@cyclonedx/cdxgen 10.10.6 → 10.11.0

package/bin/cdxgen.js

@@ -202,9 +202,14 @@ const args = yargs(hideBin(process.argv))
     default: "reachables.slices.json",
     hidden: true,
   })
+  .option("semantics-slices-file", {
+    description: "Path for the semantics slices file.",
+    default: "semantics.slices.json",
+    hidden: true,
+  })
   .option("spec-version", {
-    description: "CycloneDX Specification version to use. Defaults to 1.5",
-    default: 1.5,
+    description: "CycloneDX Specification version to use. Defaults to 1.6",
+    default: 1.6,
     type: "number",
   })
   .option("filter", {
@@ -380,7 +385,7 @@ if (options.includeFormulation) {
 /**
  * Method to apply advanced options such as profile and lifecycles
  *
- * @param {object} CLI options
+ * @param {object} options CLI options
  */
 const applyAdvancedOptions = (options) => {
   switch (options.profile) {
@@ -731,7 +736,7 @@ const checkPermissions = (filePath) => {
     printTable(bomNSData.bomJson);
     // CBOM related print
     if (options.includeCrypto) {
-      console.log("*** Cryptography BOM ***");
+      console.log("\n*** Cryptography BOM ***");
       printTable(bomNSData.bomJson, ["cryptographic-asset"]);
       printDependencyTree(bomNSData.bomJson, "provides");
     }

package/bin/evinse.js

@@ -63,12 +63,15 @@ const args = yargs(hideBin(process.argv))
       "js",
       "ts",
       "javascript",
+      "nodejs",
       "py",
       "python",
       "android",
       "c",
       "cpp",
       "php",
+      "swift",
+      "ios",
     ],
   })
   .option("db-path", {
@@ -120,6 +123,11 @@ const args = yargs(hideBin(process.argv))
     description: "Use an existing reachables slices file.",
     default: "reachables.slices.json",
   })
+  .option("semantics-slices-file", {
+    description: "Use an existing semantics slices file.",
+    default: "semantics.slices.json",
+    hidden: true,
+  })
   .option("print", {
     alias: "p",
     type: "boolean",
@@ -141,6 +149,7 @@ const args = yargs(hideBin(process.argv))
   .scriptName("evinse")
   .version()
   .help("h")
+  .alias("h", "help")
   .wrap(Math.min(120, yargs().terminalWidth())).argv;
 
 const evinseArt = `

package/lib/cli/index.js

@@ -19,8 +19,12 @@ import process from "node:process";
 import { URL } from "node:url";
 import got from "got";
 import { PackageURL } from "packageurl-js";
+import { gte, lte } from "semver";
 import { parse } from "ssri";
+import { table } from "table";
 import { v4 as uuidv4 } from "uuid";
+import { findJSImportsExports } from "../helpers/analyzer.js";
+import { collectOSCryptoLibs } from "../helpers/cbomutils.js";
 import {
   collectEnvInfo,
   getBranch,
@@ -144,19 +148,6 @@ import {
   recomputeScope,
   splitOutputByGradleProjects,
 } from "../helpers/utils.js";
-let url = import.meta.url;
-if (!url.startsWith("file://")) {
-  url = new URL(`file://${import.meta.url}`).toString();
-}
-const dirName = dirNameStr;
-
-const selfPJson = JSON.parse(
-  readFileSync(join(dirName, "package.json"), "utf-8"),
-);
-const _version = selfPJson.version;
-import { gte, lte } from "semver";
-import { findJSImportsExports } from "../helpers/analyzer.js";
-import { collectOSCryptoLibs } from "../helpers/cbomutils.js";
 import {
   executeOsQuery,
   getBinaryBom,
@@ -171,6 +162,17 @@ import {
   parseImageName,
 } from "../managers/docker.js";
 
+let url = import.meta.url;
+if (!url.startsWith("file://")) {
+  url = new URL(`file://${import.meta.url}`).toString();
+}
+const dirName = dirNameStr;
+
+const selfPJson = JSON.parse(
+  readFileSync(join(dirName, "package.json"), "utf-8"),
+);
+const _version = selfPJson.version;
+
 const isWin = _platform() === "win32";
 
 let osQueries = {};
@@ -195,8 +197,6 @@ const cosDbQueries = JSON.parse(
   readFileSync(join(dirName, "data", "cosdb-queries.json"), "utf-8"),
 );
 
