feat: add a CLI option to print effective dep graphs

Author: nicarl

src/lib/snyk-test/common.ts

@@ -6,6 +6,7 @@ import config from '../config';
 import { color } from '../theme';
 import { Options } from '../types';
 import { ConcatStream } from '../stream';
+import { ContainerTarget, GitTarget } from '../project-metadata/types';
 
 export function assembleQueryString(options) {
   const org = options.org || config.org || null;
@@ -99,3 +100,37 @@ export async function printDepGraph(
 export function shouldPrintDepGraph(opts: Options): boolean {
   return opts['print-graph'] && !opts['print-deps'];
 }
+
+/**
+ * printEffectiveDepGraph writes the given, possibly pruned dep-graph and target file to the destination
+ * stream as a JSON object containing both depGraph, normalisedTargetFile and targetFile from plugin.
+ * This allows extracting the effective dep-graph which is being used for the test.
+ */
+export async function printEffectiveDepGraph(
+  depGraph: DepGraphData,
+  normalisedTargetFile: string,
+  targetFileFromPlugin: string | undefined,
+  target: GitTarget | ContainerTarget | null | undefined,
+  destination: Writable,
+): Promise<void> {
+  return new Promise((res, rej) => {
+    const effectiveGraphOutput = {
+      depGraph,
+      normalisedTargetFile,
+      targetFileFromPlugin,
+      target,
+    };
+
+    new ConcatStream(
+      new JsonStreamStringify(effectiveGraphOutput),
+      Readable.from('\n'),
+    )
+      .on('end', res)
+      .on('error', rej)
+      .pipe(destination);
+  });
+}
+
+export function shouldPrintEffectiveDepGraph(opts: Options): boolean {
+  return !!opts['print-effective-graph'];
+}

src/lib/snyk-test/run-test.ts

@@ -40,8 +40,10 @@ import {
   RETRY_ATTEMPTS,
   RETRY_DELAY,
   printDepGraph,
+  printEffectiveDepGraph,
   assembleQueryString,
   shouldPrintDepGraph,
+  shouldPrintEffectiveDepGraph,
 } from './common';
 import config from '../config';
 import * as analytics from '../analytics';
@@ -372,7 +374,10 @@ export async function runTest(
     // At this point managed ecosystems have dependency graphs printed.
     // Containers however require another roundtrip to get all the
     // dependency graph artifacts for printing.
-    if (!options.docker && shouldPrintDepGraph(options)) {
+    if (
+      !options.docker &&
+      (shouldPrintDepGraph(options) || shouldPrintEffectiveDepGraph(options))
+    ) {
       const results: TestResult[] = [];
       return results;
     }
@@ -853,6 +858,18 @@ async function assembleLocalPayloads(
       if (packageManager) {
         depGraph = await pruneGraph(depGraph, packageManager, pruneIsRequired);
       }
+
+      if (shouldPrintEffectiveDepGraph(options)) {
+        spinner.clear<void>(spinnerLbl)();
+        await printEffectiveDepGraph(
+          depGraph.toJSON(),
+          targetFile,
+          project.plugin.targetFile,
+          target,
+          process.stdout,
+        );
+      }
+
       body.depGraph = depGraph;
 
       const reqUrl =

src/lib/types.ts

@@ -67,6 +67,7 @@ export interface Options {
   'print-deps'?: boolean;
   'print-tree'?: boolean;
   'print-dep-paths'?: boolean;
+  'print-effective-graph'?: boolean;
   'remote-repo-url'?: string;
   criticality?: string;
   scanAllUnmanaged?: boolean;

