@cyclonedx/cdxgen 10.3.5 → 10.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -4
- package/analyzer.js +18 -18
- package/bin/cdxgen.js +78 -77
- package/bin/evinse.js +26 -26
- package/bin/repl.js +56 -62
- package/bin/verify.js +9 -9
- package/binary.js +55 -54
- package/cbomutils.js +6 -6
- package/db.js +17 -17
- package/display.js +30 -30
- package/display.test.js +2 -2
- package/docker.js +92 -89
- package/docker.test.js +30 -30
- package/envcontext.js +15 -15
- package/envcontext.test.js +1 -1
- package/evinser.js +94 -93
- package/evinser.test.js +24 -24
- package/index.js +522 -482
- package/package.json +8 -16
- package/piptree.js +6 -6
- package/postgen.js +2 -2
- package/postgen.test.js +5 -5
- package/protobom.js +37 -7
- package/protobom.test.js +6 -6
- package/server.js +16 -16
- package/types/analyzer.d.ts +7 -4
- package/types/binary.d.ts +12 -8
- package/types/cbomutils.d.ts +1 -1
- package/types/db.d.ts +23 -11
- package/types/display.d.ts +1 -1
- package/types/docker.d.ts +52 -32
- package/types/envcontext.d.ts +40 -40
- package/types/evinser.d.ts +3436 -717
- package/types/index.d.ts +66 -40
- package/types/jest.config.d.ts +2 -2
- package/types/piptree.d.ts +6 -2
- package/types/postgen.d.ts +1 -1
- package/types/protobom.d.ts +7 -3
- package/types/protobom.d.ts.map +1 -1
- package/types/server.d.ts +1 -1
- package/types/utils.d.ts +496 -302
- package/types/validator.d.ts +1 -1
- package/utils.js +742 -675
- package/utils.test.js +716 -674
- package/validator.js +20 -17
package/validator.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import Ajv from "ajv";
|
|
2
|
-
import addFormats from "ajv-formats";
|
|
3
1
|
import { readFileSync } from "node:fs";
|
|
4
2
|
import { dirname, join } from "node:path";
|
|
3
|
+
import Ajv from "ajv";
|
|
4
|
+
import addFormats from "ajv-formats";
|
|
5
5
|
import { PackageURL } from "packageurl-js";
|
|
6
6
|
import { DEBUG_MODE } from "./utils.js";
|
|
7
7
|
|
|
@@ -24,14 +24,14 @@ export const validateBom = (bomJson) => {
|
|
|
24
24
|
const schema = JSON.parse(
|
|
25
25
|
readFileSync(
|
|
26
26
|
join(dirName, "data", `bom-${bomJson.specVersion}.schema.json`),
|
|
27
|
-
"utf-8"
|
|
28
|
-
)
|
|
27
|
+
"utf-8",
|
|
28
|
+
),
|
|
29
29
|
);
|
|
30
30
|
const defsSchema = JSON.parse(
|
|
31
|
-
readFileSync(join(dirName, "data", "jsf-0.82.schema.json"), "utf-8")
|
|
31
|
+
readFileSync(join(dirName, "data", "jsf-0.82.schema.json"), "utf-8"),
|
|
32
32
|
);
|
|
33
33
|
const spdxSchema = JSON.parse(
|
|
34
|
-
readFileSync(join(dirName, "data", "spdx.schema.json"), "utf-8")
|
|
34
|
+
readFileSync(join(dirName, "data", "spdx.schema.json"), "utf-8"),
|
|
35
35
|
);
|
|
36
36
|
const ajv = new Ajv({
|
|
37
37
|
schemas: [schema, defsSchema, spdxSchema],
|
|
@@ -41,15 +41,18 @@ export const validateBom = (bomJson) => {
|
|
|
41
41
|
code: {
|
|
42
42
|
source: true,
|
|
43
43
|
lines: true,
|
|
44
|
-
optimize: true
|
|
45
|
-
}
|
|
44
|
+
optimize: true,
|
|
45
|
+
},
|
|
46
46
|
});
|
|
47
47
|
addFormats(ajv);
|
|
48
48
|
const validate = ajv.getSchema(
|
|
49
|
-
`http://cyclonedx.org/schema/bom-${bomJson.specVersion}.schema.json
|
|
49
|
+
`http://cyclonedx.org/schema/bom-${bomJson.specVersion}.schema.json`,
|
|
50
50
|
);
|
|
51
51
|
const isValid = validate(bomJson);
|
|
52
52
|
if (!isValid) {
|
|
53
|
+
console.log(
|
|
54
|
+
