Python report creation

Author: 101arrowz

lib/utils/path-resolve.js

@@ -5,29 +5,35 @@ import { globby } from 'globby'
 import ignore from 'ignore'
 // @ts-ignore This package provides no types
 import { directories } from 'ignore-by-default'
+import micromatch from 'micromatch'
 import { ErrorWithCause } from 'pony-cause'
 
 import { InputError } from './errors.js'
+import { setupSdk } from './sdk.js'
 import { isErrnoException } from './type-helpers.js'
 
-/** @type {readonly string[]} */
-const SUPPORTED_LOCKFILES = [
-  'package-lock.json',
-  'yarn.lock',
-]
-
 /**
  * There are a lot of possible folders that we should not be looking in and "ignore-by-default" helps us with defining those
  *
  * @type {readonly string[]}
  */
 const ignoreByDefault = directories()
 
-/** @type {readonly string[]} */
+/** @type { string[]} */
 const GLOB_IGNORE = [
   ...ignoreByDefault.map(item => '**/' + item)
 ]
 
+/** @type {import('globby').Options} */
+const BASE_GLOBBY_OPTS = {
+  absolute: true,
+  expandDirectories: false,
+  gitignore: true,
+  ignore: GLOB_IGNORE,
+  markDirectories: true,
+  unique: true,
+}
+
 /**
  * Resolves package.json and lockfiles from (globbed) input paths, applying relevant ignores
  *
@@ -43,14 +49,9 @@ export async function getPackageFiles (cwd, inputPaths, config, debugLog) {
 
   // TODO: Does not support `~/` paths
   const entries = await globby(inputPaths, {
-    absolute: true,
+    ...BASE_GLOBBY_OPTS,
     cwd,
-    expandDirectories: false,
-    gitignore: true,
-    ignore: [...GLOB_IGNORE],
-    markDirectories: true,
-    onlyFiles: false,
-    unique: true,
+    onlyFiles: false
   })
 
   debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries)
@@ -77,7 +78,12 @@ export async function getPackageFiles (cwd, inputPaths, config, debugLog) {
  * @throws {InputError}
  */
 export async function mapGlobResultToFiles (entries) {
-  const packageFiles = await Promise.all(entries.map(mapGlobEntryToFiles))
+  // TODO: setupSdk(getDefaultKey() || FREE_API_KEY) after #46 merged
+  const sdk = await setupSdk()
+  const supportedFiles = await sdk.getReportSupportedFiles()
+  const packageFiles = await Promise.all(
+    entries.map(entry => mapGlobEntryToFiles(entry, supportedFiles))
+  )
 
   const uniquePackageFiles = [...new Set(packageFiles.flat())]
 
@@ -88,46 +94,54 @@ export async function mapGlobResultToFiles (entries) {
  * Takes a single path to a folder, package.json or a recognized lock file and resolves to a package.json + lockfile pair (where possible)
  *
  * @param {string} entry
+ * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getReportSupportedFiles'>['data']} supportedFiles
  * @returns {Promise<string[]>}
  * @throws {InputError}
  */
-export async function mapGlobEntryToFiles (entry) {
+export async function mapGlobEntryToFiles (entry, supportedFiles) {
   /** @type {string|undefined} */
-  let pkgFile
-  /** @type {string|undefined} */
-  let lockFile
-
+  let pkgJSFile
+  /** @type {string[]} */
+  let jsLockFiles = []
+  /** @type {string[]} */
+  let pyFiles = []
+
+  const jsSupported = supportedFiles['npm'] || {}
+  const jsLockFilePatterns = Object.keys(jsSupported)
+    .filter(key => key !== 'packagejson')
+    .map(key => /** @type {{ pattern: string }} */ (jsSupported[key]).pattern)
+
+  const pyFilePatterns = Object.values(supportedFiles['pypi'] || {}).map(p => p.pattern)
   if (entry.endsWith('/')) {
     // If the match is a folder and that folder contains a package.json file, then include it
     const filePath = path.resolve(entry, 'package.json')
-    pkgFile = await fileExists(filePath) ? filePath : undefined
+    if (await fileExists(filePath)) pkgJSFile = filePath
+    pyFiles = await globby(pyFilePatterns, {
+      ...BASE_GLOBBY_OPTS,
+      cwd: entry
+    })
   } else if (path.basename(entry) === 'package.json') {
     // If the match is a package.json file, then include it
-    pkgFile = entry
-  } else if (SUPPORTED_LOCKFILES.includes(path.basename(entry))) {
-    // If the match is a lock file, include both it and the corresponding package.json file
-    lockFile = entry
-    pkgFile = path.resolve(path.dirname(entry), 'package.json')
+    pkgJSFile = entry
+  } else if (micromatch.isMatch(entry, jsLockFilePatterns)) {
+    jsLockFiles = [entry]
+    pkgJSFile = path.resolve(path.dirname(entry), 'package.json')
+    if (!(await fileExists(pkgJSFile))) return []
+  } else if (micromatch.isMatch(entry, pyFilePatterns)) {
+    pyFiles = [entry]
   }
 
   // If we will include a package.json file but don't already have a corresponding lockfile, then look for one
-  if (!lockFile && pkgFile) {
-    const pkgDir = path.dirname(pkgFile)
-
-    for (const name of SUPPORTED_LOCKFILES) {
-      const lockFileAlternative = path.resolve(pkgDir, name)
-      if (await fileExists(lockFileAlternative)) {
-        lockFile = lockFileAlternative
-        break
-      }
-    }
-  }
+  if (!jsLockFiles.length && pkgJSFile) {
+    const pkgDir = path.dirname(pkgJSFile)
 
-  if (pkgFile && lockFile) {
-    return [pkgFile, lockFile]
+    jsLockFiles = await globby(jsLockFilePatterns, {
+      ...BASE_GLOBBY_OPTS,
+      cwd: pkgDir
+    })
   }
 
-  return pkgFile ? [pkgFile] : []
+  return [...jsLockFiles, ...pyFiles].concat(pkgJSFile ? [pkgJSFile] : [])
 }
 
 /**

package.json

@@ -47,6 +47,7 @@
     "@tsconfig/node14": "^1.0.3",
     "@types/chai": "^4.3.3",
     "@types/chai-as-promised": "^7.1.5",
+    "@types/micromatch": "^4.0.2",
     "@types/mocha": "^10.0.1",
     "@types/mock-fs": "^4.13.1",
     "@types/node": "^14.18.31",
@@ -93,6 +94,7 @@
     "is-interactive": "^2.0.0",
     "is-unicode-supported": "^1.3.0",
     "meow": "^11.0.0",
+    "micromatch": "^4.0.5",
     "ora": "^6.1.2",
     "pony-cause": "^2.1.8",
     "prompts": "^2.4.2",