Merge pull request #393 from snyk-tech-services/feat/clone-and-analyze

feat: clones & analyses repo for changes vs monitored projects
snyk · Dec 6, 2022 · 686a6b5 · 686a6b5
2 parents 2d82acc + f70a76a
commit 686a6b5
Show file tree

Hide file tree

Showing 6 changed files with 549 additions and 28 deletions.
diff --git a/src/lib/supported-project-types/supported-manifests.ts b/src/lib/supported-project-types/supported-manifests.ts
@@ -1,8 +1,12 @@
+export type SnykProductEntitlement =
+  | 'dockerfileFromScm'
+  | 'infrastructureAsCode';
+
 export const PACKAGE_MANAGERS: {
   [projectType: string]: {
     manifestFiles: string[];
     isSupported: boolean;
-    entitlement?: string;
+    entitlement?: SnykProductEntitlement;
   };
 } = {
   npm: {
@@ -86,7 +90,7 @@ export const PACKAGE_MANAGERS: {
       '*[dD][oO][cC][kK][eE][rR][fF][iI][lL][eE]*',
       '*Dockerfile*',
     ],
-    entitlement: 'dockerfileFromScm', // TODO: use API to check https://snyk.docs.apiary.io/#reference/entitlements/a-specific-entitlement-by-organization/get-an-organization's-entitlement-value
+    entitlement: 'dockerfileFromScm',
   },
   hex: {
     manifestFiles: ['mix.exs'],
@@ -98,7 +102,7 @@ export const CLOUD_CONFIGS: {
   [projectType: string]: {
     manifestFiles: string[];
     isSupported: boolean;
-    entitlement?: string;
+    entitlement?: SnykProductEntitlement;
   };
 } = {
   helmconfig: {
@@ -120,7 +124,7 @@ export const CLOUD_CONFIGS: {
 
 export function getSCMSupportedManifests(
   manifestTypes?: string[],
-  orgEntitlements: string[] = [],
+  orgEntitlements: SnykProductEntitlement[] = [],
 ): string[] {
   const typesWithSCMSupport = Object.entries({
     ...PACKAGE_MANAGERS,

diff --git a/src/scripts/sync/clone-and-analyze.ts b/src/scripts/sync/clone-and-analyze.ts
@@ -0,0 +1,77 @@
+import * as debugLib from 'debug';
+import * as fs from 'fs';
+import * as path from 'path';
+
+import { find, getSCMSupportedManifests, gitClone } from '../../lib';
+import type { SnykProductEntitlement } from '../../lib/supported-project-types/supported-manifests';
+import type {
+  RepoMetaData,
+  SnykProject,
+  SupportedIntegrationTypesUpdateProject,
+} from '../../lib/types';
+import { generateProjectDiffActions } from './generate-projects-diff-actions';
+
+const debug = debugLib('snyk:clone-and-analyze');
+
+const defaultExclusionGlobs = [
+  'fixtures',
+  'tests',
+  '__tests__',
+  'test',
+  '__test__',
+  'ci',
+  'node_modules',
+  'bower_components',
+  '.git',
+];
+export async function cloneAndAnalyze(
+  integrationType: SupportedIntegrationTypesUpdateProject,
+  repoMetadata: RepoMetaData,
+  snykMonitoredProjects: SnykProject[],
+  exclusionGlobs: string[] = [],
+  entitlements: SnykProductEntitlement[] = [
+    'dockerfileFromScm',
+    'infrastructureAsCode',
+  ],
+  manifestTypes?: string[],
+): Promise<{
+  import: string[];
+  deactivate: SnykProject[];
+}> {
+  const { success, repoPath, gitResponse } = await gitClone(
+    integrationType,
+    repoMetadata,
+  );
+  debug('Clone response', { success, repoPath, gitResponse });
+
+  if (!success) {
+    throw new Error(gitResponse);
+  }
+
+  if (!repoPath) {
+    throw new Error('No location returned for clones repo to analyze');
+  }
+  const { files } = await find(
+    repoPath,
+    [...defaultExclusionGlobs, ...exclusionGlobs],
+    // TODO: when possible switch to check entitlements via API automatically for an org
+    // right now the product entitlements are not exposed via API so user has to provide which products
+    // they are using
+    getSCMSupportedManifests(manifestTypes, entitlements),
+    6,
+  );
+  const relativeFileNames = files.map((f) => path.relative(repoPath, f));
+  debug(
+    `Detected ${files.length} files in ${repoMetadata.cloneUrl}: ${files.join(
+      ',',
+    )}`,
+  );
+
+  fs.rmdirSync(repoPath, { recursive: true });
+
+  return generateProjectDiffActions(
+    relativeFileNames,
+    snykMonitoredProjects,
+    manifestTypes && manifestTypes.length > 0,
+  );
+}
diff --git a/src/scripts/sync/generate-projects-diff-actions.ts b/src/scripts/sync/generate-projects-diff-actions.ts
@@ -3,6 +3,7 @@ import type { SnykProject } from '../../lib/types';
 export function generateProjectDiffActions(
   repoManifests: string[],
   snykMonitoredProjects: SnykProject[],
+  skipDeactivating = false,
 ): {
   import: string[];
   deactivate: SnykProject[];
@@ -29,5 +30,8 @@ export function generateProjectDiffActions(
     }
   }
 
-  return { import: filesToImport, deactivate };
+  return {
+    import: filesToImport,
+    deactivate: skipDeactivating ? [] : deactivate,
+  };
 }