Merge pull request #776 from snyk/fix/outdates-deps

Fix/outdates deps

Author: dkontorovskyy

.eslintrc.json

@@ -6,16 +6,15 @@
   },
   "plugins": ["@typescript-eslint"],
   "extends": [
-    "plugin:@typescript-eslint/recommended",
-    "prettier",
-    "prettier/@typescript-eslint"
+    "plugin:prettier/recommended",
+    "prettier"
   ],
   "rules": {
     "@typescript-eslint/semi": "error",
     "@typescript-eslint/no-use-before-define": "off",
     "@typescript-eslint/interface-name-prefix": "off",
     "@typescript-eslint/await-thenable": "error",
-    "@typescript-eslint/ban-ts-ignore": "error",
+    "@typescript-eslint/ban-ts-comment": "error",
     "@typescript-eslint/no-unnecessary-type-assertion": "error",
     "@typescript-eslint/unbound-method": "error"
   }

package-lock.json

@@ -36,18 +36,18 @@
     "@kubernetes/client-node": "^0.14.3",
     "@snyk/dep-graph": "^1.28.0",
     "async": "^3.2.0",
-    "aws-sdk": "^2.873.0",
+    "aws-sdk": "^2.916.0",
     "bunyan": "^1.8.15",
     "child-process-promise": "^2.2.1",
-    "fs-extra": "^9.1.0",
-    "lru-cache": "^5.1.1",
+    "fs-extra": "^10.0.0",
+    "lru-cache": "^6.0.0",
     "needle": "^2.6.0",
-    "sleep-promise": "^8.0.1",
-    "snyk-config": "4.0.0",
-    "snyk-docker-plugin": "^4.20.3",
+    "sleep-promise": "^9.1.0",
+    "snyk-config": "5.0.0",
+    "snyk-docker-plugin": "^4.20.9",
     "source-map-support": "^0.5.16",
     "tunnel": "0.0.6",
-    "typescript": "^3.9.9",
+    "typescript": "^4.3.2",
     "uuid": "^8.3.2",
     "yaml": "^1.10.2"
   },
@@ -57,21 +57,22 @@
     "@types/jest": "^26.0.21",
     "@types/lru-cache": "^5.1.0",
     "@types/needle": "^2.0.4",
-    "@types/node": "^10.17.55",
-    "@types/sinon": "^7.5.2",
-    "@types/tunnel": "0.0.1",
+    "@types/node": "^15.6.1",
+    "@types/sinon": "^10.0.1",
+    "@types/tunnel": "0.0.2",
     "@types/uuid": "^8.3.0",
-    "@typescript-eslint/eslint-plugin": "^2.22.0",
-    "@typescript-eslint/parser": "^2.22.0",
-    "eslint": "^6.8.0",
-    "eslint-config-prettier": "^6.10.0",
+    "@typescript-eslint/eslint-plugin": "^4.25.0",
+    "@typescript-eslint/parser": "^4.25.0",
+    "eslint": "^7.27.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-plugin-prettier": "^3.4.0",
     "jest": "^26.6.3",
-    "nock": "^11.9.1",
-    "prettier": "^2.2.1",
-    "sinon": "^8.1.1",
-    "ts-jest": "^26.5.4",
-    "ts-node": "^8.6.2",
-    "tsc-watch": "^1.0.30"
+    "nock": "^13.0.11",
+    "prettier": "^2.3.0",
+    "sinon": "^11.1.1",
+    "ts-jest": "^26.5.6",
+    "ts-node": "^10.0.0",
+    "tsc-watch": "^4.4.0"
   },
   "release": {
     "branches": "staging",

package.json

@@ -10,7 +10,7 @@ const namespacesFilePath = '/etc/config/excludedNamespaces';
 
 function loadExcludedNamespaces(): string[] | null {
   try {
-    const data = readFileSync(namespacesFilePath, 'UTF-8');
+    const data = readFileSync(namespacesFilePath, 'utf-8');
     const namespaces: string[] = data.split(/\r?\n/);
     return namespaces;
   } catch (err) {

src/common/config.ts

@@ -77,25 +77,24 @@ export interface Meta extends Partial<Record<string, string>> {
 export function extractFactsFromDockerPluginResponse(
   pluginResponse: PluginResponse,
 ): ExtractedFacts {
-  const depGraph: depGraphLib.DepGraph = pluginResponse.scanResults[0].facts.find(
-    (fact) => fact.type === 'depGraph',
-  )?.data;
+  const depGraph: depGraphLib.DepGraph =
+    pluginResponse.scanResults[0].facts.find(
+      (fact) => fact.type === 'depGraph',
+    )?.data;
 
-  const manifestFiles:
-    | ManifestFile[]
-    | undefined = pluginResponse.scanResults[0].facts.find(
-    (fact) => fact.type === 'imageManifestFiles',
-  )?.data;
+  const manifestFiles: ManifestFile[] | undefined =
+    pluginResponse.scanResults[0].facts.find(
+      (fact) => fact.type === 'imageManifestFiles',
+    )?.data;
 
   const hashes: string[] | undefined = pluginResponse.scanResults[0].facts.find(
     (fact) => fact.type === 'keyBinariesHashes',
   )?.data;
 
