Merge pull request #106 from snyk/feat/update-java-call-graph-builder…

…-version feat: update java-call-graph-builder version.
snyk · May 6, 2021 · ccdee5c · ccdee5c
2 parents 6687d19 + e444f7c
commit ccdee5c
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 1 deletion.
diff --git a/lib/index.ts b/lib/index.ts
@@ -166,6 +166,7 @@ export async function inspect(
       callGraph = await getCallGraph(
         targetPath,
         timeout, // expects ms
+        options.args,
       );
       maybeCallGraphMetrics = {
         callGraphMetrics: javaCallGraphBuilder.runtimeMetrics(),
@@ -221,12 +222,14 @@ export function buildArgs(
 async function getCallGraph(
   targetPath: string,
   timeout?: number,
+  customMavenArgs?: string[],
 ): Promise<CallGraphResult> {
   debug(`getting call graph from path ${targetPath}`);
   try {
     const callGraph: CallGraph = await javaCallGraphBuilder.getCallGraphMvn(
       path.dirname(targetPath),
       timeout,
+      customMavenArgs,
     );
     debug('got call graph successfully');
     return callGraph;

diff --git a/package.json b/package.json
@@ -41,7 +41,7 @@
   "dependencies": {
     "@snyk/cli-interface": "2.11.0",
     "@snyk/dep-graph": "^1.23.1",
-    "@snyk/java-call-graph-builder": "1.19.1",
+    "@snyk/java-call-graph-builder": "1.21.0",
     "debug": "^4.1.1",
     "glob": "^7.1.6",
     "needle": "^2.5.0",

diff --git a/tests/fixtures/test-project/settings.xml b/tests/fixtures/test-project/settings.xml
@@ -0,0 +1,12 @@
+    <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
+      <localRepository/>
+      <interactiveMode/>
+      <offline/>
+      <pluginGroups/>
+      <servers/>
+      <mirrors/>
+      <proxies/>
+      <profiles/>
+      <activeProfiles/>
+    </settings>
diff --git a/tests/system/plugin-reachable-vulns.test.ts b/tests/system/plugin-reachable-vulns.test.ts
@@ -101,5 +101,55 @@ test('inspect on test-project pom with reachable vulns', async (t) => {
   t.same(result, expected, 'should return expected result');
   t.tearDown(() => {
     javaCallGraphBuilderStub.restore();
+    callGraphMetrics.restore();
+  });
+});
+
+test('inspect on test-project pom with reachable vulns with maven args', async (t) => {
+  const mavenCallGraph = await readFixtureJSON('call-graphs', 'simple.json');
+  const javaCallGraphBuilderStub = sinon
+    .stub(javaCallGraphBuilder, 'getCallGraphMvn')
+    .resolves(mavenCallGraph as CallGraph);
+
+  const metrics = {
+    getEntrypoints: 0,
+    generateCallGraph: 13,
+    mapClassesPerJar: 12,
+    getCallGraph: 10,
+  };
+  const callGraphMetrics = sinon
+    .stub(javaCallGraphBuilder, 'runtimeMetrics')
+    .returns(metrics);
+
+  const args = [`-s=${path.join(testProjectPath, 'settings.xml')}`];
+  const result = await plugin.inspect(
+    '.',
+    path.join(testProjectPath, 'pom.xml'),
+    {
+      reachableVulns: true,
+      args,
+    },
+  );
+  t.ok(
+    javaCallGraphBuilderStub.calledWith(testProjectPath, undefined, args),
+    'call graph builder was called with the correct path and custom args',
+  );
+  const expected = await readFixtureJSON(
+    'test-project',
+    'expected-with-call-graph.json',
+  );
+  t.ok(javaCallGraphBuilderStub.calledOnce, 'called to the call graph builder');
+  t.ok(
+    javaCallGraphBuilderStub.calledWith(testProjectPath),
+    'call graph builder was called with the correct path',
+  );
+  t.ok(callGraphMetrics.calledOnce, 'callgraph metrics were fetched');
+  t.equals((result.plugin.meta as any).callGraphMetrics, metrics);
+
+  delete result.plugin.meta;
+  t.same(result, expected, 'should return expected result');
+  t.tearDown(() => {
+    javaCallGraphBuilderStub.restore();
+    callGraphMetrics.restore();
   });
 });