diff --git a/src/js/background.js b/src/js/background.js index daa54d0..06734c9 100644 --- a/src/js/background.js +++ b/src/js/background.js @@ -1,4 +1,6 @@ -const snykurl = 'snyk.io'; +var snykurl = 'snyk.io'; +var apiToken = ''; +var userOrgs = []; const browser = window.msBrowser || window.browser || window.chrome; @@ -36,6 +38,71 @@ const isValidSnykDepTreePage = (str) => { return pattern.test(str); }; +const getUserOrgs = (snykHostname, apiToken) => { + fetch('https://'+snykurl +'/api/v1/orgs', + { headers: { + 'Content-type': 'application/json', + 'Authorization': 'token '+ apiToken, + }, + }) + .then((response) => { + return response.text(); + }) + .then( + (response) => { + const responseJSON = JSON.parse(response); + for (var i=0; i { + console.log(err); + }); +}; +const showDepUsageCountInPage = (count, orgName) => { + + chrome.tabs.query({ active: true, currentWindow: true }, (tabs) => { + chrome.tabs.sendMessage(tabs[0].id, { + message: 'dep-usage-in-org', + orgName, + count, + }); + }); + + +}; + +const getDependencyUsageInOrgs = (dependencyName, dependencyVersion, orgsArray) => { + const orgData=orgsArray[0]; + fetch('https://'+snykurl +'/api/v1/org/'+orgData.id+'/dependencies', + { method: 'POST', + headers: { + 'Content-type': 'application/json', + 'Authorization': 'token '+ apiToken, + }, + body: `{ "filters": { "dependencies": ["${dependencyName}@${dependencyVersion}"]}}`, + }) + .then((response) => { + return response.text(); + }) + .then( + (response) => { + var count = 0; + const responseJSON = JSON.parse(response); + if (responseJSON.results && responseJSON.results.length > 0) { + count = responseJSON.results[0].projects.length; + showDepUsageCountInPage(count, orgData.name); + } + return; + } + ) + .catch((err) => { + console.log(err); + }); +}; + browser.tabs.onUpdated.addListener((tabId, changeInfo) => { if (changeInfo.status === 'loading' && isValidNpmPackagePage(changeInfo.url)) { chrome.tabs.sendMessage(tabId, { @@ -53,50 +120,71 @@ browser.tabs.onUpdated.addListener((tabId, changeInfo) => { browser.runtime.onMessage.addListener( (request, sender, sendResponse) => { if (request.source === 'getsnykurl') { - sendResponse({ url: snykurl }); + sendResponse({ url: snykurl, apiToken }); } else if (request.source === 'snykurl') { - snykurl = request.url; + snykurl = request.url || 'snyk.io'; var connectionTimeout = setTimeout(() => { - sendResponse({ status: 'fail' }); + sendResponse({ status: 'Fail to connect to '+snykurl + '. Defaulting to snyk.io.' }); snykurl = 'snyk.io'; return; }, 3000); - - fetch('https://'+snykurl +'/') - .then( - (response) => { - if (response.status !== 200) { - sendResponse({ status: 'fail' }); - snykurl = 'snyk.io'; + if (!request.url || !request.apiToken) { + snykurl = 'snyk.io'; + apiToken = ''; + sendResponse({ ok: true, status: 'Cleared !' }); + } else { + fetch('https://'+snykurl +'/api/v1/', + { headers: { + 'Authorization': 'token '+ request.apiToken, + }, + }) + .then( + (response) => { + if (response.status !== 200) { + sendResponse({ ok: false, status: 'Fail to connect '+response.status }); + snykurl = 'snyk.io'; + return; + } + // console.log("success"); + clearTimeout(connectionTimeout); + snykurl = snykurl; + apiToken = request.apiToken; + getUserOrgs(snykurl, apiToken); + sendResponse({ ok: true, status: 'success' }); return; - } - // console.log("success"); - clearTimeout(connectionTimeout); - snykurl = snykurl; - sendResponse({ status: 'success' }); - - return; - } - ) - .catch((err) => { - console.log(err); - // sendResponse({status: "fail"}); - }); + } + ) + .catch((err) => { + console.log(err); + sendResponse({ ok: false, status: 'fail' }); + }); + } return true; } else { - const badgeRequest = fetch('https://us-central1-snyk-browser-extension.cloudfunctions.net/badge', { + var endpoint = 'https://us-central1-snyk-browser-extension.cloudfunctions.net/badge'; + var url = 'https://'+snykurl + request.testPath + '/badge.svg'; + var options = { method: 'POST', headers: { 'Content-Type': 'application/json; charset=utf-8', }, body: JSON.stringify({ - url: request.testPath + '/badge.svg', + url, }), - }); + }; + if (snykurl !