@cyclonedx/cdxgen 10.1.2 → 10.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -0
- package/package.json +2 -2
- package/utils.js +34 -14
- package/utils.test.js +3 -3
package/README.md
CHANGED
|
@@ -296,6 +296,13 @@ curl "http://127.0.0.1:9090/sbom?path=/Volumes/Work/sandbox/vulnerable-aws-koa-a
|
|
|
296
296
|
curl "http://127.0.0.1:9090/sbom?url=https://github.com/HooliCorp/vulnerable-aws-koa-app.git&multiProject=true&type=js"
|
|
297
297
|
```
|
|
298
298
|
|
|
299
|
+
If you need to pass credentials to authenticate.
|
|
300
|
+
|
|
301
|
+
```shell
|
|
302
|
+
curl "http://127.0.0.1:9090/sbom?url=https://<access_token>@github.com/some/repo.git&multiProject=true&type=js"
|
|
303
|
+
curl "http://127.0.0.1:9090/sbom?url=https://<username>:<password>@bitbucket.org/some/repo.git&multiProject=true&type=js"
|
|
304
|
+
```
|
|
305
|
+
|
|
299
306
|
You can POST the arguments.
|
|
300
307
|
|
|
301
308
|
```bash
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "10.1.
|
|
3
|
+
"version": "10.1.3",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
|
@@ -84,7 +84,7 @@
|
|
|
84
84
|
"yargs": "^17.7.2"
|
|
85
85
|
},
|
|
86
86
|
"optionalDependencies": {
|
|
87
|
-
"@appthreat/atom": "2.0.
|
|
87
|
+
"@appthreat/atom": "2.0.8",
|
|
88
88
|
"@appthreat/cdx-proto": "^0.0.4",
|
|
89
89
|
"@cyclonedx/cdxgen-plugins-bin": "^1.5.8",
|
|
90
90
|
"@cyclonedx/cdxgen-plugins-bin-arm64": "^1.5.8",
|
package/utils.js
CHANGED
|
@@ -4495,36 +4495,56 @@ export const getCratesMetadata = async function (pkgList) {
|
|
|
4495
4495
|
* @param {Array} pkgList Package list
|
|
4496
4496
|
*/
|
|
4497
4497
|
export const getDartMetadata = async function (pkgList) {
|
|
4498
|
+
const RESPONSE_TYPE = "json";
|
|
4499
|
+
const HEADER_ACCEPT = "application/vnd.pub.v2+json";
|
|
4498
4500
|
const PUB_DEV_URL = process.env.PUB_DEV_URL || "https://pub.dev";
|
|
4499
4501
|
const PUB_PACKAGES_URL = PUB_DEV_URL + "/api/packages/";
|
|
4502
|
+
const PUB_LICENSE_REGEX = /^license:/i;
|
|
4500
4503
|
const cdepList = [];
|
|
4504
|
+
|
|
4501
4505
|
for (const p of pkgList) {
|
|
4502
4506
|
try {
|
|
4503
4507
|
if (DEBUG_MODE) {
|
|
4504
4508
|
console.log(`Querying ${PUB_DEV_URL} for ${p.name}`);
|
|
4505
4509
|
}
|
|
4506
4510
|
const res = await cdxgenAgent.get(PUB_PACKAGES_URL + p.name, {
|
|
4507
|
-
responseType:
|
|
4511
|
+
responseType: RESPONSE_TYPE,
|
|
4508
4512
|
headers: {
|
|
4509
|
-
Accept:
|
|
4513
|
+
Accept: HEADER_ACCEPT
|
|
4510
4514
|
}
|
|
4511
4515
|
});
|
|
4512
4516
|
if (res && res.body) {
|
|
4513
|
-
const
|
|
4514
|
-
|
|
4515
|
-
|
|
4516
|
-
|
|
4517
|
-
|
|
4518
|
-
|
|
4519
|
-
|
|
4517
|
+
const version = res.body.versions.find((v) => p.version === v.version);
|
|
4518
|
+
if (version) {
|
|
4519
|
+
const pubspec = version.pubspec;
|
|
4520
|
+
p.description = pubspec.description;
|
|
4521
|
+
if (pubspec.repository) {
|
|
4522
|
+
p.repository = { url: pubspec.repository };
|
|
4523
|
+
}
|
|
4524
|
+
if (pubspec.homepage) {
|
|
4525
|
+
p.homepage = { url: pubspec.homepage };
|
|
4526
|
+
}
|
|
4527
|
+
const res2 = await cdxgenAgent.get(
|
|
4528
|
+
PUB_PACKAGES_URL + p.name + "/score",
|
|
4529
|
+
{
|
|
4530
|
+
responseType: RESPONSE_TYPE,
|
|
4531
|
+
headers: {
|
|
4532
|
+
Accept: HEADER_ACCEPT
|
|
4533
|
+
}
|
|
4520
4534
|
}
|
|
4521
|
-
|
|
4522
|
-
|
|
4535
|
+
);
|
|
4536
|
+
if (res2 && res2.body) {
|
|
4537
|
+
const tags = res2.body.tags;
|
|
4538
|
+
const license = tags.find((tag) => PUB_LICENSE_REGEX.test(tag));
|
|
4539
|
+
if (license) {
|
|
4540
|
+
p.license = spdxLicenses.find(
|
|
4541
|
+
(spdxLicense) =>
|
|
4542
|
+
spdxLicense.toLowerCase() ===
|
|
4543
|
+
license.replace(PUB_LICENSE_REGEX, "").toLowerCase()
|
|
4544
|
+
);
|
|
4523
4545
|
}
|
|
4524
|
-
p.license = `${PUB_DEV_URL}/packages/${p.name}/license`;
|
|
4525
|
-
cdepList.push(p);
|
|
4526
|
-
break;
|
|
4527
4546
|
}
|
|
4547
|
+
cdepList.push(p);
|
|
4528
4548
|
}
|
|
4529
4549
|
}
|
|
4530
4550
|
} catch (err) {
|
package/utils.test.js
CHANGED
|
@@ -1020,17 +1020,17 @@ test("get dart metadata", async () => {
|
|
|
1020
1020
|
{
|
|
1021
1021
|
group: "",
|
|
1022
1022
|
name: "async",
|
|
1023
|
-
version: "2.
|
|
1023
|
+
version: "2.11.0"
|
|
1024
1024
|
}
|
|
1025
1025
|
]);
|
|
1026
1026
|
expect(dep_list.length).toEqual(1);
|
|
1027
1027
|
expect(dep_list[0]).toEqual({
|
|
1028
1028
|
group: "",
|
|
1029
1029
|
name: "async",
|
|
1030
|
-
version: "2.
|
|
1030
|
+
version: "2.11.0",
|
|
1031
1031
|
description:
|
|
1032
1032
|
"Utility functions and classes related to the 'dart:async' library.",
|
|
1033
|
-
license: "
|
|
1033
|
+
license: "BSD-3-Clause",
|
|
1034
1034
|
repository: {
|
|
1035
1035
|
url: "https://github.com/dart-lang/async"
|
|
1036
1036
|
}
|