-import { table } from "table";
-
 // Construct gradle cache directory
 let GRADLE_CACHE_DIR =
   process.env.GRADLE_CACHE_DIR ||
@@ -221,8 +221,9 @@ const HASH_PATTERN =
 /**
  * Creates a default parent component based on the directory name.
  *
- * @param {string} path Directory or file name
- * @param {string} type Package type
+ * @param {String} path Directory or file name
+ * @param {String} type Package type
+ * @param {Object} options CLI options
  * @returns component object
  */
 const createDefaultParentComponent = (
@@ -734,7 +735,7 @@ function addMetadata(parentComponent = {}, options = {}, context = {}) {
  */
 function addExternalReferences(opkg) {
   let externalReferences = [];
-  let pkgList = [];
+  let pkgList;
   if (Array.isArray(opkg)) {
     pkgList = opkg;
   } else {
@@ -843,11 +844,12 @@ function addComponent(
         pkg.qualifiers,
         encodeForPurl(pkg.subpath),
       );
+    let purlString = purl.toString();
     // There is no purl for cryptographic-asset
     if (ptype === "cryptographic-asset") {
       purl = undefined;
+      purlString = undefined;
     }
-    const purlString = purl.toString();
     const description = pkg.description || undefined;
     let compScope = pkg.scope;
     if (allImports) {
@@ -1025,8 +1027,7 @@ function processHashes(pkg, component) {
       addComponentHash(ahash.alg, ahash.content, component);
     }
   } else if (pkg._shasum) {
-    let ahash = { "@alg": "SHA-1", "#text": pkg._shasum };
-    ahash = { alg: "SHA-1", content: pkg._shasum };
+    const ahash = { alg: "SHA-1", content: pkg._shasum };
     component.hashes.push(ahash);
   } else if (pkg._integrity) {
     const integrity = parse(pkg._integrity) || {};
@@ -1054,7 +1055,7 @@ function processHashes(pkg, component) {
  * Adds a hash to component.
  */
 function addComponentHash(alg, digest, component) {
-  let hash = "";
+  let hash;
   // If it is a valid hash simply use it
   if (new RegExp(HASH_PATTERN).test(digest)) {
     hash = digest;
@@ -1135,7 +1136,7 @@ const buildBomNSData = (options, pkgInfo, ptype, context) => {
  */
 export async function createJarBom(path, options) {
   let pkgList = [];
-  let jarFiles = [];
+  let jarFiles;
   let nsMapping = {};
   const parentComponent = createDefaultParentComponent(path, "maven", options);
   if (options.useGradleCache) {
@@ -2267,14 +2268,21 @@ export async function createNodejsBom(path, options) {
     const pkgData = JSON.parse(readFileSync(`${path}/package.json`, "utf8"));
     const mgrData = pkgData.packageManager;
     let mgr = "";
+    let installArgs = ["install"];
     if (mgrData) {
       mgr = mgrData.split("@")[0];
     }
     if (supPkgMgrs.includes(mgr)) {
       pkgMgr = mgr;
     }
-    console.log(`Executing '${pkgMgr} install' in`, path);
-    const result = spawnSync(pkgMgr, ["install"], {
+    // Support for passing additional args to the install command
+    if (process.env[`${pkgMgr.toUpperCase()}_INSTALL_ARGS`]) {
+      const addArgs =
+        process.env[`${pkgMgr.toUpperCase()}_INSTALL_ARGS`].split(" ");
+      installArgs = installArgs.concat(addArgs);
+    }
+    console.log(`Executing '${pkgMgr} ${installArgs.join(" ")}' in`, path);
+    const result = spawnSync(pkgMgr, installArgs, {
       cwd: path,
       encoding: "utf-8",
       timeout: TIMEOUT_MS,
@@ -2661,8 +2669,7 @@ export function createPixiBom(path, options) {
   // Add parentComponent Details
   const pixiTomlMode = existsSync(pixiToml);
   if (pixiTomlMode) {
-    const tmpParentComponent = parsePixiTomlFile(pixiToml);
-    parentComponent = tmpParentComponent;
+    parentComponent = parsePixiTomlFile(pixiToml);
     parentComponent.type = "application";
     const ppurl = new PackageURL(
       "pixi",
@@ -3181,7 +3188,7 @@ export async function createGoBom(path, options) {
   const allImports = {};
   let parentComponent = createDefaultParentComponent(path, "golang", options);
   // Is this a binary file
-  let maybeBinary = false;
+  let maybeBinary;
   try {
     maybeBinary = statSync(path).isFile();
   } catch (err) {
@@ -3583,7 +3590,7 @@ export async function createRustBom(path, options) {
   let pkgList = [];
   let parentComponent = {};
   // Is this a binary file
-  let maybeBinary = false;
+  let maybeBinary;
   try {
     maybeBinary = statSync(path).isFile();
   } catch (err) {
@@ -4195,7 +4202,7 @@ export function createCloudBuildBom(path, options) {
 /**
  * Function to create obom string for the current OS using osquery
  *
- * @param {string} path to the project
+ * @param {string} _path to the project
  * @param {Object} options Parse options from the cli
  */
 export function createOSBom(_path, options) {
@@ -4803,9 +4810,9 @@ export function createPHPBom(path, options) {
     if (DEBUG_MODE) {
       console.log("Parsing version", versionResult.stdout);
     }
-    const tmpV = undefined;
+    let tmpV = undefined;
     if (versionResult?.stdout) {
-      versionResult.stdout.split(" ");
+      tmpV = versionResult.stdout.split(" ");
     }
     if (tmpV && tmpV.length > 1) {
       composerVersion = tmpV[1];
@@ -6427,7 +6434,7 @@ export async function createBom(path, options) {
     options.path = path;
     options.parentComponent = {};
     // Create parent component based on the inspect config
-    const inspectData = exportData.inspectData;
+    const inspectData = exportData?.inspectData;
     if (
       inspectData?.RepoDigests &&
       inspectData.RepoTags &&
@@ -6477,13 +6484,12 @@ export async function createBom(path, options) {
     }
     // Pass the entire export data about the image layers
     options.exportData = exportData;
-    options.lastWorkingDir = exportData.lastWorkingDir;
-    options.allLayersExplodedDir = exportData.allLayersExplodedDir;
-    const bomData = await createMultiXBom(
-      [...new Set(exportData.pkgPathList)],
+    options.lastWorkingDir = exportData?.lastWorkingDir;
+    options.allLayersExplodedDir = exportData?.allLayersExplodedDir;
+    return await createMultiXBom(
+      [...new Set(exportData?.pkgPathList)],
       options,
     );
-    return bomData;
   }
   if (path.endsWith(".war")) {
     projectType = ["java"];

