Merge pull request snyk#1176 from snyk/fix/prune-paths-count-accuracy

fix: prune depGraph paths accuracy

config.default.json

@@ -1,5 +1,6 @@
 {
   "API": "https://snyk.io/api/v1",
   "devDeps": false,
-  "PRUNE_DEPS_THRESHOLD": 40000
+  "PRUNE_DEPS_THRESHOLD": 40000,
+  "MAX_PATH_COUNT": 100000
 }

src/lib/config.ts

@@ -5,6 +5,7 @@ import * as url from 'url';
 const DEFAULT_TIMEOUT = 5 * 60; // in seconds
 interface Config {
   PRUNE_DEPS_THRESHOLD: number;
+  MAX_PATH_COUNT: number;
   API: string;
   api: string;
   disableSuggestions: string;

src/lib/monitor/index.ts

@@ -311,7 +311,7 @@ export async function monitorGraph(
     debug('Trying to prune the graph');
     prePruneDepCount = countPathsToGraphRoot(depGraph);
     debug('pre prunedPathsCount: ' + prePruneDepCount);
-    prunedGraph = await pruneGraph(depGraph, packageManager);
+    prunedGraph = await pruneGraph(depGraph, packageManager, meta.prune);
   }
 
   return new Promise((resolve, reject) => {

src/lib/prune.ts

@@ -4,6 +4,7 @@ import { DepGraph, legacy } from '@snyk/dep-graph';
 import { DepTree } from './types';
 import * as config from './config';
 import { TooManyVulnPaths } from './errors';
+import * as analytics from '../lib/analytics';
 import { SupportedPackageManagers } from './package-managers';
 
 const debug = _debug('snyk:prune');
@@ -19,26 +20,28 @@ export function countPathsToGraphRoot(graph: DepGraph): number {
 export async function pruneGraph(
   depGraph: DepGraph,
   packageManager: SupportedPackageManagers,
+  pruneIsRequired = false,
 ): Promise<DepGraph> {
-  try {
-    // Arbitrary threshold for maximum number of elements in the tree
-    const threshold = config.PRUNE_DEPS_THRESHOLD;
+  const prePrunePathsCount = countPathsToGraphRoot(depGraph);
+  const isDenseGraph = prePrunePathsCount > config.PRUNE_DEPS_THRESHOLD;
+
+  debug('rootPkg', depGraph.rootPkg);
+  debug('prePrunePathsCount: ' + prePrunePathsCount);
+  debug('isDenseGraph', isDenseGraph);
+  analytics.add('prePrunePathsCount', prePrunePathsCount);
+  if (isDenseGraph || pruneIsRequired) {
     const prunedTree = (await graphToDepTree(depGraph, packageManager, {
       deduplicateWithinTopLevelDeps: true,
     })) as DepTree;
-
     const prunedGraph = await depTreeToGraph(prunedTree, packageManager);
-    const count = countPathsToGraphRoot(prunedGraph);
-    debug('prunedPathsCount: ' + count);
-
-    if (count < threshold) {
-      return prunedGraph;
+    const postPrunePathsCount = countPathsToGraphRoot(prunedGraph);
+    analytics.add('postPrunePathsCount', postPrunePathsCount);
+    debug('postPrunePathsCount' + postPrunePathsCount);
+    if (postPrunePathsCount > config.MAX_PATH_COUNT) {
+      debug('Too many vulnerable paths to process the project');
+      throw new TooManyVulnPaths();
     }
-
-    debug('Too many vulnerable paths to process the project');
-    throw new TooManyVulnPaths();
-  } catch (e) {
-    debug('Failed to prune the graph, returning original: ' + e);
-    return depGraph;
+    return prunedGraph;
   }
+  return depGraph;
 }

src/lib/snyk-test/run-test.ts

@@ -447,13 +447,19 @@ async function assembleLocalPayloads(
         debug('done converting dep-tree to dep-graph', {
           uniquePkgsCount: depGraph.getPkgs().length,
         });
-        if (options['prune-repeated-subdependencies'] && packageManager) {
+
+        const pruneIsRequired = options['prune-repeated-subdependencies'];
+
+        if (pruneIsRequired && packageManager) {
           debug('Trying to prune the graph');
           const prePruneDepCount = countPathsToGraphRoot(depGraph);
           debug('pre prunedPathsCount: ' + prePruneDepCount);
 
-          depGraph = await pruneGraph(depGraph, packageManager);
-
+          depGraph = await pruneGraph(
+            depGraph,
+            packageManager,
+            pruneIsRequired,
+          );
           analytics.add('prePrunedPathsCount', prePruneDepCount);
           const postPruneDepCount = countPathsToGraphRoot(depGraph);
           debug('post prunedPathsCount: ' + postPruneDepCount);