diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 4260403..4d862e9 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -2,5 +2,5 @@ blank_issues_enabled: false contact_links: - name: GitHub Discussions - url: https://github.com/trustification/exhort-javascript-api/discussions/ + url: https://github.com/guacsec/trustify-da-javascript-client/discussions/ about: You can also use Discussions for questions and ideas. diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 629f383..f5c2d5f 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -91,8 +91,10 @@ jobs: - name: Run unit tests env: - EXHORT_PYTHON3_PATH: "${{steps.python-location.outputs.python-bin-location}}/python3" - EXHORT_PIP3_PATH: "${{steps.python-location.outputs.python-bin-location}}/pip3" + TRUSTIFY_DA_PYTHON3_PATH: "${{steps.python-location.outputs.python-bin-location}}/python3" + TRUSTIFY_DA_PIP3_PATH: "${{steps.python-location.outputs.python-bin-location}}/pip3" + TRUSTIFY_DA_DEV_MODE: 'true' + DEV_TRUSTIFY_DA_BACKEND_URL: 'https://exhort.stage.devshift.net' run: npm run test - name: Compile project @@ -104,6 +106,8 @@ jobs: - name: Run integration tests cli working-directory: integration run: bash ./run_its.sh + env: + TRUSTIFY_DA_DEV_MODE: 'true' - name: Upload coverage reports if: ${{ matrix.node == env.MAIN_NODE_VER }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8c6399f..22b1331 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,12 +1,6 @@ --- name: Release -env: - # 🖊️ EDIT to change the image build settings. - IMAGE_NAME: exhort-javascript-api - IMAGE_REGISTRY: quay.io/ecosystem-appeng - DOCKERFILE_PATH: ./docker-image/Dockerfiles/Dockerfile.alpha - on: workflow_dispatch: inputs: diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml index cbad2af..ca0d108 100644 --- a/.github/workflows/stage.yml +++ b/.github/workflows/stage.yml @@ -1,12 +1,6 @@ --- name: Stage -env: - # 🖊️ EDIT to change the image build settings. - IMAGE_NAME: exhort-javascript-api - IMAGE_REGISTRY: quay.io/ecosystem-appeng - DOCKERFILE_PATH: ./docker-image/Dockerfiles/Dockerfile - on: pull_request_target: types: @@ -29,7 +23,7 @@ jobs: stage: runs-on: ubuntu-latest # Branches that starts with `release/` shouldn't trigger this workflow, as these are triggering the release workflow. - if: github.repository_owner == 'trustification' && github.event.pull_request.merged == true && !startsWith(github.head_ref, 'release/') + if: github.repository_owner == 'guacsec' && github.event.pull_request.merged == true && !startsWith(github.head_ref, 'release/') environment: staging name: Stage the project steps: @@ -126,6 +120,8 @@ jobs: if: steps.test-check.outputs.retest-is-needed == 'true' env: TRIGGERING_FILE: ${{ steps.test-check.outputs.triggering-file}} + TRUSTIFY_DA_DEV_MODE: 'true' + DEV_TRUSTIFY_DA_BACKEND_URL: 'https://exhort.stage.devshift.net' run: | echo "Re-test was triggered!!, triggering changed file - $TRIGGERING_FILE" echo "Running Again Unit-tests =>" @@ -162,25 +158,3 @@ jobs: prerelease: true, generate_release_notes: true }) - - - name: Build Image With buildah - id: build-image - uses: redhat-actions/buildah-build@v2 - with: - image: ${{ env.IMAGE_NAME }} - tags: ${{ steps.bump.outputs.version }} - dockerfiles: | - ${{ env.DOCKERFILE_PATH }} - build-args: | - PACKAGE_REGISTRY_ACCESS_TOKEN=${{ secrets.PACKAGE_REGISTRY_ACCESS_TOKEN }} - EXHORT_JAVASCRIPT_API_VERSION=${{ steps.bump.outputs.version }} - context: docker-image - - - name: Push Image To Registry - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - registry: ${{ env.IMAGE_REGISTRY }} - username: ${{ secrets.IMAGE_REGISTRY_USER }} - password: ${{ secrets.IMAGE_REGISTRY_PASSWORD }} diff --git a/.idea/modules.xml b/.idea/modules.xml index aa96804..b1018ee 100644 --- a/.idea/modules.xml +++ b/.idea/modules.xml @@ -2,7 +2,7 @@ - + - \ No newline at end of file + diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index be52e73..835af41 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,4 @@ -# Contributing to *exhort-javascript-api*
![nodejs-version][10] +# Contributing to *trustify-da-javascript-client*
![nodejs-version][10] * Fork the repository * Create a new branch @@ -20,11 +20,11 @@ ### Good to know -* You can override the default backend url by setting another one in the _EXHORT_URL_ environment variable. +* You can override the default backend url by setting another one in the _TRUSTIFY_DA_URL_ environment variable. ### OpenAPI Specifications -The OpenAPI specification is located in the [`exhort-api-spec`](https://github.com/trustification/exhort-api-spec) where the Java and Javascript libraries are generated. +The OpenAPI specification is located in the [`trustify-da-api-spec`](https://github.com/trustify-da/trustify-da-api-model) where the Java and Javascript libraries are generated. ### Code Walkthrough @@ -86,7 +86,7 @@ scripts in [integration/testers](integration/testers).
We have 3 _testers_: * [integration/testers/cli](integration/testers/cli) is a _package.json_ used for installing the _ESM module_. - Invoking the CLI Script is done against the _@trustification/exhort-javascript-api/dist/src/cli.js_ in the tester's + Invoking the CLI Script is done against the _@trustify-da/trustify-da-javascript-client/dist/src/cli.js_ in the tester's _node_modules_. * [integration/testers/javascript](integration/testers/javascript) is a _javascript_ script invoking the _ESM module_. * [integration/testers/typescript](integration/testers/typescript) is a _typescript_ script invoking the _ESM module_. @@ -100,10 +100,10 @@ Run integration tests from the project's root: ``` Integration tests are executed against a mocked _Backend_ server.
-If you need to run against the actual _Backend_ server, use the _EXHORT_ITS_USE_REAL_API_ environment variable: +If you need to run against the actual _Backend_ server, use the _TRUSTIFY_DA_ITS_USE_REAL_API_ environment variable: ```shell -(cd integration/ && EXHORT_ITS_USE_REAL_API=true bash ./run_its.sh) +(cd integration/ && TRUSTIFY_DA_ITS_USE_REAL_API=true bash ./run_its.sh) ``` The mocked server implementation is [integration/server/mock_server.js](integration/server/mock_server.js). See the @@ -119,7 +119,7 @@ contribution. See the [DCO](DCO) file for details. [0]: https://www.conventionalcommits.org/en/v1.0.0/ -[1]: https://github.com/trustification/exhort/blob/0.1.x/src/main/resources/META-INF/openapi.yaml +[1]: https://github.com/guacsec/exhort/blob/0.1.x/src/main/resources/META-INF/openapi.yaml [10]: https://badgen.net/badge/NodeJS%20Version/18/68a063 diff --git a/README.md b/README.md index 7821aa9..55f6fea 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Exhort JavaScript API
![latest-no-snapshot][0] ![latest-snapshot][1] -* Looking for the OpenAPI Spec? Try [Exhort API Spec](https://github.com/trustification/exhort-api-spec) -* Looking for our Java API? Try [Exhort Java API](https://github.com/trustification/exhort-java-api). -* Looking for our Backend implementation? Try [Exhort](https://github.com/trustification/exhort). +* Looking for the OpenAPI Spec? Try [Exhort API Spec](https://github.com/trustify-da/trustify-da-api-model) +* Looking for our Java API? Try [Exhort Java API](https://github.com/guacsec/exhort-java-api). +* Looking for our Backend implementation? Try [Exhort](https://github.com/guacsec/exhort). The _Exhort JavaScript API_ module is deployed to _GitHub Package Registry_. @@ -31,10 +31,11 @@ See [GH Docs](https://docs.github.com/en/packages/working-with-a-github-packages

Usage

-Configuring NPM to look in GHPR for the trustification namespace is done by adding -@trustification:registry=https://npm.pkg.github.com to .npmrc in the project root or user home. +Configuring NPM to look in GHPR for the trustify-da namespace is done by adding +@trustify-da:registry=https://npm.pkg.github.com to .npmrc in the project root or user home. ```shell +echo "@trustify-da:registry=https://npm.pkg.github.com" >> .npmrc echo "@trustification:registry=https://npm.pkg.github.com" >> .npmrc ```

@@ -44,11 +45,11 @@ echo "@trustification:registry=https://npm.pkg.github.com" >> .npmrc Use as ESM Module from an ESM module ```shell -npm install @trustification/exhort-javascript-api +npm install @trustify-da/trustify-da-javascript-client ``` ```javascript -import exhort from '@trustification/exhort-javascript-api' +import exhort from '@trustify-da/trustify-da-javascript-client' import fs from 'node:fs' // Get stack analysis in JSON format @@ -65,14 +66,14 @@ let componentAnalysis = await exhort.componentAnalysis('/path/to/pom.xml') Use as ESM Module from Common-JS module ```shell -npm install @trustification/exhort-javascript-api +npm install @trustify-da/trustify-da-javascript-client ``` ```javascript async function loadExhort() { // dynamic import is the only way to import ESM module into commonJS module - const { default: exhort } = await import('@trustification/exhort-javascript-api'); + const { default: exhort } = await import('@trustify-da/trustify-da-javascript-client'); return exhort } const runExhort = (manifestPath) => { @@ -98,13 +99,13 @@ Use as CLI Script Click for help menu ```shell -$ npx @trustification/exhort-javascript-api help +$ npx @trustify-da/trustify-da-javascript-client help -Usage: exhort-javascript-api {component|stack} +Usage: trustify-da-javascript-client {component|stack} Commands: - exhort-javascript-api stack [--html|--summary] produce stack report for manifest path - exhort-javascript-api component [--summary] produce component report for a manifest type and content + trustify-da-javascript-client stack [--html|--summary] produce stack report for manifest path + trustify-da-javascript-client component [--summary] produce component report for a manifest type and content Options: --help Show help [boolean] @@ -113,16 +114,16 @@ Options: ```shell # get stack analysis in json format -$ npx @trustification/exhort-javascript-api stack /path/to/pom.xml +$ npx @trustify-da/trustify-da-javascript-client stack /path/to/pom.xml # get stack analysis in json format (summary only) -$ npx @trustification/exhort-javascript-api stack /path/to/pom.xml --summary +$ npx @trustify-da/trustify-da-javascript-client stack /path/to/pom.xml --summary # get stack analysis in html format format -$ npx @trustification/exhort-javascript-api stack /path/to/pom.xml --html +$ npx @trustify-da/trustify-da-javascript-client stack /path/to/pom.xml --html # get component analysis -$ npx @trustification/exhort-javascript-api component /path/to/pom.xml +$ npx @trustify-da/trustify-da-javascript-client component /path/to/pom.xml ``` @@ -130,21 +131,21 @@ $ npx @trustification/exhort-javascript-api component /path/to/pom.xml Use as Global Binary ```shell -npm install --global @trustification/exhort-javascript-api +npm install --global @trustify-da/trustify-da-javascript-client ``` ```shell # get stack analysis in json format -$ exhort-javascript-api stack /path/to/pom.xml +$ trustify-da-javascript-client stack /path/to/pom.xml # get stack analysis in json format (summary only) -$ exhort-javascript-api stack /path/to/pom.xml --summary +$ trustify-da-javascript-client stack /path/to/pom.xml --summary # get stack analysis in html format format -$ exhort-javascript-api stack /path/to/pom.xml --html +$ trustify-da-javascript-client stack /path/to/pom.xml --html # get component analysis -$ exhort-javascript-api component /path/to/pom.xml +$ trustify-da-javascript-client component /path/to/pom.xml ``` @@ -206,7 +207,7 @@ Excluding a package from any analysis can be achieved by marking the package for Golang users can add in go.mod a comment with //exhortignore next to the package to be ignored, or to "piggyback" on existing comment ( e.g - //indirect) , for example: ```go -module github.com/trustification/SaaSi/deployer +module github.com/trustify-da/SaaSi/deployer go 1.19 @@ -295,22 +296,22 @@ for various customization. However, ESM Module users, can opt for customizing programmatically: ```javascript -import exhort from '@trustification/exhort-javascript-api' +import exhort from '@trustify-da/trustify-da-javascript-client' import fs from 'node:fs' let options = { - 'EXHORT_MVN_PATH': '/path/to/my/mvn', - 'EXHORT_NPM_PATH': '/path/to/npm', - 'EXHORT_PNPM_PATH': '/path/to/pnpm', - 'EXHORT_GO_PATH': '/path/to/go', + 'TRUSTIFY_DA_MVN_PATH': '/path/to/my/mvn', + 'TRUSTIFY_DA_NPM_PATH': '/path/to/npm', + 'TRUSTIFY_DA_PNPM_PATH': '/path/to/pnpm', + 'TRUSTIFY_DA_GO_PATH': '/path/to/go', //python - python3, pip3 take precedence if python version > 3 installed - 'EXHORT_PYTHON3_PATH' : '/path/to/python3', - 'EXHORT_PIP3_PATH' : '/path/to/pip3', - 'EXHORT_PYTHON_PATH' : '/path/to/python', - 'EXHORT_PIP_PATH' : '/path/to/pip', - 'EXHORT_GRADLE_PATH' : '/path/to/gradle', + 'TRUSTIFY_DA_PYTHON3_PATH' : '/path/to/python3', + 'TRUSTIFY_DA_PIP3_PATH' : '/path/to/pip3', + 'TRUSTIFY_DA_PYTHON_PATH' : '/path/to/python', + 'TRUSTIFY_DA_PIP_PATH' : '/path/to/pip', + 'TRUSTIFY_DA_GRADLE_PATH' : '/path/to/gradle', // Configure proxy for all requests - 'EXHORT_PROXY_URL': 'http://proxy.example.com:8080' + 'TRUSTIFY_DA_PROXY_URL': 'http://proxy.example.com:8080' } // Get stack analysis in JSON format ( all package managers, pom.xml is as an example here) @@ -332,13 +333,13 @@ You can set the proxy URL in two ways: 1. Using environment variable: ```shell -export EXHORT_PROXY_URL=http://proxy.example.com:8080 +export TRUSTIFY_DA_PROXY_URL=http://proxy.example.com:8080 ``` 2. Using the options object when calling the API programmatically: ```javascript const options = { - 'EXHORT_PROXY_URL': 'http://proxy.example.com:8080' + 'TRUSTIFY_DA_PROXY_URL': 'http://proxy.example.com:8080' } ``` @@ -361,62 +362,62 @@ following keys for setting custom paths for the said executables. Maven mvn -EXHORT_MVN_PATH +TRUSTIFY_DA_MVN_PATH Maven maven -EXHORT_PREFER_MVNW +TRUSTIFY_DA_PREFER_MVNW NPM npm -EXHORT_NPM_PATH +TRUSTIFY_DA_NPM_PATH PNPM pnpm -EXHORT_PNPM_PATH +TRUSTIFY_DA_PNPM_PATH Yarn Classic / Yarn Berry yarn -EXHORT_YARN_PATH +TRUSTIFY_DA_YARN_PATH Go Modules go -EXHORT_GO_PATH +TRUSTIFY_DA_GO_PATH Python programming language python3 -EXHORT_PYTHON3_PATH +TRUSTIFY_DA_PYTHON3_PATH Python pip Package Installer pip3 -EXHORT_PIP3_PATH +TRUSTIFY_DA_PIP3_PATH Python programming language python -EXHORT_PYTHON_PATH +TRUSTIFY_DA_PYTHON_PATH Python pip Package Installer pip -EXHORT_PIP_PATH +TRUSTIFY_DA_PIP_PATH Gradle gradle -EXHORT_GRADLE_PATH +TRUSTIFY_DA_GRADLE_PATH Gradle gradle -EXHORT_PREFER_GRADLEW +TRUSTIFY_DA_PREFER_GRADLEW @@ -446,7 +447,7 @@ Two possible values for this setting: #### Golang Support -By default, Golang dependency resolution follows the [Minimal Version Selection (MVS) Algorithm](https://go.dev/ref/mod#minimal-version-selection). +By default, Golang dependency resolution follows the [Minimal Version Selection (MVS) Algorithm](https://go.dev/ref/mod#minimal-version-selection). This means that when analyzing a project, only the module versions that would actually be included in the final executable are considered. For example, if your `go.mod` file declares two modules, `a` and `b`, and both depend on the same package `c` (same major version `v1`) but with different minor versions: @@ -454,14 +455,14 @@ For example, if your `go.mod` file declares two modules, `a` and `b`, and both d - `namespace/c/v1@v1.1` - `namespace/c/v1@v1.2` -Only one of these versions — the minimal version selected by MVS — will be included in the generated SBOM and analysis results. +Only one of these versions — the minimal version selected by MVS — will be included in the generated SBOM and analysis results. This mirrors the behavior of a real Go build, where only one minor version of a given major version can be present in the executable (since Go treats packages with the same name and major version as identical). -The MVS-based resolution is **enabled by default**. +The MVS-based resolution is **enabled by default**. If you want to disable this behavior and instead include **all transitive module versions** (as listed in `go.mod` dependencies), set the system property or environment variable: ```bash -EXHORT_GO_MVS_LOGIC_ENABLED=false +TRUSTIFY_DA_GO_MVS_LOGIC_ENABLED=false ``` #### Python Support @@ -470,8 +471,8 @@ By default, For python support, the api assumes that the package is installed us Binaries passed to environment variables. In any case, If the package is not installed , then an error will be thrown. There is an experimental feature of installing the requirements.txt on a virtual env(only python3 or later is supported for this feature) - in this case, -it's important to pass in a path to python3 binary as `EXHORT_PYTHON3_PATH` or instead make sure that python3 is on the system path. -in such case, You can use that feature by setting environment variable `EXHORT_PYTHON_VIRTUAL_ENV` to true. +it's important to pass in a path to python3 binary as `TRUSTIFY_DA_PYTHON3_PATH` or instead make sure that python3 is on the system path. +in such case, You can use that feature by setting environment variable `TRUSTIFY_DA_PYTHON_VIRTUAL_ENV` to true. ##### "Best Efforts Installation" Since Python pip packages are very sensitive/picky regarding python version changes( every small range of versions is only tailored for a certain python version), I'm introducing this feature, that @@ -479,33 +480,33 @@ tries to install all packages in requirements.txt onto created virtual environme This increasing the chances and the probability that the automatic installation will succeed. ###### Usage -A New setting is introduced - `EXHORT_PYTHON_INSTALL_BEST_EFFORTS` (as both env variable/key in `options` object) -1. `EXHORT_PYTHON_INSTALL_BEST_EFFORTS`="false" - install requirements.txt while respecting declared versions for all packages. -2. `EXHORT_PYTHON_INSTALL_BEST_EFFORTS`="true" - install all packages from requirements.txt, not respecting the declared version, but trying to install a version tailored for the used python version. When using this setting, you must set setting `MATCH_MANIFEST_VERSIONS` to 'false'. +A New setting is introduced - `TRUSTIFY_DA_PYTHON_INSTALL_BEST_EFFORTS` (as both env variable/key in `options` object) +1. `TRUSTIFY_DA_PYTHON_INSTALL_BEST_EFFORTS`="false" - install requirements.txt while respecting declared versions for all packages. +2. `TRUSTIFY_DA_PYTHON_INSTALL_BEST_EFFORTS`="true" - install all packages from requirements.txt, not respecting the declared version, but trying to install a version tailored for the used python version. When using this setting, you must set setting `MATCH_MANIFEST_VERSIONS` to 'false'. ##### Using `pipdeptree` By default, The API algorithm will use native commands of PIP installer as data source to build the dependency tree. -It's also possible to use the lightweight Python PIP utility [pipdeptree](https://pypi.org/project/pipdeptree/) as data source instead. In order to activate this, you need to set the environment variable/option `EXHORT_PIP_USE_DEP_TREE` to 'true'. +It's also possible to use the lightweight Python PIP utility [pipdeptree](https://pypi.org/project/pipdeptree/) as data source instead. In order to activate this, you need to set the environment variable/option `TRUSTIFY_DA_PIP_USE_DEP_TREE` to 'true'. #### Toggle Red Hat Trusted Content recommendations -Both the HTML-based report and JSON response will by default contain recommendations for migrating to Red Hat-based Trusted Content repositories. This feature can be disabled by setting `EXHORT_RECOMMENDATIONS_ENABLED` to 'false' via environment variables or options. +Both the HTML-based report and JSON response will by default contain recommendations for migrating to Red Hat-based Trusted Content repositories. This feature can be disabled by setting `TRUSTIFY_DA_RECOMMENDATIONS_ENABLED` to 'false' via environment variables or options. #### Additional CLI arguments For some ecosystems we support passing additional CLI arguments to the underlying tools. The following table outlines the supported ecosystems and the environment variable/option that configures this. Note that the arguments are expected to be in the format of a JSON array. |Ecosystem|Key | |---------|---------------| -|Maven |EXHORT_MVN_ARGS| +|Maven |TRUSTIFY_DA_MVN_ARGS| -[0]: https://img.shields.io/github/v/release/trustification/exhort-javascript-api?color=green&label=latest -[1]: https://img.shields.io/github/v/release/trustification/exhort-javascript-api?color=yellow&include_prereleases&label=early-access +[0]: https://img.shields.io/github/v/release/guacsec/trustify-da-javascript-client?color=green&label=latest +[1]: https://img.shields.io/github/v/release/guacsec/trustify-da-javascript-client?color=yellow&include_prereleases&label=early-access ### Known Issues - For pip requirements.txt - It's been observed that for python versions 3.11.x, there might be slowness for invoking the analysis. - If you encounter a performance issue with version >= 3.11.x, kindly try to set environment variable/option `EXHORT_PIP_USE_DEP_TREE=true`, before calling the analysis. + If you encounter a performance issue with version >= 3.11.x, kindly try to set environment variable/option `TRUSTIFY_DA_PIP_USE_DEP_TREE=true`, before calling the analysis. - For maven pom.xml, it has been noticed that using java 17 might cause stack analysis to hang forever. diff --git a/catalog-info.yaml b/catalog-info.yaml index e364296..2ef62c8 100644 --- a/catalog-info.yaml +++ b/catalog-info.yaml @@ -2,15 +2,15 @@ apiVersion: backstage.io/v1alpha1 kind: Component metadata: annotations: - backstage.io/kubernetes-id: exhort-javascript-api - github.com/project-slug: trustification/exhort-javascript-api + backstage.io/kubernetes-id: trustify-da-javascript-client + github.com/project-slug: guacsec/trustify-da-javascript-client github.com/project-readme-path: README.md - backstage.io/view-url: https://github.com/trustification/exhort-javascript-api/blob/main/catalog-info.yaml - backstage.io/edit-url: https://github.com/trustification/exhort-javascript-api/blob/main/catalog-info.yaml - backstage.io/source-location: url:https://github.com/trustification/exhort-javascript-api + backstage.io/view-url: https://github.com/guacsec/trustify-da-javascript-client/blob/main/catalog-info.yaml + backstage.io/edit-url: https://github.com/guacsec/trustify-da-javascript-client/blob/main/catalog-info.yaml + backstage.io/source-location: url:https://github.com/guacsec/trustify-da-javascript-client rhda/manifest-file-path: package.json backstage.io/techdocs-ref: dir:README.md - name: exhort-javascript-api + name: trustify-da-javascript-client spec: lifecycle: production owner: ecosystem-appeng diff --git a/config/config.properties b/config/config.properties index 39940fa..66bae57 