package/lib/evinser/evinser.js

@@ -1,6 +1,6 @@
 import fs from "node:fs";
 import { tmpdir } from "node:os";
-import path from "node:path";
+import path, { resolve } from "node:path";
 import process from "node:process";
 import { PackageURL } from "packageurl-js";
 import { Op } from "sequelize";
@@ -8,6 +8,7 @@ import { findCryptoAlgos } from "../helpers/cbomutils.js";
 import * as db from "../helpers/db.js";
 import {
   DEBUG_MODE,
+  PROJECT_TYPE_ALIASES,
   collectGradleDependencies,
   collectMvnDependencies,
   executeAtom,
@@ -16,13 +17,15 @@ import {
   getMavenCommand,
   getTimestamp,
 } from "../helpers/utils.js";
+import { createSemanticsSlices } from "./swiftsem.js";
+
 const DB_NAME = "evinser.db";
 const typePurlsCache = {};
 
 /**
  * Function to create the db for the libraries referred in the sbom.
  *
- * @param {Object} Command line options
+ * @param {Object} options Command line options
  */
 export const prepareDB = async (options) => {
   if (!options.dbPath.includes("memory") && !fs.existsSync(options.dbPath)) {
@@ -210,11 +213,6 @@ export const createSlice = (
   if (!filePath) {
     return;
   }
-  console.log(
-    `Creating ${sliceType} slice for ${path.resolve(
-      filePath,
-    )}. Please wait ...`,
-  );
   const firstLanguage = Array.isArray(purlOrLanguages)
     ? purlOrLanguages[0]
     : purlOrLanguages;
@@ -224,6 +222,13 @@ export const createSlice = (
   if (!language) {
     return undefined;
   }
+  if (
+    PROJECT_TYPE_ALIASES.swift.includes(language) &&
+    sliceType !== "semantics"
+  ) {
+    return;
+  }
+
   let sliceOutputDir = fs.mkdtempSync(
     path.join(tmpdir(), `atom-${sliceType}-`),
   );
@@ -234,8 +239,21 @@ export const createSlice = (
         ? path.basename(options.output)
         : path.dirname(options.output);
   }
-  const atomFile = path.join(sliceOutputDir, "app.atom");
   const slicesFile = path.join(sliceOutputDir, `${sliceType}.slices.json`);
+  if (sliceType === "semantics") {
+    const slicesData = createSemanticsSlices(resolve(filePath), options);
+    // Write the semantics slices data
+    if (slicesData) {
+      fs.writeFileSync(slicesFile, JSON.stringify(slicesData, null, null));
+    }
+    return { tempDir: sliceOutputDir, slicesFile };
+  }
+  console.log(
+    `Creating ${sliceType} slice for ${path.resolve(
+      filePath,
+    )}. Please wait ...`,
+  );
+  const atomFile = path.join(sliceOutputDir, "app.atom");
   let args = [sliceType];
   // Support for crypto slices aka CBOM
   if (sliceType === "reachables" && options.includeCrypto) {
@@ -331,7 +349,7 @@ export const initFromSbom = (components, language) => {
  * Function to analyze the project
  *
  * @param {Object} dbObjMap DB and model instances
- * @param {Object} Command line options
+ * @param {Object} options Command line options
  */
 export const analyzeProject = async (dbObjMap, options) => {
   const dirPath = options._[0] || ".";
@@ -340,9 +358,11 @@ export const analyzeProject = async (dbObjMap, options) => {
   let usageSlice = undefined;