test/jest/acceptance/print-effective-dep-graph.spec.ts

@@ -0,0 +1,209 @@
+import { fakeServer } from '../../acceptance/fake-server';
+import { createProjectFromFixture } from '../util/createProject';
+import { runSnykCLI } from '../util/runSnykCLI';
+import { getServerPort } from '../util/getServerPort';
+import * as path from 'path';
+
+jest.setTimeout(1000 * 30);
+
+describe('`test` command with `--print-effective-graph` option', () => {
+  let server;
+  let env: Record<string, string>;
+
+  beforeAll((done) => {
+    const port = getServerPort(process);
+    const baseApi = '/api/v1';
+    env = {
+      ...process.env,
+      SNYK_API: 'http://localhost:' + port + baseApi,
+      SNYK_HOST: 'http://localhost:' + port,
+      SNYK_TOKEN: '123456789',
+      SNYK_INTEGRATION_NAME: 'JENKINS',
+      SNYK_INTEGRATION_VERSION: '1.2.3',
+    };
+    server = fakeServer(baseApi, env.SNYK_TOKEN);
+    server.listen(port, () => {
+      done();
+    });
+  });
+
+  afterEach(() => {
+    server.restore();
+  });
+
+  afterAll((done) => {
+    server.close(() => {
+      done();
+    });
+  });
+
+  // test cases for `--print-effective-graph` option:
+  // effective graph for project with no deps
+  // effective graph for project with deps
+  // effective graph for project with deps and --all-projects
+
+  it('works for project with no deps', async () => {
+    const project = await createProjectFromFixture('print-graph-no-deps');
+    const { code, stdout } = await runSnykCLI('test --print-effective-graph', {
+      cwd: project.path(),
+      env,
+    });
+
+    expect(code).toEqual(0);
+
+    const jsonOutput = JSON.parse(stdout);
+
+    expect(jsonOutput.normalisedTargetFile).toBe('package.json');
+    expect(jsonOutput.depGraph).toMatchObject({
+      pkgManager: {
+        name: 'npm',
+      },
+      pkgs: [
+        {
+          id: '[email protected]',
+          info: {
+            name: 'print-graph-no-deps',
+            version: '1.0.0',
+          },
+        },
+      ],
+      graph: {
+        rootNodeId: 'root-node',
+        nodes: [
+          {
+            nodeId: 'root-node',
+            pkgId: '[email protected]',
+            deps: [],
+          },
+        ],
+      },
+    });
+  });
+
+  it('works for project with dep', async () => {
+    const project = await createProjectFromFixture(
+      'npm/with-vulnerable-lodash-dep',
+    );
+    server.setCustomResponse(
+      await project.readJSON('test-dep-graph-result.json'),
+    );
+    const { code, stdout } = await runSnykCLI('test --print-effective-graph', {
+      cwd: project.path(),
+      env,
+    });
+
+    expect(code).toEqual(0);
+
+    const jsonOutput = JSON.parse(stdout);
+
+    expect(jsonOutput.normalisedTargetFile).toBe('package-lock.json');
+
+    expect(jsonOutput.depGraph).toMatchObject({
+      pkgManager: {
+        name: 'npm',
+      },
+      pkgs: [
+        {
+          id: '[email protected]',
+          info: {
+            name: 'with-vulnerable-lodash-dep',
+            version: '1.2.3',
+          },
+        },
+        {
+          id: '[email protected]',
+          info: {
+            name: 'lodash',
+            version: '4.17.15',
+          },
+        },
+      ],
+      graph: {
+        rootNodeId: 'root-node',
+        nodes: [
+          {
+            nodeId: 'root-node',
+            pkgId: '[email protected]',
+            deps: [
+              {
+                nodeId: '[email protected]',
+              },
+            ],
+          },
+          {
+            nodeId: '[email protected]',
+            pkgId: '[email protected]',
+            deps: [],
+            info: {
+              labels: {
+                scope: 'prod',
+              },
+            },
+          },
+        ],
+      },
+    });
+  });
+
+  it('works with `--all-projects`', async () => {
+    const project = await createProjectFromFixture(
+      'print-graph-multiple-projects',
+    );
+    const { code, stdout } = await runSnykCLI(
+      'test --all-projects --print-effective-graph',
+      {
+        cwd: project.path(),
+        env,
+      },
+    );
+
+    expect(code).toEqual(0);
+
+    // With --all-projects, we get JSONL format (each JSON object on its own line)
+    const lines = stdout
+      .trim()
+      .split('\n')
+      .filter((line) => line.trim());
+    expect(lines.length).toBeGreaterThan(0);
+
+    const jsonOutputFirstProject = JSON.parse(lines[0]);
+
+    expect(jsonOutputFirstProject).toHaveProperty('depGraph');
+    expect(jsonOutputFirstProject).toHaveProperty('normalisedTargetFile');
+
+    // The first project should be processed
+    expect(jsonOutputFirstProject.depGraph).toMatchObject({
+      pkgManager: {
+        name: 'npm',
+      },
+      pkgs: expect.arrayContaining([
+        expect.objectContaining({
+          info: expect.objectContaining({
+            name: expect.stringMatching(/proj[12]/),
+          }),
+        }),
+      ]),
+      graph: {
+        rootNodeId: 'root-node',
+        nodes: expect.any(Array),
+      },
+    });
+    expect(jsonOutputFirstProject.normalisedTargetFile).toBe(
+      path.join('proj1', 'package.json'),
+    );
+
+    const jsonOutputSecondProject = JSON.parse(lines[1]);
+
+    expect(jsonOutputSecondProject).toHaveProperty('depGraph');
+    expect(jsonOutputSecondProject).toHaveProperty('normalisedTargetFile');
+
+    expect(jsonOutputSecondProject.depGraph).toMatchObject({
+      pkgManager: {
+        name: 'npm',
+      },
+    });
+    expect(jsonOutputSecondProject.normalisedTargetFile).toBe(
+      path.join('proj2', 'package.json'),
+    );
+  });
+});