100644 --- a/config/config.properties +++ b/config/config.properties @@ -1 +1 @@ -EXHORT_DEV_MODE=false +TRUSTIFY_DA_DEV_MODE=false diff --git a/docker-image/Dockerfiles/Dockerfile b/docker-image/Dockerfiles/Dockerfile index d88f99d..ec4b9f5 100644 --- a/docker-image/Dockerfiles/Dockerfile +++ b/docker-image/Dockerfiles/Dockerfile @@ -6,7 +6,7 @@ USER root # assign token for reading packages from github package registry ARG PACKAGE_REGISTRY_ACCESS_TOKEN='' -ARG EXHORT_JAVASCRIPT_API_VERSION='0.1.1-ea.55' +ARG TRUSTIFY_DA_JAVASCRIPT_API_VERSION='0.1.1-ea.55' # install Java RUN curl -kL https://download.oracle.com/java/21/archive/jdk-21.0.1_linux-x64_bin.tar.gz -o /tmp/java-package.tar.gz \ @@ -28,7 +28,7 @@ COPY configs/.npmrc . # replace placeholder with the actual environment variable RUN sed -i "s/__PACKAGE_REGISTRY_ACCESS_TOKEN__/${PACKAGE_REGISTRY_ACCESS_TOKEN}/g" ./.npmrc # install Exhort javascript API -RUN npm install --global @trustification/exhort-javascript-api@${EXHORT_JAVASCRIPT_API_VERSION} +RUN npm install --global @trustify-da/trustify-da-javascript-client@${TRUSTIFY_DA_JAVASCRIPT_API_VERSION} # add RHDA script COPY scripts/rhda.sh /rhda.sh @@ -38,7 +38,7 @@ RUN chmod +x /usr/jdk-21.0.1/bin/java \ && chmod +x /usr/apache-maven-3.9.6/bin/mvn \ && chmod +x /usr/go/bin/go \ && chmod +x /usr/bin/jq \ - && chmod +x /opt/app-root/src/.npm-global/bin/exhort-javascript-api \ + && chmod +x /opt/app-root/src/.npm-global/bin/trustify-da-javascript-client \ && chmod +x /rhda.sh # use default user @@ -47,16 +47,16 @@ USER default # second stage FROM registry.access.redhat.com/ubi9/nodejs-20-minimal -LABEL org.opencontainers.image.source=https://github.com/trustification/exhort-javascript-api +LABEL org.opencontainers.image.source=https://github.com/guacsec/trustify-da-javascript-client # assign rhda source for exhort tracking purposes ENV RHDA_SOURCE='' # contains pip feeze --all data, base64 encoded -ENV EXHORT_PIP_FREEZE='' +ENV TRUSTIFY_DA_PIP_FREEZE='' # contains pip show data for all packages, base64 encoded -ENV EXHORT_PIP_SHOW='' +ENV TRUSTIFY_DA_PIP_SHOW='' # indicate whether to use the Minimal version selection (MVS) algorithm to select a set of module versions to use when building Go packages. -ENV EXHORT_GO_MVS_LOGIC_ENABLED='true' +ENV TRUSTIFY_DA_GO_MVS_LOGIC_ENABLED='true' # Copy java executable from the builder stage COPY --from=builder /usr/jdk-21.0.1/ /usr/jdk-21.0.1/ @@ -76,7 +76,7 @@ ENV PATH=$PATH:$JAVA_HOME/bin:$MAVEN_HOME/bin:$GOLANG_HOME/bin # Copy jq executable from the builder stage COPY --from=builder /usr/bin/jq /usr/bin/jq -# Copy exhort-javascript-api executable from the builder stage +# Copy trustify-da-javascript-client executable from the builder stage COPY --from=builder /opt/app-root/src/.npm-global/ /opt/app-root/src/.npm-global/ # Copy RHDA executable script from the builder stage diff --git a/docker-image/README.md b/docker-image/README.md index b31e8b8..ffb617b 100644 --- a/docker-image/README.md +++ b/docker-image/README.md @@ -1,6 +1,6 @@ # Exhort Javascript API Docker Images -These dockerfiles provides all nessesary components to generate images for Red Hat Dependency Analytics (RHDA). +These dockerfiles provides all nessesary components to generate images for Red Hat Dependency Analytics (RHDA). These images can be used as base images to set up the necessary environment and dependencies for running the Red Hat Dependency Analytics. ## Prerequisites @@ -13,27 +13,27 @@ Both Docker and Podman are container runtimes that can be used to build and run ## Images generated for Exhort Javascript API -Ecosystem | Version | IMAGE | TAG | +Ecosystem | Version | IMAGE | TAG | ------------------------------| ------------------------------------------------------------------ | ----------------------------------------------- |-------------------| -Maven, NPM, Golang | mvn 3.9.6,
npm 10.2.4,
go 1.21.5,
python \ | quay.io/ecosystem-appeng/exhort-javascript-api | 0.1.1-ea.26 | +Maven, NPM, Golang | mvn 3.9.6,
npm 10.2.4,
go 1.21.5,
python \ | quay.io/ecosystem-appeng/trustify-da-javascript-client | 0.1.1-ea.26 | ## Usage Notes -To perform RHDA analysis on a **Python** ecosystem, the data from both `pip freeze --all` and `pip show` commands should be generated for all packages listed in the requirements.txt manifest. This data should be encoded in base64 and passed through the `EXHORT_PIP_FREEZE` and `EXHORT_PIP_SHOW` environment variables, respectively. +To perform RHDA analysis on a **Python** ecosystem, the data from both `pip freeze --all` and `pip show` commands should be generated for all packages listed in the requirements.txt manifest. This data should be encoded in base64 and passed through the `TRUSTIFY_DA_PIP_FREEZE` and `TRUSTIFY_DA_PIP_SHOW` environment variables, respectively. Code example: ``` shell # Install requirements.txt pip3 install -r requirements.txt -# Generate pip freeze --all data +# Generate pip freeze --all data pip3 freeze --all > pip_freeze.txt -# Generate pip show data +# Generate pip show data SHOW_LIST=$(awk -F '==' '{print $1}' < pip_freeze.txt) pip3 show $(echo "$SHOW_LIST") > pip_show.txt # Encode data using base64 and export to environment variables -export EXHORT_PIP_FREEZE=$(cat pip_freeze.txt | base64 -w 0) -export EXHORT_PIP_SHOW=$(cat pip_show.txt | base64 -w 0) -``` \ No newline at end of file +export TRUSTIFY_DA_PIP_FREEZE=$(cat pip_freeze.txt | base64 -w 0) +export TRUSTIFY_DA_PIP_SHOW=$(cat pip_show.txt | base64 -w 0) +``` diff --git a/docker-image/scripts/rhda.sh b/docker-image/scripts/rhda.sh index bfeafb3..5a53dad 100644 --- a/docker-image/scripts/rhda.sh +++ b/docker-image/scripts/rhda.sh @@ -6,7 +6,7 @@ output_file_path="$2" printf "Analyzing the stack. Please wait..\n\n" # Getting RHDA stack analysis report using Exhort Javascript CLI. -report=$(exhort-javascript-api stack $manifest_file_path 2>error.log) +report=$(trustify-da-javascript-client stack $manifest_file_path 2>error.log) exit_code=$? diff --git a/integration/run_its.sh b/integration/run_its.sh index 48852ad..1e1536d 100755 --- a/integration/run_its.sh +++ b/integration/run_its.sh @@ -2,8 +2,8 @@ #!!!!! DO NOT FORGET 'npm run compile' on root prior to running this script !!!!# -# set EXHORT_ITS_USE_REAL_API=true to use the real backend -EXHORT_ITS_USE_REAL_API="${EXHORT_ITS_USE_REAL_API:=false}" +# set TRUSTIFY_DA_ITS_USE_REAL_API=true to use the real backend +TRUSTIFY_DA_ITS_USE_REAL_API="${TRUSTIFY_DA_ITS_USE_REAL_API:=false}" # utility function for wrapping up and exiting # takes an exit code @@ -73,7 +73,7 @@ rm -rf testers/cli/node_modules rm -f testers/cli/package-lock.json if ! npm --prefix testers/cli install --silent ; then RC="$?" - echo "- FAILED Installing exhort-javascript-api environment for testing" + echo "- FAILED Installing trustify-da-javascript-client environment for testing" cleanup $RC fi echo "- SUCCESSFUL" @@ -81,7 +81,7 @@ mkdir -p ./responses #### JAVA MAVEN echo "RUNNING JavaScript CLI integration test for Stack Analysis report in Html for Java Maven" -testers/cli/node_modules/.bin/exhort-javascript-api stack scenarios/maven/pom.xml --html > ./responses/stack.html +testers/cli/node_modules/.bin/trustify-da-javascript-client stack scenarios/maven/pom.xml --html > ./responses/stack.html RC="$?" if [ "$RC" -ne 0 ]; then echo "- FAILED, return $RC from invocation" @@ -96,7 +96,7 @@ echo "- PASSED" echo echo 'RUNNING JavaScript CLI integration test for Stack Analysis report summary of snyk provider for Java Maven' -testers/cli/node_modules/.bin/exhort-javascript-api stack scenarios/maven/pom.xml --summary > ./responses/stack-summary.json +testers/cli/node_modules/.bin/trustify-da-javascript-client stack scenarios/maven/pom.xml --summary > ./responses/stack-summary.json RC="$?" if [ "$RC" -ne 0 ]; then echo "- FAILED, return $RC from invocation" @@ -114,7 +114,7 @@ echo "- PASSED" echo echo "RUNNING JavaScript CLI integration test for Stack Analysis report in Json for Java Maven" -testers/cli/node_modules/.bin/exhort-javascript-api stack scenarios/maven/pom.xml > ./responses/stack.json +testers/cli/node_modules/.bin/trustify-da-javascript-client stack scenarios/maven/pom.xml > ./responses/stack.json RC="$?" if [ "$RC" -ne 0 ]; then echo "- FAILED, return $RC from invocation" @@ -134,7 +134,7 @@ matchConstant "200" "$StatusCodeTC" "Check that Response code from Trusted Conte #matchConstant "200" "$StatusCodeSnyk" "Check that Response code from Snyk Provider is OK ( Http Status = 200)..." echo "RUNNING JavaScript CLI integration test for Component Analysis report for Java Maven" -eval "testers/cli/node_modules/.bin/exhort-javascript-api component scenarios/maven/pom.xml" > ./responses/component.json +eval "testers/cli/node_modules/.bin/trustify-da-javascript-client component scenarios/maven/pom.xml" > ./responses/component.json RC="$?" if [ "$RC" -ne 0 ]; then echo "- FAILED, return $RC from invocation" @@ -149,16 +149,5 @@ fi StatusCodeTC=$(jq '.providers["trusted-content"].status.code' ./responses/stack.json) matchConstant "200" "$StatusCodeTC" "Check that Response code from Trusted Content is OK ( Http Status = 200)..." -#StatusCodeSnyk=$(jq '.providers.snyk.status.code' ./responses/stack.json) -#matchConstant "200" "$StatusCodeSnyk" "Check that Response code from Snyk Provider is OK ( Http Status = 200)..." - -echo "RUNNING JavaScript CLI integration test for Validate Token Function With wrong token, expecting getting 401 http status code " -answerAboutToken=$(testers/cli/node_modules/.bin/exhort-javascript-api validate-token snyk --value=veryBadTokenValue) -matchConstant "401" "$answerAboutToken" "Checking That dummy Token is Invalid, Expecting Response Status of Authentication Failure( Http Status = 401)..." - -echo "RUNNING JavaScript CLI integration test for Validate Token Function With no token at all, Expecting getting 400 http status code" -answerAboutToken=$(testers/cli/node_modules/.bin/exhort-javascript-api validate-token snyk ) -matchConstant "400" "$answerAboutToken" "Checking That Token is missing, Expecting Response Status of Bad Request( Http Status = 400)..." -echo "==>SUCCESS!!" cleanup 0 diff --git a/integration/testers/cli/package.json b/integration/testers/cli/package.json index 4e208f2..702d007 100644 --- a/integration/testers/cli/package.json +++ b/integration/testers/cli/package.json @@ -1,11 +1,11 @@ { "name": "cli-it", "version": "0.0.1", - "description": "exhort-javascript-api cli integration tests", + "description": "trustify-da-javascript-client cli integration tests", "private": true, "type": "module", "license": "Apache-2.0", "dependencies": { - "@trustification/exhort-javascript-api": "file:../../../" + "@trustify-da/trustify-da-javascript-client": "file:../../../" } } diff --git a/integration/testers/javascript/index.js b/integration/testers/javascript/index.js index 80f1053..35b278e 100644 --- a/integration/testers/javascript/index.js +++ b/integration/testers/javascript/index.js @@ -1,6 +1,6 @@ #!