diff --git a/.changeset/cuddly-kids-shake.md b/.changeset/cuddly-kids-shake.md new file mode 100644 index 00000000..04b4440f --- /dev/null +++ b/.changeset/cuddly-kids-shake.md @@ -0,0 +1,5 @@ +--- +"@nodesecure/tarball": minor +--- + +(Tarball) detect and flag with hasExternalCapacity when native fetch is used diff --git a/package-lock.json b/package-lock.json index c586f24a..fc2c8032 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1570,9 +1570,9 @@ "link": true }, "node_modules/@nodesecure/js-x-ray": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/@nodesecure/js-x-ray/-/js-x-ray-8.1.1.tgz", - "integrity": "sha512-AVH5D9XR3O11naADJ/WFZT5/8COAG9wOw6wHQskPZaQ4iOj00NpmNudnh8I6wdprlg0auqb9h7jngpsedwrd6A==", + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/@nodesecure/js-x-ray/-/js-x-ray-8.2.0.tgz", + "integrity": "sha512-37CiEJHjuskIl6xekbfP9Zhn0JKxKBSJAKtQKRDrrlNFs/7LtR3VVukNyQgvKoEsQuEHsAkPEl0ECuR4LHM9tw==", "license": "MIT", "workspaces": [ "workspaces/estree-ast-utils", @@ -11301,7 +11301,7 @@ }, "workspaces/npm-types": { "name": "@nodesecure/npm-types", - "version": "1.2.0", + "version": "1.2.1", "license": "MIT" }, "workspaces/rc": { @@ -11390,7 +11390,7 @@ "dependencies": { "@nodesecure/conformance": "^1.0.0", "@nodesecure/fs-walk": "^2.0.0", - "@nodesecure/js-x-ray": "^8.1.0", + "@nodesecure/js-x-ray": "^8.2.0", "@nodesecure/mama": "^1.1.0", "@nodesecure/npm-types": "^1.2.0", "@nodesecure/utils": "^2.1.0", diff --git a/workspaces/tarball/package.json b/workspaces/tarball/package.json index 207f1dd4..899aeb3a 100644 --- a/workspaces/tarball/package.json +++ b/workspaces/tarball/package.json @@ -31,7 +31,7 @@ "dependencies": { "@nodesecure/conformance": "^1.0.0", "@nodesecure/fs-walk": "^2.0.0", - "@nodesecure/js-x-ray": "^8.1.0", + "@nodesecure/js-x-ray": "^8.2.0", "@nodesecure/mama": "^1.1.0", "@nodesecure/npm-types": "^1.2.0", "@nodesecure/utils": "^2.1.0", diff --git a/workspaces/tarball/src/sast/file.ts b/workspaces/tarball/src/sast/file.ts index 702b75f8..f968c956 100644 --- a/workspaces/tarball/src/sast/file.ts +++ b/workspaces/tarball/src/sast/file.ts @@ -23,6 +23,9 @@ export interface scanFileReport { tryDependencies: string[]; dependencies: string[]; filesDependencies: string[]; + filesFlags: { + hasExternalCapacity: boolean; + }; } export async function scanFile( @@ -53,7 +56,10 @@ export async function scanFile( isMinified: result.isMinified, tryDependencies, dependencies: packages, - filesDependencies: files + filesDependencies: files, + filesFlags: { + hasExternalCapacity: result.flags.has("fetch") + } }; } @@ -63,7 +69,10 @@ export async function scanFile( isMinified: false, tryDependencies: [], dependencies: [], - filesDependencies: [] + filesDependencies: [], + filesFlags: { + hasExternalCapacity: false + } }; } diff --git a/workspaces/tarball/src/tarball.ts b/workspaces/tarball/src/tarball.ts index d50fdc5f..cedfdc72 100644 --- a/workspaces/tarball/src/tarball.ts +++ b/workspaces/tarball/src/tarball.ts @@ -130,6 +130,7 @@ export async function scanDirOrArchive( const filesDependencies = [...new Set(scannedFiles.flatMap((row) => row.filesDependencies))]; const tryDependencies = new Set(scannedFiles.flatMap((row) => row.tryDependencies)); const minifiedFiles = scannedFiles.filter((row) => row.isMinified).flatMap((row) => row.file); + const hasExternalCapacity = scannedFiles.some((row) => row.filesFlags.hasExternalCapacity); const { nodeDependencies, @@ -156,6 +157,7 @@ export async function scanDirOrArchive( ref.flags.push(...booleanToFlags({ ...flags, + hasExternalCapacity: hasExternalCapacity || flags.hasExternalCapacity, hasNoLicense: spdx.uniqueLicenseIds.length === 0, hasMultipleLicenses: spdx.uniqueLicenseIds.length > 1, hasMinifiedCode: minifiedFiles.length > 0, diff --git a/workspaces/tarball/test/fixtures/scanJavascriptFile/fetch.js b/workspaces/tarball/test/fixtures/scanJavascriptFile/fetch.js new file mode 100644 index 00000000..d7372cb8 --- /dev/null +++ b/workspaces/tarball/test/fixtures/scanJavascriptFile/fetch.js @@ -0,0 +1,3 @@ +const apiService = async (url) => fetch(url); + +export default apiService; \ No newline at end of file diff --git a/workspaces/tarball/test/sast/scanFile.spec.ts b/workspaces/tarball/test/sast/scanFile.spec.ts index 5702511b..a3885160 100644 --- a/workspaces/tarball/test/sast/scanFile.spec.ts +++ b/workspaces/tarball/test/sast/scanFile.spec.ts @@ -19,7 +19,10 @@ test("scanFile (fixture one.js)", async() => { isMinified: false, tryDependencies: [], dependencies: ["http", "mocha"], - filesDependencies: ["src\\foo.js", "home\\marco.js"].map((location) => location.replaceAll("\\", path.sep)) + filesDependencies: ["src\\foo.js", "home\\marco.js"].map((location) => location.replaceAll("\\", path.sep)), + filesFlags: { + hasExternalCapacity: false + } }); }); @@ -31,7 +34,10 @@ test("scanFile (fixture two.min.js)", async() => { isMinified: true, tryDependencies: ["http"], dependencies: ["http", "fs"], - filesDependencies: [] + filesDependencies: [], + filesFlags: { + hasExternalCapacity: false + } }); }); @@ -43,7 +49,10 @@ test("scanFile (fixture onelineStmt.min.js)", async() => { isMinified: false, tryDependencies: [], dependencies: [], - filesDependencies: ["foobar.js"] + filesDependencies: ["foobar.js"], + filesFlags: { + hasExternalCapacity: false + } }); }); @@ -63,6 +72,24 @@ test("scanFile (fixture parsingError.js)", async() => { isMinified: false, tryDependencies: [], dependencies: [], - filesDependencies: [] + filesDependencies: [], + filesFlags: { + hasExternalCapacity: false + } + }); +}); + +test("scanFile (fixture fetch.js)", async() => { + const result = await scanFile(kFixturePath, "fetch.js", "yolo"); + assert.deepEqual(result, { + file: "fetch.js", + warnings: [], + isMinified: false, + tryDependencies: [], + dependencies: [], + filesDependencies: [], + filesFlags: { + hasExternalCapacity: true + } }); });