fix: reinstate --all-sub-project support for Gradle

src/cli/commands/monitor.ts

@@ -16,9 +16,6 @@ import * as detect from '../../lib/detect';
 import * as plugins from '../../lib/plugins';
 import {ModuleInfo} from '../../lib/module-info'; // TODO(kyegupov): fix import
 import {
- SingleDepRootResult,
- MultiDepRootsResult,
- isMultiResult,
  MonitorOptions,
  MonitorMeta,
  MonitorResult,
@@ -30,6 +27,7 @@ import {
  MonitorError,
  UnsupportedFeatureFlagError,
 } from '../../lib/errors';
+import { legacyPlugin as pluginApi } from '@snyk/cli-interface';
 
 const SEPARATOR = '\n-------------------------------------------------------\n';
 
@@ -78,7 +76,7 @@ async function monitor(...args0: MethodArgs): Promise<any> {
  snyk.id = options.id;
  }
 
- if (options['all-sub-projects'] && options['project-name']) {
+ if (options.allSubProjects && options['project-name']) {
  throw new Error('`--all-sub-projects` is currently not compatible with `--project-name`');
  }
 
@@ -126,13 +124,12 @@ async function monitor(...args0: MethodArgs): Promise<any> {
 
  // Scan the project dependencies via a plugin
 
- const pluginOptions = plugins.getPluginOptions(packageManager, options);
  analytics.add('packageManager', packageManager);
- analytics.add('pluginOptions', pluginOptions);
+ analytics.add('pluginOptions', options);
 
- // TODO: the type should depend on multiDepRoots flag
- const inspectResult: SingleDepRootResult|MultiDepRootsResult = await promiseOrCleanup(
- moduleInfo.inspect(path, targetFile, { ...options, ...pluginOptions }),
+ // TODO: the type should depend on allSubProjects flag
+ const inspectResult: pluginApi.InspectResult = await promiseOrCleanup(
+ moduleInfo.inspect(path, targetFile, { ...options }),
  spinner.clear(analyzingDepsSpinnerLabel));
 
  analytics.add('pluginName', inspectResult.plugin.name);
@@ -155,30 +152,30 @@ async function monitor(...args0: MethodArgs): Promise<any> {
 
  // We send results from "all-sub-projects" scanning as different Monitor objects
 
- // SingleDepRootResult is a legacy format understood by Registry, so we have to convert
- // a MultiDepRootsResult to an array of these.
+ // SinglePackageResult is a legacy format understood by Registry, so we have to convert
+ // a MultiProjectResult to an array of these.
 
- let perDepRootResults: SingleDepRootResult[] = [];
+ let perSubProjectResults: pluginApi.SinglePackageResult[] = [];
  let advertiseSubprojectsCount: number | null = null;
- if (isMultiResult(inspectResult)) {
- perDepRootResults = inspectResult.depRoots.map(
- (depRoot) => ({plugin: inspectResult.plugin, package: depRoot.depTree}));
+ if (pluginApi.isMultiResult(inspectResult)) {
+ perSubProjectResults = inspectResult.scannedProjects.map(
+ (scannedProject) => ({plugin: inspectResult.plugin, package: scannedProject.depTree}));
  } else {
  if (!options['gradle-sub-project']
  && inspectResult.plugin.meta
  && inspectResult.plugin.meta.allSubProjectNames
  && inspectResult.plugin.meta.allSubProjectNames.length > 1) {
  advertiseSubprojectsCount = inspectResult.plugin.meta.allSubProjectNames.length;
  }
- perDepRootResults = [inspectResult];
+ perSubProjectResults = [inspectResult];
  }
 
