Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: include/exclude dev deps in analyzers #7484

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

refactor: include/exclude dev deps in analyzers #7484

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
e1e4679
refactor: add IncludeDevDeps to options
DmitriyLewen Sep 10, 2024
7cd523d
refactor: add IncludeDevDeps for `npm`
DmitriyLewen Sep 10, 2024
0ceb174
refactor: add IncludeDevDeps for `yarn`
DmitriyLewen Sep 10, 2024
fcffc4a
refactor: add IncludeDevDeps for `pom maven-invoker-plugin`
DmitriyLewen Sep 10, 2024
dba9f9f
fix(pom): mark child deps of test scope as `Dev`
DmitriyLewen Sep 11, 2024
827a75e
fix(fanal): add `includeDevDeps` for
DmitriyLewen Sep 11, 2024
52026ac
refactor: remove exclude dev deps from scanner
DmitriyLewen Sep 11, 2024
a3b8dc7
refactor: pom parser
DmitriyLewen Sep 11, 2024
98ff317
fix: add includeDevDeps flag for `parseV1`
DmitriyLewen Sep 11, 2024
5606034
test: fix npm test
DmitriyLewen Sep 11, 2024
3b94ec3
revert: pom parser changes
DmitriyLewen Sep 12, 2024
f27b83d
Merge branch 'main' of github.com:aquasecurity/trivy into fix/include…
DmitriyLewen Sep 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
refactor: add IncludeDevDeps for npm
  • Loading branch information
@DmitriyLewen
DmitriyLewen committed Sep 10, 2024
commit 7cd523d5f0f8f5b11343fa1bd6db901dd8088493
13 changes: 10 additions & 3 deletions pkg/dependency/parser/nodejs/npm/parse.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,14 @@ type Package struct {
}

type Parser struct {
logger *log.Logger
logger *log.Logger
includeDevDeps bool
}

func NewParser() *Parser {
func NewParser(includeDevDeps bool) *Parser {
return &Parser{
logger: log.WithPrefix("npm"),
logger: log.WithPrefix("npm"),
includeDevDeps: includeDevDeps,
}
}

Expand Down Expand Up @@ -108,6 +110,11 @@ func (p *Parser) parseV2(packages map[string]Package) ([]ftypes.Package, []ftype
continue
}

// Skip `Dev` dependencies if `--include-dev-deps` flag is not present
if pkg.Dev && !p.includeDevDeps {
continue
}

// pkg.Name exists when package name != folder name
pkgName := pkg.Name
if pkgName == "" {
Expand Down
79 changes: 50 additions & 29 deletions pkg/dependency/parser/nodejs/npm/parse_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,46 +12,67 @@ import (

func TestParse(t *testing.T) {
tests := []struct {
name string
file string // Test input file
want []ftypes.Package
wantDeps []ftypes.Dependency
name string
file string // Test input file
includeDevDeps bool
want []ftypes.Package
wantDeps []ftypes.Dependency
}{
{
name: "lock version v1",
file: "testdata/package-lock_v1.json",
want: npmV1Pkgs,
wantDeps: npmDeps,
name: "lock version v1",
file: "testdata/package-lock_v1.json",
includeDevDeps: true,
want: npmV1Pkgs,
wantDeps: npmDeps,
},
{
name: "lock version v2",
file: "testdata/package-lock_v2.json",
want: npmV2Pkgs,
wantDeps: npmDeps,
name: "lock version v2",
file: "testdata/package-lock_v2.json",
includeDevDeps: true,
want: npmV2Pkgs,
wantDeps: npmDeps,
},
{
name: "lock version v3",
file: "testdata/package-lock_v3.json",
want: npmV2Pkgs,
wantDeps: npmDeps,
name: "lock version v3",
file: "testdata/package-lock_v3.json",
includeDevDeps: true,
want: npmV2Pkgs,
wantDeps: npmDeps,
},
{
name: "lock version v3 with workspace",
file: "testdata/package-lock_v3_with_workspace.json",
want: npmV3WithWorkspacePkgs,
wantDeps: npmV3WithWorkspaceDeps,
name: "lock version v3. Exclude Dev deps",
file: "testdata/package-lock_v3.json",
includeDevDeps: false,
want: npmV2PkgsExcludeDev,
wantDeps: npmV2DepsExcludeDev,
},
{
name: "lock file v3 contains same dev and non-dev dependencies",
file: "testdata/package-lock_v3_with-same-dev-and-non-dev.json",
want: npmV3WithSameDevAndNonDevPkgs,
wantDeps: npmV3WithSameDevAndNonDevDeps,
name: "lock version v3 with workspace",
file: "testdata/package-lock_v3_with_workspace.json",
includeDevDeps: true,
want: npmV3WithWorkspacePkgs,
wantDeps: npmV3WithWorkspaceDeps,
},
{
name: "lock version v3 with workspace and without direct deps field",
file: "testdata/package-lock_v3_without_root_deps_field.json",
want: npmV3WithoutRootDepsField,
wantDeps: npmV3WithoutRootDepsFieldDeps,
name: "lock file v3 contains same dev and non-dev dependencies",
file: "testdata/package-lock_v3_with-same-dev-and-non-dev.json",
includeDevDeps: true,
want: npmV3WithSameDevAndNonDevPkgs,
wantDeps: npmV3WithSameDevAndNonDevDeps,
},
{
name: "lock file v3 contains same dev and non-dev dependencies. Exclude Dev deps",
file: "testdata/package-lock_v3_with-same-dev-and-non-dev.json",
includeDevDeps: false,
want: npmV3WithSameDevAndNonDevPkgsExcludeDev,
wantDeps: nil,
},
{
name: "lock version v3 with workspace and without direct deps field",
file: "testdata/package-lock_v3_without_root_deps_field.json",
includeDevDeps: true,
want: npmV3WithoutRootDepsField,
wantDeps: npmV3WithoutRootDepsFieldDeps,
},
{
name: "lock version v3 with broken link",
Expand All @@ -66,7 +87,7 @@ func TestParse(t *testing.T) {
f, err := os.Open(tt.file)
require.NoError(t, err)

got, deps, err := NewParser().Parse(f)
got, deps, err := NewParser(tt.includeDevDeps).Parse(f)
require.NoError(t, err)

assert.Equal(t, tt.want, got)
Expand Down
Loading