diff --git a/.circleci/config.yml b/.circleci/config.yml index ed16ea8b..17af4cc8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,15 +4,31 @@ jobs: docker: - image: circleci/node:12 steps: + - restore_cache: + keys: + - v1-{{ .Branch }}-{{ .Revision }} + - v1-{{ .Branch }} + - v1- - checkout - run: name: Install command: npm install + - save_cache: + key: v1-{{ .Branch }}-{{ .Revision }} + paths: + - node_modules + - .git - run: npm run test + release: docker: - image: circleci/node:12 steps: + - restore_cache: + keys: + - v1-{{ .Branch }}-{{ .Revision }} + - v1-{{ .Branch }} + - v1- - checkout - run: name: Install @@ -22,21 +38,14 @@ jobs: command: npx semantic-release workflows: - version: 2 - test: + default_workflow: jobs: - test: - name: Test - #context: nodejs-install - filters: - branches: - ignore: - - master - release: - jobs: + context: nodejs-install - release: - name: Release - #context: nodejs-lib-release + context: nodejs-lib-release + requires: + - test filters: branches: only: diff --git a/CHANGELOG.md b/CHANGELOG.md index f330a3c3..1e6011b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,5 @@ +## [2.2.0] - 2021-01-28 +- @deepcode/tsc is transitioning to @snyk/code-client ## [2.1.0] - 2021-01-05 - Added file field to marker positions for inte-file suggestions diff --git a/LICENSE b/LICENSE index 22d5738d..f088e76c 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2020 DeepCodeAI +Copyright (c) 2020 Snyk Ltd. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 2f59f963..1c650890 100644 --- a/README.md +++ b/README.md @@ -2,15 +2,13 @@ Typescript consumer of public API -[![deepcode](https://www.deepcode.ai/api/gh/badge?key=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwbGF0Zm9ybTEiOiJnaCIsIm93bmVyMSI6IkRlZXBDb2RlQUkiLCJyZXBvMSI6InRzYyIsImluY2x1ZGVMaW50IjpmYWxzZSwiYXV0aG9ySWQiOjEyNDY5LCJpYXQiOjE1OTYwOTY3MTJ9.I7rfzfZLPc-SMEModrFPFTMbKpnCkQ5ztPzrPOdruhU)](https://www.deepcode.ai/app/gh/DeepCodeAI/tsc/_/dashboard?utm_content=gh%2FDeepCodeAI%2Ftsc) - -[![npm version](https://img.shields.io/npm/v/@deepcode/tsc.svg?style=flat-square)](https://www.npmjs.org/package/@deepcode/tsc) -[![npm downloads](https://img.shields.io/npm/dm/@deepcode/tsc.svg?style=flat-square)](http://npm-stat.com/charts.html?package=@deepcode/tsc) +[![npm version](https://img.shields.io/npm/v/@snyk/code-client.svg?style=flat-square)](https://www.npmjs.org/package/@snyk/code-client) +[![npm downloads](https://img.shields.io/npm/dm/@snyk/code-client.svg?style=flat-square)](http://npm-stat.com/charts.html?package=@snyk/code-client) # Installation ```shell script -$ npm install --save @deepcode/tsc +$ npm install --save @snyk/code-client ``` # Usage @@ -18,11 +16,10 @@ $ npm install --save @deepcode/tsc ### Creates and initializes an instance ```javascript -import tsc from '@deepcode/tsc'; +import tsc from '@snyk/code-client'; // An address of server which will be used in order to send code and analyse it. -// Default: 'https://www.deepcode.ai'. -const baseURL = 'https://www.deepcode.ai'; +const baseURL = 'https://www.snyk.io'; ``` @@ -31,7 +28,7 @@ const baseURL = 'https://www.deepcode.ai'; ```javascript const loginResponse = await tsc.startSession({ baseURL, - // An identificator for the editor using the DeepCode APIs + // An identificator for the editor using the Snyk APIs source: 