  // Post the project dependencies to the Registry
- for (const depRootDeps of perDepRootResults) {
- maybePrintDeps(options, depRootDeps.package);
+ for (const subProjDeps of perSubProjectResults) {
+ maybePrintDeps(options, subProjDeps.package);
 
  const res = await promiseOrCleanup(
- snykMonitor(path, meta, depRootDeps, targetFile),
+ snykMonitor(path, meta, subProjDeps, targetFile),
  spinner.clear(postingMonitorSpinnerLabel));
 
  await spinner.clear(postingMonitorSpinnerLabel)(res);
@@ -193,8 +190,8 @@ async function monitor(...args0: MethodArgs): Promise<any> {
  const manageUrl = url.format(endpoint);
 
  endpoint.pathname = leader + '/monitor/' + res.id;
- const subProjectName = isMultiResult(inspectResult)
- ? depRootDeps.package.name
+ const subProjectName = pluginApi.isMultiResult(inspectResult)
+ ? subProjDeps.package.name
  : undefined;
  const monOutput = formatMonitorOutput(
  packageManager,

src/lib/module-info/index.ts

@@ -1,12 +1,12 @@
 import * as _ from 'lodash';
 import * as Debug from 'debug';
-import { SingleDepRootResult } from '../types';
+import { legacyPlugin as pluginApi } from '@snyk/cli-interface';
 
 const debug = Debug('snyk-module-info');
 
 export function ModuleInfo(plugin, policy) {
  return {
- async inspect(root, targetFile, options): Promise<SingleDepRootResult> {
+ async inspect(root, targetFile, options): Promise<pluginApi.SinglePackageResult> {
  const pluginOptions = _.merge({
  args: options._doubleDashArgs,
  }, options);

src/lib/monitor.ts

@@ -8,12 +8,13 @@ import * as os from 'os';
 import * as _ from 'lodash';
 import {isCI} from './is-ci';
 import * as analytics from './analytics';
-import { SingleDepRootResult, DepTree, MonitorMeta, MonitorResult } from './types';
+import { DepTree, MonitorMeta, MonitorResult } from './types';
 import * as projectMetadata from './project-metadata';
 import * as path from 'path';
 import {MonitorError, ConnectionTimeoutError} from './errors';
 import { countPathsToGraphRoot, pruneGraph } from './prune';
 import { GRAPH_SUPPORTED_PACKAGE_MANAGERS } from './package-managers';
+import { legacyPlugin as pluginApi } from '@snyk/cli-interface';
 
 const debug = Debug('snyk');
 
@@ -104,7 +105,7 @@ function filterOutMissingDeps(depTree: DepTree): FilteredDepTree {
 
  for (const depKey of Object.keys(depTree.dependencies)) {
  const dep = depTree.dependencies[depKey];
- if (dep.missingLockFileEntry) {
+ if ((dep as any).missingLockFileEntry) { // TODO(kyegupov): add field to the type
  missingDeps.push(`${dep.name}@${dep.version}`);
  } else {
  filteredDeps[depKey] = dep;
@@ -124,7 +125,7 @@ function filterOutMissingDeps(depTree: DepTree): FilteredDepTree {
 export async function monitor(
  root: string,
  meta: MonitorMeta,
- info: SingleDepRootResult,
+ info: pluginApi.SinglePackageResult,
  targetFile?: string,
  ): Promise<MonitorResult> {
  apiTokenExists();
@@ -231,7 +232,7 @@ export async function monitor(
 export async function monitorGraph(
  root: string,
  meta: MonitorMeta,
- info: SingleDepRootResult,
+ info: pluginApi.SinglePackageResult,
  targetFile?: string,
 ): Promise<MonitorResult> {
  const packageManager = meta.packageManager;

src/lib/plugins/index.ts

@@ -59,18 +59,3 @@ export function loadPlugin(packageManager: SupportedPackageManagers,
  }
  }
 }
-
-export function getPluginOptions(packageManager: string, options: types.Options): types.Options {
- const pluginOptions: types.Options = {};
- switch (packageManager) {
- case 'gradle': {
- if (options['all-sub-projects']) {
- pluginOptions.multiDepRoots = true;
- }
- return pluginOptions;
- }
- default: {
- return pluginOptions;
- }
- }
-}

src/lib/plugins/types.ts

@@ -4,7 +4,7 @@ export interface InspectResult {
  runtime?: string;
  };
  package?: any;
- depRoots?: any;
+ scannedProjects?: any;
 }
 
 export interface Options {
@@ -13,7 +13,7 @@ export interface Options {
  traverseNodeModules?: boolean;
  dev?: boolean;
  strictOutOfSync?: boolean | 'true' | 'false';
- multiDepRoots?: boolean;
+ allSubProjects?: boolean;
  debug?: boolean;
  packageManager?: string;
  composerIsFine?: boolean;

src/lib/print-deps.ts

@@ -1,8 +1,9 @@
-import { DepDict, Options, MonitorOptions, DepTree } from './types';
+import { DepDict, Options, MonitorOptions } from './types';
+import { legacyCommon as legacyApi } from '@snyk/cli-interface';
 
