feat: support --print-graph with mvn-plugin

snyk · May 8, 2024 · b629102 · b629102
1 parent 89c9491
commit b629102
Show file tree

Hide file tree

Showing 7 changed files with 195 additions and 8 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -120,7 +120,7 @@
     "snyk-go-plugin": "1.23.0",
     "snyk-gradle-plugin": "4.1.0",
     "snyk-module": "3.1.0",
-    "snyk-mvn-plugin": "3.4.2",
+    "snyk-mvn-plugin": "3.5.0",
     "snyk-nodejs-lockfile-parser": "1.52.11",
     "snyk-nuget-plugin": "2.4.5",
     "snyk-php-plugin": "1.9.2",

diff --git a/test/acceptance/workspaces/maven-many-paths/child/pom.xml b/test/acceptance/workspaces/maven-many-paths/child/pom.xml
@@ -0,0 +1,34 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>io.snyk.example</groupId>
+  <artifactId>child-project</artifactId>
+  <packaging>jar</packaging>
+  <version>1.0-SNAPSHOT</version>
+  <name>Test project</name>
+  <description>Test child project for Snyk CLI</description>
+
+  <properties>
+    <axis.version>1.4</axis.version>
+  </properties>
+
+  <dependencies>
+
+    <dependency>
+      <groupId>axis</groupId>
+      <artifactId>axis</artifactId>
+      <version>${axis.version}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.10</version>
+      <scope>test</scope>
+    </dependency>
+
+  </dependencies>
+
+</project>
diff --git a/test/acceptance/workspaces/maven-many-paths/pom.xml b/test/acceptance/workspaces/maven-many-paths/pom.xml
@@ -0,0 +1,38 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>io.snyk.example</groupId>
+  <artifactId>test-project</artifactId>
+  <packaging>pom</packaging>
+  <version>1.0-SNAPSHOT</version>
+  <name>Test project</name>
+  <description>Test project for Snyk CLI</description>
+
+  <modules>
+    <module>child-project</module>
+  </modules>
+
+  <properties>
+    <axis.version>1.4</axis.version>
+  </properties>
+
+  <dependencies>
+
+    <dependency>
+      <groupId>axis</groupId>
+      <artifactId>axis</artifactId>
+      <version>${axis.version}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.10</version>
+      <scope>test</scope>
+    </dependency>
+
+  </dependencies>
+
+</project>
diff --git a/test/fixtures/maven-print-graph/pom.xml b/test/fixtures/maven-print-graph/pom.xml
@@ -0,0 +1,34 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>io.snyk.example</groupId>
+  <artifactId>test-project</artifactId>
+  <packaging>jar</packaging>
+  <version>1.0-SNAPSHOT</version>
+  <name>Test project</name>
+  <description>Test project for the Maven CLI plugin</description>
+
+  <properties>
+    <axis.version>1.4</axis.version>
+  </properties>
+
+  <dependencies>
+
+    <dependency>
+      <groupId>axis</groupId>
+      <artifactId>axis</artifactId>
+      <version>${axis.version}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.10</version>
+      <scope>test</scope>
+    </dependency>
+
+  </dependencies>
+
+</project>
diff --git a/test/jest/acceptance/snyk-sbom/maven-options.spec.ts b/test/jest/acceptance/snyk-sbom/maven-options.spec.ts
@@ -47,6 +47,26 @@ describe('snyk sbom: maven options (mocked server only)', () => {
     expect(sbom.components.length).toBeGreaterThanOrEqual(11);
   });
 
+  test('`sbom --file` generates an SBOM without pruning', async () => {
+    const sbom = await runSnykSbomCliCycloneDxJsonForFixture(
+      'maven-print-graph',
+      '--file=pom.xml',
+      env,
+    );
+
+    expect(sbom.metadata.component.name).toEqual(
+      'io.snyk.example:test-project',
+    );
+    expect(sbom.components.length).toBeGreaterThanOrEqual(7);
+    expect(sbom.components[6].ref).toEqual(
+      '7-commons-discovery:commons-discovery@0.2',
+    );
+    expect(sbom.components[6].dependsOn.length).toEqual(1);
+    expect(sbom.components[6].dependsOn[0]).toEqual(
+      '6-commons-logging:commons-logging@1.0.4',
+    );
+  });
+
   test('`sbom --scan-unmanaged --file=<NAME>` generates an SBOM for the specific JAR file', async () => {
     const sbom = await runSnykSbomCliCycloneDxJsonForFixture(
       'maven-jars',

diff --git a/test/jest/acceptance/snyk-test/print-graph.spec.ts b/test/jest/acceptance/snyk-test/print-graph.spec.ts
@@ -0,0 +1,61 @@
+import { createProjectFromWorkspace } from '../../util/createProject';
+import { runSnykCLI } from '../../util/runSnykCLI';
+
+jest.setTimeout(1000 * 60);
+
+describe('print graph', () => {
+  test("`snyk test --print-graph` should print a project's dep-graph", async () => {
+    const project = await createProjectFromWorkspace('npm-package');
+
+    const { code, stdout } = await runSnykCLI('test --print-graph', {
+      cwd: project.path(),
+    });
+
+    expect(code).toEqual(0);
+    expect(stdout).toMatch('DepGraph data:');
+    expect(stdout).toMatch('DepGraph target:\npackage-lock.json');
+  });
+
+  test('`snyk test --print-graph` should not prune dependencies', async () => {
+    const project = await createProjectFromWorkspace('maven-many-paths');
+
+    const { code, stdout } = await runSnykCLI('test --print-graph', {
+      cwd: project.path(),
+    });
+
+    expect(code).toEqual(0);
+    const depGraph = JSON.parse(
+      stdout.split('DepGraph data:')[1]?.split('DepGraph target:')[0],
+    );
+    let numEdges = 0;
+    for (const node of depGraph.graph.nodes) {
+      numEdges += node.deps.length;
+    }
+    expect(numEdges).toEqual(7);
+  });
+
+  test('`snyk test --print-graph --all-projects` should not prune dependencies', async () => {
+    const project = await createProjectFromWorkspace('maven-many-paths');
+
+    const { code, stdout } = await runSnykCLI(
+      'test --print-graph --all-projects',
+      {
+        cwd: project.path(),
+      },
+    );
+
+    expect(code).toEqual(0);
+    const depGraphs = stdout
+      .split('DepGraph data:')
+      .filter(Boolean)
+      .map((s) => JSON.parse(s.split('DepGraph target:')[0]));
+
+    let numEdges = 0;
+    for (const depGraph of depGraphs) {
+      for (const node of depGraph.graph.nodes) {
+        numEdges += node.deps.length;
+      }
+    }
+    expect(numEdges).toEqual(14);
+  });
+});