From 11b33bb7893d6232beb0e6cd8b727faf24a653f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Max=20Leuth=C3=A4user?=
 <1417198+max-leuthaeuser@users.noreply.github.com>
Date: Thu, 4 Aug 2022 07:56:50 +0200
Subject: [PATCH] Remove engine checks and scripts for installing transpilation
 plugins (#192)

Otherwise, the plugin installation may fail due to unfulfillable checks on the npm/nodejs version during
transpilation plugin installation. Also, the scripts section of the package.json may contain pre-/post install
hooks that may crash the installation.

For: https://github.com/ShiftLeftSecurity/product/issues/10841
---
 build.sbt                                     |  7 +++--
 .../preprocessing/TranspilationRunner.scala   |  9 +++++-
 src/test/resources/enginecheck/.npmrc         |  1 +
 src/test/resources/enginecheck/index.ts       |  1 +
 src/test/resources/enginecheck/package.json   |  9 ++++++
 src/test/resources/enginecheck/tsconfig.json  |  3 ++
 .../TranspilationRunnerTest.scala             | 28 +++++++++++++++++++
 7 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100644 src/test/resources/enginecheck/.npmrc
 create mode 100644 src/test/resources/enginecheck/index.ts
 create mode 100644 src/test/resources/enginecheck/package.json
 create mode 100644 src/test/resources/enginecheck/tsconfig.json

diff --git a/build.sbt b/build.sbt
index 1daf3e738..3fae3112d 100644
--- a/build.sbt
+++ b/build.sbt
@@ -109,8 +109,11 @@ lazy val commonSettings = Seq(
 lazy val js2cpg = (project in file(".")).settings(
   commonSettings,
   name := "js2cpg",
-  Test / unmanagedResources += baseDirectory.value / "src" / "test" / "resources" / "privatemodules" / ".npmrc",
-  Test / unmanagedResources += baseDirectory.value / "src" / "test" / "resources" / "ignoreprivatemodules" / ".npmrc",
+  Test / unmanagedResources ++= Seq(
+    baseDirectory.value / "src" / "test" / "resources" / "privatemodules" / ".npmrc",
+    baseDirectory.value / "src" / "test" / "resources" / "ignoreprivatemodules" / ".npmrc",
+    baseDirectory.value / "src" / "test" / "resources" / "enginecheck" / ".npmrc"
+  ),
   Test / javaOptions ++= Seq("-Dlog4j.configurationFile=file:src/test/resources/log4j2-test.xml"),
   publishTo             := sonatypePublishToBundle.value,
   sonatypeTimeoutMillis := 7200000,
diff --git a/src/main/scala/io/shiftleft/js2cpg/preprocessing/TranspilationRunner.scala b/src/main/scala/io/shiftleft/js2cpg/preprocessing/TranspilationRunner.scala
index e2e3379a4..d6dec63c2 100644
--- a/src/main/scala/io/shiftleft/js2cpg/preprocessing/TranspilationRunner.scala
+++ b/src/main/scala/io/shiftleft/js2cpg/preprocessing/TranspilationRunner.scala
@@ -130,8 +130,11 @@ class TranspilationRunner(projectPath: Path, tmpTranspileDir: Path, config: Conf
       val originalContent = FileUtils.readLinesInFile(packageJson.path).mkString("\n")
       val mapper          = new ObjectMapper()
       val json            = mapper.readTree(PackageJsonParser.removeComments(originalContent))
+      val jsonObject      = json.asInstanceOf[ObjectNode]
+
+      // remove all project specific dependencies (only keep the ones required for transpiling)
       PackageJsonParser.PROJECT_DEPENDENCIES.foreach { dep =>
-        Option(json.asInstanceOf[ObjectNode].get(dep).asInstanceOf[ObjectNode]).foreach { depNode =>
+        Option(jsonObject.get(dep).asInstanceOf[ObjectNode]).foreach { depNode =>
           val fieldsToRemove =
             depNode
               .fieldNames()
@@ -141,6 +144,10 @@ class TranspilationRunner(projectPath: Path, tmpTranspileDir: Path, config: Conf
           fieldsToRemove.foreach(depNode.remove)
         }
       }
+      // remove project specific engine restrictions and script hooks
+      jsonObject.remove("engines")
+      jsonObject.remove("scripts")
+
       packageJson.writeText(mapper.writeValueAsString(json))
 