/usr/bin/env node -import exhort from '@trustification/exhort-javascript-api' +import exhort from '@trustify-da/trustify-da-javascript-client' import process from 'node:process' const [,, ...args] = process.argv @@ -22,7 +22,7 @@ if ('component' === args[0]) { if ('validateToken' === args[0]) { // args[1] - the token passed let tokens = { - "EXHORT_SNYK_TOKEN" : args[1] + "TRUSTIFY_DA_SNYK_TOKEN" : args[1] } let res = await exhort.validateToken(tokens) console.log(res) diff --git a/integration/testers/javascript/package.json b/integration/testers/javascript/package.json index eac4af4..2097e25 100644 --- a/integration/testers/javascript/package.json +++ b/integration/testers/javascript/package.json @@ -1,11 +1,11 @@ { "name": "js-it", "version": "0.0.1", - "description": "exhort-javascript-api javascript integration tests", + "description": "trustify-da-javascript-client javascript integration tests", "private": true, "type": "module", "license": "Apache-2.0", "dependencies": { - "@trustification/exhort-javascript-api": "file:../../../" + "@trustify-da/trustify-da-javascript-client": "file:../../../" } } diff --git a/integration/testers/typescript/index.ts b/integration/testers/typescript/index.ts index 3e5ac38..738ddbd 100644 --- a/integration/testers/typescript/index.ts +++ b/integration/testers/typescript/index.ts @@ -1,8 +1,8 @@ #!/usr/bin/env node -import exhort from '@trustification/exhort-javascript-api' +import exhort from '@guacsec/trustify-da-javascript-client' import process from 'node:process' -import { AnalysisReport } from '@trustification/exhort-api-spec/model/v4/AnalysisReport' +import { AnalysisReport } from '@trustify-da/trustify-da-api-model/model/v5/AnalysisReport' const [,, ...args] = process.argv diff --git a/integration/testers/typescript/package.json b/integration/testers/typescript/package.json index 2e93e71..a3b052f 100644 --- a/integration/testers/typescript/package.json +++ b/integration/testers/typescript/package.json @@ -1,7 +1,7 @@ { "name": "ts-it", "version": "0.0.1", - "description": "exhort-javascript-api typescript integration tests", + "description": "trustify-da-javascript-client typescript integration tests", "private": true, "type": "module", "license": "Apache-2.0", @@ -10,7 +10,7 @@ "compile": "tsc -p tsconfig.json" }, "dependencies": { - "@trustification/exhort-javascript-api": "file:../../../" + "@trustify-da/trustify-da-javascript-client": "file:../../../" }, "devDependencies": { "typescript": "^5.1.3" diff --git a/package-lock.json b/package-lock.json index 6001265..af93226 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { - "name": "@trustification/exhort-javascript-api", + "name": "@trustify-da/trustify-da-javascript-client", "version": "0.2.4-ea.12", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "@trustification/exhort-javascript-api", + "name": "@trustify-da/trustify-da-javascript-client", "version": "0.2.4-ea.12", "license": "Apache-2.0", "dependencies": { @@ -20,11 +20,11 @@ "yargs": "^17.7.2" }, "bin": { - "exhort-javascript-api": "dist/src/cli.js" + "trustify-da-javascript-client": "dist/src/cli.js" }, "devDependencies": { "@babel/core": "^7.23.2", - "@trustification/exhort-api-spec": "^1.0.18", + "@trustify-da/trustify-da-api-model": "^2.0.1", "@types/node": "^20.17.30", "@types/which": "^3.0.4", "babel-plugin-rewire": "^1.2.0", @@ -862,10 +862,10 @@ "dev": true, "license": "(Unlicense OR Apache-2.0)" }, - "node_modules/@trustification/exhort-api-spec": { - "version": "1.0.18", - "resolved": "https://npm.pkg.github.com/download/@trustification/exhort-api-spec/1.0.18/b7f6dc02d979899c009edbc0bf3d9bdee137f151", - "integrity": "sha512-ft9oRpItc9LDe/fzcrQiLYJBd3Tpmx0nMl9VMMSfajVDuy3Ot+vMqI3OvhytnzlSb3rY8UUg3+m7xqhi4U/zJw==", + "node_modules/@trustify-da/trustify-da-api-model": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@trustify-da/trustify-da-api-model/-/trustify-da-api-model-2.0.1.tgz", + "integrity": "sha512-lY383PH8JvcIBmkRVXvsyVu9hWiQy7AtknnM5LhG/ymLZtKPy2+pztTunLdF66w3hL+cPryidzls2O8ADBoBcA==", "dev": true, "license": "Apache-2.0" }, diff --git a/package.json b/package.json index 29f9d80..a8dddf6 100644 --- a/package.json +++ b/package.json @@ -1,14 +1,11 @@ { - "name": "@trustification/exhort-javascript-api", + "name": "@trustify-da/trustify-da-javascript-client", "version": "0.2.4-ea.12", "description": "Code-Ready Dependency Analytics JavaScript API.", "license": "Apache-2.0", - "homepage": "https://github.com/trustification/exhort-javascript-api#README.md", - "bugs": "https://github.com/trustification/exhort-javascript-api/issues", - "repository": "github:trustification/exhort-javascript-api", - "publishConfig": { - "registry": "https://npm.pkg.github.com" - }, + "homepage": "https://github.com/guacsec/trustify-da-javascript-client#README.md", + "bugs": "https://github.com/guacsec/trustify-da-javascript-client/issues", + "repository": "github:guacsec/trustify-da-javascript-client", "keywords": [ "analysis", "codeready", @@ -35,8 +32,6 @@ "lint": "eslint src test --ext js", "lint:fix": "eslint src test --ext js --fix", "test": "c8 npm run tests", - "localtest": "EXHORT_PIP3_PATH=/home/zgrinber/python3.9/bin/pip3 EXHORT_PYTHON3_PATH=/home/zgrinber/python3.9/bin/python3 c8 npm run tests", - "postlocaltest": " git status | grep src/providers/ | grep rewire | xargs -i git clean -f {}", "tests": "mocha --config .mocharc.json --grep \"Integration Tests|.*analysis module.*\" --invert", "tests:rep": "mocha --reporter-option maxDiffSize=0 --reporter json > unit-tests-result.json", "integration-tests": "mocha --grep \"Integration Tests\"", @@ -56,7 +51,7 @@ }, "devDependencies": { "@babel/core": "^7.23.2", - "@trustification/exhort-api-spec": "^1.0.18", + "@trustify-da/trustify-da-api-model": "^2.0.1", "@types/node": "^20.17.30", "@types/which": "^3.0.4", "babel-plugin-rewire": "^1.2.0", diff --git a/src/analysis.js b/src/analysis.js index 780b7c6..8eddf6b 100644 --- a/src/analysis.js +++ b/src/analysis.js @@ -22,7 +22,7 @@ const rhdaPackageManagerHeader = "rhda-pkg-manager" * @returns {RequestInit} The fetch options with proxy agent if applicable */ function addProxyAgent(options, opts) { - const proxyUrl = getCustom('EXHORT_PROXY_URL', null, opts); + const proxyUrl = getCustom('TRUSTIFY_DA_PROXY_URL', null, opts); if (proxyUrl) { options.agent = new HttpsProxyAgent(proxyUrl); } @@ -36,7 +36,7 @@ function addProxyAgent(options, opts) { * @param {string} url - the backend url to send the request to * @param {boolean} [html=false] - true will return 'text/html', false will return 'application/json' * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application - * @returns {Promise} + * @returns {Promise} */ async function requestStack(provider, manifest, url, html = false, opts = {}) { opts["source-manifest"] = Buffer.from(fs.readFileSync(manifest).toString()).toString('base64') @@ -46,7 +46,7 @@ async function requestStack(provider, manifest, url, html = false, opts = {}) { opts[rhdaOperationTypeHeader.toUpperCase().replaceAll("-", "_")] = "stack-analysis" let startTime = new Date() let endTime - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { console.log("Starting time of sending stack analysis request to exhort server= " + startTime) } opts[rhdaPackageManagerHeader.toUpperCase().replaceAll("-", "_")] = provided.ecosystem @@ -62,7 +62,7 @@ async function requestStack(provider, manifest, url, html = false, opts = {}) { }, opts); const finalUrl = new URL(`${url}/api/v4/analysis`); - if (opts['EXHORT_RECOMMENDATIONS_ENABLED'] === 'false') { + if (opts['TRUSTIFY_DA_RECOMMENDATIONS_ENABLED'] === 'false') { finalUrl.searchParams.append('recommend', 'false'); } @@ -74,7 +74,7 @@ async function requestStack(provider, manifest, url, html = false, opts = {}) { } else { result = await resp.text() } - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { let exRequestId = resp.headers.get("ex-request-id"); if (exRequestId) { console.log("Unique Identifier associated with this request - ex-request-id=" + exRequestId) @@ -100,7 +100,7 @@ async function requestStack(provider, manifest, url, html = false, opts = {}) { * @param {string} manifest - path for the manifest * @param {string} url - the backend url to send the request to * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application - * @returns {Promise} + * @returns {Promise} */ async function requestComponent(provider, manifest, url, opts = {}) { opts["source-manifest"] = Buffer.from(fs.readFileSync(manifest).toString()).toString('base64') @@ -108,7 +108,7 @@ async function requestComponent(provider, manifest, url, opts = {}) { let provided = provider.provideComponent(manifest, opts) // throws error if content providing failed opts["source-manifest"] = "" opts[rhdaOperationTypeHeader.toUpperCase().replaceAll("-", "_")] = "component-analysis" - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { console.log("Starting time of sending component analysis request to exhort server= " + new Date()) } opts[rhdaPackageManagerHeader.toUpperCase().replaceAll("-", "_")] = provided.ecosystem @@ -124,7 +124,7 @@ async function requestComponent(provider, manifest, url, opts = {}) { }, opts); const finalUrl = new URL(`${url}/api/v4/analysis`); - if (opts['EXHORT_RECOMMENDATIONS_ENABLED'] === 'false') { + if (opts['TRUSTIFY_DA_RECOMMENDATIONS_ENABLED'] === 'false') { finalUrl.searchParams.append('recommend', 'false'); } @@ -132,7 +132,7 @@ async function requestComponent(provider, manifest, url, opts = {}) { let result if (resp.status === 200) { result = await resp.json() - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { let exRequestId = resp.headers.get("ex-request-id"); if (exRequestId) { console.log("Unique Identifier associated with this request - ex-request-id=" + exRequestId) @@ -155,7 +155,7 @@ async function requestComponent(provider, manifest, url, opts = {}) { * @param {Array} imageRefs * @param {string} url * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application - * @returns {Promise>} + * @returns {Promise>} */ async function requestImages(imageRefs, url, html = false, opts = {}) { const imageSboms = {} @@ -165,7 +165,7 @@ async function requestImages(imageRefs, url, html = false, opts = {}) { } const finalUrl = new URL(`${url}/api/v4/batch-analysis`); - if (opts['EXHORT_RECOMMENDATIONS_ENABLED'] === 'false') { + if (opts['TRUSTIFY_DA_RECOMMENDATIONS_ENABLED'] === 'false') { finalUrl.searchParams.append('recommend', 'false'); } @@ -186,7 +186,7 @@ async function requestImages(imageRefs, url, html = false, opts = {}) { } else { result = await resp.text() } - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { let exRequestId = resp.headers.get("ex-request-id"); if (exRequestId) { console.log("Unique Identifier associated with this request - ex-request-id=" + exRequestId) @@ -216,7 +216,7 @@ async function validateToken(url, opts = {}) { }, opts); let resp = await fetch(`${url}/api/v4/token`, fetchOptions) - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { let exRequestId = resp.headers.get("ex-request-id"); if (exRequestId) { console.log("Unique Identifier associated with this request - ex-request-id=" + exRequestId) @@ -248,11 +248,11 @@ function getTokenHeaders(opts = {}) { let supportedTokens = ['snyk', 'oss-index'] let headers = {} supportedTokens.forEach(vendor => { - let token = getCustom(`EXHORT_${vendor.replace("-", "_").toUpperCase()}_TOKEN`, null, opts); + let token = getCustom(`TRUSTIFY_DA_${vendor.replace("-", "_").toUpperCase()}_TOKEN`, null, opts); if (token) { headers[`ex-${vendor}-token`] = token } - let user = getCustom(`EXHORT_${vendor.replace("-", "_").toUpperCase()}_USER`, null, opts); + let user = getCustom(`TRUSTIFY_DA_${vendor.replace("-", "_").toUpperCase()}_USER`, null, opts); if (user) { headers[`ex-${vendor}-user`] = user } @@ -263,7 +263,7 @@ function getTokenHeaders(opts = {}) { setRhdaHeader(rhdaPackageManagerHeader, headers, opts) setRhdaHeader(rhdaTelemetryId, headers, opts); - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { console.log("Headers Values to be sent to exhort:" + EOL) for (const headerKey in headers) { if (!headerKey.match(RegexNotToBeLogged)) { diff --git a/src/cli.js b/src/cli.js index 956d76a..c24797c 100644 --- a/src/cli.js +++ b/src/cli.js @@ -48,7 +48,7 @@ const validateToken = { let opts={} if(args['tokenValue'] !