feat: extra sbom npm,nuget,unmanaged args (#4879)

test/fixtures/nuget-assets-name/project.assets.json

@@ -0,0 +1,29 @@
+{
+    "version": 3,
+    "targets": {
+        "Microsoft.NETCore.App/2.0.0": {
+            "Knockout.Validation/1.0.1": {
+                "dependencies": {
+                    "knockoutjs": "2.3.0",
+                    "jQuery": "1.10.2"
+                }
+            }
+        }
+    },
+    "libraries": {
+        "knockoutjs/2.3.0": {},
+        "Knockout.Validation/1.0.1": {},
+        "jQuery/1.10.2": {}
+    },
+    "project": {
+        "version": "2.2.2",
+        "frameworks": {
+            "netcoreapp2.0": {
+                "projectReferences": {}
+            }
+        },
+        "restore": {
+            "projectName": "foo-bar"
+        }
+    }
+}

test/fixtures/nuget-with-packages-config/packages.config

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="Antlr" version="3.4.1.9004" targetFramework="net45" />
+  <!-- following packages have nuspecs in utf-16 LE encoding -->
+  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
+  <package id="Swagger.Net" version="0.5.5" targetFramework="net45" />
+  <!-- end of utf-16 LE encoding -->
+</packages>

test/fixtures/nuget-with-packages-config/packages/Swagger.Net.0.5.5/content/App_Start/SwaggerNet.cs.pp

@@ -0,0 +1,42 @@
+using System;
+using System.IO;
+using System.Web;
+using System.Web.Http;
+using System.Web.Http.Description;
+using System.Web.Http.Dispatcher;
+using System.Web.Routing;
+using Swagger.Net;
+
+[assembly: WebActivator.PreApplicationStartMethod(typeof($rootnamespace$.App_Start.SwaggerNet), "PreStart")]
+[assembly: WebActivator.PostApplicationStartMethod(typeof($rootnamespace$.App_Start.SwaggerNet), "PostStart")]
+namespace $rootnamespace$.App_Start 
+{
+    public static class SwaggerNet 
+    {
+        public static void PreStart() 
+        {
+            RouteTable.Routes.MapHttpRoute(
+                name: "SwaggerApi",
+                routeTemplate: "api/docs/{controller}",
+                defaults: new { swagger = true }
+            );            
+        }
+
+        public static void PostStart() 
+        {
+            var config = GlobalConfiguration.Configuration;
+
+            config.Filters.Add(new SwaggerActionFilter());
+
+            try
+            {
+                config.Services.Replace(typeof(IDocumentationProvider),
+                    new XmlCommentDocumentationProvider(HttpContext.Current.Server.MapPath("~/bin/$rootnamespace$.XML")));
+            }
+            catch (FileNotFoundException)
+            {
+                throw new Exception("Please enable \"XML documentation file\" in project properties with default (bin\\$rootnamespace$.XML) value or edit value in App_Start\\SwaggerNet.cs");
+            }
+        }
+    }
+}

test/fixtures/unmanaged/extraction/main.cpp

@@ -0,0 +1,7 @@
+#include <iostream>
+#include "add.h"
+
+int main() {
+  std::cout << "The sum of 3 and 4 is " << add(3, 4) << '\n';
+  return 0;
+}

test/jest/acceptance/snyk-sbom/npm-options.spec.ts

@@ -0,0 +1,77 @@
+import { fakeServer } from '../../../acceptance/fake-server';
+import { createProjectFromWorkspace } from '../../util/createProject';
+import { runSnykCLI } from '../../util/runSnykCLI';
+
+jest.setTimeout(1000 * 60 * 5);
+
+describe('snyk sbom: npm options (mocked server only)', () => {
+  let server;
+  let env: Record<string, string>;
+
+  beforeAll((done) => {
+    const port = process.env.PORT || process.env.SNYK_PORT || '58584';
+    const baseApi = '/api/v1';
+    env = {
+      ...process.env,
+      SNYK_API: 'http://localhost:' + port + baseApi,
+      SNYK_HOST: 'http://localhost:' + port,
+      SNYK_TOKEN: '123456789',
+      SNYK_DISABLE_ANALYTICS: '1',
+    };
+    server = fakeServer(baseApi, env.SNYK_TOKEN);
+    server.listen(port, () => {
+      done();
+    });
+  });
+
+  afterEach(() => {
+    jest.resetAllMocks();
+    server.restore();
+  });
+
+  afterAll((done) => {
+    server.close(() => {
+      done();
+    });
+  });
+
+  test('`sbom --strict-out-of-sync=false` generates an SBOM for the NPM project by NOT preventing scanning out-of-sync NPM lockfiles.', async () => {
+    const project = await createProjectFromWorkspace('npm-out-of-sync');
+
+    const { code, stdout } = await runSnykCLI(
+      `sbom --org aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee --format cyclonedx1.4+json --strict-out-of-sync=false --debug`,
+      {
+        cwd: project.path(),
+        env,
+      },
+    );
+    let bom;
+
+    expect(code).toEqual(0);
+    expect(() => {
+      bom = JSON.parse(stdout);
+    }).not.toThrow();
+    expect(bom.metadata.component.name).toEqual('npm-package');
+    expect(bom.components).toHaveLength(3);
+  });
+
+  test('`sbom --strict-out-of-sync=true` fails to generate an SBOM for the NPM project because out-of-sync NPM lockfiles.', async () => {
+    const project = await createProjectFromWorkspace('npm-out-of-sync');
+
+    const { code, stdout, stderr } = await runSnykCLI(
+      `sbom --org aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee --format cyclonedx1.4+json --strict-out-of-sync=true --debug`,
+      {
+        cwd: project.path(),
+        env,
+      },
+    );
+
+    expect(code).toEqual(2);
+    expect(stdout).toContain(
+      'An error occurred while running the underlying analysis needed to generate the SBOM.',
+    );
+    expect(stderr).toContain(
+      'OutOfSyncError: Dependency snyk was not found in package-lock.json.',
+    );
+  });
+});