       // run the transpilers
diff --git a/src/test/resources/enginecheck/.npmrc b/src/test/resources/enginecheck/.npmrc
new file mode 100644
index 000000000..b6f27f135
--- /dev/null
+++ b/src/test/resources/enginecheck/.npmrc
@@ -0,0 +1 @@
+engine-strict=true
diff --git a/src/test/resources/enginecheck/index.ts b/src/test/resources/enginecheck/index.ts
new file mode 100644
index 000000000..019c0f4bc
--- /dev/null
+++ b/src/test/resources/enginecheck/index.ts
@@ -0,0 +1 @@
+console.log("Hello World!");
diff --git a/src/test/resources/enginecheck/package.json b/src/test/resources/enginecheck/package.json
new file mode 100644
index 000000000..5eda020f3
--- /dev/null
+++ b/src/test/resources/enginecheck/package.json
@@ -0,0 +1,9 @@
+{
+  "name": "privatemodules",
+  "version": "0.1.0",
+  "private": true,
+  "engines" : {
+    "npm" : "<=4.0.0",
+    "node" : "<=12.0.0"
+  }
+}
diff --git a/src/test/resources/enginecheck/tsconfig.json b/src/test/resources/enginecheck/tsconfig.json
new file mode 100644
index 000000000..0e43624b3
--- /dev/null
+++ b/src/test/resources/enginecheck/tsconfig.json
@@ -0,0 +1,3 @@
+{
+  "include": ["index.ts"]
+}
\ No newline at end of file
diff --git a/src/test/scala/io/shiftleft/js2cpg/preprocessing/TranspilationRunnerTest.scala b/src/test/scala/io/shiftleft/js2cpg/preprocessing/TranspilationRunnerTest.scala
index b64a3535f..0eee45809 100644
--- a/src/test/scala/io/shiftleft/js2cpg/preprocessing/TranspilationRunnerTest.scala
+++ b/src/test/scala/io/shiftleft/js2cpg/preprocessing/TranspilationRunnerTest.scala
@@ -293,6 +293,34 @@ class TranspilationRunnerTest extends AnyWordSpec with Matchers {
         lineNumbers(cpg) should contain allElementsOf List(1, 2, 4, 7, 9)
       }
 
+    "fail when running on engine restricted project" in TranspilationFixture("enginecheck") { tmpDir =>
+      File.usingTemporaryDirectory() { transpileOutDir =>
+        new TranspilationRunner(
+          tmpDir.path,
+          transpileOutDir.path,
+          core.Config(srcDir = tmpDir.pathAsString, babelTranspiling = false, optimizeDependencies = false)
+        ).execute()
+        val transpiledJsFiles = FileUtils.getFileTree(transpileOutDir.path, core.Config(), List(JS_SUFFIX))
+        transpiledJsFiles shouldBe empty
+      }
+    }
+
+    "work when running on engine restricted project with optimized dependencies" in TranspilationFixture(
+      "enginecheck"
+    ) { tmpDir =>
+      File.usingTemporaryDirectory() { transpileOutDir =>
+        new TranspilationRunner(
+          tmpDir.path,
+          transpileOutDir.path,
+          core.Config(srcDir = tmpDir.pathAsString, babelTranspiling = false, optimizeDependencies = true)
+        ).execute()
+        val transpiledJsFiles = FileUtils
+          .getFileTree(transpileOutDir.path, core.Config(), List(JS_SUFFIX))
+          .map(_.getFileName.toString)
+        transpiledJsFiles shouldBe List("index.js")
+      }
+    }
+
   }
 
 }