   let dataFlowSlice = undefined;
   let reachablesSlice = undefined;
+  let semanticsSlice = undefined;
   let usagesSlicesFile = undefined;
   let dataFlowSlicesFile = undefined;
   let reachablesSlicesFile = undefined;
+  let semanticsSlicesFile = undefined;
   let dataFlowFrames = {};
   let servicesMap = {};
   let retMap = {};
@@ -394,6 +414,29 @@ export const analyzeProject = async (dbObjMap, options) => {
       usagesSlicesFile = retMap.slicesFile;
     }
   }
+  // Support for semantics slicing
+  if (PROJECT_TYPE_ALIASES.swift.includes(language) && components.length) {
+    // Reuse existing semantics slices
+    if (
+      options.semanticsSlicesFile &&
+      fs.existsSync(options.semanticsSlicesFile)
+    ) {
+      semanticsSlice = JSON.parse(
+        fs.readFileSync(options.semanticsSlicesFile, "utf-8"),
+      );
+      semanticsSlicesFile = options.semanticsSlicesFile;
+    } else {
+      // Generate our own slices
+      retMap = createSlice(language, dirPath, "semantics", options);
+      if (retMap?.slicesFile && fs.existsSync(retMap.slicesFile)) {
+        semanticsSlice = JSON.parse(
+          fs.readFileSync(retMap.slicesFile, "utf-8"),
+        );
+        semanticsSlicesFile = retMap.slicesFile;
+      }
+    }
+  }
+  // Parse usage slices
   if (usageSlice && Object.keys(usageSlice).length) {
     const retMap = await parseObjectSlices(
       language,
@@ -407,6 +450,16 @@ export const analyzeProject = async (dbObjMap, options) => {
     servicesMap = retMap.servicesMap;
     userDefinedTypesMap = retMap.userDefinedTypesMap;
   }
+  // Parse the semantics slices
+  if (
+    semanticsSlice &&
+    Object.keys(semanticsSlice).length &&
+    components.length
+  ) {
+    // Identify the purl locations
+    const retMap = parseSemanticSlices(components, semanticsSlice);
+    purlLocationMap = retMap.purlLocationMap;
+  }
   if (options.withDataFlow) {
     if (
       options.dataFlowSlicesFile &&
@@ -435,14 +488,15 @@ export const analyzeProject = async (dbObjMap, options) => {
     );
   }
   return {
-    atomFile: retMap.atomFile,
+    atomFile: retMap?.atomFile,
     usagesSlicesFile,
     dataFlowSlicesFile,
     reachablesSlicesFile,
+    semanticsSlicesFile,
     purlLocationMap,
     servicesMap,
     dataFlowFrames,
-    tempDir: retMap.tempDir,
+    tempDir: retMap?.tempDir,
     userDefinedTypesMap,
     cryptoComponents,
     cryptoGeneratePurls,
@@ -501,7 +555,7 @@ export const parseObjectSlices = async (
  *
  * @param {string} language Application language
  * @param {Object} userDefinedTypesMap User Defined types in the application
- * @param {Array} usages Usages array for each objectSlice
+ * @param {Array} slice Usages array for each objectSlice
  * @param {Object} dbObjMap DB Models
  * @param {Object} purlLocationMap Object to track locations where purls are used
  * @param {Object} purlImportsMap Object to track package urls and their import aliases
@@ -711,6 +765,127 @@ export const parseSliceUsages = async (
   }
 };
 