test/jest/acceptance/snyk-sbom/nuget-options.spec.ts

@@ -0,0 +1,85 @@
+import * as path from 'path';
+
+import { fakeServer } from '../../../acceptance/fake-server';
+import { createProjectFromFixture } from '../../util/createProject';
+import { runSnykCLI } from '../../util/runSnykCLI';
+
+jest.setTimeout(1000 * 60 * 5);
+
+describe('snyk sbom: nuget options (mocked server only)', () => {
+  let server;
+  let env: Record<string, string>;
+
+  beforeAll((done) => {
+    const port = process.env.PORT || process.env.SNYK_PORT || '58584';
+    const baseApi = '/api/v1';
+    env = {
+      ...process.env,
+      SNYK_API: 'http://localhost:' + port + baseApi,
+      SNYK_HOST: 'http://localhost:' + port,
+      SNYK_TOKEN: '123456789',
+      SNYK_DISABLE_ANALYTICS: '1',
+    };
+    server = fakeServer(baseApi, env.SNYK_TOKEN);
+    server.listen(port, () => {
+      done();
+    });
+  });
+
+  afterEach(() => {
+    jest.resetAllMocks();
+    server.restore();
+  });
+
+  afterAll((done) => {
+    server.close(() => {
+      done();
+    });
+  });
+
+  test('`sbom --assets-project-name` generates an SBOM for the NuGet project by using the project name in project.assets.json if found', async () => {
+    const project = await createProjectFromFixture('nuget-assets-name');
+
+    const { code, stdout } = await runSnykCLI(
+      `sbom --org aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee --format cyclonedx1.4+json --assets-project-name --debug`,
+      {
+        cwd: project.path(),
+        env,
+      },
+    );
+    let bom;
+
+    expect(code).toEqual(0);
+    expect(() => {
+      bom = JSON.parse(stdout);
+    }).not.toThrow();
+    expect(bom.metadata.component.name).toEqual('foo-bar');
+    expect(bom.components).toHaveLength(1);
+  });
+
+  test('`sbom --packages-folder=...` generates an SBOM for the NuGet project by specifying a custom path to the packages folder.', async () => {
+    const project = await createProjectFromFixture(
+      'nuget-with-packages-config',
+    );
+
+    const { code, stdout } = await runSnykCLI(
+      `sbom --org aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee --format cyclonedx1.4+json --packages-folder=${path.join(
+        project.path(),
+        'packages',
+      )} --debug`,
+      {
+        cwd: project.path(),
+        env,
+      },
+    );
+
+    let bom;
+
+    expect(code).toEqual(0);
+    expect(() => {
+      bom = JSON.parse(stdout);
+    }).not.toThrow();
+    expect(bom.metadata.component.name).toEqual('nuget-with-packages-config');
+    expect(bom.components).toHaveLength(5);
+  });
+});

test/jest/acceptance/snyk-sbom/unmanaged-options.spec.ts

@@ -0,0 +1,30 @@
+import { runSnykCLI } from '../../util/runSnykCLI';
+import { createProjectFromFixture } from '../../util/createProject';
+import * as path from 'path';
+
+jest.setTimeout(1000 * 60 * 5);
+
+describe('snyk sbom: unmanaged options', () => {
+  test('`sbom --max-depth=1` generates an SBOM includind the dependencies within the archive', async () => {
+    const project = await createProjectFromFixture(
+      path.join('unmanaged', 'extraction'),
+    );
+
+    const { code, stdout } = await runSnykCLI(
+      `sbom --unmanaged --max-depth=1 --format=cyclonedx1.4+json --org=${process.env.TEST_SNYK_ORG_SLUGNAME} --debug`,
+      {
+        cwd: project.path(),
+      },
+    );
+
+    expect(code).toEqual(0);
+
+    let sbom;
+    expect(() => {
+      sbom = JSON.parse(stdout);
+    }).not.toThrow();
+
+    expect(sbom.metadata.component.name).toEqual('root-node');
+    expect(sbom.components.length).toBeGreaterThanOrEqual(1);
+  });
+});