scan create: allow maven files, include cwd option (#319)

pvdz · web-flow · commit 05599f640c13 · 2025-02-13T16:53:31.000-05:00
diff --git a/src/commands/scan/cmd-create.ts b/src/commands/scan/cmd-create.ts
@@ -43,6 +43,10 @@ const config: CliCommandConfig = {
       default: '',
       description: 'Commit hash'
     },
+    cwd: {
+      type: 'string',
+      description: 'working directory, defaults to process.cwd()'
+    },
     pullRequest: {
       type: 'number',
       shortFlag: 'pr',
@@ -76,13 +80,18 @@ const config: CliCommandConfig = {
   },
   help: (parentName, config) => `
     Usage
-      $ ${parentName} ${config.commandName} [...options] <org>
+      $ ${parentName} ${config.commandName} [...options] <org> <TARGET> [TARGET...]
+
+    Where TARGET is a FILE or DIR that _must_ be inside the CWD.
+
+    When a FILE is given only that FILE is targeted. Otherwise any eligible
+    files in the given DIR will be considered.
 
     Options
       ${getFlagListOutput(config.flags, 6)}
 
     Examples
-      $ ${parentName} ${config.commandName} --org=FakeOrg --repo=test-repo --branch=main ./package.json
+      $ ${parentName} ${config.commandName} --repo=test-repo --branch=main FakeOrg ./package.json
   `
 }
 
@@ -104,8 +113,12 @@ async function run(
     flags: config.flags
   })
 
-  const orgSlug = cli.input[0] ?? '' // TODO: if nobody uses this then get rid of it in favor of --org
-  const cwd = process.cwd()
+  const [orgSlug = '', ...targets] = cli.input
+
+  const cwd =
+    cli.flags['cwd'] && cli.flags['cwd'] !== 'process.cwd()'
+      ? String(cli.flags['cwd'])
+      : process.cwd()
 
   const socketSdk = await setupSdk()
   const supportedFiles = await socketSdk
@@ -126,18 +139,28 @@ async function run(
 
   const packagePaths = await getPackageFilesFullScans(
     cwd,
-    cli.input,
+    targets,
     supportedFiles
   )
 
   const { branch: branchName, repo: repoName } = cli.flags
 
   if (!orgSlug || !repoName || !branchName || !packagePaths.length) {
     console.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-    - Org name as the argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
+    - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
     - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}\n
     - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-    - At least one file path (e.g. ./package.json) ${!packagePaths.length ? colors.red('(missing or no matching/supported files found!)') : colors.green('(ok)')}`)
+    - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${
+      !packagePaths.length
+        ? colors.red(
+            targets.length > 0
+              ? '(TARGET' +
+                  (targets.length ? 's' : '') +
+                  ' contained no matching/supported files!)'
+              : '(missing)'
+          )
+        : colors.green('(ok)')
+    }`)
     config.help(parentName, config)
     return
   }
@@ -159,6 +182,7 @@ async function run(
     pendingHead: Boolean(cli.flags['pendingHead']),
     tmp: Boolean(cli.flags['tmp']),
     packagePaths,
+    cwd,
     commitHash: (cli.flags['commitHash'] as string) ?? '',
     committers: (cli.flags['committers'] as string) ?? '',
     pullRequest: (cli.flags['pullRequest'] as number) ?? undefined
diff --git a/src/commands/scan/create-full-scan.ts b/src/commands/scan/create-full-scan.ts
@@ -15,6 +15,7 @@ export async function createFullScan({
   commitHash: _commitHash,
   commitMessage,
   committers: _committers,
+  cwd,
   defaultBranch,
   orgSlug,
   packagePaths,
@@ -35,6 +36,7 @@ export async function createFullScan({
   pendingHead: boolean
   tmp: boolean
   packagePaths: string[]
+  cwd: string
 }): Promise<void> {
   const spinnerText = 'Creating a scan... \n'
   const spinner = new Spinner({ text: spinnerText }).start()
@@ -51,7 +53,8 @@ export async function createFullScan({
         set_as_pending_head: pendingHead,
         tmp
       },
-      packagePaths
+      packagePaths,
+      cwd
     ),
     'Creating scan'
   )
diff --git a/src/utils/path-resolve.ts b/src/utils/path-resolve.ts
@@ -25,13 +25,18 @@ async function filterGlobResultToSupportedFiles(
   entries: string[],
   supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']
 ): Promise<string[]> {
-  const patterns = ['golang', NPM, 'pypi'].reduce((r: string[], n: string) => {
-    const supported = supportedFiles[n]
-    r.push(
-      ...(supported ? Object.values(supported).map(p => `**/${p.pattern}`) : [])
-    )
-    return r
-  }, [])
+  const patterns = ['golang', NPM, 'maven', 'pypi'].reduce(
+    (r: string[], n: string) => {
+      const supported = supportedFiles[n]
+      r.push(
+        ...(supported
+          ? Object.values(supported).map(p => `**/${p.pattern}`)
+          : [])
+      )
+      return r
+    },
+    []
+  )
   return entries.filter(p => micromatch.some(p, patterns))
 }
 
@@ -84,6 +89,9 @@ async function globWithGitIgnore(
     return result
   }
   const { absolute } = globOptions
+
+  // Note: the input files must be INSIDE the cwd. If you get strange looking
+  // relative path errors here, most likely your path is outside the given cwd.
   const filtered = ignore()
     .add(ignores)
     .filter(absolute ? result.map(p => path.relative(cwd, p)) : result)