'atom', }); diff --git a/development.md b/development.md index 67a26cb3..645df8a9 100644 --- a/development.md +++ b/development.md @@ -9,7 +9,7 @@ $ npm install && npm run compile && npx yalc publish After that you have to create symlink to your package in your project folder: ```shell script $ cd -$ npx yalc add @deepcode/tsc +$ npx yalc add @snyk/code-client ``` ## Publishing @@ -17,20 +17,16 @@ $ npx yalc add @deepcode/tsc ### Before publishing make sure test pass Test variables: -- `DEEPCODE_URL` is the DC server URL (staging deployment if not provided) -- `DEEPCODE_API_KEY` is a sessionToken of a user with access to the DeepCodeAI organization -- `DEEPCODE_API_KEY_NO_ACCESS` is a sessionToken of a user with no access to the DeepCodeAI organization (even better if on a different platform than GitHub) -- `DEEPCODE_OAUTH_KEY` is a GitHub personal access token of a user with access to the DeepCodeAI organization +- `SNYK_URL` is the DC server URL (staging deployment if not provided) +- `SNYK_API_KEY` is a sessionToken of a user with access to the Snyk +- `SNYK_API_KEY_NO_ACCESS` is a sessionToken of a user with no access to the snyk organization (even better if on a different platform than GitHub) +- `SNYK_OAUTH_KEY` is a GitHub personal access token of a user with access to the snyk organization ```shell script $ cd -$ DEEPCODE_URL=... DEEPCODE_API_KEY=... DEEPCODE_API_KEY_NO_ACCESS=... DEEPCODE_AUTH_KEY=... npm run test +$ SNYK_URL=... SNYK_API_KEY=... SNYK_API_KEY_NO_ACCESS=... SNYK_AUTH_KEY=... npm run test ``` #### Compile and publish -```shell script -$ cd -$ npm run compile -$ npm publish --access public -``` +No need to do anything. We have CircleCI CI/CD pipeline with automatic semantic versioning diff --git a/package.json b/package.json index d8bf74c6..41a5d42e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { - "name": "@deepcode/tsc", - "description": "Typescript consumer of Deepcode public API", + "name": "@snyk/code-client", + "description": "Typescript consumer of SnykCode public API", "main": "dist/index.js", "module": "dist/index.es.js", "types": "dist/index.d.ts", @@ -16,18 +16,18 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/DeepCodeAI/tsc.git" + "url": "git+https://github.com/snyk/code-client.git" }, "keywords": [ - "deepcode", + "snyk", "api client" ], - "author": "DeepCodeAI", + "author": "snyk", "license": "MIT", "bugs": { - "url": "https://github.com/DeepCodeAI/tsc/issues" + "url": "https://github.com/snyk/code-client/issues" }, - "homepage": "https://github.com/DeepCodeAI/tsc#readme", + "homepage": "https://github.com/snyk/code-client#readme", "jest": { "preset": "ts-jest", "testEnvironment": "node" diff --git a/tests/analysis.spec.ts b/tests/analysis.spec.ts index 2883c3c8..bc45bddf 100644 --- a/tests/analysis.spec.ts +++ b/tests/analysis.spec.ts @@ -48,7 +48,7 @@ describe('Functional test of analysis', () => { expect(bundle).toHaveProperty('supportedFiles'); expect(bundle).toHaveProperty('analysisURL'); expect(Object.keys(bundle.analysisResults.files).length).toEqual(4); - expect(Object.keys(bundle.analysisResults.files)[0]).toEqual(`${sampleProjectPath}/AnnotatorTest.cpp`); + expect(bundle.analysisResults.files.hasOwnProperty(`${sampleProjectPath}/AnnotatorTest.cpp`)).toBeTruthy(); expect(Object.keys(bundle.analysisResults.suggestions).length).toEqual(8); expect(bundle.analysisResults.timing.analysis).toBeGreaterThanOrEqual(bundle.analysisResults.timing.fetchingCode); diff --git a/tests/api.spec.ts b/tests/api.spec.ts index 45bfdf40..1a0bc867 100644 --- a/tests/api.spec.ts +++ b/tests/api.spec.ts @@ -360,29 +360,38 @@ describe('Requests to public API', () => { 'exampleCommitDescriptions', 'exampleCommitFixes', ]); - expect(suggestion.id).toEqual('cpp%2Fdc%2FCppSameEvalBinaryExpressionfalse'); - expect(suggestion.leadURL).toEqual(''); - expect(suggestion.repoDatasetSize).toEqual(0); - expect(suggestion.exampleCommitDescriptions).toEqual([]); - expect(suggestion.exampleCommitFixes).toEqual([]); + expect(suggestion.id).toEqual('javascript%2Fdc_interfile_project%2FDisablePoweredBy'); + expect(suggestion.leadURL).toEqual('http://expressjs.com/en/advanced/best-practice-security.html#at-a-minimum-disable-x-powered-by-header'); + expect(suggestion.repoDatasetSize).toEqual(874); + expect(suggestion.exampleCommitDescriptions).toEqual([ + "Test without express", + "/server tests ()", + "secure the api with helmet", + ]); + expect(suggestion.exampleCommitFixes.length).toEqual(3); expect(suggestion.message).toEqual( - 'The expression will always evaluate to false because both sides always hold the same value.', + 'Disable X-Powered-By header for your Express app (consider using Helmet middleware), because it exposes information about the used framework to potential attackers.', ); - expect(suggestion.rule).toEqual('CppSameEvalBinaryExpressionfalse'); + expect(suggestion.rule).toEqual('DisablePoweredBy'); expect(suggestion.severity).toEqual(2); - expect(suggestion.tags).toEqual([]); + expect(suggestion.tags).toEqual([ + "maintenance", + "express", + "server", + "helmet", + ]); expect(Object.keys(response.value.analysisResults.files).length).toEqual(4); const filePath = `/AnnotatorTest.cpp`; expect(response.value.analysisResults.files[filePath]).toEqual({ - '0': [ + '2': [ { cols: [8, 27], markers: [], rows: [5, 5], }, ], - '1': [ + '3': [ { cols: [6, 25], markers: [ diff --git a/tests/constants/base.ts b/tests/constants/base.ts index 78e8db8a..72965a0d 100644 --- a/tests/constants/base.ts +++ b/tests/constants/base.ts @@ -1,3 +1,3 @@ -export const baseURL = process.env.DEEPCODE_URL || 'https://www.deepcoded.com'; -export const sessionToken = process.env.DEEPCODE_API_KEY || ''; +export const baseURL = process.env.SNYK_URL || 'https://www.deepcoded.com'; +export const sessionToken = process.env.SNYK_API_KEY || ''; export const TEST_TIMEOUT = 100000; diff --git a/tests/git.analysis.spec.ts b/tests/git.analysis.spec.ts index 31f9f0ac..262fcef1 100644 --- a/tests/git.analysis.spec.ts +++ b/tests/git.analysis.spec.ts @@ -9,8 +9,8 @@ import { ErrorCodes } from '../src/constants'; import { IGitBundle } from '../src/interfaces/analysis-result.interface'; import { stringSplice, getArgumentsAndMessage } from '../src/sarif_converter'; -const oAuthToken = process.env.DEEPCODE_OAUTH_KEY || ''; -const sessionTokenNoRepoAccess = process.env.DEEPCODE_API_KEY_NO_ACCESS || ''; +const oAuthToken = process.env.SNYK_OAUTH_KEY || ''; +const sessionTokenNoRepoAccess = process.env.SNYK_API_KEY_NO_ACCESS || ''; // This trick is for automatic tests, where real oauth token is not available const itif = (condition: boolean) => (condition ? it : it.skip);