-  const imageLayers:
-    | string[]
-    | undefined = pluginResponse.scanResults[0].facts.find(
-    (fact) => fact.type === 'imageLayers',
-  )?.data;
+  const imageLayers: string[] | undefined =
+    pluginResponse.scanResults[0].facts.find(
+      (fact) => fact.type === 'imageLayers',
+    )?.data;
 
   const rootFs: string[] | undefined = pluginResponse.scanResults[0].facts.find(
     (fact) => fact.type === 'rootFs',
@@ -105,11 +104,10 @@ export function extractFactsFromDockerPluginResponse(
     (fact) => fact.type === 'imageId',
   )?.data;
 
-  const imageOsReleasePrettyName:
-    | string
-    | undefined = pluginResponse.scanResults[0].facts.find(
-    (fact) => fact.type === 'imageOsReleasePrettyName',
-  )?.data;
+  const imageOsReleasePrettyName: string | undefined =
+    pluginResponse.scanResults[0].facts.find(
+      (fact) => fact.type === 'imageOsReleasePrettyName',
+    )?.data;
 
   const platform = pluginResponse.scanResults[0].identity.args?.platform;
 

src/scanner/images/docker-plugin-shim.ts

@@ -85,12 +85,15 @@ export async function removePulledImages(
 }
 
 // Exported for testing
-export function getImageParts(
-  imageWithTag: string,
-): { imageName: string; imageTag: string; imageDigest: string } {
+export function getImageParts(imageWithTag: string): {
+  imageName: string;
+  imageTag: string;
+  imageDigest: string;
+} {
   // we're matching pattern: <registry:port_number>(optional)/<image_name>(mandatory):<image_tag>(optional)@<tag_identifier>(optional)
   // extracted from https://github.com/docker/distribution/blob/master/reference/regexp.go
-  const regex = /^((?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?\/)?[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?(?:(?:\/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\w][\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][A-Fa-f0-9]{32,}))?$/gi;
+  const regex =
+    /^((?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?\/)?[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?(?:(?:\/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\w][\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][A-Fa-f0-9]{32,}))?$/gi;
   const groups = regex.exec(imageWithTag);
 
   if (!groups) {
@@ -208,11 +211,10 @@ async function getDependencyTreeFromPluginResponse(
   pluginResponse: PluginResponse,
   imageName: string,
 ): Promise<DependencyTree> {
-  const osDepGraph:
-    | DepGraph
-    | undefined = pluginResponse.scanResults[0].facts.find(
-    (fact) => fact.type === 'depGraph',
-  )?.data;
+  const osDepGraph: DepGraph | undefined =
+    pluginResponse.scanResults[0].facts.find(
+      (fact) => fact.type === 'depGraph',
+    )?.data;
 
   if (!osDepGraph) {
     throw new Error('Missing dependency graph');
@@ -222,9 +224,8 @@ async function getDependencyTreeFromPluginResponse(
     osDepGraph,
     osDepGraph.pkgManager.name,
   );
-  const osScanResultFacts = extractFactsFromDockerPluginResponse(
-    pluginResponse,
-  );
+  const osScanResultFacts =
+    extractFactsFromDockerPluginResponse(pluginResponse);
   const dockerDepTree = buildDockerPropertiesOnDepTree(
     depTree,
     osScanResultFacts,

src/scanner/images/index.ts

@@ -141,8 +141,8 @@ async function isSupportedWorkload(
     const limit = 1; // Try to grab only a single object
     const resourceVersion = undefined; // List anything in the cluster
     const timeoutSeconds = 10; // Don't block the snyk-monitor indefinitely
-    const attemptedApiCall = await kubernetesApiWrappers.retryKubernetesApiRequest(
-      () =>
+    const attemptedApiCall =
+      await kubernetesApiWrappers.retryKubernetesApiRequest(() =>
         k8sApi.customObjectsClient.listNamespacedCustomObject(
           'apps.openshift.io',
           'v1',
@@ -156,7 +156,7 @@ async function isSupportedWorkload(
           resourceVersion,
           timeoutSeconds,
         ),
-    );
+      );
     return (
       attemptedApiCall !== undefined &&
       attemptedApiCall.response !== undefined &&

src/supervisor/watchers/handlers/index.ts

@@ -4,9 +4,7 @@ export const FALSY_WORKLOAD_NAME_MARKER = 'falsy workload name';
 
 type WorkloadHandlerFunc = (workload: any) => Promise<void>;
 