== undefined && args['tokenValue'].trim() !=="" ) { let tokenValue = args['tokenValue'].trim() - opts[`EXHORT_${tokenProvider}_TOKEN`] = tokenValue + opts[`TRUSTIFY_DA_${tokenProvider}_TOKEN`] = tokenValue } let res = await exhort.validateToken(opts) console.log(res) diff --git a/src/cyclone_dx_sbom.js b/src/cyclone_dx_sbom.js index e699dcc..7e6efaa 100644 --- a/src/cyclone_dx_sbom.js +++ b/src/cyclone_dx_sbom.js @@ -159,7 +159,7 @@ export default class CycloneDxSbom { delete this.sbomObject.metadata.properties } - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { console.log("SBOM Generated for manifest, to be sent to exhort service:" + EOL + JSON.stringify(this.sbomObject, null, 4)) } return JSON.stringify(this.sbomObject) diff --git a/src/index.js b/src/index.js index dfd87d5..7816024 100644 --- a/src/index.js +++ b/src/index.js @@ -12,37 +12,32 @@ export { ImageRef } from "./oci_image/images.js"; export default { componentAnalysis, stackAnalysis, imageAnalysis, validateToken } -export const exhortDevDefaultUrl = 'https://exhort.stage.devshift.net'; - -/** @type {string} The default production URL for the Exhort backend. */ -export const exhortDefaultUrl = "https://rhda.rhcloud.com"; - /** * @typedef {{ - * EXHORT_DOCKER_PATH?: string | undefined, - * EXHORT_GO_MVS_LOGIC_ENABLED?: string | undefined, - * EXHORT_GO_PATH?: string | undefined, - * EXHORT_GRADLE_PATH?: string | undefined, - * EXHORT_IMAGE_PLATFORM?: string | undefined, - * EXHORT_MVN_PATH?: string | undefined, - * EXHORT_PIP_PATH?: string | undefined, - * EXHORT_PIP_USE_DEP_TREE?: string | undefined, - * EXHORT_PIP3_PATH?: string | undefined, - * EXHORT_PNPM_PATH?: string | undefined, - * EXHORT_PODMAN_PATH?: string | undefined, - * EXHORT_PREFER_GRADLEW?: string | undefined, - * EXHORT_PREFER_MVNW?: string | undefined, - * EXHORT_PROXY_URL?: string | undefined, - * EXHORT_PYTHON_INSTALL_BEST_EFFORTS?: string | undefined, - * EXHORT_PYTHON_PATH?: string | undefined, - * EXHORT_PYTHON_VIRTUAL_ENV?: string | undefined, - * EXHORT_PYTHON3_PATH?: string | undefined, - * EXHORT_RECOMMENDATIONS_ENABLED?: string | undefined, - * EXHORT_SKOPEO_CONFIG_PATH?: string | undefined, - * EXHORT_SKOPEO_PATH?: string | undefined, - * EXHORT_SYFT_CONFIG_PATH?: string | undefined, - * EXHORT_SYFT_PATH?: string | undefined, - * EXHORT_YARN_PATH?: string | undefined, + * TRUSTIFY_DA_DOCKER_PATH?: string | undefined, + * TRUSTIFY_DA_GO_MVS_LOGIC_ENABLED?: string | undefined, + * TRUSTIFY_DA_GO_PATH?: string | undefined, + * TRUSTIFY_DA_GRADLE_PATH?: string | undefined, + * TRUSTIFY_DA_IMAGE_PLATFORM?: string | undefined, + * TRUSTIFY_DA_MVN_PATH?: string | undefined, + * TRUSTIFY_DA_PIP_PATH?: string | undefined, + * TRUSTIFY_DA_PIP_USE_DEP_TREE?: string | undefined, + * TRUSTIFY_DA_PIP3_PATH?: string | undefined, + * TRUSTIFY_DA_PNPM_PATH?: string | undefined, + * TRUSTIFY_DA_PODMAN_PATH?: string | undefined, + * TRUSTIFY_DA_PREFER_GRADLEW?: string | undefined, + * TRUSTIFY_DA_PREFER_MVNW?: string | undefined, + * TRUSTIFY_DA_PROXY_URL?: string | undefined, + * TRUSTIFY_DA_PYTHON_INSTALL_BEST_EFFORTS?: string | undefined, + * TRUSTIFY_DA_PYTHON_PATH?: string | undefined, + * TRUSTIFY_DA_PYTHON_VIRTUAL_ENV?: string | undefined, + * TRUSTIFY_DA_PYTHON3_PATH?: string | undefined, + * TRUSTIFY_DA_RECOMMENDATIONS_ENABLED?: string | undefined, + * TRUSTIFY_DA_SKOPEO_CONFIG_PATH?: string | undefined, + * TRUSTIFY_DA_SKOPEO_PATH?: string | undefined, + * TRUSTIFY_DA_SYFT_CONFIG_PATH?: string | undefined, + * TRUSTIFY_DA_SYFT_PATH?: string | undefined, + * TRUSTIFY_DA_YARN_PATH?: string | undefined, * MATCH_MANIFEST_VERSIONS?: string | undefined, * RHDA_SOURCE?: string | undefined, * RHDA_TOKEN?: string | undefined, @@ -53,13 +48,13 @@ export const exhortDefaultUrl = "https://rhda.rhcloud.com"; /** - * Logs messages to the console if the EXHORT_DEBUG environment variable is set to "true". + * Logs messages to the console if the TRUSTIFY_DA_DEBUG environment variable is set to "true". * @param {string} alongsideText - The text to prepend to the log message. * @param {any} valueToBePrinted - The value to log. * @private */ function logOptionsAndEnvironmentsVariables(alongsideText,valueToBePrinted) { - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { console.log(`${alongsideText}: ${valueToBePrinted} ${EOL}`) } } @@ -86,38 +81,41 @@ function readAndPrintVersionFromPackageJson() { } let packageJson = JSON.parse(fs.readFileSync(path.join(dirName, "..", "package.json")).toString()) - logOptionsAndEnvironmentsVariables("exhort-javascript-api analysis started, version: ", packageJson.version) + logOptionsAndEnvironmentsVariables("trustify-da-javascript-client analysis started, version: ", packageJson.version) } /** * This function is used to determine exhort theUrl backend according to the following logic: - * If EXHORT_DEV_MODE = true, then take the value of the EXHORT BACKEND URL of dev/staging environment in such a way: + * If TRUSTIFY_DA_DEV_MODE = true, then take the value of the EXHORT BACKEND URL of dev/staging environment in such a way: * take it as environment variable if exists, otherwise, take it from opts object if exists, otherwise, use the hardcoded default of DEV environment. - * If EXHORT_DEV_MODE = false , then select the production theUrl of EXHORT Backend, which is hardcoded. - * EXHORT_DEV_MODE evaluated in the following order and selected when it finds it first: + * If TRUSTIFY_DA_DEV_MODE = false , then select the production theUrl of EXHORT Backend, which is hardcoded. + * TRUSTIFY_DA_DEV_MODE evaluated in the following order and selected when it finds it first: * 1. Environment Variable * 2. (key,value) from opts object * 3. Default False ( points to production URL ) - * @param {{}} [opts={}] - optional various options to override default EXHORT_DEV_MODE and DEV_EXHORT_BACKEND_URL. + * @param {{TRUSTIFY_DA_DEBUG?: string | undefined; TRUSTIFY_DA_BACKEND_URL?: string | undefined}} [opts={}] * @return {string} - The selected exhort backend * @private */ function selectExhortBackend(opts = {}) { - let result - if (process.env["EXHORT_DEBUG"] === "true") { - let packageJson = readAndPrintVersionFromPackageJson(); + if (getCustom("TRUSTIFY_DA_DEBUG", "false", opts) === "true") { + readAndPrintVersionFromPackageJson(); } - let exhortDevModeBundled = "false" - let exhortDevMode = getCustom("EXHORT_DEV_MODE", exhortDevModeBundled, opts) - if(exhortDevMode !== null && exhortDevMode.toString() === "true") { - result = getCustom('DEV_EXHORT_BACKEND_URL', exhortDevDefaultUrl, opts); + + let url; + if (getCustom('TRUSTIFY_DA_DEV_MODE', 'false', opts) === 'true') { + url = getCustom('DEV_TRUSTIFY_DA_BACKEND_URL', undefined, opts); } else { - result = exhortDefaultUrl + url = getCustom('TRUSTIFY_DA_BACKEND_URL', undefined, opts); + } + + if (!url) { + throw new Error(`TRUSTIFY_DA_BACKEND_URL is unset`) } - logOptionsAndEnvironmentsVariables("Chosen exhort backend URL:", result) + logOptionsAndEnvironmentsVariables("Chosen exhort backend URL:", url) - return result; + return url; } /** @@ -130,12 +128,6 @@ export function testSelectExhortBackend(opts) { return selectExhortBackend(opts) } -/** - * @type {string} The URL of the Exhort backend to send requests to. - * @private - */ -let theUrl - /** * @overload * @param {string} manifest @@ -150,7 +142,7 @@ let theUrl * @param {string} manifest * @param {false} html * @param {Options} [opts={}] - * @returns {Promise} + * @returns {Promise} * @throws {Error} */ @@ -160,12 +152,12 @@ let theUrl * @param {string} manifest - path for the manifest * @param {boolean} [html=false] - true will return a html string, false will return AnalysisReport object. * @param {Options} [opts={}] - optional various options to pass along the application - * @returns {Promise} + * @returns {Promise} * @throws {Error} if manifest inaccessible, no matching provider, failed to get create content, * or backend request failed */ async function stackAnalysis(manifest, html = false, opts = {}) { - theUrl = selectExhortBackend(opts) + const theUrl = selectExhortBackend(opts) fs.accessSync(manifest, fs.constants.R_OK) // throws error if file unreadable let provider = match(manifest, availableProviders) // throws error if no matching provider return await analysis.requestStack(provider, manifest, theUrl, html, opts) // throws error request sending failed @@ -175,11 +167,11 @@ async function stackAnalysis(manifest, html = false, opts = {}) { * Get component analysis report for a manifest content. * @param {string} manifest - path to the manifest * @param {Options} [opts={}] - optional various options to pass along the application - * @returns {Promise} + * @returns {Promise} * @throws {Error} if no matching provider, failed to get create content, or backend request failed */ async function componentAnalysis(manifest, opts = {}) { - theUrl = selectExhortBackend(opts) + const theUrl = selectExhortBackend(opts) fs.accessSync(manifest, fs.constants.R_OK) opts["manifest-type"] = path.basename(manifest) let provider = match(manifest, availableProviders) // throws error if no matching provider @@ -200,7 +192,7 @@ async function componentAnalysis(manifest, opts = {}) { * @param {Array} imageRefs * @param {false} html * @param {Options} [opts={}] - * @returns {Promise>} + * @returns {Promise>} * @throws {Error} */ @@ -210,12 +202,12 @@ async function componentAnalysis(manifest, opts = {}) { * @param {Array} imageRefs - OCI image references * @param {boolean} [html=false] - true will return a html string, false will return AnalysisReport * @param {Options} [opts={}] - optional various options to pass along the application - * @returns {Promise>} + * @returns {Promise>} * @throws {Error} if manifest inaccessible, no matching provider, failed to get create content, * or backend request failed */ async function imageAnalysis(imageRefs, html = false, opts = {}) { - theUrl = selectExhortBackend(opts) + const theUrl = selectExhortBackend(opts) return await analysis.requestImages(imageRefs, theUrl, html, opts) } @@ -226,6 +218,6 @@ async function imageAnalysis(imageRefs, html = false, opts = {}) { * @throws {Error} if the backend request failed. */ async function validateToken(opts = {}) { - theUrl = selectExhortBackend(opts) + const theUrl = selectExhortBackend(opts) return await analysis.validateToken(theUrl, opts) // throws error request sending failed } diff --git a/src/oci_image/utils.js b/src/oci_image/utils.js index 4b95a30..c57e294 100644 --- a/src/oci_image/utils.js +++ b/src/oci_image/utils.js @@ -6,14 +6,14 @@ import { ImageRef } from './images.js'; import { Platform } from './platform.js'; // Constants -const EXHORT_SYFT_CONFIG_PATH = "EXHORT_SYFT_CONFIG_PATH"; -const EXHORT_SYFT_IMAGE_SOURCE = "EXHORT_SYFT_IMAGE_SOURCE"; -const EXHORT_IMAGE_PLATFORM = "EXHORT_IMAGE_PLATFORM"; -const EXHORT_IMAGE_OS = "EXHORT_IMAGE_OS"; -const EXHORT_IMAGE_ARCH = "EXHORT_IMAGE_ARCH"; -const EXHORT_IMAGE_VARIANT = "EXHORT_IMAGE_VARIANT"; -const EXHORT_SKOPEO_CONFIG_PATH = "EXHORT_SKOPEO_CONFIG_PATH"; -const EXHORT_IMAGE_SERVICE_ENDPOINT = "EXHORT_IMAGE_SERVICE_ENDPOINT"; +const TRUSTIFY_DA_SYFT_CONFIG_PATH = "TRUSTIFY_DA_SYFT_CONFIG_PATH"; +const TRUSTIFY_DA_SYFT_IMAGE_SOURCE = "TRUSTIFY_DA_SYFT_IMAGE_SOURCE"; +const TRUSTIFY_DA_IMAGE_PLATFORM = "TRUSTIFY_DA_IMAGE_PLATFORM"; +const TRUSTIFY_DA_IMAGE_OS = "TRUSTIFY_DA_IMAGE_OS"; +const TRUSTIFY_DA_IMAGE_ARCH = "TRUSTIFY_DA_IMAGE_ARCH"; +const TRUSTIFY_DA_IMAGE_VARIANT = "TRUSTIFY_DA_IMAGE_VARIANT"; +const TRUSTIFY_DA_SKOPEO_CONFIG_PATH = "TRUSTIFY_DA_SKOPEO_CONFIG_PATH"; +const TRUSTIFY_DA_IMAGE_SERVICE_ENDPOINT = "TRUSTIFY_DA_IMAGE_SERVICE_ENDPOINT"; const MEDIA_TYPE_DOCKER2_MANIFEST = "application/vnd.docker.distribution.manifest.v2+json"; const MEDIA_TYPE_DOCKER2_MANIFEST_LIST = "application/vnd.docker.distribution.manifest.list.v2+json"; const MEDIA_TYPE_OCI1_MANIFEST = "application/vnd.oci.image.manifest.v1+json"; @@ -98,8 +98,8 @@ function execSyft(imageRef, opts = {}) { const docker = getCustomPath("docker", opts); const podman = getCustomPath("podman", opts); - const syftConfigPath = getCustom(EXHORT_SYFT_CONFIG_PATH, "", opts); - const imageSource = getCustom(EXHORT_SYFT_IMAGE_SOURCE, "", opts); + const syftConfigPath = getCustom(TRUSTIFY_DA_SYFT_CONFIG_PATH, "", opts); + const imageSource = getCustom(TRUSTIFY_DA_SYFT_IMAGE_SOURCE, "", opts); // Confirm image source exists, this will throw an error if not getImageSource(imageSource); @@ -173,19 +173,19 @@ function getSyftEnvs(dockerPath, podmanPath) { * @returns {Platform|null} - The platform information or null */ export function getImagePlatform(opts = {}) { - const platform = getCustom(EXHORT_IMAGE_PLATFORM, null, opts); + const platform = getCustom(TRUSTIFY_DA_IMAGE_PLATFORM, null, opts); if (platform) { return Platform.fromString(platform) } - const imageSource = getCustom(EXHORT_SYFT_IMAGE_SOURCE, "", opts); + const imageSource = getCustom(TRUSTIFY_DA_SYFT_IMAGE_SOURCE, "", opts); const source = getImageSource(imageSource); - let os = getCustom(EXHORT_IMAGE_OS, null, opts); + let os = getCustom(TRUSTIFY_DA_IMAGE_OS, null, opts); if (!os) { os = source.getOs(opts); } - let arch = getCustom(EXHORT_IMAGE_ARCH, null, opts); + let arch = getCustom(TRUSTIFY_DA_IMAGE_ARCH, null, opts); if (!arch) { arch = source.getArch(opts); } @@ -194,7 +194,7 @@ export function getImagePlatform(opts = {}) { return Platform.fromComponents(os, arch, null); } - let variant = getCustom(EXHORT_IMAGE_VARIANT, null, opts); + let variant = getCustom(TRUSTIFY_DA_IMAGE_VARIANT, null, opts); if (!variant) { variant = source.getVariant(opts); } @@ -443,8 +443,8 @@ function getSingleImageDigest(imageRef, opts = {}) { function execSkopeoInspect(imageRef, raw, opts = {}) { const skopeo = getCustomPath("skopeo", opts); - const configPath = getCustom(EXHORT_SKOPEO_CONFIG_PATH, null, opts); - const daemonHost = getCustom(EXHORT_IMAGE_SERVICE_ENDPOINT, null, opts); + const configPath = getCustom(TRUSTIFY_DA_SKOPEO_CONFIG_PATH, null, opts); + const daemonHost = getCustom(TRUSTIFY_DA_IMAGE_SERVICE_ENDPOINT, null, opts); const args = [ "inspect", diff --git a/src/providers/golang_gomodules.js b/src/providers/golang_gomodules.js index 90bb2dd..676e983 100644 --- a/src/providers/golang_gomodules.js +++ b/src/providers/golang_gomodules.js @@ -282,7 +282,7 @@ function getSBOM(manifest, opts = {}, includeTransitive) { const mainModule = toPurl(root, "@") sbom.addRoot(mainModule) - const exhortGoMvsLogicEnabled = getCustom("EXHORT_GO_MVS_LOGIC_ENABLED", "true", opts) + const exhortGoMvsLogicEnabled = getCustom("TRUSTIFY_DA_GO_MVS_LOGIC_ENABLED", "true", opts) if(includeTransitive && exhortGoMvsLogicEnabled === "true") { rows = getFinalPackagesVersionsForModule(rows, manifest, goBin) } diff --git a/src/providers/java_gradle.js b/src/providers/java_gradle.js index e47f258..443abb1 100644 --- a/src/providers/java_gradle.js +++ b/src/providers/java_gradle.js @@ -17,8 +17,8 @@ import Base_java, { ecosystem_gradle } from "./base_java.js"; const ROOT_PROJECT_KEY_NAME = "root-project"; -const EXHORT_IGNORE_REGEX_LINE = /.*\s?exhortignore\s*$/g -const EXHORT_IGNORE_REGEX = /\/\/\s?exhortignore/ +const TRUSTIFY_DA_IGNORE_REGEX_LINE = /.*\s?exhortignore\s*$/g +const TRUSTIFY_DA_IGNORE_REGEX = /\/\/\s?exhortignore/ /** * Check if the dependency marked for exclusion has libs notation , so if it's true the rest of coordinates( GAV) should be fetched from TOML file. @@ -215,7 +215,7 @@ export default class Java_gradle extends Base_java { let content = this.#getDependencies(manifest, opts) let properties = this.#extractProperties(manifest, opts) // read dependency tree from temp file - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { console.log("Dependency tree that will be used as input for creating the BOM =>" + EOL + EOL + content) } let sbom = this.#buildSbom(content, properties, manifest, opts) @@ -381,9 +381,9 @@ export default class Java_gradle extends Base_java { #getIgnoredDeps(manifestPath) { let buildGradleLines = fs.readFileSync(manifestPath).toString().split(EOL) let ignored = - buildGradleLines.filter(line => line && line.match(EXHORT_IGNORE_REGEX_LINE)) + buildGradleLines.filter(line => line && line.match(TRUSTIFY_DA_IGNORE_REGEX_LINE)) .map(line => line.indexOf("/*") === -1 ? line : line.substring(0, line.indexOf("/*"))) - .map(line => line.trim().substring(0, line.trim().search(EXHORT_IGNORE_REGEX))) + .map(line => line.trim().substring(0, line.trim().search(TRUSTIFY_DA_IGNORE_REGEX))) let depsToIgnore = new Array ignored.forEach(depToBeIgnored => { diff --git a/src/providers/java_maven.js b/src/providers/java_maven.js index 269697b..c7f43a9 100644 --- a/src/providers/java_maven.js +++ b/src/providers/java_maven.js @@ -75,7 +75,7 @@ export default class Java_maven extends Base_java { #createSbomStackAnalysis(manifest, opts = {}) { const manifestDir = path.dirname(manifest) const mvn = this.selectToolBinary(manifest, opts) - const mvnArgs = JSON.parse(getCustom('EXHORT_MVN_ARGS', '[]', opts)); + const mvnArgs = JSON.parse(getCustom('TRUSTIFY_DA_MVN_ARGS', '[]', opts)); if (!Array.isArray(mvnArgs)) { throw new Error(`configured maven args is not an array, is a ${typeof mvnArgs}`) } @@ -116,7 +116,7 @@ export default class Java_maven extends Base_java { } // read dependency tree from temp file let content = fs.readFileSync(tmpDepTree) - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { console.error("Dependency tree that will be used as input for creating the BOM =>" + EOL + EOL + content.toString()) } let sbom = this.createSbomFileFromTextFormat(content.toString(), ignoredDeps, opts); @@ -151,7 +151,7 @@ export default class Java_maven extends Base_java { */ #getSbomForComponentAnalysis(manifestPath, opts = {}) { const mvn = this.selectToolBinary(manifestPath, opts) - const mvnArgs = JSON.parse(getCustom('EXHORT_MVN_ARGS', '[]', opts)); + const mvnArgs = JSON.parse(getCustom('TRUSTIFY_DA_MVN_ARGS', '[]', opts)); if (!Array.isArray(mvnArgs)) { throw new Error(`configured maven args is not an array, is a ${typeof mvnArgs}`) } diff --git a/src/providers/python_controller.js b/src/providers/python_controller.js index a0c115e..3117012 100644 --- a/src/providers/python_controller.js +++ b/src/providers/python_controller.js @@ -6,7 +6,7 @@ import {environmentVariableIsPopulated,getCustom, invokeCommand} from "../tools. function getPipFreezeOutput() { try { - return environmentVariableIsPopulated("EXHORT_PIP_FREEZE") ? new Buffer.from(process.env["EXHORT_PIP_FREEZE"], 'base64').toString('ascii') : invokeCommand(this.pathToPipBin, ['freeze', '--all']).toString(); + return environmentVariableIsPopulated("TRUSTIFY_DA_PIP_FREEZE") ? new Buffer.from(process.env["TRUSTIFY_DA_PIP_FREEZE"], 'base64').toString('ascii') : invokeCommand(this.pathToPipBin, ['freeze', '--all']).toString(); } catch (error) { throw new Error('Failed invoking \'pip freeze\' to list all installed packages in environment', {cause: error}) } @@ -14,7 +14,7 @@ function getPipFreezeOutput() { function getPipShowOutput(depNames) { try { - return environmentVariableIsPopulated("EXHORT_PIP_SHOW") ? new Buffer.from(process.env["EXHORT_PIP_SHOW"], 'base64').toString('ascii') : invokeCommand(this.pathToPipBin, ['show', ...depNames]).toString(); + return environmentVariableIsPopulated("TRUSTIFY_DA_PIP_SHOW") ? new Buffer.from(process.env["TRUSTIFY_DA_PIP_SHOW"], 'base64').toString('ascii') : invokeCommand(this.pathToPipBin, ['show', ...depNames]).toString(); } catch (error) { throw new Error('fail invoking \'pip show\' to fetch metadata for all installed packages in environment', {cause: error}) } @@ -102,12 +102,12 @@ export default class Python_controller { getDependencies(includeTransitive) { let startingTime let endingTime - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { startingTime = new Date() console.log("Starting time to get requirements.txt dependency tree = " + startingTime) } if(!this.realEnvironment) { - let installBestEfforts = getCustom("EXHORT_PYTHON_INSTALL_BEST_EFFORTS","false",this.options); + let installBestEfforts = getCustom("TRUSTIFY_DA_PYTHON_INSTALL_BEST_EFFORTS","false",this.options); if(installBestEfforts === "false") { try { invokeCommand(this.pathToPipBin, ['install', '-r', this.pathToRequirements]) @@ -121,14 +121,14 @@ export default class Python_controller { else { let matchManifestVersions = getCustom("MATCH_MANIFEST_VERSIONS","true",this.options); if(matchManifestVersions === "true") { - throw new Error("Conflicting settings, EXHORT_PYTHON_INSTALL_BEST_EFFORTS=true can only work with MATCH_MANIFEST_VERSIONS=false") + throw new Error("Conflicting settings, TRUSTIFY_DA_PYTHON_INSTALL_BEST_EFFORTS=true can only work with MATCH_MANIFEST_VERSIONS=false") } this.#installingRequirementsOneByOne() } } let dependencies = this.#getDependenciesImpl(includeTransitive) this.