+/**
+ * Method to parse semantic slice data
+ *
+ * @param {Array} components Components from the input SBOM
+ * @param {Object} semanticsSlice Semantic slice data
+ * @returns {Object} Parsed metadata
+ */
+export function parseSemanticSlices(components, semanticsSlice) {
+  const metadata = {};
+  // We have two attributes in the semantics slice to expand a given module to its constituent symbols
+  // - A less precise buildSymbols, which is obtained by parsing the various output-file-map.json files
+  // - A granular and precise moduleInfos, which has the exact classes, protocols, enums etc belonging to each module
+  // The objective then is to build the purlLocationMap, which is the list of locations where a given purl is used
+  // For this, we have two attributes:
+  // - A simpler fileStructures attribute that has the mapping between a swift file and the list of referenced types
+  // - A granular fileIndexes attribute that contains information about the clang modules and line number information
+
+  // We first need to map out the component names to their purls
+  // This is because the semantics slice use the module names everywhere
+  const componentNamePurlMap = {};
+  const componentSymbolsMap = {};
+  const allObfuscationsMap = {};
+  for (const comp of components) {
+    componentNamePurlMap[comp.name] = comp.purl;
+    if (!componentSymbolsMap[comp.name]) {
+      componentSymbolsMap[comp.name] = new Set();
+    }
+    if (semanticsSlice?.buildSymbols[comp.name]) {
+      for (const asym of semanticsSlice.buildSymbols[comp.name]) {
+        componentSymbolsMap[comp.name].add(asym);
+      }
+    }
+    const moduleInfo = semanticsSlice?.moduleInfos[comp.name] || {};
+    if (moduleInfo.classes) {
+      for (const asym of moduleInfo.classes) {
+        componentSymbolsMap[comp.name].add(asym);
+      }
+    }
+    if (moduleInfo.protocols) {
+      for (const asym of moduleInfo.protocols) {
+        componentSymbolsMap[comp.name].add(asym);
+      }
+    }
+    if (moduleInfo.enums) {
+      for (const asym of moduleInfo.enums) {
+        componentSymbolsMap[comp.name].add(asym);
+      }
+    }
+    // Now collect the method signatures from class and protocol methods
+    if (moduleInfo.classMethods) {
+      for (const aclassName of Object.keys(moduleInfo.classMethods)) {
+        for (const asym of moduleInfo.classMethods[aclassName]) {
+          componentSymbolsMap[comp.name].add(asym);
+        }
+      }
+    }
+    if (moduleInfo.protocolMethods) {
+      for (const aclassName of Object.keys(moduleInfo.protocolMethods)) {
+        for (const asym of moduleInfo.protocolMethods[aclassName]) {
+          componentSymbolsMap[comp.name].add(asym);
+        }
+      }
+    }
+    // Build a large obfuscation map
+    if (moduleInfo.obfuscationMap) {
+      for (const asym of Object.keys(moduleInfo.obfuscationMap)) {
+        allObfuscationsMap[asym] = moduleInfo.obfuscationMap[asym];
+      }
+    }
+  }
+  const purlLocationsSet = {};
+  // We now have a good set of data in componentSymbolsMap and allObfuscationsMap
+  // We can iterate these symbols and check if they exist under fileIndexes.symbolLocations
+  for (const compName of Object.keys(componentSymbolsMap)) {
+    const compSymbols = Array.from(componentSymbolsMap[compName]);
+    const searchHits = searchSymbolLocations(
+      compSymbols,
+      semanticsSlice?.fileIndexes,
+    );
+    // We have an occurrence hit. Let's populate the purlLocationMap
+    if (searchHits?.length) {
+      const locations =
+        purlLocationsSet[componentNamePurlMap[compName]] || new Set();
+      for (const ahit of searchHits) {
+        for (const aline of ahit.lineNumbers) {
+          locations.add(`${ahit.file}#${aline}`);