 // This option is still experimental and might be deprecated.
 // It might be a better idea to convert it to a command (i.e. do not perform test/monitor).
-export function maybePrintDeps(options: Options | MonitorOptions, rootPackage: DepTree) {
+export function maybePrintDeps(options: Options | MonitorOptions, rootPackage: legacyApi.DepTree) {
  if (options['print-deps']) {
  if (options.json) {
  // Will produce 2 JSON outputs, one for the deps, one for the vuln scan.

src/lib/snyk-test/run-test.ts

@@ -16,7 +16,7 @@ import common = require('./common');
 import {DepTree, TestOptions} from '../types';
 import gemfileLockToDependencies = require('../../lib/plugins/rubygems/gemfile-lock-to-dependencies');
 import {convertTestDepGraphResultToLegacy, AnnotatedIssue, LegacyVulnApiResult, TestDepGraphResponse} from './legacy';
-import {SingleDepRootResult, MultiDepRootsResult, isMultiResult, Options} from '../types';
+import {Options} from '../types';
 import {
  NoSupportedManifestsFoundError,
  InternalServerError,
@@ -26,6 +26,7 @@ import {
 import { maybePrintDeps } from '../print-deps';
 import { SupportedPackageManagers } from '../package-managers';
 import { countPathsToGraphRoot, pruneGraph } from '../prune';
+import { legacyPlugin as pluginApi } from '@snyk/cli-interface';
 
 // tslint:disable-next-line:no-var-requires
 const debug = require('debug')('snyk');
@@ -207,23 +208,22 @@ function assemblePayloads(root: string, options: Options & TestOptions): Promise
  return assembleRemotePayloads(root, options);
 }
 
-// Force getDepsFromPlugin to return depRoots for processing in assembleLocalPayload
-async function getDepsFromPlugin(root, options: Options): Promise<MultiDepRootsResult> {
+// Force getDepsFromPlugin to return scannedProjects for processing in assembleLocalPayload
+async function getDepsFromPlugin(root, options: Options): Promise<pluginApi.MultiProjectResult> {
  options.file = options.file || detect.detectPackageFile(root);
  if (!options.docker && !(options.file || options.packageManager)) {
  throw NoSupportedManifestsFoundError([...root]);
  }
  const plugin = plugins.loadPlugin(options.packageManager, options);
  const moduleInfo = ModuleInfo(plugin, options.policy);
- const pluginOptions = plugins.getPluginOptions(options.packageManager, options);
- const inspectRes: SingleDepRootResult | MultiDepRootsResult =
- await moduleInfo.inspect(root, options.file, { ...options, ...pluginOptions });
+ const inspectRes: pluginApi.InspectResult =
+ await moduleInfo.inspect(root, options.file, { ...options });
 
- if (!isMultiResult(inspectRes)) {
+ if (!pluginApi.isMultiResult(inspectRes)) {
  if (!inspectRes.package) {
  // something went wrong if both are not present...
  throw Error(`error getting dependencies from ${options.packageManager} ` +
- 'plugin: neither \'package\' nor \'depRoots\' were found');
+ 'plugin: neither \'package\' nor \'scannedProjects\' were found');
  }
  if (!inspectRes.package.targetFile && inspectRes.plugin) {
  inspectRes.package.targetFile = inspectRes.plugin.targetFile;
@@ -238,13 +238,13 @@ async function getDepsFromPlugin(root, options: Options): Promise<MultiDepRootsR
  }
  return {
  plugin: inspectRes.plugin,
- depRoots: [{depTree: inspectRes.package}],
+ scannedProjects: [{depTree: inspectRes.package}],
  };
  } else {
  // We are using "options" to store some information returned from plugin that we need to use later,
  // but don't want to send to Registry in the Payload.
  // TODO(kyegupov): decouple inspect and payload so that we don't need this hack
- options.subProjectNames = inspectRes.depRoots.map((depRoot) => depRoot.depTree.name);
+ (options as any).subProjectNames = inspectRes.scannedProjects.map((scannedProject) => scannedProject.depTree.name);
  return inspectRes;
  }
 }
@@ -263,14 +263,14 @@ async function assembleLocalPayloads(root, options: Options & TestOptions): Prom
  const deps = await getDepsFromPlugin(root, options);
  analytics.add('pluginName', deps.plugin.name);
 