#cleanEnvironment() - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { endingTime = new Date() console.log("Ending time to get requirements.txt dependency tree = " + endingTime) let time = ( endingTime - startingTime ) / 1000 @@ -164,7 +164,7 @@ export default class Python_controller { #getDependenciesImpl(includeTransitive) { let dependencies = new Array() - let usePipDepTree = getCustom("EXHORT_PIP_USE_DEP_TREE","false",this.options); + let usePipDepTree = getCustom("TRUSTIFY_DA_PIP_USE_DEP_TREE","false",this.options); let freezeOutput let lines let depNames @@ -336,7 +336,7 @@ function bringAllDependencies(dependencies, dependencyName, cachedEnvironmentDep } let record = cachedEnvironmentDeps[dependencyName.toLowerCase()] if(record == null) { - throw new Error(`Package ${dependencyName} is not installed in your python environment, either install it (better to install requirements.txt altogether) or set the setting EXHORT_PYTHON_VIRTUAL_ENV=true to automatically install it in virtual environment (please note that this may slow down the analysis)`) + throw new Error(`Package ${dependencyName} is not installed in your python environment, either install it (better to install requirements.txt altogether) or set the setting TRUSTIFY_DA_PYTHON_VIRTUAL_ENV=true to automatically install it in virtual environment (please note that this may slow down the analysis)`) } let depName let version; diff --git a/src/providers/python_pip.js b/src/providers/python_pip.js index 062da21..9edf7b6 100644 --- a/src/providers/python_pip.js +++ b/src/providers/python_pip.js @@ -174,9 +174,9 @@ function getPythonPipBinaries(binaries,opts) { */ function handlePythonEnvironment(binaries, opts) { let createVirtualPythonEnv - if (!environmentVariableIsPopulated("EXHORT_PIP_SHOW") && !environmentVariableIsPopulated("EXHORT_PIP_FREEZE")) { + if (!environmentVariableIsPopulated("TRUSTIFY_DA_PIP_SHOW") && !environmentVariableIsPopulated("TRUSTIFY_DA_PIP_FREEZE")) { getPythonPipBinaries(binaries, opts) - createVirtualPythonEnv = getCustom("EXHORT_PYTHON_VIRTUAL_ENV", "false", opts); + createVirtualPythonEnv = getCustom("TRUSTIFY_DA_PYTHON_VIRTUAL_ENV", "false", opts); } // bypass invoking python and pip, as we get all information needed to build the dependency tree from these Environment variables. else { diff --git a/src/sbom.js b/src/sbom.js index 4f4da82..b837e84 100644 --- a/src/sbom.js +++ b/src/sbom.js @@ -5,7 +5,7 @@ export default class Sbom { #startTime #endTime constructor() { - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { this.#startTime = new Date() console.log("Starting time to create sbom = " + this.#startTime) } @@ -57,7 +57,7 @@ export default class Sbom { * @return String sbom json in a string format */ getAsJsonString(opts = {}){ - if (process.env["EXHORT_DEBUG"] === "true") { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true") { this.#endTime = new Date() console.log("Ending time to create sbom = " + this.#endTime) let time = (this.#endTime - this.#startTime) / 1000 diff --git a/src/tools.js b/src/tools.js index 82b2fee..b3e9a32 100644 --- a/src/tools.js +++ b/src/tools.js @@ -3,7 +3,7 @@ import { EOL } from "os"; import { PackageURL } from "packageurl-js"; -export const RegexNotToBeLogged = /EXHORT_.*_TOKEN|ex-.*-token/ +export const RegexNotToBeLogged = /TRUSTIFY_DA_.*_TOKEN|ex-.*-token/ /** * * @param {string} key to log its value from environment variables and from opts, if it exists @@ -35,7 +35,7 @@ export function logValueFromObjects(key,opts, defValue) { * default supplied */ export function getCustom(key, def = null, opts = {}) { - if (process.env["EXHORT_DEBUG"] === "true" && !key.match(RegexNotToBeLogged)) { + if (process.env["TRUSTIFY_DA_DEBUG"] === "true" && !key.match(RegexNotToBeLogged)) { logValueFromObjects(key, opts, def) } return key in process.env ? process.env[key] : key in opts && typeof opts[key] === 'string' ? opts[key] : def @@ -43,7 +43,7 @@ export function getCustom(key, def = null, opts = {}) { /** * Utility function for looking up custom variable for a binary path. - * Will look in the environment variables (1) or in opts (2) for a key with EXHORT_x_PATH, x is an + * Will look in the environment variables (1) or in opts (2) for a key with TRUSTIFY_DA_x_PATH, x is an * uppercase version of passed name to look for. The name will also be returned if nothing else was * found. * @param name the binary name to look for, will be returned as value in nothing else found @@ -52,7 +52,7 @@ export function getCustom(key, def = null, opts = {}) { * original name supplied */ export function getCustomPath(name, opts = {}) { - return getCustom(`EXHORT_${name.toUpperCase()}_PATH`, name, opts) + return getCustom(`TRUSTIFY_DA_${name.toUpperCase()}_PATH`, name, opts) } /** @@ -63,7 +63,7 @@ export function getCustomPath(name, opts = {}) { * @returns {boolean} whether to prefer the wrapper if exists or not */ export function getWrapperPreference(name, opts = {}) { - return getCustom(`EXHORT_PREFER_${name.toUpperCase()}W`, 'true', opts) === 'true' + return getCustom(`TRUSTIFY_DA_PREFER_${name.toUpperCase()}W`, 'true', opts) === 'true' } export function environmentVariableIsPopulated(envVariableName) { diff --git a/test/analysis.test.js b/test/analysis.test.js index c0404d9..70b0e98 100644 --- a/test/analysis.test.js +++ b/test/analysis.test.js @@ -121,7 +121,7 @@ suite('testing the analysis module for sending api requests', () => { }), async () => { let options = { - 'EXHORT_SNYK_TOKEN': 'good-dummy-token' + 'TRUSTIFY_DA_SNYK_TOKEN': 'good-dummy-token' } // verify response as expected let res = await analysis.validateToken(backendUrl, options) @@ -136,7 +136,7 @@ suite('testing the analysis module for sending api requests', () => { }), async () => { let options = { - 'EXHORT_SNYK_TOKEN': 'bad-dummy-token' + 'TRUSTIFY_DA_SNYK_TOKEN': 'bad-dummy-token' } // verify response as expected let res = await analysis.validateToken(backendUrl, options) @@ -172,7 +172,7 @@ suite('testing the analysis module for sending api requests', () => { isSupported: () => {} // not required for this test }; - afterEach(() => delete process.env['EXHORT_SNYK_TOKEN']) + afterEach(() => delete process.env['TRUSTIFY_DA_SNYK_TOKEN']) test('when the relevant token environment variables are set, verify corresponding headers are included', interceptAndRun( // interception route, will return ok response if found the expected token @@ -183,7 +183,7 @@ suite('testing the analysis module for sending api requests', () => { return res(ctx.status(400)) }), async () => { - process.env['EXHORT_SNYK_TOKEN'] = 'dummy-snyk-token' + process.env['TRUSTIFY_DA_SNYK_TOKEN'] = 'dummy-snyk-token' let res = await analysis.requestStack(fakeProvider, fakeManifest, backendUrl) expect(res).to.deep.equal({ok: 'ok'}) } @@ -215,7 +215,7 @@ suite('testing the analysis module for sending api requests', () => { }; afterEach(() => { - delete process.env['EXHORT_PROXY_URL'] + delete process.env['TRUSTIFY_DA_PROXY_URL'] }) test('when HTTP proxy is configured, verify agent is set correctly', interceptAndRun( @@ -226,7 +226,7 @@ suite('testing the analysis module for sending api requests', () => { async () => { const httpProxyUrl = 'http://proxy.example.com:8080' const options = { - 'EXHORT_PROXY_URL': httpProxyUrl + 'TRUSTIFY_DA_PROXY_URL': httpProxyUrl } let res = await analysis.requestStack(fakeProvider, fakeManifest, backendUrl, false, options) expect(res).to.deep.equal({ok: 'ok'}) @@ -241,7 +241,7 @@ suite('testing the analysis module for sending api requests', () => { async () => { const httpsProxyUrl = 'https://proxy.example.com:8080' const options = { - 'EXHORT_PROXY_URL': httpsProxyUrl + 'TRUSTIFY_DA_PROXY_URL': httpsProxyUrl } let res = await analysis.requestStack(fakeProvider, fakeManifest, backendUrl, false, options) expect(res).to.deep.equal({ok: 'ok'}) @@ -254,7 +254,7 @@ suite('testing the analysis module for sending api requests', () => { return res(ctx.json({ok: 'ok'})) }), async () => { - process.env['EXHORT_PROXY_URL'] = 'http://proxy.example.com:8080' + process.env['TRUSTIFY_DA_PROXY_URL'] = 'http://proxy.example.com:8080' let res = await analysis.requestStack(fakeProvider, fakeManifest, backendUrl) expect(res).to.deep.equal({ok: 'ok'}) } diff --git a/test/get-exhort-url.test.js b/test/get-exhort-url.test.js index f511391..6da9fe1 100644 --- a/test/get-exhort-url.test.js +++ b/test/get-exhort-url.test.js @@ -1,117 +1,115 @@ import { expect } from 'chai' -import {exhortDefaultUrl, exhortDevDefaultUrl, testSelectExhortBackend} from "../src/index.js" +import { exhortDevUrl, testSelectExhortBackend } from '../src/index.js' -suite('testing Select Exhort Backend function when EXHORT_DEV_MODE environment variable is True', () => { +const testProdUrl = 'https://exhort.example.com'; - test('When Dev Mode environment Variable= true, default DEV Exhort Backend Selected ', () => { - let testOpts = { - "EXHORT_DEV_MODE" : "true" +suite('testing Select Exhort Backend function when TRUSTIFY_DA_DEV_MODE environment variable is True', () => { + test('When Dev Mode environment Variable= true, default DEV Exhort Backend Selected', () => { + let testOpts = { + 'TRUSTIFY_DA_DEV_MODE': 'true' } let selectedUrl = testSelectExhortBackend(testOpts); - expect(selectedUrl).not.to.be.equals(exhortDefaultUrl) - expect(selectedUrl).to.be.equals(exhortDevDefaultUrl) + expect(selectedUrl).not.to.be.equals(testProdUrl) + expect(selectedUrl).to.be.equals(exhortDevUrl) }); - test('When Dev Mode environment Variable= true, and despite option Dev Mode = false , default DEV Exhort Backend Selected ', () => { + test('When Dev Mode environment Variable= true, and despite option Dev Mode = false, default DEV Exhort Backend Selected', () => { let testOpts = { - "EXHORT_DEV_MODE" : "false" + 'TRUSTIFY_DA_DEV_MODE': 'false' } let selectedUrl = testSelectExhortBackend(testOpts); - expect(selectedUrl).not.to.be.equals(exhortDefaultUrl) - expect(selectedUrl).to.be.equals(exhortDevDefaultUrl) + expect(selectedUrl).not.to.be.equals(testProdUrl) + expect(selectedUrl).to.be.equals(exhortDevUrl) }); - test('When Dev Mode environment Variable= true, And option DEV_EXHORT_BACKEND_URL contains some url route that client set , default DEV Exhort Backend Not Selected ', () => { - const dummyRoute = "http://dummy-exhort-route"; + test('When Dev Mode environment Variable= true, And option DEV_TRUSTIFY_DA_BACKEND_URL contains some url route that client set, default DEV Exhort Backend Not Selected', () => { + const dummyRoute = 'http://dummy-exhort-route'; let testOpts = { - "DEV_EXHORT_BACKEND_URL" : dummyRoute + 'DEV_TRUSTIFY_DA_BACKEND_URL': dummyRoute } let selectedUrl = testSelectExhortBackend(testOpts); - expect(selectedUrl).not.to.be.equals(exhortDevDefaultUrl) + expect(selectedUrl).not.to.be.equals(exhortDevUrl) expect(selectedUrl).to.be.equals(dummyRoute) }); -}).beforeAll(() => process.env["EXHORT_DEV_MODE"] = "true" ).afterAll(() => delete process.env['EXHORT_DEV_MODE']); +}).beforeAll(() => { process.env['TRUSTIFY_DA_DEV_MODE'] = 'true'; process.env['TRUSTIFY_DA_BACKEND_URL'] = testProdUrl }).afterAll(() => delete process.env['TRUSTIFY_DA_DEV_MODE']); -suite('testing Select Exhort Backend function when EXHORT_DEV_MODE environment variable is false', () => { +suite('testing Select Exhort Backend function when TRUSTIFY_DA_DEV_MODE environment variable is false', () => { - test('When Dev Mode environment Variable= true, default DEV Exhort Backend Selected ', () => { + test('When Dev Mode environment Variable= true, default DEV Exhort Backend Selected', () => { let testOpts = { - "EXHORT_DEV_MODE" : "false" + 'TRUSTIFY_DA_DEV_MODE': 'false' } let selectedUrl = testSelectExhortBackend(testOpts); - expect(selectedUrl).not.to.be.equals(exhortDevDefaultUrl) - expect(selectedUrl).to.be.equals(exhortDefaultUrl) + expect(selectedUrl).not.to.be.equals(exhortDevUrl) + expect(selectedUrl).to.be.equals(testProdUrl) }); - test('When Dev Mode environment Variable= false, and despite option Dev Mode = true , default Exhort Backend Selected (production) ', () => { - let dummyRoute = "http://dummy-dev-route-exhirt" + test('When Dev Mode environment Variable= false, and despite option Dev Mode = true, default Exhort Backend Selected (production)', () => { + let dummyRoute = 'http://dummy-dev-route-exhort' let testOpts = { - "EXHORT_DEV_MODE" : "true", - "DEV_EXHORT_BACKEND_URL" : dummyRoute + 'TRUSTIFY_DA_DEV_MODE': 'true', + 'DEV_TRUSTIFY_DA_BACKEND_URL': dummyRoute } let selectedUrl = testSelectExhortBackend(testOpts); expect(selectedUrl).not.to.be.equals(dummyRoute) - expect(selectedUrl).to.be.equals(exhortDefaultUrl) + expect(selectedUrl).to.be.equals(testProdUrl) }); - test('When