Merge pull request #965 from snyk/feat/cocopoads-all-projects

feat: enable cocoapods for --all-projects scanning

src/cli/commands/monitor/index.ts

@@ -56,7 +56,6 @@ async function monitor(...args0: MethodArgs): Promise<any> {
   if (typeof args[args.length - 1] === 'object') {
     options = (args.pop() as ArgsOptions) as MonitorOptions;
   }
-
   args = args.filter(Boolean);
 
   // populate with default path (cwd) if no path given
@@ -85,9 +84,15 @@ async function monitor(...args0: MethodArgs): Promise<any> {
     debug(`Processing ${path}...`);
     try {
       await validateMonitorPath(path, options.docker);
-      const guessedPackageManager = detect.detectPackageManager(path, options);
-      const analysisType =
-        (options.docker ? 'docker' : guessedPackageManager) || 'all';
+      let analysisType = 'all';
+      let packageManager;
+      if (options.allProjects) {
+        analysisType = 'all';
+      } else if (options.docker) {
+        analysisType = 'docker';
+      } else {
+        packageManager = detect.detectPackageManager(path, options);
+      }
 
       const targetFile =
         !options.scanAllUnmanaged && options.docker && !options.file // snyk monitor --docker (without --file)
@@ -100,7 +105,10 @@ async function monitor(...args0: MethodArgs): Promise<any> {
       );
 
       const analyzingDepsSpinnerLabel =
-        'Analyzing ' + analysisType + ' dependencies for ' + displayPath;
+        'Analyzing ' +
+        (packageManager ? packageManager : analysisType) +
+        ' dependencies for ' +
+        displayPath;
 
       await spinner(analyzingDepsSpinnerLabel);
 
@@ -115,7 +123,7 @@ async function monitor(...args0: MethodArgs): Promise<any> {
         getDepsFromPlugin(path, {
           ...options,
           path,
-          packageManager: guessedPackageManager,
+          packageManager,
         }),
         spinner.clear(analyzingDepsSpinnerLabel),
       );

src/lib/detect.ts

@@ -41,6 +41,8 @@ export const AUTO_DETECTABLE_FILES: string[] = [
   'packages.config',
   'project.json',
   'project.assets.json',
+  'Podfile',
+  'Podfile.lock',
 ];
 
 // when file is specified with --file, we look it up here

src/lib/find-files.ts

@@ -193,6 +193,12 @@ function chooseBestManifest(
       )[0];
       return defaultManifest.path;
     }
+    case 'cocoapods': {
+      const defaultManifest = files.filter((path) =>
+        ['Podfile'].includes(path.base),
+      )[0];
+      return defaultManifest.path;
+    }
     default: {
       return null;
     }

src/lib/types.ts

@@ -80,6 +80,7 @@ export interface MonitorOptions {
   'print-deps'?: boolean;
   'experimental-dep-graph'?: boolean;
   scanAllUnmanaged?: boolean;
+  allProjects?: boolean;
   // An experimental flag to allow monitoring of bigtrees (with degraded deps info and remediation advice).
   'prune-repeated-subdependencies'?: boolean;
 }

test/acceptance/cli-monitor/cli-monitor.all-projects.spec.ts

@@ -269,5 +269,35 @@ export const AllProjectsTests: AcceptanceTests = {
         'sends version number',
       );
     },
+    '`monitor monorepo-with-nuget with Cocoapods --all-projects and without same meta`': (
+      params,
+      utils,
+    ) => async (t) => {
+      utils.chdirWorkspaces();
+      const spyPlugin = sinon.spy(params.plugins, 'loadPlugin');
+      t.teardown(spyPlugin.restore);
+
+      await params.cli.monitor('monorepo-with-nuget/src/cocoapods-app', {
+        allProjects: true,
+      });
+      // Pop all calls to server and filter out calls to `featureFlag` endpoint
+      const [cocoapodsAll] = params.server
+        .popRequests(1)
+        .filter((req) => req.url.includes('/monitor/'));
+
+      // Cocoapods
+      await params.cli.monitor('monorepo-with-nuget/src/cocoapods-app', {
+        file: 'Podfile',
+      });
+      const [requestsCocoapods] = params.server
+        .popRequests(1)
+        .filter((req) => req.url.includes('/monitor/'));
+
+      t.deepEqual(
+        cocoapodsAll.body,
+        requestsCocoapods.body,
+        'Same body for --all-projects and --file=src/cocoapods-app/Podfile',
+      );
+    },
   },
 };

test/acceptance/cli-test/cli-test.all-projects.spec.ts

@@ -396,11 +396,16 @@ export const AllProjectsTests: AcceptanceTests = {
           allProjects: true,
           detectionDepth: 4,
         });
+        t.ok(
+          spyPlugin.withArgs('cocoapods').callCount,
+          1,
+          'calls cocoapods plugin',
+        );
         t.ok(spyPlugin.withArgs('nuget').callCount, 2, 'calls nuget plugin');
         t.ok(spyPlugin.withArgs('npm').calledOnce, 'calls npm plugin');
         t.match(
           res,
-          /Tested 3 projects, no vulnerable paths were found./,
+          /Tested 4 projects, no vulnerable paths were found./,
           'Two projects tested',
         );
         t.match(
@@ -420,6 +425,17 @@ export const AllProjectsTests: AcceptanceTests = {
           'Nuget project targetFile is as expected',
         );
         t.match(res, 'Package manager:   nuget', 'Nuget package manager');
+
+        t.match(
+          res,
+          `Target file:       src${path.sep}cocoapods-app${path.sep}Podfile`,
+          'Cocoapods project targetFile is as expected',
+        );
+        t.match(
+          res,
+          'Package manager:   cocoapods',
+          'cocoapods package manager',
+        );
       } catch (err) {
         t.fail('expected to pass');
       }

test/acceptance/workspaces/monorepo-with-nuget/src/cocoapods-app/Podfile

@@ -0,0 +1,4 @@
+target 'SampleApp' do
+  platform :ios, '6.0'
+  pod 'Reachability', '3.1.0'
+end

test/acceptance/workspaces/monorepo-with-nuget/src/cocoapods-app/Podfile.lock

@@ -0,0 +1,14 @@
+PODS:
+  - Reachability (3.1.0)
+
+DEPENDENCIES:
+  - Reachability (= 3.1.0)
+
+SPEC REPOS:
+  trunk:
+    - Reachability
+
+SPEC CHECKSUMS:
+  Reachability: 3c8fe9643e52184d17f207e781cd84158da8c02b
+
+PODFILE CHECKSUM: eef52b2296b88c87f94cf0f232f010176b9f11cd