Use isReportSupportedFile instead of SUPPORTED_FILE_PATTERNS regexp

Author: jdalton

src/commands/scan/create-scan-from-github.mts

@@ -7,48 +7,13 @@ import { debugDir, debugFn } from '@socketsecurity/registry/lib/debug'
 import { logger } from '@socketsecurity/registry/lib/logger'
 import { confirm, select } from '@socketsecurity/registry/lib/prompts'
 
+import { fetchSupportedScanFileNames } from './fetch-supported-scan-file-names.mts'
 import { handleCreateNewScan } from './handle-create-new-scan.mts'
+import { isReportSupportedFile } from '../../utils/glob.mts'
 import { fetchListAllRepos } from '../repository/fetch-list-all-repos.mts'
 
 import type { CResult, OutputKind } from '../../types.mts'
 
-// Supported manifest file name patterns
-// Keep in mind that we have to request these files through the GitHub API; that cost is much heavier than local disk searches
-// TODO: get this list from API instead? Is that too much? Has to fetch through gh api...
-const SUPPORTED_FILE_PATTERNS = [
-  /.*[-.]spdx\.json/,
-  /bom\.json/,
-  /.*[-.]cyclonedx\.json/,
-  /.*[-.]cyclonedx\.xml/,
-  /package\.json/,
-  /package-lock\.json/,
-  /npm-shrinkwrap\.json/,
-  /yarn\.lock/,
-  /pnpm-lock\.yaml/,
-  /pnpm-lock\.yml/,
-  /pnpm-workspace\.yaml/,
-  /pnpm-workspace\.yml/,
-  /pipfile/,
-  /pyproject\.toml/,
-  /poetry\.lock/,
-  /requirements[\\/].*\.txt/,
-  /requirements-.*\.txt/,
-  /requirements_.*\.txt/,
-  /requirements\.frozen/,
-  /setup\.py/,
-  /pipfile\.lock/,
-  /go\.mod/,
-  /go\.sum/,
-  /pom\.xml/,
-  /.*\..*proj/,
-  /.*\.props/,
-  /.*\.targets/,
-  /.*\.nuspec/,
-  /nuget\.config/,
-  /packages\.config/,
-  /packages\.lock\.json/,
-]
-
 export async function createScanFromGithub({
   all,
   githubApiUrl,
@@ -359,7 +324,12 @@ async function testAndDownloadManifestFile({
 }): Promise<CResult<{ isManifest: boolean }>> {
   debugFn('notice', 'testing: file', file)
 
-  if (!SUPPORTED_FILE_PATTERNS.some(regex => regex.test(file))) {
+  const supportedFilesCResult = await fetchSupportedScanFileNames()
+  const supportedFiles = supportedFilesCResult.ok
+    ? supportedFilesCResult.data
+    : undefined
+
+  if (!supportedFiles || !isReportSupportedFile(file, supportedFiles)) {
     debugFn('notice', '  - skip: not a known pattern')
     // Not an error.
     return { ok: true, data: { isManifest: false } }

src/utils/glob.mts

@@ -12,7 +12,7 @@ import { safeReadFile } from './fs.mts'
 
 import type { Agent } from './package-environment.mts'
 import type { SocketYml } from '@socketsecurity/config'
-import type { SocketSdkReturnType } from '@socketsecurity/sdk'
+import type { SocketSdkSuccessResult } from '@socketsecurity/sdk'
 import type { GlobOptions } from 'tinyglobby'
 
 const ignoredDirs = [
@@ -157,18 +157,25 @@ function workspacePatternToGlobPattern(workspace: string): string {
   return `${workspace}/package.json`
 }
 
-export async function filterGlobResultToSupportedFiles(
-  entries: string[] | readonly string[],
-  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'],
-): Promise<string[]> {
+export function filterReportSupportedFiles(
+  filepaths: string[] | readonly string[],
+  supportedFiles: SocketSdkSuccessResult<'getReportSupportedFiles'>['data'],
+): string[] {
+  const patterns = getSupportedFilePatterns(supportedFiles)
+  return filepaths.filter(p => micromatch.some(p, patterns))
+}
+
+export function getSupportedFilePatterns(
+  supportedFiles: SocketSdkSuccessResult<'getReportSupportedFiles'>['data'],
+): string[] {
   const patterns: string[] = []
   for (const key of Object.keys(supportedFiles)) {
     const supported = supportedFiles[key]
     if (supported) {
       patterns.push(...Object.values(supported).map(p => `**/${p.pattern}`))
     }
   }
-  return entries.filter(p => micromatch.some(p, patterns))
+  return patterns
 }
 
 type GlobWithGitIgnoreOptions = GlobOptions & {
@@ -257,6 +264,14 @@ export async function globWorkspace(
     : []
 }
 
