Merge branch 'master' into feat/bump-snyk-docker-plugin

docker/Dockerfile.gradle-2.8

@@ -8,7 +8,7 @@ RUN echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main"
 
 # Accept license non-iteractive
 RUN echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections
-RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
+RUN apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
 RUN apt-get update
 RUN mkdir -p /usr/share/man/man1
 RUN apt-get install -y oracle-java8-installer oracle-java8-set-default

docker/Dockerfile.gradle-4.4

@@ -8,7 +8,7 @@ RUN echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main"
 
 # Accept license non-iteractive
 RUN echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections
-RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
+RUN apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
 RUN apt-get update
 RUN mkdir -p /usr/share/man/man1
 RUN apt-get install -y oracle-java8-installer oracle-java8-set-default

docker/Dockerfile.maven-3.5.4

@@ -8,7 +8,7 @@ RUN echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main"
 
 # Accept license non-iteractive
 RUN echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections
-RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
+RUN apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
 RUN apt-get update
 RUN mkdir -p /usr/share/man/man1
 RUN apt-get install -y oracle-java8-installer oracle-java8-set-default

docker/Dockerfile.sbt-0.13.16

@@ -8,7 +8,7 @@ RUN echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main"
 
 # Accept license non-iteractive
 RUN echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections
-RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
+RUN apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
 RUN apt-get update
 RUN mkdir -p /usr/share/man/man1
 RUN apt-get install -y oracle-java8-installer oracle-java8-set-default

docker/Dockerfile.sbt-1.0.4

@@ -8,7 +8,7 @@ RUN echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main"
 
 # Accept license non-iteractive
 RUN echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections
-RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
+RUN apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
 RUN apt-get update
 RUN mkdir -p /usr/share/man/man1
 RUN apt-get install -y oracle-java8-installer oracle-java8-set-default

docker/docker-entrypoint.sh

@@ -10,17 +10,17 @@ SNYK_COMMAND="$1"
 SNYK_PARAMS="${@:2}"
 ADDITIONAL_ENV=""
 
-if [ -z "$USER_ID" ]; then
+if [ -z "${USER_ID}" ]; then
   USER_ID=$(id -u)
 fi
 
-USER_NAME=$(getent passwd "$USER_ID" | awk -F ':' '{print $1}')
+USER_NAME=$(getent passwd "${USER_ID}" | awk -F ':' '{print $1}')
 
-if [ "$USER_NAME" != "" ] && [ "$USER_NAME" != "root" ]; then
-  usermod -d /home/node "$USER_NAME"
+if [ "${USER_NAME}" != "" ] && [ "${USER_NAME}" != "root" ]; then
+  usermod -d /home/node "${USER_NAME}"
 fi
 
-useradd -o -m -u "$USER_ID" -d /home/node docker-user 2>/dev/null
+useradd -o -m -u "${USER_ID}" -d /home/node docker-user 2>/dev/null
 
 runCmdAsDockerUser () {
   su docker-user -m -c "$1"
@@ -41,25 +41,27 @@ exitWithMsg () {
 }
 
 ##
-## Start of backward compatability code
-## Should be phased out when we phase out the current version of the jenkins plugin
-## These parameters should only be used with the Jenkins plugin! Please see README.md for more info
+## Start of backward compatability code.
+## Should be phased out when we phase out the current version of the jenkins
+## plugin.
+## These parameters should only be used with the Jenkins plugin! Please see
+## README.md for more info.
 ##
 
 TEST_SETTINGS="";
 PROJECT_SUBDIR=""
 
-if [ ! -z "$TARGET_FILE" ]; then
-  if [ ! -f "$PROJECT_PATH/$PROJECT_FOLDER/$TARGET_FILE" ]; then
-    exitWithMsg "$PROJECT_PATH/$PROJECT_FOLDER/$TARGET_FILE does not exist" 1
+if [ -n "${TARGET_FILE}" ]; then
+  if [ ! -f "${PROJECT_PATH}/${PROJECT_FOLDER}/${TARGET_FILE}" ]; then
+    exitWithMsg "\"${PROJECT_PATH}/${PROJECT_FOLDER}/${TARGET_FILE}\" does not exist" 1
   fi
 
   PROJECT_SUBDIR=$(dirname "${TARGET_FILE}")
   MANIFEST_NAME=$(basename "${TARGET_FILE}")
   TEST_SETTINGS="--file=${MANIFEST_NAME} "
 fi
 
-if [ ! -z "$ORGANIZATION" ]; then
+if [ -n "${ORGANIZATION}" ]; then
   TEST_SETTINGS="${TEST_SETTINGS} --org=${ORGANIZATION}"
 fi
 
@@ -69,47 +71,58 @@ SNYK_PARAMS="${SNYK_PARAMS} ${TEST_SETTINGS}"
 ## End of backward compatability code
 ##
 