- for (const depRoot of deps.depRoots) {
- const pkg = depRoot.depTree;
+ for (const scannedProject of deps.scannedProjects) {
+ const pkg = scannedProject.depTree;
  if (options['print-deps']) {
  await spinner.clear<void>(spinnerLbl)();
  maybePrintDeps(options, pkg);
  }
  if (deps.plugin && deps.plugin.packageManager) {
- options.packageManager = deps.plugin.packageManager;
+ (options as any).packageManager = deps.plugin.packageManager;
  }
 
  if (pkg.docker) {
@@ -332,7 +332,10 @@ async function assembleLocalPayloads(root, options: Options & TestOptions): Prom
  } else {
  // Graphs are more compact and robust representations.
  // Legacy parts of the code are still using trees, but will eventually be fully migrated.
- debug('converting dep-tree to dep-graph', {name: pkg.name, targetFile: depRoot.targetFile || options.file});
+ debug('converting dep-tree to dep-graph', {
+ name: pkg.name,
+ targetFile: scannedProject.targetFile || options.file,
+ });
  let depGraph = await depGraphLib.legacy.depTreeToGraph(
  pkg, options.packageManager);
 

src/lib/types.ts

@@ -1,6 +1,5 @@
 import { SupportedPackageManagers } from './package-managers';
-
-// TODO(kyegupov): use a shared repository snyk-cli-interface
+import { legacyCommon as legacyApi } from '@snyk/cli-interface';
 
 export interface PluginMetadata {
  name: string;
@@ -19,45 +18,7 @@ export interface DepDict {
  [name: string]: DepTree;
 }
 
-export interface DepTree {
- name: string;
- version: string;
- dependencies?: DepDict;
- packageFormatVersion?: string;
- docker?: any;
- files?: any;
- targetFile?: string;
- missingLockFileEntry?: boolean;
-
- labels?: {
- [key: string]: string;
-
- // Known keys:
- // pruned: identical subtree already presents in the parent node.
- // See --prune-repeated-subdependencies flag.
- };
-}
-
-export interface DepRoot {
- depTree: DepTree; // to be soon replaced with depGraph
- targetFile?: string;
-}
-
-// Legacy result type. Will be deprecated soon.
-export interface SingleDepRootResult {
- plugin: PluginMetadata;
- package: DepTree;
-}
-
-export interface MultiDepRootsResult {
- plugin: PluginMetadata;
- depRoots: DepRoot[];
-}
-
-// https://www.typescriptlang.org/docs/handbook/advanced-types.html#user-defined-type-guards
-export function isMultiResult(pet: SingleDepRootResult | MultiDepRootsResult): pet is MultiDepRootsResult {
- return !!(pet as MultiDepRootsResult).depRoots;
-}
+export type DepTree = legacyApi.DepTree;
 
 export interface TestOptions {
  traverseNodeModules: boolean;
@@ -81,7 +42,7 @@ export interface Options {
  'ignore-policy'?: boolean;
  'trust-policies'?: boolean; // used in snyk/policy lib
  'policy-path'?: boolean;
- 'all-sub-projects'?: boolean; // Corresponds to multiDepRoot in plugins
+ allSubProjects?: boolean;
  'project-name'?: string;
  'show-vulnerable-paths'?: string;
  showVulnPaths?: boolean;
@@ -100,7 +61,7 @@ export interface MonitorOptions {
  file?: string;
  policy?: string;
  json?: boolean;
- 'all-sub-projects'?: boolean; // Corresponds to multiDepRoot in plugins
+ allSubProjects?: boolean;
  'project-name'?: string;
  'print-deps'?: boolean;
  'experimental-dep-graph'?: boolean;