: Joao Machado <13315199+machadoit@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:58:48 +0200 Subject: [PATCH 5/5] feature: Add support for trivy configuration --- .codacy/codacy.yaml | 2 +- cmd/init.go | 102 +++++++- .../repositories/trivy/expected.sarif | 4 +- tools/trivyConfigCreator.go | 80 ++++++ tools/trivyConfigCreator_test.go | 238 ++++++++++++++++++ tools/trivyRunner_test.go | 2 +- 6 files changed, 422 insertions(+), 6 deletions(-) create mode 100644 tools/trivyConfigCreator.go create mode 100644 tools/trivyConfigCreator_test.go diff --git a/.codacy/codacy.yaml b/.codacy/codacy.yaml index edbfe4a1..96b81e2f 100644 --- a/.codacy/codacy.yaml +++ b/.codacy/codacy.yaml @@ -2,4 +2,4 @@ runtimes: - node@22.2.0 tools: - eslint@9.3.0 - - trivy@0.50.0 \ No newline at end of file + - trivy@0.59.1 diff --git a/cmd/init.go b/cmd/init.go index 1356624a..01066422 100644 --- a/cmd/init.go +++ b/cmd/init.go @@ -72,20 +72,25 @@ func createConfigurationFile(tools []tools.Tool) error { func configFileTemplate(tools []tools.Tool) string { - // Default version + // Default versions eslintVersion := "9.3.0" + trivyVersion := "0.59.1" // Latest stable version for _, tool := range tools { if tool.Uuid == "f8b29663-2cb2-498d-b923-a10c6a8c05cd" { eslintVersion = tool.Version } + if tool.Uuid == "2fd7fbe0-33f9-4ab3-ab73-e9b62404e2cb" { + trivyVersion = tool.Version + } } return fmt.Sprintf(`runtimes: - node@22.2.0 tools: - eslint@%s -`, eslintVersion) + - trivy@%s +`, eslintVersion, trivyVersion) } func buildRepositoryConfigurationFiles(token string) error { @@ -150,7 +155,24 @@ func buildRepositoryConfigurationFiles(token string) error { _, err = eslintConfigFile.WriteString(eslintConfigurationString) if err != nil { log.Fatal(err) + } + // Create Trivy configuration after processing ESLint + trivyApiConfiguration := extractTrivyConfiguration(apiToolConfigurations) + if trivyApiConfiguration != nil { + // Create trivy.yaml file based on API configuration + err = createTrivyConfigFile(*trivyApiConfiguration) + if err != nil { + log.Fatal(err) + } + fmt.Println("Trivy configuration created based on Codacy settings") + } else { + // Create default trivy.yaml if no configuration from API + err = createDefaultTrivyConfigFile() + if err != nil { + log.Fatal(err) + } + fmt.Println("Default Trivy configuration created") } return nil @@ -197,6 +219,20 @@ func extractESLintConfiguration(toolConfigurations []CodacyToolConfiguration) *C return nil } +// extractTrivyConfiguration extracts Trivy configuration from the Codacy API response +func extractTrivyConfiguration(toolConfigurations []CodacyToolConfiguration) *CodacyToolConfiguration { + // Trivy internal codacy uuid + const TrivyUUID = "2fd7fbe0-33f9-4ab3-ab73-e9b62404e2cb" + + for _, toolConfiguration := range toolConfigurations { + if toolConfiguration.Uuid == TrivyUUID { + return &toolConfiguration + } + } + + return nil +} + type CodacyToolConfiguration struct { Uuid string `json:"uuid"` IsEnabled bool `json:"isEnabled"` @@ -212,3 +248,65 @@ type ParameterConfiguration struct { name string `json:"name"` value string `json:"value"` } + +// createTrivyConfigFile creates a trivy.yaml configuration file based on the API configuration +func createTrivyConfigFile(config CodacyToolConfiguration) error { + // Convert CodacyToolConfiguration to tools.ToolConfiguration + trivyDomainConfiguration := convertAPIToolConfigurationForTrivy(config) + + // Use the shared CreateTrivyConfig function to generate the config content + trivyConfigurationString := tools.CreateTrivyConfig(trivyDomainConfiguration) + + // Write to file + return os.WriteFile("trivy.yaml", []byte(trivyConfigurationString), 0644) +} + +// convertAPIToolConfigurationForTrivy converts API tool configuration to domain model for Trivy +func convertAPIToolConfigurationForTrivy(config CodacyToolConfiguration) tools.ToolConfiguration { + var patterns []tools.PatternConfiguration + + // Only process if tool is enabled + if config.IsEnabled { + for _, pattern := range config.Patterns { + var parameters []tools.PatternParameterConfiguration + + // By default patterns are enabled + patternEnabled := true + + // Check if there's an explicit enabled parameter + for _, param := range pattern.Parameters { + if param.name == "enabled" && param.value == "false" { + patternEnabled = false + } + } + + // Add enabled parameter + parameters = append(parameters, tools.PatternParameterConfiguration{ + Name: "enabled", + Value: fmt.Sprintf("%t", patternEnabled), + }) + + patterns = append( + patterns, + tools.PatternConfiguration{ + PatternId: pattern.InternalId, + ParamenterConfigurations: parameters, + }, + ) + } + } + + return tools.ToolConfiguration{ + PatternsConfiguration: patterns, + } +} + +// createDefaultTrivyConfigFile creates a default trivy.yaml configuration file +func createDefaultTrivyConfigFile() error { + // Use empty tool configuration to get default settings + emptyConfig := tools.ToolConfiguration{} + content := tools.CreateTrivyConfig(emptyConfig) + + // Write to file + return os.WriteFile("trivy.yaml", []byte(content), 0644) +} diff --git a/tools/testdata/repositories/trivy/expected.sarif b/tools/testdata/repositories/trivy/expected.sarif index 83beae44..2c2c8208 100644 --- a/tools/testdata/repositories/trivy/expected.sarif +++ b/tools/testdata/repositories/trivy/expected.sarif @@ -1,6 +1,6 @@ { "version": "2.1.0", - "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { @@ -37,7 +37,7 @@ } } ], - "version": "0.50.0" + "version": "0.59.1" } }, "results": [ diff --git a/tools/trivyConfigCreator.go b/tools/trivyConfigCreator.go new file mode 100644 index 00000000..2c8a9e04 --- /dev/null +++ b/tools/trivyConfigCreator.go @@ -0,0 +1,80 @@ +package tools + +import ( + "fmt" + "strings" +) + +// CreateTrivyConfig generates a Trivy configuration based on the tool configuration +func CreateTrivyConfig(config ToolConfiguration) string { + // Default settings - include all severities and scanners + includeLow := true + includeMedium := true + includeHigh := true + includeCritical := true + includeSecret := true + + // Process patterns from Codacy API + for _, pattern := range config.PatternsConfiguration { + // Check if pattern is enabled + patternEnabled := true + for _, param := range pattern.ParamenterConfigurations { + if param.Name == "enabled" && param.Value == "false" { + patternEnabled = false + } + } + + // Map patterns to configurations + if pattern.PatternId == "Trivy_vulnerability_minor" { + includeLow = patternEnabled + } + if pattern.PatternId == "Trivy_vulnerability_medium" { + includeMedium = patternEnabled + } + if pattern.PatternId == "Trivy_vulnerability" { + // This covers HIGH and CRITICAL + includeHigh = patternEnabled + includeCritical = patternEnabled + } + if pattern.PatternId == "Trivy_secret" { + includeSecret = patternEnabled + } + } + + // Build the severity list based on enabled patterns + var severities []string + if includeLow { + severities = append(severities, "LOW") + } + if includeMedium { + severities = append(severities, "MEDIUM") + } + if includeHigh { + severities = append(severities, "HIGH") + } + if includeCritical { + severities = append(severities, "CRITICAL") + } + + // Build the scanners list + var scanners []string + scanners = append(scanners, "vuln") // Always include vuln scanner + if includeSecret { + scanners = append(scanners, "secret") + } + + // Generate trivy.yaml content + var contentBuilder strings.Builder + contentBuilder.WriteString("severity:\n") + for _, sev := range severities { + contentBuilder.WriteString(fmt.Sprintf(" - %s\n", sev)) + } + + contentBuilder.WriteString("\nscan:\n") + contentBuilder.WriteString(" scanners:\n") + for _, scanner := range scanners { + contentBuilder.WriteString(fmt.Sprintf(" - %s\n", scanner)) + } + + return