@cyclonedx/cdxgen 10.0.1 → 10.0.2

package/bin/repl.js

@@ -468,6 +468,7 @@ cdxgenRepl.defineCommand("osinfocategories", {
   "docker_volumes",
   "etc_hosts",
   "firefox_addons",
+  "vscode_extensions",
   "homebrew_packages",
   "installed_applications",
   "interface_addresses",
@@ -494,7 +495,6 @@ cdxgenRepl.defineCommand("osinfocategories", {
   "windows_shared_resources",
   "yum_sources",
   "appcompat_shims",
-  "atom_packages",
   "browser_plugins",
   "certificates",
   "chocolatey_packages",

package/binary.js

@@ -40,10 +40,17 @@ switch (arch) {
     arch = "amd64";
     if (platform === "windows") {
       pluginsBinSuffix = "-windows-amd64";
+    } else if (platform === "darwin") {
+      pluginsBinSuffix = "-darwin-amd64";
     }
     break;
   case "arm64":
     pluginsBinSuffix = "-arm64";
+    if (platform === "windows") {
+      pluginsBinSuffix = "-windows-arm64";
+    } else if (platform === "darwin") {
+      pluginsBinSuffix = "-darwin-arm64";
+    }
     break;
   case "ppc64":
     arch = "ppc64le";
@@ -169,18 +176,23 @@ if (existsSync(join(CDXGEN_PLUGINS_DIR, "osquery"))) {
     "osquery",
     "osqueryi-" + platform + "-" + arch + extn
   );
+  // osqueryi-darwin-amd64.app/Contents/MacOS/osqueryd
+  if (platform === "darwin") {
+    OSQUERY_BIN = `${OSQUERY_BIN}.app/Contents/MacOS/osqueryd`;
+  }
 } else if (process.env.OSQUERY_CMD) {
   OSQUERY_BIN = process.env.OSQUERY_CMD;
 }
 let DOSAI_BIN = null;
 if (existsSync(join(CDXGEN_PLUGINS_DIR, "dosai"))) {
+  let platformToUse = platform;
   if (platform === "darwin") {
-    platform = "osx";
+    platformToUse = "osx";
   }
   DOSAI_BIN = join(
     CDXGEN_PLUGINS_DIR,
     "dosai",
-    "dosai-" + platform + "-" + arch + extn
+    "dosai-" + platformToUse + "-" + arch + extn
   );
 } else if (process.env.DOSAI_CMD) {
   DOSAI_BIN = process.env.DOSAI_CMD;
@@ -679,6 +691,13 @@ export const executeOsQuery = (query) => {
       query = query + ";";
     }
     const args = ["--json", query];
+    // On darwin, we need to disable the safety check and run cdxgen with sudo
+    // https://github.com/osquery/osquery/issues/1382
+    if (platform === "darwin") {
+      args.push("--allow_unsafe");
+      args.push("--disable_logging");
+      args.push("--disable_events");
+    }
     if (DEBUG_MODE) {
       console.log("Executing", OSQUERY_BIN, args.join(" "));
     }

package/data/README.md

@@ -15,6 +15,7 @@ Contents of data directory and their purpose.
 | python-stdlib.json    | Standard libraries that can be filtered out in python                     |
 | queries-win.json      | osquery used to generate obom for windows                                 |
 | queries.json          | osquery used to generate obom for linux                                   |
+| queries-darwin.json   | osquery used to generate obom for darwin                                  |
 | spdx-licenses.json    | valid spdx id                                                             |
 | spdx.schema.json      | jsonschema for validation                                                 |
 | vendor-alias.json     | List to correct the group names. Used while parsing .jar files            |