== 'snyk.io') { + endpoint = url; // Endpoint is same as url in onprem scenarios + options = { + headers: { + 'access-control-allow-origin': '*', + }, + }; + } + const badgeRequest = fetch(endpoint, options); badgeRequest .then((response) => { return response.text(); @@ -112,5 +200,9 @@ browser.runtime.onMessage.addListener( (request, sender, sendResponse) => { showSafeNotification(request.packageName, request.packageVersion); } }); + sendResponse({ 'snykHostname': 'https://'+snykurl }); + if (apiToken) { + getDependencyUsageInOrgs('body-parser','1.9.0', userOrgs); + } } }); diff --git a/src/js/badge.js b/src/js/badge.js index b78bc74..537e6fc 100644 --- a/src/js/badge.js +++ b/src/js/badge.js @@ -1,8 +1,9 @@ /* eslint no-unused-vars:0 */ -function getBadge(testPath) { +function getBadge(testUrl) { return `Known Vulnerabilities`; } diff --git a/src/js/content/github.js b/src/js/content/github.js index 9a9aeaa..f15273b 100644 --- a/src/js/content/github.js +++ b/src/js/content/github.js @@ -5,16 +5,16 @@ if (parsedUrl && parsedUrl[1] && parsedUrl[2] && parsedUrl[3] === '') { const githubOwner = parsedUrl[1]; const githubRepo = parsedUrl[2]; const packageName = githubOwner + '/' + githubRepo; - const testPath = `https://snyk.io/test/github/${packageName}`; + const testPath = `/test/github/${packageName}`; chrome.runtime.sendMessage({ source: 'github', packageName, testPath, - }, () => { + }, (data) => { const $anchor = document.createElement('a'); - $anchor.setAttribute('href', `${testPath}`); - $anchor.innerHTML = getBadge(testPath); + $anchor.setAttribute('href', data.snykHostname+`${testPath}`); + $anchor.innerHTML = getBadge(data.snykHostname+testPath); document .querySelector('#readme article h1') diff --git a/src/js/content/npm.js b/src/js/content/npm.js index fb6b035..de80b17 100644 --- a/src/js/content/npm.js +++ b/src/js/content/npm.js @@ -2,18 +2,18 @@ function processNpmPackage() { const packageName = document.location.pathname.split('/')[2]; const packageVersion = document.location.pathname.split('/')[4] || 'latest'; - const testPath = `https://snyk.io/test/npm/${packageName}/${packageVersion}`; + const testPath = `/test/npm/${packageName}/${packageVersion}`; chrome.runtime.sendMessage({ source: 'npm', packageName, packageVersion, testPath, - }, () => { + }, (data) => { const $anchor = document.createElement('a'); const $headingElement = document.querySelector('#readme h1') || document.querySelector('#readme > *:first-child'); - $anchor.setAttribute('href', `${testPath}`); - $anchor.innerHTML = getBadge(testPath); + $anchor.setAttribute('href', data.snykHostname+`${testPath}`); + $anchor.innerHTML = getBadge(data.snykHostname+testPath); $headingElement .after($anchor); @@ -26,4 +26,13 @@ chrome.runtime.onMessage.addListener((data) => { if (data.message && data.message === 'npm-client-side-navigation') { processNpmPackage(); } + if (data.message && data.message === 'dep-usage-in-org') { + const $anchor = document.createElement('div'); + const $badgeElement = document.querySelector('#snyk-badge').parentNode; + $anchor.setAttribute('id', 'depSnykCountInOrg'); + $anchor.innerHTML = 'Used in ' + data.count + ' projects in your ' + data.orgName + ' organization'; + + $badgeElement + .after($anchor); + } }); diff --git a/src/js/content/yarn.js b/src/js/content/yarn.js index 1f6c52b..8403c61 100644 --- a/src/js/content/yarn.js +++ b/src/js/content/yarn.js @@ -1,13 +1,21 @@ const packageName = document.location.pathname.split('/package/')[1]; const $readme = document.getElementById('readme'); const $anchor = document.createElement('a'); -const testPath = `https://snyk.io/test/npm/${packageName}`; +const testPath = `/test/npm/${packageName}`; -$anchor.setAttribute('href', testPath); -$anchor.innerHTML = `
{ + $anchor.setAttribute('href', data.snykHostname + testPath); + $anchor.innerHTML = `
Known Vulnerabilities
`; -$readme.parentNode.insertBefore($anchor, $readme); + $readme.parentNode.insertBefore($anchor, $readme); +}); diff --git a/src/js/popup.js b/src/js/popup.js index 719c297..52360ea 100644 --- a/src/js/popup.js +++ b/src/js/popup.js @@ -1,14 +1,25 @@ // Copyright (c) 2018 Antoine Arlaud, Snyk Ltd. All rights reserved. +var snykurl = 'snyk.io'; +var token = ''; document.addEventListener('DOMContentLoaded', () => { - chrome.runtime.sendMessage({ source: 'getsnykurl' }, (response) => { - document.getElementById('url').value = response.url; + if (response && response.url && response.apiToken) { + snykurl = response.url; + token = response.apiToken? response.apiToken : ''; + } + document.getElementById('url').value = snykurl; + document.getElementById('token').value = token; }); document.getElementById('save').addEventListener('click', () => { var url = document.getElementById('url').value; - chrome.runtime.sendMessage({ source: 'snykurl', url }, (response) => { + var apiToken = document.getElementById('token').value; + chrome.runtime.sendMessage({ source: 'snykurl', url, apiToken }, (response) => { document.getElementById('status').textContent = response.status; + if (response.ok) { + snykurl = url; + token = apiToken; + } }); }); }); diff --git a/src/popup.html b/src/popup.html index a76c222..bafa02c 100644 --- a/src/popup.html +++ b/src/popup.html @@ -26,9 +26,11 @@

Snyk Extension

Snyk instance url
+
Snyk API Token
+
-
+