+export function isReportSupportedFile(
+  filepath: string,
+  supportedFiles: SocketSdkSuccessResult<'getReportSupportedFiles'>['data'],
+) {
+  const patterns = getSupportedFilePatterns(supportedFiles)
+  return micromatch.some(filepath, patterns)
+}
+
 export function pathsToGlobPatterns(
   paths: string[] | readonly string[],
 ): string[] {

src/utils/path-resolve.mts

@@ -8,15 +8,13 @@ import { resolveBinPathSync } from '@socketsecurity/registry/lib/npm'
 import constants from '../constants.mts'
 import { safeStatsSync } from './fs.mts'
 import {
-  filterGlobResultToSupportedFiles,
+  filterReportSupportedFiles,
   globWithGitIgnore,
   pathsToGlobPatterns,
 } from './glob.mts'
 
 import type { SocketYml } from '@socketsecurity/config'
-import type { SocketSdkReturnType } from '@socketsecurity/sdk'
-
-const { NODE_MODULES, NPM, shadowBinPath } = constants
+import type { SocketSdkSuccessResult } from '@socketsecurity/sdk'
 
 export function findBinPathDetailsSync(binName: string): {
   name: string
@@ -28,6 +26,8 @@ export function findBinPathDetailsSync(binName: string): {
       all: true,
       nothrow: true,
     }) ?? []
+  // Lazily access constants.shadowBinPath.
+  const { shadowBinPath } = constants
   let shadowIndex = -1
   let theBinPath: string | undefined
   for (let i = 0, { length } = binPaths; i < length; i += 1) {
@@ -48,7 +48,7 @@ export function findNpmPathSync(npmBinPath: string): string | undefined {
   const { WIN32 } = constants
   let thePath = npmBinPath
   while (true) {
-    const libNmNpmPath = path.join(thePath, 'lib', NODE_MODULES, NPM)
+    const libNmNpmPath = path.join(thePath, 'lib/node_modules/npm')
     // mise puts its npm bin in a path like:
     //   /Users/SomeUsername/.local/share/mise/installs/node/vX.X.X/bin/npm.
     // HOWEVER, the location of the npm install is:
@@ -60,9 +60,9 @@ export function findNpmPathSync(npmBinPath: string): string | undefined {
       existsSync(libNmNpmPath) &&
       safeStatsSync(libNmNpmPath)?.isDirectory()
     ) {
-      thePath = path.join(libNmNpmPath, NPM)
+      thePath = path.join(libNmNpmPath, 'npm')
     }
-    const nmPath = path.join(thePath, NODE_MODULES)
+    const nmPath = path.join(thePath, 'node_modules')
     if (
       // npm bin paths may look like:
       //   /usr/local/share/npm/bin/npm
@@ -77,9 +77,9 @@ export function findNpmPathSync(npmBinPath: string): string | undefined {
       existsSync(nmPath) &&
       safeStatsSync(nmPath)?.isDirectory() &&
       // Optimistically look for the default location.
-      (path.basename(thePath) === NPM ||
+      (path.basename(thePath) === 'npm' ||
         // Chocolatey installs npm bins in the same directory as node bins.
-        (WIN32 && existsSync(path.join(thePath, `${NPM}.cmd`))))
+        (WIN32 && existsSync(path.join(thePath, 'npm.cmd'))))
     ) {
       return thePath
     }
@@ -98,16 +98,16 @@ export type PackageFilesForScanOptions = {
 
 export async function getPackageFilesForScan(
   inputPaths: string[],
-  supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'],
+  supportedFiles: SocketSdkSuccessResult<'getReportSupportedFiles'>['data'],
   options?: PackageFilesForScanOptions | undefined,
 ): Promise<string[]> {
   const { config: socketConfig, cwd = process.cwd() } = {
     __proto__: null,
     ...options,
   } as PackageFilesForScanOptions
-  const entries = await globWithGitIgnore(pathsToGlobPatterns(inputPaths), {
+  const filepaths = await globWithGitIgnore(pathsToGlobPatterns(inputPaths), {
     cwd,
     socketConfig,
   })
-  return await filterGlobResultToSupportedFiles(entries, supportedFiles)
+  return filterReportSupportedFiles(filepaths, supportedFiles)
 }