contentBuilder.String() +} diff --git a/tools/trivyConfigCreator_test.go b/tools/trivyConfigCreator_test.go new file mode 100644 index 00000000..c77eab6c --- /dev/null +++ b/tools/trivyConfigCreator_test.go @@ -0,0 +1,238 @@ +package tools + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func testTrivyConfig(t *testing.T, configuration ToolConfiguration, expected string) { + actual := CreateTrivyConfig(configuration) + assert.Equal(t, expected, actual) +} + +func TestCreateTrivyConfigEmptyConfig(t *testing.T) { + testTrivyConfig(t, + ToolConfiguration{}, + `severity: + - LOW + - MEDIUM + - HIGH + - CRITICAL + +scan: + scanners: + - vuln + - secret +`) +} + +func TestCreateTrivyConfigAllEnabled(t *testing.T) { + testTrivyConfig(t, + ToolConfiguration{ + PatternsConfiguration: []PatternConfiguration{ + { + PatternId: "Trivy_vulnerability_minor", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "true", + }, + }, + }, + { + PatternId: "Trivy_vulnerability_medium", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "true", + }, + }, + }, + { + PatternId: "Trivy_vulnerability", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "true", + }, + }, + }, + { + PatternId: "Trivy_secret", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "true", + }, + }, + }, + }, + }, + `severity: + - LOW + - MEDIUM + - HIGH + - CRITICAL + +scan: + scanners: + - vuln + - secret +`) +} + +func TestCreateTrivyConfigNoLow(t *testing.T) { + testTrivyConfig(t, + ToolConfiguration{ + PatternsConfiguration: []PatternConfiguration{ + { + PatternId: "Trivy_vulnerability_minor", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + }, + }, + `severity: + - MEDIUM + - HIGH + - CRITICAL + +scan: + scanners: + - vuln + - secret +`) +} + +func TestCreateTrivyConfigOnlyHigh(t *testing.T) { + testTrivyConfig(t, + ToolConfiguration{ + PatternsConfiguration: []PatternConfiguration{ + { + PatternId: "Trivy_vulnerability_minor", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + { + PatternId: "Trivy_vulnerability_medium", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + { + PatternId: "Trivy_secret", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + }, + }, + `severity: + - HIGH + - CRITICAL + +scan: + scanners: + - vuln +`) +} + +func TestCreateTrivyConfigNoVulnerabilities(t *testing.T) { + testTrivyConfig(t, + ToolConfiguration{ + PatternsConfiguration: []PatternConfiguration{ + { + PatternId: "Trivy_vulnerability_minor", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + { + PatternId: "Trivy_vulnerability_medium", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + { + PatternId: "Trivy_vulnerability", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + }, + }, + `severity: + +scan: + scanners: + - vuln + - secret +`) +} + +func TestCreateTrivyConfigOnlySecretsLow(t *testing.T) { + testTrivyConfig(t, + ToolConfiguration{ + PatternsConfiguration: []PatternConfiguration{ + { + PatternId: "Trivy_vulnerability_minor", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "true", + }, + }, + }, + { + PatternId: "Trivy_vulnerability_medium", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + { + PatternId: "Trivy_vulnerability", + ParamenterConfigurations: []PatternParameterConfiguration{ + { + Name: "enabled", + Value: "false", + }, + }, + }, + }, + }, + `severity: + - LOW + +scan: + scanners: + - vuln + - secret +`) +} diff --git a/tools/trivyRunner_test.go b/tools/trivyRunner_test.go index b83b6b86..c7d1dd66 100644 --- a/tools/trivyRunner_test.go +++ b/tools/trivyRunner_test.go @@ -27,7 +27,7 @@ func TestRunTrivyToFile(t *testing.T) { repositoryToAnalyze := filepath.Join(testDirectory, "src") - trivyBinary := filepath.Join(homeDirectory, ".cache/codacy/tools/trivy@0.50.0/trivy") + trivyBinary := filepath.Join(homeDirectory, ".cache/codacy/tools/trivy@0.59.1/trivy") err = RunTrivy(repositoryToAnalyze, trivyBinary, nil, tempResultFile, "sarif") if err != nil {