Dev Mode environment Variable= false, environment variable DEV_EXHORT_BACKEND_URL=dummy-url , option EXHORT_DEV_MODE=true , default Exhort Backend Selected anyway ', () => { - const dummyRoute = "http://dummy-url" - process.env["DEV_EXHORT_BACKEND_URL"] = dummyRoute + test('When Dev Mode environment Variable= false, environment variable DEV_TRUSTIFY_DA_BACKEND_URL=dummy-url, option TRUSTIFY_DA_DEV_MODE=true, default Exhort Backend Selected anyway', () => { + const dummyRoute = 'http://dummy-url' + process.env['DEV_TRUSTIFY_DA_BACKEND_URL'] = dummyRoute let testOpts = { - "EXHORT_DEV_MODE" : "true", - "DEV_EXHORT_BACKEND_URL" : dummyRoute + 'TRUSTIFY_DA_DEV_MODE': 'true', + 'DEV_TRUSTIFY_DA_BACKEND_URL': dummyRoute } let selectedUrl = testSelectExhortBackend(testOpts); - delete process.env["DEV_EXHORT_BACKEND_URL"] + delete process.env['DEV_TRUSTIFY_DA_BACKEND_URL'] expect(selectedUrl).not.to.be.equals(dummyRoute) - expect(selectedUrl).to.be.equals(exhortDefaultUrl) + expect(selectedUrl).to.be.equals(testProdUrl) }); -}).beforeAll(() => process.env["EXHORT_DEV_MODE"] = "false" ).afterAll(() => delete process.env['EXHORT_DEV_MODE']); +}).beforeAll(() => { process.env['TRUSTIFY_DA_DEV_MODE'] = 'false'; process.env['TRUSTIFY_DA_BACKEND_URL'] = testProdUrl }).afterAll(() => delete process.env['TRUSTIFY_DA_DEV_MODE']); -suite('testing Select Exhort Backend function when EXHORT_DEV_MODE environment variable is not set', () => { +suite('testing Select Exhort Backend function when TRUSTIFY_DA_DEV_MODE environment variable is not set', () => { test('When Dev Mode Option = false, default Exhort Backend Selected (production)', () => { let testOpts = { - "EXHORT_DEV_MODE" : "false" + 'TRUSTIFY_DA_DEV_MODE': 'false' } let selectedUrl = testSelectExhortBackend(testOpts); - expect(selectedUrl).not.to.be.equals(exhortDevDefaultUrl) - expect(selectedUrl).to.be.equals(exhortDefaultUrl) + expect(selectedUrl).not.to.be.equals(exhortDevUrl) + expect(selectedUrl).to.be.equals(testProdUrl) }); - test('When Dev Mode Option Variable= true, default dev Exhort Backend Selected ', () => { + test('When Dev Mode Option Variable= true, default dev Exhort Backend Selected', () => { let testOpts = { - "EXHORT_DEV_MODE" : "true" + 'TRUSTIFY_DA_DEV_MODE': 'true' } let selectedUrl = testSelectExhortBackend(testOpts); - expect(selectedUrl).not.to.be.equals(exhortDefaultUrl) - expect(selectedUrl).to.be.equals(exhortDevDefaultUrl) + expect(selectedUrl).not.to.be.equals(testProdUrl) + expect(selectedUrl).to.be.equals(exhortDevUrl) }); - test('When Dev Mode option = true, option DEV_EXHORT_BACKEND_URL=some dummy-url , then some dummy-url Selected ', () => { - let dummyRoute = "http://dummy-dev-route-exhirt" - process.env["DEV_EXHORT_BACKEND_URL"] = dummyRoute + test('When Dev Mode option = true, option DEV_TRUSTIFY_DA_BACKEND_URL=some dummy-url, then some dummy-url Selected', () => { + let dummyRoute = 'http://dummy-dev-route-exhort' + process.env['DEV_TRUSTIFY_DA_BACKEND_URL'] = dummyRoute let testOpts = { - "EXHORT_DEV_MODE" : "true", - "DEV_EXHORT_BACKEND_URL" : dummyRoute + 'TRUSTIFY_DA_DEV_MODE': 'true', + 'DEV_TRUSTIFY_DA_BACKEND_URL': dummyRoute } let selectedUrl = testSelectExhortBackend(testOpts); - expect(selectedUrl).not.to.be.equals(exhortDefaultUrl) + expect(selectedUrl).not.to.be.equals(testProdUrl) expect(selectedUrl).to.be.equals(dummyRoute) - delete process.env["DEV_EXHORT_BACKEND_URL"] + delete process.env['DEV_TRUSTIFY_DA_BACKEND_URL'] }); - test('When Nothing set, Choose default backend (production) ', () => { + test('When Nothing set, throw error', () => { let selectedUrl = testSelectExhortBackend({}); - expect(selectedUrl).to.be.equals(exhortDefaultUrl) - }); - - -}); - + expect(selectedUrl).to.be.equals(testProdUrl) + }) +}).beforeAll(() => process.env['TRUSTIFY_DA_BACKEND_URL'] = testProdUrl); diff --git a/test/it/end-to-end.js b/test/it/end-to-end.js index a73db28..946eb46 100644 --- a/test/it/end-to-end.js +++ b/test/it/end-to-end.js @@ -46,11 +46,11 @@ suite('Integration Tests', () => { ].forEach(packageManager => { test(`Stack Analysis json for ${packageManager}`, async () => { if(packageManager === "pip") { - process.env["EXHORT_PYTHON_VIRTUAL_ENV"] = "true" + process.env["TRUSTIFY_DA_PYTHON_VIRTUAL_ENV"] = "true" } else { - process.env["EXHORT_PYTHON_VIRTUAL_ENV"] = "" + process.env["TRUSTIFY_DA_PYTHON_VIRTUAL_ENV"] = "" } - process.env["EXHORT_DEV_MODE"] = "true" + process.env["TRUSTIFY_DA_DEV_MODE"] = "true" let manifestName = packageManagersDict[packageManager] let pomPath = `test/it/test_manifests/${packageManager}/${manifestName}` let providedDataForStack = await index.stackAnalysis(pomPath) @@ -70,9 +70,9 @@ suite('Integration Tests', () => { let pomPath = `test/it/test_manifests/${packageManager}/${manifestName}` let html = await index.stackAnalysis(pomPath,true) if(packageManager === "pip") { - process.env["EXHORT_PYTHON_VIRTUAL_ENV"] = "true" + process.env["TRUSTIFY_DA_PYTHON_VIRTUAL_ENV"] = "true" } else { - process.env["EXHORT_PYTHON_VIRTUAL_ENV"] = "" + process.env["TRUSTIFY_DA_PYTHON_VIRTUAL_ENV"] = "" } let reportParsedFromHtml let parsedSummaryFromHtml @@ -111,4 +111,4 @@ suite('Integration Tests', () => { }); -}).beforeAll(() => process.env["EXHORT_DEV_MODE"] = "true"); +}).beforeAll(() => process.env["TRUSTIFY_DA_DEV_MODE"] = "true"); diff --git a/test/providers/golang_gomodules.test.js b/test/providers/golang_gomodules.test.js index 32063f9..1a4d2df 100644 --- a/test/providers/golang_gomodules.test.js +++ b/test/providers/golang_gomodules.test.js @@ -68,7 +68,7 @@ suite('testing the golang-go-modules data provider', () => { let expectedSbom = fs.readFileSync(`test/providers/tst_manifests/golang/${testCase}/expected_sbom_stack_analysis.json`,).toString() // expectedSbom = JSON.stringify(JSON.parse(expectedSbom)) // invoke sut stack analysis for scenario manifest - let providedDataForStack = golangGoModules.provideStack(`test/providers/tst_manifests/golang/${testCase}/go.mod`,{"EXHORT_GO_MVS_LOGIC_ENABLED" : "true"}) + let providedDataForStack = golangGoModules.provideStack(`test/providers/tst_manifests/golang/${testCase}/go.mod`,{"TRUSTIFY_DA_GO_MVS_LOGIC_ENABLED" : "true"}) // new(year: number, month: number, date?: number, hours?: number, minutes?: number, seconds?: number, ms?: number): Date // providedDataForStack.content = providedDataForStack.content.replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\"","") diff --git a/test/providers/java_maven.test.js b/test/providers/java_maven.test.js index 4e4ea33..1f8b9b7 100644 --- a/test/providers/java_maven.test.js +++ b/test/providers/java_maven.test.js @@ -68,12 +68,12 @@ suite('testing the java-maven data provider', async () => { test(`verify tool selection with "${testCase.mvnPath}" and${testCase.preferWrapper ? ' ' : ' not '}preferring wrapper`, () => { let javaMvnProvider = new Java_maven() expect(javaMvnProvider.selectToolBinary(`test/providers/tst_manifests/maven/pom_with_mvn_wrapper/pom.xml`, { - 'EXHORT_PREFER_MVNW': testCase.preferWrapper.toString(), - 'EXHORT_MVN_PATH': testCase.mvnPath, + 'TRUSTIFY_DA_PREFER_MVNW': testCase.preferWrapper.toString(), + 'TRUSTIFY_DA_MVN_PATH': testCase.mvnPath, })).to.eq(testCase.preferWrapper ? path.resolve(`test/providers/tst_manifests/maven/pom_with_mvn_wrapper/mvnw`) + (platform === 'win32' ? '.cmd' : '') : testCase.mvnPath) - }) + }).timeout(10000) }); [ diff --git a/test/providers/oci_images.test.js b/test/providers/oci_images.test.js index 9001aa1..2942936 100644 --- a/test/providers/oci_images.test.js +++ b/test/providers/oci_images.test.js @@ -20,7 +20,7 @@ suite('testing the OCI image data provider', () => { providedSbom['metadata'] = null providedSbom['serialNumber'] = null expect(JSON.stringify(providedSbom, null, 4).trimEnd()).to.deep.equal(expectedSbom) - }).timeout(10000) + }).timeout(40000) }); [ diff --git a/test/providers/python_pip.test.js b/test/providers/python_pip.test.js index 0c45534..07ef64c 100644 --- a/test/providers/python_pip.test.js +++ b/test/providers/python_pip.test.js @@ -13,7 +13,7 @@ function sharedComponentAnalysisTestFlow(testCase, usePipDepTreeUtility) { let expectedSbom = fs.readFileSync(`test/providers/tst_manifests/pip/${testCase}/expected_component_sbom.json`).toString().trim() expectedSbom = JSON.stringify(JSON.parse(expectedSbom)) // invoke sut stack analysis for scenario manifest - let opts = { "EXHORT_PIP_USE_DEP_TREE" : usePipDepTreeUtility } + let opts = { "TRUSTIFY_DA_PIP_USE_DEP_TREE" : usePipDepTreeUtility } let providedDatForComponent = pythonPip.provideComponent(`test/providers/tst_manifests/pip/${testCase}/requirements.txt`, opts) // verify returned data matches expectation expect(providedDatForComponent).to.deep.equal({ @@ -34,7 +34,7 @@ function sharedStackAnalysisTestFlow(testCase, usePipDepTreeUtility) { } catch (error) { throw new Error('fail installing requirements.txt manifest in created virtual python environment', {cause: error}) } - let opts = { "EXHORT_PIP_USE_DEP_TREE" : usePipDepTreeUtility } + let opts = { "TRUSTIFY_DA_PIP_USE_DEP_TREE" : usePipDepTreeUtility } let providedDataForStack = pythonPip.provideStack(`test/providers/tst_manifests/pip/${testCase}/requirements.txt`, opts) // new(year: number, month: number, date?: number, hours?: number, minutes?: number, seconds?: number, ms?: number): Date @@ -94,8 +94,8 @@ suite('testing the python-pip data provider with virtual environment', () => { test(`verify requirements.txt sbom provided for stack analysis using virutal python environment, with scenario ${scenario}`, () => { // load the expected sbom stack analysis let expectedSbom = fs.readFileSync(`test/providers/tst_manifests/pip/${testCase}/expected_stack_sbom.json`,).toString() - process.env["EXHORT_PYTHON_VIRTUAL_ENV"] = "true" - // process.env["EXHORT_DEBUG"] = "true" + process.env["TRUSTIFY_DA_PYTHON_VIRTUAL_ENV"] = "true" + // process.env["TRUSTIFY_DA_DEBUG"] = "true" expectedSbom = JSON.stringify(JSON.parse(expectedSbom), null, 4) // invoke sut stack analysis for scenario manifest let providedDataForStack = pythonPip.provideStack(`test/providers/tst_manifests/pip/${testCase}/requirements.txt`) diff --git a/test/tools.test.js b/test/tools.test.js index 969fa85..89d2e8f 100644 --- a/test/tools.test.js +++ b/test/tools.test.js @@ -43,17 +43,17 @@ suite('testing the various tools and utility functions', () => { }) suite('test the getCustomPath utility function', () => { - afterEach(() => delete process.env['EXHORT_DUMMY_PATH']) + afterEach(() => delete process.env['TRUSTIFY_DA_DUMMY_PATH']) test('when exists as environment variable and opts, return environment variables value', () => { - process.env['EXHORT_DUMMY_PATH'] = 'dummy-env-value' - let opts = { 'EXHORT_DUMMY_PATH': 'dummy-opts-value' } + process.env['TRUSTIFY_DA_DUMMY_PATH'] = 'dummy-env-value' + let opts = { 'TRUSTIFY_DA_DUMMY_PATH': 'dummy-opts-value' } let fetchedValue = getCustomPath('dummy', opts) expect(fetchedValue).to.equal('dummy-env-value') }) test('when no environment variable but exists as opts, return opts value', () => { - let opts = { 'EXHORT_DUMMY_PATH': 'dummy-opts-value' } + let opts = { 'TRUSTIFY_DA_DUMMY_PATH': 'dummy-opts-value' } let fetchedValue = getCustomPath('dummy', opts) expect(fetchedValue).to.equal('dummy-opts-value') })