+        }
+      }
+      purlLocationsSet[componentNamePurlMap[compName]] = locations;
+    }
+  }
+  const purlLocationMap = {};
+  for (const apurl of Object.keys(purlLocationsSet)) {
+    purlLocationMap[apurl] = Array.from(purlLocationsSet[apurl]).sort();
+  }
+  return { purlLocationMap };
+}
+
+function searchSymbolLocations(compSymbols, fileIndexes) {
+  const searchHits = [];
+  if (!fileIndexes) {
+    return undefined;
+  }
+  for (const aswiftFile of Object.keys(fileIndexes)) {
+    if (!fileIndexes[aswiftFile].symbolLocations) {
+      continue;
+    }
+    for (const asym of Object.keys(fileIndexes[aswiftFile].symbolLocations)) {
+      const lineNumbers = fileIndexes[aswiftFile].symbolLocations[asym];
+      if (compSymbols.includes(asym)) {
+        searchHits.push({
+          file: aswiftFile,
+          symbol: asym,
+          lineNumbers,
+        });
+      }
+    }
+  }
+  return searchHits;
+}
+
 export const isFilterableType = (
   language,
   userDefinedTypesMap,
@@ -786,7 +961,7 @@ export const isFilterableType = (
  * Method to detect services from annotation objects in the usage slice
  *
  * @param {string} language Application language
- * @param {Array} usages Usages array for each objectSlice
+ * @param {Array} slice Usages array for each objectSlice
  * @param {Object} servicesMap Existing service map
  */
 export const detectServicesFromUsages = (language, slice, servicesMap = {}) => {
@@ -1124,7 +1299,7 @@ export const createEvinseFile = (sliceArtefacts, options) => {
     console.log(evinseOutFile, "created successfully.");
   } else {
     console.log(
-      "Unable to identify component evidence for the input SBOM. Only java, javascript, python, and php projects are supported by evinse.",
+      "Unable to identify component evidence for the input SBOM. Only java, javascript, python, swift, and php projects are supported by evinse.",
     );
   }
   if (tempDir?.startsWith(tmpdir())) {
@@ -1141,7 +1316,7 @@ export const createEvinseFile = (sliceArtefacts, options) => {
  * @param {Object} userDefinedTypesMap User Defined types in the application
  * @param {Object} dataFlowSlice Data flow slice object from atom
  * @param {Object} dbObjMap DB models
- * @param {Object} purlLocationMap Object to track locations where purls are used
+ * @param {Object} _purlLocationMap Object to track locations where purls are used
  * @param {Object} purlImportsMap Object to track package urls and their import aliases
  */
 export const collectDataFlowFrames = async (
@@ -1265,7 +1440,7 @@ export const collectDataFlowFrames = async (
  *
  * Implemented based on the logic proposed here - https://github.com/AppThreat/atom/blob/main/specification/docs/slices.md#data-flow-slice
  *
- * @param {string} language Application language
+ * @param {string} _language Application language
  * @param {Object} reachablesSlice Reachables slice object from atom
  */
 export const collectReachableFrames = (_language, reachablesSlice) => {

package/lib/evinser/evinser.test.js

@@ -4,6 +4,7 @@ import {
   constructServiceName,
   detectServicesFromUsages,
   extractEndpoints,
+  parseSemanticSlices,
 } from "./evinser.js";
 
 import { readFileSync } from "node:fs";
@@ -91,3 +92,18 @@ test("extract endpoints test", () => {
     ),
   ).toEqual(["/{accountName}"]);
 });
+
+test("parseSemanticSlices", () => {
+  const semanticsSlice = JSON.parse(
+    readFileSync("./test/data/swiftsem/semantics.slices.json", {
+      encoding: "utf-8",
+    }),
+  );
+  const bomJson = JSON.parse(
+    readFileSync("./test/data/swiftsem/bom-hakit.json", {
+      encoding: "utf-8",
+    }),
+  );
+  const retMap = parseSemanticSlices(bomJson.components, semanticsSlice);
+  expect(retMap).toBeDefined();
+});