-if [ -z "$SNYK_TOKEN" ]; then
-  exitWithMsg "Missing \$SNYK_TOKEN" 1
+if [ -z "${SNYK_TOKEN}" ]; then
+  exitWithMsg "Missing \${SNYK_TOKEN}" 1
 fi
 
-if [ ! -z "$ENV_FLAGS" ]; then
+if [ -n "${ENV_FLAGS}" ]; then
   ADDITIONAL_ENV="-- ${ENV_FLAGS}"
 fi
 
-cd "$PROJECT_PATH/$PROJECT_FOLDER/$PROJECT_SUBDIR" || exitWithMsg "Can't cd to $PROJECT_PATH/$PROJECT_FOLDER/$PROJECT_SUBDIR" 1
+cd "${PROJECT_PATH}/${PROJECT_FOLDER}/${PROJECT_SUBDIR}" || \
+exitWithMsg "Can't cd to ${PROJECT_PATH}/${PROJECT_FOLDER}/${PROJECT_SUBDIR}" 1
 
-runCmdAsDockerUser "PATH=$PATH snyk $SNYK_COMMAND $SNYK_PARAMS $ADDITIONAL_ENV > $OUTPUT_FILE 2>$ERROR_FILE"
+runCmdAsDockerUser "PATH=${PATH} snyk ${SNYK_COMMAND} ${SNYK_PARAMS} \
+${ADDITIONAL_ENV} > \"${OUTPUT_FILE}\" 2>\"${ERROR_FILE}\""
 
 RC=$?
 
 if [ "$RC" -ne "0" ] && [ "$RC" -ne "1" ]; then
-  exitWithMsg "$OUTPUT_FILE" "$RC"
+  exitWithMsg "${OUTPUT_FILE}" "$RC"
 fi
 
 #
-# Commented out the condition because we want to always generate the html file until we phase out the old version of the Jenkins plugin
+# Commented out the condition because we want to always generate the html
+# file until we phase out the old version of the Jenkins plugin.
 # TODO: Re-add this option to documentation once back
 #
-# - `GENERATE_REPORT` - [OPTIONAL] if set, this will generate the HTML report with a summary of the vulnerabilities detected by snyk.
+# - `GENERATE_REPORT` - [OPTIONAL] if set, this will generate the HTML report
+# with a summary of the vulnerabilities detected by snyk.
 #
-# if [ ! -z $GENERATE_REPORT ]; then
-runCmdAsDockerUser "touch $PROJECT_PATH/$PROJECT_FOLDER/$HTML_FILE"
+# if [ -n $GENERATE_REPORT ]; then
+runCmdAsDockerUser "touch \"${PROJECT_PATH}/${PROJECT_FOLDER}/${HTML_FILE}\""
 
-if [ ! -z "$MONITOR" ]; then
-  runCmdAsDockerUser "PATH=$PATH snyk monitor --json $SNYK_PARAMS -- $ADDITIONAL_ENV | jq -r \".uri\" | awk '{print \"<center><a target=\\\"_blank\\\" href=\\\"\" \$0 \"\\\">View On Snyk.io</a></center>\"}' > $PROJECT_PATH/$PROJECT_FOLDER/$HTML_FILE 2>$ERROR_FILE"
+if [ -n "$MONITOR" ]; then
+  runCmdAsDockerUser "PATH=${PATH} snyk monitor --json ${SNYK_PARAMS} \
+  ${ADDITIONAL_ENV} | jq -r \".uri\" | awk '{print \"<center><a target=\\\"_blank\\\" href=\\\"\" \$0 \"\\\">View On Snyk.io</a></center>\"}' > \"${PROJECT_PATH}/${PROJECT_FOLDER}/${HTML_FILE}\" 2>\"${ERROR_FILE}\""
 fi
 
 
-runCmdAsDockerUser "cat $OUTPUT_FILE | jq '.vulnerabilities|= map(. + {severity_numeric: (if(.severity) == \"high\" then 1 else (if(.severity) == \"medium\" then 2 else (if(.severity) == \"low\" then 3 else 4 end) end) end)}) |.vulnerabilities |= sort_by(.severity_numeric) | del(.vulnerabilities[].severity_numeric)' | snyk-to-html | sed 's/<\/head>/  <link rel=\"stylesheet\" href=\"snyk_report.css\"><\/head>/' >> $PROJECT_PATH/$PROJECT_FOLDER/$HTML_FILE"
-runCmdAsDockerUser "cat /home/node/snyk_report.css > $PROJECT_PATH/$PROJECT_FOLDER/snyk_report.css"
+runCmdAsDockerUser "cat \"${OUTPUT_FILE}\" | \
+jq '.vulnerabilities|= map(. + {severity_numeric: (if(.severity) == \"high\" then 1 else (if(.severity) == \"medium\" then 2 else (if(.severity) == \"low\" then 3 else 4 end) end) end)}) |.vulnerabilities |= sort_by(.severity_numeric) | del(.vulnerabilities[].severity_numeric)' | \
+snyk-to-html | \
+sed 's/<\/head>/  <link rel=\"stylesheet\" href=\"snyk_report.css\"><\/head>/' \
+>> \"${PROJECT_PATH}/${PROJECT_FOLDER}/${HTML_FILE}\""
+
+runCmdAsDockerUser "cat /home/node/snyk_report.css > \
+\"${PROJECT_PATH}/${PROJECT_FOLDER}/snyk_report.css\""
 # fi
 #
 
 if [ $RC -ne "0" ]; then
-  exitWithMsg "$OUTPUT_FILE" "$RC"
+  exitWithMsg "${OUTPUT_FILE}" "$RC"
 fi
 