package/data/queries-darwin.json

@@ -0,0 +1,122 @@
+{
+  "os_version": {
+    "query": "select * from os_version;",
+    "description": "Retrieves the current version of the running osquery in the target system and where the configuration was loaded from.",
+    "purlType": "swid",
+    "componentType": "operating-system"
+  },
+  "safari_extensions": {
+    "query": "select safari_extensions.* from users join safari_extensions using (uid);",
+    "description": "Safari browser extension details for all users. This table requires Full Disk Access (FDA) permission.",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "chrome_extensions": {
+    "query": "select chrome_extensions.* from users join chrome_extensions using (uid);",
+    "description": "Retrieves the list of extensions for Chrome in the target system.",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "firefox_addons": {
+    "query": "select firefox_addons.* from users join firefox_addons using (uid);",
+    "description": "Retrieves the list of addons for Firefox in the target system.",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "vscode_extensions": {
+    "query": "select vscode_extensions.* from users join vscode_extensions using (uid);",
+    "description": "Lists all vscode extensions.",
+    "purlType": "vsix",
+    "componentType": "application"
+  },
+  "apps": {
+    "query": "select * from apps;",
+    "description": "macOS applications installed in known search paths (e.g., /Applications).",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "system_extensions": {
+    "query": "select * from system_extensions;",
+    "description": "macOS (>= 10.15) system extension table.",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "certificates": {
+    "query": "SELECT * FROM certificates WHERE path != 'Other People';",
+    "description": "List all certificates in the trust store.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "package_bom": {
+    "query": "SELECT * FROM package_bom;",
+    "description": "macOS package bill of materials (BOM) file list.",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "package_install_history": {
+    "query": "SELECT * FROM package_install_history;",
+    "description": "macOS package install history.",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "package_receipts": {
+    "query": "SELECT * FROM package_receipts;",
+    "description": "macOS package receipt details.",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "running_apps": {
+    "query": "SELECT * FROM running_apps;",
+    "description": "macOS applications currently running on the host system.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "sandboxes": {
+    "query": "SELECT * FROM sandboxes;",
+    "description": "macOS application sandboxes container details.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "startup_items": {
+    "query": "SELECT * FROM startup_items;",
+    "description": "List all startup_items.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "listening_ports": {
+    "query": "SELECT DISTINCT process.name, listening.port, listening.protocol, listening.family, listening.address, process.pid, process.path, process.on_disk, process.parent, process.start_time FROM processes AS process JOIN listening_ports AS listening ON process.pid = listening.pid;",
+    "description": "List all processes and their listening_ports.",
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "interface_addresses": {
+    "query": "SELECT * FROM interface_addresses;",
+    "description": "List all interface_addresses.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "docker_container_ports": {
+    "query": "SELECT * FROM docker_container_ports;",
+    "description": "List all docker_container_ports.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "docker_containers": {
+    "query": "SELECT * FROM docker_containers;",
+    "description": "List all docker_containers.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "docker_networks": {
+    "query": "SELECT * FROM docker_networks;",
+    "description": "List all docker_networks.",
+    "purlType": "swid",
+    "componentType": "data"
+  },
+  "docker_volumes": {
+    "query": "SELECT * FROM docker_volumes;",
+    "description": "List all docker_volumes.",
+    "purlType": "swid",
+    "componentType": "data"
+  }
+}

package/data/queries-win.json

@@ -15,12 +15,20 @@
   "chrome_extensions": {
     "query": "select chrome_extensions.* from users join chrome_extensions using (uid);",
     "description": "Retrieves the list of extensions for Chrome in the target system.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "application"
   },
   "firefox_addons": {
     "query": "select firefox_addons.* from users join firefox_addons using (uid);",
     "description": "Retrieves the list of addons for Firefox in the target system.",
-    "purlType": "swid"
+    "purlType": "swid",
+    "componentType": "application"
+  },
+  "vscode_extensions": {
+    "query": "select vscode_extensions.* from users join vscode_extensions using (uid);",
+    "description": "Lists all vscode extensions.",
+    "purlType": "vsix",
+    "componentType": "application"
   },
   "browser_plugins": {
     "query": "select browser_plugins.* from users join browser_plugins using (uid);",
@@ -144,11 +152,6 @@
     "description": "List all npm_packages.",
     "purlType": "npm"
   },
-  "atom_packages": {
-    "query": "SELECT * FROM atom_packages;",
-    "description": "List all atom_packages.",
-    "purlType": "atom"
-  },
   "startup_items": {
     "query": "SELECT * FROM startup_items;",
     "description": "List all startup_items.",