`Schema validation failed for ${bomJson.metadata.component.name}`,
|
|
55
|
+
);
|
|
53
56
|
console.log(validate.errors);
|
|
54
57
|
return false;
|
|
55
58
|
}
|
|
@@ -94,11 +97,11 @@ export const validateMetadata = (bomJson) => {
|
|
|
94
97
|
for (const comp of bomJson.metadata.component.components) {
|
|
95
98
|
if (comp["bom-ref"] === bomJson.metadata.component["bom-ref"]) {
|
|
96
99
|
warningsList.push(
|
|
97
|
-
`Found parent component with ref ${comp["bom-ref"]} in metadata.component.components
|
|
100
|
+
`Found parent component with ref ${comp["bom-ref"]} in metadata.component.components`,
|
|
98
101
|
);
|
|
99
102
|
} else if (comp["name"] === bomJson.metadata.component["name"]) {
|
|
100
103
|
warningsList.push(
|
|
101
|
-
`Found parent component with name ${comp["name"]} in metadata.component.components
|
|
104
|
+
`Found parent component with name ${comp["name"]} in metadata.component.components`,
|
|
102
105
|
);
|
|
103
106
|
}
|
|
104
107
|
}
|
|
@@ -129,26 +132,26 @@ export const validatePurls = (bomJson) => {
|
|
|
129
132
|
if (comp.type === "cryptographic-asset") {
|
|
130
133
|
if (comp.purl && comp.purl.length) {
|
|
131
134
|
errorList.push(
|
|
132
|
-
`purl should not be defined for cryptographic-asset ${comp.purl}
|
|
135
|
+
`purl should not be defined for cryptographic-asset ${comp.purl}`,
|
|
133
136
|
);
|
|
134
137
|
}
|
|
135
138
|
if (!comp.cryptoProperties) {
|
|
136
139
|
errorList.push(
|
|
137
|
-
`cryptoProperties is missing for cryptographic-asset ${comp.purl}
|
|
140
|
+
`cryptoProperties is missing for cryptographic-asset ${comp.purl}`,
|
|
138
141
|
);
|
|
139
142
|
} else if (
|
|
140
143
|
comp.cryptoProperties.assetType === "algorithm" &&
|
|
141
144
|
!comp.cryptoProperties.oid
|
|
142
145
|
) {
|
|
143
146
|
errorList.push(
|
|
144
|
-
`cryptoProperties.oid is missing for cryptographic-asset of type algorithm ${comp.purl}
|
|
147
|
+
`cryptoProperties.oid is missing for cryptographic-asset of type algorithm ${comp.purl}`,
|
|
145
148
|
);
|
|
146
149
|
} else if (
|
|
147
150
|
comp.cryptoProperties.assetType === "certificate" &&
|
|
148
151
|
!comp.cryptoProperties.algorithmProperties
|
|
149
152
|
) {
|
|
150
153
|
errorList.push(
|
|
151
|
-
`cryptoProperties.algorithmProperties is missing for cryptographic-asset of type certificate ${comp.purl}
|
|
154
|
+
`cryptoProperties.algorithmProperties is missing for cryptographic-asset of type certificate ${comp.purl}`,
|
|
152
155
|
);
|
|
153
156
|
}
|
|
154
157
|
} else {
|
|
@@ -156,7 +159,7 @@ export const validatePurls = (bomJson) => {
|
|
|
156
159
|
const purlObj = PackageURL.fromString(comp.purl);
|
|
157
160
|
if (purlObj.type && purlObj.type !== purlObj.type.toLowerCase()) {
|
|
158
161
|
warningsList.push(
|
|
159
|
-
`purl type is not normalized to lower case ${comp.purl}
|
|
162
|
+
`purl type is not normalized to lower case ${comp.purl}`,
|
|
160
163
|
);
|
|
161
164
|
}
|
|
162
165
|
if (
|
|
@@ -165,7 +168,7 @@ export const validatePurls = (bomJson) => {
|
|
|
165
168
|
!purlObj.namespace
|
|
166
169
|
) {
|
|
167
170
|
errorList.push(
|
|
168
|
-
`purl does not include namespace but includes encoded slash in name for npm type. ${comp.purl}
|
|
171
|
+
`purl does not include namespace but includes encoded slash in name for npm type. ${comp.purl}`,
|
|
169
172
|
);
|
|
170
173
|
}
|
|
171
174
|
} catch (ex) {
|