-cat "$OUTPUT_FILE"
+cat "${OUTPUT_FILE}"
 
 exit "$RC"

docker/docker-python-entrypoint.sh

@@ -2,5 +2,5 @@
 
 virtualenv -p python snyk
 source snyk/bin/activate
-pip install -U -r $PROJECT_PATH/requirements.txt
-bash docker-entrypoint.sh "$@"
+pip install -U -r "${PROJECT_PATH}/requirements.txt"
+bash docker-entrypoint.sh "$@"

package.json

@@ -61,24 +61,25 @@
     "semver": "^5.5.0",
     "snyk-config": "2.2.0",
     "snyk-docker-plugin": "1.14.0",
-    "snyk-go-plugin": "1.6.0",
-    "snyk-gradle-plugin": "2.1.1",
+    "snyk-go-plugin": "1.6.1",
+    "snyk-gradle-plugin": "2.1.2",
     "snyk-module": "1.9.1",
-    "snyk-mvn-plugin": "2.0.0",
+    "snyk-mvn-plugin": "2.0.1",
     "snyk-nodejs-lockfile-parser": "1.9.0",
     "snyk-nuget-plugin": "1.6.5",
     "snyk-php-plugin": "1.5.1",
     "snyk-policy": "1.13.1",
     "snyk-python-plugin": "1.9.0",
     "snyk-resolve": "1.0.1",
     "snyk-resolve-deps": "4.0.2",
-    "snyk-sbt-plugin": "2.0.0",
+    "snyk-sbt-plugin": "2.0.1",
     "snyk-tree": "^1.0.0",
     "snyk-try-require": "1.3.1",
     "source-map-support": "^0.5.9",
     "tempfile": "^2.0.0",
     "then-fs": "^2.0.0",
     "undefsafe": "^2.0.0",
+    "update-notifier": "^2.5.0",
     "uuid": "^3.2.1"
   },
   "devDependencies": {

src/cli/index.ts

@@ -13,6 +13,7 @@ import spinner = require('../lib/spinner');
 import errors = require('../lib/error');
 import ansiEscapes = require('ansi-escapes');
 import {isPathToPackageFile} from '../lib/detect';
+import {updateCheck} from '../lib/updater';
 
 async function runCommand(args) {
   const result = await args.method(...args.options._);
@@ -108,6 +109,7 @@ function checkPaths(args) {
 }
 
 async function main() {
+  updateCheck();
   checkRuntime();
 
   const args = argsLib(process.argv);

src/lib/updater.ts

@@ -0,0 +1,25 @@
+import * as updateNotifier from 'update-notifier';
+import * as fs from 'fs';
+import * as p from 'path';
+
+export function updateCheck() {
+  const pkgPath = p.join(__dirname, '../..', 'package.json');
+  const isPkgFilePresent = fs.existsSync(pkgPath);
+
+  if (!isPkgFilePresent) {
+    return false;
+  }
+
+  const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+
+  // if there's no version (f.e. during tests) - do not proceed
+  if (!pkg.version) {
+    return false;
+  }
+
+  // Checks for available update and returns an instance
+  // Default updateCheckInterval is once a day
+  const notifier = updateNotifier({pkg});
+  notifier.notify();
+  return true;
+}

test/updater.test.js

@@ -0,0 +1,33 @@
+const tap = require('tap');
+const test = tap.test;
+const updateCheck = require('../src/lib/updater').updateCheck;
+const path = require('path');
+const sinon = require('sinon').createSandbox();
+const updateNotifier = require('update-notifier');
+
+// Fake location of the package.json file and verify the code behaves well
+test('missing package.json', (t) => {
+  t.plan(1);
+  let resolveStub = sinon.stub(path, 'resolve');
+  resolveStub.onFirstCall().returns('falseDir');
+  resolveStub.onSecondCall().returns('falseFile');
+
+  t.tearDown(() => {
+    resolveStub.restore();
+  });
+
+  t.equal(updateCheck(), false, 'Notifier was not started on missing package.json');
+  t.end();
+});
+
+// Run updateNotifier API for the basic package. THe target is to verify API still stands
+test('verify updater', (t) => {
+   var pkg = {
+    name: 'snyk',
+    version: '1.0.0'
+  };
+  const notifier = updateNotifier({pkg});
+
+  t.equal(notifier.packageName, 'snyk', 'Successfull call to notifier');
+  t.end();
+});