package/data/queries.json

@@ -24,6 +24,12 @@
     "purlType": "swid",
     "componentType": "application"
   },
+  "vscode_extensions": {
+    "query": "select vscode_extensions.* from users join vscode_extensions using (uid);",
+    "description": "Lists all vscode extensions.",
+    "purlType": "vsix",
+    "componentType": "application"
+  },
   "deb_packages": {
     "query": "select * from deb_packages;",
     "description": "Retrieves all the installed DEB packages in the target Linux system.",
@@ -54,78 +60,18 @@
     "description": "Python packages installed on system.",
     "purlType": "pypi"
   },
-  "windows_programs": {
-    "query": "select * from programs;",
-    "description": "Retrieves the list of products as they are installed by Windows Installer in the target Windows system.",
-    "purlType": "swid",
-    "componentType": "application"
-  },
-  "windows_patches": {
-    "query": "select * from patches;",
-    "description": "Retrieves all the information for the current windows drivers in the target Windows system.",
-    "purlType": "swid",
-    "componentType": "application"
-  },
-  "windows_drivers": {
-    "query": "select * from drivers;",
-    "description": "Retrieves all the information for the current windows drivers in the target Windows system.",
-    "purlType": "swid",
-    "componentType": "device-driver"
-  },
-  "windows_shared_resources": {
-    "query": "select * from shared_resources;",
-    "description": "Retrieves the list of shared resources in the target Windows system.",
-    "purlType": "swid",
-    "componentType": "data"
-  },
   "system_info_snapshot": {
     "query": "SELECT * FROM system_info;",
     "description": "System info snapshot query.",
     "purlType": "swid",
     "componentType": "data"
   },
-  "pipes_snapshot": {
-    "query": "SELECT processes.path, processes.cmdline, processes.uid, processes.on_disk, pipes.name, pid FROM pipes JOIN processes USING (pid);",
-    "description": "Pipes snapshot query.",
-    "purlType": "swid",
-    "componentType": "data"
-  },
-  "services_snapshot": {
-    "query": "SELECT * FROM services;",
-    "description": "Services snapshot query.",
-    "purlType": "swid",
-    "componentType": "data"
-  },
   "etc_hosts": {
     "query": "SELECT * FROM etc_hosts;",
     "description": "List the contents of the Windows hosts file.",
     "purlType": "swid",
     "componentType": "data"
   },
-  "scheduled_tasks": {
-    "query": "SELECT * FROM scheduled_tasks;",
-    "description": "List all scheduled_tasks.",
-    "purlType": "swid",
-    "componentType": "data"
-  },
-  "homebrew_packages": {
-    "query": "SELECT * FROM homebrew_packages;",
-    "description": "List all homebrew_packages.",
-    "purlType": "swid",
-    "componentType": "data"
-  },
-  "installed_applications": {
-    "query": "SELECT * FROM apps;",
-    "description": "List all macos apps.",
-    "purlType": "swid",
-    "componentType": "data"
-  },
-  "kernel_integrity": {
-    "query": "SELECT * FROM kernel_integrity;",
-    "description": "Various Linux kernel integrity checked attributes.",
-    "purlType": "swid",
-    "componentType": "data"
-  },
   "crontab_snapshot": {
     "query": "SELECT * FROM crontab;",
     "description": "Retrieves all the jobs scheduled in crontab in the target system.",

package/index.js

@@ -152,11 +152,24 @@ import { collectOSCryptoLibs } from "./cbomutils.js";
 
 const isWin = _platform() === "win32";
 
-const osQueries = !isWin
-  ? JSON.parse(readFileSync(join(dirName, "data", "queries.json"), "utf-8"))
-  : JSON.parse(
+let osQueries = {};
+switch (_platform()) {
+  case "win32":
+    osQueries = JSON.parse(
       readFileSync(join(dirName, "data", "queries-win.json"), "utf-8")
     );
+    break;
+  case "darwin":
+    osQueries = JSON.parse(
+      readFileSync(join(dirName, "data", "queries-darwin.json"), "utf-8")
+    );
+    break;
+  default:
+    osQueries = JSON.parse(
+      readFileSync(join(dirName, "data", "queries.json"), "utf-8")
+    );
+    break;
+}
 const cosDbQueries = JSON.parse(
   readFileSync(join(dirName, "data", "cosdb-queries.json"), "utf-8")
 );

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "10.0.1",
+  "version": "10.0.2",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",
@@ -84,10 +84,13 @@
   "optionalDependencies": {
     "@appthreat/atom": "2.0.6",
     "@appthreat/cdx-proto": "^0.0.4",
-    "@cyclonedx/cdxgen-plugins-bin": "^1.5.4",
-    "@cyclonedx/cdxgen-plugins-bin-windows-amd64": "^1.5.4",
-    "@cyclonedx/cdxgen-plugins-bin-arm64": "^1.5.4",
-    "@cyclonedx/cdxgen-plugins-bin-ppc64": "^1.5.4",
+    "@cyclonedx/cdxgen-plugins-bin": "^1.5.8",
+    "@cyclonedx/cdxgen-plugins-bin-windows-amd64": "^1.5.8",
+    "@cyclonedx/cdxgen-plugins-bin-arm64": "^1.5.8",
+    "@cyclonedx/cdxgen-plugins-bin-windows-arm64": "^1.5.8",
+    "@cyclonedx/cdxgen-plugins-bin-darwin-arm64": "^1.5.8",
+    "@cyclonedx/cdxgen-plugins-bin-darwin-amd64": "^1.5.8",
+    "@cyclonedx/cdxgen-plugins-bin-ppc64": "^1.5.8",
     "body-parser": "^1.20.2",
     "compression": "^1.7.4",
     "connect": "^3.7.0",

package/utils.test.js

@@ -1833,8 +1833,8 @@ test("parsePkgLock v3", async () => {
     projectName: "cdxgen"
   });
   deps = parsedList.pkgList;
-  expect(deps.length).toEqual(1200);
-  expect(parsedList.dependenciesList.length).toEqual(1200);
+  expect(deps.length).toEqual(1203);
+  expect(parsedList.dependenciesList.length).toEqual(1203);
 });
 
 test("parseBowerJson", async () => {