-type ListWorkloadFunctionFactory = (
-  namespace: string,
-) => () => Promise<{
+type ListWorkloadFunctionFactory = (namespace: string) => () => Promise<{
   response: any;
   body: any;
 }>;

src/supervisor/watchers/handlers/types.ts

@@ -16,9 +16,10 @@ const deploymentReader: IWorkloadReaderFunc = async (
   workloadName,
   namespace,
 ) => {
-  const deploymentResult = await kubernetesApiWrappers.retryKubernetesApiRequest(
-    () => k8sApi.appsClient.readNamespacedDeployment(workloadName, namespace),
-  );
+  const deploymentResult =
+    await kubernetesApiWrappers.retryKubernetesApiRequest(() =>
+      k8sApi.appsClient.readNamespacedDeployment(workloadName, namespace),
+    );
   const deployment = deploymentResult.body;
 
   if (
@@ -48,16 +49,16 @@ const deploymentConfigReader: IWorkloadReaderFunc = async (
   workloadName,
   namespace,
 ) => {
-  const deploymentResult = await kubernetesApiWrappers.retryKubernetesApiRequest(
-    () =>
+  const deploymentResult =
+    await kubernetesApiWrappers.retryKubernetesApiRequest(() =>
       k8sApi.customObjectsClient.getNamespacedCustomObject(
         'apps.openshift.io',
         'v1',
         namespace,
         'deploymentconfigs',
         workloadName,
       ),
-  );
+    );
   const deployment: V1DeploymentConfig = deploymentResult.body;
 
   if (
@@ -86,9 +87,10 @@ const replicaSetReader: IWorkloadReaderFunc = async (
   workloadName,
   namespace,
 ) => {
-  const replicaSetResult = await kubernetesApiWrappers.retryKubernetesApiRequest(
-    () => k8sApi.appsClient.readNamespacedReplicaSet(workloadName, namespace),
-  );
+  const replicaSetResult =
+    await kubernetesApiWrappers.retryKubernetesApiRequest(() =>
+      k8sApi.appsClient.readNamespacedReplicaSet(workloadName, namespace),
+    );
   const replicaSet = replicaSetResult.body;
 
   if (
@@ -118,9 +120,10 @@ const statefulSetReader: IWorkloadReaderFunc = async (
   workloadName,
   namespace,
 ) => {
-  const statefulSetResult = await kubernetesApiWrappers.retryKubernetesApiRequest(
-    () => k8sApi.appsClient.readNamespacedStatefulSet(workloadName, namespace),
-  );
+  const statefulSetResult =
+    await kubernetesApiWrappers.retryKubernetesApiRequest(() =>
+      k8sApi.appsClient.readNamespacedStatefulSet(workloadName, namespace),
+    );
   const statefulSet = statefulSetResult.body;
 
   if (
@@ -237,13 +240,13 @@ const replicationControllerReader: IWorkloadReaderFunc = async (
   workloadName,
   namespace,
 ) => {
-  const replicationControllerResult = await kubernetesApiWrappers.retryKubernetesApiRequest(
-    () =>
+  const replicationControllerResult =
+    await kubernetesApiWrappers.retryKubernetesApiRequest(() =>
       k8sApi.coreClient.readNamespacedReplicationController(
         workloadName,
         namespace,
       ),
-  );
+    );
   const replicationController = replicationControllerResult.body;
 
   if (

src/supervisor/workload-reader.ts

@@ -19,40 +19,38 @@ export function constructDepGraph(
   scannedImages: IScanResult[],
   workloadMetadata: IWorkload[],
 ): IDependencyGraphPayload[] {
-  const results = scannedImages.map(
-    (scannedImage): IDependencyGraphPayload => {
-      // We know that .find() won't return undefined
-      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-      const kubeWorkload: IWorkload = workloadMetadata.find(
-        (meta) => meta.imageName === scannedImage.imageWithTag,
-      )!;
+  const results = scannedImages.map((scannedImage): IDependencyGraphPayload => {
+    // We know that .find() won't return undefined
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    const kubeWorkload: IWorkload = workloadMetadata.find(
+      (meta) => meta.imageName === scannedImage.imageWithTag,
+    )!;
 
-      const { cluster, namespace, type, name } = kubeWorkload;
+    const { cluster, namespace, type, name } = kubeWorkload;
 
-      const imageLocator: IImageLocator = {
-        userLocator: config.INTEGRATION_ID,
-        imageId: scannedImage.image,
-        imageWithDigest: scannedImage.imageWithDigest,
-        cluster,
-        namespace,
-        type,
-        name,
-      };
+    const imageLocator: IImageLocator = {
+      userLocator: config.INTEGRATION_ID,
+      imageId: scannedImage.image,
+      imageWithDigest: scannedImage.imageWithDigest,
+      cluster,
+      namespace,
+      type,
+      name,
+    };
 
-      const monitorMetadata: IKubernetesMonitorMetadata = {
-        agentId: config.AGENT_ID,
-        namespace: config.NAMESPACE,
-        version: config.MONITOR_VERSION,
-      };
+    const monitorMetadata: IKubernetesMonitorMetadata = {
+      agentId: config.AGENT_ID,
+      namespace: config.NAMESPACE,
+      version: config.MONITOR_VERSION,
+    };
 
-      return {
-        imageLocator,
-        agentId: config.AGENT_ID,
-        dependencyGraph: JSON.stringify(scannedImage.pluginResult),
-        metadata: monitorMetadata,
-      };
-    },
-  );
+    return {
+      imageLocator,
+      agentId: config.AGENT_ID,
+      dependencyGraph: JSON.stringify(scannedImage.pluginResult),
+      metadata: monitorMetadata,
+    };
+  });
 
   return results;
 }