feature: add new function validateToken to check providers tokens

fix: fix maven artifacts' versions sometimes interpreted as integer instead of string

Signed-off-by: Zvi Grinberg <[email protected]>

Author: zvigrinberg

src/analysis.js

@@ -1,6 +1,6 @@
 import {getCustom} from "./tools.js";
 
-export default { requestComponent, requestStack }
+export default { requestComponent, requestStack, validateToken }
 
 /**
  * Send a stack analysis request and get the report as 'text/html' or 'application/json'.
@@ -47,6 +47,23 @@ async function requestComponent(provider, data, url, opts = {}) {
 	return resp.json()
 }
 
+/**
+ *
+ * @param url the backend url to send the request to
+ * @param {{}} [opts={}] - optional various options to pass headers for t he validateToken Request
+ * @return {Promise<number>} return the HTTP status Code of the response from the validate token request.
+ */
+async function validateToken(url, opts = {}) {
+	let resp = await fetch(`${url}/api/v3/token`, {
+		method: 'GET',
+		headers: {
+			// 'Accept': 'text/plain',
+			...getTokenHeaders(opts),
+		}
+	})
+	return resp.status
+}
+
 /**
  * Utility function for fetching vendor tokens
  * @param {{}} [opts={}] - optional various options to pass along the application

src/index.js

@@ -4,7 +4,7 @@ import analysis from './analysis.js'
 import fs from 'node:fs'
 import {getCustom} from "./tools.js";
 
-export default { AnalysisReport, componentAnalysis, stackAnalysis }
+export default { AnalysisReport, componentAnalysis, stackAnalysis, validateToken }
 
 /**
  * @type {string} backend url to send requests to
@@ -42,3 +42,7 @@ async function componentAnalysis(manifestType, data, opts = {}) {
 	let provider = match(manifestType, availableProviders) // throws error if no matching provider
 	return await analysis.requestComponent(provider, data, url, opts) // throws error request sending failed
 }
+
+async function validateToken(opts = {}) {
+	return await analysis.validateToken(url, opts) // throws error request sending failed
+}

src/providers/java_maven.js

@@ -265,7 +265,7 @@ function getDependencies(manifest) {
 		ignored.push({
 			groupId: dep['groupId'],
 			artifactId: dep['artifactId'],
-			version: dep['version'] ? dep['version'] : '*',
+			version: dep['version'] ? dep['version'].toString() : '*',
 			scope: '*',
 			ignore: ignore
 		})

test/analysis.test.js

@@ -20,6 +20,19 @@ function interceptAndRun(handler, test) {
 	};
 }
 
+function determineResponse(req, res, ctx) {
+	let response
+	if (req.headers.get("ex-snyk-token") === null) {
+		response = res(ctx.status(400));
+
+	} else if (req.headers.get("ex-snyk-token") === "good-dummy-token") {
+		response = res(ctx.status(200));
+	} else {
+		response = res(ctx.status(401));
+	}
+	return response
+}
+
 suite('testing the analysis module for sending api requests', () => {
 	let backendUrl = 'http://url.lru' // dummy backend url will be used for fake server
 	// fake provided data, in prod will be provided by the provider and used for creating requests
@@ -97,6 +110,54 @@ suite('testing the analysis module for sending api requests', () => {
 			}
 		))
 	})
+	suite('testing the validateToken function', () => {
+
+		test('invoking validateToken function with good token', interceptAndRun(
+			// interception route, will return ok response for our fake content type
+			rest.get(`${backendUrl}/api/v3/token`, (req, res, ctx) => {
+				return determineResponse(req, res, ctx);
+
+			}),
+			async () => {
+				let options = {
+					'EXHORT_SNYK_TOKEN': 'good-dummy-token'
+				}
+				// verify response as expected
+				let res = await analysis.validateToken(backendUrl, options)
+				expect(res).to.equal(200)
+			}
+		))
+		test('invoking validateToken function with bad token', interceptAndRun(
+			// interception route, will return ok response for our fake content type
+			rest.get(`${backendUrl}/api/v3/token`, (req, res, ctx) => {
+				return determineResponse(req, res, ctx);
+
+			}),
+			async () => {
+				let options = {
+					'EXHORT_SNYK_TOKEN': 'bad-dummy-token'
+				}
+				// verify response as expected
+				let res = await analysis.validateToken(backendUrl, options)
+				expect(res).to.equal(401)
+			}
+		))
+		test('invoking validateToken function without token', interceptAndRun(
+			// interception route, will return ok response for our fake content type
+			rest.get(`${backendUrl}/api/v3/token`, (req, res, ctx) => {
+				return determineResponse(req, res, ctx);
+
+			}),
+			async () => {
+				let options = {
+				}
+				// verify response as expected
+				let res = await analysis.validateToken(backendUrl, options)
+				expect(res).to.equal(400)
+			}
+		))
+
+	})
 
 	suite('verify environment variables to token headers mechanism', () => {
 		let fakeManifest = 'fake-file.typ'

test/providers/java_maven.test.js

@@ -1,6 +1,7 @@
 import { expect } from 'chai'
 import fs from 'fs'
 import sinon from "sinon";
+// import exhort from "../../src/index.js"
 
 
 
@@ -27,6 +28,19 @@ suite('testing the java-maven data provider', () => {
 		"poms_deps_with_no_ignore_long"
 	].forEach(testCase => {
 		let scenario = testCase.replace('pom_deps_', '').replaceAll('_', ' ')
+		// test(`custom adhoc test`, async () => {
+		//
+		// 	let options = {
+		// 		'EXHORT_SNYK_TOKEN': 'insert-token'
+		// 	}
+		// 	let httpStatus = await exhort.validateToken(options);
+		//
+		// 	let pom = fs.readFileSync(`/tmp/exhort-maven/pom.xml`,).toString().trim()
+		// 	let analysisReport = await exhort.componentAnalysis("pom.xml", pom);
+		// 	console.log(analysisReport)
+		// 	analysisReport = await exhort.stackAnalysis(`/tmp/exhort-maven/pom.xml`,true);
+		// 	console.log(analysisReport)
+		// }).timeout(process.env.GITHUB_ACTIONS ? 30000 : 5000)
 
 		test(`verify maven data provided for stack analysis with scenario ${scenario}`, async () => {
 			// load the expected graph for the scenario