diff --git a/defs.bzl b/defs.bzl index 636469c..ee35b99 100644 --- a/defs.bzl +++ b/defs.bzl @@ -1,11 +1,11 @@ """ Entrypoint for Snyk macros """ load("//snyk/maven:rules.bzl", _snyk_maven = "snyk_maven") -#load("//snyk/gomod:rules.bzl", _snyk_gomod = "snyk_gomod") +load("//snyk/gomod:rules.bzl", _snyk_gomod = "snyk_gomod") #load("//snyk/pip:rules.bzl", _snyk_pip = "snyk_pip") load("//snyk/tester:rules.bzl", _snyk_python_tester = "snyk_python_tester") snyk_maven = _snyk_maven -# snyk_gomod = _snyk_gomod +snyk_gomod = _snyk_gomod # snyk_pip = _snyk_pip snyk_python_tester = _snyk_python_tester diff --git a/snyk/maven/rules.bzl b/snyk/maven/rules.bzl index e08c77b..05d7315 100644 --- a/snyk/maven/rules.bzl +++ b/snyk/maven/rules.bzl @@ -1,6 +1,11 @@ load(":aspect.bzl", "maven_deps_aspect") load(":depgraph.bzl", _depgraph = "snyk_maven_depgraph") -load("//snyk:rules.bzl", _monitor = "snyk_depgraph_monitor_deps", _test = "snyk_depgraph_test_deps") +load( + "//snyk:rules.bzl", + _test = "snyk_depgraph_test_deps", + _monitor = "snyk_depgraph_monitor_deps", + _print_deps = "snyk_depgraph_print_deps" +) def snyk_maven( name, @@ -33,6 +38,14 @@ def snyk_maven( # nocolor = nocolor, ) + _print_deps( + name = name + "_print_deps", + package_source = package_source, + depgraph = depgraph_rule_name, + json = json, + # nocolor = nocolor, + ) + _depgraph( name = depgraph_rule_name, target = target, diff --git a/snyk/rules.bzl b/snyk/rules.bzl index 6f4d1e1..37d5da2 100644 --- a/snyk/rules.bzl +++ b/snyk/rules.bzl @@ -4,6 +4,8 @@ def _snyk_depgraph_test_deps_impl(ctx): depgraph_file = ctx.attr.depgraph.files.to_list()[0] + # gomod_list_file = ctx.attr.depgraph.files.to_list()[1] + args = [ "--depgraph-file", depgraph_file.short_path, @@ -59,6 +61,37 @@ def _snyk_depgraph_monitor_deps_impl(ctx): runfiles = ctx.runfiles(files = [ctx.executable._snyk_cli_zip, depgraph_file]) return [DefaultInfo(runfiles = runfiles)] +def _snyk_depgraph_print_deps_impl(ctx): + depgraph_file = ctx.attr.depgraph.files.to_list()[0] + # gomod_list_file = ctx.attr.depgraph.files.to_list()[1] + + args = [ + "--depgraph-file", + depgraph_file.short_path, + "--package-source", + ctx.attr.package_source, + "print-deps", + ] + + if ctx.attr.json: + args.append("--json") + #if ctx.attr.nocolor: + # args.append("-nocolor") + + ctx.actions.write( + output = ctx.outputs.executable, + content = "\n".join([ + "#!/bin/bash", + "exec python3 %s %s" % (ctx.executable._snyk_cli_zip.short_path, " ".join(args)) + ]), + is_executable = True, + ) + + runfiles = ctx.runfiles(files = [ctx.executable._snyk_cli_zip, depgraph_file]) + return [DefaultInfo( + runfiles = runfiles + )] + snyk_depgraph_test_deps = rule( attrs = { "_snyk_cli": attr.label( @@ -132,6 +165,39 @@ snyk_depgraph_monitor_deps = rule( executable = True ) +snyk_depgraph_print_deps = rule( + attrs = { + "_snyk_cli": attr.label( + default = "//snyk/scripts/cli:main", + cfg = "host", + executable = True, + ), + "_snyk_cli_zip": attr.label( + default = "//snyk/scripts/cli:main_zip", + cfg = "host", + executable = True + ), + "package_source": attr.string( + doc = "The package source type", + #default = "maven", + mandatory = True + ), + "depgraph": attr.label( + mandatory = True + ), + "json": attr.bool( + doc = "Dump full JSON output", + default = False + ), + "nocolor": attr.bool( + doc = "Don't display colors", + default = False + ) + }, + implementation = _snyk_depgraph_print_deps_impl, + executable = True +) + def _snyk_python_tester_impl(ctx): args = [] print("ctx: " + str(dir(ctx.toolchains))) diff --git a/snyk/scripts/cli/main.py b/snyk/scripts/cli/main.py index 87116c6..ea87b65 100644 --- a/snyk/scripts/cli/main.py +++ b/snyk/scripts/cli/main.py @@ -1,5 +1,5 @@ import sys -import json +import json as json_lib import os import typer import snyk @@ -72,9 +72,9 @@ def main(ctx: typer.Context, logger.setLevel(logging.DEBUG) f = open(depgraph_file) - g['depgraph_json'] = json.load(f) + g['depgraph_json'] = json_lib.load(f) - #print(json.dumps(g['depgraph_json'])) + #print(json_lib.dumps(g['depgraph_json'])) @app.command() def test( @@ -97,7 +97,7 @@ def test( json: bool = typer.Option( False, "--json", - help="return the JSON output from the test API results" + help="Return the JSON output from the test API results" ), ): @@ -117,7 +117,7 @@ def test( # ) if json: - print(json.dumps(json_response, indent=4)) + print(json_lib.dumps(json_response, indent=4)) sys.exit(0) # create a list of dictionaries with the key of the package name @@ -214,18 +214,32 @@ def monitor( response: requests.Response = monitor_depgraph(snyk_client, g['depgraph_json'], snyk_org_id) json_response = response.json() - print(json.dumps(json_response, indent=4)) + print(json_lib.dumps(json_response, indent=4)) if str(json_response['ok']) == "False": typer.echo("\n" + textColor.light_red + "security issues found, exiting with code 1 ...\n", file=sys.stderr) sys.exit(1) -# Utility functions +@app.command() +def print_deps( + json: bool = typer.Option( + False, + "--json", + help="Print the dependency tree in JSON format" + ), +): + """ + Print the dependency tree + """ + print(json_lib.dumps(g['depgraph_json'], indent=4)) + + +# depgraph functions def test_depgraph(snyk_client, depgraph: str, org_id: UUID) -> requests.Response: - return snyk_client.post(f"{DEPGRAPH_BASE_TEST_URL}{org_id}", body=depgraph) + return snyk_client.post(f"{DEPGRAPH_BASE_TEST_URL}{org_id}", body=depgraph) def monitor_depgraph(snyk_client, depgraph: str, org_id: UUID) -> requests.Response: - return snyk_client.post(f"{DEPGRAPH_BASE_MONITOR_URL}{org_id}", body=depgraph) + return snyk_client.post(f"{DEPGRAPH_BASE_MONITOR_URL}{org_id}", body=depgraph) if __name__ == "__main__":